Define the Great Line

http://www.scribd.com/doc/37767159/HR-407-Inquiry-on-Broadband-Internet-Services

Kabataan Partylist Cong. Mong Palatino filed a house resolution “directing the house committee on information and communications technology to conduct an inquiry, in aid of legislation, on the quality of broadband services delivered by commercial telecommunications companies.”

If you are one of the thousands of users who have suffered through unfairly substandard internet services then please support this resolution. Send an email to your congressman enjoining them to support this resolution and conduct an inquiry!

Share on Facebook

We(the US) are walking on thin ice. We are threading the same path the first democratic regime ever created in the western world, namely, the Roman republic. The Roman republic inadvertently acquired an empire around the world and they then discovered that to maintain, expand, protect this empire they required standing armies. Standing, as what George Washington warned us in his farewell address, is that they will destroy the structure of the government that we tried to create in our constitution to prevent the rise of imperial presidency. The single most important article in our constitution is the one that gives the right to go to war exclusively to the elected representatives of the people, the congress. Our congress, in Oct. 2002, voted in both houses to give this power to a single man, including the use of nuclear weapons if he so chose, and of course less than six months later, he chose to exercise it in Iraq. – Chalmers Johnson[CIA 1967-1973], BBC’s Storyville: Why We Fight

Chalmers in BBC's Storyville: Why We Fight

Share on Facebook

When I was being trained more than a year ago by the company I am working at, one of the first things that was really drilled onto us was to guard against SQL injection. SQL injection is basically an attack where the hacker tries to inject SQL strings into your queries.

For example, a simple login query string might look like this:

“select count(1) from users u where u.username = ‘” & pUsername & “‘ and u.password = ‘” & pPassword &”‘”

Parameters pUsername and pPassword will be replaced by the corresponding string values passed. For beginners, this is exactly how parameters are incorporated into the query string. In a perfect world where pink unicorns run around pots of gold at the end of rainbows, this is perfectly fine. In the real world, though, where malicious credit card number stealing hackers are becoming increasingly common, this is madness. Depending on the kind of database use, all sort of BAD THINGS can be done by hackers quite easily. Using this query, the hacker can simply supply pPassword as something like “‘ or 1 = 1 #” and your login screen will be rendered useless. Let’s see how the query actually looks like when the hacker does this:

“select count(1) from users u where u.username = ‘SOME_POOR_BLOKES_USERNAME’ and u.password = ” or 1 = 1 #’”

If you haven’t seen it yet, the hacker just managed to extend your query’s condition and injected an always true condition(1 = 1). The hash(#) by the way is to comment out the dangling single quote as well as whatever other conditions the original query had after the password part.(# is the one line comment notation for MySQL, other databases have other ways) This can even be more damaging if the hacker tried on an admin username.

Even more disastrous is when the hacker destroys your data as illustrated by this hilarious xkcd.com cartoon:

Little Bobby Tables

By some estimates, about 18% of all hacking is done via this vulnerability. This is shocking considering this problem can be solved easily. The most basic way of countering this exploit is by “sanitizing” user input – that is by cleaning up every data passed by the user. Cleaning up basically means replacing all single quotes into double single quotes. A more elegant solution would be to use bind parameters instead lexical parameters. Lexical parameters are parameters that are concatenated into the query string. Bind parameters are bound into the query string(e.g. select 1 from users where user = :username).

Share on Facebook

23.

Actually, 23 years, 3 months and 16 days.

Has it really been that long? Have I really lived a third or maybe a quarter of my life? Wasn’t it just the other week when I was but a boy playing noontime basketball oblivious of the searing heat of the sun in my grade school’s yard? Wasn’t it just the other day when I was a teenager frowning over curfews, school projects and pretty girls? Wasn’t it just yesterday when I was a university boy savoring the new found freedom?

23 years past and roughly 40(or 60 if I am to be optimistic) more to go. What does it all mean? Life.

All modesty aside, I know I have come a long way. From the shy, bookish boy in grade school to the nerdy teenager and the activist-ish, journalist-wannabe, code weaving college boy. I am no longer the kid who was afraid to speak his mind, no more “I can’t do this because he/she said am not good enough.”

The years that lie ahead are uncertain. For all I know, I will die next week. But it does not matter. I know I took the wheel. No, I know I grabbed it fighting tooth and nail all the way. It will not matter if I reach the finish line or crash and burn along the way for as long as I am at the helm.

As William Earnest Henly so beautifully put it:

It matters not how strait the gate
how charged with punishments the scroll
I am the master of my fate
I am the captain of my soul

Finally, here’s a great song from 30 Seconds to Mars. It’s called Kings and Queens and it speaks to those who had the audacity to take control over their lives, to those not content with being mere subjects to the ebb and flow of life.

Into the night
Desperate and broken
The sound of a fight
Father has spoken.

We were the kings and queens of promise
We were the victims of ourselves
Maybe the children of a lesser god
Between heaven and hell, Heaven and hell.

Into your eyes
Hopeless and taken
We stole our new lives
Through blood and pain
In defense of our dreams
In defense of our dreams

We were the kings and queens of promise
We were the victims of ourselves
Maybe the children of a lesser god
Between heaven and hell, Heaven and hell.

The age of man is over
The darkness comes and all
These lessons that we’ve learned here
Have only just begun

We were the kings and queens of promise
We were the victims of ourselves
Maybe the children of a lesser god
Between heaven and hell.

We are the kings
We are the queens
We are the kings
We are the queens

Share on Facebook

My oDesk activities have started picking up lately and so I found myself in need of an online code repository. The only free repositories I know are GitHub and Google Code but these are public repositories intended for open source software. Their private repositories are for paid accounts only. So I fired up google and searched “free code repository” and found Assembla.

Assembla offers limited space free SVN repositories while giving you the option to set it to private. Assembla also offers the ability to add ‘team members’ and ‘watchers’ into your project. For team members, you can control whether they can view and edit your repositories. By the way, the space limit is 2GB which is actually pretty generous. I don’t expect to ever fill it up with just code.

After setting up my account and repository, I proceeded to setup my freshly installed Eclipse Helios to use Subclipse which is an Eclipse add-on that enables you to connect and synchronize with SVN repositories. After that, I proceeded with added the obligatory Hello World project into the repository as a test and voila! It works! Now I don’t need to worry about backing up my personal projects, I’ll just push it upstream into my repository and no problem!

Share on Facebook