SecondHand C0D1NG

I have been thinking about how to store customer’s login details into the database.

I mean, how to arrange the tables to store the passwords securely enough so that even if one day the database is leaked (and it will), no actual passwords are exposed.

On seond thoughts, managing the passwords by myself could be a bad idea.

Hand it over to Google or Facebook.

OK.

Let’s say, for some unknown reasons, I have to do it.

The million-dollar question is, HOW.

• If I store the plain text password anywhere in the database, the company probably would just fire the guy who designed the database, that’s me, for good.
• If I store the hashed password with username, just like that, it is vulnerable to dictionary or rainbow table attacks. But maybe I can keep my job, for now.
• If I use SHA512, instead of MD5, as the hash function, the computational power required to crack the passwords is signaficantly different.

Solution (perhaps)

Add random salt to each individual password, and then calculate the SHA512 hash values. Remember to generate salt again, once the customer changes the password. Also, I need a cryptographically secure random function to generate salt.

In practice, use longer salt, I guess.

Ref:

Password Cracking
https://www.youtube.com/watch?v=7U-RbOKanYs

How NOT to Store Passwords!
https://www.youtube.com/watch?v=8ZtInClXe1Q

Rainbow table
https://en.wikipedia.org/wiki/Rainbow_table

Somehow I decided to reset an useless old iPad (A1395, iOS 9.3.5) which had been jailbroken. After erasing all the content and settings, I found the iPad became bricked. The situation is that if you press the Power button, a few seconds of Apple logo shows, followed by a battery status in the center of the screen. And that’s it, it just did not turn on.

Solution

You need to make sure you have charged the iPad for several hours. It helps to rule out the cases when iPad refuses to turn on with low battery. If the battery is all good, there are two ways to rescue your iPad. Try the force-restart first.

Force Restart

Hold down the Power button and the Home button at the same time for 10 seconds. You will see the Apple logo twice I guess. The second time when you see the logo, you can let go the two buttons and wait/pray for the iPad to turn on.

Factory Reset in DFU mode

• Connect your iPad to a Mac (Sorry, I did not test if you can connect iPad to a Windows, chances are you can)
• On the iPad, hold down the Power button and the Home button at the same time, yes, for 10 seconds.
• Then, release the Power button but continue to hold the Home button for another 5 seconds.
• It should be entering DFU mode now. Choose Restore the factory settings.
• Wait for the iPad to reinstall everything once again.

I know a bricked iPad is useless. But, you know what, after rescuing the old iPad, I find the iPad is still useless anyway.

All emulators in AVD failed to run after I accidentally update Android Studio to 4.2.1 on macOS Catalina (10.15.7).

You can find more debug details if you run the emulator in terminal.

1
2

emulator -list-avds
emulator -avd your_avd_name

Solution

Downgrade (sort of) amulator to 30.4.5 (build_id 7140946)
https://dl.google.com/android/repository/emulator-darwin_x64-7140946.zip

First, downlaod the zip file and unzip it.
Then, find the emulator folder under sdk folder. Replace the items inside with what you have downloaded.
Restart Android Studio (for example, go to menu File, select Invalidate Caches / Restart) and try to run the emulators again.

You will see the warnings saying something, like, these files can not be verified due to unknown developer. Remember to go to Mac System Preference, Security & Privacy, under the General tab, allow these apps to run. Eventually, everything will be fine. Good luck.

Ref:
https://issuetracker.google.com/issues/191799887
https://issuetracker.google.com/issues/191805460
https://medium.com/nerd-for-tech/how-to-downgrade-android-emulator-on-macos-6e611d2d2bcb

When this bug happens, it shows that it takes time to open the MySQL Editor, but the fact is that it will never open. So you will wait forever.

I am on MacOS Catalina and the MySQL Workbench version is 8.0.22, just in case you want to know.

Why this error happens (My guess):

You changed the password to the MySQL database user, but it somehow failed to sync the password in the keychain.

The solution:

Go to the /Applicaiton/Utilities/ to find the Keychain Access App and run it. Search and delete the password to the database user. Try search ‘MySQL’. Reopen the MySQL Workbench and you should be fine now.

Update: The typo has been fixed if you are using Dynamic web module version 5.0

When you are using the Servlet Template in Eclipse, you may encounter the error saying “The import javax.servlet cannot be resolved.”

For example, I am using Eclipse for Mac (Version 4.19.0). First, create a Dynamic Web Project, target runtime: Apache Tomcat v10.0, Dynamic web module version 4.0. And inside this project, create a new servlet file using the Create Servlet Wizard. Soon you will see the errors pop up in the servlet file you just created.

1
2
3
4
5
6
7

// BEFORE
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

How to fix it? All you have to do is changing the superclass name from javax into jakarta. Why does this happen? I think it is because, as mentioned on Wikipedia page, that from 12 Jun 2020 and on, API moved from package javax.servlet to jakarta.servlet. Let’s hope Eclipse will update the template someday in future. For the exising codes out there, I guess they are doing well.

1
2
3
4
5
6
7

// AFTER
import java.io.IOException;
import jakarta.servlet.ServletException;
import jakarta.servlet.annotation.WebServlet;
import jakarta.servlet.http.HttpServlet;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;

Of course, you can create an empty class file to build servlet from scratch, to avoid such issues. Just in case you do face the similar errors in Eclipse when coding Java, I hope the simple fix would help you.

Wikipedia page of Jakarta Servlet:
https://en.wikipedia.org/wiki/Jakarta_Servlet

Finally, I got hexo upgraded.

Simple & powerful as it is advertised.

It worked fine, I guess.

I have been thinking about to code myself a blog from scratch because the hexo blog seems out of date. The interactions between Github and Hexo are sometimes failing and I got warnings of it might not be working in some future. Maybe it’s good time to practice some front-end coding with html/css and javascript.

The coding experience on Leetcode is fantastic because you can always get instant feedback that your code is not working. Then you try again and get the feedback again that your codes fail. Back and forth serveral times until you get it.

To be honest, I like Project Euler more, because of its simplicity and the sense of art comes from the simplicity. Still, I think you need the Leetcode to practice to get a job. In this sense, it’s a wonderful website that gives you hope of the employment.

The book of Code Complete has been sitting on my book shelf for a long time. I always feel that it was a big book and the content is too much for my level. But these feelings were purely generated from the imagination because I never ever actually tried to read the book.

Until now. I began the reading. And it turns out the content makes sense to me in a lot of ways. I think it is considered as a classic book for a good reason.

It might take some time before I can finish the book, but I can say it now to anyone hesitate to read it, today is the day, just read it.

I saw something in the shell code as follows.

1

cat /dev/random > /dev/null 2>&1

Or something similar.

1

export lang="en_us.utf-8" >/dev/null 2>&1

They all have this part.

1

>/dev/null 2>&1

I did some research to find out what it means. Basically, the number 1 is standard output, the number 2 is the standard error, the char > is to redirect the flow of information, and 2>&1 means to treat the 2 the same way as the 1, and /dev/null, you know, is in the middle of nowhere.

So, to put them all together, this piece of code means that throw the standard output and standard error away as garbage. You will never see anything stdout or stderr on the screen or anywhere on disk. No, just say goodbye to them. They are gone for good.