Skip to content

How I accidentally got into someone else’s gmail account

A few months ago I created a new Facebook account for my daughter. Just for fun, she’s little and I thought it was cute that she could have their own posts and a few pictures. Anyway, in order to do it so, I created a gmail account for her too.

As expected, after a while I must have misplaced the login information so I had no clue what the username or password was. I could guess because of her name and lastname, but honestly I did not remember her username.

Anyway, I followed all the steps for the recovery and at one step they asked me to enter the username, so I tried different combinations. One of them fit, so I thought it was the correct one and even when I was not sure I proceeded with the password recovery process.

They said I had no alternative email nor phone associated to this account, which also seemed a little strange but what the heck, I must have forgotten that. I kept going and they asked the “security question” which was what my favorite dish was. I answered incorrectly as expected and since my memory is so poor, I thought “I must have put this other dish, because the one I originally chose used foreign characters”, so I entered this classic dish I thought it was, and voila! I was in.

The resetted my password and I following the classic procedure I could access my account.

Right after I was in, I was asked to enter an alternative email and phone number. So I did.

Then I checked the inbox because I wanted to delete old emails and to my surprise….this wasn’t my account!

I quickly deleted all the info I had previously entered and tried to contact this poor guy whose account I had accidentally hacked but as he had no extra info, I could not do it.

Probably if he tries to access his account, he will be able to do it by resetting his password just as I did, but I could have deleted everything, I could have changed it all and then he would have never, ever get it back.

I know, you must be thinking, it is his fault because he did not entered extra validation information. It is true. I am not saying Google is wrong I just wanted to share my experience in order to show how easily someone could steal your account if you do take all precautions.

This whole situation made me think how vulnerable people are if they are not well advised on how to use technology correctly. People are all pushed to use technology, pushed to get into this new world and unless they are well informed about the implications of this new era, they are left to their own devices.

 

 

 

Advertisements

Should startups use Magento?

For a long time now I have been working with this great ecommerce platform.

I think the idea of having a well design ecommerce platform, which offers countless possibilities for extension might sound like a great deal.

Having said this, I would like to point out what, from my humble point of view, are the drawbacks of this popular platform.

First of all, from a company’s perspective releasing a paid version and an open source version could work as long as they offered for the  open source version the same quality of information they provide with the paid one. I can now hear Magento people saying they have their class model published on their website and they provide users with a great forum. Pardon my french but that is bs!

For all the developers out there, even with a lot of years of programming experience in frameworks with similar models, take them a long time to “guess” how it really work underneath. I think there is a great community out there and personally I have been able to solve most of the issues by digging into several blogs and forums all over the web, but it is just not enough.

My point here in any case is that, even when I can understand Magento pays way more attention to their paid version than to the open source version, when you offer something to the open source community either you should provide as much information as possible or rather keep it “closed”. You just cannot have the best of both worlds.

But this is not just about what they should do with the project or if they should provide more information. It is about the consequences it causes to all the programmers who end up struggling with situations where customers get Magento _because they think it is the best deal they can get_ and then want to adapt it to their own needs.

This is the time when customers have to pay a lot because progamming new modules in order to do what they wish, take programmers a long time to the understand how it works and what is really going on behind the scenes.

In addition, the problem gets worse when customers want to add all the cool stuff they find in other sites. Powerful javascripts animations, great ajax features and so forth. They can come with all sort of great ideas for their websites, but programmers have then to deal with another problem: Magento uses Prototype by default.

I am not saying this is not a great javascript library but jQuery is the new kid in town (and not so “new” now), but let us face that Prototype is kind of old fashioned now.

So, as software developers, we have to deal with different jscript frameworks integration plus guessing what xml files need to be tweaked in order to modify templates.

The question is: can we do that? Of course we can, but at what cost?. We  end up digging into the core source code and checking other third parties modules to come up with a viable solution.

What I am trying to say in any case is, should it be this way? Magento is great, no doubt about it. But do customers know about this situation when they choose it?

Last but not least, if  Magento customers do not get to have the best programming team from day one and their Magento source code is touched by several developers, all the Magento magic is gone and it is highly probable that their site becomes full of  spaghetti code.

This is the other side of the story. I have had customers with concrete software needs for their Magento but getting those done in a decent time was almost impossible because they have had previous programmers that probably did not have all the information or proper rules to keep the platform structure as neat as it should.

And here is where my request for better information comes to sense. It is not that I do not understand that Magento guys dedicate more time and effort to their paid version. It is a matter of supporting the open source community the right way in order to expand the product correctly. Because, sooner or later, once customers realize all their dreams about easily adjusting their website will not come true and they find themselves with an unmaintainable website, they will start migrating to other solutions  and Magento’s fever will be over.

How to install Ruby 3 on rails in Windows 7

Introduction

This is a step by step tutorial that will let you succesfully install Ruby on rails 3 in your Windows 7. The main objective was to ease the installation process which is kind of harsh and bumpy.

Procedure

  1. Download Ruby Windows installer from this URL.
    Select version 1.8.7, which is the most recommended and stable release for Windows.When installing this software, make sure to check “Add Ruby to PATH”.
  2. After installing Ruby, open CMD and check if you Ruby is accessible by executing the following command:
    ruby -v
    If it works fine you should see the version number of Ruby
  3. Then check if you can access gem command by executing:
    gem -v
  4. As you will see, probably the gem version installed by default is not the latest,
    so you should proceed to update gem like this:
    gem update --system
  5. Now it is time to install Ruby on rails. Rdoc and Ri documents the gems.
    NOTICE: It is well known that there is a bug when generating documentation for some of the gems needed for rails. Since Rails will work without it, let us avoid it until a new solution is published. 
    So you should execute:
    gem install rails --no-ri --no-rdoc
  6. Ruby on rails works with SQLite by default but we will use MySQL.
    In order to let you use both, let us download SQLite and then configure MySQL.
    Download SQLite dlls from here this URL,
    unzip them and copy them to:
    c:\<your_ruby_dir>\bin
  7. Now you should install SQLite gem:
    gem install sqlite3-ruby
  8. Now it is time for MySQL. Go to the MySQL website and download the community edition and after installing it in your OS, download this libMySQL.dll and copy it into the same location you put the SQLite dlls
    c:\<your_ruby_dir>\bin
  9. Now install the MySQL gem.
    NOTICE: Since it is also well known that there is a bug related to mysql2 on windows, please avoid it until they find a proper solution. There are additional procedures to make it work but as I assume that all you would like is to have a functional RoR in your Windows for development (not deployment), save the pain.
    To install the msyql gem execute:
    gem install msyql
  10. Now we are ready to create a testing project in rails.
    Since we are going to use MySQL as DB, we should then execute:
    rails new testproject -d mysql
  11. After creating the project, we must perform the following changes to make it work
    with mysql instead of mysql2 (which gets set by default).
    So please edit the database.yml file and replace every instance of “mysql2” by “mysql”. Then save the file.
    Remember that database.yml is located at the config dir of the new project tree.
  12. Now it is time to modify the Gemfile which is located at the root of the project tree.
    Once edited, you should also replace “mysql2” by “mysql”.
  13. Since there is another issue with rake 0.9, you should also replace the rake reference at the same file (Gemfile), by this more stable version:
    gem 'rake', '0.8.7'
  14. Now you should uninstall rake 0.9 and install rake 0.8.7, so you should execute:
    gem uninstall rake
    gem install rake –v 0.8.7
  15. After this, from the root of your new project, you are ready to execute:
    bundle install
  16. Relax, we’re almost there. You should now try to create CRUD operations for a simple user table. So let us execute:
    rails generate scaffold user name:string email:string
  17. Then, we perform actual changes into the DB by executing:
    rake db:create
    rake db:migrate
  18. Finally, let us run the Rails httpd server:
    rails server
  19. Open your browser and go to: http://localhost:3000/users, you should see the users list ready to add, edit and remove records.

Final comments

If you have followed this tutorial step by step you should be fine, if not let me know. As I said it took me a while to make it all work so I am sharing this in order to save your time, enjoy 😉

Todo list with Symfony 1.4 – Part 8 (Editing a list)

This is the last part of this disection of the todo list application. I’ve saved the best for last. In this part we’re going to see how to edit tasks of a list. As simple as it seems, this is where we must use few cool Symfony features, combined with some javascript and that’ll do the trick, you’ll see.

First of all, what happens here is that the user wants to edit the list and its tasks, all in the same page. Here we have our first issue since we have a form for a task and form for a list but we need to merge them into one.

Secondly, the user should be able to delete tasks at the same edition page. Here’s where we must add some javascript to perform tasks removal.

Let’s take a look at the code then:

MyListFormWithTasks

/home/templates/editListSuccess.php

JQuery - editListSuccess

/home/actions/homeActions (editList - updateList)

/home/actions/homeActions (processForm)

Editing the list

The editList action retrieves the list at stake and creates a new form.

At the template, we display the list’s name together with a couple of links by its side, one for cancel the edition and the other for deleting the whole list. Once this last is clicked, the  deleteList action (which is not shown here, since it is not that relevant), is executed. This action  deletes the list and redirects the user to the home page.

It is important to notice that in this list we display “all” the tasks, even those that have been marked as “done”. This is why, I crossedout done tasks.

Now, as we said in the beginning of this post, the user should be able to edit the list name and the description of every task at the same page.

Browsing the Symfony project documentation, we find a book called: The more with symfony. In this book there’s a section called: Advanced forms, where you can read everything you need to create forms like the one we need here. That is, to create a form which embeds other subforms inside.

Since this kind of situations were not that common, the first releases of Symfony did not pay too much attention to it and in fact the initial procedure to make it, was too complicated. Fortunately, after release 1.3 and with Doctrine, form embedding turned out to be way much easier.

Let’s see, we need to have a list form with its name widget and below a list of editable tasks, that is task forms with an editable description field. In order to do this, we need to create a new MylistForm called: MylistFormWithTasks().

If you look at the source code of that form class, you’ll see that if you made a good schema file, and created a Tasks relation (in this case), all you have to do is add the following line:

$this->embedRelation(‘Tasks’);

Easy uh? In addition to this, I added an extra hidden field to keep track of deleted tasks, as you will see later. Then, if you look at the template again, you’ll see that we go through the form[‘Tasks’] array with a classic foreach and display the description task widget.

Removing individual tasks

Now, since we also need to be able to remove tasks by clicking an icon next to each task. We must have a way to identify each task. That ‘s is why when we display every task input, we store the task id as the id attribute of the task link. We can retrieve that info directly from the form object doing this: task[‘id’]->getValue().

Once the form is submitted, the updateList action is exectuted and the list is updated.

So far so good, but what happens when we would like to remove a single task. Here’s where JQuery comes to action. When the user clicks delete in the cross icon next to the task, we slowly fade the task away by the time we add the task id to the deletedTasks hidden field we previously added in the form class.

This way, tasks are not longer then when deleted but the actual removal occurs in the action code as you can see. If you analyze the processForm() method, you’ll see that after checking that the variable exists, we store it into another one and remove it from the request (to avoid issues when validating the form).

Then, if the form is valid, we go ahead and process this hidden field. We convert the string into an array and traverse the array, retrieving every single Task object and deleting it.

Final comments

If you took the time to read every part of this project, before you jump into any conclusion, I would like to emphasize a few concepts:

  1. This application is an easier version of the 37signals tadalist. It was not my intention whatsoever to copy the original one or say this is my Todo list idea. I really respect others work and their version is superb.
  2. The main objective of this post is to be educational although I am aware of the fact that refactoring could be done in many sections.
  3. This is also supposed to help those who have not gotten the expertise in working with Symfony but find it a great framework.

Having said all of the above, I hope you enjoy the app as much as I did while I was writing this set of posts and remember, programming is about having fun 🙂

Todo list with Symfony 1.4 – Part 7 (Reordering tasks)

As you may recall, we have this position field in the schema to keep tasks in order. The natural order is supposed to be given by the creation time of every task.

In addition, you must also remember that in the schema we add this order_by sentence in the Tasks relation, indicating that whenever we ask for a list of tasks in the app, that list would have to be ordered by position.

Here’s where all that’s starting to make sense. Let’s take a look at the code first:

/home/actions (Reorder)

/home/actions (Sort)

/home/templates (Reorder)

JQuery reorder

The first thing we do in the reorder action is to retrieve the list and make it visible for the template as usual. Then, at the template, we display the title of user’s lists (with a  link to go back to them) and the name of the list plus a couple of actions: Edit the list and Done (which means to finish reordering).

Then, we traverse the tasks collection and display those undone tasks adding a drag icon on the left side and storing the id attribute of every task into the li id tag. We identify the list that contains the tasks as: sortable

Now let’s look at the JQuery code. As you can see this is very very simple, all we have to do is to tell JQuery what the list that’ll be ordered is and call the sortable() function, that’s it. The second function: disableSelection(), only prevents the user from entering in selection mode when dragging objects, which is very annoying.

Once the sorting has been completed, the user clicks the Done link. We then traverse the sortable list of tasks and concatenate every id number into a string variable, according to its new order. I.e. items = 23, 44, 11, 34 (where ids correspond to the ids of the tasks objects).

Finally, the sort action is executed receiving items variable as a parameter. This method creates an array out of items (using the explode() PHP method which makes an array from a string separated by certain character) and using a simple foreach() structure and a counter variable npos, we retrieve every task object and set the new position value.

When this is done, it is redirected to the tasks action where you’ll be able to see how tasks have been reordered.

Read Part 8

Todo list with Symfony 1.4 – Part 6 (Adding and marking tasks)

Here’s where the AJAX action starts so let’s go step by step. Before we dig into the source code I would like to state that I did no refactor the code as I would have liked for teaching purposes. So, even when I know a few  procedures and templates could have been reprogrammed to avoid DRY, I preferred to let them stay as they originally were.

First of all, let’s take a look at the action and template.

/home/actions (tasks)

/home/templates (tasks)

/home/templates (_tasks partial)

Remember this action was called by the creation of the list so we have the id of the list as parameter. Then, we use this id to retrieve the list object and store it in an attribute to make it visible in the template.

In addition, we also create a new TaskForm object to be able to add new tasks to the list, however you’ll see we won’t use this form the ordinary way but using AJAX instead.

Now, if you take a look at the template code, you ‘ll see we have added the titulo partial as usual (remember it displays a link to the lists the user has), we also display the name of the list after the title and a set of actions on the right side of the list title.

These actions are: editing the list and reordering.

Then we use a new partial to show user’s tasks but as you can see it has been reused in the same template twice. Since we have the chance to pass parameters to the partial, we use an option parameter to indicate if we want to display done tasks or undone tasks.

Keep in mind that this template is supposed to let the user add new tasks but also mark tasks as done and display those done tasks in a minor font at the bottom, so the user can unmark tasks if they regret.

Showing and hiding the “Add new task form”

In addition, this whole app is a migration from the 37Signals tadalist app, so I tried to keep all of their features. So, in this template you also have the chance to show or hide the form to add a new task. The user might well just mark tasks as done and wouldn’t like to see the add form at all times.

This is why, we added some JQuery code here to hide or show the form for adding new tasks, let’s take a look at this jscript code:

JQquery - Show/hide "add task" form

If you look at the template source code, you’ll see a link with a class called my_label, which is initially hidden (display: none). In addition, at the end of the form there’s another link called “Close”. If you look at the jscript code, you’ll see that if the user clicks on this close link, it hides the form and shows the other link. And when the user clicks on the “Add new task” link, it shows back the form and hides this link.

Adding a new task

JQuery submit a new task

/home/actions (add new task)

When the user submits the form to create a new task, the information is sent via AJAX to the server executing the AddTask action.

Since it is important for the application keep an order to the tasks, when we defined the model in the schema, we added a position field in the task table. Now, everytime a new task is added, a new position number must also be assigned. In order to bring the last number and add it one, I created this getLastPosition() method you see in the action source code. This method was created in the Model since it belongs to the Task class.

So, the action method gets as parameters: the task description and the list id. First of all, we use Doctrine to get the list object. Then we create a new Task object and update their position. Finally, we add this task to the tasks list tasks collection and save the list object.

Once all this has been done, we use the renderText() method to send the new html string back to the browser.

Back to the JQuery code, we receive the text sent by action in the Success section of the AJAX call, where we add this new html div tag to the list of pending tasks, (identified by the “pending_tasks id”), using a nice highlight effect once it’s added.

Marking/unmarking tasks as done

This marking process is triggered when the user clicks on the task checkbox.

JQuery (marking tasks as done)

JQuery (unmark task)

/home/actions (UpdateDone)

If the user clicks on the task checkbox of a pending task, the first AJAX is executed. As you can see it does pretty much the same as before, it calls the UpdateDone action.

The UpdateDone action receives the task ID, looks for it in the database, changes their status (setDone(1)) and saves the task object. Finally, it sends back an html string with the task description, a checked checkbox and storing the object id in the ID of the input tag.

NOTE: This might not be the best technique for security reasons but it is good for teaching purposes. In a production app it could be masked some way.

When the html string arrives to the AJAX Success section, the line is removed from the pending list with a nice fading off effect and added in the done list at the bottom.

As you can see also, the UpdateDone action has been programmed to mark and/or unmark tasks, so when the user checks a done task at the bottom, the second JQuery code is triggered and the same action is executed but doing the opposite thing, removing the task from the done list and adding it back to the pending list.

Read Part 7

Todo list with Symfony 1.4 – Part 5 (Create new list)

The creation of  a new list is triggered by clicking a link at the bottom of the home page.

The process does not require too much explanation since it is a classic form where AJAX is not involved because once the list is created, the user is redirected to a new page where the user can add tasks to the recently created list, and there’s where the action begins.

However, let’s take a look at the files that take part in this process.

/home/actions/actions.class.php (new list)

/home/templates/newListSuccess.php

MylistForm

When the user clicks the creation link at the home page is redirected to the newlist page. The newlist action only creates the MylistForm object and stores it in an attribute to have it visible in the template.

At MyformList class I only renamed the label the rest is old news.

What I would like to point out here is that when the user submits the form to the createList action, before processing the form, I intercept the request and complete the information regarding the user. As usual I get this info from the current user object.

Read Part 6