wa page 14 - Dave's Blog

Search
My timeline on Mastodon

Sci-fi short stories disguised as Internet docs

2013 May 29, 2:48
The recent short story Twitter API returning results that do not respect arrow of time by Tim May written as a Twitter bug report reminded me of a few other short sci-fi stories written in the style of some sort of Internet document:
PermalinkCommentscsc fiction sci-fi Scifi time-travel twitter

Paola Antonelli: Why I brought Pac-Man to MoMA (by...

2013 May 28, 4:34


Paola Antonelli: Why I brought Pac-Man to MoMA (by TEDtalksDirector)

PermalinkCommentsvideo-game art humor ted video

SIGGRAPH 2013 : Technical Papers Preview Trailer (by...

2013 May 24, 4:46


SIGGRAPH 2013 : Technical Papers Preview Trailer (by ACMSIGGRAPH)

PermalinkCommentstechnical video cgi

laughingsquid: The Ultimate Spaceship Face-off, Interactive...

2013 May 22, 3:10


laughingsquid:

The Ultimate Spaceship Face-off, Interactive Guide For Comparing the Speeds of Famed Sci-Fi Ships

PermalinkCommentssci-fi scifi tardis doctor-who star-trek star-wars nerd

Will Arnett Explains the Origins of His Arrested Development Chicken Dance

2013 May 8, 11:26

thebluthcompany:

To decide what Gob’s bad impression of a chicken might be, Arnett consulted on set in 2003 with series executive producers Mitch Hurwitz and James Vallely. They all tried out different versions for each other. “Jimmy started doing a little bit, then Mitch got up and did some, and then I began trying things,” remembers Arnett. “Picture three grown men hopping around, working out what it would be … They were pitching this really taunting dance, but I wanted to give it this very sharp, almost roosterlike, chest-sticking-out mannerism, like a real macho bravado dance.” And how did clapping get introduced to the move? “Because I wanted it to be only sort of threatening.”

Read More | Vulture

PermalinkCommentshumor chicken chicken-dance arrested-development

wilwheaton: cameron-stewart: My contribution in full to the...

2013 Apr 4, 5:34








wilwheaton:

cameron-stewart:

My contribution in full to the #bartkira project. This was tons of fun to do.

Holy shit.

Everything’s coming up Milhouse

PermalinkCommentshumor comic art mashup simpsons akira

Super Mario World “Completed” in Under 3 Minutes by Corrupting the RAM | minimaxir

2013 Apr 3, 4:46

This is essentially an AV exploit against Super Mario World that results in running the end game code. Watch the video. “…there’s a glitch that’s been known for a while, where Yoshi can end up in the “I have an item in my mouth” state, but not actually have an item in his mouth. When he spits out this nothingness, the game crashes. …That address did not contain code, and so the system crashed. But wait a second. What if, by some sheer coincidence, that address did contain code? The specific address dropped him in somewhere amongst various data for the game’s internal random number generator, and the random number generator can be manipulated in a TAS. Could the game be coerced into running arbitrary code?…”

PermalinkCommentshumor game hack mario

laughingsquid: Everybody Wants to Kill Bruce Willis, An Action...

2013 Mar 26, 7:47


laughingsquid:

Everybody Wants to Kill Bruce Willis, An Action Movie Mashup

PermalinkCommentshumor video bruce-willis

Zelda Starring Zelda (by Kenna W) Original NES Legend of Zelda...

2013 Mar 18, 2:17


Zelda Starring Zelda (by Kenna W)

Original NES Legend of Zelda ROM modified to swap Zelda and Link: play as Zelda saving Link.

PermalinkCommentsNintendo rom hack programming Zelda legend-of-zelda

The Making of Pulp Fiction: Quentin Tarantino’s and the Cast’s Retelling | Vanity Fair

2013 Feb 28, 3:03

The first independent film to gross more than $200 million, Pulp Fiction was a shot of adrenaline to Hollywood’s heart, reviving John Travolta’s career, making stars of Samuel L. Jackson and Uma Thurman, and turning Bob and Harvey Weinstein into giants. How did Quentin Tarantino, a high-school dropout and former video-store clerk, change the face of modern cinema? Mark Seal takes the director, his producers, and his cast back in time, to 1993.

PermalinkCommentsarticle movie film interview pulp-fiction

Jeopardy! - The Exciting (And Amusing) Teen Tournament...

2013 Feb 21, 4:02


Jeopardy! - The Exciting (And Amusing) Teen Tournament Conclusion (Feb. 12, 2013) (by thechadmosher)

Leonard on Teen Jeopardy was the best.

PermalinkCommentshumor tv jeopardy

CodeHackerz (by campusmoviefest)

2013 Feb 20, 2:50


CodeHackerz (by campusmoviefest)

PermalinkCommentshumor video 1337 hackerz

John Hodgman’s Apocalypse Survival 101 (by thnkrtv)

2012 Dec 17, 9:11


John Hodgman’s Apocalypse Survival 101 (by thnkrtv)

PermalinkCommentshumor video john-hodgman apocalypse

Stripe CTF - Level 8

2012 Dec 7, 2:07
Level 8 of the Stripe CTF is a password server that returns success: true if and only if the password provided matches the password stored directly via a RESTful API and optionally indirectly via a callback URI. The solution is side channel attack like a timing attack but with ports instead of time.

(I found this in my drafts folder and had intended to post a while ago.)

Code

    def nextServerCallback(self, data):
parsed_data = json.loads(data)
# Chunk was wrong!
if not parsed_data['success']:
# Defend against timing attacks
remaining_time = self.expectedRemainingTime()
self.log_info('Going to wait %s seconds before responding' %
remaining_time)
reactor.callLater(remaining_time, self.sendResult, False)
return

self.checkNext()

Issue

The password server breaks the target password into four pieces and stores each on a different server. When a password request is sent to the main server it makes requests to the sub-servers for each part of the password request. It does this in series and if any part fails, then it stops midway through. Password requests may also be made with corresponding URI callbacks and after the server decides on the password makes an HTTP request on the provided URI callbacks saying if the password was success: true or false.
A timing attack looks at how long it took for a password to be rejected and longer times could mean a longer prefix of the password was correct allowing for a directed brute force attack. Timing attacks are prevented in this case by code on the password server that attempts to wait the same amount of time, even if the first sub-server responds with false. However, the server uses sequential outgoing port numbers shared between the requests to the sub-servers and the callback URIs. Accordingly, we can examine the port numbers on our callback URIs to direct a brute force attack.
If the password provided is totally incorrect then the password server will contact one sub-server and then your callback URI. So if you see the remote server's port number go up by two when requesting your callback URI, you know the password is totally incorrect. If by three then you know the first fourth of the password is correct and the rest is incorrect. If by four then two fourths of the password is correct. If by five then four sub-servers were contacted so you need to rely on the actual content of the callback URI request of 'success: true' or 'false' since you can't tell from the port change if the password was totally correct or not.
The trick in the real world is false positives. The port numbers are sequential over the system, so if the password server is the only thing making outgoing requests then its port numbers will also be sequential, however other things on the system can interrupt this. This means that the password server could contact three sub-servers and normally you'd see the port number increase by four, but really it could increase by four or more because of other things running on the system. To counteract this I ran in cycles: brute forcing the first fourth of the password and removing any entry that gets a two port increase and keeping all others. Eventually I could remove all but the correct first fourth of the password. And so on for the next parts of the password.
I wrote my app to brute force this in Python. This was my first time writing Python code so it is not pretty.
PermalinkCommentsbrute-force password python side-channel technical web

Windows Remote Desktop via Internet

2012 Dec 7, 2:04
To setup my home Windows dev box to be accessible from outside I followed two main steps:
Last time I had to do this there was a service named dynamicdns.org which seems to still exist but no longer appears to be free. Instead I used dnsdynamic.org which is free and has a web API as well as links to and instructions for setting up native tools to dynamically update my IP address.
PermalinkComments

The best cosplay of all time (by RayLiehm) Awesome car...

2012 Nov 14, 5:16


The best cosplay of all time (by RayLiehm)

Awesome car dealership wavy tube thingy costume.

PermalinkCommentshumor costume wavy video

A Slower Speed of Light Official Trailer — MIT Game Lab (by...

2012 Nov 13, 7:41


A Slower Speed of Light Official Trailer — MIT Game Lab (by Steven Schirra)

“A Slower Speed of Light is a first-person game in which players navigate a 3D space while picking up orbs that reduce the speed of light in increments. A custom-built, open-source relativistic graphics engine allows the speed of light in the game to approach the player’s own maximum walking speed. Visual effects of special relativity gradually become apparent to the player, increasing the challenge of gameplay. These effects, rendered in realtime to vertex accuracy, include the Doppler effect; the searchlight effect; time dilation; Lorentz transformation; and the runtime effect.

A production of the MIT Game Lab.

Play now for Mac and PC! http://gamelab.mit.edu/games/a-slower-speed-of-light/

PermalinkCommentsscience game video-game mit 3d light-speed

(via Comedy: Great Job, Internet!: Here’s Patton...

2012 Oct 31, 6:47


(via Comedy: Great Job, Internet!: Here’s Patton Oswalt’s Halloween costume)

PermalinkCommentsadam-savage patton-oswalt spider-man Halloween

“Jon Hamm And Adam Scott’s ‘greatest Event In Tv History’...

2012 Oct 12, 8:41


Jon Hamm And Adam Scott’s ‘greatest Event In Tv History’ Was A Tribute To A Forgotten ’80s Classic
If you know more about Simon and Simon than its intro and general premise, you’re better at TV than I am. If you’ve never heard of Simon and Simon, you’re the BEST at TV because, honestly, Simon & Simon — a CBS series about two mismatched brothers who ran a private detective service; it ran for eight seasons — wasn’t good.

Source: Uproxx

PermalinkCommentshumor jon-hamm adam-scott video

Why aren’t my kids hyper after binging on sugar?

2012 Oct 1, 8:23

“A particularly troublesome finding was that for some children, if they were told that sugar would make them hyper, then they actually would become hyper after thinking that they had eaten sugar.”

PermalinkCommentsscience sugar parent
Older EntriesNewer Entries Creative Commons License Some rights reserved.