alamin ahmed: a typical geek 2.0

ideas.experiments.thoughts.life

home blog about me
twitter: aahmed753

Categories:

Im a PC and I am in steroid?

posted on: September 22, 2008 at 01:08 pm
tags: Microsoft PC

After two stupid episodes of Ads about nothing by Bill Gates and Seinfeld, Microsoft finally made few interesting and affective ads in their latest $300 million campaign. I actually love them!

NYC Subway Islamic Ad Campaign stirs controversy

posted on: August 2, 2008 at 09:31 pm
tags: islam

ICNA SUBWAY AD CAMPAIGN

The New York Chapter of Islamic Circle of North America and its 877-WHY-ISLAM project have launched a subway campaign hoping to promote better understanding of Islam, which has garnered quite a bit of media attention. Campaign is set to start from this September 15th for about a month.

Mockup Concept of Subway Campaign
concept design

CNN Interview with ICNA Representative: Islam on Subway


Crazy Driving in Saudi highway. Impossible!!

posted on: July 28, 2008 at 02:25 pm
tags: offbeat saudi driving


iPhone made Objective-C popular

posted on: July 25, 2008 at 06:35 am
tags: iphone objective-c iPhone SDK

Objective-C? most developer didn't even know that such programming language existed, which is the primary programming language used for Mac OS X programming. Other programmers looked at it, then then turned away from it's bizarre use of square brackets. Objective-C never really got much attention from developers, that is until now.

iPhone SDK has been long anticipated by developers. Now that it's in the wild, only way to actually use it, is through Objective-C. Considering impact of iPhone platform and it's market, many amateur and big guns are driving into iPhone developers program. Screwing head with Objective-C, which probably will erase your memory with Java, C++ or any other programming language you used to code.


iPhone is acting like Windows ME

posted on: July 24, 2008 at 10:40 am
tags: iphone iphone 2.0 Apple

Not allowing third-party software on iPhone was one of the biggest drawback and strength at the same time. Apple insisted that allowing door to thrid-party would instabilize the iPhone experience. Apple could've sworn that people be happy and satisfied with just the Phone, Internet Communicator and iPod. Who knew people would want to use iPhone as a tip calculator.

After using Mac for last two years, I almost forgot the that a computer can decide for itself to shutdown/restart/freeze when ever it wants. I forgot how often I used kicked my desktop tower, broke dozens of keyboards just out of frustrations. Well, it's all coming back to me now.

iPhone restarted on me more then 30 times since the upgrade of iPhone 2.0 and installing third-party software on it. Say hello to iPhone ME.

It seems to me that most of the problem is due to lack of memory management by these new amateur developers. Most of these new developers coming from programming languages that used to handle memory management (garbage collection) automatically. Even some one who developed for desktop Mac application, didn't need to care about memory leaking. And let me say from a developer point of view, memory management manually is not picnic.

Nevertheless, third-party software is a great thing that happened in iPhone version 2.0. Now I finally get to pay the waitress exactly 15% and take a break from iPhone while it restarts.


10 must-know guidelines for iphone web app developers

posted on: August 31, 2007 at 12:00 am
tags: web design iphone


I visited iPhone Tech Talks on 30th of August.  Initially I wasn't thrilled about it and didn't have much expectation .  However, I found the show to be very informative and fun.  I got to seat and chat with many developers who are actively working on lots of cool iPhone apps and services.

In the beginning of the show, they mentioned that we are in bidirectional NDA (Non Disclosure Agreement) contract.  I do not see any secretive information from Apple or iPhone's prospective, but Some developers had some interesting ideas which I'm not going to disclose.

There were bast information given in 5 hours lecture - from Developer's scenario to optimizing for iPhone and how iPhone's safari renders web pages. I tried to gather most of the valuable information and organized in category of guidelines.  Hope these helps!!

  1. Separation of contents:   
    1. Put all JavaScript on .js file and all styles on separate .css file.  
    2. Obvious explanation is for better coding and readability, but main advantage is that - this design practice improves loading speed on iPhone, specially on edge network.  This is because safari caches all css and js files when they are separate.
  2. Use Standards:  
    1. iPhone supports following standards: HTML 4.01, XHTML 1.0, DOM, CSS 2.1, some CS3, Javascript Ecmascript 3.  
    2. Does not support WML.  
    3. My tip, which they didn't mention but I think is good practice, is to use XHTML 1.0 Strict rules instead of HTML 4.01 and XHTML 1.0 Transitional.  This ensure most compatibility and speed of browser for rendering.
  3. Know the limitations:
    1. Resource limitations:
      1. 10MB for each text based files (each html, js, css).  This is huge, so I don't actually consider as limitation.
      2. 8MB for images such as tiff, gif, png
      3. 32MB for jpeg images.
      4. 2MB of animated gif. If the animated gif is larger, iPhone will simply show the first frame and won't animate.
      5. if a page is greater then 10MB, it may load, but would cut resources from any other open window, if available.
    2. Javascript limitations:
      1. as I mentioned 10MB file size.
      2. only 5 second of execute.  This is to ensure a script does not make the iPhone non responsive.  
        1. If the execute time is greater, it will through Exception.
        2. So put it on try catch block.
      3. Know that script maybe paused.  So when window is inactive your script is paused.  So javascript timer will not show accurate time when user leaves the safari or goes to different window.
    3. Plug-in limitations:
      1. No Java
      2. No Flash
      3. no SVG
    4. File System
      1. NO File System
      2. Upload button will be disabled and grayed out.
  4. Know what is supported: 
    1. Most of javascript functions, events are supported:
      1. window.open, target="_new", alert(), confirm(), prompt()
        1. even though alert, confirm and prompt are a bad way to send or receive information from users in real desktop browser, iPhone it's totally different case.  In fact it is encouraged.  The script window looks good and sexy.  Feels like real app window.
      2. Events:
        1. tap triggers onclick, onmousedown, onmouseup and onmousemove
        2. two finger triggers mousewheel
        3. all other events such as blur, focus, load, unload, reset, submit, change, abort are supported
        4. please note that you can not call blur or focus events using javascript.  But events will be fired when these events happens.
    2. Supported Files within web browser:
      1. Excel. Nicely converts to html and put separate sheets as tabs.
      2. Word.
      3. PDF. Does not support password protected files.
      4. Quicktime audio and video:
        1. H.264 base 2, 640x480 at 30fps
          1. Does NOT support B frames
        1. AAC-LC upto 48kHz
        2. mov, mp4, m4v, 3gp
        3. mpeg-4 part 2
      5. Canvas for animation and data driven content
        1. Canvas is now Standard
        2. Used to create all Mac OS Widget
        3. now supported by Opera, Firefox
        4. iPhone uses complete implementation
        5. iPhone's stock uses Canvas to animate and show data
    3. Built-in Fonts
      1. Ariel, Courier, Georgia, Trebuchet, Zapfino,Helvetica, Times, Verdana
  5. Scaling/Zooming and META tag:
    1. iPhone will scale a web page to 980x1091 first, then scale back to 320x480.  They use this technique for all web sites.
    2. iPhone looks for following meta tags for overriding default scaling:
        1. this will not scale at all and just render the page to 320 width
        1. initial-scale = 1 means 100%, 2 means 200% and so on.
      3. other values for contents
        1. user-scalable=yes/no
          1. if set to no, user can't pinch or zoom
        2. minimum-scale or maximum-scale
    3. Control zooming on every element of the HTML page
      1. use -webkit-text-size-adjust property to control zooming by double tapping to all html elements including div, table, body.
        1. -webki-text-size-adjust has following values:
          1. none: disable zooming
          2. auto: let Safari handle it
          3. %: set to a percentage
  6. Integrate with iPhone's app
    1. integrate with Google Map Application
      1. simply like using anchor with show me pizza!
      2. q parameter is for terms
    2. integrate with Phone App
      1. call us
    3. integrate with Mail App
      1. email me
  7. Understand iPhone's User Agent
    1. iPhone User Agents has following terms
      1. iPhone;U;CPU like Mac OS X;en 
      2. AppleWebKit/420 - gives WebKit version
      3. Version/3.0 -  3 for Safari 3 family
      4. Mobile/xxxx - iPhone Safari build number
      5. Safari
  8. Understand iPhone Safari's preference:
    1. This is important because developer needs to know that users can disable and enable some features from the iPhone's Setting.
      1. javascript can be turned off (on by default)
      2. pop-up block can be turned off
      3. cookies policy can be changed just like desktop Safari
  9. MISC. Tips:
    1. create rounded rectangle:
      1. user -webkit-border-radius css property to create nice rounded rectangle.
    2. create button or header
      1. user -webkit-border-image to create nice headers and buttons
    3. user javascript frameworks
      1. iUi (praised by the staffs)
      2. YUI (Yahoo library)
      3. dojo
      4. prototype
      5. JQuery
    4. use CS3 media query to detect iPhone when including css files
      1. iPhone returns "screen" and width value
    5. turn on server-side compression
      1. this alone can save up-to 50% of download time.
  10. DEBUGGING
    1. Turn on developer's menu for safari,learn how.
    2. Download nightly build Webkit which includes excellent and extended "Inspect Element" tool.  http://webkit.org/
    3. User Drosera (comes with nightly build webkit for only for Mac)  for debugging Javascript.

5-ways to prevent comment spamming

posted on: August 12, 2007 at 01:27 am
tags: html

Spamming? What Spamming??
These days, whether you are blogging or running a business website, form submission spamming has become on of the primary issue of concern and frustration. Form submission spamming usually happens if you have commenting feature on your website. Spammers like to use this opportunity to promote their website and most importantly hoping to get higher rank in search engines. Im sure most of web developers/webmasters has gone through nightmare(s) when you found dozens of v1agra (you know what i mean) related links floating around your website posts.

Form submission some times occurs on your membership registration form as well, people attempting to create multiple accounts instantly. And if you have content submission features, such as Digg, Reddit or other social network relying on user submitted contents, then you have another form submissions to worry about.

Prevention is better then cure.
In deed it is. There are many ways you can prevent most of these spammers. It is hard to stop hackers entirely, but these methods should make attackers life bit difficult and have them find another nest to play around with.

I have prepared to write about 3 ways (out of many) you can prevent form submission spam. You can implement them individually or combine them with any combination you want to add even greater security based on your need. These 3 methods are:
1. Post Hash Authentication
2. Hidden Text field Mechanism
3. CAPTCHA

[Please note, all these are programming language independent concepts, but I will be using php to demonstrate some code when necessary.]

POST HASH AUTHENTICATION:
This method relies on renewed hash code for authentication. So every time your page is loaded, a unique hash code is created by your server and put it on session value, which then need to be passed by form on every submission. Therefore, upon form submission the server can verify the passed hash code with session hash code for validity. And the trick is that, after validating, server has to destroy the hash right away and start looking for another one, a different one. This is very easy to implement.

//check if form submission occurred
if((count($_POST)) {
if(!isset($_POST['posthash'] && ($_SESSION['posthash'] != $_POST['posthash'])) {
die('unauthorized request.');
} else {
$_SESSION['posthash'] = ""; // removing current code
}
}

// right after check we want to regenerate post hash, regardless if form was submitted or not
// actual hash value can be simply md5(current time in nano second)
define("POSTHASH", md5(time())); // making it constant for global access across your web application.
$_SESSION['POSTHASH'];

These codes should be on the top of each page (save it in separate file and include in every page).
In your HTML form, you need to add special hidden field and supply this code

<form ...>
...
<input type='hidden' name='posthash' value='<?php echo POSTHASH ?>' />
</form>

This method will also prevent users from spamming by refreshing browser for multiple submission, since POST variable will hold previous hash and therefore will be rejected.

Hidden Text field Mechanism:
This method is based on a blog that I came up across. Concept is very cheap, but extremely powerful to fool most of spam bots (no bender, it's not fambot).
This is how it works. You simply add a text field in your form and hide it's "visibility" from the users. The idea is that users will not see the text field there for it will stay blank. But, most of the spamming bots attempts to fill all the text fields they find in the form before submitting. So a simple conditional check, whether or not hidden text field has value or not, can give you clue if this is a spamming or not.

<form ...>
...
<div class='special-field'><label>Enter your Middle name:</label> <input type='text' name='middlename' value='' /></div>
...
</form>

In your CSS code, you need to set 'special-field' display to 'none'. This way users will not see the label and text field, but still will be visible in the HTML code which is used by spammers.

In your server script, all you have to do is check if 'middlename' field has value or not:

if(!empty($_POST['middlename'])) {
die('unauthorized request');
}


CAPTCHA:
This method is used most widely and most effective way of preventing users from spamming. CAPTCHA is almost like POST HASH concept, only addition is that instead of putting the hash value (or the captcha code) in hidden field automatically, a human user needs to read it of distorted image and enter it him/herself. Therefore this gives you highest level of prevention from Spamming.
There are many free and effective CAPTCHA codes and class files with tutorials floating around the web, so I will not go in detail here.

Lots of developers does not like to include CAPTCHA mechanism because it puts little bit burden on genuine users and can discourage them from posting comment or even registering.

Conclusion:
There are many ways one can attempt to prevent from form submission. These three I found to be useful. However, as I mentioned earlier, ti is not possible to entirely block hackers from doing what they do best. You constantly have to modify your code, provide additional security as your site gets more and more popular.

Please share your tips and tricks, comments, suggestions.
[PS, I am only using Hidden Text field mechanism on this site, I hope some one can start spamming me so I can push laziness out and implement other once :)]

copyright© 2008 alaminahmed.com || powered by me!