I know, I didn’t want to believe it either. Any good developer knows that it’s important that you encrypt any sensitive information that you store in a database. I usually use an md5 hash or something similar. Only earlier this week did I learn that a mere md5 hash is not enough. Think about it anyone can make a hash out of any word they want. All that needs to happen is to use a dictionary attack on a system but instead of using the actual dictionary words, do an md5 on the words first, and use them. It’s so simple and I hadn’t even thought of it before.

What’s the solution? The solution is to salt your hash! I found this easy tutorial that explains why an md5 is not sufficient (but better than nothing) and how to salt your hash with one easy method: http://phpsec.org/articles/2005/password-hashing.html

A salt is a random, generated word of pre-defined length that is pre-pended onto the term that you want to hash. This adds another level of encryption. You save both the salt and the hash into your database. To authenticate, for example, you would enter in your username and password. The username would allow the system to retrieve the corresponding salt. You would then add the salt to the password entered by the user and do an md5 hash on the concatenated string. Simply compare the hashed password in the database with the hashed concatenated string. All of this can be summarzied with this short php function found in the phpsec.org article:

define('SALT_LENGTH', 9);

function generateHash($plainText, $salt = null)
{
if ($salt === null)
{
$salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH);
}
else
{
$salt = substr($salt, 0, SALT_LENGTH);
}

return $salt . sha1($salt . $plainText);
}

The only difference here is that they used an sha1 instead of an md5. If anyone has any comments on the effectiveness of a salt and hash, please let me know. Perhaps there’s an even better way to go about a secure authentication.

Last week I was introduced to GoJobby.com, a new web 2.0 style resume tracker. For all you geeks out there, you should go and try it out. Though the user interface is not intuitive at all, it uses some fun technologies. Not only can you upload your pdf version resume, but you can also create your own tag-cloud resume. Each tag can be placed in one of three tag clouds: Newbie, Skilled, Expert. My Skilled tag cloud for example, looks like this:

Agile Methods, ajax, css, Data Architect, DHTML, eclipse, Java, javascript, MySQL, SEO, SQL, UML, Use Case Maps, Web 2.0, wordpress, xhtml

The only problem with the site is the usability factor. To move a keyword from Newbie to Skilled for example, you have to click on the tag a total of 2 times and 3 times to move it to Expert. The 4th click will delete the tag from your list. I was told how to use the site. If I weren’t told, I probably would’ve gotten frustrated with the site and had given up. This tag cloud is extremely useful for head hunters and businesses looking for specific skills. Instead of going through 100 resumes and sorting them by hand, you simply filter the results based on terms in the tag clouds. Tag Clouds exist for Geek, Business, Design, and Availability. My availability tag cloud looks like this for example:

contractor, freelance, headhuntable, Looking for new job, startup, willing to move

Interesting concept don’t you think? It is definitely a “Geek Site” but that’s ok.

So I’ve been programming in CAKE PHP for about 6 months now and have really enjoyed the MVC framework. I’ve heard that Ruby on Rails is even slicker so I’m transitioning to Rails now. Last night I spend some time learning about Ruby. A friend of mine showed me Try Ruby! (in your browser) where you can learn to program Ruby directly from the browser! It was actually pretty fun and it starts you off with the very basic elements of programming. If any of you are not developers yet, but are interested in learning, this new Try Ruby! website is for you!

So far, I’m enjoying the syntax of Ruby. Most computer languages takes some getting used to. As I’ve learned Java and PHP, I”ve had to change my way of thinking to accomodate the language structure. Ruby, by contrast, accomodates the human programmer and the syntax of Ruby changes. For example, let’s say I wanted to print “Hello World!” five times in a browser, with a break after each line. In PHP, it would look like this:

for($i=0; $i<5; $i++) {
echo "Hello World!";
}

This says start with "i" equalling zero and print "Hello World to the console everytime. Add one to "i" everytime and continue the print until "i" is no longer less than 5.

Ruby, on the other hand, has much more intuitive syntax:

5.times { print “Hello World!“ }

This says exactly what is on the screen: Print “Hello World!” five times.
Not only is this an easier syntax to read and manage, it’s shorter and more concise. If anyone has some excellent online tutorials on Ruby and/or Rails, I’d be very grateful. So far, I’ve been reading Why’s Guide to Ruby. So far I’ve found it very helpful and an easy read.

Winter Semester begins. It’s my last semester!

I finally moved my blog to a real domain! I used to be located at briancorrales.wordpress.com. I hope this new domain works out for me. I’ve really enjoyed learning the Wordpress API. I was really impressed on how user-friendly it is. You really don’t have to be tech savvy to create your own blog at your own domain.

Because of its ease, I’ve noticed that many people try and make Wordpress into something that it’s not. I’ve had multiple people come to me recently saying that they’ve created a site using Wordpress that was unrelated to a blog. One was an e-commerce site and another was a social-networking site. Both of these models do not fit the blogging model. For one thing, neither models have blog posts where chronology is the most important filter. Perhaps you can get away with that kind of sort with a social-networking site, but an e-commerce site should be sorted by type of item, brand, or price.

Though you may get away with using Wordpress for many types of websites, often developers spend too much time trying to tweak the open-source to fit their specific needs. Many times these tweaks take more time than it would take to create the site from scratch, especially if you are using RAILS or a similar framework that does a lot of scaffolding.

I haven’t worked long with Wordpress, but find it a remarkable open-source program. I put my website together in about an hour. There isn’t any other way that I could’ve set up a site that fast! The learning-curve was extremely small and personally, I don’t think it looks all that bad! For small, simple sites like mine, Wordpress is a perfect solution. If you are wanting something more, you should probably find a more custom-solution than an open-source package.

Many people have wondered what has happened to our small little company over the past month or so. Granted, things haven’t been easy, but I can assure you, 42Co is here to stay. Wednesday we finally launched TagJungle! TagJungle.com is now online and fully functional. It is still in beta but you gotta try it! Search for anything you can imagine and you’ll receive blog posts rich in the content you were looking for!

For those of you new to TagJungle, TagJungle is a search engine for blogs designed to compile the blogosphere into usable information. TagJungle takes a minimalist approach to searching. Instead of receiving millions of results for “Christmas”, you’ll find at most a few hundred. But rest assured, every post you find on TagJungle will be something worth reading. I hope you try it out and lo and behold, you just may have picked up a new hobby…blogging!