Massive security flaw in Facebook and why should they fix it immediately before I take your girlfriend out to dinner tonight

September 26, 2012 ·

Ok, Facebook Groups has a huge security flaw by which any group member can pretend to be anyone else in that group, and post in the group on behalf of that user. It is FATAL. I’ve reported to Facebook and I hope they should take immediate action for it.

I had disclosed it in details hoping that they will notice it and fix it quickly, and taking it down again. So if any Facebook official wants to know in details, drop me a mail to hasin_at_leevio_dot_com or better check today’s submitted bug reports with a “MASSIVE SECURITY FLAW” text inside it.

Peace.
*update: submitted this again to facebook.com via their whitehat program and someone named Alex contacted me. He asked me a few questions on how to reproduce the flaw and he said that they are looking into it.

Utopia – our new admin panel theme is ready to grab

June 27, 2012 ·

Last week, we have released a new admin panel theme from themio. This new theme, “Utopia” comes packed with lots of beautifully crafted UI elements and it is built on top of popular twitter bootstrap framework. So you will be getting all the features of twitter bootstrap plus the extras.

Check Utopia in Themeforest: Click here

Utopia comes with two themes white and dark which will suit your need in different situations. The collapsible sidebar and widgets, data tables, conversations tables, pricing tables and numbers of galleries with image effect will make it a perfect choice for the backend of your web applications

Screenshots

Dashoboard comes with a glimpse of beautifully crafted UI elements that comes with Utopia. The collapsible and
responsive
sidebar, data tables, legends, weather controls, data tables, news feed ticker and many more

Dashboard

(more…)

building a nice image gallery like pinterest/friendsheet using facebook graph api and LightBulb

March 10, 2012 ·

Pinterest has gained lots of attention lately and became popular in the photographer’s and designers community from the very beginning. And once something is popular, people copy (and sometime with improvement) their beautiful user interface ideas into their own project. Last week i’ve seen quite a traction when friendsheet was released. They allow you to browse photos from your Facebook news feed in a nice and organized way.

When we saw friendsheet last week – me and Rifat were discussing that it could be a nice demonstration if we develop a image gallery with our revolutionary project LightBulb (seriously, someday something’s gonna change the world – so keep dreaming big).

LightBulb is an extensive wrapper of Facebook Open Graph objects sitting on top of their JS SDK. You can interact unbelievably easily with graph objects using a wrapper like LightBulb without worrying too much about underlying technology and the core API itself. LightBulb is stable, easy to use, there are already lots of examples within it. Hasn’t been officially released yet but we are planning to do so in a week or two. Stay in touch.

So back to the point, our main intention was to show LightBulb’s capability of pulling FB graph objects and show them in a nice way like FriendSheet. The final output looks similar to that of Pinterest/Friendsheet and guess what, for only 10-15 lines of JS 🙂 with another couple of lines added in the stylesheet block.

Demo: http://demo.projectlightbulb.net – For download link of source code, keep reading 🙂 . If you dont see the gallery (or sometime see a little overlapping sometime) please refresh and it will work like a charm. It’s fully compatible and responsive with your mobile device.

The hovering effect is done using jQuery Adipoli Hover plugin. The stacked display is done by using jQuery Masonry plugin.

LightBulb is under active development from the developers at Leevio ( Me, Shoriful Islam Ronju and Rinku Arnob) , Rifat Nabi and M.A Hossain Tonu.

Download the Facebook Gallery using LightBulb from here (Thanks Box.net)

Shameless Promotion
If you want to outsource your Facebook application development to us, feel free to contact us here. Why? Because we know Facebook app development and their open graph objects inside out 🙂

connecting to flickr using PHP and PECL oAuth extension

March 7, 2012 ·

flickr, one of the world dominant in photo sharing service, has added support to oAuth recently. Though their old authentication system still works (marked as deprecated but not discontinued) I find it’s wise to use their oAuth system for the better future proof application development.

PHP has a nice extension to perform oAuth dance in it’s pecl repository – pecl oAuth. Here is the code to connect to flickr using this extension. The only catch I found and took me more than 30 minutes to figure out a failed attempt, is you will have to append the permission flag in it’s oAuth authorization url. Pass either one of these permission flags “read”,”write” or “delete” as “&perms=” (flickr.php, line # 20) and then the redirection will be successful. Register your Flickr application from here, you will find your consumer key and secret key in next page in the App Garden.

While creating new application in flickr app garden, point the callback url to your flickr.php – thats it.

source code of config.php
[sourcecode lang=”php”]
<?php
$oauth[‘flickr’][‘consumerkey’]="9e251c5bcc*********cac050bf50ef";
$oauth[‘flickr’][‘consumersecret’]="d1c057904945****";
$oauth[‘flickr’][‘requesttokenurl’]="http://www.flickr.com/services/oauth/request_token";
$oauth[‘flickr’][‘accesstokenurl’]="http://www.flickr.com/services/oauth/access_token";
$oauth[‘flickr’][‘authurl’]="http://www.flickr.com/services/oauth/authorize";
?>
[/sourcecode]

And here is the source code of flickr.php
[sourcecode lang=”php”]
<?php
/**
* flickr authentication script based on
* pecl oauth extension
*/
session_start();
include_once("config.php");
/*
unset($_SESSION[‘frequest_token_secret’]);
unset($_SESSION[‘faccess_oauth_token’]);
unset($_SESSION[‘faccess_oauth_token_secret’]);
*/
$oauthc = new OAuth($oauth[‘flickr’][‘consumerkey’],
$oauth[‘flickr’][‘consumersecret’],
OAUTH_SIG_METHOD_HMACSHA1,OAUTH_AUTH_TYPE_URI); //initiate
if(empty($_SESSION[‘frequest_token_secret’])) {
//get the request token and store it
$request_token_info = $oauthc->getRequestToken($oauth[‘flickr’][‘requesttokenurl’]); //get request token
$_SESSION[‘frequest_token_secret’] = $request_token_info[‘oauth_token_secret’];
header("Location: {$oauth[‘flickr’][‘authurl’]}?oauth_token=".$request_token_info[‘oauth_token’]."&perms=read");//forward user to authorize url with appropriate permission flag
}
else if(empty($_SESSION[‘faccess_oauth_token’])) {
//get the access token – dont forget to save it
$request_token_secret = $_SESSION[‘frequest_token_secret’];
$oauthc->setToken($_REQUEST[‘oauth_token’],$request_token_secret);//user allowed the app, so u
$access_token_info = $oauthc->getAccessToken($oauth[‘flickr’][‘accesstokenurl’]);
$_SESSION[‘faccess_oauth_token’]= $access_token_info[‘oauth_token’];
$_SESSION[‘faccess_oauth_token_secret’]= $access_token_info[‘oauth_token_secret’];
}
if(isset($_SESSION[‘faccess_oauth_token’])) {
//now fetch current users profile
$access_token = $_SESSION[‘faccess_oauth_token’];
$access_token_secret =$_SESSION[‘faccess_oauth_token_secret’];
$oauthc->setToken($access_token,$access_token_secret);
$data = $oauthc->fetch(‘http://api.flickr.com/services/rest/?method=flickr.test.login&api_key=ae29ce34e831937ac26483498e93f3e9&format=json’);
$response_info = $oauthc->getLastResponse();
echo "<pre>";
print_r(json_decode($response_info));
echo "</pre>";
}
?>
[/sourcecode]

You can download the complete package from here (Thanks Box.net)

Note: I have written a similar post to demonstrate connecting to twitter and linkedin via their oAuth protocol which you can find here 🙂

Surrealism, mists, lights and oh, a camera!

February 29, 2012 ·

Photography is addictive when you are into it. When you want to learn to capture the moment properly, you have to dissolve into it. Yin and Yang – your body and mind are completely lost into composition, exposure and lights.

I was busy for last couple of weeks in learning new techniques to make my compositions better. Speedlites, strobes and most of all how to make it look good 🙂 I failed, I tried again, I failed many times and I didn’t give up. So here I am going to share 5 photos I have taken recently. Enjoy!

Surrealism

This photo was taken in a software exhibition in Dhaka on their closing ceremony. There were lights, fire players and these laser beams. They were creating superb textures over smoke. Lovely!

city of lights

Have you watched the movie “City of Ember” – the old city lit with thousands of tungsten bulbs? That was a lovely movie I watched in last couple of months. The feeling was great. This picture of tungsten lights was taken in a local restaurant ta night. I had to keep shutter speed fast enough to remove the surrounding distractions, and properly capture the texture of their metal dishes.

portraits, oh portraits

Portraiture is my favorite topic, you probably already know that. This one was taken in a local tech event “phpXperts Devcon”. The hall room was big, moderately lit with ceiling chandeliers. So the speedlite with a fast lens gave a fantastic portrait. The fill light was perfect, and I just loved it!

Dark side of the Moon

You remember that apollo 11 and it’s historic manned landing on lunar surface in 1969? You sure do. Be it a hoax or not, this picture all at a sudden made me feel how a alien planet surface may look like. With ongoing constructions nearby, slightly lit floodlight, massive construction and rays coming from inside is looks similar to a sci-fi movie scene to me. And the long shadows on surface added extra appeal 🙂

Solitude

When you lost all hopes, cant trust anyone and you are all alone, the solitary expression over your face is something that hits directly to your inside. This one, the solitude, some how shows me the same thing. The depression, the careless expression is priceless.

You can check out more in my flickr stream by clicking on any of those photos. I would love to see your comment. Enjoy!

A day full of fun with people, camera and flashes

January 22, 2012 ·

A day full of fun with people, camera and flashes

I went to a friend’s wedding ceremony to cover it. Nothing makes a photographer more happy when he sees the nicely decorated stage and some open space to move back and forth. Because most Bangladeshi wedding takes place in large ballrooms rather than terrace and open spaces seen in western weddings.

As usual, I shot some light fitting during this event which is one of my all time favorite subjects to shot, people and of course the beautiful bride. Some brides are free, never talks and sits stiffly almost all the time, and some of them talks with other and that helps a lot to take some candid shots with natural expression.

I found this chandelier hanging from the roof of the stair-case and I was very happy to shot it from this angle. Lovely!

This is my co-photographer Lavlu smiling with his Nikon D5000 with a YN-560 flash mounted on it. This is a very nice flash compared to it’s price. Works like a charm. This shot was taken with a 5D mark II and Canon EF 50mm f/1.4 lens.

The smiling bride. This one is post processed using Aperture and “Big Aperture”.

Another shot of the bride, post processed using Aperture.

And finally, this one was taken at 2AM while me and Lavlu were categorizing our pictures after the wedding, I was testing my 70-200mm f/4 L and suddenly he looked upward to talk to me and I took this shot. Candids work superb for portraits, some time.

You can check out more from my flickr stream by clicking on any of these photos above.

Time to put those FUCKING captchas to an end!

January 19, 2012 ·

So, by now – you know what’s this post is all about, what will be the writing style and some of you probably consider it as NSFW! Well I dont care about that – all I care is that my eyes are burning and I am turning into a retard, I am fucking annoyed and I have been under irritating mental pressure because of those fucking text based CAPTCHAS where I have to spend couple of extremely annoying minutes to look at those gibberish texts , understand that and then input what I am seeing on the screen! Oh yeah baby, It feels like I am sitting for a VIRGINITY TEST inside one of those bloody fucking Egyptian prisons. I AM A HUMAN AND I CERTAINLY DONT WANT TO BE TORTURED TO PROVE THAT! If you are still in favor of those CRAPPY FUCKING text based CAPTCHAS, you can leave the rest of the post because I dont give a damn about your love for those eye-tearing, getting-on-the-nerve style alien things.

Well, if you really have to FUCKING test me as a HUMAN, DONT DO THAT by slicing my ribs apart to check if there is any heart. There are certainly many other ways to check if your visitors are human or bot. Record their mouse movement (and put it into a pattern), or check if mouse was really over the submit button or blah blah blah. AND IF YOU WANT A FULLPROOF military grade PREVENTION against BOTS, go fuck with your document under a 200000ft dungeon.

Alright, the reason I am writing this article is that CAPTCHAs don’t have to be so fucking annoying. You can make intuitive captcha images instead of asking your visitors to translate what the hell your great great grandfather had seen in his UFO dreams, printed in those images.

WHY not make it something like these ones, keeping the actual captcha validation flow intact. Dont change it’s working style. Keep the same style of of public private key, salts, user inputs and everything. JUST FOR GODS SAKE change those images. Ask something different. Why not you think about something like these three below – if you ask yoru users to fill in the blanks (in the input box – instead of the mind fucking gibberish and garbled craps)

ANS: liberty OR LIBERY or LiBeRtY (whatever caps)

ANS: tree

ANS: rectangle or rectangles (consider fail safe or singular/plural for more user friendliness)

Seriously, why on EARTH do I have to prove that I am a HOMO-SAPIENS by filling up these freaking awful garbled text based CAPTCHAs. Lets make it easy, unless you are planning to serve your $100000000000 secret sausage recipe thinking that an annoying old school CAPTCHA will prevent it from being stolen. Please for gods sake, help making these moments your visitors will spend on your site a little more pleasing.

If no one starts this project, I will seriously start it as a web service with a name “NFC”. You know what that means? NO – FUCKING – CAPTCHA!

Arrrrrggggghhh!!

This week in photography

January 14, 2012 ·

People, people, people – portraits, portraits and portraits. I love to shot people, close-up, happy face. I shot them in candid or while starring at me. The shot you are seeing above is taken with a Canon EOS 550D and Tamron SP AF 17-50mm f/2.8 XR LD Aspherical lens. I love this lens, not only because it’s extremely sharp but also because it’s fast. It has f value 2.8 all through and that really helps in low light situation. I fired a Speedlite 580Ex II flash bounced on the roof with a diffuser. I was close enough to make the background disappear completely behind the person in this picture.

Here is another shot I took this evening, a running toddler. Nothing is tougher than capturing a 14-18 months toddler. They move a lot 🙂

I mainly shot at night, outdoor and on the street because after my fulltime job, I get some free time during those hours. Most of the time I carry a flash with me, or at least a fast 50mm (f/1.4) with me to take shots easily. And hell yeah, I love to shot distant lights in bokeh – I love Bokeh, a lot. And light fittings are one of my primary interest to shot during night. 🙂

All the shots above were taken with Canon EOS 550d and my favorite Tamron lens, SP AF 17-50mm f/2.8 . You can check more in my Flickr stream by clicking on any of these pictures. I would love to see your comment and some
of your beautiful night shots.

Some of my favorite black and white portraits

January 12, 2012 ·

I love portraiture, to shot people with happy face. It’s one of my primary field of interest and I always try to learn how to better. Here are some of my favorite portraits in black and white taken in 2011, today 🙂

1. NHm Tanveer Hasan Khan a.k.a CodeMan

2. Himel Nag Rana a.k.a NagBaba

3. Emran Hasan a.k.a phpfour

4. Mahmud Ahsan

5. Raju Mazumder

6. Guitarist from Sacrilegious

7. Eftekhairul Islam rain

8. Stephen Forte

Some of my favorite shots taken during my trip to Nijhum Dip

January 10, 2012 ·

Nijhum Dip (Translated: Island of Silence) is a very remote island in Bangladesh, full of natural scenes, fishermen, deers and forest. This is a fantastic place to spend some time, leaving everything behind. I am attaching some photos from my last trip to Nijhum Dip.

1. Destination Anywhere