In this post, I intend to post something that we discussed in our Advanced Computer Network and Security.
1. fork() - too many forks could halt the system, if the malicious code has enough privileges to launch that many forks. This is probably not a great problem to worry about but could be given a thought!
2. The talk was interesting. We were shown a simple echo server code that when run and well exploited can give you a shell to own! Through which you can list files and do everything that you can do from a Bash shell. So what did the program have?
The problem was that the array size was fixed and then the exploit was to copy large buffer onto a smaller buffer causing a buffer overflow attack. The exploit data has to be carefully crafted. Anyway, StackGuard is a simple fix that works for most of the buffer overflows. The other fix is to have a pointer declared in the first line of the function and save its current reference and at every exit, you are going to check if the saved value did not change. I know this does not make sense unless you see the code, but unfortunately I do not have that. The overall summary is to say that when you copy buffers, you should be careful to see that the copy is going to be safe. Few commands that i came to know. You have a port x open and then see what service uses that, you could do a
/usr/sbin/lsof | grep x
3. Using netstat to check the open ports
Anyway class over so more on this later,hopefully.
Wednesday, November 07, 2007
I came across this wonderful 2D Game Engine called JGame. This is a very good engine to write simple games and with just 100 odd lines of code, you can write wonderful games! I would post a series of tutorials shortly, but meanwhile it is a good point to start
Great work Boris Van Schooten!! Really amazing!
Great work Boris Van Schooten!! Really amazing!
Sunday, November 04, 2007
On Thursday, Google announced their new API called the OpenSocial which can be used by developers to develop Google Gadgets like applications for their favorite Social Networking websites like the Orkut, Hi5 and a lot more. More information about this could be found at:
One could take it a new revolution, a combined war against the most popular social website - the Facebook. Around 14 social networking websites have partnered Google with their Social API.
I always think a hello world application should be very basic and should include everything that one needs to know. The tutorial at http://code.google.com/apis/opensocial/articles/firstgadget.html assumes that you have basic understanding of Google Gadgets and not about OpenSocial API. It does a great job to explain how to proceed with development of OpenSocial Applications but then it does not tell you how to add that gadget you developed to your Orkut account and so forth.
Well this is what I did!
1. Go to http://code.google.com/apis/gadgets/docs/gs.html#GGE
2. Go to File->New and Select Hello World Gadget. You get the basic code for Hello World gadget
3. Copy and paste the following code into the editor you see in the following link.
I apologize for not being able to show the code here. But it is my fault and I am lazy not to work around pasting HTML code in the blogger. The best thing you could do is paste the xml you see in some XML editor or refer to the actual source (firstgadget.html)
4. Now click on File->Save and give it a name. Once the file is saved, on the top right corner of the editor you get a Hyperlink with the filename you just gave. Right click on the link and copy the link to your gadget.
5. Now assuming that you have signed up for SandBox Orkut account ( you need to do that by going here http://code.google.com/support/opensocialsignup and you should already have an orkut account) sign into your orkut account with this link 'http://sandbox.orkut.com'
6. Then you see a "applications" menu item just where you see lists,testimonials and other such items ( left side of the page) (as shown in the figure)
7. Now click on that applications link and you see a page with a textbox asking for application URL. Paste the copied URL on to the textbox and click on "Add Application".
6. Once you add the gadget, you see a People API How too item added to your menu just above the applications (See figure). Click on that and you would be taken to a new applications page and you can see your application in Action!!!
Isn't it great?? You have complete access to your friends data and a lot more programatically and imagine all the possible applications that you could develop!
I hope we will be given a profile KEY which is unique for a profile and which can be used within the application and make the Gadget run outside these social networking websites!!! That would be very great ! There might be a better tutorial by someone with more knowledge about this but just that I wanted to be one of the early adopters! Who knows whats waiting for one!
at 11:53 AM