What the Taj Mahal has to teach us

Posted: January 4, 2012 | Author: | Filed under: Uncategorized | Tags: , , | Leave a comment »

On 2nd January 2012, I visited the Taj Mahal at Agra. I’d been cautioned to not go with great expectations just because it was one of the 7 Wonders of the World, but I found it to be the most inspiring work I’ve ever laid my eyes on.

Angled shot of the Taj

The Taj Mahal

Design is more important than engineering

Engineering is merely the masonry required to support art. It is no doubt a work of skill and intellect, but finally secondary to what is more important – humane design. Design serves a far greater purpose than engineering, because it is finally what the viewer sees. It appeals at a far more primal and universal stage than logic and thought. Finally, all that matters is that the end-result is beautiful.

Attention to detail

No corners should be cut, and every small thing should be done right. Even the tiniest of things add infinitely to ambience and feel. At the Taj, from the tiling to the diamond-like roofs to the surfaced orbs at the bottom of pillars, the same amount of intricacy is seen everywhere, even if it’s just a fringe to a marble-block.

None of the floral design on the marbles is paint, they are all embedded precious stones. Paint may fade, embedding stones is relatively timeless.

Consistency

A basic set of patterns repeat symmetrically all over the Taj. Each gate, each side, every pillar, quite literally everything is identical. It can be viewed from any direction and one will see the same structure. Even surrounding buildings to the Taj such as mosques are mirror-imaged. Consistency is beautiful.

Visual illusion isn’t always bad

There are these remarkable pillars to the Taj which look like they are 8-faced due to the embedded pattern on it, but they are in fact 3-faced. This was probably a trade-off for stability.

Taj Mahal Pillars

3 faces looking like 8

Future-safe your work

Each minaret to the Taj is inclined slightly outwards from the Taj. In the rare care of an earthquake that actually affects the Taj significantly, given all the safety features to counter them in its base (such as caving to create water buffers and wood to absorb shock), these minarets will fall outside of the Taj, and not on it, keeping the main building in-tact.

Faith and belief

Ultimately, the soul of all good design and engineering is faith and belief. The Taj immortalizes love for beauty and also features inscriptions from the Quran. Without acceptance of one’s smallness, there is no good art.

Facebook user-access hack?

Posted: July 4, 2011 | Author: | Filed under: Uncategorized | Tags: , , | Leave a comment »

I have been experimenting with Facebook for Developers, and working extensively with the Graph API. This was a gaping hole I realized I had left in my test-website’s implementation of the Facebook Graph API.

I used to link to user-display-picture like so:

https://graph.facebook.com/me/picture?access_token=

This implementation is vulnerable because the access_token is freely available to all.

I decided to Google Dork -

Googe Image search for:

inurl:https://graph.facebook.com/me/picture?access_token=

And BAM. Pick any user you want. Modifiy the link (with the Access Token included) from

https://graph.facebook.com/me/picture?access_token=ACCESS_TOKEN

To

https://graph.facebook.com/me/?access_token=ACCESS_TOKEN

Depending on what permissions the user gave the app, you’ll find quite a bit of private information that is normally protected by privacy settings. Not to mention this may be used to read, write on the user’s wall or to spam-harvest his/her email ID and maybe even view his/her pictures otherwise without having him/her add you as a friend.

Now on Google this doesn’t show much results (which is a good thing), but most Facebook Apps are iFrames(which is perhaps why they aren’t showing up on Google). It wouldn’t be very difficult to steal data in such a scenario. This is clearly a very small exposure. Symantec had however written about some more ways in which access tokens could be stolen - http://www.symantec.com/connect/blogs/facebook-applications-accidentally-leaking-access-third-parties

If you are a Facebook Developer, protect your user’s privacy by not using access_token publicly. You should use cURL to get the URL of the final redirect – ie. the URL to the Facebook CDN.

Choosing from various approaches to a programming problem

Posted: July 2, 2011 | Author: | Filed under: Uncategorized | Tags: , | Leave a comment »

It is likely to have more than one way of doing things while programming. This decision is not only in terms of what algorithm to use (this is easy), but more importantly how you are going to implement it syntactically.

Our programming tools are going towards convention-over-configuration, and often, which language/framework feature to use is an important question. It decides how you will be spending the next few hours – or minutes.

The best way to answer this not-so-trivial question is what would the language/framework authors want me to use?

The easiest way to answer your own question is by judging your options with 3 criteria:

  • Ease of implementation
  • Maintainability and extensibility
  • Readability

For example, let’s take CakePHP. When do we use an HTML helper, and when do we just exit the PHP block and write HTML? 

The answer is (by following the above guidelines):

Wherever possible, use inline-PHP + HTML. Whenever necessary to echo HTML in conditional-brancing, loop, or recursion, instead of just echoing bare HTML, generate the bare HTML with a CakePHP helper.

Understanding the internet

Posted: June 19, 2011 | Author: | Filed under: Uncategorized | Tags: , , , , , | 3 Comments »

The internet acquires it’s name from the fact that it is a network of computers placed globally that transmit packets of information among each other. (Using Traceroute, you can see this in action)

Traceroute working in a Command-Line-interface

Basics

Each computer on the network is assigned a unique Internet Protocol address by it’s network admin (in case of your home’s internet connection, this is your Internet Service Provider). Using the IP, you can use your Operating System’s networking abilities to send packets to a computer.

The packet is sent with three specific details:

  • The IP address
  • Port (we’ll get to this later)
  • Packet content

The port is basically a number assigned to a particular service running on the receiving computer. In case of the HTTP service (or the HyperText Transfer Protocol), this is Port 80.

This triggers the receiving computer to do its job and issue a response packet. This model of information exchange is called the request-response model.

DNS

Now for obvious reasons, working with IP addresses becomes a pain. Hence, services called Domain Registrars are authorized to register domain names, or text-character-based references to an IP.

eg. google.com => some xxx.xxx.xxx.xxx IP address.

So the packet first goes to a Domain Name System (DNS), and is resolved to an IP. The computers in the middle work their magic and the packet reaches it’s destination.

Types of connections

The internet supports two kinds of such connections, TCP/IP, and UDP. In the first kind, the connection is basically stable and sure. The second is more like pulse-firing packets of information and no guarantee is issued regarding their arrival.

A TCP/IP connection is assured using the handshake model. Simply put, your computer says hi, the server says hi back, and a connection is established, over which packets may be issued.

A typical web scenario

A packet of the internet features a coherent format, or protocol, so that the service running at other end can make sense of it. For example, an HTTP request can be a GET  or POST request.

eg. GET /index.html

To post information like say a form, a POST request is issued. For most part, you needn’t worry about being able to craft your own HTTP packets. HTML pages and browsers do the job well enough.

The server responds to this packet with a packet that contains HTML to display it’s output appropriately.

So what’s HTML?

HTML (or HyperText Markup Language) is a set of definitions followed by internet browsers to display interactive components. The Markup text is sent over an HTTP packet, which is interpreted by your browser. HTML provides support for Page Title, Page Stylesheet, JavaScripting, Body text, Division tags, Tables, Images, Buttons, Forms, Links, and such stuff that you see commonly.

There have been times when two or more browsers interpret HTML (especially with complicated CSS) differently. This is called as Cross-browser incompatibility and  it’s not unheard of. The latest version of HTML, HTML5, brings pure-HTML support for videos and such (stuff for which Macromedia Flash Player has been used for so far).

Also, what is PHP and CGI?

HTML pages are static. ie. there is no way for them to vary dynamically at runtime. For example, Facebook requires dynamic content, since it’s content varies from one user-login to another.

All popular Web-server applications which handle incoming HTTP packets today (like Apache HTTPD, or Microsoft IIS) support pre-response processing. The server executes code written in a language (typically a scripting language like PHP) and this language produces the HTML output that has to be sent back to the requesting IP.

This is simple to do. The web-server simply recognizes by file-extension what file needs to be run through PHP before sending (like .php files), and does so.

Noob question, but what’s a URL?

Funnily enough, most people misunderstand what URL (Uniform Resource Locator) is. The URL is simply a uniform text format that a server can map onto a file on it’s filesystem.

For eg. the server maps /index.html to /home/angad/apache/www/index.html and retrieves that file appropriately.

It suffices to say that just because a URL says http://mydomain.tld/view/article/this-is-my-article does NOT mean that this is the existing file-system path. The server may easily be mapping this to: /view.php?content=article&title=this-is-my-article

Now you are probably wondering what the above example meant. It’s simple, this is a convention followed to pass information/arguments to a PHP script using a GET request.

Hope that helps. If you liked this article, leave a comment and share it with your friends :)

hello, world

Posted: June 19, 2011 | Author: | Filed under: Uncategorized | Leave a comment »

Hello, if you came here looking for the old Wootify, it’s now been replaced with a journal of my thoughts and code managed by WordPress. Since the old Wootify wasn’t a revenue-project and had been lying dejected for the many past months in which I had been studying for my engineering entrances, I decided it wasn’t worth the effort to maintain the website. The website code was buggy as shit and being a pain to work with. It was made quite a few years ago, and I have (hopefully) learned so much more since then.

Follow

Get every new post delivered to your Inbox.

Join 153 other followers