VictorSawma.com: Blog about Web, Security and Life

NetDesignPlus in Kuwait

Fri, 05 Feb 2010 18:53:44 +0000

In December 2009, NetDesignPlus officially opened its newest branch in Shuwaikh, Kuwait. With this opening, we will be able to better serve our Kuwait clients by being closer and in direct contact with them regarding our online services including web development, design, hosting and consultancy.

Hidden Fees with Malev Hungarian Airlines Online Booking System

Thu, 04 Feb 2010 15:18:11 +0000

Yesterday, I booked my first ticket online with Malev Hungarian Airlines. My trip is from Beirut to Gotenburg on July 2010.

The total fare to be charged "as per the website" was 567 USD for the roundtrip. The confirmation email (and yes I still have it and is attached below) confirms that the total charges should 567 USD. Yet, my credit card was charged 609 USD.

Being pretty familiar with Credit Card charges, I decided that this should be some sort of conversion between USD / Euro while processing the payment through their payment gateway. Thus, I gently sent them an email asking them to refund the difference.

Today, I received a reply back from them asking me to contact client service on a Hungarian phone number. I did. The woman on the other side simply checked, confirmed the price (567 USD) and said that everything is OK lol

I told her that the card was charged 609 USD. She was surprised first but, then, she remembered (surprisingly she did) that there is something that they call a "Service Fee" that is worth 30 Euros for the Lebanon region and that changes from region to region. What a joke!

She couldn't even confirm that the service fee is 30 Euros. She said that it should be around 30 Euros but there is no way for her to know the exact figure.

The worse part is that she is admitting that they have hidden fees.

The worst part is that she cannot now what the exact fee should be.

No comment from me on this. I know that this will be my last time to book with them online unless some magic occurs and someone points how something so unprofessional can happen with an airline reservation system.

IEEE High Availability Database Workshop

Sun, 13 Dec 2009 08:41:04 +0000

Today, I guided a workshop about high-availability database solutions at NDU. The workshop went for 6 straight hours (from 9:30 till 15:30) and was attended by more than 50 students from various universities in Lebanon. The workshop was organized by the NDU IEEE branch in collaboration with the Computer Science Club.

I started the workshop with a general overview of availability issues in Database solutions. Then, I moved to a more detailed description of Database Replication and Database Clustering before moving forward to the hands-on implementation that included the following:

How-to install / configure MySQL Cluster on Centos
How-to configure a database for asynchronous data replication
How-to configure a Cluster for real-time synchronous data mirroring
How-to configure load-balancing using the "balance" tool and Linux VFS (overview)

The unique thing behind this workshop was the ability to achieve a working solution that includes a Cluster Manager, 2 Cluster Nodes, 2 Cluster API nodes and a load-balancer while using only 3 server machines.

The solution architecture was simple and included the following machines:

192.168.0.1: this machine acted as the load balancer and the cluster manager. All requests to database operations in applications have to go through this machine which will, in turn, forward them to either 192.168.0.2 or 192.168.0.3.
- A slightly different solution will be to use Linux VFS to share a load-balanced IP address (e.g. 192.168.0.10) on 192.168.0.2 and 192.168.0.3. In this case, application database operations will have to go to the shared IP address (192.168.0.10)
192.168.0.2: this machine acted as a cluster node and a MySQL API node.
192.168.0.3: this machine acted as a cluster node and a MySQL API node.

Halloween 2009

Sat, 05 Dec 2009 08:10:14 +0000

This year's halloween gathering was exceptional with the large number of babies present lol Enjoy the pictures ;)

[Visit this halloween's album]

One-Million Dolar Picture

Mon, 16 Nov 2009 07:13:58 +0000

The creator of this picture won a million dollar in Van cogh' talents competition which took place in Italy. Please take a closer look at the picture.

Google Wave: Social Networking or Cloud Computing?

Wed, 30 Sep 2009 19:59:50 +0000

What will Google Wave's primary power be in? Will it be Social Networking and thus competing with Facebook or will it be Cloud Computing and thus computing with Microsoft Live and Yahoo? Just a note for anyone reading this and willing to give his / her opinion.

To get more information about Google's Wave, visit the URL below:
https://wave.google.com/wave

How To Recover Your Hotmail / MSN / Live Passport Account?

Fri, 25 Sep 2009 07:13:37 +0000

Did you lose access to your Hotmail / MSN / Live account and cannot reset your password using normal techniques (like Secret Question / Answer or Alternate Email)?

If yes, here is the link that allows you to "try" to recover your account by contacting Microsoft directly.

https://support.live.com/eform.aspx?productKey=wlidvalidation&ct=eformcs

Click on the link above and fill in as much information as possible. Make sure you use an email address that you have access to. The more information you provide (contacts in your address book, folders, email activity, etc.) the more convincing your request will be for the staff member who will be reviewing your request.

Normally, if convinced, Microsoft will simply reset your account password and send it over to the email address that you provide. Pay attention not to get confused between the stolen account email address and the email address that you want to receive the recovered password on.

Beirut: CNN's Best Party City

Thu, 03 Sep 2009 06:32:18 +0000

A beautiful report from CNN about the best party city on earth. No wonder they chose Beirut.

Watch the Report (Real Player required)

The Future of Web Programming

Wed, 02 Sep 2009 20:02:48 +0000

I was having an interesting discussion yesterday about web programming languages with a friend of mine during which we tackled various programming languages (PHP, Java, VB and C#) and their competitive nature for web programming. I found it very useful to place a summary (yet a detailed one) about this topic due to the interestingly arguable nature of this topic.

PHP:Past, Current and Future

I will start with PHP simply because it is still my favourite web scripting language. Back in 1998, when I first tackled PHP, many programmers that I knew used to make fun out of it (same way they used to make fun out of Search Engine Optimization back then as well ;) starting from its recursive name (PHP stands for PHP Hypertext Processor) reaching the naive (yet powerful) nature of the language back then. I always had my bet that one day PHP will have to evolve into an application development language (like Java or C# nowadays). Luckily now, I can safely say that is almost here with the presence of the ZendServer, PHP 5, Zend Framework and PHP-GTK. A good business solution nowadays can easily outbeat other applications in terms of performance, stability and speed of production simply by using the tools listed just above. Although these tools are not yet well-know at the commercial levels, they are being introduced (as far as I know) at many academic levels and will make it (in the very near future) to the commercial setting.

As far as the community is involved, I can safely say that PHP did a huge progress over the past two years. Back in 2003-2004, many programmers (and I was almost going to be one of them) moved into JSP with the J2EE being so powerful back then giving up while waiting for a mature and stable PHP framework to support them. Being stubborn, I insisted back then on sticking to PHP and worked for almost 4 months (full-time) back then to produce my first set of PHP modules to be used for Rapid Application Development (RAD) within websites. Lately, I ported my modules into CakePHP and Zend Framework whose combined power is ultimate for high-traffic websites that can serve hundreds of thousands of requests / hour peaking at thousands of concurrent requests with as low as 10% of CPU usage and 1 GB of RAM.

A very simple, yet convincing example of this are two websites that I developed: www.yellowpages.com.lb and www.al-sharq.com. For commercial confidentiality purposes, I cannot reveal numbers in here. Yet, you can visit these websites to get a glance about the dazzling power behind PHP performance when combined with Linux, MySQL, APC and the Zend Framework.

Java: The Enterprise Programming Language

I just love Java! I love its powerful architecture, community and powerful solutions. Yet, one main feature lacks Java to make it into the daily websites that people visit: low resource footprint. Java is well known for its huge resource utilization at the server level. A normal website developed in JSP will require at least 2 GB of RAM to properly cache JSP files. Performance, on the other hand, cannot be surpassed by any other web programming languate that I know about (make sure to add your comment if you know about one). The only thing is that you cannot have 50 websites sharing the same server unless you have at least 8 GB of RAM dedicated for the JSP container.

Visual Basic: Bye Bye!

VB is dying. Believe it or not, this language will not make it to the 2015 year. If you don't dump it now, Microsoft will in the few coming years (if not months) to give way for C#. Although it will still be used at the OS level, I don't see any reason why programmers will still be using it (unless they are like some of my friends who insist on using VB simply because they know VB and are too lazy to learn another language :)

C#: The Microsoft Bet!

Let us talk some facts here. Microsoft learned a lot from VB and learned a lot from J++ and learned a lot from the various applications / servers / services that were offered back in the recent past. As a result, Microsoft has put all of the experience gained into releasing an object-oriented language that is powerful (like Java), easy to learn (like VB) and with a low footprint (supposedly low) like PHP. I am not claiming in any way that I am a C# expert in here (believe I am not one) but I recently benchmarked a web application developed using C# for one of my clients during a security audit and I was surprised by the various security features that were introduced at the security level (especially exceptions) and at the performance level (the server handled 1024 concurrent requests / second for almost 2 minutes before it crashed). I must mention here that this benchmark is completely related to the way the application was written but it helped me gain a little more experience with how C# handles run-time errors and introduced me to the performance tweaks that IIS can help with if programmers get to know them. This lead me to conclude that Microsoft will be pushing forward with C# for the years to come with the hope to get back the old days of VB programming and move forward from there.

Conclusion

Let me make this conclusion short. If you want the details behind it, read the article again.

If you are new to programming and are interested in Website development, learn PHP. This is the key to go.

If you just love Microsoft, learn C#.

If you want to make it into Enterprise programming, learn Java.

Better yet, why not learn them all?

Ecosystem Virtual Implementation

Sat, 04 Jul 2009 07:13:59 +0000

Two of my students, namely Elie Khoury and Wissam Salameh, implemented a virtual Ecosystem implementation that simulates life in an aquatic system including Sharks, Fish and Plants. The implementation is so beautiful that it allows any application user to test the proper settings required for an aquatic to avoid extinction or to simply simulate the life in such a medium for research purposes.

The final report can be downloaded by clicking on the following link.

The 45 Lessons of Life

Wed, 17 Jun 2009 06:40:29 +0000

Written By Regina Brett, 90 years old, of The Plain Dealer, Cleveland , Ohio

"To celebrate growing older, I once wrote the 45 lessons life taught me. It is the most requested column I've ever written. My odometer rolled over to 90 in August, so here is the column once more."

Life isn't fair, but it's still good.
When in doubt, just take the next small step.
Life is too short to waste time hating anyone.
Your job won't take care of you when you are sick. Your friends and parents will. Stay in touch.
Pay off your credit cards every month.
You don't have to win every argument. Agree to disagree.
Cry with someone. It's more healing than crying alone.
It's It's ok to get angry with God. He can take it.
Save for retirement starting with your first paycheck.
When it comes to chocolate, resistance is futile.
Make peace with your past so it won't screw up the present.
It's OK to let your children see you cry.
Don't compare your life to others. You have no idea what their journey is all about.
If a relationship has to be a secret, you shouldn't be in it.
Everything can change in the blink of an eye. But don't worry; God never blinks.
Take a deep breath. It calms the mind.
Get rid of anything that isn't useful, beautiful or joyful.
Whatever doesn't kill you really, does make you stronger.
It's never too late to have a happy childhood. But the second one is up to you and no one else.
When it comes to going after what you love in life, don't take NO for an answer.
Burn the candles, use the nice sheets, and wear the fancy lingerie. Don't save it for a special occasion. Today is special.
Over prepare, and then go with the flow.
Be eccentric now. Don't wait for old age to wear purple.
The most important sex organ is the brain.
No one is in charge of your happiness but you.
Frame every so-called disaster with these words 'In five years, will this matter?'
Always choose life.
Forgive everyone everything.
What other people think of you is none of your business.
Time heals almost everything. Give time, time.
However good or bad a situation is, it will change.
Don't take yourself so seriously. No one else does.
Believe in miracles.
God loves you because of who God is, not because of anything you did or didn't do.
Don't audit life. Show up and make the most of it now
Growing old beats the alternative -- dying young.
Your children get only one childhood.
All that truly matters in the end is that you loved.
Get outside every day. Miracles are waiting everywhere.
If we all threw our problems in a pile and saw everyone else's, we'd grab ours back.
Envy is a waste of time. You already have all you need.
The best is yet to come.
No matter how you feel, get up, dress up and show up.
Yield.
Life isn't tied with a bow, but it's still a gift.

Friends are the family that we choose for ourselves

Lynn's Birth

Sun, 15 Feb 2009 09:58:14 +0000

Today, Mark and Lilo welcomed their new GORGEOUS baby: Lynn :)

I just love you guys and you both know that! Alla y3ayyesha w terba bdalelkon ;)

The first photos are here (the nurse didn't let me take more :( )

Paintball Adrenaline Rush

Sun, 28 Dec 2008 20:25:15 +0000

Last Friday, the NDP team competed against GM&A's team in Paintball. The score was a stunning loss for the NDP team. Yup! It was a stunning 5 for GM&A against a stunning ZERO (0) for the NDP team. No wonder the score was as such especially that the first phrase that we heard when we arrived from one of GM&A's members was: "Why do we need to play 90 minutes? All Beirut needed 90 minutes!!!" No comment on this though lol

Hard luck guys for this time and better luck for next time!

Pictures from the event can be found here.

Jesus is the Reason for the Season!

Thu, 18 Dec 2008 08:20:00 +0000

Today, I received an email from a colleague at NDU entitled "Jesus is the Reason for the Season".

The email, like many other emails that you receive around Christmas, is centered around the Christmas spirit.

What really got me about this email is that it was the first email that I read trying to get back the Christmas Spirit from Santa to Jesus.

I am sharing this email here. I hope you like it and, better of, use it and send it to friends ;)

REMEMBER

Jesus is Better than Santa

Santa lives at the North Pole.

JESUS is everywhere.

Santa rides in a sleigh

JESUS rides on the wind and walks on the water.

Santa comes but once a year

JESUS is an ever present help.

Santa fills your stockings with goodies

JESUS supplies all your needs.

Santa comes down your chimney uninvited

JESUS stands at your door and knocks.. and then enters your heart.

You have to stand in line to see Santa

JESUS is as close as the mention of His name.

Santa lets you sit on his lap

JESUS lets you rest in His arms.

Santa doesn't know your name, all he can say is "Hi little boy or girl, What's your name?"

JESUS knew our name before we did. Not only does He know our name, He knows our address too. He knows our history and future and He even knows how many hairs are on our heads.

Santa has a belly like a bowl full of jelly

JESUS has a heart full of love.

All Santa can offer is HO HO HO

JESUS offers health, help and hope.

Santa says "You better not cry"

JESUS says "Cast all your cares on me for I care for you.

Santa's little helpers make toys

JESUS makes new life, mends wounded hearts, repairs broken homes and builds mansions.

Santa may make you chuckle but

JESUS gives you joy that is your strength.

While Santa puts gifts under your tree

JESUS became our gift and died on the tree.

It's obvious there is really no comparison.

We need to remember WHO Christmas is all about.

We need to put Christ back in Christmas.

Jesus is still the reason for the season.

IEEE Ethical Hacking Seminar

Thu, 04 Dec 2008 08:53:41 +0000

Yesterday, I gave a seminar entitled "Ethical Hacking: It's All About the Ethics". What I really enjoyed about the seminar was the amount of interest that the topic had on students as well as the questions asked during and after the seminar.

I received today some pictures about the event and are available under the Albums Section.

Microsoft Halloween Documents

Tue, 18 Nov 2008 17:19:21 +0000

Check this website out and see why Microsoft is so "scared" from the Open Source community and Open Source products. In the last week of October 1998, a confidential Microsoft memorandum on Redmond's strategy against Linux and Open Source software was leaked out to the public. Read the memorandum and more...

http://www.catb.org/~esr/halloween/

Emerald Who's Who is a Scam

Tue, 28 Oct 2008 18:01:14 +0000

I am writing this article in here so that everyone else out there can be aware of this SCAM and FRAUDULENT company named Emerald Who's Who. These people are very professional at their SCAM business to the extent that you will feel very stuck in their deal. I was almost caught yesterday except for this small silly mistake that they did and got my defensive mechanisms up.

If you are intereseted in this story, click to read more. If you are not intereseted in the details, simply be aware of anybody calling you over your phone from a company named Emerald Who's Who.

My story with this is short and simple. A long time ago (around 6 months ago), I received an email from Emerald Who's Who informing me that I have been referred to them by experts in my domain as one of the credible people in my field. As such, they are inviting me to become listed as part of their Who's Who. I visited their scam website and, to my surprise, it looked like a normal one with some listings of other members on it (some of them being well known in my region). The website uses SSL encryption verified by Verisign so these people must be doing some real business (although not completely verified). I felt safe about it so I completed the form (a very long one) and submitted it.

Six months after that (literally six months), I recieved a call during a business meeting that I had. The man on the other hand of the line was very business oriented and used terms that caused me to feel really special. I know I am special in one way or another but I just did not know that Louis Gerstner was my next possible competitor ;)

He asked me many questions related to the way I conceive my business, what I think makes NetDesignPlus a special web development company, as well as many other questions that made him look really interested in preparing a mini-bio about me.

So far, I was the rat in the trap. I was thinking about all the possible ways to make use of this connection to the maximum extent possible. The guy moved forward to add that in addition to being listed, I can make use of some optional premium services in return for money. These services include being published in many forms (online, catalogs, journals, etc.) as well as a selective service that allows me to use their services to select potential customers from their database of professionals, etc.

The interview lasted around 20 minutes during which I completely believed this guy. Then, the BIG mistake was done when he started becoming pushy towards my credit card. I tried being polite with this extremely polite person by telling him that I will review his proposal (which he promised to send by email) and then, I will proceed and register for the package that I choose.

At this point, he started becoming more and more pushy (he must be this way since the rat is starting to vision the trap now) by offering me packages for lower prices and trying to get my credit card number over the phone. I explicitly mentioned to him that I cannot give my credit card number to anyone (isn't this what my bank told me when I got it?). How about giving it over the phone to some person calling himself Jerry Aguire (yup, Aguire and not Maguire). At this point, he said that he has an alternative solution for me where he can send me the proposal while he is over the phone and then, I can check it while he is on the phone with me and decide whether I want to buy or not while he is on the phone with me. I asked why I cannot get some time. He said that they have thousands of requests that they need to consider (poor them) and cannot go back and forth on a single application. At this point, I realized the scam and decided to have some fun (by increasing his phone bill as much as I can). So I told him that I have my credit card ready (and got him to wait for me to get it). Then I spent another 20 minutes trying to get as much information as possible about him (I got his phone number that surely nobody answers) and I tried recording his voice on my mobile phone (didn't work since the call was already in progress).

Finally, I really got tired of this so I told him that I will try to do my best to get back to him within the 24 hours period that he agreed on (I thought they cannot go back and forth on applications).

In brief, this guy is a real genius. The approach that he uses during his phone call simply traps you. You must be very aggressive to succeed in escaping his offers and proposals.

I hope this article helps some people out there escape this type of scams.

The links below are for you to read more about other people who went through the same story:

Recovering Lost Web Pages

Wed, 22 Oct 2008 11:42:41 +0000

Nice title eh? Here is the case.

You paid for someone to develop a website for you.
Your website was done (no programming involved) and hosted online.
For one reason or another, you don't have access to your website anymore. Many cases might lead to this such as problems with the party that developed your website, crash on a server with no backup as well as all sort of other non-professional reasons that might be faced.

You want to recover these lost pages?

The solution is fairly easy.

Goto http://google.com/
Type site: followed by your domain name (e.g. site:victorsawma.com) and hit the button
Google will get you a list of all pages that Google's spider have crawled from your website and saved locally on their servers (Yes. Google has almost all websites saved locally on their servers. This was actually the way Google started as per the creators of Google)
At the bottom of each entry, you will see a link labeled (cached)
Click on that link and you will be able to see the cached page from Google's servers.
Save the page and move to the next page

This can be very helpful in many other cases such as updating website content and then deciding to revert back to old text.

Try it for yourself. The link below will show you all pages from my site that are cached by Google:

http://www.google.com/search?q=site%3Avictorsawma.com

Images, on the other hand, are not cached. As such, you will have to try to get them from somewhere else but at least we have saved the content which matters most. Right?

Driving Skills in Lebanon

Mon, 29 Sep 2008 06:52:39 +0000

I just finished uploading various pictures related to the "interesting" (in an ironic way) driving skills in Lebanon.

No comment!

The Ghost in Internet Explorer 6, 7 and even 8 (Beta)

Wed, 24 Sep 2008 16:06:20 +0000

I found an interesting article written by Marius Oiaga, related to Internet Explorer security, and addresses the existence of what can be called "Ghosts".

Whether you believe in ghosts or not is irrelevant from a browser point of view. The matter is that you'd better start believing because Microsoft's browsers allow "ghosts" to take more than a peek over your shoulder, in fact, it permits them to see and register every move associated with the browsing process. Secunia has published an advisory titled "Internet Explorer 7 Frame Location Handling Vulnerability" warning of the risks faced by IE users, but not only IE7 is affected. Exploits have also been tested with success on IE6 and even on IE8 Beta 1. And to top it all off, a sample proof of concept is available in the wild at (http://sirdarckcat.blogspot.com/2008/05/ghosts-for-ie8-and-ie75730.html) [You must be using Internet Explorer for this demo to work].Apparently, the issue has been brought to Microsoft's attention at the company's exclusive BlueHat Security in spring 2008 behind closed doors. "Do you believe in ghosts? Imagine an invisible script that silently follows you while you surf, even after changing the URL 1,000 times and you are feeling completely safe. Now imagine that the ghost is able to see everything you do, including what you are surfing and what you are typing (passwords included), and even guess your next move," reads a fragment from the session description of Manuel Caballero, Independent Security Researcher.

Initially, the security flaw was demonstrated only on Internet Explorer 6 and 7, but Sirdarckcat made available a sample PoC affecting Internet Explorer 8 Beta 1 and IE7.5730. The proof of concept permits the hijacking of IE6 and IE7 frames and enables the capturing of user keystrokes. Every key the user presses, be it for login into a web account, including the username and the password, and down to the credit card number and other sensitive information, will be registered.

"No downloading required, no user confirmation, no ActiveX. In other words: no strings attached. We will examine the power of a resident script and the power of a global cross-domain. Also, we will go through the steps of how to find cross-domains and resident scripts," Caballero added.

Microsoft has yet to comment on the matter or to issue a fix designed to protect Internet Explorer users. However, the issue is pressing, to say the least, as IE6, IE7 and IE8 beta 1 are all vulnerable, and proof of concept code is publicly available.

"Microsoft Internet Explorer fails to properly restrict access to a document's frames. This can allow an attacker to replace the contents of a web page's frame with arbitrary content. Internet Explorer still appears to enforce the cross-domain security model, which limits the actions that a malicious frame can take with the parent document. For example, a frame that exists in a different domain should not be able to access the parent document's cookies or HTML content, or other domain-specific DOM components. However, components that are not tied to a specific domain, such as the onmousedown event [sic]. By monitoring this particular event, an IFRAME can capture keystrokes from the parent document. Other actions may be possible," reads the official description of the flaw from US-CERT.

This article has been taken as-is from:
http://news.softpedia.com/news/The-Ghost-in-Internet-Explorer-8-Beta-1-89094.shtml