Blog
Words about design, the industry, and everything in between.

Hacking UTwente’s PeoplePages

Posted on

As a future CreaTe student at the University of Twente, I wanted to get in touch with a particular professor. Their website, PeoplePages, uses a RESTful API for AJAX requests to search for university staff, so I decided to add everyone to my contacts. (Also makes sending LinkedIn requests to everyone much easier.) See how I did it and how they could improve their security, so others can’t.

Continue Reading →

Life Update: College

Posted on

Just a little bit of background about my college “situation”: I graduated from highschool in April 2016 and joined the Unitedworld Institute of Design (UID) in Ahmedabad, Gujarat, after working at the Government of Delhi for a month. UID was an excellent college for people who want to study design using the fundamentals of art. I’ll push in an update if I decide to join a program.

Continue Reading →

The Defence for MD5

Posted on

A few days ago, I tried to reset my password on PR.com, the press releases website. I entered my email, and they sent me the username and password in plain text. That’s right, in plain text.

The problem with this method of password storage is that if anyone gets access to your database, they can literally just see the passwords. This is why hashing is used, which converts the plain text password to an encrypted “hashed” version that is, in an ideal world, undecryptable. The problem with this hashing is really about how hashing fundamentally works: collisions are not uncommon, i.e., multiple strings could have the same hashed string.

Continue Reading →

Tokens for Authentication

Posted on

Something that I’ve started experimenting recently with is token-based authentication. Since I’ve been using more JavaScript and less PHP, I figured I can try using tokens in a RESTful API instead of sessions on the server. Instead of using a framework like OAuth (which I highly recommend using), I tried to recreate the token process. This is what I came up with.

This is usually how the process works: A user logs in, and a token is generated. The token is stored on the client (usually in a session, lately also as a local storage object). Then, to call an API, the view also sends the token. The server checks the integrity of the token and returns the relevant response. Each token contains a “private key” of sorts that only the server could’ve created. JWT does this really well. My way includes a hashed username and timestamp.

Continue Reading →

URL Shortener Length

Posted on

I made a small URL shortener for Oswald at osw.li in an hour using PHP and MySQL, but I want to learn the MEAN stack, so I thought that this could be a fun starter project. One interesting decision was to decide how many characters the shortened URL’s slug be.

There can be 64 possible characters: A to Z, a to z, 0 to 9, – and _. Even if we make a 3-digit slug, there can be 64^3 = 262,144 possible URLs, which is a big number. The trouble happens with collisions, though. After how many URLs would a pseudorandom generator have repetition? I wrote some JavaScript to find out.

Continue Reading →

Machine Learning in Six Lines

Posted on

I’ve only very recently started experimenting with Machine Learning, but Python has made is super simple. First, set up an scikit-learn environment (I used Anaconda) and import the decision tree classifier and import tree from sklearn. Compile this python script, and, if there are no errors, we have our environment set up. Now let’s get some data. In the following, we’re using two one-dimensional arrays for features and labels. Consider a phone app where we save the names of contacts I called, corresponding to the time when I called them.

Continue Reading →