I came across an interesting application today. Google has released an application named Jarlsberg that is full of security holes. The intent is to make developers learn how these holes work and put them in a position to combat the security vulnerabilities.
You can visit the app to learn more. Security flaws to be detected are classified under the following categories
- Black box. You dont know the code
- White box. Requires you to see the code to understand how to break it.
- Gray box. Some code will be made visible.
I also came across an instructor’s guide that has problems to be solved in the application, graded by their difficulty level.
What better way to learn an exploit than to perform it on a test system ? Some of the exploits involve
I logged into a gmail inbox today, surprised to find ‘Google Buzz’ asking me if I wanted in. I clearly said ‘No’. Not yet another social network. pfft. So after I said ‘No’ there it was sitting comfortably on the navigation bar and telling me people were following me and I could follow them.
There is a small link on the bottom of your Gmail page that says ‘turn off buzz‘. Click on that and you get disconnected from the social network. I wonder what google plans for Orkut.
I successfully installed a wave (google) server on a windows box a few days earlier. It was a great feeling. Here are the components that made up the server
- Postgres database to be used by XFire.
- Wave related server jar which runs the server
- Wave command line client that runs the simplistic console client.
I started the console client and typed in a few commands to go through the waves. New, open, view waves were some commands that the command line console allowed you to execute. This client was a simple RI provided by google. If you would like to install a server on your own, take a look at the installation instructions.
Wave console client:
Things got even better today when we got our second google wave account for the same user. mmm 
wait… a second google wave account ? Yep. Google wave is split into googlewave.com accounts for normal end users and the wavesandbox.com accounts for developers and geeks. It is interesting to note the differences.
Googlewave:
- Is a little less buggier. It has more features like read only waves that the sandbox is missing.
- Linked to your existing gmail and docs. All your existing contacts can be… contacted.
- Has this cool green box that opens up for active wave conversations.
- No debugging or anything technically related.
- Number of invites allowed are varied. If you requested for the account yourself, you get anywhere from 8 – 22 invites (from what I have heard so far).
Wave sandbox
- Pretty buggy and is a developer’s paradise.
As most of you are aware by now, developers can write java robots that can aid a conversation that happens in google wave. A conversation is a wavelet and each reply in this wavelet is called a blip. There are some ‘getting started’ tutorials available out there that are of great help. These links should help you
Official google wave guide
Google wave getting started – Sort of an abridged version of the official guide written by Vogella.
Grasping the overall picture of a java robot is a little difficult. This is because there are no flow or architecture diagrams (at least none that I know of) that show you the sequence of events. Given below is a diagram that does that. Assume that you wrote a java robot that is meant to edit blips in a wavelet. The robot should provide a profanity filter service which will delete objectionable words from the wave. This is how the series of events happen.