Codingspace.org

I needed curry() and bind() in Actionscript 3, because I was porting a Javascript application that was built using PrototypeJS 1.6 to Flex and the application heavily used these functions. I came up with the following Actionscript / Flex code:

bindAndCurry.as

package
{ public function bindAndCurry(...a):Function
  { return function(...b):*
    { return a.shift().apply(a.shift(), a.concat(b))
    }
  }
}

package
{ import flash.display.Sprite;
  public class BindAndCurryTest extends Sprite
  { private function print(message:String):void
    { trace(message);
    }
    public function BindAndCurryTest()
    { var f:Function = bindAndCurry(print,this,'hello world!');
      f();
    }
  }
}

Today I’ve given a SQL injection class at the VU University in Amsterdam. I’ve created a website that is vulnerable to SQL injection and I wanted to share this demo/assignment with you. Note that I’ve turned off magic_quotes_gpc to make life a little easier. The assignment is to find out my age. Whenever somebody has deleted the records in the database you can reset it. One hint: it runs on a PHP5/MySQL5 environment.

Application: http://server.maussoft.com/~sqlinject/list.php

Reset DB: http://server.maussoft.com/~sqlinject/reset.php

Can you hack this application? Try to do it without looking at the source code. Prove it and post an URL in the comments that injects SQL in such a way that the application shows my age. For the pro’s: try to do the same on safe1_view.php, safe2_view.php and insert.html/insert.php. If you can do the same on safe3_view.php or safe4_view.php you are officially 1337 in my book…

Maurits

So have you heard of Omegle? It’s a website that lets you chat with a random other visitor of the site. It has only been online for a few weeks but “everybody” seems to be talking about it. Even the free newspaper De Pers wrote about it this morning (in Dutch). It struck me because usually it takes a while before the “traditional media” pick up on new stuff on the internet. For example, Twitter was already very popular for a while when the newspapers and tv started reporting about it.

Anyway, Omegle intrigued me and made me ask myself questions like these:

Why is it so popular? And is it really so popular, or is it just generating a lot of attention? Is this just a hype and will Omegle be obscure and forgotten in, say, a year? Why am I even blogging about it? :-)

Here are some of my ponderings on some of these questions.

I think what is so attractive about Omegle is the “thrill” of being able to talk to someone, a real person somewhere on this planet, who is listening (you hope…) and being able to say what you’d like in anonymity and in complete safety, without the usual tension of meeting someone new and without the social consequences of “just saying what you think”.

The anonimity of the internet is abused a lot, in my opinion. Some people (you know, other people) use online forums or blog comments to vent their frustration anger or whatever they’re feeling, because there, it has little or no consequences for themselves. However it annoys a lot of other people, or worse. So maybe that’s the good thing about Omegle: it allows you to say whatever you feel the need to say in complete anonymity, but with “mutual consent”: both conversational partners have chosen to enter into an anonymous conversation and both can end it whenever they like. Also, the rest of the internet isn’t forced to read whatever you have to say. :-)

Also, a very strong point of Omegle is it’s very simple concept, I think. There is at least one other site that does exactly the same as Omegle: A Nice Chat, but it seems to be far less popular for some reason. Some even suggest that the idea was stolen from this site.

However Omegle seems a bit easier to use and has a better “feel” to it. A Nice Chat uses Flash, Omegle is Javascript. A Nice Chat let’s you enter a nickname, which is unnecessary and negatively affects the sense of anonimity. Or maybe Omegle was “just lucky” and people in the right circles started talking about it.

So will Omegle be “huge” in a year? I don’t think it’s going to be the next YouTube, but I think it will certainly have its place. Hopefully then, if someone has something on their mind he/she really needs to share, and if all their “real life” friends are not home, and all their Twitter “friends” won’t listen, they will think: “I really need to Omegle this”!

And why I am blogging about this? Everybody on Omegle told me to f*ck off. :-)

Arjen.

What is it?

A PHP function to protect the E-mail address you publish on your website against bots or spiders that index or harvest E-mail addresses for sending you spam. It uses a substitution cipher with a different key for every page load.

How does it work?

PHP encrypts your E-mail address and generates the javascript that decrypts it. Most bots and spiders can’t execute javascript and that is what makes this work. A visitor of your web page will not notice that you used this script as long as he/she has javascript enabled. The visitor will see “[javascript protected email address]” in stead of the E-mail address if he/she has javascript disabled.

Example

<?php echo hide_email(’test@test.com’); ?>

This is the PHP code you write where you want the E-mail address on your web page.

test@test.com

This is what the E-mail address will look like for the visitor of your web page.

<span id="e478988720">[javascript protected email address]</span><script type="text/javascript">
/<![CDATA[/eval(”var a=\”Bdnf8Ov32X0GAMexiu-pERHYWQVj4JUmS9g@skbF7DZPqNI+TLy16toCca.lhwK_5zr\”
;var b=a.split(\”\”).sort().join(\”\”);var c=\”hNlhMhNlhnPCt\”;var d=\”\”;for(var e=0;e<c.length
;e++)d+=b.charAt(a.indexOf(c.charAt(e)));document.getElementById(\”e478988720\”).innerHTML=\”<a
href=\\”mailto:\”+d+\”\\”>\”+d+\”</a>\”")/]]>/</script>

The code

The “hide_email()” PHP function is only 9 lines of code:

function hide_email($email)
{ $character_set = '+-.0123456789@ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz';
$key = str_shuffle($character_set); $cipher_text = ''; $id = 'e'.rand(1,999999999);
for ($i=0;$i<strlen($email);$i+=1) $cipher_text.= $key[strpos($character_set,$email[$i])];
$script = 'var a="'.$key.'";var b=a.split("").sort().join("");var c="'.$cipher_text.'";var d="";';
$script.= 'for(var e=0;e<c.length;e++)d+=b.charAt(a.indexOf(c.charAt(e)));';
$script.= 'document.getElementById("'.$id.'").innerHTML="<a href=\"mailto:"+d+"\">"+d+"</a>"';
$script = "eval(\"".str_replace(array("\",'"'),array("\\",'\"'), $script)."\")";
$script = '<script type="text/javascript">/<![CDATA[/’.$script.’/]]>/</script>’;
return ‘<span id=”‘.$id.’”>[javascript protected email address]</span>’.$script;
}

Maurits

But I won’t come over. So, no drinking coffee.. no chatting about the weather.. no home made cookies.. nothing.. I’ll just fix your computer, I’ll do it quick and this is how:

1. Tell/text them to call you whenever it suits you
2. Tell people to go to http://www.teamviewer.com
3. Tell them to click ‘join session’
4. Tell them to click the yellow bar and click ‘download file’
5. Tell them to click on ‘Run’
6. Ask them their session ID
7. Ask them their 4 digit password
8. Start teamviewer yourself and connect
9. Tell them you can see their screen and ask them to show the problem instead of describing it
10. Since you can control their mouse, you can fix most problems while they are talking
11. (optional) Buy the T-shirt to avoid further occurrences…

Check out the following site, it does only contain things you already know, but it may seem valuable to those pesky n00bs with their computer problems: http://www.fixingmycomputer.com/

I use Ubuntu Linux and run TeamViewer using Wine to fix other peoples Windows systems.. ironic?!

Maurits

Lately I’ve been developing a lot of PHP. On Windows XP (still prefer that over Vista) I would be using a combination of: TortoiseSVN, Putty, WinSCP, Notepad++, WampServer, Xdebug, DBGp plugin for Notepad++ and Firefox with web developer toolbar, firebug and the selenium IDE plugin. It offers everything a professional developer wants: low memory footprint, code coloring, code completion, step-by-step debugging, local development environment, version control, automated regression testing, secure upload.

• http://www.php-coder-blog.com/2008/06/winscp-free-sftp-ftp-and-scp-client-for-windows/
• http://cybernetnews.com/2008/06/16/notepad-50-can-auto-complete-code/
• http://www.cranefactory.com/create-a-local-copy-of-your-wordpress-blog-with-wampserver
• http://www.ourwikicommunity.com/wiki/How_to_Setup_BDGp_debugger_in_Notepad%2B%2B_to_Debug_PHP
• http://craiccomputing.blogspot.com/2008/06/selenium-ide-testing-web-applications.html

But I don’t run Windows (not even XP) so the above configuration is not mine. I run Ubuntu Linux and I have recently discovered Netbeans 6.5. It is amazing software that has support for PHP code coloring, completion and step-by-step debugging using xdebug. The biggest issue I’ve discovered is that it lacks ftp/sftp support. This may be a show-stopper for many developers out there, but not for me, let me tell you why…

Netbeans has SVN support and now I use Subversion (a version control system) over HTTPS. This avoids the need for up- and downloading files using FTP/SFTP. Just ’svn update’ your files wherever you are and subversion synchronizes your local copy. After you have edited and you want to save your changes you ’svn commit’. It also provides you with a publish script for your production environment, a simple ’svn export’ does the job.

• http://www.howtoforge.com/subversion-trac-virtual-hosts-on-ubuntu-server
• http://www.netbeans.org/features/php/

Maurits

Yesterday (June 17th) I visited the OSGeo event in Delft (The Netherlands). It was one of the first events in The Netherlands concentrated solely on open source GIS. (Although apparently this was already the second edition of this event.)

Keynote speaker and “celebrity guest” was Paul Ramsey. After some jokes on current events he gave an enthousiastic and humorous overview of the tools and software of the open source geo-world. Not a trace of his reported performance anxiety — I think he did a great job informing people about open source GIS and making them enthousiastic about it. Sure enough presenting it as “the One True Way to Enlightenment” helped with that. :-) His performance was easily the most energetic one.

In one of the other talks that morning, Henk van Cann raised the issue that he found that a lot of companies like to (mis)use open source and open standards as a hype word to promote their products, but don’t have a lot to substantiate it.

In his presentation, and also in an article (in Dutch) I found on his company’s website, he gives a few questions you can ask these companies to find out if they’re “serious” or not, such as: “what licenses do you use” (is it a real OSI-approved license?) and “do you give code or services back to the open source community”?

A member of the audience added yesterday: “Where can I download the source”? I think this is a really pragmatic and direct way to find out if a product is really open source or not.

To the question if open standards are used I would like to suggest the question: “Can I connect to your product/service with third party software?” And if it’s publicly available: “Give me the url!”

In the afternoon I attended a workshop on OpenLayers hosted by Bart van den Eijnden and Richard Duivenvoorde of b & d Natuuradvies. They had enough material to keep you busy for a whole day, but because there were assignments for every level of experience, there was something useful and interesting for everyone.

Of course, apart from learning a bit more about OpenLayers, it was also a nice chance to take a peek at what other geodevelopers are working on!

If you want to serialize an object that contains HTML data in one of its properties, you might want to make sure the HTML ends up in a CDATA section to prevent parsing errors.

Unfortunately, you can’t just put <![CDATA[ and ]]> around your HTML string. Also, the .NET framework does not provide an attribute that tells the serializer to make a string into a CDATA section.

However, you can declare a property of the type XMLCDataSection to get the desired result.

Here’s an example:

using System.Xml;
using System.Xml.Serialization;
 
public MyTestClass
{
    MyTestClass()
    {
    }
 
    //Private variable that will contain the HTML:
    private string html;
 
    //This is the property that will be serialized as a CDATA section:
    public XmlCDataSection MyHtml
    {
        get
        {
            XmlDocument doc = new XmlDocument();
            return doc.CreateCDataSection(html);
        }
        set
        {
            html = value.ToString();
        }
    }
}

This class contains a private variable html that contains the original HTML. A public property MyHtml that turns the contents of this variable into a CDATA section and vice versa. Now, you can make an instance of this class and serialize it to XML:

MyTestClass test = new MyTestClass();
test.MyHtmlText = "<b>Hello, <i>world</i>!</b>";
 
XmlTextWriter xmlwriter = new XmlTextWriter("output.xml", Encoding.UTF8);
XmlSerializer serializer = new XmlSerializer(typeof(MyTestClass));
serializer.Serialize(xmlwriter, test);

Now you should have a file output.xml containing your CDATA section:

<MyHtml>
    <![CDATA[
    <b>Hello, <i>world</i>!</b>
    ]]>
</MyHtml>