Monday, April 26, 2010

How much can I learn about you while you browse CNN?

Generally, I get my news from three sources: BBC, CNN, and Digg (oh well, not all news :-P). Today, I had a very nasty surprise when I went to CNN.

A list of my friend's facebook statuses and "groups" people had liked related to the content on the CNN homepage. Every time I refreshed the page, the groups and statuses changed. This disturbs me for two reasons that I hope don't sound absolutely crazy.

The first reason: If a person is listening over your network with something like wireshark, he now has a list of people you know just after a few page clicks. He can look these people up on facebook and get a lot of information on you just with that. Maybe a mandatory HTTPS:// on any site consuming the facebook api in the way is the way to go?

The second reason: Does this adhere to the privacy settings I set? or does this adhere to the friends who can see me when logged in? If my statuses are being sent onto a web site like that, that would make me incredibly uncomfortable.

I have gone to great lengths to make sure what I put on face book stays on facebook. These gadgets are poking up everywhere, and simple javascript exploits could gather this data, let alone trojans, activex controls, or rogue BHO's.

Am I just being too paranoid?

And just FYI: If you ever need any info on people, it's scary how much info you can get from facebook not even being their friend.

EDIT: Ok, I did some research using wireshark. I was successfully able to capture my Facebook integer ID that they used before we all had 'usernames' and find myself. Not only that, but it was my whole facebook cookie.

Sunday, April 25, 2010

Counting words while watching a video

So, a friend of mine asked for some help on a statistics assignment in which he counted the amount of times any given word was said during a movie. He asked if I could write up an app that would help him do this fairly easily, so I said sure.

It took me about an hour and a half to get it written and the bugs worked out and then he decided it was taking too long and just started doing it by hand, and didn't tell me about it while I still worked on it.

Whatever. Maybe someone else can find it useful.

The video won't show up in the picture, but it plays anything windows media player can play.

While watching the video, pressing 'r' will record a time for the word being recorded, rather than having to sit with the mouse or keep the focus on the record button. In the end, it spits out a result as such (per friends specifications):

The compiled executable is

The source code is here.

Have fun counting words now! If anyone actually wants this for linux, I could look into porting it to GTK and gstreamer.

Friday, April 16, 2010

FtpWebRequest uploading

This may be obvious to some people but WebRequestMethods.File.UploadFile is not the same as WebRequestMethods.Ftp.UploadFile.

If you keep getting an error trying to upload the file along the lines of 'This method is not supported', make sure you are using the correct request method.

Sunday, April 11, 2010

Stupid IE password box behavior

If you have special characters in your password like most good passwords should, and you type your password (with special chars) into a textbox in password mode and use ctrl+bkspc to clear the password, it will give you the location of the special chars in the password box.

I consider this a gigantic security flaw and is pretty terrible. I have only found this behavior in IE. Is this known? I seem to remember running into this for years.


for example, try this

go to gmail in IE

focus on the password box and type "password" (no quotes) and then hit ctrl+bkspc

then do the same for 'pass/word' (no quote)

Saturday, April 3, 2010

On Optimization

A few days ago, I became curious about a problem. It wasn't necessarily my problem, but it had been something I'd encountered throughout the past few years I guess. This time around, it was dealing with file path manipulation, so I decided to think of every way I'd seen file path manipulation done and check the speed, GC, and RAM usage throughout each test and see which method was fastest and less RAM dependent. I am not claiming these tests are thorough or even accurate, but the results are interesting. One thing I noticed was that it didn't matter what test was ran first, it always had a large gap in the RAM and GC usage, so I assume it has to do with loading dependent libraries and them being cached in later methods. This recreated every file path on my windows partition (/windows) since I knew I wouldn't get any permission errors.

The main lines in the code that I was testing are the following:

string fileName = d + dirSeparator + info.Name; //dirSeparator is defined once at the beginning of the method.
string fileName = d + "/" + info.Name; 
string fileName = d + Path.DirectorySeparatorChar + info.Name;
string fileName = Path.Combine(d, info.Name);

And the results:

bperry@bperry-desktop:~/Projects/PathingSpeedTest/PathingSpeedTest/bin/Release$ mono PathingSpeedTest.exe 
Building cache...

Starting escape from outside iterations...
Took 23 seconds
Most RAM: 78932kb (Started with 78800kb)
Most GC: 620kb (Started with 604kb)

Starting escape from inside iterations...
Took 29 seconds
Most RAM: 78828kb (Started with 78828kb)
Most GC: 616kb (Started with 612kb)

Starting environment escape...
Took 29 seconds
Most RAM: 78828kb (Started with 78828kb)
Most GC: 632kb (Started with 600kb)

Starting Path.Combine() test...
Took 29 seconds
Most RAM: 78828kb (Started with 78828kb)
Most GC: 616kb (Started with 612kb)


May not be the best way to test this, so I am open to suggestions. Source code is here (is monodevelop, so not sure if it will open in VS).