Jobhunt.in – Easiest Jobsite

“redefine: EASY”

This is what my friend and I had in mind when we decided to create a job site.

To make the “Easiest Job site”. A job site which I and most probably you will use without scowling.

With a lot of reusable stuff from Skillda and 2 months of planning and development we have come out with the beta version of our job site – www.jobhunt.in. What makes it the easiest is that you don’t have much to do either as a job seeker or a recruiter.

As a job seeker, Just upload your resume on the front page or just email it to post@jobhunt.in. Thats it! No more registration or filling up pages of boxes. Our automatic analyzing system picks up the data and tags your resume.

Recruiters too don’t have to pay and register or search for hours to dig up the resumes they want. Type in your filter tags and subscribe. You start getting daily mail from the site with matching resumes.

Isn’t this EASY?

A bad workman blames his tools. What if bad tool starts blaming?

I have spent my last 4 and a half months learning how you should never execute a (software) project.

Though a big disappointment and failure, the previous project had changed my view on a lot of stuff especially processes and documentation. I had always considered micro-level documentation as an avoidable overhead and never believed in process. If you think like me, may be your opinion will change if you know my story.

A project without any proper documentation (scope, requirements, design, project plan…. the list goes on). A very aggressive deadline. Here is where I landed into the project at the end of 2 months. Was anyone scared if the client will go bad? Nobody was. Fast forward >> Client denies the scope. Squeezes in double the original requirements into the scope. You know what happened in the end? He made us work for 6 months and coolly paid for just the original 3 months.

We were screwed big time just for the lack of process and documentation. You know.. I learned it.

Setting the value for a select list

We come across a lot of instances where we need to set the values of form elements programmatically using client side script. To set the value of a select list (in case of multiple select or single select), the best way to do it is to loop through the options, checking if the value matches and then setting [option].selected = true.

For example:
//here for simplicity i am considering a single select case

function setSelectValue(selectList, val) {
for (option in selectList.options) {
if (option.value == val) {
option.selected = true;
break;
}
}
}

This piece of code will work for almost all web browsers. But not so surprisingly there is a difference in the way IE and other browsers handle the select list. In Firefox a listitem given without a specific value attribute considers the given text as the value. Though IE also gives the same result on post back, while programmatically checking the value of an option it says its undefined. So you cannot use the setSelectValue function for <li>Hello</li> in IE. To make it work for IE you have to explicitly give <li value=”Hello”>Hello</li>.

Not a big deal but it cost me half a day

Stealing Passwords had never been easier

I have already written once on how web security has taken a back seat thanks to the ever growing popularity of social networking websites. Recently I saw a trend in Orkut where people are setting their homepage to some http://meu.powerscrap.com/…. I tried one of those links and saw a replica of the person’s orkut profile over there. I even saw my pic in the friends’ list. But if I try to click on any of the links, a pop-up window comes and asks for my Orkut username and password to continue. To my surprise, all the images were directly from orkut.com and the exact ones used in Orkut.

I did a little bit of googling looking for any connection between orkut and powerscrap. But it seemed like people are using the latter as an alternative to Orkut in places where it is blocked and were all praise for powerscrap. I believe this must be a trusted site. But someone can use this technique just to snatch you off your username and password too. The sad part is that people are so desperate to network and don’t think twice when asked for username or password.

I think this now leads to the simplest form of social engineering. If you have a website and some web programming knowledge you can just walk away with thousands (at least hundreds) of usernames and passwords. You dont need content or users or even a database . You can thrive on a popular website’s user-base and just enjoy the free passwords. As my title goes password hacking had never been easier.

1. Go buy a domain. Even a free sub-domain will do .
2. Write code to pull data from Orkut or a similar website.
3. Send messages to a few giving your url and telling them the ADVANTAGE of using your website.

You are done. In a few days you might be honored for stealing passwords!!

CSS Style position:fixed and Internet Explorer

The CSS styling attribute position:fixed makes an HTML element stationary (does not move on scrolling) and absolutely positioned. If you are familiar with position:absolute, the fixed styling is quite similar except for that it remains in position even on page scroll.

Most of the modern browsers (IE7, Firefox, Opera etc.) support the fixed styling. But older versions of Internet Explorer (prior to IE 7) does not. The problem with older IE is that it completely ignores the fixed attribute and the default styling (position:relative) is applied. This can completely disrupt your page design.

Accepting the fact that IE6 still remains the most widely used web browser, we cannot ignore this issue. One way to solve this is by changing the value of position attribute to absolute (which is the closest to fixed) in case of IE older than version 7. To give the actual effect of fixed we also need to handle the scroll event or else this element will also move along with the rest of the page. In the scroll event you have to reload (hide and show) the element and you get the most closest fixed style implementation in IE.

You may download the complete working page source.

<script type="text/javascript">
/* <![CDATA[ */
   var isOldIE = false;
   function onPageLoad()	{
      if (navigator.appName.indexOf('Microsoft Internet Explorer') > -1)  {
         ver = navigator.appVersion.substr(navigator.appVersion.indexOf('MSIE ')+5,3);
         if (ver < 7) {
            document.getElementById('fixedDiv').style.position = 'absolute';
            window.onscroll = reloadFixedDiv;
         }
      }
   }

   function reloadFixedDiv()	{
      var d= document.getElementById('fixedDiv');
      d.style.display = 'none';
      d.style.display = 'block';
   }
/* ]]> */
</script>
<style type="text/css">
<!--
#fixedDiv	{
	position:fixed;
	right:0px;bottom:0px;
	height:72px;
	width:256px;
	background-color:#ABCDEF;
}
-->
</style>

and also

 <body onload="javascript:onPageLoad();">

Note: There will be a slight flickering on the element.

Javascript and Cross-browser Window focus

It is a common requirement in today’s highly interactive web applications to keep track if the browser window is currently in focus. Let me tell you one thing. If you take a look at the browser events and the very limited documentation, you might be tempted to believe that you are in safe hands. But thats not the case.

Catching the onbur and onfocus events is the most recommended way to know when a window gains or loses focus. But this does not work in all cases. The onfocus event is triggered correctly in almost all browsers. But onblur on the other hand is highly unpredictable. In Internet Explorer, every onfocus event is immediately followed by an onblur event even though the window is still in focus. On Firefox, the onblur will not be trigerred if the active element of the window is of input type.

Solution: IE has its custom events which works fine for it namely focusin and fosucout. For firefox, we need to check whether the active element has changed.

var isIE = (navigator.appName == "Microsoft Internet Explorer");
var hasFocus = true;
var active_element;

function setFocusEvents()	{
	active_element = document.activeElement;
	if (isIE)	{
		document.onfocusout = function() {	onWindowBlur();	      }
		document.onfocusin = function()	 {	onWindowFocus();     }
	}	else	{
		window.onblur = function()	  {	onWindowBlur();	         }
		window.onfocus = function()	 {	onWindowFocus();       }
	}
}

function onWindowFocus()	{
	hasFocus = true;
}

function onWindowBlur()	{
	if (active_element != document.activeElement) {
		active_element = document.activeElement;
		return;
	}
	hasFocus = false;
}

NB: I have tested mostly on IE 6+ and Firefox. So you might find my method incomplete for other browsers.

Update: This post has been updated (corrected) as per Lucent’s comment.

Social Networking and Web Security

Working on a professional networking website Skillda, I was always confronted with a question from my friends about a missing feature. In Skillda there is no option to import contacts from any of other networking sites or email account.

Almost all of us are familiar with the large number of automated invitations from the networking sites these days. Some of them even send mail repeatedly till you join the network. For doing this, these sites ask you to enter your username and password of a different website or email, then crawl through the website and get the contacts. This is exactly what concerns me. I just cannot believe how someone would entrust a third person with the username and password of their email account giving access to important documents like bank statements and other personal stuff. And that too just in exchange of the ease of importing your friends or contacts to a social networking site!!

I am wondering if the concept of web security has gone skewed over the years or is it that social networking boom is making people blind?

Python – Relative datetime formatting

I wanted a function in Python to get a relative datetime string formatting. For a given datetime object, it should be compared with the current date/time and a relative date/time format should be given as output.

For example, given a date/time lets say (July 2, 2007 7:00 pm) the output should be 7:00 pm Monday, while for October 3, 1980 6:00 am, it should give just 10/03/1980. I googled a lot, but didn’t get any code to copy. So I had to write my own. If anybody needs it from now on, you can take it from here.

#!/usr/bin/env python

import datetime

def getRelativeDateTime(date, now = None): 

    if not now:	now = datetime.now()

    diff = date.date() -­ now.date()

    if diff.days == 0:#Today

        return 'at ' + date.strftime("%I:%M %p")## at 05:45 PM

    elif diff.days == ­1:#Yesterday

        return 'at ' + date.strftime("%I:%M %p") + ' Yesterday'## at 05:45 PM Yesterday

    elif diff.days == 1:#Tomorrow

        return 'at ' + date.strftime("%I:%M %p") + ' Tomorrow'## at 05:45 PM Tomorrow

    elif diff.days < ­7:#Within one week back

        return 'at ' + date.strftime("%I:%M %p %A")## at 05:45 PM Tuesday

    else:

        return 'on ' + date.strftime("%m/%d/%Y")## on 10/03/1980

Ubuntu Feisty Fawn (7.04) and OpenOffice.org

The OpenOffice.org package (2.2.0-1ubuntu3) that comes with Ubuntu Feisty Fawn distribution has some issues especially on the document conversion front. I did not face any problem on my dektop edition installed directly from the feisty fawn dvd. But on the server edition the conversion was taking almost 20x more time. On googling it seemed to be a problem with the java compilation on the OpenOffice package from Ubuntu.

The best and easiest remedy is to uninstall your current OpenOffice.org packages completely and install the latest OpenOffice 2.2.1 from directly from www.openoffice.org. Installation is a bit tricky so I suggest you take a look at this article where the installation is described step by step.

You might have to install msttcorefonts package if you start facing issues with windows fonts once you install OpenOfiice 2.2.1.

OpenOffice as a Document Converter

Though not well known for it, OpenOffice.org can be extended as a doument conversion engine capable of conversion between almost all kind of office documents. OpenOffice.org directly doesn’t support a command-line option, but allows it to be run as a service. An open source tool JodConverter (earlier called JooConverter) provides a wrapper for the OpenOffice.org service and exposes web and command-line interaces to simply convert between the compatible office formats.

Read Full Article by Dmitry Popov at Linux.com