innerHTML allocation size overflow crashes some browsers

[Posted off Full Disclosure]


If we try to consume more memory than available by constructing a long
string, most browsers seem to handle this gracefully. For example,
Firefox logs an "allocation size overflow" error in the JavaScript
console for the following code:

var a = 'a'
for (var i = 0; i < 100; i++) {
   a += a
}

Example web page: http://susam.in/lab/allocation-size-overflow/var/

However, if we try to do a similar thing with the innerHTML property
of an HTML element, some browsers crash. For me, Firefox 5.0 on
Windows XP crashed for the following code but Iceweasel 6.0 on Debian
(Wheezy) and Chrome 13 on Windows as well as Chrome 12 on Debian
didn't. For some of my friends, Chrome crashed but Firefox didn't.

var a = document.getElementById('foo') // There is a div element with
id="foo" present in the page.
for (i = 0; i < 100; i++) {
   a.innerHTML += a.innerHTML;
}

Example web page:
http://susam.in/lab/allocation-size-overflow/innerhtml/ (This might
crash your browser.)

FOSS GUI File Downloader

Application: Multiget

What it is

MultiGet is an easy-to-use GUI file downloader.It's programmed in C++ and has a GUI based on wxWidgets. It supports HTTP/FTPprotocols which covers the requirements of most users. It supports multi-taskwith multi-thread on multi-server. It supports resuming downloads if the Webserver supports it, and if you like, you can reconfig the thread numberwithout stopping the current task. It's also support SOCKS 4,4a,5 proxy, ftpproxy, http proxy.

More Feature:

It also support a feature called P2SP, or in other words, get file from
multiple servers, and combine the data from different site into one file. This
makes downloads complete much faster.

MultiGet also supports switching language dynamically, you can choose Chinese
or English interface.  Generally it will automatic choose a proper language
for you.

To know more about:

http://multiget.sourceforge.net/

To install in Ubuntu:

sudo apt-get install multiget

Using TTYtter to Tweet from command Line

Its soo cool, i can use twitter right from my terminal. I have SSH'ed to cjb.net server and using this tool from there.

Install this tool to access twitter from the terminal in Linux
http://www.floodgap.com/software/ttytter/

Adobe Flash Plugin vs 64bit Linux Distro

I cant play flash videos on Linux Mint 10 64bit. Don't know about other Linux users but I am really really frustrated with the problem , I cant view youtube videos mainly which i do view quiet frequently.

I asked folks at mint irc channel #linuxmint-help but everyone kept giving me the same advice i had already tried many times.

• Install mint-flasplugin-x64 via package manager.
• Install flash-plugin-nonfree , something like that one.
• Tried with Gnash plugin.
• And yes install adobe flash player. I tried with 32 bit versions and also beta 64 bit plugins for linux
• Manually placed libflashplayer.so file in google chrome, mozilla firefox 6.
• Minitube app didn't work either.
• Tried with few addons for firefox that did the same thing. But still no luck

Then one trick worked. I installed this Flash Video Replacer addon for Firefox. I changed the settings to load video in other standalone video player, Totem. This is really cool, now i can play high quality videos in full screen on totem without the lagging and hanging of flash plugins.

I just hope HTML5 comes over killing Flash, It Sucks!


Update: I enabled HTML5 videos on YouTube! http://www.youtube.com/html5 Much Better :)

Google.com - Open Redirect

Affected Software : Google.com domain
Severity          : Low
Local/Remote      : Remote
Author            : Piotr Duszynski (@drk1wi)


Due to a domain filtering bug and the way Chrome and Safari browsers
are interpreting the '%2e' URL encoded char it is possible to
trigger an open redirection through the Google main domain.

Vulnerability Details:

This vulnerability* has been verified on Chrome and Safari latest
browsers.

HTTP GET request:

http://www.google.com/sorry/?continue=http://google.wp%252epl

HTTP response body:

HTTP/1.0 302 Moved Temporarily
Location:
http://www.google.wp%2epl/sorry/?continue=http://google.wp%252epl

The fact that the %2e is interpreted as a '.' within the address bar,
allows to trigger an open redirect.



Try This: http://www.google.com/sorry/?continue=http://facebook.com




Source: Full disclosure.

कभी ना कहिये

बहुत बढ़िया कविता मिली   facebook पर ...

काम नहीं बना मत कहिये
कहिये "आज" नहीं बन पाया।
चुने नहीं गए तो कहिये
उनको "आज" नहीं मैं भाया।
असफलता अपनी दुनिया में
रह नहीं सकती है हमेशा
सोचोगे जो वही दिखेगा
दुनिया एक अजीब सा शीशा
नहीं बनेगा कभी ना कहिये
कहिये "कोशीश करके देखूँ"
चाहिये अगर प्रकाश मुझको
दीप की तरह मैं जलके देखूँ

तुषार जोशी, नागपुर

Source: http://kavita.hindyugm.com/2006/11/blog-post.html 

Writing Custom Haizea Modules

Haizea provides facility to write our own customized policies for lease scheduling via pluggable policy decision module.
It is currently categorized as

• Admission-policy
• Preemption-policy
• Host-selection policy

My custom scheduling policy didn't fit under any of these policies. So i am now writing my own parent policy class 'Scheduling-policy'. This super class will deal with some Advanced Reservation Lease's having option of getting migrated to Best Effort leases in case it can't be scheduled and getting terminated. I will update this post with some code snippets later.

Working with Haizea

Haizea is an Open Sourced Virtual Machine based Lease Manager.It can also integrate with OpenNebula and act as lease scheduler. I have been asked to implement a different policy in its lease preemption module. So.. tonight it is!

Rain is always followed by powercut here in Indore. But i have all "Batteries Included" , can easily continue for few hours :)
Take a look at what Haizea is

Haizea

Links:
1. http://haizea.cs.uchicago.edu/whatis.html
2. http://phoenixforge.cs.uchicago.edu/projects/show/haizea
PS: According to wikipedia, Haizea is a rock band!

print "Hello World"

So.. this ought to be the first post by any tech blogger after all! Folks this is my space :P oh.. I don't mean MySpace! Here I will write whatever I like and I do in my daily life.
I am an engineering student from Indore who likes to do all sorts of weird things, lives on the internet and wish to launch skynet someday. Hope my second attempt at blogging will continue this time without any jerks..