posted Mar 31, 2014, 9:03 AM by Sami Lehtinen
updated Mar 31, 2014, 9:03 AM
- During the week I just made my first SQL Injection Attack Exploit against live
production system, and it worked just beautifully. It's horrible how
common these serious flaws are. Of course I have known about SQL Injections for ages, and used even similar methods to exploit IRC scripts over 20 years ago. But this was the first time I had time to play for a while with probably exploitable system and I were successful. I were able to fetch user names and passwords from the site. Also see, OWASP SQL Injection documentation. And very classical XKCD.
- Very short and compact: Server Density server monitoring tool & hosting. Reported one minor usability issue on Algolia instant search. Read API Introduction (nothing new, but great API/REST introduction for newbies) APIfication is common trend. Pricing strategies. Time-based pricing. Dynamic pricing. Why naming your Start-up right is very important. Reminded my self about SIEM. A great article: Data Analysis, The Hard Parts. Studied Routific API and benefits. Played with AppGeyser. It could be a nice way to create simple 'mobile apps' super easily. Reminded my self about current state of pandas & scikit-learn, also checked out tons of sites for small business loyalty programs like: LoyalBlocks, ContactMe, Zoho CRM, Insightly, Nimble. Checked out no free lunch theorem. Added information to Wikipedia about major Finnish loyalty programs. Read: Principles of good data analysis. Checked out CDN options Swarmify and Incapsula.
- Studied (alternate) credit card systems: UnionPay, JCB, RuPay
- Read book about successful SMB SaaS businesses what are the keys for success and post called The Defining Characteristics of Successful SMB SaaS Startups.
- Google App Engine Price Drop which was of course almost immediately followed by AWS price drop. Studied iZettle API sample code, and quickly tested Orbot Tor for Android,
- Reminded my self about Crunch Mode, and how damaging it can be to productivity in long term, how much mental energy it consumes. And what are the long term consequences, even if it feels like great productivity for a short term and if quality issues and other hassle caused are ignored.
- WPA2-PSK isn't so secure and can be craked. When weak passwords are being used. - Hellou, anyone. Are you still using weak passwords? You really shouldn't.
- Completely read and deeply thought this excellent technical post about Algolia's real-time search stack. They also power Hacker News new Real-time Search Engine
- Added to Kindle: The Profitable Side Project ebook.