30th

08,12

How to fabricate

No Comments » Tech Taesoo Kim

User image

Do you want to know about how to fabricate the robot parts?
We, engineers, called it ‘fabrication’, that is a sequence of making parts.

First, complete to draw a design of parts (CAD) with Autocad Invetor (or SolidWork)
Second, we have to draw CAM, which is the plan of the movements of drills (with VisualMill)

User image

Third, with the CNC code, we run a drilling machin (above, TinyCNC) with Mach2

User image

Forth, sophistcately trim the parts by hand!

Yes, these are the process of fabricating. Isn’t it simple?

21st

08,12

Story of Game Company

No Comments » Books Taesoo Kim

User image

Realistic stories of game company! This is one of the must-see books for CS majors and gamers. That is not only for fun, but also for realistic social story of programmers and planners. To tell the truth, stories about salaries are devastatingly sad, but ‘substitutes of military duty’ is fun :) I absolutely agree with that part. When I was a child, I fall into love with ‘Dolmen (고인돌)’ and ‘Three Kingdom (삼국지).’ When I was middle school student, I was also the mania of console (package) games such as ‘Genesis’ and ‘Warcraft.’ I could not tell about games without ‘Starcraft and Bloodwar.’ It is the best game until today. However, ever since I studied all aspects of ‘Computer’, game is not much fun for me. That is because I don’t have much time to play game. Spending time with playing soccer and tennis, or watching movies is much useful to relax for me after some time. I try to be far from computer when taking a rest. Anyhow reading this book is also interesting.

21st

08,12

Vulnerability of KAIST server

1 Comment » Tech Taesoo Kim

I reported a vulnerability to KAIST Security Team, and they sent an email that they corrected it.

When I was evaluating lectures that I took in this semester, I found that KAIST portal redirect the page to ‘lecture’ server. Surprisingly, it was working with Tomcat framework, but what was the problem?
Below is the address I was redirected from “http://portal.kaist.ac.kr/[blabla]“
“http://lecture.kaist.ac.kr/lecture/student/[blabla].mxml”
User image
The thing is that the most fundamental policy of the Internet is not allowable to share between different server (specifically URL) in HTTP and Javascript standpoint.
Anyhow, how the servers share the logined information (cookie) between logined portal to ‘lecture’ server? It is expected to be POST request (check the html code of the portal, I can see it has dirty information and personal security ID). It means we can find the ANY information by capturing only dummy html files between the web browser and server, so called man-in-the-middle attack.
User image
Try to understand the URL hierarchy.
Check first, ”http://lecture.kaist.ac.kr/lecture”
User image
Konglish JSP files for an administrator.
Check “”http://lecture.kaist.ac.kr”
User image
But, the most serious problem is that Tomcat/5.5.26.

If your webroot directory has three depth(e.g /usr/local/wwwroot), An
attacker can access arbitrary files as below. (Proof-of-concept)
http://www.target.com/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/foo/bar
Combining both of facts, lists of JSP files and access file vulnerability, any students can access the database. Even much seriously, that JSP files have to have ID/PASS of admin because it is file for processing evaluation-result database (or something).
When I see the vulnerability (maybe occupational disease), I want to inform this fact to the administrator.
Thus, I reported this problem to Security Team as quickly as possible, and all problems are already fixed.
What about your web server? check today otherwise hackers exploit your server for fun.

11th

08,12

Examination Week

No Comments » Life Taesoo Kim

I like (?) examination weeks (dependent & controversial).

User image

First, I can have a time to concentrate only on textbooks, if I managed my schedule properly before taking examination. And if I have course projects and due date of research projects, it will give me overwhelming amount of stress. Yes, like normal KAIST students. However, unless I could not have examination period, I could not recapitulate and organize my thought ever! because student hate reviewing process. If you think that reviewing is for dummies, don’t do that! Reviewing is the most necessary process for learners like students. Thus, taking examination by force definitely is the way to learn something.

Second, sitting more than 10 hours day, I feel like I really think ’something.’ New ideas abruptly come while studying different fields or books at least for me. Combining one’s idea (or book) to other’s idea (or problem) is essential part of me.

Anyway, I forgot to open my portfolio pages to public for graduate admission process, and mistakenly open my blog address to my MSN for about 3 hours. God, shameful (I heard it from one of my friends). I should have to make it secret until March at least.

Blocking access from KAIST address? No away!
Enjoying examination weeks!

4th

08,12

Why software sucks …

No Comments » Books Taesoo Kim

User image

Do you also agree that software sucks and thus bodering?

I definitely agree with the opinions of the author, especially for Vista. I used Ubuntu which is my desktop OS for about 3 years, but I had to move to Vista in order to use Autodesk Inventor. Since Autodesk Inventer requires heavy computing power and 3d functionality, WINE and VirtualBox come to be useless. Even though I tried to install vista upon existing Ubuntu together, it overwrote my MBR! I could restore MBR with GRUB, but it made me angry.
The worst program is the KAIST web portal,

User image

1. not authenticated (blocked by default with alert red! mark by Firefox, Crome and IE)
2. database errors in notices and articles
3. annoying activeX (where and why do we need activeX for a school’s portal?)
4. broken when accessing from any browsers except IE 6.0
5. security reasons
5-1. I can know each students and professors’s security number directly from web
5-2. I can delete and modify the article written by the authenticated users
5-3. Uncountable errors :(
However, the best program is Leopard in my opinion.

User image

1. intuitive & neat interface
2. easy to install/remove any applications
3. fast recovery from hibernate state when open/close the Air
And definitely emacs.

User image
it is hard to tell all the details of possibilities and interfaces, please use it if you want to know.

2nd

08,12

IT workers is one of the Worst jobs with the Best salary

No Comments » Life Taesoo Kim

User image

In business week story, I read an article, ‘Worst Jobs with the Best Pay’.

Surprisingly, IT is selected as one of the worst jobs.

1. Gastroenterologist ($269,500)
2. Podiatrist ($125,663)
3. Private Security Contractor in Iraq ($120,000)
4. IT Workers ($103,400)
5. Crop Duster Pilot ($53,8700)
6. Crime-scene Cleaner ($50,400)

I am lucky if others think IT, especially programing, as one of 3D (dirty, dangerous and difficult) Jobs. Programming (please, not coding) is exciting and fun enough to be involved in rest of life. At the time of being a middle school student, I firstly (lucky enough) met a computer in the education of gifted students at Kangbook University. As a kid, escaping from regular education in school and showing off my self to fellow students are the only pleasure, not studying a computer. I remembered that I learned how to write a program with C and later with C++. After about a year, I mastered (literally) the program and I am selected as an excellent student among talented student (yes, clapping?). There is a crystal clear reason why I became to be talented. There are no really gifted students in ‘education for gifted students.’ At that time, really exceptional students were studying in academia for defeating Olympiad.

However, the lucky event made me a thirsty learner. I could not help but admit that I don’t know anything except a little and only little logical pieces of disparaged knowledge. So, it is also hard to describe me as gifted or talented, but ambitious achiever. With that event that I was distinguished among gifted students, my life was filled with glory of pride, and continue to be like that.