QBurst

Who wouldn’t want to trigger their sixth sense, if it is as easy as wearing a pendant around your neck? With this ground breaking invention from Massachusetts Institute of Technology you can do just that if you are willing to spend a meager $350. Soon you will check emails on your palm or a nearby wall, show pictures to your friend standing next you in a crowded street or take snaps with your bare hands.

The project pet named “Sixthsense” is the brain child of Pranav Mistry an Indian Grad student at MIT and his project guide Pattie Maes, at MIT Media Lab. In Pranav’s words “‘SixthSense’ is a wearable gestural interface that augments the physical world around us with digital information and lets us use natural hand gestures to interact with that information”.

How does it work?

A miniature camera captures your hand gestures that are communicated wirelessly to your mobile phone, which in turn processes your signals and connects to the internet. A small, but powerful projector will project the results back, which are reflected by a mirror to any opaque surface. In short, the hardware consists of a pocket projector, a mirror and a camera all compressed into a wearable pendant. Simple! The software mostly tracks the user’s gestures using computer-vision based algorithms.

At the recent TED India conference held in Mysore in November 4 – 7, Pranav announced his desire to open-source his project.  Mistry pays tribute to his architect dad for his innovative spirit.

Read more about Mistry and his revolutionary project here and in this article that appeared yesterday (Nov 8, 2009) in The Hindu.

Did you ever wish that keeping up with all your favorite websites was as easy as checking into your email? Or that somebody would keep an eye on the Internet for your sake, choosing interesting stuff and placing it where you can find them easily?

Too incredible to be true, right? But that’s exactly what Google Reader does.

Google Reader was introduced way back in 2005, graduating from beta status in 2007.

For anyone who is not yet familiar with Google Reader, and given that RSS feeds are more extensively used, let me explain……

Google Reader is a web-based aggregator that is capable of reading all RSS feeds that you have subscribed to, so that you can  access them all in one place. Google Reader lets you know each time your favorite websites are updated. You can then, if required, organize feeds into folders, label them, and share the most interesting posts with your friends.

Google Reader is located on the Web at reader.google.com. You can access Google Reader using your Google Account.

Let’s now take a quick look at some of the main features that Google Reader has to offer: (more…)

“Future is Web” is a phrase we have been hearing for a few years now. And the latest talk on web is the web OS! But on second thoughts, does the web have enough power to replace the feature and flexibility that an OS provides? To mimic the operations of an operating system, we have Java, Flash, Silverlight and similar things. None of these are capable of doing some of the basic features that an OS provides. The basic functionalities that an OS requires like memory and process management, are alien to web applications. The delay in I/O is another key factor which restricts the further development of a web OS. So a pure web OS is a distant future.

The giant has already made promises of a pure web based OS. Yes, I am talking about Google Chrome OS which is in development now. By studying the latest products from Google, it won’t be anything bigger than an Android in better shape. Android which is a purely web oriented OS for mobile phones may be tweaked to an extent where it can be used in low power portable computers, or precisely – Netbooks. But the key point to be noted here is that, Chrome will be a web ‘based’ OS, not an OS in the web. So what will be a pure web OS? And why should one need it?

Mobility is the first advantage of having a pure web OS. Resource sharing and low cost end user hardware is another one. Consider having an entire OS in web, which will handle all the heavy tasks for you and all you need is a cheap, low end, web enabled notebook or netbook which is powerful enough to just run a browser. In short, you can encode an HD video even with a mobile phone! Interesting, isn’t it? Of course it is but the concept is very old and yet to become a reality. A few attempts have been made towards this end and the result was web applications like Google docs and Adobe’s online Photoshop. The interoperability of these online applications is essential for a web OS. No one will like to process a file in one application, download it and upload it to another application. It will be a fair job if these applications can send files/data to each other. It will be much better if both applications have access to a common online storage just like we have hard disks in our PC. And finally, it has to be free and open source! Before someone creates a perfect web OS, let’s take a look at something close to it. The eyeOS – an OS in a browser window, which is the Project of the Month in Sourceforge.

eyeOS is an attempt towards the perfect Web OS. “Open Source Cloud Desktop” is what they call it. You will have all your essential applications, a storage system and a desktop to integrate it all. eyeOS doesn’t look like a web page even though it’s inside the browser window. eyeOS package can be installed in your own server and you can allow other users to sign up and use it. The process is straightforward and simple as installing a WordPress blog. The wizard driven installation won’t take much time and soon you will be provided with a login window as in normal OS. Once you pass this screen, you will take a couple of seconds to realize that what you are looking at is actually a web page inside a browser window. I was confused whether it was my Linux desktop; it has everything that a normal desktop should have. A task pane, notification area, desktop with changeable wallpapers and themes, games, application menu and everything that you won’t expect in a web page. It even has a browser and a task manager which lists the running processes like Windows Task Manager. The default installation comes with a handful of applications which can be further extended using a package manager like in most Linux distros. There is already a large pool of applications available for eyeOS. And all this is written in PHP and XML! Yes, eyeOS is a PHP application which runs on Apache server and doesn’t need a database. Instead of a database it relies on XML files. This is primarily for making the installation simple for the end user as all they would need to set up an eyeOS server is to enter account information for the first user. Flat files are used to avoid bottlenecks on data fetching. Core parts of eyeOS runs as independent applications and uses Javascript to send server commands. The UI is fast even on a 512kbps connection.

eyeOS is being developed by a company based in Barcelona and it’s currently in the 4th year of development. They also provide a tool kit with which we can develop cloud applications easily. A reasonably good wiki page, including a “Hello World application” is present to provide a walk-through towards eyeOS application development. Anyone fluent with PHP and Javascript can start writing applications for eyeOS without any further learning curve. You can try it out at their demo server : eyeos.info or get your copy of eyeOS package from here.

eyeOS may not be mature enough to host anything serious, but it is proof on how far a web application can go!

Almost a year back (Aug 15^th, ’08, to be precise), AUTOMATTIC released WordPress 2.6.1 fixing over 60 bugs. Also the version featured with the introduction of ‘right to left’ typing for Hebrew and Farsi language administrators. In a very short period of time (may be around one month), the company alerted 2.6.1 version users of security holes in using the same. Here, in this small article, we are going to analyze those vulnerabilities that made AUTOMATTIC release an upgrade for WordPress version 2.6.1 so soon.

Ok, let’s be clear and to the point. The problem is created by the nature of:

1.    mt_rand () function of PHP and

2.    the truncation method that MySQL adopts

mt_rand ():

PHP has two random number generating functions: rand (), mt_rand (). The former uses GNU C library and the latter uses Mersenne Twister algorithm. Mersenne Twister algorithm was created by Takuji Nishimura and Makoto Matsumoto of Japan. mt_rand () is predominantly used in most of the PHP applications and most importantly, WordPress 2.6.1 uses it.

Normally a seed is used to initiate the generation of random numbers. If it is possible to determine that seed, we will be able to generate the same sequence for any number of times. In other words, we will be able to hack the working of random generation. Seed can be determined using a lookup. Now, once the seed is found, anyone can generate the sequence that the application generates. If you want to know how this is possible, you got to learn random number generation in PHP or there’s an alternative: bow to the fact that it is the nature of mt_rand () function.

Now, make a request for admin password which would send an activation link to the actual admin. But since we have the seed, we will be able to calculate the same activation link by enabling Keep Alive HTTP request.  Activating this link and using a different email ID in the form will allow creation of a new WordPress admin password and thereby complete control.

MySQL Truncation:

Let’s see the next one. When the string input given in a query is longer than the defined maximum length, MySQL, by default, truncates the string to the defined maximum length. For example, if the maximum value of the string column is defined to be 8 then, the input value, “qburst_expressions” will be truncated to “qburst_e”. There will be a warning displayed but, applications are normally not configured to handle those warnings. And importantly, WordPress version 2.6.1 was not.

Suppose I know the WordPress admin name, (let’s say, “godfrey”) and the maximum length of the username in MySQL is set as 32. When I register as a new user with the same name “godfrey”, obviously, MySQL will return an error as there already exists an username godfrey. Now, I try with “godfrey   “(with 2 spaces after the name), MySQL will truncate the string to “godfrey” and again return an error due to the same reason. Suppose I try with “godfrey                         g” (with 25 spaces between godfrey and g) then MySQL will not be able to identify a similar username and also truncate the name to “godfrey” to be inserted into the database column. This happen because the username exceeds the defined maximum length of 32 and the system will not be able to find a match in the database. Now we have 2 admin usernames in the table. This is sufficient to pass the validation and gain access to the password of the original admin, thereby complete control.

These holes in security made AUTOMATTIC to work on an upgrade at the earliest. And the next release fixed all these errors. So if you are planning to use WordPress, make sure you use the latest version and remain safe. WordPress 2.8.4 is available for download now. It is the latest stable version of WordPress according to the AUTOMATTIC’s last release.

Articles on Google waves is flooding the web, trying to bring out a deeper understanding on this wave renaissance. There is so much of expectation generated now as people are anxiously looking forward to get their hands on it. With the little information revealed by Google, let us try to figure out something more on how this is going to work. In Google wave 1 we discussed about Google waves as a product. This time let us view Google waves in the perspective of a developer, that is, Google waves as a platform.

What is a platform?

Platform in software realms can be understood as an entity on which software can be made to function. A platform provider will provide APIs (Application Programming Interface) for software to be developed in his platform. Let’s take a few examples: Java, the product of Sun Microsystems serves as a platform and it comes with APIs like AWT, JDBC, JMF and so on. These APIs are also provided by Sun Microsystems. Apple Inc, owner of iphone had APIs confidential until October 2008 when the company open sourced and made it license free to develop software applications to be run on iphone. Lately, there is facebook API which is both powerful and popular.

What about Google API?

Google has promised to come up with a public API which can be used by any developer to create applications that run on the wave platform. There are 2 ways by which a developer can make his presence felt in Google waves. The first method is by building robots or creating gadgets. The other method is by embedding waves on third party websites. Let’s try to get some insight on these new terminologies.

Robots, Gadgets and Embed API

Robots are automated participants in a wave. Remember the robot in ‘Lost in Space’. It is a similar kind of simulation except that these robots will function inside the computer. A robot created inside a wave will be able to read, modify and delete blips and wavelets. A wavelet is a smaller wave that is resident inside a wave and a blip resides inside a wavelet. The diagram below will give you better picture.

The developer can create robots and perform interactive operations within a wave. What are the interactive operations? Well, that is left to the creativity of the developer. Learn more about robots here. Wave Gadgets are similar to the ordinary gadgets in its mechanism to get embedded as third party development applications. But there is more offered. A wave gadget can function within a live wave. An example Google gives to explain this is one which lets participants of a wave to vote on where to go for lunch. Learn more about gadgets here.

The second method using Embed API enables to bring waves into third party websites. There will be simultaneous updates in websites as and when an update is made inside a wave. Google has already come up with a few embeds. ‘You tube playlist discuss’ is one among them and is sure to gain so much popularity.  Learn more about embed APIs here.

As Facebook is dominating now with so much integration, it is certain that we can expect even more from Google waves. So if you are a developer, be informed about what is going on in Google waves and get ready to play with the tools as soon as you get them.

Links for further study:

http://code.google.com/apis/wave/

http://googlewavedev.blogspot.com/

In response to Google Chrome OS, Microsoft has announced that the new version of MS Office, which is expected to hit markets by 2010, will feature online collaboration. This dramatic announcement was made at the partner conference in New Orleans.

The new generation office suite will enable users to access their documents online with co-authoring capabilities. PowerPoint will be streamlined with video and picture capabilities which will revolutionize presentations.

Though Microsoft is coming up with online capabilities for Office, they don’t have the intention to provide comprehensive online access, which they think can scale down their business. This won’t be a great concern for Google Docs, as they are providing comprehensive access to users. Google considers it as a weaker reply for the Google Chrome OS, which is the core of Microsoft’s business.

In its endeavor to be the leader on the software space, Google Inc has announced its foray into the manufacture of Operating System, with its maiden project named ‘Google Chrome OS‘. Google has already locked its horns with Microsoft on numerous projects and the present one will intensify the competition. Being the 90% market shareholder of the OS market, it will be interesting to see how Microsoft reacts to this concern. Since Google believes on Open Source concept, if the Chrome OS project is rolled out successfully, then it will revolutionize the entire PC, Laptop and OS markets.

In its official blog, Google explains more about Chrome OS, which aims the Netbook market initially. Google Chrome OS is expected to hit the market by the second half of 2010.

WhatWG (Web Hypertext Application Technology Working Group) was formed in 2004 with focus on HTML and APIs for web applications.  Specification document for HTML 5.0 is in progress.  The document gets updated on a regular basis.  Check out the document at http://dev.w3.org/html5/spec/Overview.html.  Getting our head into the document is tedious and cannot be made to fit into one page.  So here we will glance over a few new elements to get a picture of how HTML 5.0 is going to be.

Div Element

Header, footer, nav, aside, article and section are new elements that will replace div.  The complexities of div have paved way for these elements.  Instead of having so many div tags inside the code, HTML 5 gives the capability to use separate element for each purpose.  During modifications, identifying a particular portion thus becomes easy. These two snapshots will give an idea of how the simplification is going to work.

Audio Video Elements

Recently, audio and video have mass migrated to Internet.  HTML 5 provides the ability to treat audio and video as web pages without the need for plug-ins to play them. That is, audio and video will be natively supported by the HTML 5 compliant browsers.  The debate on whether to use a standard format or to support all formats is still on.  These elements are expected to contain textual content for every video, audio brought in the web page.  Such a provision will enable information to be conveyed through non-supportive browsers.  Internet users with debilities will also have the accessibility to web content.  Here is a lookup.

<audio src=”Martinluther.mp3″>

<p>I am happy to join with you today in what will go down in history as the greatest demonstration for freedom in the history of our nation.</p>

…</audio>

Few More Elements

Time element will help browsers,  search engines and web crawlers identify time from web pages.  Images are brought through the figure element.  Captions of the image are always associated with the image.  This will allow the user agents to understand more about the image.  Dialog is a another new element and it comes up with 2 sub tags: dt, dd.  dt will indicate the speaker and dd will indicate the dialog.  Here is an example:

<dialog>

<dt>Fay</dt>

<dd>Jerry, could you show me how to hold the racket?</dd>

<dt>Jerry</dt>

<dd>Sure Fay, it’s just like shaking hands. Hold your hand out as though you were going to shake my hand… </dd>

<dt>Fay</dt>

<dd>Do you mean like this?</dd>

<dt>Jerry</dt>

<dd>Right, like that. Then put the racket in your hand, like this. </dd>

</dialog>

There is more in HTML 5.  Seeing by the way developers are contributing to its specification, we can sure expect fascinating behaviors in web pages soon. Most importantly, you can contribute too. Here’s how:

Subscribe to the WhatWG mailing list: http://www.whatwg.org/mailing-list

Participate in discussions: http://forums.whatwg.org/

Comment and post blogs: http://blog.whatwg.org/

Links to articles on HTML 5:

http://radar.oreilly.com/2009/05/google-bets-big-on-html-5.html

http://www.webmonkey.com/blog/How_HTML_5_Is_Already_Changing_the_Web

Why do we have to live with divides between different types of communication – email versus chat, or conversations versus documents?

Could a single communications model span all or most of the systems in use on the web today,  in one smooth continuum? How simple could we make it?

What if we tried designing a communications system that took advantage of computers’ current abilities, rather than imitating non-electronic forms?

Tough questions! These questions have paved way for Google Wave. Jens Rasmussen and Lars Rasmussen wrestled over these questions since 2004. These geeks were the inventors of Google Maps and now they are ready to unleash Google Wave into the Internet. Google Wave comes in 3 layers. The product, platform and the protocol. Here, we will discuss Google Wave as a product.

Google describes Wave as “Equal parts conversation and document”. It is the next generation of e-mail. A Wave contains a complete thread of message saved in a common server. When this Wave is shared with other users, they can also get into edit mode. The interesting feature is that when a person is editing the wave, others will be able to see the edit process almost letter by letter. So this means that all of them will be able to collaborate in a wave almost instantly. Waves come with a rich text editor and several other functions that will enable the users to work on text, images, videos, maps and many more. Whenever a change is made on a wave, all the collaborators are notified. The complete history is stored within the wave.

Here is a screenshot provided by Google that gives us a first look.

Waves can therefore serve as e-mail and chat. It will work similar to wikis. The next layer ‘platform’ provides various APIs enabling waves to become a place where a group of people can work together to prepare documents, plan events, hold discussions, play games, etc. We will discuss about them in the next section.

Drupal is one of the most popular content management system (CMS) used in web development. It is also called content management framework for it enables developers to extend and implement custom content management solutions. Drupal is written in PHP with MySQL as backend.

With Drupal, it is possible to develop and manage blogs, websites, portals, forums, e-commerce sites, social networking sites and many more. A few examples of popular websites developed using Drupal are www.labs.sonyericsson.com, www.jacksonville.com, www.nysenate.gov.

CMS like Joomla, Plone, WordPress are also existent in the market but the features available in the core Drupal and its extendibility makes Drupal stand in front of its competitors. SEO is better achieved through Drupal. It also provides a number of themes and modules to choose from. Integration of various technologies with Drupal extends its capability further. Apache Solr integration is a recent accomplishment. It is done through the Apache Solr Integration module.

Drupal administration has four main components. Content management enables to manage the website content. Site building controls look and feel of the site. Custom modules and themes help extend the ability of Drupal by not restricting to the available options in core module. Roles and permissions are created in the user management section for managing access rights to different users.

The Drupal presentation is available on Slideshare.