Abusing HTTP Status Codes

Concerns over privacy online are an ever growing theme. Every day we see people complaining about the policies of facebook and the like. [Mike Cardwell] points out another method of gleaning a bit of personal data from you that you may not have seen yet. By embedding a hidden image or using some really simple javascript, he can tell if you are currently logged into Gmail, Twitter, Facebook, or Digg. While this could possibly be used for more nefarious things, he points out that you could also use it for customizing your website to better suit the experience of the browser. For example, if the “reader” is already logged into Gmail, you could have any email links automatically open a gmail instance instead of the local mail client.

Internet Controlled Remote

How often does this happen to you? You’re leaving on a long trip, and half way there you remember the TV was left on. Never? Alright then, how about wanting to control an Xbox 360 from within the other room and you don’t have the remote. Still a rare occurrence?

Perhaps you have a better situation where an internet controlled IR remote, that can be programmed to work with any TV or IR accepting device, would be useful. [Nicholas McClanahan] starts off with USB Propeller from Parallax, adds an Ethernet module making a mini server, and ends with an IR LED and receiver. The code is nearly as simple being a combination of SPIN, Html, and JavaScript. All coming together under a nice website GUI that prompts for what IR signals to send. To make the project even more straightforward, [Nicholas] has included an Instructable as well. In the end though, while the hack is great, we’re still trying to find a decent enough use. Video after the rift.

Continue reading “Internet Controlled Remote”

Web-enabled LED Pegboard

[Norm Santos] whipped up an LED light board that you can draw on through their web interface. We tried it out but unfortunately the live feed is currently offline. That doesn’t diminish our appreciation for the time-lapse build video after the break. Indeed it was a mountain of hot glueing and a couple of days of soldering. Our only beef is that for every LED on the board there are three empty peg holes. To us this is just begging to be augmented with blue, green, and white LEDs for a more spectacular result. What they have now encompases 350 LEDs managed by five microcontrollers, which took about two days to solder (for five people) and to hammer out some code. Continue reading “Web-enabled LED Pegboard”

SparkFun Kegerator Goes To Eleven

sparkfun-kegerator

It started with a simple need: keep tabs on SparkFun Electronics’ in-house kegerator so the beer won’t run out at inopportune times. But of course SparkFun and “simple need” make strange bedfellows…throw beer in the mix, and you know this can’t end well. The result, as you might imagine, reads like a who’s-who of electronics hackery buzzwords.

Arduino? Check. Custom PCB? Check. Web interface? Check. Twitter feed? Check.

They’ve assembled a nice build tutorial on how this all went together, including code, example circuits, an explanation of some of the sensors used, and links to other tutorials for such things as Twittering and persistent storage in EEPROM using Arduino. Not to mention the eye candy: a custom Arduino shield (solder mask and all), custom acrylic tap handle, custom SparkFun pint glasses. They never do anything halfway, do they?

Slowloris HTTP Denial Of Service

[RSnake] has developed a denial of service technique that can take down servers more effectively. Traditionally, performing a denial of service attack entailed sending thousands of requests to a server, these requests needlessly tie up resources until the server fails. This repetitive attack requires the requests to happen in quick succession, and is usually a distributed effort. However, [RSnake]’s new technique has a client open several HTTP sessions and keeps them open for as long as possible. Most servers are configured to handle only a set number of connections; the infinite sessions prevent legitimate requests from being handled, shutting down the site. This vulnerability is present on webservers that use threading, such as Apache.

A positive side effect of the hack is that the server does not crash, only the HTTP server is affected. His example perl implementation, slowloris, is able to take down an average website using only one computer. Once the attack stops, the website will come back online immediately.

Update: Reader [Motoma] sent in a python implementation of slowloris called pyloris

[photo: cutebreak]

Why I Hate Django

[youtube=http://www.youtube.com/watch?v=i6Fr65PFqfk]

[Cal Henderson] delivered a keynote titled Why I Hate Django at the first annual DjangoCon. Django is an open source BSD licensed web framework written in Python. Google has posted the keynote in its entirety to YouTube, which you can find embedded above. While the talk is humorous (and takes many jabs at Rails developers) it does provide insight into what makes a good web framework. [Cal] is Director of Engineering at Flickr and is an authority on how to make websites scale. He points out that most frameworks are designed to get projects off the ground quickly, but are lacking when it comes to building an even larger service. He talks about several things in Django that need work and improvements that could be made. It’s really an interesting look at what it takes to go big. Continue reading “Why I Hate Django”

Creating Web Applications For The IPhone

[Dominiek ter Heid] wanted to prototype an application for the iPhone that incorporated GPS. He experimented, and came up with a step-by-step tutorial on how to create a web application that would push GPS information to his iPhone through the use of JavaScript and AJAX. This tutorial will save web hackers who want to play with the iPhone 3G a lot of grief. Using Cocoa Touch, and a CSS/JavaScript pack called IUI, he successfully created a web application that looks native to the iPhone and is able to grab GPS information. The application integrates the GoogleMaps API with the GeoNames database. We look forward to seeing the types of creative applications that this prototype will inspire. What sort of web application would you want to create for the iPhone?

[via digg]