“In what appears to be the biggest worldwide device failure in consumer electronics history, tens of thousands of owners of Microsoft’s Zune turned on the music player Wednesday morning only to discover it was the day the music died. By early afternoon, Microsoft released a statement saying the problem, which affected the original 30-gigabyte model of the Zune that first went on sale in September 2006, was solved. The issue: a bug in the way the gadget’s internal clock handles a leap year.”

The problem was in a small part of code in Zune’s clock driver which resulted in Zune looping forever.

Zune Failing :
http://gizmodo.com/5121311/reports-30gb-zunes-failing-everywhere-all-at-once
http://www.mercurynews.com/ci_11345379

Cause : (Zune bug explained here )
Bug in code ( Not taking leap year into account properly, seems simple ?)

Part of a function :

————————————————————–

while (days > 365)
{
    if (IsLeapYear(year))
    {
        if (days > 366)
        {
            days -= 366;
            year += 1;
        }
    }
    else
    {
        days -= 365;
        year += 1;
    }
}

————————————————————–

Bugs:

1) It should be days==366 or days>=366
2) No else condition mentioned for nested if. (Should have been there specially when if is inside a while loop )

Now Zune will keep looping forever. Zune bug explained here

Microsoft response : http://www.zune.net/en-us/support/zune30.htm
This is big reputational risk for Microsoft’s Zune, when it trying hard to stand against Apple’s Ipod.

Sum of line n for all files with path or name containing pattern and ending in particular extension. Similarly Sum of line m for all files with some pattern.
Hint: If the requested line does not exist, do not increment the sum.
Multiply all the above sums together and enter the product below.

for a given set of files contained in a zip archive. I have already submitted my answer , but this time I will have to wait for 24hrs to check the status of my answer . I thinks its a good puzzle to test your quick shell script abilities. (Can also be done easily in perl/python).

For the solution part, I wont give the actual solution (As dont want it to spoil for others who are actually trying) but you can use shell commands [grep, find ,sed and pipe (|)] to get to solution. You can get all the required numbers in 2 lines on shell.

Related Post:
Google Treasure Hunt
Orio’s Riddle Completed
Twisty Puzzles

The Google Engineering team is launching its first ever Treasure Hunt, a contest designed to challenge your problem-solving skills.

Find more details at Google Australia blog here
They will be releasing first four puzzles in the next consecutive four weeks, one is alread released.
To get the URL of the contest you have to decode:

aHR0cDovL3RyZWFzdXJlaHVudC5hcHBzcG90LmNvbS8=

And yeah, I was able to that do that. I’ll tell you the answer its http://treasurehunt.appspot.com/, as its already on Google Blog
Actually its the base64 decode of the given code.

You can find the first puzzle here.

A robot is located at the top-left corner of a 34 x 49 grid.
The robot can only move either down or right at any point in time. The robot is trying to reach the bottom-right corner of the grid. How many possible unique paths are there?

I have solved this one. Give it a try, its not that difficult. Any way I’m there to help
Here is the solution to the problem :
The number of paths for n x m grid (n-1 down blocks and m-1 right blocks) is equal to number of ways of arranging n-1 D’s (Down move) and m-1 R’s (Right move). So it’s

(n-1+m-1)! / ((n-1)! * (m-1)!)

You can calculate it using calculator in Windows/Linux.
I’m waiting for the next to come.

The second puzzle will be appearing soon — to be exact, 936266827 seconds before Y2K38,

Update:

Unix internal time is commonly stored in a data structure using a long int containing the number of seconds since 1970. This time is used in all time-related processes such as scheduling, file timestamps, etc. In a 32-bit machine, this value is sufficient to store time up to 18-jan-2038. After this date, 32-bit clocks will overflow and return erroneous values such as 32-dec-1969 or 13-dec-1901. Read More about Y2K38.

According to wikipedia The latest time that can be represented in this format, following the POSIX standard, is 03:14:07 UTC on Tuesday, January 19, 2038. So when you calculate specified 936266827 seconds before that next puzzle should come around 19may2008 17:07:58 (The puzzle is alread there)(UTC) .

I have removed exact timing for you to get it on your own.(or is it still there ..haha ). And still if you need it, you can request in comments.
I calculated it using stata. You can easily calculate this in two lines in python:

>>> import time
>>> print time.ctime(2**31 – 1 – 936266827)

Related Post:
Orio’s Riddle Completed
Twisty Puzzles

view-source:http://www.google.com/

this in location bar to view page source of google.com.
So i have made this Bookmarklet to view page source: View Source (So you can drag this to your bookmark toolbar to have quick access).

Similarly you can type javascript: in your location bar to open java script error console.

Update1:
Key Board Shortcut: Use Ctrl+U to view page source

Related Post:
Firefox About Pages
Little tweaks with javascript : Bookmarklets.
Open webpages in sidebar

What actually happened: Cross Site Scripting, when we want user to input some data (which may be html/javascript) and displays it back. So if html/script tags are not properly checked it can cause trouble. Earlier I hadn’t checked for javascript, iframe inputs. So somebody just inserted an iframe as message input in my shout box. And the source of iframe contained redirection to another website. So when shouts were displayed on the page the iframe code was displayed as it is and page got redirected to other page.

Luckily I checked the page just after the day this happened, So that way i actually got chance to update this orphaned code and made some fixes.

Solution : Idea is to filter meta characters such as (< , >, ‘ , ” etc) Which will prevent browser from processing them as part of some script, they will be processed as plain text only.
So while doing in php you can do:

$shout=str_replace("<","<",$_GET["shout"]);

And to be on safer side we should also replace following characters:

replace ( with (
replace ) with )
replace & with &
replace ' with '
replace " with "

Or If you are not expecting user to input these characters then you can simply replace these with null string;

Update: (25-apr-2008)
You can also use php functions htmlspecialchars, htmlentities, strip_tags.

The replacements which I have mentioned above can be easily done using htmlspecialchars but if you want to extend it to all html tags then you can use htmlentities. And to strip both html and php tags from string you can use strip_tags. The disadvantage with strip_tags is that it doesn’t validate html so can cause trouble in case of broken html tags. It also provide you option to exclude list of tags from being stripped.

So now you can enjoy Shout Box until some new bug is found or its hacked again [;)]

Related post:
SQL Attacks: Hacking (SQL injection)

Update(14th May 2008): XSS cheatsheet by ha.ckers.org lists possible cross site scripting methods on various browsers.

• Adobe AIR Runtime : Necessary for running AIR applications. (For windows & mac)
• AIR_SDK Provide necessary libraries to build AIR application

Having Adobe AIR extension for Dreamweaver CS3 can be very helpful as it facilitates to package and preview .air application files directly within Adobe Dreamweaver CS3.

As my first AIR application, I ported my rubiks cube timer as a desktop application (RubikTimer.air). Its very easy using dreamweaver extension, have a look here : Create your first HTML-based AIR application with the AIR SDK (great tutorial for beginners).

One problem I faced: Usually setInterval(“display()”,500) works with Firefox/IE but it was not starting with no error message to look into but then i found out about using Adobe CommandLine tool. (via Three ways to debug Adobe javascript Application). It´s called ADL and resides in the /bin folder of the SDK. ADL showed the Error: “Unsafe javascript”. Then after some random changes when i change it to “setInterval(display,500)”, It started working. Another problem I faced was related to keypress events in javascript, were not working with AIR (still have to resolve this issue)

Download RubikTimer.air here
Web Based Rubik Cube Timer

Related Post:

Sample Adobe AIR Applications
Trying hands on Google gadgets

• Imagination Cubed
• Wetpaint Please Touch – Create Your Own Masterpiece!
• Artpad
• FlashPaint
• Sketchr (also available at http://www.queeky.com)
• Scratchpad
• Online Paint Brush

HTML < canvas > Based:

• Paint Chat [designed by me ]
• Canvas Painter
• Canvas Paint (resembles to MS paint)

Java Based:

• Drawing Online
• ZEwall: Online Painting
• JPainter : Online image editor

Related Post :
Paint Chat !!
Web2.0 Applications

and voila you are in. the other possible strings for password are :

• ‘ OR a=a–
• ‘ or 0=0 #
• “) or (“a”=”a
• ‘) or (‘a’='a

A funny comic strip from xkcd illustrating sql injection.

So whats the funda behind this :
When you click “login” or “enter” on webpage the variables ‘userid’ and ‘password’ are to sql. The underlying query is :

SELECT * from auth_db where username = ‘ $userid ‘ AND password = ‘$password’

So if you have entered username = admin and password = test123 then query executed will be :
SELECT * from auth_db where username = ‘ admin ‘ AND password = ‘test123 ‘

So in auth_db , if userid and password are correct than corresponding row will be selected and as no of rows returned is > 0 you will be granted access. But if password is incorrect than it will retun zero rows and permission won’t be granted. But if you use SQL string injection like if you put ‘ OR 1=1– as password and username both than query executed will be :

SELECT * from auth_db where username = ‘ ‘ OR 1=1– ‘ AND password = ” OR 1=1– ‘

Because a pair of hyphens designate the beginning of a comment in SQL, the query becomes simply becomes :

SELECT * from auth_db where username = ” OR 1=1

The expression 1=1 is always true for every row in the table, and a true expression or’d with another expression will always return true. So, assuming there’s at least one row in the Users table, this SQL will always return a nonzero count of records.So you are logged in now. And if in some cases But many times sql tries to parse = character in input strings and didn’t allow to do so, hence trick is using :
‘ OR userid LIKE ‘%%

So resultant query will be

SELECT * from auth_db where username = ‘ ‘ OR userid LIKE ‘%% ‘ AND password = ” OR userid LIKE ‘%% ‘
So every string matches ‘%%’ so it returns non zero number of and you are granted access.
Not all SQL injection attacks involve forms authentication. All it takes is an application with some dynamically constructed SQL and untrusted user input. Most SQL-compliant databases, including SQL Server, store metadata in a series of system tables with the names sysobjects, syscolumns, sysindexes, and so on. This means that a hacker could use the system tables to ascertain schema information for a database to assist in the further compromise of the database. For example, the following text entered into the txtFilter textbox might be used to reveal the names of the user tables in the database:

' UNION SELECT id, name, '', 0 FROM sysobjects WHERE xtype ='U' --

The UNION statement in particular is useful to a hacker because it allows him to splice the results of one query onto another. In this case, the hacker has spliced the names of the user tables in the database to the original query of the Products table. The only trick is to match the number and datatypes of the columns to the original query. The previous query might reveal that a table named Users exists in the database. So after this with multiple queries you can get control over database.

Updated :
Also visit Ten hacker tricks to exploit SQL Server systems
http://us2.php.net/mysql_real_escape_string
http://www.unixwiz.net/techtips/sql-injection.html
*******************************************************************************
WARNING: the information provided is for educationally purposes only and not to be used for malicious use. i hold no responsibility
********************************************************************************