Alexis Wilke's blog

Browser Security: Passwords are not protected at all...

Firebug to the rescue

As a developer, I use tools that allow me to find out whether my code works as expected. This tool, Firebug, allows me, among other things, to look at a browser DOM and the content of all the variables.

Log In Page Safe!

The other day I went to a page that asks for your log in name and password. The page looks proper and the password, as expected, is hidden from praying eye while you type it. In other words, it shows bullet points for each character that you type. Perfect.

Phone Call Distraction

Now... imagine that I start typing my user name and my password, then ...

Learning more about convert from ImageMagick

As I often scan documents that in the end I want to get in Black & White and cropped, I decided to look at the capabilities of the convert command line tool so I wouldn't have to manually change those images.

With the Gimp I can load the image, crop it to only what I want to keep, then convert the page to black and white. However, to get a valid black and white image, you want to first apply a filter that looks like this:

Filter to prepare image for monochrome conversion.

This is done using the following convert command line option:

-level 55%,71%,1.0

This tells the convert tool to change all colors that have a level of 55% or ...

JavaScript Inheritance

JavaScript objects can inherit from others using the Object.create() function as follow:

function A()
    // some initialization

A.prototype = {
    var_name: "some value",

    func_name: function()
        // some implementation

function B()
    // some initialization

// make B inherit from A
B.prototype = Object.create(A);

Unfortunately, that prevents you from using the object declaration to extend B. Now you have to use = value or function.

How common are bad passwords?

As I was looking for a hacker site that would offer a complete list of passwords, I found a page that showed the top 25 passwords used on common websites such as Facebook and Twitter, and even email systems like Yahoo! or GMail.

The Unix File System -- a Gotcha?

A Powerful File System

When handling files under Unix, you have a mechanism which is completely different than the file system available under MS-Windows and most often programmers who are used to MS-Windows will not understand one of the most powerful feature of a Unix file system.

Each file is assigned what is called an inode. When a file is being accessed, its inode gets locked (a simple resource reference count), and once done with it, it gets unlocked.

While being locked, the file can get deleted. If that happens, the file disappears from the file system (i.e. an ls command does not ...

The MySpace Worm

A Website Worm starts with JavaScript that infiltrates other people browsers and send information from their computer to you.

There are all sorts of reasons why such would work or not work. Interestingly enough, a stylesheet can include JavaScript when added as a style argument. At least Internet Explorer understands such when used in a url() as used for a background specification:

<div style="background:url(javascript:alert('Foor'));">

As we can see, the alert shows up when this tags gets loaded. Now you can have that alert appears on someone else's computer ...

Château de Montbéliard

As a kid, one of our teachers asked us to draw the Château de Montbéliard from an old photograph.

The castle was still dirty at the time. It has been cleaned up since and the rock looks white. Something that even the people who built that castle most certainly have never seen!

Château de Montbéliard

This picture won second place. Unfortunately, the kitchen and first palace (center part between the two towers) is not detached from the right tower. My 3D skills were not yet perfect then.

Find a picture of the castle in modern time on WikiPedia.

Incredible Californian Law

Incredible Californian Law

As a software developer living in California, I learned of a few things over the years. One of the most incredible thing I learned about is section 515.5 of the code of Labour.

More or less, that section says that you are a software developer and make $36/hr or more (or wages of $75,000/year) then you are not eligible for any overtime as defined in section 510.

No Overtime for Programmers in California!

Now, I agree that if you earn more than $36/hr (some programmers do make around $80 to $120) then you are certainly well fed anyway. But you have to consider ...

Quite Incredible Optimization

I was nicely surprised today when I tried to compile the following test function with the -g3 optimization flag.

int f(int a)
    bool b(true);
    b &= a;
    return b ? 5 : 255;

The result makes use of advance arithmetic to compute the 5 or 255 out of the 0 or 1 defined by the result define in b. As expected, though, if a is not 0 or 1, the result may not be what you'd otherwise expect.

 0: 83 e7 01        and    $0x1,%edi
 3: 83 ff 01        cmp    $0x1,%edi
 6: 19 c0           sbb    %eax,%eax
 8: 25 fa 00 00 00  and    $0xfa,%eax
 d: 83 c0 05        add    ...