Skip navigation

Had to perform a series of regular expression search and replace actions. And had to do this on multiple files.. After doing it manually for sometime, got bored.. Cursed myself for violating DRY principle!

Well, to automate it, i used the TextMate’s bundled recording macro. Easy to use. Just start recording(Bundles->Macros->Start Recording). You can now replay it on multiple files.. Did my work.. Happy :)

We reached Dallas(DFW) airport at around 5.30pm.. Hell, they even charge for the trolleys here; that to $3.. We got one trolley, tried making the most efficient use of it.. 6 bags on one trolley… :)
Dad had enabled international roaming on his SIM.. So called up sis.. She said she wud be there within 10mins, as there was traffic on the highway..
So while waiting at the exit, i was privileged to see some amazing cars.. Cars that make every Indian open their mouth wide OPEN.. Mazda, Nissan, Porsche, Ford, Toyota, Honda, Audi being some brands.. Saw the amazing Ford MUSTANG :-)
After waiting for 15mins.. A white Corolla arrives.. It does not come close to us but is parked some 50metres away..
Suddenly sis comes out of nowhere!! She runs towards Dad.. Was expecting her to come and hug mom first.. But no..
“Hmmm… why did she hug dad first?? Oh.. She must have seen dad fuming with anger for coming in late.. Damn.. Munnabhai was correct.. Jadoo Ki Jhappi always to the rescue.. ” i said to myself after some brain processing.
She then hugs me and mom together..
I can see other 4 sis’ friends. After shaking hands i realise that the Corolla won’t be enough for us..
“Wats wrong with her?? She knew we wud be getting so much luggage.. Still she had to get her friends! Idiot.. Moron” speaking to myself.. Am sure mom and dad were with me on this though..
While sis’ friends are loading the Corolla, i see a white Limo behind..
“WOW.. Its a Limo… MOM.. see that.. Its a Limo..” i proclaimed..
“WAT?” mom replies as she is trying to count the bags being loaded in the car.. (Typical Mom)
“Limo mom… Limousine… In short LIMO” i reply excitedly!!
“It’s must be for some Big Person.. Its nice but” she replied..
I see sis moving away with remaining bags.. Wondering where she is taking it.. There were no cars behind that limo.. I can see a well dressed chauffeur loading the Limo with bags.. After sometime i realise that they were our bags that were making it into the Limo’s boot.
“WTF!!!!??? FUCK… WATS GOING ON HERE??????” i screamed!!!!
“Guys.. this is for you’ll… ” sis replies.. I am stunned!!!
“Are you kidding me?? Are u crazy? Are u in senses??” Well, i realize that they all mean the same.. But was out of words that time..
“Go on guys.. Its for you’ll..” she smiles.. and replies..

After sometime i find myself in one of the most luxurious car in the world.. WOW!!

Me and mom posing with the limo
Me and mom posing with the limo

Family re-union... in the US.. inside the Limo.. :)
Family re-union… in the US.. inside the Limo.. :)

Ya, there definately must be a smile on people who have gone through the torture of testing web apps on different browsers. Well here it is.. Adobe is come up with this excellent thingy of testing web apps online on different browsers through only one interface. :) CONFUSED?? try it out yourself here

P.S. You need to register for the same. Good news.. Its free.. :)

Well… first of all.. my bad…
Was too much in hurry to post wat i saw yesterday..

Well for the explanation:
* Plugins like LiveHTTP, FireBug show the un-encrypted url which is being requested for..
* So, before actually posting this URL, browser encrypts it. This is because the login page is present on the HTTPS domain.
* Confirmed this by actually using wireshark to sniff the packets being transmitted from my machine!

Just happened to investigate google’s gmail login process.. Was interested in knowing the internal redirects and other stuff. In the process, came across an amazing security flaw there.. I’m using LiveHTTP Headers plugin for firefox. All seemed perfect when i logged into a secure HTTPS google domain. But then, when it redirected to the non-secure http domain i could see my password in clear text in the redirect url! FUCK!

Go on guys.. start sniffing… ;)

Anyways, for guys who want to be secure enough on the net, you can configure gmail to use only HTTPS. Things might be a little slow, but then on a broadband like connection it does not matter!

Btw, Oz just confirmed that same happens with Yahoo login..!!

I remember those old days when we used to squeeze in our second hand Fiat Padmini car.

It used to be a sight for people watching us come out.. one after the other.. total 11 of us in the car!! Phew..!! My cousins somtimes used to sit in the car boot(dickie).

Others somehow could manage with only half butt taking the sitting position.

There even used to be times when i had to get out of the car to push start it. Pushing the car alone was some great achievement for me that time.

Our Fiat was so problematic that we used to end up praying to god and trying to push ourselves forward at steep slopes. The car used to struggle to move on the hill.
And once it reached the other side of the hill we used to say”Ganapati bappa morya..”… all in sync.. !!

My sister on the other side used to tell me, “The car crossed only cause i had crossed fingers”, and i used to thank her for that.

Well, its almost 10 years now. I got my first job.

The day of my joining there is somebody waiting for me at the aiport holding my name on the playcard.

After I hello him, he goes to get the car. I am expecting some Indica or some that kinda vehicle.

But, there comes a huge black Sonata right infront of me, the chauffer opens the door for me!

I am proud!

I smile and turn right. I can see my self in the reflection of the window mirror, smiling at myself.

Thanks to Directi.. My first company.

Ok.. so the problem was taking a sql dump in PostgreSQL db of only selected entries in a particular table. Google’d it.. but all in vain.. then came up with a simple workaround…

First create a temporary table in the database as follows:

create table <temporary_table_name> as select * from <table_name> where <some condition>;

This will create a table.

Well.. thats it.. now u can take a dump of that table :-) and then delete it subsequently.

./pg_dump -U <username> -p <port> -d <db_name>
-t <temp_table_name> -f <file_name>

N.B. MySql has a ‘where’ option in mysqldump.. so its quite straight forward there..

Well, am a frequent user of Orkut! Orkut has evolved immensely and i guess everyone will agree with me..

It had frequent updates adding new features for better browsing experience.
I remember when orkut was first released, to reply to a scrap, we had to visit the senders profile, then open his scrapbook and then scrap him/her. Now its a lot faster with reply option in the scrapbook itself!!

One more thing of orkut that i have noticed, is how its fetches images while viewing the gallery section. Orkut first displays a low resolution images, rather a thumb of the actual image, and in mean time fetches the high resolution image.! Once the image has completely loaded, it just replaces the lower version(resolution) of the image!!

I have a simple html page to share! Click here to view

Orkut also prefetches other images in the gallery which could be simply done by having an array of images to be prefetched at page load.

Well well, here I am writing my first blog. Thanks to google, as always :-) !!!!
Firstly, a small intro abt me and the reason tht made me write about SQL injections.

I passed out my engineering(Info. Tech.) just this year, July’08 to be more specific. As soon as i was out from my coll i joined an IT firm as a developer in the .Net team. The first task i got was securing a web application which was hacked by “SQL injections”. The application was developed 7yrs back and was coded in classic ASP(VBScript). The application didn’t have any sort of user input validation.

I knew just the basics of what actually SQL injections were.. I did my research on SQL injections on google. Here‘s a nice intro on SQL injections and some methods to prevent it.

After going through the doc, i decided to get my hands dirty.
The First thing i did was basic input validation. Mind it, it was server side. A beginner might ask y server side and not client side?? Well, let me explain..

When u do client side validation. The data is validated only in the browser(client side). A hacker might just save the page on his local machine and remove the java script/vb script and then try to pass data. It wont get validated now!!! The hacker can easily inject malicious code(scripts) which will get stored in the data base. The script might be a worm or something which would infect the entire database.

The second thing was using PARAMETERIZED queries. This thing helps a lot. The SQL server does the job of validations. The same link gives you an intro on Parameterized queries, so i wont waste time on discussing it in-depth.

The third thing which i came up was using 2 seperate connections to access the database. One of the connection used an account with database owner(DBO) permissions, whereas the second connection used an account having read only permissions. So, the page which had insert/update queries used the DBO account whereas all the other pages used the less privileged account.
This prevents SQL injections big time. For e.g. the sql which only retries data from the db can be appended by DROP or UPDATE query, specially the user LOGIN pages.

Well, SQL injection does not ONLY take place by entering malicious sql in the HTML input fields, but can also take place by modifying the COOKIE content, also known as COOKIE HIJACKING. Cookies are often used to store username and other user preferences. The cookie values are then taken by the application to fire SQL queries to the database. So one has to validate the cookie contents too.

One more thing i noticed from the web application log was that the script which was referred by the script stored in the database was in HEXADECIMAL(all numbers) making things worse.

Ending note… : When developing an application, consider yourself as a hacker! :-)