Mental Masturbation, Musings, and Methods

For my CPS 182S class, we have an assignment which is a competition among groups of students (and the professor) to have the highest ranking page on Google for the terms rankophilia and rankophiliac.  As such, I have created a page at rankophilia.dorm.duke.edu to be my group’s main page on Google. For now, there is not much interesting on there, and I am merely posting it here in an attempt to increase the PageRank. I am considering adding more interesting content and submitting it around online rather than just spamming. I will post updates (probably at least a few for links) as the contest goes on.

I gave my first public talk today at Duke’s TechExpo 2009. I along with my coworker Artem Kazantsev discussed the risks of SQL Injection. The presentation gives a good overview of the capabilities of SQL injection along with how to prevent such vulnerabilities. I also gave a demo of performing a SQL injection attack on a vulnerable site during the talk. For any web programmers who aren’t familiar with SQL injection, take a look at the code for the demo to see exactly how and why it is vulnerable, along with how to fix these vulnerabilities.

SQL Injection Presentation

SQL Injection Demo

Additionally, earlier in the year I worked with Duke’s ITSO to write up examples of good coding practices to protect against a variety of web application security issues. This referenced is linked on Duke ITSO’s site here: http://www.security.duke.edu/ITSO_Web_Application_Security_Standard_v1.pdf

While on break, I’ve been playing around with Mozilla’s File API and integrating it with Duke Webfiles, which I work on for OIT. This is only a proof of concept since the spec has not been completed and I only implemented it in the icon view of Webfiles. Regardless, I think it is pretty cool and makes the application much easier to use. Here is a screencast to see it in action:

To do this I used examples from here for the new File API and here for the AJAX upload. Obviously this could be expanded upon by implementing it in all three file views in Webfiles and by showing progress bars for each file. Additionally, there are some small bugs with uploading large files. However, if you are a Duke student and want to give it a try, follow the instructions below. Please note, this is a alpha version of the software, and you may run into some bugs when using it.

• Make sure you are using Firefox 3.6 Alpha – Namoroka.
• Go to our development version of Webfiles and log in.
• After you are logged in, go here to turn on the new drag and drop feature.

Please, give it a try and let me know your thoughts. Thanks.

For my discrete math course (CPS 102) this semester, I had to create a space-filling curve for one of my homework assignments. I decided to take this as an opportunity to play with HTML5’s canvas element since I’ve yet to had a legitimate use for it in any programming yet. I think it came out decently well (and it’s kind of fun to play with), so I thought I’d post it. Here is a link to it on my Duke account http://duke.edu/~amb79/fillSpace.html Like I said, nothing huge but fun to program and cool to watch.

I am on fall break now, and will be spending the weekend at home.  Hopefully I’ll do something cool while I’m home and will post if anything comes out good.

After playing with the Jetpack API and having an increasing desire to procrastinate my Spanish homework, I decided to give the Ubiquity API a shot too and make a few small scripts just to make my life easier.  The first extension I made was a script to do look ups of IP addresses and get more information about them.  This is useful mainly if you are looking at raw logs from a web server.  After realizing how easy it was to make these scripts, I made two more for bit.ly links which I frequently come across on Twitter.  The first can get more info and stats about a link (the number of clicks) and easily send you to the bit.ly info page for that link.  The second script can be used to quickly expand the links from their compressed bit.ly form to their original form.  I know there are other scripts that can do this across an entire page, but felt I’d rather keep short links with a quick and easy way to find out what the link contains.  If any of these sound interesting/useful or if you just want to see some simple examples of how to code Ubiquity extensions, you can check the scripts out here.  I have also included screenshots for each of these scripts below.