It’s Just Poison…

And the hacking begins!

I finished off my day of work and headed to the airport to take off for Vegas for the weekend. On my lunch break I checked into my flight and expected to print out my boarding pass. The option was there, but there was another option. One that I’ve never seen before: Save to your mobile device. ?!

Hell yeah, I’m down to try this out. What it did was email a link to my iPhone. When you click on the link, the browser opens to a page that displays a barcode, and all my flight details (see the image below).

When I arrived at the security checkpoint, the little Indian man asked for my boarding pass and I showed him the webpage on my phone. He balked a little about needing a paper boarding pass with gate information, but I firmly insisted that this was all that was necessary… and he let me pass. Social Engineering Tactic #1: Success.

My next interaction was the security lady that was to check my boarding pass with my ID. When I showed her my phone, she smiled and told me how she’d heard about these but never got to scan one. I was her first. Awww. I hope she remembers me :). Anyway, after scanning my phone she didn’t even ask me for my ID. She just handed me my phone and said I could go through. I asked if she needed my ID and she said that it was verified through the scan. Ummm…what? I dunno if I’d call that an SE tactic, but definately got around security (without even trying). Success?

Next I as to strip down and walk through the metal detector. When I walked through, the security guard asked for my boarding pass. I told him thy it was on my phone. Deer in headlights. “let me see boarding pass”.
“Umm, I don’t have a paper one. I have an electronic one on my phone,” I said.
“you must carry boarding pass with you to give to me!”
“ok. Dude… It’s on my PHONE! I can’t carry a phone through the metal detector!”.
“oh. Ok. Go ahead”
?!
SE #3? Success I guess. (oh. Still no request for my ID.)

When I arrived at my gate they had just begin boarding first class. Great timing! Next they announced boarding for Elite Members. I’m not an elite member, but it’s a full flight to vegas and I’m sitting in the first row. This means I’m last to board and there will be no room for my bag and it’ll have to be cheked. Crap.

So I board :).

The ticket taker asks for my boarding pass and I handed him my phone. He looked back at me and told me that they were only boarding elite members right now. So I told him that I was an elite member, but that the status wasn’t on the phone pass thing.

I boarded.
SE #4… Success!

On to Vegas baby!

For the longest time I’ve been struggling with an issue of browsers caching dynamic images that have the same name. Here’s my use case:

A user has a profile photo on their profile photo that’s called MyProfilePhoto.jpg. The user uploads a new image for their profile photo. When they load their profile page, the browser sees the request for MyProfilePhoto.jpg and just pulls from cache. But in reality, the image has changed. This causes the user to re-upload the photo and get super frustrated. The solution seems to be stupidly simple: Append a random querystring value.

So my new image source value is something like: MyProfilePhoto.jpg?r=1234

This causes the image to be reloaded every time the page is loaded. Another way that I’ve thought about attacking this and making it a little more controlled is to store a random value to the database when a new image is uploaded and just append that value to the querysting. This will ensure that the new image is always loaded, and that it will pull from cache until the image changes.

I’m just lazy, and don’t want to add more fields into my user tables =)

You can see this in effect on my profile page on bodymod.org. Just view the source of my profile image.

.: Adam

If you’re a web developer and you do all your debugging in firefox because it’s a standards based browser, and has the awesomest tool ever (firebug), then you’ve probably had this happen to you too:

You’re playing around with making a form, and you have a drop-down. When you try to pre-pop it with a value, using the selected="true" deal, firefox doesn’t seem to recognize it.

Well, that’s because firefox sees that you’ve already filled in this form and overrides what the code says with what you had in there before. FOOK!

To kill this "feature", put about:config into the address bar and then change browser.formfill.enable = false (just double click on it.

No more frustration!

This is seriously a great browser and I’ve only played with it for about 5 minutes. If you’re a fan of firefox, and you’re a fan of the internet, get <a href=”http://www.Flock.com”>Flock</a>!

Mozilla’s website can be a little tricky to navigate if you’re looking for an older version of Firefox to download. So here’s the link to their public FTP server that has them all readily available to you =)

Mozilla Public FTP Server

(if you traverse higher, you can get access to all their apps and stuff)

Do this, it really does work!

1. Type “about:config” into the address bar and hit return. Scroll
down and look for the following entries:

network.http.pipelining
network.http.proxy.pipelining
network.http.pipelining.maxrequests

Normally the browser will make one request to a web page at a time.
When you enable pipelining it will make several at once, which really
speeds up page loading.

2. Alter the entries as follows:

Set “network.http.pipelining” to “true”

Set “network.http.proxy.pipelining” to “true”

Set “network.http.pipelining.maxrequests” to some number like 30. This
means it will make 30 requests at once.

3. Lastly right-click anywhere and select New-> Integer.
Name it “nglayout.initialpaint.delay” and set its value to “0″.
This value is the amount of time the browser waits before it acts on
information it recieves.

If you’re using a brodband connection you’ll load pages 2-30 times faster
now.

Booyah!