Are you looking for my non-technical blog?

This is now my technical-only blog, my non-technical blog is here.

18 December 2009

About Last Night's Twitter Hacking

This is old news now, you all know that Twitter has been hacked last night, and it's back to normal operation now.
Mashable reports that Twitter has been hacked by a group called the ‘Iranian Cyber Army’, which took over the microblogging site and added its own text; logos; and images to the site. via

In fact I wanted here to clarify some issues, as I've seen many twitter users so worried and some of them decided to change their passwords there. The point is, the so called 'Iranian Cyber Army' didn't crack twitter servers nor their database or anything, what they've done was just a DNS hijack. As you know each computer (server) on the internet is reachable via it's IP Address, and since we are too lazy to remember all those IP's, we reach servers via their Names, i.e. instead of typing we type, and DNS servers are there to translate the to for us. Now what the hackers have done was that they hijacked the DNS servers and made it translate to their own server's IP Address, and that's it. So, I believe no one was able to touch your password, and you are not supposed to be worried.

Now, let's do our non-Arabic speakers a favor and translate the banners for them.

What's written in blue there is as follows:
فإن حزب الله هم الغالبون
This is a phrase from the Holy Quraan, and it means "The party of God are the victorious ones", or "Those who belong to God are the victorious ones". By the way, the word "Party of God", is Hezbollah in Arabic, which gives the phrase another meaning, "Hezbollah are the victorious ones".
This phrase is part of an Ayah - i.e. verse - that calls people to obey God, Prophet Muhammad, and those who give money to the poor while praying - referring to Imam Ali. It then states that those who obeys them and belong to God will be victorious.
As you can see here, the whole Ayah has a special significance to the Shia, and may be that's why those Iranian Cyber Hackers decided to use it.

Now let's have a look at the phrase written in red on the green flag:
يا حسين
This is a phrase that means "Oh Hussain", or "Dear Hussain". Hussain is the grandson of Prophet Muhammad, and he is also the son of Ali. Now let's have a look at our calendars. Today is the first day of the Islamic Hijry year, and it is also the first day of the ten days of Ashura, where the Shia remember the martyrdom of Al Hussain, and most probably this is why the flag was included in the banner.

So in brief, it seems to me that the ones who hacked twitter belongs to the Iranian system, or at least sympathize with it. And they used the religious slogans mentioned above to deliver a message to the internet users worldwide via twitter that the Iranian regime are the party of God, and they shall be victorious sooner or later.

Update: Oh wait a moment, they wrote some text there, "Now Which Country is embargo list? Iran? Usa?". So my guessings were right :)

Tags: , , , ,

03 December 2009

Copied Wii Games

I am not aware of the other countries, but here in Egypt most of the games sold here are copied ones, and almost all the Wii's are modded. But sometimes some of those copied games may asks you to upgrade your Wii in order to start. And I do not recommend updating the firmware of a modded Wii.

So here you are the steps needed to make those games work without any system updates.

Use ImgBurn to copy the DVD to your computer as an ISO file. Then download WiiBrickBlocker and use it to patch the ISO image. And finally, copy the ISO file back to a new DVD using ImgBurn. Don't use any other CD/DVD Burners as they won't work, just use ImgBurn.


PS. The information provided here is for your own reference, and I am not responsible for anyone who uses this to break his countries laws, especially those copyright fanatics.

Tags: , ,

24 November 2009

The Future of Baralbait

Every now and then we see people coming out with cool startup, and we also sometimes see other people shutting their own startups down. And each time I see any of those startups being shut down I keep asking myself, why did they take such decision. Does it really cost them a lot of money, and they don't have any revenue streams to cover their expenses?

But lately, I've been haunted by the idea of shutting Baralbait down. Baralbait doesn't cost me much money at all, so it's not financial reasons that makes me think of shutting it down. Also, I hate when people keep blaming the competition, yes, we have got Four Square, Bright Kite, Google Latitude, Loopt, Yahoo Friend on Fire, Dopplr, and so many other cool services that are more attractive than Baralbait, but it's not the competition that makes me wanna quit. And for sure dumbs are the only ones who prefer to blame the market - i.e. their users.

I've started Baralbait more than a year ago. And so for we have less than 100 users. Most of them, signed up, and gave Baralbait a try for few minutesn and never logged in again. I really, don't know if I am wasting my time trying to solve a problem that doesn't exist. But still I can't say that this is the real reason for me to take such decision, because I still believe that people always face problems when they decide to go out as they have to think of a place to go, something to do, and friends to arrange the outing with. So, I can tweak and morph my service more to be a suitable solution for such problems, as apparently it doesn't help in solving those problems so far.

In fact, I am still not sure why I want to quit, but may be I want to focus on other ideas that can be more useful to people than Baralbait.

PS. I haven't taken a final decision yet. I am still thinking about it, and your feedback will sure help me decide.

09 October 2009

CherryPy Custom Authentication

You can read a better formatted version of this post here.

While working on Baralbait's API - yes, we may have an API someday, and you can sure contact us if you need to know more about it. Anyway, while developing the API, we were planning to use CherryPy Basic Authentication, in order to authenticate the API Calls.

This is how to add CherryPy Basic Authentication to one of your methods/pages:
import cherrypy

users = {"user1": "secret1", "user2": "secret2"}

def clear_text(mypass):
    return mypass
class MyServer:

    def index(self):
        return "This is a public page!" = True

    def secret(self)
        print "Logged user is:", cherrypy.request.login
        return "Awesome, you've just accessed a page that requires HTTP Basic Authentication" = True
    secret._cp_config = {'tools.basic_auth.on': True,
        'tools.basic_auth.realm': 'My Secure Server',
        'tools.basic_auth.users': users,
        'tools.basic_auth.encrypt': clear_text}
if __name__ == '__main__':


The above code means, that the page called "index", is a public page, while "secret" requires HTTP Basic Authentication, with the credentials mentioned in the "users" dictionary. For more info, Jim Hoskins has an awesome tutorial about using HTTP Basic Authentication in CherryPy, however his site is down now :(

Now, the problem with the above code, is that you can either make a certain page public or secured, but you cannot make it public and private in the same time. Ok, please be patient, let's say that you want authenticated users to see certain content when visiting our secret page, while unauthenticated users should see different content instead of being blocked. For example, we want authenticated users to see their friend's news feed, while unauthenticated users see public news.

So, here comes the beauty of CherryPy Custom tools. You can now, build your own authentication hook, and make it return a null or custom user id when an incorrect or no username or password are given, instead of totally blocking the user.

And here are the modifications needed to the above code:
import cherrypy

from cherrypy.lib import httpauth

users = {"user1": "secret1", "user2": "secret2"}

def clear_text(mypass):
    return mypass

def my_basic_auth(realm, users, encrypt=None):
    if cherrypy.lib.auth.check_auth(users, encrypt):
        print "DEBUG: Authenticated"
        print "DEBUG: Not Authenticated"
        cherrypy.request.login = "Anonymous"
class MyServer:

    def index(self):
        return "This is a public page!" = True

    def secret(self)
        if cherrypy.request.login == "Anonymous":
            return "This is another public page on our useless website."
            return "Can you keep a secret, this page is really confidential." = True
    secret._cp_config = {'tools.my_basic_auth.on': True,
        'tools.my_basic_auth.realm': 'My Secure Server',
        'tools.my_basic_auth.users': users,
        'tools.my_basic_auth.encrypt': clear_text}
if __name__ == '__main__': = cherrypy.Tool('on_start_resource', my_basic_auth)

So, we have just created a custom tool, and hooked it in the earliest hook ever, 'on_start_resource', i.e. during the request. We also created our own authentication method, 'my_basic_auth', and attached it to the tool. In our authentication method, which is almost identical to CherryPy's built in HTTP Basic Authentication method, however we do not raise any errors regardless the user is connected or not, we just set 'cherrypy.request.login' to an arbitrary user, that our application can understand later on, such as 'Anonymous'.

30 September 2009

A Big Thanks for Leah Culver's oAuth Library

I believe that one of the best things to do here on this blog, is to mention those who helped Baralbait see the light.

One of my major problems when I started creating Baralbait was that I wanted to have applications to be installed on GPS-enabled mobile phones in order to help people update their current Geo-Location on Baralbait. And the problem here was that it was not feasible to start writing different applications for the different mobile phones out there, especially that I have limited resources and mobile programming knowledge. Also Nokia charges developers if they want to interact with their GPS APIs, as they have to purchase special certificates and use them to sign their code.

Then all at a sudden, I've discover FireEagle which serves as a Location Updates hub. The service accepts location updates from different applications, and on the other hand services such as Baralbait can poll FireEagle to get a certain user's current location. So I wanted to have an oAuth library to use in order to interact with FireEagle, espcially that the oAuth protocoal was too hard for me to understand and implement myself :)

So, in brief, I've to say that if Leah's oAuth library wasn't there, no one would have been able to updated his/her location on Baralbait easily, and the service would have missed one of it's major features.

And finally, big thanks to Leah and her awesome library.

''' My Class 
class MyClass(SuperClass):
def __init__(self):

def printThanks():
print "Thank you ..."

13 September 2009

A picture is worth a thousand words

You create new places, and share your thoughts and past experiences in those places using Baralbait's micro-blogging feature or geo-wall. You can also rate those places, and give them one, two, three, four, or five stars.
But we all know that a picture is worth a thousand worlds. And that's why we have decided to give you the ability to publish pictures taken in a certain place.

After going to a certain place's page on Baralbait, you can click on the attachment button in the geo-wall section, and then you can add your picture's URL.

We currently support pictures from the following services only:

Have fun taking photos when you go out, and don't forget to share them with us.

13 July 2009

Now you can rate the places you visit.

Now, you can rate the places you visit on You can also see the average rating of a certain place based on users' rating.

20 June 2009

DemoCamp Cairo

Last Sunday, June 14th, six Egyptian projects were being presented in Cairo DemoCamp, that has been held in Cairo International Conference Center.

I wish you all were there in the DemoCamp, as it was really nice to see such group of talented people and interesting Egypt-based projects. And may be that's why I'll try here to summarize what've seen and add my comments and impressions about the projects.

Each project was given about 10 minutes for someone of the project team to present it, and then there were five more minutes for the audience to ask questions.

Exorcist (Vimov).
Exorcist is a mobile (iPhone) based game, developed by an Egyptian company based in Alexandria called Vimov.
The games is developed using Objective C, and it costed them about $ 25,000.
The presenter spent most of his 10 minutes talking about the obstacles they faced during the game development, and how it is really hard to find people here in Egypt with experience in such field, and even the project team themselves had to learn everything from scratch. They also weren't able to find good candidates for developing the game's audio and video effects and that's why they decided to outsource this part to US-based companies. And may be that's why we didn't have enough chance to see the game itself and how it is played, however I believe that even if the game itself is a little bit trivial and not very sophisticated and eye-candy it is still interesting to find people something as hard as a mobile game. Also I liked it when they said that they are trying to target the international market rather than focusing on the local market only, and such spirit makes me sure that if they didn't give in to any obstacles they may face in the future, they may end up developing more advanced and attractive games soon. And also such spirit makes me think that Exorcist and Vimov as a company may be a good target for any Venture Capitals or Angel Investors who would like to invest some money here in Egypt, especially that they do have a business model already as their game is being sold on Apple Store.

TVOSZ, is a Video Sharing website, or let's say a YouTube wanna be. The site's name is a little bit strange, but it is TV and the O, S and Z, are the first letteres of the developers names or nicknames. As I've told you, the previous project was done with the international market in their minds, while TVOSZ on the other hand is made for the local market. They believe that one of the main problems with YouTube et al. is that they allow some nudity, and religious and political ideas that are - according to the site owners point of view - not accepted by our society. That's why they decided to watch every single video being uploaded to their site, and they will decide if they are going to allow it or not. I am not sure if such point is enough for people to use their service instead of YouTube or Vimeo, however they still have some good features such as giving people the ability to download the videos on their PC's, and offereing them controls to adjust the video's contrast, and brightness. So far, they don't seem to have huge number of videos, and may be that's why they are not using any cloud hosting service such as Amazon yet. In fact. it is really promising that they have developed their player themselves, and I think they may be a good target for VC's and Seed Investors if they can be more flexible and change their autocratic way of controlling which videos to be accepted. They also need to work more on their interface, and may be find more appealing features for us to use their service instead of YouTube or Vimeo. One final point here is that they do have a business model, as they have the ability to inject ads in their videos, either a a pre-roll, post-roll, or even as a mid-roll banner in the bottom of the screen.

Smatx looked like an online forum for people interested in programming, web development, and related subjects. The problem is that the presenter didn't give us enough information about his service, and I am not able to access the site now to further understand it. But let's assume that it is a web forum for tech guys, the idea itself may not be new and some may argue that using an already-made CMS software to have a web form isn't something to be presented in DemoCamp. Ok, let's first ask ourselves, what's the point of an event like DemoCamp? AFAIK, it is meant for people to present their project and introduce them to the public as well as investors if any. Now let's have a look at something like TechCrunch, their value isn't in the blogging software they use, but it is in the content and articles their team writes. And that's why there are investors who invest money on it because they know that they are going to make money from the advertisements on the site. The same thing applies to Smatx, the idea of having a forum for tech savvys is cool, provided that the project team are going to focus on the content there and means for their users to be able to share their knowledge easier. They are going to have a multi-lingual interface, however I think they should try to also add modules for translating the content there for users to be able to share their knowledge even if they speak different languages. They should also focus on having more addons in the future, in order to make it a one-stop shop for tech savvys, such as giving users the ability to publish their code and make it available for others to edit and tweak it, they may offer a cvs hosting service or so. I am not sure what is in their minds, but I am really interested to see projects like this from very young people like the ones behind Smatx.

Ehmmm ... I think you already know this one ... so let's go to the next project on our list.

Ok, there was a break after Baralbait, and I went out to get some water, and when I tried to get back to the hall they didn't allow me to enter
till I finish the bottle of water with me. Anyway, I caught some parts of the presentation, and it was more like an introductory video to RFID and it's uses and its uses. Anyway, if you'd like, you may visit their site here to know more about their project.

I am sure, I am not the only one who was impressed by this project. Carlog is a social application for people to bye and sell cars, discuss any aspects about the different car vendors and models, and many more. People can even enter their car model and its mileage and carlog tells them the services and maintenance needed. People can also upload their maintenance log and documents for others to know the status of their car before buying it. The guys behind this project know what they are doing, and their are aware of social services and viral marketing. They are giving you the ability to log into their site using your facebook account (Facebook Connect). You can their export all your actions on the site into your facebook account. They've already contacted the car dealers and agencies here in Egypt, and they will be responsible for entering the detailed aspects of their car models. Car Agencies as well as different car models will have their own pages on the site, and people can rate them according to their experience.

WeebK, is ... ehmmm .... ok, it's a search engine. The presenter was reading from a paper and was trying to use technical jargon translated into Arabic. And to tell you the truth, I wasn't able to understand anything from his presentation. The only thing I got from it, is that Google and Yahoo are being fooled by SEO geeks and their search result aren't accurate and are redundant, so he developed new algorithms that can kick Google and Yahoo's a$$. WeebK web spiders traverse technical sites such as Microsoft and Cisco only as they want their search engine to be used by tech people.

References and Links
Finally, you may also have a look at those posts written by other people who have attended the DemoCamp too.
IRCPresident, Techno-eMedia Part1 and Part2 [Ar]
AmrSpace, DemoCamp Coverage [Ar]
TripleM, Inside DemoCamp Cairo [En]

15 April 2009

Don't Force me to Hack You

We all know that weak passwords are bad, and that's why most of the web sites add some code in their registration or sign up page to check if your password is strong enough before allowing you to create a new account there.

But for God's sake, why can't they just warn me if my password is weak and then give me the choice to change my password or leave it if I really insist to use a weak one.

The good news here is that most of the time, they do such checks in their front end, aka JavaScript.

Today one of my friends was creating a new account on StumbleUpon as he wanted to try it. But they refused to let him use his favorite password. So I used Firebug console to create a new function that returns true all the time.
function alwaysTrue(){return true; }
Then replaced their password strength checking function with my new function.
pwCheck = alwaysTrue;
And voila! They accepted my friend's password and stopped bugging us.

The point is, password policies are supposed to be there just for our reference. But people are supposed to be free to use whatever password they want. Or else, they will not be able to remember their passwords and will either choose not to use that annoying service at all, or - even worse - they may write those funky passwords down on a piece of paper or have only one passwords for all the sites and services they use.

Tags: , , , ,

11 April 2009

We Listen

We may not be the most talented developers out there, and we may not be the most creative designers. But we believe that we have one advantage that is enough to make Baralbait the most interesting service ever one day.

It's You.

We listen to your suggestions and we are dynamic.

So please give our service a try, and your feedback is really what makes us go further.

01 April 2009

Baralbait to acquire Twitter

I am really pleased to announce that Baralbait has decided to buy the de facto micro blogging company,

Many users have asked us to add micro blogging features to our platform, and almost the same number of users have asked Twitter to make their tweets location-aware. So after a one day long meeting we agreed with Twitter to purchase them and integrate their service into ours.

I'll keep you updated and more details will follow.

Finally I'd like to welcome all Twitter team members, and wish them the best of luck in Baralbait.

10 March 2009

How to Create a New Place

In this video, I'll demonstrate adding a new place, in our example the new place is the Colosseum, in Rome, Italy.

Baralbait - Create New Place from Tarek Amr on Vimeo.

Please notice that you can always make use of other sites such as Wikimapia and Wikipedia to check the places' spelling, addresses, etc.

Also make sure to add as much info as you can about the place, and if it has different spellings try to write them all.

Finally, some places have branches all over the world, and some other places are not very well known and people may not know where there are from their name, so it's always better to write their names as follows, "McDonald's Westford" instead of just "McDonald's"

03 March 2009

The Pirate Bay is DDoS'ed

It seems that my favorite Torrents Search website has been brought down by Copyrights crackers.
"A few hours ago The Pirate Bay website started to slow down, and eventually it became completely unresponsive. With the trial going on at the moment, the downtime instantly led to all kinds of rumors. However, there is nothing to worry about, the downtime is not related to the trial and people are on their way to bring the site back up", Torrent Freak.

"I just got word that "someone" is currently DDoS'ing the "". Even more interesting it may be a hijacked botnet causing the problem. More details as they come in", Cloud Computing Journal.

It's really shameful that those who claim that they are fighting illegal materials, are in fact doing fighting them using illegal methods.

Tags: , ,