jm + hacks   84

Investigation finds inmates built computers and hid them in prison ceiling
Prisoners built computers from parts, hid them in the ceiling, and connected them to the administrative network. 'The Ohio Inspector General says investigators found an inmate used the computers to steal the identity of another inmate, and then submit credit card applications, and commit tax fraud. They also found inmates used the computers to create security clearance passes that gave them access to restricted areas.'
computers  prison  hacks  crime  ohio 
17 days ago by jm
That thing about pwning N26
Whitehat CCC hacker thoroughly pwns N26 bank -- there's a lot of small leaks and insecurities here. Sounds like N26 are dealing with them though
ccc  hacks  exploits  n26  banks  banking  security 
5 weeks ago by jm
a digital clock in Conway's Game of Life
I'm sure everyone has seen this amazing feat, but I wanted to make sure I had it bookmarked ;) Gliders and lightweight spaceships, apparently...
life  games  alife  conways-life  gliders  hacks  cool 
7 weeks ago by jm
Evolving MySQL Compression - Part 2 | Pinterest Engineering
generating a near-optimal external dictionary for Zlib deflate compression
compression  deflate  zlib  pinterest  hacks  mysql 
12 weeks ago by jm
Tesco Bank: 20,000 customers lose money - BBC News
"Any financial loss that results from this fraudulent activity will be borne by the bank," Mr Higgins said. "Customers are not at financial risk."


Well, that would be surprising....
tesco  banking  fraud  security  hacks  uk 
november 2016 by jm
Stealth Cell Tower
'an antagonistic GSM base station [disguised] in the form of an innocuous office printer. It brings the covert design practice of disguising cellular infrastructure as other things - like trees and lamp-posts - indoors, while mimicking technology used by police and intelligence agencies to surveil mobile phone users.'
gsm  hardware  art  privacy  surveillance  hacks  printers  mobile-phones 
november 2016 by jm
Kerbal Control Panel
A beautiful piece of faux-industrial design for a Kerbal Space Program control panel. I particularly like the "NASA-approved" three-step arm-and-execute switches
hardware  switches  gadgets  builds  ksc  kerbal  hacks 
august 2016 by jm
How the NSA snooped on encrypted Internet traffic for a decade | Ars Technica
In a revelation that shows how the National Security Agency was able to systematically spy on many Cisco Systems customers for the better part of a decade, researchers have uncovered an attack that remotely extracts decryption keys from the company's now-decommissioned line of PIX firewalls. The discovery is significant because the attack code, dubbed BenignCertain, worked on PIX versions Cisco released in 2002 and supported through 2009. Even after Cisco stopped providing PIX bug fixes in July 2009, the company continued offering limited service and support for the product for an additional four years. Unless PIX customers took special precautions, virtually all of them were vulnerable to attacks that surreptitiously eavesdropped on their VPN traffic.
nsa  hacks  exploits  pix  cisco  security 
august 2016 by jm
IMDB on automation, pt 2
Quotable: "how long can work on making a routine task more efficient before you're spending more time than you save?"
quotes  time  automation  hacks  life  imdb  productivity  efficiency 
july 2016 by jm
IMDB on automation
quotable: "I spend a lot of time on this task. I should write a program automating it!"
ifttt  quotes  automation  coding  hacks  reality 
july 2016 by jm
FullPageOS Automatically Boots Your Raspberry Pi Into a Full Page Web Kiosk Mode
set up to boot into a full-screen Chromium window on boot. This means if you’re using your Pi to power an information display, you won’t need to go through the process of disabling screen savers, editing display size, and forcing full-screen mode on your own. All you need to do is install FullPageOS on an SD card, then edit a TXT file to include your Wi-Fi network info and the URL you want it to load up.
kiosks  raspberry-pi  fullpageos  chrome  chromium  web  appliances  hacks 
june 2016 by jm
Exclusive: SWIFT bank network says aware of multiple cyber fraud incidents
"SWIFT is aware of a number of recent cyber incidents in which malicious insiders or external attackers have managed to submit SWIFT messages from financial institutions' back-offices, PCs or workstations connected to their local interface to the SWIFT network," the group warned customers on Monday in a notice seen by Reuters.


Ouch. They seem to be indicating that they're all phishing/impersonation-based attacks.
phishing  swift  banking  hacks  exploits  banks  security 
april 2016 by jm
Data Protection Mishap Leaves 55M Philippine Voters at Risk
Every registered voter in the Philippines is now susceptible to fraud and other risks after a massive data breach leaked the entire database of the Philippines’ Commission on Elections (COMELEC). While initial reports have downplayed the impact of the leak, our investigations showed a huge number of sensitive personally identifiable information (PII)–including passport information and fingerprint data–were included in the data dump. [....]

Based on our investigation, the data dumps include 1.3 million records of overseas Filipino voters, which included passport numbers and expiry dates. What is alarming is that this crucial data is just in plain text and accessible to everyone. Interestingly, we also found a whopping 15.8 million record of fingerprints and a list of people running for office since the 2010 elections.

In addition, among the data leaked were files on all candidates running on the election with the filename VOTESOBTAINED. Based on the filename, it reflects the number of votes obtained by the candidate. Currently, all VOTESOBTAINED file are set to have NULL as figure.

fingerprints  biometrics  philippines  authentication  data-dumps  security  hacks  comelec  e-voting  pii  passports  voting 
april 2016 by jm
Neutered RNG let man rig million dollar lotteries | Ars Technica
A forensic examination found that the generator had code that was installed after the machine had been audited by a security firm that directed the generator not to produce random numbers on three particular days of the year if two other conditions were met. Numbers on those days would be drawn by an algorithm that Tipton could predict [...] All six prizes linked to Tipton were drawn on either Nov. 23 or Dec. 29 between 2005 and 2011.
prng  randomness  security  hacks  exploits  lottery  us  audits  holes 
april 2016 by jm
SNES Code Injection -- Flappy Bird in Super Mario World
hand-injecting an entirely different game into Super Mario World on the SNES by exploiting buffer overflows BY HAND. this is legendary behaviour
games  hacks  exploits  buffer-overflow  snes  code-injection  amazing  flappy-bird  seth-bling  video  youtube 
march 2016 by jm
Angola’s Wikipedia Pirates Are Exposing the Problems With Digital Colonialism | Motherboard
Wikimedia and Facebook have given Angolans free access to their websites, but not to the rest of the internet. So, naturally, Angolans have started hiding pirated movies and music in Wikipedia articles and linking to them on closed Facebook groups, creating a totally free and clandestine file sharing network in a country where mobile internet data is extremely expensive.
facebook  piracy  africa  hacks  wikipedia  angola  internet 
march 2016 by jm
research!rsc: Zip Files All The Way Down
quine.zip, quine.gz, and quine.tar.gz. Here's what happens when you mail it through bad AV software: https://twitter.com/FioraAeterna/status/694655296707297281
zip  algorithms  compression  quines  fun  hacks  gzip 
february 2016 by jm
Transform your oyster travelcard with sugru!
probably totally dodgy where the Oyster rules are concerned, but still pretty damn cool
sugru  hacks  oyster  instructables  rfid  via:itc 
january 2016 by jm
One of the Largest Hacks Yet Exposes Data on Hundreds of Thousands of Kids | Motherboard
VTech got hacked, and millions of parents and 200,000 kids had their privacy breached as a result. Bottom line is summed up by this quote from one affected parent:
“Why do you need know my address, why do you need to know all this information just so I can download a couple of free books for my kid on this silly pad thing? Why did they have all this information?”


Quite. Better off simply not to have the data in the first place!
vtech  privacy  data-protection  data  hacks 
november 2015 by jm
qp tries: smaller and faster than crit-bit tries
interesting new data structure from Tony Finch. "Some simple benchmarks say qp tries have about 1/3 less memory overhead and are about 10% faster than crit-bit tries."
crit-bit  popcount  bits  bitmaps  tries  data-structures  via:fanf  qp-tries  crit-bit-tries  hacks  memory 
october 2015 by jm
Retina
a regex-based, Turing-complete programming language. It's main feature is taking some text via standard input and repeatedly applying regex operations to it (e.g. matching, splitting, and most of all replacing). Under the hood, it uses .NET's regex engine, which means that both the .NET flavour and the ECMAScript flavour are available.


Reminscent of sed(1); see http://codegolf.stackexchange.com/a/58166 for an example Retina program
retina  regexps  regexes  regular-expressions  coding  hacks  dot-net  languages 
september 2015 by jm
httpbin(1): HTTP Client Testing Service
Testing an HTTP Library can become difficult sometimes. RequestBin is fantastic for testing POST requests, but doesn't let you control the response. This exists to cover all kinds of HTTP scenarios. Additional endpoints are being considered.
http  httpbin  networking  testing  web  coding  hacks 
september 2015 by jm
background doc on the Jeep hack
"Remote Exploitation of an Unaltered Passenger Vehicle", by Dr. Charlie Miller (cmiller@openrce.org) and Chris Valasek (cvalasek@gmail.com). QNX, unauthenticated D-Bus, etc.

'Since a vehicle can scan for other vulnerable vehicles and the exploit doesn’t require any user interaction, it would be possible to write a worm. This worm would scan for vulnerable vehicles, exploit them with their payload which would scan for other vulnerable vehicles, etc. This is really interesting and scary. Please don’t do this. Please.'
jeep  hacks  exploits  d-bus  qnx  cars  safety  risks 
august 2015 by jm
danilop/runjop · GitHub
RunJOP (Run Just Once Please) is a distributed execution framework to run a command (i.e. a job) only once in a group of servers [built using AWS DynamoDB and S3].


nifty! Distributed cron is pretty easy when you've got Dynamo doing the heavy lifting.
dynamodb  cron  distributed-cron  scheduling  runjop  danilop  hacks  aws  ops 
july 2015 by jm
"Customer data is a liability, not an asset."
Great turn of phrase from Matthew Green (@matthew_d_green). Emin Gün Sirer adds some detail: "well, an asset with bounded value, and an unbounded liability"
data  privacy  data-protection  ashleymadison  hacks  security  liability 
july 2015 by jm
Revised and much faster, run your own high-end cloud gaming service on EC2!
a g2.2xlarge provides decent Windows GPU performance over the internet, at about $0.53 per hour
gaming  games  ec2  amazon  aws  cloud  windows  hacks 
july 2015 by jm
Schedule Recurring AWS Lambda Invocations With The Unreliable Town Clock (UTC)
The Unreliable Town Clock (UTC) is a new, free, public SNS Topic (Amazon Simple Notification Service) that broadcasts a “chime” message every quarter hour to all subscribers. It can send the chimes to AWS Lambda functions, SQS queues, and email addresses.

You can use the chime attributes to run your code every fifteen minutes, or only run your code once an hour (e.g., when minute == "00") or once a day (e.g., when hour == "00" and minute == "00") or any other series of intervals. You can even subscribe a function you only want to run only once at a specific time in the future: Have the function ignore all invocations until it’s after the time it wants. When it is time, it can perform its job, then unsubscribe itself from the SNS Topic.
alestic  aws  lambda  cron  time  clock  periodic-tasks  recurrence  hacks 
may 2015 by jm
Lambda: Bees with Frickin' Laser Beams
a HTTP testing tool in AWS Lambda. nice enough, but still a toy...
lambda  aws  node  javascript  hacks  http  load-testing 
may 2015 by jm
Run your own high-end cloud gaming service on EC2
Using Steam streaming and EC2 g2.2xlarge spot instances -- 'comes out to around $0.52/hr'. That's pretty compelling IMO
aws  ec2  gaming  games  graphics  spot-instances  hacks  windows  steam 
april 2015 by jm
CGA in 1024 Colors - a New Mode: the Illustrated Guide
awesome hackery. brings me back to my C=64 demo days
pc  cga  graphics  hacks  art  1024-colours 
april 2015 by jm
Yelp Product & Engineering Blog | True Zero Downtime HAProxy Reloads
Using tc and qdisc to delay SYNs while haproxy restarts. Definitely feels like on-host NAT between 2 haproxy processes would be cleaner and easier though!
linux  networking  hacks  yelp  haproxy  uptime  reliability  tcp  tc  qdisc  ops 
april 2015 by jm
Subscribing AWS Lambda Function To SNS Topic With aws-cli
how to use the AWS command line tools to do this
aws  aws-cli  cli  lambda  sns  hacks 
april 2015 by jm
AWS Lambda Event-Driven Architecture With Amazon SNS
Any message posted to an SNS topic can trigger the execution of custom code you have written, but you don’t have to maintain any infrastructure to keep that code available to listen for those events and you don’t have to pay for any infrastructure when the code is not being run. This is, in my opinion, the first time that Amazon can truly say that AWS Lambda is event-driven, as we now have a central, independent, event management system (SNS) where any authorized entity can trigger the event (post a message to a topic) and any authorized AWS Lambda function can listen for the event, and neither has to know about the other.
aws  ec2  lambda  sns  events  cep  event-processing  coding  cloud  hacks  eric-hammond 
april 2015 by jm
How I doubled my Internet speed with OpenWRT
File under "silly network hacks":
Comcast has an initiative called Xfinity WiFi. When you rent a cable modem/router combo from Comcast (as one of my nearby neighbors apparently does), in addition to broadcasting your own WiFi network, it is kind enough to also broadcast “xfinitywifi,” a second “hotspot” network metered separately from your own.


By using his Buffalo WZR-HP-AG300H router's extra radio, he can load-balance across both his own paid-for connection, and the XFinity WiFi free one. ;)
comcast  diy  networking  openwrt  routing  home-network  hacks  xfinity-wifi  buffalo 
march 2015 by jm
AllCrypt hacked, via PHP, Wordpress, and the marketing director's email
critical flaw: gaining access to the MySQL db let the attacker manipulate account balances. oh dear
security  fail  allcrypt  hacks  wordpress  php 
march 2015 by jm
Javascript Acid Machine
a 303 and an 808 (correction: apparently more like a 909) in your browser. this is deadly
acid  303  music  javascript  hacks  via:hn  techno 
march 2015 by jm
Hack workaround to get JVM thread priorities working on Linux
As used in Cassandra ( http://grokbase.com/t/hbase/dev/13bf9kezes/about-xx-threadprioritypolicy-42 )!
if you just set the "ThreadPriorityPolicy" to something else than the legal values 0 or 1, [...] a slight logic bug in Sun's JVM code kicks in, and thus sets the policy to be as if running with root - thus you get exactly what one desire. The operating system, Linux, won't allow priorities to be heightened above "Normal" (negative nice value), and thus just ignores those requests (setting it to normal instead, nice value 0) - but it lets through the requests to set it lower (setting the nice value to some positive value).
cassandra  thread-priorities  threads  java  jvm  linux  nice  hacks 
january 2015 by jm
A Virtual Machine in Excel
'Ádám was trying his hand at a problem in Excel, but the official rules prohibit the use of Excel macros. In a daze, he came up with one of the most clever uses of Excel: building an assembly interpreter with the most popular spreadsheet program. This is a virtual Harvard architecture machine without writable RAM; the stack is only lots and lots of IFs.'
vms  excel  hacks  spreadsheets  coding 
december 2014 by jm
Stupid Projects From The Stupid Hackathon
Amazing.
iPad On A Face by Cheryl Wu is a telepresence robot, except it’s a human with an iPad on his or her face.
funny  hacking  stupid  hackathons  ipad-on-a-face  telepresence  hacks  via:hn 
november 2014 by jm
Russell91/sshrc
'bring your .bashrc, .vimrc, etc. with you when you ssh'. A really nice implementation of this idea (much nicer than my own version!)
hacks  productivity  ssh  remote  shell  sh  bash  via:johnke  home-directory  unix 
september 2014 by jm
Apple: Untrustable
Today, Apple announced their “Most Personal Device Ever”. They also announced Apple Pay (the only mentions of “security” and “privacy” in today’s event), and are rolling out health tracking and home automation in iOS 8.

Given their feckless track record [with cloud-service security], would you really trust Apple with (even more of) your digital life?
icloud  apple  fail  security  hacks  privacy 
september 2014 by jm
inotify one-liner hack
install inotify-tools, then: 'while true do inotifywait -r -e modify -e create -e close . ./run.sh done' #opscookie
inotify  al-tobey  one-liners  unix  hacks  opscookie  twitter 
august 2014 by jm
Nanex: "The stock market is rigged" [by HFTs]
All this evidence points to one inescapable conclusion: the order cancellations and trade executions just before, and during the trader's order were not a coincidence. This is premeditated, programmed theft, plain and simple. Michael Lewis probably said it best when he told 60 Minutes that the stock market is rigged.


Nanex have had enough, basically. Mad stuff.
hft  stocks  finance  market  trading  nanex  60-minutes  michael-lewis  scams  sec  regulation  low-latency  exploits  hacks 
july 2014 by jm
Calendar Hacks
Some great tips on managing a busy calendar, from Etsy's managers. Block out time; refuse double-booked meetings by default; rely on apps; office hours. Thankfully I have a pretty slim calendar these days, but bookmarking for future use...
calendar  etsy  via:kellan  google  google-calendar  office-hours  life-hacks  hacks  tips  managing  managers  scheduling 
july 2014 by jm
Xfennec/cv
'This tool can be described as a Tiny Dirty Linux Only C command that looks for coreutils basic commands (cp, mv, dd, tar, gzip/gunzip, cat, ...) currently running on your system and displays the percentage of copied data. It can now also display an estimated throughput (using -w flag).'
coreutils  via:pixelbeat  linux  ops  hacks  procfs  dataviz  unix 
july 2014 by jm
Stuck in the iMessage abyss? Here’s how to get your texts back
some potential (apocryphal) workarounds for this extremely annoying Apple bug
apple  bugs  imessage  sms  phones  mobile  android  hacks 
may 2014 by jm
S3 as a single-web-page application engine
neat hack. Pity it returns a 403 error code due to the misuse of the ErrorDocument feature though
s3  javascript  single-page  web  html  markdown  hacks 
april 2014 by jm
jmason/IPC-DirQueue
Finally got around to migrating this old CPAN module to github
cpan  github  ipc-dirqueue  perl  open-source  hacks  git  svn 
april 2014 by jm
Sugru Magnet Kit
Sugru + neodymium magnets = WANT
sugru  diy  tools  magnets  want  toget  bike  hacks  fixing 
january 2014 by jm
The Malware That Duped Target Has Been Found
a Windows 'RAM scraper' trojan known as Trojan.POSRAM, which was used to attack the Windows-based point-of-sales systems which the POS terminals are connected to. part of an operation called Kaptoxa. 'The code is based on a previous malicious tool known as BlackPOS that is believed to have been developed in 2013 in Russia, though the new variant was highly customized to prevent antivirus programs from detecting it' ... 'The tool monitors memory address spaces used by specific programs, such as payment application programs like pos.exe and PosW32.exe that process the data embossed in the magnetic strip of credit and debit cards data. The tool grabs the data from memory.' ... 'The siphoned data is stored on the system, and then every seven hours the malware checks the local time on the compromised system to see if it’s between the hours of 10 a.m. and 5 p.m. If so, it attempts to send the data over a temporary NetBIOS share to an internal host inside the compromised network so the attackers can then extract the data over an FTP ... connection.'

http://www.pcworld.com/article/2088920/target-credit-card-data-was-sent-to-server-in-russia.html says the data was then transmitted to another US-based server, and from there relayed to Russia, and notes: 'At the time of its discovery, Trojan.POSRAM “had a zero percent antivirus detection rate, which means that fully updated antivirus engines on fully patched computers could not identify the software as malicious,” iSight said.'

Massive AV fail.
kaptoxa  trojans  ram-scrapers  trojan.posram  posram  point-of-sale  security  hacks  target  credit-cards  pin  ftp  netbios  smb 
january 2014 by jm
How an emulator-fueled robot reprogrammed Super Mario World on the fly
Suffice it to say that the first minute-and-a-half or so of this [speedrun] is merely an effort to spawn a specific set of sprites into the game's Object Attribute Memory (OAM) buffer in a specific order. The TAS runner then uses a stun glitch to spawn an unused sprite into the game, which in turn causes the system to treat the sprites in that OAM buffer as raw executable code. In this case, that code has been arranged to jump to the memory location for controller data, in essence letting the user insert whatever executable program he or she wants into memory by converting the binary data for precisely ordered button presses into assembly code (interestingly, this data is entered more quickly by simulating the inputs of eight controllers plugged in through simulated multitaps on each controller port).


oh. my. god. This is utterly bananas.
games  hacking  omgwtfbbq  hacks  buffer-overrun  super-mario  snes  security 
january 2014 by jm
Branchless hex-to-decimal conversion hack
via @simonebordet, on the mechanical-sympathy list: ((c & 0x1F) + ((c >> 6) * 0x19) – 0x10)
hacks  one-liners  coding  performance  optimization  hex  conversion  numbers  ascii 
january 2014 by jm
14 Apple hacks from sugru
I like the impromptu docking station hack
apple  sugru  hacks  hardware  fixing  repair  diy 
october 2013 by jm
How an Engineer Earned 1.25 Million Air Miles By Buying Pudding
An amazing hack.

'Air Miles are awesome, they can be used to score free flights, hotel stays and if you’re really lucky, the scorn and hatred of everyone you come in contact with who has to pay full price when they travel. The king of all virtually free travelers is one David Phillips, a civil engineer who teaches at the University of California, Davis. David came to the attention of the wider media when he managed to convert about 12,150 cups of Healthy Choice chocolate pudding [costing $3000] into over a million Air Miles. Ever since, David and his entire family have been travelling the world for next to nothing.'

(via al3xandru)
via:al3xandru  hacks  cool  pudding  small-print  air-miles  free 
october 2013 by jm
Sketch of the Day – Frugal Streaming
ha, this is very clever! If you have enough volume, this is a nice estimation algorithm to compute stream quantiles in very little RAM
memory  streaming  stream-processing  clever  algorithms  hacks  streams 
september 2013 by jm
Reversing Sinclair's amazing 1974 calculator hack - half the ROM of the HP-35
Amazing reverse engineering.
In a hotel room in Texas, Clive Sinclair had a big problem. He wanted to sell a cheap scientific calculator that would grab the market from expensive calculators such as the popular HP-35. Hewlett-Packard had taken two years, 20 engineers, and a million dollars to design the HP-35, which used 5 complex chips and sold for $395. Sinclair's partnership with calculator manufacturer Bowmar had gone nowhere. Now Texas Instruments offered him an inexpensive calculator chip that could barely do four-function math. Could he use this chip to build a $100 scientific calculator?
Texas Instruments' engineers said this was impossible - their chip only had 3 storage registers, no subroutine calls, and no storage for constants such as π. The ROM storage in the calculator held only 320 instructions, just enough for basic arithmetic. How could they possibly squeeze any scientific functions into this chip?

Fortunately Clive Sinclair, head of Sinclair Radionics, had a secret weapon - programming whiz and math PhD Nigel Searle. In a few days in Texas, they came up with new algorithms and wrote the code for the world's first single-chip scientific calculator, somehow programming sine, cosine, tangent, arcsine, arccos, arctan, log, and exponentiation into the chip. The engineers at Texas Instruments were amazed.

How did they do it? Up until now it's been a mystery. But through reverse engineering, I've determined the exact algorithms and implemented a simulator that runs the calculator's actual code. The reverse-engineered code along with my detailed comments is in the window below.
reversing  reverse-engineering  history  calculators  sinclair  ti  hp  chips  silicon  hacks 
august 2013 by jm
How to avoid crappy ISP caches when viewing YouTube video
Must give this a try when I get home -- I frequently have latency problems watching YT on my UPC connection, and I bet they have a crappily-managed, overloaded cache box on their network.
streaming  youtube  caching  isps  caches  firewalls  iptables  hacks  video  networking 
august 2013 by jm
gnuplot's dumb terminal
Turns out gnuplot has a pretty readable ASCII terminal rendering mode; combined with 'watch' it makes for a nifty graphing one-liner
gnuplot  plotting  charts  graphs  cli  command-line  unix  gnu  hacks  dataviz  visualization  ascii 
june 2013 by jm
Instant artist statement: Arty Bollocks Generator
'My work explores the relationship between the body and vegetarian ethics.
With influences as diverse as Munch and Francis Bacon, new synergies are created from both orderly and random narratives.
Ever since I was a postgraduate I have been fascinated by the essential unreality of the moment. What starts out as undefined soon becomes corroded into a hegemony of greed, leaving only a sense of failing and the chance of a new order.
As temporal replicas become transformed through diligent and undefined practice, the viewer is left with an impression of the darkness of our culture.'
funny  humor  art  arty  bollocks  generator  hacks  via:leroideplywood 
may 2013 by jm
Archiving Gmail to Evernote
Google Drive and GMail have a built-in scripting engine. I had no idea
gmail  evernote  archival  scripting  coding  hacks  google-drive 
april 2013 by jm
joshua's blog: overclocking the lecture
Joshua's old tip on watching videos at 2x speed using Perian
quicktime  video  hacks  mac  speed  lectures  presentations  learning 
april 2013 by jm
Peek and poke in the age of Linux
Neat demo of using ptrace to inject into a running process, just like the good old days ;)
Some time ago I ran into a production issue where the init process (upstart) stopped behaving properly. Specifically, instead of spawning new processes, it deadlocked in a transitional state. [...] What’s worse, upstart doesn’t allow forcing a state transition and trying to manually create and send DBus events didn’t help either. That meant the sane options we were left with were:
restart the host (not desirable at all in that scenario);
start the process manually and hope auto-respawn will not be needed.
Of course there are also some insane options. Why not cheat like in the old times and just PEEK and POKE the process in the right places? The solution used at the time involved a very ugly script driving gdb which probably summoned satan in some edge cases. But edge cases were not hit and majority of hosts recovered without issues.
debugging  memory  linux  upstart  peek  poke  ptrace  gdb  processes  hacks 
march 2013 by jm
Making Really Executable Jars
Who knew? you can make a runnable JAR file!
There has long been a hack known in some circles, but not widely known, to make jars really executable, in the chmod +x sense. The hack takes advantage of the fact that jar files are zip files, and zip files allow arbitrary cruft to be prepended to the zip file itself (this is how self-extracting zip files work).
jars  via:netflix  shell  java  executable  chmod  zip  hacks  command-line  cli 
march 2013 by jm
How did I do the Starwars Traceroute?
It is accomplished using many vrfs on 2 Cisco 1841s. For those less technical, VRFs are essentially private routing tables similar to a VPN. When a packet destined to 216.81.59.173 (AKA obiwan.scrye.net) hits my main gateway, I forward it onto the first VRF on the "ASIDE" router on 206.214.254.1. That router then has a specific route for 216.81.59.173 to 206.214.254.6, which resides on a different VRF on the "BSIDE" router. It then has a similar set up which points it at 206.214.254.9 which lives in another VPN on "ASIDE" router. All packets are returned using a default route pointing at the global routing table. This was by design so the packets TTL expiration did not have to return fully through the VRF Maze. I am a consultant to Epik Networks who let me use the Reverse DNS for an unused /24, and I used PowerDNS to update all of the entries through mysql. This took about 30 minutes to figure out how to do it, and about 90 minutes to implement.
vrfs  routing  networking  hacks  star-wars  traceroute  rdns  ip 
february 2013 by jm
FF Chartwell
OpenType font to display charts/graphs using ligatures. 'Designed by Travis Kochel, FF Chartwell is a typeface for creating simple graphs. Driven by the frustration of creating graphs within design applications and inspired by typefaces such as FF Beowolf and FF PicLig, Travis saw an opportunity to take advantage of OpenType technology to simplify the process. Using OpenType ligatures, strings of numbers are automatically transformed into charts. The data remains in a text box, allowing for easy updates and styling. It’s really easy to use; you just type a simple series of numbers like: ‘10+13+37+40’, turn on Stylistic Alternates or Stylistic Set 1 and a graph is automatically created.' (via Simon)
ligatures  via:sboyle  fonts  hacks  charts  dataviz  ui 
may 2012 by jm
JS1k, 1k demo submission
a speech synthesizer in 1 KB of javascript. truly awesome, nice work by @p01
js1k  javascript  demos  speech  hacks  coding 
march 2012 by jm
Javascript PC Emulator
truly incredible -- quite fast (about 386 speeds) under Chrome, even! from the HN comments: 'I just forkbombed my browser. Nothing is sacred anymore.' more comments at http://news.ycombinator.com/item?id=2555349
browser  javascript  linux  emulation  fabrice-bellard  hacks  amazing  cool  google-chrome  x86 
may 2011 by jm
Copying block devices between machines
a very hairy hack to perform a block-level rsync-like "send just the changes" algorithm between two very large files (think /dev/sda block devices).  Crazy, but it'd work alright!
devices  hairy  hacks  shell  perl  networking  ssh  rsync  lvm  snapshots  from delicious
march 2011 by jm
Wired: how a Toronto statistician cracked the state lottery
'The tic-tac-toe lottery was seriously flawed. It took a few hours of studying his tickets and some statistical sleuthing, but he discovered a defect in the game: The visible numbers turned out to reveal essential information about the digits hidden under the latex coating. Nothing needed to be scratched off—the ticket could be cracked if you knew the secret code.'
toronto  hacks  money  statistics  probability  wired  tic-tac-toe  singleton  from delicious
february 2011 by jm
gist: 782263 - How to redirect a running process' output to a file and logout
a nifty gdb hack; essentially dup()s a couple of files in /tmp in place of fd 1 and 2, then uses the bashism "detach" to nohup the running process
gdb  hacks  linux  process  shell  unix  via:hn  nifty  dup  detach  bash  from delicious
january 2011 by jm
Why did annon attack the FG website? : ireland
all signs point to 'they didn't.'  also, interesting comment in the Reddit thread: 'From a source close to the situation; the forms [on the FG site] were not being sanitised [against SQL injection attacks] at all.'  incredibly amateurish, if true
reddit  anonymous  4chan  hacks  fine-gael  fghack  ireland  politics  security  sql  exploits  from delicious
january 2011 by jm
27C3: Console Hacking 2010
great preso on the PS3 hack from the fail0verflow team. love the LaTeX "science bit". Sony's epic fail: non-random "random" key data
ps3  hacks  console  crypto  hypervisor  security  ccc  fail0verflow  from delicious
december 2010 by jm
/~colmmacc/ » Prime and Proper
algorithm to perform set membership tests on enumerated sets quickly and memory-efficiently, using multiplication by primes. Nice trick
hacks  colmmacc  prime-numbers  set-membership  bloom-filters  bignums  algorithms  programming  from delicious
september 2010 by jm
Cache on Delivery
Mind-boggling presentation; a load of sites are exposing memcacheds to the public internet, with no auth, and full of juicy data (samples included). iptables is hard
memcached  security  hacks  exploits  from delicious
august 2010 by jm
SoundCloud Developers Manifesto
'We recognize that only through your apps and hacks, can SoundCloud fully realize its potential as the audio platform.'
apps  hacks  soundcloud  mp3  music  hosting  files  json  rest  oauth  apis  http  from delicious
may 2010 by jm
« earlier      
per page:    204080120160

related tags

4chan  60-minutes  1024-colours  acid  africa  air-miles  al-tobey  alestic  algorithms  alife  allcrypt  amazing  amazon  android  angola  anonymous  apache  apis  apollo  apple  appliances  application-shortcuts  apps  archival  art  arty  ascii  asf  ashleymadison  audits  authentication  automation  aws  aws-cli  backlog  banking  banks  bash  bignums  bike  biometrics  bitmaps  bits  bloom-filters  bollocks  browser  buffalo  buffer-overflow  buffer-overrun  bugs  bugzilla  builds  caches  caching  calculators  calendar  cars  cassandra  ccc  cep  cga  charts  chips  chmod  chrome  chromium  cisco  clever  cli  clock  cloud  code-injection  coding  colmmacc  comcast  comelec  command-line  compression  computers  console  conversion  conways-life  cool  coreutils  cpan  credit-cards  crime  crit-bit  crit-bit-tries  cron  crypto  d-bus  danilop  data  data-dumps  data-protection  data-structures  dataviz  debugging  deflate  demos  detach  devices  distributed-cron  diy  dot-net  duct-tape  dup  dynamodb  e-voting  ec2  efficiency  emulation  eric-hammond  escaping  etsy  event-processing  events  evernote  excel  executable  exploits  fabrice-bellard  facebook  fail  fail0verflow  fghack  files  finance  fine-gael  fingerprints  firewalls  fixing  flappy-bird  flying  fonts  fraud  free  ftp  fullpageos  fun  funny  gadgets  games  gaming  gdb  generator  git  github  gliders  gmail  gnu  gnuplot  google  google-calendar  google-chrome  google-drive  google-voice  graphics  graphs  gsm  gzip  hackathons  hacking  hacks  hairy  haproxy  hardware  hex  hft  history  holes  home-directory  home-network  hosting  howto  hp  html  http  httpbin  humor  hypervisor  icloud  ifttt  imdb  imessage  inotify  instructables  internet  ip  ipad-on-a-face  ipc-dirqueue  iptables  ireland  isps  jars  java  javascript  jeep  jira  js1k  json  jvm  kaptoxa  kerbal  kernel  kiosks  ksc  lambda  languages  learning  lectures  liability  life  life-hacks  ligatures  linux  load-testing  lottery  low-latency  lvm  mac  magnets  managers  managing  markdown  market  md5  memcached  memory  michael-lewis  mobile  mobile-phones  mod  money  mp3  music  mysql  n26  nanex  netbios  networking  nice  nifty  node  nsa  numbers  oauth  office-hours  ohio  omgwtfbbq  one-liners  open-source  openwrt  ops  opscookie  optimization  osx  oyster  passports  pc  peek  performance  periodic-tasks  perl  philippines  phishing  phone  phones  php  pii  pin  pinterest  piracy  pix  plotting  point-of-sale  poke  politics  popcount  posram  presentations  prime-numbers  printers  prioritisation  prison  privacy  prng  probability  proc  process  processes  procfs  productivity  programming  progress  progress-bar  project-management  ps3  ptrace  pudding  pv  qdisc  qnx  qp-tries  quicktime  quines  quora  quotes  ram-scrapers  randomness  raspberry-pi  rdns  reality  recurrence  reddit  regexes  regexps  regular-expressions  regulation  reliability  remote  repair  rest  retina  reverse-engineering  reversing  rfid  risks  routing  rsync  runjop  s3  safety  scams  scheduling  scripting  sec  security  set-membership  seth-bling  sh  shell  silicon  sinclair  single-page  singleton  site-specific-browsers  skype  small-print  smb  sms  snapshots  snes  sns  soundcloud  space  speech  speed  spot-instances  spreadsheets  sql  ssh  star-wars  statistics  steam  stocks  stream-processing  streaming  streams  stupid  sugru  super-mario  surveillance  svn  swift  switches  sysadmin  target  tc  tcp  technical-debt  techno  telepresence  tesco  testing  thread-priorities  threads  ti  tic-tac-toe  time  tips  toget  tools  toronto  traceroute  trading  travel  tries  trojan.posram  trojans  twitter  ui  uk  unix  upgrades  upstart  uptime  us  via:al3xandru  via:fanf  via:hn  via:itc  via:johnke  via:kellan  via:leroideplywood  via:netflix  via:pixelbeat  via:rod  via:sboyle  video  visualization  vms  voids-warranty  voting  vrfs  vtech  want  web  wikipedia  windows  wired  wordpress  x86  xbox  xbox360  xfinity-wifi  xss  yelp  youtube  zip  zlib 

Copy this bookmark:



description:


tags: