Max

Stolbynsky

IT manager. Consultant. Cloud architect.


Marginalia

This is a place where i would like to share some side notes about my life, thoughts and ideas. All listed below is my personal opinion and open for discussion. You can find there some different sides of my life and do not confuse if found something in-mixable. Life is really interesting thing and includes various sides.

New Google authentication + LastPass = potential security issues

October 30, 2013, Max Stolbynsky0 Comments

Many people use LastPass plugin to store the site credentials. It is really useful and i’m using it for bunch not-sensitive logins. It worked well with google before they recent login page update.

So story is following. I’m using sometimes customer’s login/pass to manage some google services. And I did it today. Then at evening i went to the flickr to upload some photos. There is optional oauth via google and i’m using it. As usually it pops up my face, LastPass pre-fills pass, I press Sign In…. and appear on the Signup form with pre-filled CUSTOMERS name and address. What the hell? Cookeis? Ok! Press logout. Login to gmail with my  email and pre-filled pass… and again – CUSTOMER’s mailbox!!! Ok… Clear all cookies and local storage. Try again – same case. Go to safari without LastPass and login successfully!

After this i started research reasons of so strange situation and found this:

google-lp

 

 

In fact google prints email as label but ALSO this form has invisible input. LastPass do not recognize it is hidden and fills it.

Use can see only hidden password and of course has no any idea that he logging in now under completely different account.

Same situation can happens with google pay and other services.

So my advice – be careful with LastPass on google sites.

What you can do with youtube video using get-parameters

April 6, 2013, Max Stolbynsky0 Comments

Everybody knows that youtube has simple editor where you can define few options. But in fact youtube watch (and embed also) url has much more options. Here you can find some of them i was able to find and test.

Usage: http://www.youtube.com/watch?[sequence of parameters]

v=

The v parameter specifies the VIDEO_ID. Unique alpha-numeric ID of the video.

&fmt=

The fmt parameter specifies the return format for the video resolution

&t=

The t parameter allows to define start time of video in the form of #t=1m15s

&hl=

The hl parameter prompts the user(host) to a specific the indicated language

Chinese (Traditional) &hl=zh-TW
Czech &hl=cs-CZ
Dutch &hl=nl-NL
English (Great Britain, Ireland, Australia and New Zealand) &hl=en-GB
English (United States and Canada)* default value &hl=en-US
French &hl=fr-FR
German &hl=de-DE
Italian &hl=it-IT
Japanese &hl=ja-JP
Korean &hl=ko-KR
Polish &hl=pl-PL
Portuguese (Brazil) &hl=pt-BR
Russian &hl=ru-RU
Spanish (Spain) &hl=es-ES
Spanish (Mexico) &hl=es-MX
Swedish &hl=sv-SE

&gclid=

The gclid parameter is used in auto-tagging for Google Ad Words and will show up in the landing page URL when a user arrives at the page from the ad.

&feature=

The feature parameter is assigned within Youtube to describe certain videos and where display

&feature=watch_response

Any videos in response to a video will have this parameter linked to it. (Assigned within youtube)

&feature=watch_response_rev

The reverse of the above. The “child” video page will have a link to the “parent” page (Assigned within youtube)

&feature=pyv

Promoted Youtube Video (pyv) on a watch page (Must be entered within Google AdWords Editor destination url)

?feature=pyv

Promoted Youtube Video (pyv) on a channel page (Must be entered within Google AdWords Editor destination url)

&kw=

The kw parameter is an indication of keyword insertion. Keyword insertion is an advanced feature that can help make an ad more relevant to a diverse audience. Each time the ad shows, AdWords will automatically replace the code with the keyword that triggered the ad. (Must be entered within Google AdWords Editor destination url)

Not clear yet:

Unfinished section

&ad= Advertisement Id assigned to an advertisement ?
&feature=recent_shows
&feature=recentu
&feature=recentlik Recently Liked ?
&feature=spotlight
&feature=related
&feature=channel
&feature=branded
&feature=aso
&feature=sub
&feature=fvw
&feature=fvwk
&feature=fvhl
&feature=BF
&feature=topvideos
&feature=more_related
&feature=list_related
&feature=player_embedded
&feature=artistob
&playnext=[1 or 0]
&list=[LIST_ID]
&list=QL Queue List ?
&index=[INDEX_NO] Index of list
&shuffle=
&videos=
&playnext_from=
&force_ap=

Did Microsoft put Skype users on countdown?

December 9, 2012, Max Stolbynsky0 Comments

Yesterday Skype was suddenly auto-updated to version 6.0.60.126. And happened something strange. Looks like some night build appeared in the  global update system. I never saw such unstable version of this messenger. It crashes, freezes, sometimes overload CPU for few minutes without real visible activity. But most strange thing is voice chat problems. These 2 days I had few long conversations. And each of it was multiple times dropped. Scenario is always same: peer voice stops, but some background noise still present, then call quality meter became yellow and then red. And Skype try recall peer. After immediate recall only one side can hear another. You need go offline and then online and call again. About 8 years ago I had same problems when implemented custom VoIP project based on H.323. When it works behind NAT established NAT tunnel was kept some time and push distortions to new connection. So what we should assume? MS have replaced previous transport proto to H.323? Don’t think so, but publishing of really buggy version is a real fact.

Another thing was so confused me. I had pretty long call today and it was interrupted many times. But I was so surprised when I reviewed chat log. EACH part of conversation was exactly 20 min long (+/- 30 sec).

[20:33:52] *** Call from Y### K######, duration 20:29. ***
[20:57:58] *** Call to Y### K######, duration 20:20. ***
[21:39:57] *** Call to Y### K######, duration 20:21. ***
[22:21:40] *** Call ended, duration 20:21 ***
[22:42:29] *** Call ended, duration 20:21 ***
[23:03:45] *** Call ended, duration 20:41 ***

It really doesn’t look as co-accident. It looks like system.

Maybe some counter is overloaded in this time and tries to reinitialize connection or Skype has now maximal call duration. No idea… But really annoying!

 

Edx.org – new generation of the online education

November 19, 2012, Max Stolbynsky0 Comments

Few month ago I found new online education platform named edX. It is joint program stared by MIT, Berkeley UC and Harvard and provides online courses for world-wide students. Courses include video lections, home works with pretty smart graders and quizzes. Usually one course requires about 8-14 hours per week to watch video materials, read coursebooks and do home works. So good, video has time synchronized transcript and you can follow the text if sound is not enough clear. Each video and homework has own discussion page, so students able to discuss problems and find proper solution. Also it is good feedback for course stuff to improve materials or fix mistakes. If student passes some level by home works and quizzes he receives official certificate.

I took part in the course CS169.1x: Software as a Service. It is so interesting for me as developer and as manager, because opens so many new technologies of software development oriented  on cloud environment. Course requires pre-existing knowledge of OOP and web development and concentrated on high level methodologies like Agile, Behavior driven design (BDD) and Test driven design (TDD).

Main platform for test projects is Ruby-on-Rails – modern and powerful framework implements MVC pattern and based on Ruby language.

Thanks to professors David Patterson and Armando Fox students have got so good and deep knowledge about theoretical side of web-applications development as well as practical side too.

I really advice to visit the site of edX and look for interesting courses. There are not so much yet, every month appears new courses. So system is in development and expanding process. All courses are free and open for everybody.

MySQL 5 has completely weired transaction concept

November 16, 2012, Max Stolbynsky0 Comments

Want to share one kind a weir thing I found today.

I’m long time use transactions in Mysql, but never run in case when transaction is opened, but not closed.And today in the testing process I have found that if you start transaction and then your script dies in a middle for any reason and it is not catched by exception which calls rollback, all data you have modified are PRESENT in db. So Mysql commits it automatically by default. And even more: all data modified INSIDE transaction are available to other connections IMMEDIATELY. So you risky to have inconsistent data in parallel queries. So seems like classic transaction model was avoided by default.

You need to setup autocommit = 0 manually after each connect to avoid it.

Maybe it is really easier for dummies who forget to close transaction by commit, but i was frustrated when i saw that.

So if you really need to use classical transaction model in Mysql 5 you need after each connect use following SQL statement:

 SET autocommit = 0

For more detailed reference you can visit official page:

http://dev.mysql.com/doc/refman/5.5/en/commit.html