IE stripping quotes in html

I was working on some javascript and html DOM manipulation. Everything was going fine and working well on FireFox. ??But it would crash on Internet Explorer. ??After spending some time tracking the bug down, it turned out that IE was stripping out quotes from html tag attributes if it thought the values were singular.

The fix was to put a space in front of the value such as

<p class=” abc”> ->
<P class=” abc”>

instead of

<p class=”abc”> ->
<P class=abc>

Advertisements

Windows Movie Maker: MP3 could not be imported

My wife was trying to make a video for a bridal shower using??Windows Movie Maker. ??She got some of the pictures she wanted. ??Now she was looking for some music to go with it. First she tried iTunes. ??But I told her to check Amazon instead since their MP3s are DRM-free.

So she bought a few songs from Amazon. ??The process went relatively easy: install??Amazon MP3 Downloader, and buy the songs as if you were buying anything else. ??But she ran into an issue when trying to import it into Windows Movie Maker: [file name] "could not be imported."

After some searching, I converted the MP3s, which were originally at 320 kbps, down to 128kbps. ??And voila! They imported fine.

2010-04-16 Setting Up a Second server

Recently we added a new server (s2) for our web app. ??So we decided to turn the old server (s1) into a dedicated database server. ??We moved the web server and everything else over to s2 then closed off s1. ??

Normally we would just put s1 into an internal network, but our data center (let’s call them DC) didn’t have that option. ??They offered similar setup using their firewall. ??I thought OK, as long as the database isn’t exposed to anybody from the “outside”, it’s good enough. ??So I asked them to set the firewall such that s1 and s2 have full access to each other, and s1 is completely closed off from everybody else (except their management for admin and backup purposes).

After a bit, they sent an email saying that it’s done. ??I thought, oh cool, that was quick and simple. ??Then I tried to remote desktop into s1 and was surprised when I got in. ??I sent an email back to DC asking if they really set it up, since I was able to access s1 from my local computer (I should only be able to access s1 via s2).

After a bit more, they sent another email saying that ti’s done. ??I tried remote desktop and was unable to get in. ??Good! ??Then I thought, since the database was the main reason we’re blocking off s1, let me try to connect to it. ??D’oh! ??I was able to access the database from my local machine. ??It turned out that DC only blocked off RDP access. ??I sent another email back telling them what happened. ??I repeated my request and wanted to make sure they understood, because I didn’t want to have to check every port to make sure that s1’s access has been blocked off.

After waiting some more (blocking off s1 wasn’t urgent), I got a third email saying that it’s done. ??So I checked RDP and the database from my local computer. ??Access denied. ??Good! ??But then??I got a phone call telling me that the web app was down and nobody could log in. I logged into S2 and try to connect S1. ??To my horror, DC had totally blocked off S1 from everybody, including s2!

My IT guy and I immediately got on the phone with DC and told them they had to grant access for s2 to s1 ASAP. ??They apologized and ??told us that our scenario was unique (wanting a server in that data center to only be accessible via another server…), and that they finally got the rules down.

Everything seems to be fine now. ??I’m still a little hesitant and going to keep an eye out for the next few days just to be sure.

PHP Disappearing Errors

I was installing a wiki on my Ubuntu machine (running nginx, FastCGI, and PHP) when I ran across an interesting situation. First I installed the wiki in the site root directory. After reading this, I decided to move it to /wiki/. That’s when the problem started.

The errors that I got were nothing special: “Fatal error: require_once()“. After inspecting it some more, it turned out that wiki (specifically dirname(__FILE__)) was using the old path.  When I went into the code and echoed dirname(__FILE__), I got the new and correct path. The funny thing was that it seemed to have fixed that particular require_once() and the next require_once() error showed up. I did the same thing again: echoed dirname(__FILE__) and that error went away, and the next one showed up.

I spent a few minutes googling but didn’t find anything useful. I figured it probably had to do something with PHP and/or FastCGI caching. So I just rebooted the server (good thing it’s not a production server).

Voila! The wiki works.

Computer Nightmare

Last year I installed a copy of Windows 7 RC.  Everything went great.  I didn’t spend a lot of time using Vista, so I won’t do any comparisons here.  But the few months that I spent using the RC, I liked it a lot.  For the most part, I didn’t have any problem (aside from learning where things moved to, and getting adjusted to the new task bar).  I liked it so much that I bought a copy of Windows 7 when it was on sale.  I just hadn’t gotten around to installing it.

Finally last week, the RC expired.  So I backed up all the important stuff.  Actually I have all my data on separate hard drives and the OS on an 80GB, IDE one.  So I didn’t have much to back up.

1 I tried doing a “custom”/clean/fresh install.  Right away I ran into a problem.  For some reason during the boot up process, there was a few seconds where it wasn’t recognizing my keyboard.  And those few seconds happened to be when I had to press a key, any key, to boot from the optical drive.  Took me a while trying to figure out what was going on.  I tried different USB keyboards to no avail,  Finally I ended up using an old PS2 one.

2 Next problem: for some reason the computer couldn’t see my IDE hard drive.  After searching the web, I remembered that my motherboard (ABit IB9) was a bit quirky in that it required you to install an IDE driver via a floppy(!) if you want to install Windows.  I hadn’t use a floppy in years.  So I searched around to see if I can find the driver and maybe I can install it via a USB drive instead.  No luck.  I couldn’t even find the Abit program that’s supposed to make the driver for the floppy, let alone try to find one for a USB drive.

3 I read a blog post by Peter Bowyer about a similar Abit board.  I tried updating my BIOS and hoped that it wouldn’t need the external IDE driver.  The update went well.  But I ran into the same problem: IDE hard drive not recognized.

4 I had a copy of Windows XP that I got from MSDN way back when I was still in college.  I decided to give it a try.  Same problem.  No IDE.

5 I gave up on installing an OS on the IDE drive, and used a SATA one (1TB) instead.  But since I hadn’t backed up the data on that drive (wasn’t planning on doing anything with it during the OS switch).  I took it to work and asked my IT guy (Alex) to help me move some data around and create an empty partition in the beginning of the drive.  It took a day and a half.

6 I plugged the SATA drive in and went with Windows 7 first.  It bluescreened during installation.  The error (XXX) was something about new hardware.  I didn’t add any new hardware.  I searched the web some more, but no luck.

7 I tried Windows XP.  This time it saw my SATA drive!  But there was a problem.  I had 3 partitions on it: 90GB, 200GB, and the rest.  The XP installtion saw one partition with 130GB (which is a known issue).  The problem is that the partition I specifically set for this was only 90GB.  It must have been seeing something else.  But by now (been about a week) I was so weary that I didn’t really care.  I backed up all the important files, and the rest I would be able to obtain again.  So I told it to just format the 130GB partition.  It did and then restarted.  Then it went back to the same partition screen… (I later realized that I was missing a step.)

8 I got another SATA drive from Alex to try.  Windows 7 still bluescreened.  During XP installation, I saw the step that I was missing earlier (I had to delete a partition, create it, and then choose it).  The installation was a success!  I switched my SATA drive back in and did the same and got XP to install.  Finally!

9 I spent a few hours updating XP including SP2, SP3, and a few other drivers.

10 I spent some more time installing software such as Firefox, Pidgin, Dropbox, and Magic Jack.  Back to operational!  w00t

Key Authentication

The biggest thing with password security isn’t you coming up with a password for a website that can’t be hacked. That doesn’t matter. The important thing is that for an organization, one bad password compromises your whole system. All you have to do is try accounts until you find the idiot who set his password to “password1” and then you can install a rootkit and compromise the whole thing.” – Joel H.

I was reading an online discussion about username+password authentication: the pros and cons of it. Someone mentioned how we need something better, but it’s the best we have right now so (almost) everybody is using it for website authentication.

Most of the factors that make the username+password not-so-secure have to do with the users and not the method. There are guidelines (wikipedia) to help create strong passwords. But they also tend to make these passwords harder to memorize. When coupled with another advice to not reuse the same password for different accounts, they create an even more bothersome situation for the users. The result is that a good number of people either use simple passwords (easy to crack) or use the same password for multiple accounts (crack one, crack all).

I thought up a different approach to tackle these two issues. When compared to real life counter part, most websites today are like buildings that require people to punch in their PINs for access. The alternate approach already has a real life counter part: buildings that require people to insert their keys for access. The main difference is the first is “something you know” and the second is “something you have”. (There’s also the “who you are” concept, but I’m not a fan of it.) In fact, both of these methods have been in use for quite some time now, the latter just not with websites (that I know of).

The Idea

The idea is to replace password (text) with key (file). That’s it. It’s that simple. On the log in page, instead of entering username and password, the user would enter his username and upload his key. The key can be of any type (text, image, PDF, etc) and any size (10 kB, 10MB, etc). Though it is a good idea to put limitation on them (for example only allow certain file types, or limit file size to < 10 MB). The key is determined at a prior time either by the user during registration or the site itself by assigning randomly generated key.

Since the idea of username+key is very similar to username+password, some of the issues carry over such as

  • The user needs his password to login.
  • The user needs his key to login.
  • If he forgets the password, he can’t login.
  • If he loses the key, he can’t login.
  • If someone else knows the password, they will have access to the account.
  • If someone else has the key, they will have access to the account.

Pros & Cons

  • pros
    • It is easier for users to have complex/large keys than to memorize complex/long passwords.
    • It is easier for users to have more unique keys than to memorize more unique passwords.
    • Greater input space makes it harder for basic brute force attack.
  • cons
    • Inconvenience: the users need to have access to the key in order to log in (e.g. carry it in a flash drive).
    • Requires more resources (e.g. bandwidth of sending file vs text).
  • others
    • Since a key can be any file, it’s possible to not have to actually encrypt it. It can be hidden in plain sight among normal files. Unless an attacker watches your traffic and gets the key file size.

Summary

The key method still authenticates using username+something against the database. From the back end stand point, it’s pretty much the same as the password method. Which means other security measures that you can apply to the password method, you can also apply to the key method.

But from the user stand point, they won’t be required to memorize multiple, long and complex passwords for good security. Instead they will be required to possess the keys whenever they want access (just like carrying physical keys). Overall, I believe that the key approach provides better security in exchange for some inconveniences.

In general websites that users access often and require lower security will probably not find the trade off favorable. Another thing to note is that this username+key authentication can replace username+password in any system. I mentioned websites here, but other domains such as desktop applications can also benefit from it.

Demo

I created a simple demo of the username+key login system. You can check it out at https://karn-test.appspot.com/demo01/.

Spinning the Earth

Newton’s Third Law: “To every action there is always an equal and opposite reaction: or the forces of two bodies on each other are always equal and are directed in opposite directions.”

Every time you take a step, you are pushing yourself forward at the expense of something else going backward. In this case you’re pushing the Earth. Since the Earth is rotating eastward, if you take the step at the equator and also head east, you are slowing the Earth’s rotation down. If you heard west, you are speeding it up. Let’s see if everybody walking at the same time in the same direction can affect the Earth’s rotation!

First we list some of the numbers we’re going to use (rounded for simple calculations):

  • A person’s mass: 1 e2 kg (average is closer to 70kg)
  • Number of people: 1 e10 (closer to 6.7 e9; source)
  • A person’s acceleration at beginning of sprint: 3 m/s^2
  • Earth’s Radius: 6 e6 m (actual ~ 6.378 e6; source)
  • Earth’s Mass: 6 e24 kg (actual ~ 5.9742 e24; source)
  • Earth’s Anuglar Mass: 8 e37 kg*m^2 (source)

And some formulas:

  1. angular mass = mass * radius^2
  2. force = mass * acceleration
  3. torque = radius * force (assuming ? of 90)
  4. torque = angular mass * angular acceleration

From this we can calculate that if everybody stands at the equator and starts sprinting in the same direction at the same time, they exert ~ 2 e19 N*m of torque:

  1. torque = radius * force
  2. torque = radius * (mass * acceleration)
  3. torque = (6 e6) * (((1 e10)*(1 e2)) * 3)
  4. torque = (6 e6) * ((1 e12) * 3)
  5. torque = (6 e6) * (3 e12)
  6. torque = (1.8 e19)
  7. torque ~ (2 e19) N*m

We modify one of the equations to tell us how fast the Earth would rotate with this much torque:

  1. torque = angular mass * angular acceleration
  2. angular acceleration = torque / angular mass
  3. angular acceleration = (2 e19) / (8 e37)
  4. angular acceleration = (2) / (8 e18)
  5. angular acceleration = (1) / (4 e18)
  6. angular acceleration = 0.000 000 000 000 000 000 25 rad/s^2

In this example we simplified the numbers and rounded them in the conservative side. If everybody on earth were to run in the same direction at the same time, we still wouldn’t budge the Earth one bit. Ok, maybe a tiny tiny tiny bit. But way too small to be of any significance.

Another way to alter the Earth’s spin: Water Reservoirs

Anybots

This past summer I had the chance to visit Anybots.  There were two robots there.  One was focused on the upper body anatomy (second picture).  The other was on the lower body (third picture).  The video shows the upper body robot being able to balance itself after being pushed. 

123