Last few days, I was sleeping at home enjoying the lazy days of Christmas vacation. Except sleeping, went on a trip to nuwaraeliya, and more interestingly after Anjana pointed out some key features of python, I decided to give it a try, so started learning it. After spending few hours, I managed to learn the syntax which was well managed so that easy to learn. However, the syntax itself doesn’t make python special; so I went little deeper down to the python lib. That’s what makes a real difference. Python comes with a large collection of libraries, and those are damn powerful and easier to use.

Learning is not only reading and going through the example source codes. It’s actually writing something, writing a real world application. So, I started to write a web log analyzer. First I separated the log file by the date, and calculated the statistics for each day and saved them in different files. After that I wrote a small php script when the two days are given, it collects statistics and generates a xml file. After that it’s all about the interface; My ajax interface process the xml file and gives a nice output of what I have calculated, of course with some graphs(plotkit did the graph magic with javascript). However it needs some cleanups (I originally hard coded the log urls/search engines/etc), and the config file support should be added to it. Once I’m done with those, I’ll upload the source code soon… Yes, it’s distributed under GPL.

Few years ago google placed a bill board in Silicon Valley (Well, I haven’t seen that but read the googleblog post). The board was about a small programming problem.

Somehow, that blog post became one of the top stories in digg recently; after seen it, I decided to give it a try. I just used the straight forward brute force method and it was surprisingly easy. It was just like a old days doing an IOI code, and more to the point, runtime doesn’t matter, memory limits doesn’t matter, and coding time doesn’t matter, so, what make it an IOI code is that code quality also doesn’t matter.

I just code like I always did… just coded… coded… coded… never bothered about the coding standards… and finally two small programs (e.zip). First I generated factorials up to 100, divide 1 by all those and saved the result (upto 500 decimal places) in a file. Then from the next program I added all those things together and checked for a prime. Pretty simple. The answer was 7427466391

Today, I recursively downloaded a web site to my web server using wget, and for some reason it didn’t work well. Some of the immediate files are missing. After running through the original site source, I realized that it’s about the files inside the style sheets. So, I made some quick modifications to the wget source.

It’s just a hack to get my download working, however it will also work on some other sites as well(I hope ;-)). errr…. Sorry about the quality of code.

Unfortunately, I lost the original source code(I have no intention to download it again using my dialup; ah! I forgot to tell you, I’m enjoying the vacation at home; Ratnapura), so I can’t create patch files. wget version is 1.10.1. Download recur.c and html-url.c.

Thousands of people searches through the internet for the above topic, and apparently they come up with quite nice articles which explains how to hack. Most of those are sending an email to a specific email address of the service provider which is a system account. What you have to do is, send an email from your account with your password and also add the email account to be hacked into it. I’s very easy, they give you the format of the email, you just have to insert the two values and send the email to the system account. And just after you send the email, the system account logs into your account and then do some bullshit(this changes from article to article) and send back the password of other person. Pretty cool isn’t it?

This method is really simple. As I mentioned before, this technique is called social engineering. Once you sent your password, it’s a hack! They have used social engineering to get into your account.

There is one thing you need to keep in mind before searching through the internet for above topics, don’t fall into pitfalls. There are thousands of security experts working on securing the email services, so it’s very unlikely there are flaws on those. In other hand, even if there’s a flaw, who would want to share it? As a matter of fact, just after he shared it the service provider will get alerted and they’ll close the hole, and the founder won’t be able to exploit it any longer.

So, if you really really want to hack into email accounts (I strongly recommend not to), find your own way. The best possible is to use social engineering.

Today, I was writing some documentation for a project and suddenly noticed that I was using semicolons instead of dots.