Google treasure hunt: last puzzle

Few days back google announced about last leg of google treasure hunt journey. This time they provided unix epoch time 1212448500, time when puzzle was supposed to get released.
You can use http://www.epochconverter.com/ to convert it to human readable format. This side also provides list of available methods to get epoch time, convert it to human readable format and vice-versa.

PHP date(output format, epoch); Output format example: ‘r’ = RFC 2822 date
Python import time first, then time.gmtime(epoch)
MySQL from_unixtime(epoch, optional output format)

So the puzzle was supposed to release at
Mon, 02 Jun 2008 23:15:00 GMT, for India: Tuesday, June 03, 2008 4:45:00 AM (middle of the night).

Forth Puzzle is available here. Its a bit tricky, but i wrote a c program to calculate the number using brute force method…and it worked.(Share how you did it or is there some shortcut which works without any programming). Problem is to find a prime number which in turn can be expressed as sum of of n consecutive prime numbers. Your answer should satisfy 4 such list of prime numbers of given length.

So its over for now and soon they are going to contest winners and rewards. Hope i could have been one . But I have submitted this puzzle after long delay.(Was sleeping when it was released)

Puzzle 1 (Robot in a maze) : Find it here
Puzzle 2 (getting lines from specific files in zip archive) : Find it here
Puzzle 3 (Network routing table) : Find it here

June 4, 2008 | Filed Under programming | 4 Comments

Google treasure hunt (Second puzzle)

Its about time (936266827 seconds before Y2K38) i.e 19may2008 17:07:58 (UTC) and the second puzzle is live (Check it out). You can still try the first question here. Second puzzle from google treasure hunt is to calculate

Sum of line n for all files with path or name containing pattern and ending in particular extension. Similarly Sum of line m for all files with some pattern.
Hint: If the requested line does not exist, do not increment the sum.
Multiply all the above sums together and enter the product below.

for a given set of files contained in a zip archive. I have already submitted my answer , but this time I will have to wait for 24hrs to check the status of my answer . I thinks its a good puzzle to test your quick shell script abilities. (Can also be done easily in perl/python).

For the solution part, I wont give the actual solution (As dont want it to spoil for others who are actually trying) but you can use shell commands [grep, find ,sed and pipe (|)] to get to solution. You can get all the required numbers in 2 lines on shell.

May 19, 2008 | Filed Under programming, tech | 9 Comments

The Perfect Home Page

Through ajaxian.com, I found about this project “TPHP “.

“command based way to start your web journey”

An simple designed HTML page with javascripts to provide various functionality like search from google, yahoo etc and others like whois, dns lookup. It provides all these functionality with a simple command like interface. For example you can do :

-g India // to do a google search for India
-g India>> // to take you to first result of google search
-whois google.com // to do whois query

It also provides recommendation based on previous searches.
Try it..and give your feedback , would you prefer such homepage ?
For more details :TPHP: The Perfect Home Page

April 26, 2008 | Filed Under programming, tips | 2 Comments

Cross-site Scripting (XSS)

Two days back, my shoutbox was hacked :). I was not aware that people are actually visiting this, which I made long back to have similar thing for Ethos in june, 2005. After that i haven’t updated the code and many things were left in between.

What actually happened: Cross Site Scripting, when we want user to input some data (which may be html/javascript) and displays it back. So if html/script tags are not properly checked it can cause trouble. Earlier I hadn’t checked for javascript, iframe inputs. So somebody just inserted an iframe as message input in my shout box. And the source of iframe contained redirection to another website. So when shouts were displayed on the page the iframe code was displayed as it is and page got redirected to other page.

Luckily I checked the page just after the day this happened, So that way i actually got chance to update this orphaned code and made some fixes.

Solution : Idea is to filter meta characters such as (< , >, ‘ , ” etc) Which will prevent browser from processing them as part of some script, they will be processed as plain text only.
So while doing in php you can do:

$shout=str_replace("<","<",$_GET["shout"]);

And to be on safer side we should also replace following characters:
replace ( with ( replace ) with ) replace & with & replace ' with ' replace " with "
Or If you are not expecting user to input these characters then you can simply replace these with null string;

Update: (25-apr-2008)
You can also use php functions htmlspecialchars, htmlentities, strip_tags.

The replacements which I have mentioned above can be easily done using htmlspecialchars but if you want to extend it to all html tags then you can use htmlentities. And to strip both html and php tags from string you can use strip_tags. The disadvantage with strip_tags is that it doesn’t validate html so can cause trouble in case of broken html tags. It also provide you option to exclude list of tags from being stripped.

So now you can enjoy Shout Box until some new bug is found or its hacked again [;)]

Related post:
SQL Attacks: Hacking (SQL injection)

Update(14th May 2008): XSS cheatsheet by ha.ckers.org lists possible cross site scripting methods on various browsers.

April 15, 2008 | Filed Under hacks, programming, tips | 1 Comment

My Del.icio.us Toolbar 2.0

Yesterday I was working late night till 3AM, to update my extension ‘My Del.icio.us Toolbar’ which I made long back in October 2006. Reason was to make it work for newer versions of firefox. But then I added some new features too :

I added a Explore feature which is similar to Stumble.
Checking Del.icio.us cookies to verify authentication. (You can find more details on how to read browser cookies from javascript here. Actually It uses nsICookieManager interface to iterate over all of the cookies.

Try My Del.icio.us 2.0 (Right now you may have to login to access the extension as it’s in Sandbox.)

I also noticed that mozilla has redesigned the extension page. They have also added a nice statistics Dashboard for extension, provided graphical representation of number of downloads, active daily users etc. I was surprised to see that older version of My Del.icio.us has reached a total download of 11,200 (not that a big number but still surprising for me) and number of active user around 1000.

Try My Del.icio.us 2.0 and provide feedback.

Also Try: Del.icio.us SearchER
Related Post:

April 15, 2008 | Filed Under firefox, programming | Leave a Comment

Adobe AIR: Web to Desktop

Past few days, I have came across Adobe AIR through digg, techmeme, delicious and so today i thought i should try this. Adobe AIR lets us their existing web development skills in HTML, AJAX, Flash and Flex to build and deploy rich Internet applications to the desktop. For Application development you will need two things:

Adobe AIR Runtime : Necessary for running AIR applications. (For windows & mac)
AIR_SDK Provide necessary libraries to build AIR application

Having Adobe AIR extension for Dreamweaver CS3 can be very helpful as it facilitates to package and preview .air application files directly within Adobe Dreamweaver CS3.

As my first AIR application, I ported my rubiks cube timer as a desktop application (RubikTimer.air). Its very easy using dreamweaver extension, have a look here : Create your first HTML-based AIR application with the AIR SDK (great tutorial for beginners).

One problem I faced: Usually setInterval(”display()”,500) works with Firefox/IE but it was not starting with no error message to look into but then i found out about using Adobe CommandLine tool. (via Three ways to debug Adobe javascript Application). It´s called ADL and resides in the /bin folder of the SDK. ADL showed the Error: “Unsafe javascript”. Then after some random changes when i change it to “setInterval(display,500)”, It started working. Another problem I faced was related to keypress events in javascript, were not working with AIR (still have to resolve this issue)

Download RubikTimer.air here
Web Based Rubik Cube Timer

Sample Adobe AIR Applications
Trying hands on Google gadgets

February 19, 2008 | Filed Under programming, webdev | 2 Comments

Trying hands on Google gadgets

Tonight i tried creating some google gadgets (actually its quite easy using Google Gadget Creator). You can check out them here: Google gadgets . You can use html / javascript (as in any other webapage) to create gadgets. Rubik timer gadget So i converted my Rubiks Cube Timer to a gadget. Other one is a gadget to search stock, scripts on bombay stock exchange.

You can also create gadgets using : Make your Own Gadget (Which is as simple as filling out forms)

P.S. : My first post on wordpress blog. (I imported my previous posts from blogger)

February 17, 2008 | Filed Under programming, tips, webdev | 3 Comments

.Net apps on linux

Actually i had to do some assignment in C#, so first i thought of going to windows and do it with VisualStudio (IDE)..but voila… i found its alternative for linux : mono
It allows you develop and run .net framework applications.
I was able to install it easily in ubuntu:

sudo apt-get install mono
sudo apt-get install mono-gmcs

Now you can compile .cs files {extension for c#} using

gmcs file.cs

and run using

mono file.exe

More details about Csharp compiler :gmcs
See these links for more details and examples:
http://www.mono-project.com/Main_Page
Mono brings .NET apps to Linux
Introduction to Mono - Your first Mono app

April 9, 2007 | Filed Under programming | Leave a Comment

OpenID ??

today i read this article which explains what openid is ??

Lately OpenID has been hitting the front page of digg, del.icio.us, and many other large websites.

Additional link(offtopic and old article but i came across this well written article and couldn’t resist posting it.. ):
What Every Webmaster and Web Developer MUST Know About Ruby on Rails and AJAX It’s not a tutorial, it’s not a “how-to” but he explains very well just what the heck all this.

February 25, 2007 | Filed Under programming, web, webdev | Leave a Comment

Web Development Tools

Great listing of web developers powertools by Brennan Stehling.
I’ll starts with extension for firefox that comes very handy while web devlopment.

Web Developer : Adds a menu and a toolbar with various web developer tools.
Firebug: Allows you to edit debug, and monitor CSS, HTML, and JavaScript live in any web page.
ColorZilla: Advanced Eyedropper, ColorPicker, Page Zoomer and other colorful goodies.
Live HTTP Headers

The list Web Development Tools for the Power Developer contains :