software.dev

I forgot to post about the gadgets after the contest deadline was over!

I ended up submitting two gadgets — one I called ‘Hangman 2.0′, in two Web 2.0 spirit. The other I called ‘Flippr’; it’s a flash-card app that allows you to add / remove cards, and then test your knowledge. Saving is supported by exported XML.

Flippr

Hangman 2.0
You can give the Gadgets a try if you’d like with the links above.

Hangman 2.0: This was the first gadget I did. The idea was that I often find the online Hangman apps boring. Usually they use super intellectual words or categories I don’t care about. Wouldn’t it be cool, I thought, if *I* could pick the category, and get a random word from it? And what better way to accomplish this then Google. I tried a few techniques for generating the word list, but I eventually settled on using Google to find the appropriate Wikipedia entry for a category, and scraping the entry for words. I sorted the words based on their frequency, and after removing a bunch of common words like ‘the’, ‘and’, etc… I randomly pick one of the top 30 or so. The result is pretty good; occasionally you’ll get a poor word, but most of the time it’s pretty fun. I also did some original pixel art to add a little flavor to the game, instead of the traditional hangman’s noose.

Flippr: I worked on this gadget second. I’ve never really had a chance to use flash cards for any class because in most engineering classes, flash cards wouldn’t help. However, I’m taking an econ class this quarter for GE credit, so I decided flash cards might help out. Flippr is pretty simple: basically you create a new ‘deck’, and then you can add, view, and remove cards from your deck. Once you’re finished with that, there is a ‘test’ option, where you can go through your deck, read each card and then FLIP (hence the name) to see if you know what the term or idea means. All in all, I’m happy with this turned out, though I wasn’t able to get the XML loading working in IE.

On a sad note, I got the Google rejection letter five days after I applied without a phone screen; if I wasn’t going to make it, I was hoping to get cut at AT LEAST the phone screen; but so much for that Then today I got another rejection, this time from Microsoft (I got cut after an on-campus interview). My GPA (3.4ish) isn’t horrible, but if I end up flipping burgers, I’ll have a long time to think about what happened.

Life is good!

Second gadget has been underway, and Google’s deadline extention is exactly what I needed for this busy week. Between midterms and GRE’s, I have my hands full.

While my first app is addictive my second one is useful. I’m really excited about Gadget #2. Not only is it useful in general, but it’s specifically useful for the college student, which is kind of the ‘theme’ of this contest. That being said, I could see it being useful to others as well. Overall though, I’m just really pumped up about this contest. I think I’d just about explode if I won any of the categories

Got a ton done on the Gadget today and I’m feeling like tonight is the night to submit it. I put a lot of finishing touches on a few minutes ago, and things I believe all the functionality is in place. I had a small hiccup with IE compatability issues, but I managed to take care of those fairly easily. I’m pretty impressed that I got this much done, this quickly. I spent Thursday, Friday, and Saturday — only working on it. That’s probably one of my best qualities, I think — persistence. I don’t give up easily when a deadline is approaching.  The end result is refreshing and VERY cool (I’m a bit biased)

So what does all this mean? Time to start on Gadget #2! I don’t know if I’ll have time with a midterm coming up, but I’m going to do my best. I’m not completely settled on a second idea at this point, but I’m kicking around an idea, trying to see if it’s viable. Time will tell what I come up with.

Looks like Flash is going on hold for the next week or so.  After attending the Google info night at school, I found out about the Google Awards competition.  First things first — the Google night is just another reminder of what you’re up against, if you want to work at Google.  My roomate and I got there an hour early and were among the first to arrive but by the time the thing started, there was standing room only.

And then it hit me.  Google Gadget Awards.  What better way to stand out from potential candidates then to play Google’s game.  Show them you have good ideas, and take a concept from just a thought to completion.  So with a week left, I began work on a Google Gadget for submission.  I don’t even know if there are prizes or anything, but what I’m really interested in is Google’s eye   When I’m applying for a job and whatnot and they inevitably google ‘Eric Farraro’, how cool would it be if it came up saying I had won one of their contests?  This particular contest is only open university students, so I figure if I did well, I could put UC Davis on the map too and bring in even more recruiters.

Totally energized coming out of the Google info night, I wrote down about ten to twenty ideas (which I can’t share yet, but I will!)  I settled on one that I’m currently working on.  The contest has been going on since August, but I’m going to have to compress those several months into one week.  Actually, I’m planning to submit TWO gadgets if time allows.  It’s definitely a learning process.  I’m decent with Javascript but no expert, and that’s primarily what you need to write the web gadgets.

The contest ends November 1st, so I’ll be busy working on this until then.  I’ll be sure to post the gadget here on this page once contest has over.  The funny thing is, I’ve known about gadgets for along time, but I’ve always been too lazy to work on one.  But throw the word ‘contest’ in there, and that really gets the blood going.  I love competing in events that I can do well in, and it’s a strong motivator.  The idea that I could get my name into the hands of the right people doing something I love doing drives me to get this done.
If anyone from Google reads this, talk to me!

Back to work!

If any DIGGers read this, the reason I linked to this blog is because as far as I can tell, I’m the only person to ever come across this; there isn’t any other site to link to.

DIGG this article

For ADD readers, you can try out the ‘new Gmail Plus service’ here: http://www.google.com/u/gplus. Article follows below:

Yesterday I mentioned that I had discovered an exploit in a little known service from a major web company. It turns out that that exploit is in a little known service called ‘Google Public Service Search’. This service is meant for universities or other non-profit organizations to add a ‘Google’ search to their website. It differs from the other free Google site search in that it allows you to customize the header and footer of the search results page. It’s interesting to note that the code for your header and footer is actually hosted by Google, on their server.

I actually found this site when asked to add a Google search to one of the pages at work. One problem that people had with the default behavior is that while you can customize the initial search box to your heart’s consent, the search box that appears on the results page is off-limits. This was a problem, because people had asked for the radio buttons say specific things, instead of the default ‘WWW’ and ’some other domain’. I pondered how I could get around this, just out of curiosity (though I suspect this would violate the ToS ) and tried a simple Javascript alert. Sure enough, when I ‘previewed’ the page, the script was executed. Interesting…

I began to use Javascript to modify the DOM, allowing me to change the search box on the results page. Then I had another idea… I knew that my header was rendered first, then Google’s results, then the footer. I decided to encapsulate the Google search results by placing them in a DIV tag, then closed the DIV tag in the bottom. Right after that, in the footer, I used the Javascript ‘document.getElementById(divID).innerHTML’ property, and essentially, hid all of Google’s search results. I realized that I had created a blank slate, hosted at a Google.com address.

Though this was certainly impressive to me, it would not get the attention of anyone. Most people I know, when I show them I can execute a Javascript alert say “So?”. I decided to up the ante a bit and create a new ‘Google service’, modelled heavily after Gmail, but offering new features. After the Javascript in the footer, I added all of the HTML I needed to render a completely new page, of my choosing. I chose to use a modified version of the Google homepage. For the login form, I directed the user’s input to my server, which simply alerts them that they have been ’scammed’, but reassures them that no information was stolen — I just echo the user’s username and password that they entered.

Similar ‘phishing’ sites could be set up at ANY URL. What makes this type of exploit so insidious is that most people would consider the URL to be safe: http://www.google.com/u/gplus. While Google has suffered from similar attacks in the past, most of them have had suspicious URLs, at least to the advanced user. Using the exploit in this service, a malicious attacker could launch phishing sites that even advanced users could fall for.

Just as a sidenote, the URL of this service always has the form: http://www.google.com/u/something. ‘/something’ can really be anything you want (alphanumeric only, I believe).

The day after I found the exploit, I emailed security@google.com and got a response saying they would follow up with me later. They immediately took down the login page for the service as you can see here: https://services.google.com/publicservice/login. The site has been down since then.

My initial idea was that Google could simply remove script from the headers and footers; however, as my coworker pointed out, you could achieve a similar effect using the CSS ‘hidden’ (I think?) property on the DIV, and not use Javascript at all. It should be interesting to see how Google fixes this issue.