How To: Stackoverflow in Javascript

by Matei Oprea

What’s a stackoverflow, anyway?

Well, stackoverflow occurs when a program attempts to use more memory than is available on the call stack. Every program has a limited amount of memory that it can use (seems pretty fair, right?).

I worked for a year and a half with Javascript / DOM Modifications at OKAPI. Thinking of 2-3 methods for overflowing the stack in javascript will be easy :). Hehe.

If you declare a function in global scope this may hurt you a little bit. Let’s say you’re working on a function called “open”, which will open the door to your site (jk – another url).

var open = function(url) {

window.open(url);

//We do log this :)

console.log("Yay! I opened the url");

}

Great. You’re a great developer. Ok, you’re not. If you later decide to use window.open() native function, you’re gonna have a bad time. Why? Because a function defined in the global scope can be called in two ways (let’s write a function which will console log a message):

var dummyFn = function () {

console.log("You are awesome");

}

Calling the function:

1.

dummyFn();

2.

window.dummyFn();

I think that you understand right now that we created a circular reference, right? This will result in a stackoverflow which will kill your browser (use it on your own risk).

Uncaught RangeError: Maximum call stack size exceeded

We can create a stackoverflow by calling a function inside her body, too:

var foo = function() {

foo();

}

Calling

foo()

right now will result in a stackoverflow. But how about a large codebase, when two functions call each other:

var first = function () {

second();

};

var second = function () {

first();

}

first();

Well, it’s pretty obvious that this will result in a stackoverflow too. Hopefully the browser will stop the execution of your code and display an error. You can always use try-catch statement to catch this type of errors.

Moving your assets to a CDN in a Rails app

By Andrei Lescenco

Configs

In your environment config file ( config/environment/production.rb )

 config.assets.compile = false

 config.assets.digest  = true

 config.assets.debug   = false

 config.asset_host     = 'https://cdn.host.example'

Capistrano Tasks

You must create a task that precompiles all the assets on your local machine and uploads the assets to a CDN. This depends on what CDN service you are using so I'm not going to cover this part, In our case deploy:assets:push will do this.

Also you need to copy the manifest file (public/assets/manifest-*.json) generated by the precompile process to your rails server, if there is no manifest file present on the rails server it will omit the digest hash in your assets url.

namespace :deploy do

 namespace :assets do

   desc 'Precompile assets'

   task :precompile, :roles => :web, :except => { :no_release => true } do

     %x{rm -rf public/assets}

     %x{RAILS_ENV=#{rails_env} bundle exec rake assets:precompile}

   end

   desc 'Push assets to Azure CDN'

   task :push, :roles => :app do

     %x{bundle exec rake assets:deploy['#{rails_env}','force']}

   end

   desc 'copy manifest file to server'

   task :copy_manifest, :roles => :app do

     run "mkdir -p #{current_path}/public/assets"

     %x{scp -P #{fetch(:port)} public/assets/manifest*.json #{user}@#{hostname}:#{current_path}/public/assets/}

   end

 end

end

before 'deploy:restart', 'deploy:assets:precompile'

before 'deploy:restart', 'deploy:assets:push'

before 'deploy:restart', 'deploy:assets:copy_manifest'

CSS/SCSS

Convert all your scss files that use asset-url/asset-path (sprockets sass functions ) to scss.erb

and change asset-url('') to url(<%= asset_url '' %>)

In my case I needed to override the asset_url method because the assets prefix was missing from the url.

I've created a config/initializers/asset_url.rb.

Rails.application.assets.context_class.class_eval do

 def asset_url(path, options = {})

   begin

     asset = Rails.application.assets.find_asset(path)

     super("#{ActionView::Base.assets_prefix}/#{asset.digest_path}")

   rescue

     super("#{ActionView::Base.assets_prefix}/#{path}")

   end

 end

end

Interesting article about QA from Paul Burt.

How DoS attack works

Due to latest attacks on Github I decided to write an article about how an DoS (Denial of Service) attack works. But first, we need to know what DoS is. When I was younger and I was surfing on the mIRC some channels begun having some serious overflow of messages. First, I didn't know what this is but then I found out that the act is called flooding. Basically, you couldn't write anything on the channel because this bots were writing messages faster than you can read. Well, this, pretty much, sums up how an DoS attack works. But, of course, on the internet things are pretty different. DoS means that you make a machine or a network unavailable to its users. For example, you can have DoS buffer overflow (in any language where the developer has responsibility for memory allocation). Or you can have a DoS by storing too much data in user session. But let's concentrate on classic DoS attack: The SYN flood attack. The SYN flood attack it's a type of DoS where you send too many SYN packets to the server that stack up in the server's buffer queue leading to server crash or hang of the server machine. The server will stop responding to legitimate users which will result in a DoS type attack. I wrote a small program in C which can cause this type of DoS attack. I won't be posting the source code (guess why), but I will show you some wireshark printscreens with the packages and explaining that to you (at least you will get something). I will be using the okapistudio.com server to demonstrate this (Don't worry, this won't cause any trouble to the server. Most servers are now using firewalls or are immune to this kind of attack. This is just for testing purposes).

[matei@localhost okapi]$ ping okapistudio.com PING okapistudio.com (70.32.110.64) 56(84) bytes of data.

Now we know the server's ip address: 70.32.110.64. We will set the sin.sin_addr.s_addr to correspond with our IP address, compile the program and ... run it, of course.

[matei@localhost okapi]$ sudo ./demo  Packet Sent to 70.32.110.64

Ok, so we now sent the first SYN package. Let's se how it looks in wireshark.

Success. But this is not what you came here for. Let's see some action, then. Putting the send() function in an while(1) will do the job.

This is how wireshark looks now:

This is how you send 194000 packets in just 10 seconds. The server is immune to this type of attack so it won't be affecting it. Let's see some of the source code:

iph->saddr = inet_addr ( source_ip ); //this one will spoof the source address iph->daddr = sin.sin_addr.s_addr; // here, we are setting the destination address

setsockopt (s, IPPROTO_IP, IP_HDRINCL, val, sizeof (int)) // we tell the kernel that the headers are included

while (1) {

sendto (source, buffer_containing_headers_and_data, length_of_buffer, 0, socket_address )

}

So, how do you overcome a DoS attack? You use firewalls. You use latest software available and some protection like CloudFlare. Next time, I'll demonstrate how does an DDoS attack works.

by Matei Oprea

Okapis at lunch

Prophets Agency presents "ID13": the trends in Interactive Design for 2013. Third year in a row, after the ID11 and ID12 trends.

To many Web developers, being good at CSS means you can take a visual mock-up and replicate it perfectly in code. You don't use tables, and you pride yourself on using as few images as possible. If...

Get to know the Okapi team!...maybe a little too well? :)

Collecting data doesn’t have to be limited to areas of important scientific study and research. Why not use it for fun, to see the daily habits of our team?

  Our lovely designer Iulia took mundane data and packaged it into a gorgeous minimalist visualization that describes our team's activities for one month. You'll see that we are the typical creative, Skype and Email addicted, coffee drinkers you'd expect! 

  Check it out: http://okapiworks.com/infographic/

OkapiStudio, beer sponsor of TheNextWeb Startup Awards Romania

The Next Web, now in its 7th year online, is one of the world’s most influential technology news sites, with more than 7.2 million monthly visits and 9.5 million monthly page views. 

The Next Web is now organizing the Startup Awards in 12 countries in Europe. The online campaign that will reveal the hottest startups, entrepreneurs and best investors in each country ends with a friendly meetup.

Romania is part of this too, and the local meetup will be held on 5 February 2013 in Club Mojo, Bucharest. Check it out: http://thenextweb.com/startupawards/romania/meetup. We're happy to see Romania increasing its presence in the world-wide startup scene. 

Always supporting innovation and startups, we (= the multidisciplinary creative agency OkapiStudio) offered to be a beer sponsor for the event, so the first drinks are on us. See you there!

The Internet of Things - directions and approaches

According to some early 2012 statistics 51% of the Internet traffic is non-human, yes, this year we've been outnumbered by the "machines". Web crawlers, APIs and other scripts access and use the Internet daily same like use: to get information or to post data. Some of this non-human traffic is not even made by personal computers or servers but rather by internet enabled devices. The concept of The Internet of Things is rather new but devices have been using the internet for some time until now when they are starting to communicate between them as well using our dear communication platform.

This concept will provide us with smarter devices capable of using the network to complete their tasks and make our lives easier. The notion of a device accessing the Internet is not new and not so spectacular but the approach of getting it to the masses and at prices so low it could be integrated in any device it sure is. We foresee two different approaches that take shape right now: one is the public version of easy setup and limited functionality brilliantly illustrated by https://cosm.com the polished and revamped Pachube service that gathered sensor data from across the globe and another closed secured version available for the high end or highly specific client that needs a turnkey solution for a set of Internet enabled devices.

From self driving cars to fridges that recommend recipes based on what food you have in it, the future sure looks to contain a lot of Internet of things related devices and we are here to build it and stepping up our game to be ready to deliver custom tailored solutions based on the clients needs.

Our friends at Inventeaza.ro are planning a series of workshops and hackatons for exploring the possibilities of the idea and basic applications to better grasp the concept. Stay tuned for more about this subject.

We are surely living exciting times with endless possibilities!

OkapiStudio is proud to work with Stanford University, considered to be the leading research institution in the United States. Stanford kids are not only smart; they also have top tier athletic abilities. As we were creating the new iStanford app to help students around campus, Stanford's world-class athletes were dominating this year's Olympic Games. We thought it would be cool to visualize this, so we put our designers to work to create the following info-graphic. Stanford University is truly one of a kind! See the full size info-graphic here.

Taking A Team’s Temperature - a really cool article on 99u.

Learn English with Ricky Gervais