3d page 2 - Dave's Blog

Search
My timeline on Mastodon

Tweet from David_Risney

2015 Feb 12, 12:03
Collection of mobile 3d printer robots build large structures: http://monograph.io/iaac/minibuilders … (aka the future)
PermalinkComments

Retweet of ericlaw

2015 Feb 1, 6:02
http://www.theonion.com/articles/fingerprints-on-lombardi-trophy-to-be-used-in-doze,37899/ …
PermalinkComments

Retweet of ericlaw

2015 Jan 27, 11:08
I recently got a new Authenticode cert to continue to sign my code. It wasn't hard-- you should be signing too! http://blogs.msdn.com/b/ieinternals/archive/2015/01/28/authenticode-in-2015-signcode-with-certificate-on-etoken.aspx …
PermalinkComments

ericlaw: It's not impostor syndrome if you really are an impostor, right?

2015 Jan 21, 1:05
Eric Lawrence @ericlaw :
It's not impostor syndrome if you really are an impostor, right?
PermalinkComments

ericlaw: A nice look at HTTP/2 in practice, including use of data frame padding to attempt to thwart datalength-leak attacks.

2015 Jan 15, 9:32
Eric Lawrence @ericlaw :
A nice look at HTTP/2 in practice, including use of data frame padding to attempt to thwart datalength-leak attacks. http://blog.httpwatch.com/2015/01/16/a-simple-performance-comparison-of-https-spdy-and-http2/ …
PermalinkComments

Live coding in VR with the Oculus Rift, Firefox WebVR,...

2014 Oct 6, 2:45


Live coding in VR with the Oculus Rift, Firefox WebVR, JavaScript and Three.js

“I built a live-coding web app for the Oculus Rift where you code in JavaScript using Three.js and watch the world change around you in real-time.”

PermalinkCommentsvideo programming javascript 3d vr oculus-rift technical

Quadrilateral Cowboy gameplay video “Quadrilateral Cowboy...

2014 Oct 6, 2:41


Quadrilateral Cowboy gameplay video

“Quadrilateral Cowboy is a game we’ve been watching with great interest ever since Thirty Flights Of Loving creator Brendon Chung first debuted it last year. It’s about hacking, but not via irritating minigames or jargon-your-problems-away Hollywood magic. Instead, you learn basic (albeit fictional) code and take down everything from laser grids to gun emplacements with a twitch of your fingers and a wriggle of your brain. It’s already an extremely clever game, and it’s quite empowering despite the fact that you play as someone who probably couldn’t even heft an assault rifle - let alone fire one. Basically, it’s a wonderfully novel idea - more Neuromancer than Deus Ex - but words only do it so much justice. Thus, I’ve decided to play it for your enrichment, in hopes that you will understand why Quadrilateral should be driving your radar haywire.”

PermalinkCommentsgame video-game hack computer

Netflix responds to Verizon’s cease & desist letter....

2014 Jun 10, 2:54


Netflix responds to Verizon’s cease & desist letter. Somehow I doubt that Verizon will bite on your offer to work together to increase network transparency Netflix. Nice suggestion though.

PermalinkCommentstechnical net-neutrality Verizon Netflix net

Internet Archive lets you play one of the earliest computer...

2014 Apr 28, 9:39


Internet Archive lets you play one of the earliest computer games Space War! emulated in JavaScript in the browser.

This entry covers the historical context of Space War!, and instructions for working with our in-browser emulator. The system doesn’t require installed plugins (although a more powerful machine and recent browser version is suggested).

The JSMESS emulator (a conversion of the larger MESS project) also contains a real-time portrayal of the lights and switches of a Digital PDP-1, as well as links to documentation and manuals for this $800,000 (2014 dollars) minicomputer.

PermalinkCommentscomputer-game game video-game history internet-archive

laughingsquid: I Want to Believe in RSS T-Shirt

2013 Oct 15, 9:44


laughingsquid:

I Want to Believe in RSS T-Shirt

PermalinkCommentstechnical humor rss shirt gift

solarbird: Perfect.

2013 Jul 28, 1:46


solarbird:

Perfect.

PermalinkCommentshumor glasses cosplay

URI functions in Windows Store Applications

2013 Jul 25, 1:00PermalinkCommentsc# c++ javascript technical uri windows windows-runtime windows-store

Words with Hints Windows 8 App Development Notes

2013 Jul 4, 1:00

My second completed app for the Windows Store was Words with Hints a companion to Words with Friends or other Scrabble like games that gives you *ahem* hints. You provide your tiles and optionally letters placed in a line on the board and Words with Hints gives you word options.

I wrote this the first time by building a regular expression to check against my dictionary of words which made for a slow app on the Surface. In subsequent release of the app I now spawn four web workers (one for each of the Surface's cores) each with its own fourth of my dictionary. Each fourth of the dictionary is a trie which makes it easy for me to discard whole chunks of possible combinations of Scrabble letters as I walk the tree of possibilities.

The dictionaries are large and takes a noticeable amount of time to load on the Surface. The best performing mechanism I found to load them is as JavaScript source files that simply define their portion of the dictionary on the global object and synchronously (only on the worker so not blocking the UI thread). Putting them into .js files means they take advantage of bytecode caching making them load faster. However because the data is mostly strings and not code there is a dramatic size increase when the app is installed. The total size of the four dictionary .js files is about 44Mb. The bytecode cache for the dictionary files is about double that 88Mb meaning the dictionary plus the bytecode cache is 132Mb.

To handle the bother of postMessage communication and web workers this was the first app in which I used my promise MessagePort project which I'll discuss more in the future.

This is the first app in which I used the Microsoft Ad SDK. It was difficult to find the install for the SDK and difficult to use their website, but once setup, the Ad SDK was easy to import into VS and easy to use in my app.

PermalinkCommentsdevelopment technical windows windows-store words-with-hints

wilwheaton: cameron-stewart: My contribution in full to the...

2013 Apr 4, 5:34








wilwheaton:

cameron-stewart:

My contribution in full to the #bartkira project. This was tons of fun to do.

Holy shit.

Everything’s coming up Milhouse

PermalinkCommentshumor comic art mashup simpsons akira

laughingsquid: New & Necessary Punctuation Marks

2013 Feb 25, 9:01


laughingsquid:

New & Necessary Punctuation Marks

PermalinkCommentshumor punctuation internet

thefrogman: Peanuts / Army of Darkness (Evil Dead III) tribute...

2012 Dec 27, 7:15


thefrogman:

Peanuts / Army of Darkness (Evil Dead III) tribute by Justin Hillgrove [website]

PermalinkCommentshumor peanuts army-of-darkness zombie

A Slower Speed of Light Official Trailer — MIT Game Lab (by...

2012 Nov 13, 7:41


A Slower Speed of Light Official Trailer — MIT Game Lab (by Steven Schirra)

“A Slower Speed of Light is a first-person game in which players navigate a 3D space while picking up orbs that reduce the speed of light in increments. A custom-built, open-source relativistic graphics engine allows the speed of light in the game to approach the player’s own maximum walking speed. Visual effects of special relativity gradually become apparent to the player, increasing the challenge of gameplay. These effects, rendered in realtime to vertex accuracy, include the Doppler effect; the searchlight effect; time dilation; Lorentz transformation; and the runtime effect.

A production of the MIT Game Lab.

Play now for Mac and PC! http://gamelab.mit.edu/games/a-slower-speed-of-light/

PermalinkCommentsscience game video-game mit 3d light-speed

laughingsquid: Photos: MakerBot Retail Store in Manhattan

2012 Sep 20, 2:14


laughingsquid:

Photos: MakerBot Retail Store in Manhattan

PermalinkComments3d-printer maker-bot retail

Stripe CTF - XSS, CSRF (Levels 4 & 6)

2012 Sep 10, 4:43

Level 4 and level 6 of the Stripe CTF had solutions around XSS.

Level 4

Code

> Registered Users 

    <%@registered_users.each do |user| %>
    <%last_active = user[:last_active].strftime('%H:%M:%S UTC') %>
    <%if @trusts_me.include?(user[:username]) %>

  • <%= user[:username] %>
    (password: <%= user[:password] %>, last active <%= last_active %>)
  • Issue

    The level 4 web application lets you transfer karma to another user and in doing so you are also forced to expose your password to that user. The main user page displays a list of users who have transfered karma to you along with their password. The password is not HTML encoded so we can inject HTML into that user's browser. For instance, we could create an account with the following HTML as the password which will result in XSS with that HTML:

    
    
    This HTML runs script that uses jQuery to post to the transfer URI resulting in a transfer of karma from the attacked user to the attacker user, and also the attacked user's password.

    Notes

    Code review red flags in this case included lack of encoding when using user controlled content to create HTML content, storing passwords in plain text in the database, and displaying passwords generally. By design the web app shows users passwords which is a very bad idea.

    Level 6

    Code

    
    

    ...

    def self.safe_insert(table, key_values)
    key_values.each do |key, value|
    # Just in case people try to exfiltrate
    # level07-password-holder's password
    if value.kind_of?(String) &&
    (value.include?('"') || value.include?("'"))
    raise "Value has unsafe characters"
    end
    end

    conn[table].insert(key_values)
    end

    Issue

    This web app does a much better job than the level 4 app with HTML injection. They use encoding whenever creating HTML using user controlled data, however they don't use encoding when injecting JSON data into script (see post_data initialization above). This JSON data is the last five most recent messages sent on the app so we get to inject script directly. However, the system also ensures that no strings we write contains single or double quotes so we can't get out of the string in the JSON data directly. As it turns out, HTML lets you jump out of a script block using no matter where you are in script. For instance, in the middle of a value in some JSON data we can jump out of script. But we still want to run script, so we can jump right back in. So the frame so far for the message we're going to post is the following:

    
    
    
    
PermalinkCommentscsrf encoding html internet javascript percent-encoding script security stripe-ctf technical web xss

Stripe CTF - SQL injections (Levels 0 & 3)

2012 Sep 5, 9:10

Stripe's web security CTF's level 0 and level 3 had SQL injection solutions described below.

Level 0

Code

app.get('/*', function(req, res) {
var namespace = req.param('namespace');

if (namespace) {
var query = 'SELECT * FROM secrets WHERE key LIKE ? || ".%"';
db.all(query, namespace, function(err, secrets) {

Issue

There's no input validation on the namespace parameter and it is injected into the SQL query with no encoding applied. This means you can use the '%' character as the namespace which is the wildcard character matching all secrets.

Notes

Code review red flag was using strings to query the database. Additional levels made this harder to exploit by using an API with objects to construct a query rather than strings and by running a query that only returned a single row, only ran a single command, and didn't just dump out the results of the query to the caller.

Level 3

Code

@app.route('/login', methods=['POST'])
def login():
username = flask.request.form.get('username')
password = flask.request.form.get('password')

if not username:
return "Must provide username\n"

if not password:
return "Must provide password\n"

conn = sqlite3.connect(os.path.join(data_dir, 'users.db'))
cursor = conn.cursor()

query = """SELECT id, password_hash, salt FROM users
WHERE username = '{0}' LIMIT 1""".format(username)
cursor.execute(query)

res = cursor.fetchone()
if not res:
return "There's no such user {0}!\n".format(username)
user_id, password_hash, salt = res

calculated_hash = hashlib.sha256(password + salt)
if calculated_hash.hexdigest() != password_hash:
return "That's not the password for {0}!\n".format(username)

Issue

There's little input validation on username before it is used to constrcut a SQL query. There's no encoding applied when constructing the SQL query string which is used to, given a username, produce the hashed password and the associated salt. Accordingly one can make username a part of a SQL query command which ensures the original select returns nothing and provide a new SELECT via a UNION that returns some literal values for the hash and salt. For instance the following in blue is the query template and the red is the username injected SQL code:

SELECT id, password_hash, salt FROM users WHERE username = 'doesntexist' UNION SELECT id, ('5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8') AS password_hash, ('word') AS salt FROM users WHERE username = 'bob' LIMIT 1
In the above I've supplied my own salt and hash such that my salt (word) plus my password (pass) hashed produce the hash I provided above. Accordingly, by providing the above long and interesting looking username and password as 'pass' I can login as any user.

Notes

Code review red flag is again using strings to query the database. Although this level was made more difficult by using an API that returns only a single row and by using the execute method which only runs one command. I was forced to (as a SQL noob) learn the syntax of SELECT in order to figure out UNION and how to return my own literal values.

PermalinkCommentssecurity sql sql-injection technical web-security
Older EntriesNewer Entries Creative Commons License Some rights reserved.