Using SSL with Gmail and Gmail Notifier

With the recent announcement at Defcon, Gmail users will soon be the target of session hijacking. The reason for this is that Gmail by default does not encrypt any traffic (except logins). This allows anyone on the local network to sniff for session ids passed between gmail and the user when you check your email.  With this session id, a hijacker can act authenticate themselves as you without the need for your username and password.

This has always been an issue for non-encrypted traffic, but it was announced at defcon that a tool has been released that automates this hack.  This was enough reason for Google to release an option to turn on SSL.  The problem here is that you still have to manually turn it on.

To turn on SSL go to “Settings” and at the bottom you’ll see an option called “Browser Connection.”  Choose the option “Always use https.”  Yay now we’re protected from session hijacking!

ssl.png
The problem I next noticed was that gmail notifier stopped working!  After doing some investigating, I found that you had to do some hex editing with gnotify.exe to get it to use SSL.

Before we do anything, close and make a backup copy of gnotify.exe just in case anything happens.  By default you can find this executable in C:\Program Files\Google\Gmail Notifier.  For hex editing I used an old favorite hex editor called “Hex Workshop” for Windows.  After you download/install it, open up gnotify.exe in Hex Workshop.  On the left you’ll see a bunch of hexidecimal characters and on the right you’ll see the ASCII equivalent.

To make the replaecment, we need to first find the area we want to modify.  To find the area, hit CTRL-F and let’s do a search for the string we want to modify: “http://”.  Under the “Type” drop-down choose “Text String.”  When you find “http://mail.google.com/mail/” go ahead and add a “s” after “http.”  You’ll see that whenever you type, it will overwrite whatever was in that field before.  Go ahead and type out the replaced characters until you end up with “https://mail.google.com/mail/”.

hex.png

Go ahead and save the modified executable and open it back up.  If it fails, you can always use the backup you made!  Otherwise, you should know have access to gmail over an encrypted connection!

I’m sure I’ll be writing a part II to this when I get home and my gmail notifier isn’t working there either.

Explosions in the Sky

How do we hear about new music? You might say the radio or MTV. Let’s be serious though, MTV doesn’t play music videos, not anymore at least. As far as the radio goes, I can only stand listening to the same 10 songs over and over again only so much. What about friends? Word of mouth is a great way to hear about new bands. If you know that one of your friends has similar music taste, you’re more inclined to listen to a new band per their recommendation. Now with the internet you have an additional resource to aid in discovering new music.

Last.fm is a site I’ve probably talked about before (whether on this blog or in person). It combines the last two ways of finding music: your friends and the internet. I’m discovered many bands such as Silversun Pickups and Mogwai based off of what my friends were listening to. One of the other reasons I love last.fm is how they recommend new bands. Not only do they let you see and read about bands who are similar to bands you already love, but they let you hear those bands too. I believe I was looking for artists similar to Mogwai when I stumbled upon “Explosions in the Sky” on the similar artist radio station. After one listen of “The Birth and Death of the Day” I was hooked.

You might say that I’m just going through a phase, which is true. I usually go through phases where I’ll listen to the same artist over and over again until I find the next one (Sigur Ros, Stars, Broken Social Scene were some of my most recent phases). Right now I’m on my Explosions in the Sky kick and I look forward to discovering other Post-Rock bands.

For all of you HTML hackers out there

I’m working on a new project at work which involves the use of Microsoft SQL Server and DTS packages…something I’m not familiar with.  As always, if I don’t know something I google it.

One of the sites I came across was this one. You’ll see that there is a pop-under that is blocking the content.  See if you can use Firebug to get rid of the pop-under to see the rest of the content.

Hint: After you get rid of the pop-under, you still can’t see all of the content.  Check the div style properties!

Selecting Options in Select Drop-Downs using jQuery

Say we want to pre-fill out a form with data retrieved from an XML file.  Once we parse the XML, we need to update the form.  If you know the jQuery library, using the val() and attr() methods are trivial for most inputs.  What about select drop-downs?  There’s no easy way to add the “selected” attribute to a drop-down.

As an example let’s say I have a drop-down of names.  I want to have the name “Nick” selected as the default value.  Using jQuery and XPATH, we can do this in a clean way:

$('select#name').find("option[@value=" + name + "]").attr("selected","selected");

The first part $('select#name') simply locates the select drop-down that we want (This is done in a fashion similar to CSS selectors).  The next part will find a child that is an option node and has the value of the name specified.  It will then assign the value “selected” to the attribute “selected.”  Simple as that!

Software Developers are Watching!

I made a couple tweets a couple days ago and to my surprise both of them got responses!  My first tweet was expressing my love for the Javascript library jQuery and the second was directed towards Firefox.  Turns out both the jQuery and Firefox group have twitter accounts are both listening!  Watch what you say on the interwebs!

CS Majors Need Something To Do!

In general, computer science majors arn’t the most social creatures.  There’s no particular hang out that you would go to to hang out with other computer science majors (In person at least).  This got me thinking about how other people meet other people.  In general you meet other people through parties, classes, events or other people.  Let’s cross off the first two on the list since I generally don’t specifically meet any other CS majors at parties and it’s summer, so class is not in session.  This leaves me with events and through other people;  These two in particular are how I meet a majority of my friends.

Last Friday (05/16/08) I organized a get together with my fellow students to go out for a beer in celebration of completing another  school year.  To my surprise people actually showed up and brought along some of their friends!  On top of that, the people who came actually had a good time and wanted to do it again!  Some already started talking about future events they had in mind.  To me this demonstrated a need for a central source of  events in Camarillo.  For those of you still in Camarillo, let’s face it, there isn’t really much to do here.  This is why it would be nice to establish a community of like-minded people to go hang out with.

I sit in front of a computer all day at work.  The last thing I want to do when I get home is to continue to sit in front of another computer.  I’d rather go outside and get active, hack on projects with friend, or simply enjoy a movie with others.  These sort of events will give us a chance to meet new people, a chance to exchange ideas, or collaborate with peers.  Already I met someone who was interested in collaborating on a project in python and showed me some stuff on recursive queries in MS-SQL.  Neat!  In general, I think this type of interaction is more important than interacting with a computer.

The obvious answer is to think of some events and send out invites!  The key I found is to just set a date to do something and people will show up.  Ideas I had in mind were LAN Parties (formal attire required?), simply going out for a beer (it seemd to have worked in the past!), movie nights (traditional and non-traditional), dinner parties, DevHouse (day-long hack-a-thon popularized in the bay area), and of course outdoor activities (camping, climbing, hiking).  So to all of you CS/IT majors in Camarillo/Ventura County, expect some invites to some events this summer!

ToDo This Summer

So I pretty much have not updated whatsoever this semester.  Between school, work, homework and trying to maintain a social life, I haven’t had time for anything else.  With school over with in a week I’ll have free time again!  What will I be doing with this time?  This is what I got so far:

  •  Learn Python – I feel I should’ve avoided the whole Ruby craze and stuck with Python.  I started the O’Reilly book last summer, but never got around to finishing it.   I hope I have better luck this summer.
  • Learn C# – At work I’m pretty much forced to use .NET for some projects.  Since the only .NET language I remember is VB.NET I’ve been using that.  Instead I would prefer something that feels more like Java, thus the desire to want to learn C#.
  • Learn iPhone SDK – This is a “if I’m bored enough” idea.  I think it would be cool to write iPhone apps, but this doesn’t have any practical purpose.
  • Read – There are a few books I have in mind.  Here are a few that come to mind:
    • GTD – There’s so much information in this book, thus my desire to read it again.
    • The Pragmatic Programmer – Saw it at my school’s library
    • Books on System Theory - Jeff Lindsay started a google group for groksystems.  Of course this got me interested in Systems again.  I plan on finishing Ackoff’s Best and even found a couple books at the school library.
    • Chess books – I admit it: I like chess.
  • WeBGoat – This is a neat web security practice app.  It’s essentially a Tomcat server with insecure web pages (written in JSP) that teach you about a certain exploit and how to protect against it.  Sounds neat to me.
  • PBWiki QuickEdit – In my last post I had an idea for a notepad-like program that would instead edit wiki pages.  I actually want to make this program this summer.  The first thing I would have to do is make a library that does the communication and then write the application itself.  I’m kind of excited about this one!

So that’s the plan for this summer.  Writing down a list is one thing and doing it is another; we’ll see how it goes.

Idea for quick editing

I’m trying to transition my “ToDo” list to a wiki, but it’s just not as convenient as a simple text editor. I like the idea of being able to quickly open a file, edit and save it. With a wiki I have to open my browser, navigate to my wiki, etc. I think it would be cool to have a text editor that allows you to directly edit a page online. That way you only have to enter a URL and your credential information once (if you choose to save it that is). Whenever you open it, just find your file, make your changes and save. The updates would be sent to your wiki.

Anyways, I’m sure this would be a fun project when I have time, but just throwing the idea out there.

Jott

Jott is my new favorite web app. I took notice of it when I noticed a few people using it on twitter. I would see a message with a link to a voice recording of the same message. This is a pretty neat use for it, but I have another use for it. Before I get ahead of myself, let’s look at what Jott is.

Jott is a service that allows you to leave voice mails for yourself, or other people, and have it transcribed into text. From the phone number you choose to use, it will ask you who you want to Jott and then allow you to leave a message up to 30 seconds in length.

I haven’t used it to send messages to anyone or to any service, but rather, I use it to take notes for later use. Before I would usually take a picture of something or record video as reminders to myself. Instead I call Jott, leave a message telling myself to add a movie to my Netflix queue or to check out a new band. When I get home, I have a transcribed version of my message waiting for me in my inbox. The neat thing about having a transcribed version of my message is that I just have to glance at it to remind myself. There is no need to listen to what I said which takes a slightly longer time.

The transcription process is fairly accurate; Just make sure you speak clearly into your phone. If Jott can’t properly transcribe your message, and you don’t remember what you wanted to remind yourself of, you can always listen to the original voice mail.

The added benefit of using voice is that it’s quicker than texting. I find cell phone keypads to be slow, and distracting. With this service I can quickly leave my message and go back to my normal routine.

I can definitely see the service becoming big since it has a lot of potential. I recommend everyone to check it out and maybe write about how it has streamlined some task for you.

Report back from SHDH22

Since moving to Camarillo for college in August, I missed both SHDH20 and SHDH21 due to the increased distance between the Bay Area and where I live. However, since I’m back in San Luis Obispo for winter break, I was able to attend SHDH22. Instead of spending my time socializing and learning, I actually came with an agenda of things to do.

A few months back I registered the domain http://picturesofpeopletakingpictures.net because my friends thought it would be funny. (Alcohol was also involved and it seemed like a good idea at the time). I still don’t know what I want to do with it, but I put wrote up a small script using Rails that queries flickr and displays a random picture tagged “picturesofpeopletakingpictures.” It turned out to actually be a huge pain in the ass because the flickr gem I used had their own API key built in. Once I hacked together a fix for using my own, I got it working pretty quickly. When I uploaded it to my web server, nothing worked. Duh I forgot to freeze the flickr gem! Nope that wasn’t the problem. Apparently you have to use a folder structure like ~/flickr-ver_num/lib/flickr.rb. The library had ~/flickr-ver_num/flickr.rb. After struggling with that for at least 45 minutes, I had it up and running. Anyways, if anyone has suggestions of something better, leave a comment.

I started on a project that could turn into a DevHouse competition. More on this later if it actually happens.

Lastly, I started looking at the Android Java Framework by Google for Cell Phones. I mean why not? Google has some pretty good documentation and tutorials that I was able to follow and I end up writing a Hello World program!