GitHub is an amazing tool which holds a lot of promise for pushing open source software development forward. I say that because they make the process of forking someone else’s repository and then merging your changes (with their permission, of course) back into the master repo as simple as a few mouse clicks. I, for example, contributed a patch that made jQuery CSP-compatible which was later pulled into the jQuery trunk.
Since GitHub has become the industry standard for sharing code, I’ve started the process of moving all of my open source tools to a repository there. So far, I have only moved my Python CIDR block converter, but the rest should follow soon!
For instance, today I learned that ReCAPTCHA loads script both from api.recaptcha.net, but also from www.google.com. Note to self: figure out why Google needs to know about every ReCAPTCHA load.
You can test it out by clicking the following bookmarklet: Recommend CSP
There are times at work when I like to put on my headphones and play some music (usually instrumental) or white noise to avoid distraction while I write code or do some other task that requires concentration. I never thought to do both at the same time… until now!
Next time you want a nice anti-distraction music cocoon try opening in separate tabs:
One of the new features in Firefox 4 is the App Tab which lets users persist a tab that they use continuously. Firefox shrinks the tab down to just the favicon and places it in a special area for these tabs which generally aren’t closed by the user. The feature is great, but one of the side effects is that Gmail App Tabs don’t show anymore the part of the <title> that indicates unread messages.
That’s where my new Jetpack (a cool new, lightweight (and secure!) way to write Add-ons) comes in.
Go install Unread Gmail Favicon from AMO and the favicon for that tab will indicate the number of unread messages when you have them like so:
I was only able willing to stay for part of the first day of DEF CON this year, but I’m glad I did. One of the things they’ve done for the last five years or so is put microcontrollers in the badges, and put in little Easter eggs for people to search for. This year’s had a Ninja Party mode which was locked by default, but you could unlock it by placing a series of 15 tumblers in the correct position.
They published the source code for the badges on the CD they gave out at registration (so perhaps I’m stupid for loading the CD on my laptop rather than smart for reverse engineering the badge). I opened up DC18_Badge.c and, searching for “Ninja” (the code was commented nicely), quickly found the following two C functions:
/* NINJA ROUTINES
int dc18_ninja_validate(uint32_t val)
uint16_t a, b;
a = (uint16_t)(val & 0xfff);
b = (uint16_t)(val >> 12);
if((a ^ b) == 0x916)
// encode tumbler states into 24-bit value
uint32_t dc18_encode_tumblers(tumbler_state_type *tumblers)
uint32_t x = 0, j = 1;
for(i = 0; i < TUMBLERS_PER_IMAGE; i++)
x += tumblers[i] * j;
j *= 3;
So the trick was to find the number that made (a ^ b) == 0x916 and then figure out the tumbler positions to represent that number. I wrote two small Python functions to automate those tasks. To find the number that would unlock Ninja Mode, I wrote this loop. I added a print statement to show how far into the search we were, thinking it might take some time to find it, but it popped out 6423 in no time at all:
a = i & 0xfff
b = i >> 12
if i % 10000 == 0:
print "# a: %d, b: %d, i: %d" % (a, b, i)
if a ^ b == 0x916:
print "DONE: %d" % (i)
i += 1
Now all that was left was to figure out the tumbler positions to represent 6423. Clearly, dc18_encode_tumblers tells us how to do that. I whipped up this little function to convert the tumbler positions to a decimal number:
x = 0; j = 1;
for i in range(15):
x += tum[i] * j
j *= 3
I was going to write another loop to increment the tumbler array I was passing to enc_tumblers, but my first guess was so close that I just manually entered the settings until I found the winning configuration:
Sometimes I make a tool that I use for a while and then wonder if it’s something others will find useful too. Here’s one of them…
For a while I was sharing links on my home page by linking to the feed of stories I’ve upvoted on Reddit, but that has become less satisfying as Reddit dumbs itself down each day (the same thing that happened to Digg a few years earlier). I decided to make my own link-sharing program that I could use by just clicking a bookmarklet whenever I was on a page I wanted to share.
It is a very simple program that stores the links in a flat text file and uses CORS to allow the bookmarklet to POST data to it from across domains. You can put the files in a directory on your server and use this simple bookmarklet to share links:
I need the following sed one-liner periodically, and I thought it was useful enough to share here. Other versions I’ve seen chopped off everything after the first dot, which doesn’t work for files with a dot in the basename. This one does:
bsterne@zodiac:~$ ls /video | sed s/\.[^\.]*$// | head -n5
2001: A Space Odyssey
40 Year Old Virgin, The
A Bronx Tale
A Clockwork Orange
It was an awesome experience all the way around. The environment is fun and festive with live music and food and race equipment vendors, all the athletes and volunteers are super supportive of each other, and the rush of finally getting to the finish line was indescribable. I’m hooked, for sure.