About

open source enthusiast, sony psp, and life.

Twitter

    Following

    http://www.davidslog.com/ http://staff.tumblr.com/ http://phildawson.tumblr.com/ http://icednyior.tumblr.com/ http://tekong.tumblr.com/ http://www.robgo.org/ http://syazaliyana.tumblr.com/ http://rozinorazali.tumblr.com/ http://kevinrose.com/ http://rararawr.tumblr.com/ http://bijansabet.com/ http://owlinthedark.tumblr.com/ http://nuricon.tumblr.com/

    01/22/2010

    G1 with Eclair ROM

    If you following my tweets, last Monday I have bricked my G1 in order to update my SPL to HardSPL. I did not read thru the guide and ended up bricked my G1. Luckily my ubuntu box recognized my phone and revived it.

    The reason that I want to update to HardSPL is , now every other dev rom beside cyanogen, need the HardSPL. I have always want to try Eclair (the nexus rom) and yesterday it is a success.

    Simple step.

    1. Update Radio

    2. Update SPL

    3. Flash the rom.

    First boot take almost up to 10 minutes (remember to wipe data+cache+dalvik). The Nexus boot screen is sweet. And it fast. yeah FAST. No Force Close yet. Now I can add multiple GMail account, having Live Wallpaper and much more. Here are some screenshot I take earlier

    You can do that by read this guide over at XDA -> here

    Text posted at 9:58 AM (1 month ago) | Permalink

    Comments (View)

    01/15/2010

    Tumblr sends passwords in the clear.

    paulitex:

    I just sent this email to support@tumblr.com. I’m hoping by bringing a bit of attention to this fact the issue might get fixed a bit quicker.

    Hey there,

    First I want to thank you guys for making such an awesome blogging site. First web app I’ve been genuinely excited about discovering in a long time.

    Secondly, I wanted to ask you if you are aware that you are sending your users’ password’s in the clear (I’m guessing so) and if you plan on fixing that? The issue is this, using a free program like Wireshark (http://www.wireshark.org/) I can ‘snoop’ packets and read http requests. Since you’re including passwords in the request unencrypted, I can easily look at the http layer of that packet and read tumblr passwords, plain as day.

    Now this wouldn’t be such a big deal if I could only snoop my own packets, but that’s not the case - I can also snoop my neighbours. In fact, I can snoop anybody on the same wireless network as me. So imagine I’m at a coffee shop enjoying their free wifi with all the other laptop’d customers. I notice the person in front of me go to http://www.tumblr.com/login. I flip on Wireshark. They type in their email & password and click ‘log in’, all the while I’m capturing. I stop the capture, find their request and I now have their password. Not only is their tumblr account compromised, but since we all know people tend to use the same password for everything this could easily lead to major identify theft.

    In any case, the solution is simple. Just post your login form to an https server. Here are snippets from facebook and twitter’s login pages to show you what I mean:

    Facebook:

    <form method="POST" action="https://login.facebook.com/login.php?login_attempt=1" id="login_form"><input type="hidden" name="charset_test" value="&euro;,&acute;,€,´,水,Д,Є" /><input type="hidden" id="locale" name="locale" value="en_US" autocomplete="off" /><input type="hidden" id="non_com_login" name="non_com_login" autocomplete="off" /><table cellpadding="0" cellspacing="0"><tr><td class="login_form_label_field login_form_label_remember"><input type="checkbox" class="inputcheckbox " id="persistent" name="persistent" value="1" /><label for="persistent" id="label_persistent">Keep me logged in</label></td><td class="login_form_label_field"><a href="http://www.facebook.com/reset.php" rel="nofollow">Forgot your password?</a></td><td class="login_form_last_field login_form_label_field"></td></tr><tr><td><input type="text" class="inputtext  DOMControl_placeholder" title="Email" placeholder="Email" id="email" name="email" value="Email" /></td><td><input type="password" class="inputpassword" id="pass" name="pass" value="" /

    Twitter:

    <form action="https://twitter.com/sessions" class="signin" method="post"><div style="margin:0;padding:0"><input name="authenticity_token" type="hidden" value="83ded7fd9608acf581ac55f489c77cf3bc13cec7" /></div>  <input id="authenticity_token" name="authenticity_token" type="hidden" value="83ded7fd9608acf581ac55f489c77cf3bc13cec7" />  <fieldset class="common-form standard-form">

    <table cellspacing="0">

    <tr>

    <th><label for="username_or_email">Username or email</label></th>

    <td><input id="username_or_email" name="session[username_or_email]" type="text" value="" /></td>

    </tr>

    <tr>

    <th><label for="password">Password</label></th>

    <td><input id="session[password]" name="session[password]" type="password" /> <small><a href="/account/resend_password">Forgot?</a></small></td>

    </tr>

    By contrast, you post to “/login” which means the unencrypted http://www.tumblr.com/login. Here’s the equivalent tumblr html snippet:

    <form action="/login" method="post" id="account_form">

    <label for="email">Email address</label>

    <div style="border: 1px solid #fff; margin-bottom: 20px;"><input type="text" name="email" id="email" class="text_field" value=""/></div>

    <label for="password">Password</label>

    <div style="border: 1px solid #fff; margin-bottom: 30px;"><input type="password" name="password" class="text_field"/></div>

    To be certain I just logged into tumblr via the browser on my iphone (same wifi but otherwise not talking to my laptop) and can confirm that I was able to snoop and very easily see the password using my laptop. So I can assure you the issue is real.

    Thanks again for making such a great site and I sincerely hope you make it even better (as soon as possible) by fixing this security hole.

    Best,

    Paul

    Text posted at 3:16 PM (1 month ago) | Permalink

    Comments (View)

    01/13/2010

    Hello 2010

    I know, it is late to welcome 2010, but what the heck. 2009 is pretty awesome. Some achievement made but some is still in searching mode. Here are some list I have done in 2009.

    1. My baby boy is 1 year old.

    2. Holiday in Gold Coast, Australia. Will make a comeback. I promise.

    3. Re-Launch JBFoodClub.Com website. Food passion. Just to log on every food places in Johor Bahru at the same time, share it to the world.

    4. Got my hand on HTC Dream (aka G1) and love it.

    5. Make a android apps. RadioSongs

    6. Get in touch with friends again, thanks to Facebook

    7. Got so many idea to start my own startup, got one in hand and found a good marketing guy.

    8. Finally met with old friends of UiTM after 10 years.

    Not so many eh, actually I am quite disappointed what I am having now, I want to make 2010 a better year for me. The company that I served for almost 10 years, is still the same as 10 years ago. Need to find ‘new’ spark. So for 2010.

    1. Launch my startup

    2. Promote more JBFoodClub

    3. Create more venture and more business.

    4. More holidays

    5. Exercise more

    6. Financial freedom.

    Text posted at 3:06 PM (1 month ago) | Permalink

    Comments (View)

    12/30/2009

    Migrating from Fedora 12 to Ubuntu 9.10

    Just a little update. Finally I manage to migrate from F12 to Ubuntu 9.10. The main reason is

    1. Android Development - More and more tutorials are refering to Ubuntu, even from the Google itself suggested using ubuntu

    2. Sound - Like crap in F12. In Ubuntu I get more surround sound.

    Settings up like backup the /home folder in F12 and complete install Ubuntu just around 30mins and up installing java, eclipse, in an hour. Lucky in a fast connection.

    Text posted at 4:20 PM (2 months ago) | Permalink

    Comments (View)
    Bigfoot Theme © 2008 by Harris Novick
    Google Analytics Alternative