http://pastie.caboo.se/195345
* Trimmed-down easy config file
* Lots of utility functions
* Smart log tail-er (cap util:logs:smart) that will show aggregate times, hits, errors, etc in pretty format!
Enjoy. :)
Edit 8:05pm: Added exponential weighted average for hits/min counter; fixed regex bug w/ multiple errors in one chunk
* Trimmed-down easy config file
* Lots of utility functions
* Smart log tail-er (cap util:logs:smart) that will show aggregate times, hits, errors, etc in pretty format!
Enjoy. :)
Edit 8:05pm: Added exponential weighted average for hits/min counter; fixed regex bug w/ multiple errors in one chunk
So, work gave me a nice laptop to play with (er, 'develop on'). TBD if I get to keep it, but I want to use it as my primary machine. Which in turn means I'm going to do a mildly complex setup.
Spec:
Dell Precison M4300
2GB RAM, 2.2GHz Centrino T7500 dual-core CPU, 160GB HD, NVidia Quadro FX 360M
Partitions:
* Dell recovery / diagnostics
* Vista 64-bit (30 GB)
* Kubuntu 7.10 32-bit (30 GB)
* NTFS shared space (88GB)
- w/ file-hosted TrueCrypt volume(s) for all sensitive/personal data
* FAT32 shared swap (4GB)
I tried installing Kubuntu 64-bit, but... it's a major pain in the ass. NVidia drivers don't work right at all; I get blank screens w/ X even in the installer. And from googling it, the performance improvement is minimal if any, and the pain of getting stuff to work right is significantly higher. So, screw it, I'll stick with 32-bit.
I'm going to just copy the files back onto my kubuntu part that I had on it prior to moving it off pre-Vista-install. Then mess with Grub & BCD so I can get a single boot screen, and get Vista & Kubuntu to just use the new FAT32 swap. This'll require some initrd hackery in linux - meh again.
I was considering trying to run it w/ Xen or VMware, but it seems like that'd be too limiting - e.g. I wouldn't be able to run games under Windows. And I was considering trying to get OSX on as well, but again the support for that seems pretty bad - not good enough for me wanting to just have it *work* once set up.
As for file-hosted truecrypt under a journaled, swapped system... it's a pretty minor security problem given my usage AFAICT. Just need to make sure I don't have reason to change the password.
Going down for reinstall of Ubuntu now.
ETA 1AM: Finally got grub fixed. Windows CD is useless for recovery even compared to what I can get from initramfs, let alone the kubuntu live DVD. Hmph.
Anyway, it's mostly set up & working now. Still need to set up kubuntu to pretend the fat32 part is swap.
Vista actually has a (mostly) working version of symoblic links, yay - mklink. So I've symlinked my data directories on the shared part. Still need to make the crypto volumes for cryptoshare and set up cross-os-compatible settings symlinking (eg for firefox). That'll be 'fun'. :)
ETA 3AM: TrueCrypt BSODs. Grr.
ETA 4AM: Evidently it's a weird interaction between TrueCrypt and the EXT2/3 IFS driver. Gah.
Spec:
Dell Precison M4300
2GB RAM, 2.2GHz Centrino T7500 dual-core CPU, 160GB HD, NVidia Quadro FX 360M
Partitions:
* Dell recovery / diagnostics
* Vista 64-bit (30 GB)
* Kubuntu 7.10 32-bit (30 GB)
* NTFS shared space (88GB)
- w/ file-hosted TrueCrypt volume(s) for all sensitive/personal data
* FAT32 shared swap (4GB)
I tried installing Kubuntu 64-bit, but... it's a major pain in the ass. NVidia drivers don't work right at all; I get blank screens w/ X even in the installer. And from googling it, the performance improvement is minimal if any, and the pain of getting stuff to work right is significantly higher. So, screw it, I'll stick with 32-bit.
I'm going to just copy the files back onto my kubuntu part that I had on it prior to moving it off pre-Vista-install. Then mess with Grub & BCD so I can get a single boot screen, and get Vista & Kubuntu to just use the new FAT32 swap. This'll require some initrd hackery in linux - meh again.
I was considering trying to run it w/ Xen or VMware, but it seems like that'd be too limiting - e.g. I wouldn't be able to run games under Windows. And I was considering trying to get OSX on as well, but again the support for that seems pretty bad - not good enough for me wanting to just have it *work* once set up.
As for file-hosted truecrypt under a journaled, swapped system... it's a pretty minor security problem given my usage AFAICT. Just need to make sure I don't have reason to change the password.
Going down for reinstall of Ubuntu now.
ETA 1AM: Finally got grub fixed. Windows CD is useless for recovery even compared to what I can get from initramfs, let alone the kubuntu live DVD. Hmph.
Anyway, it's mostly set up & working now. Still need to set up kubuntu to pretend the fat32 part is swap.
Vista actually has a (mostly) working version of symoblic links, yay - mklink. So I've symlinked my data directories on the shared part. Still need to make the crypto volumes for cryptoshare and set up cross-os-compatible settings symlinking (eg for firefox). That'll be 'fun'. :)
ETA 3AM: TrueCrypt BSODs. Grr.
ETA 4AM: Evidently it's a weird interaction between TrueCrypt and the EXT2/3 IFS driver. Gah.
I submitted an article for 2600 about "all-point" meditation (see my 'my meditation techniques' post for the shortform meta version).
Looks like it'll be published.
Whee.
Looks like it'll be published.
Whee.
I am currently adding Kubuntu to my computer as a dual boot (I write this from Konqueror off a live CD). Resizing NTFS is scary. :|
TBD whether I actually like / use it, but I guess it's time I tried.
Fortunately, Ryan's an experienced *nix sysadmin (unlike I), so I can make him fix things if it breaks. :)
In other news, I seem to be sick. Cold or flu or something. Feh.
TBD whether I actually like / use it, but I guess it's time I tried.
Fortunately, Ryan's an experienced *nix sysadmin (unlike I), so I can make him fix things if it breaks. :)
In other news, I seem to be sick. Cold or flu or something. Feh.
- Location:desk
- Mood:
sick
http://board.gulli.com/thread/541615-tri
*whistles*
http://blog.ceruleanstudios.com/
http://www.ceruleanstudios.com/sneakpre
http://rs50cg2.rapidshare.com/files/168
http://rs8tl.rapidshare.com/files/30876
*whistles*
http://blog.ceruleanstudios.com/
http://www.ceruleanstudios.com/sneakpre
http://rs50cg2.rapidshare.com/files/168
http://rs8tl.rapidshare.com/files/30876
- Location:desk
I should've installed this a while ago. For that matter, it should've come standard.
http://www.microsoft.com/technet/sysinte
http://www.microsoft.com/technet/sysinte
Fy'all spkt! Tpkt kexperiment, tSai tAlex last night. Sh!
Tworld pone language. Tpeople keast; sh pplain kShinar; t k. T st "pbricks!". Pstone kbrick, pmortar ktar. Then ssh, "Tfwe pcity; k ptower; t kheaven - pname fus, pnot pus kearth." Tgod kcity, sh s, stower. Sgod, "Tpeople kone language t, t panything. Twe kdown! T planguage, pnot tthey sh s!" Tgod pthem kearth; then t not pcity. P sBabel - k tgod planguage, t pthem kearth.
Kprefixes!:
t agent
p patient, purpose
k instrument, location
sh experiencer
s stimulus
f recipient, beneficiary
Not kverb! Knull ppronoun. Kpragmatics! Knull pcopula. K! pcommand!
More s fyou:
Shi sstory yesterday kinternet. Ts shme happy.
Kbuilding tflag. Kflag sstripes shwe.
Twe pstore, pbread. Pwhite. -or- Twe kstore pbread.
Nail khand. Ti pnail kboard khand. Ow!
Shi s. Sh!
Tyou fme ps! Also ptranslations sabove! :-)
- Sai & Alex
( Explanation in standard English - try to figure it out & answer the questions at the end first before clicking! )
- Location:bed
Copied from an email I just wrote. The situation is basically this: I want to be able to CC a group of people on mail traffic to outside parties of relevance to them (and let those outside parties respond back, still with CC to group), using a mail alias / mailing list rather than individual addresses, but without exposing them to the potential for a spammer being able to mail that alias/list and without requiring those outside parties to have any explicit interaction with a listserv or requiring any effortful interaction on my part to add them & manage it.
Comments from the geeks in the audience?
I think optimally you would have something that works like a mail alias, but requires (and automatically processes) an "introduction".
For example, when I - a valid member - write a message that CCs this "smart alias" and also has K addressed, it says "oh, he's OK then" and adds him to the list with me as a referrer / voucher. Then he gets the right to send to the list, and so on.
This would prevent the spam problem - nobody can send to the list if they haven't been vouched for implicitly - and the referrer system makes it very easy to cut off a whole branch if it does get forwarded to a spammer somewhere down the line. It also would enable completely transparent CCing; neither party needs to know that the smart-alias has added them, except in the case of an unauthorized person attempting to cc the smart-alias, in which case they should be told how it works and that they will need an introduction.
The only potential bug I can see is if you have a race condition with mailing delays, where if I mail K with a cc, and K responds with the cc, then K's cc might reach the server before mine does and get rejected because he hasn't been introduced yet. But I think this is a relatively minor issue, given the relative speeds of mail servers vs humans.
I don't know if such a system exists, but then I'm a designer by nature and not an engineer. ;-)
Comments from the geeks in the audience?
I think optimally you would have something that works like a mail alias, but requires (and automatically processes) an "introduction".
For example, when I - a valid member - write a message that CCs this "smart alias" and also has K addressed, it says "oh, he's OK then" and adds him to the list with me as a referrer / voucher. Then he gets the right to send to the list, and so on.
This would prevent the spam problem - nobody can send to the list if they haven't been vouched for implicitly - and the referrer system makes it very easy to cut off a whole branch if it does get forwarded to a spammer somewhere down the line. It also would enable completely transparent CCing; neither party needs to know that the smart-alias has added them, except in the case of an unauthorized person attempting to cc the smart-alias, in which case they should be told how it works and that they will need an introduction.
The only potential bug I can see is if you have a race condition with mailing delays, where if I mail K with a cc, and K responds with the cc, then K's cc might reach the server before mine does and get rejected because he hasn't been introduced yet. But I think this is a relatively minor issue, given the relative speeds of mail servers vs humans.
I don't know if such a system exists, but then I'm a designer by nature and not an engineer. ;-)
http://attrition.org/postal/z/033/0871.h
FYI, this was a Republican senate staffer, who lost his job as a result.
FYI, this was a Republican senate staffer, who lost his job as a result.
- Mood:
amused
(Of the breaking-into-remote-computers kind)
http://www.coresecurity.com/files/image
Dat's some scary shit j0. Its user interface is on the level of "what IPs do you want to pwn today?". O.O
Not that the program is available to plebs like me anywhere I can tell - call for price and consultation etc :-P so presumably it's a multi-$k package - but watching the demo is, um, impressive.
It could be obviously almost fully automated into a virus equivalent; a self-propogating proxy/zombie farm, or n-level-deep attack. Provide one target IP; it breaks in, pivots on that, and voila, instant network of rooted systems.
Yeah. So. Lessons for everyone:
Keep all your software very updated.
Don't install weird stupid stuff.
Do install antivirus, good firewall, etc.
Realize you're probably quite hackable anyway :( so don't leave sensitive information unencrypted...
... though if they're rooting your computer, you're screwed anyway 'cause you're going to unencrypt it eventually, at which point it can be taken from RAM in the clear, if they haven't just logged your passwords to begin with.
http://www.coresecurity.com/files/image
Dat's some scary shit j0. Its user interface is on the level of "what IPs do you want to pwn today?". O.O
Not that the program is available to plebs like me anywhere I can tell - call for price and consultation etc :-P so presumably it's a multi-$k package - but watching the demo is, um, impressive.
It could be obviously almost fully automated into a virus equivalent; a self-propogating proxy/zombie farm, or n-level-deep attack. Provide one target IP; it breaks in, pivots on that, and voila, instant network of rooted systems.
Yeah. So. Lessons for everyone:
Keep all your software very updated.
Don't install weird stupid stuff.
Do install antivirus, good firewall, etc.
Realize you're probably quite hackable anyway :( so don't leave sensitive information unencrypted...
... though if they're rooting your computer, you're screwed anyway 'cause you're going to unencrypt it eventually, at which point it can be taken from RAM in the clear, if they haven't just logged your passwords to begin with.
- Mood:
impressed
This site got me thinking about it. And this speech from H2K2, or rather the original essay which I remember reading years ago, not long after I first had Internet access, which was probably around 1993-1995. It was in the last couple years of the dominance of Gopher, just before the WWW really started to catch on (at least in ways I could access).
So, my perspective on these issues.
Warez (aka "pirated software") - I pronounce it "wares", not 'wah-rez' or 'way-rez'.
I've never been involved in warez except as a user of releases. I would bet that I am about 3 hops away from a release group; I know people I suspect are involved in the scene. But I've not had any interest in that, and I'm aware that security is a major issue for them, so I have never really asked for details.
My ethics about use of warez is relatively simple. It clearly is not direct theft, i.e. one in which you are stealing something from someone else in a way that deprives that person of the item. It is possibly indirect theft, i.e. if you obtain something through warez that you would otherwise have paid for, then you cost the seller that money you would otherwise have paid.
I'm a cheap bastard, so that means that if I can't obtain software for free I probably can't afford to pay for it, and thus I'm not in that category. Ergo, my obtaining software for free is not theft of any kind.
However, I have strongly advocated for others who *can* afford the cost of the software to just buy the stuff legit.
It is however ethical IMO to try software through warez that you do intend to buy if it is actually worth the money (i.e. if you would, in the opinion informed by having used the warez, decide to buy it if you couldn't get the warez)
Cracking
I've never done it, but I am fairly familiar with the theory. I simply have not had a need to actually try my hand at it.
Similarly, I'm only theoretically familiar with anti-cracking techniques, except to be certain that my level of skill at doing so is not going to surpass the skill of a good cracker.
I have only ever released one piece of software to the public; that was my shareware program SaiD3U aka Palm Familiar, a D&D companion software for Palm OS. I discontinued it because of legal reasons; essentially, the terms of the D&D owner corp's quote-unquote "open gaming license" were such that a viable program for a small-memory, slow-cpu platform was simply not worth the effort. (Essentially it would have required that all algorithms covered by the OGL be in plain text, aka XML, rather than hardcoded.) I made a couple hundred off of that in registrations while it was still in beta. I probably could have made a decent amount if I fully released it. Ohwell.
SaiD3U/PF had a serial-based registration system that I'm pretty sure would have been trivially easy to both crack and release a keygen for. I made no effort to guard against that, as I figured anyone skilled enough to even know how to start was skilled enough to be not worth my effort to try to stop. And also that my app wasn't nearly a big enough target for someone to try cracking it. :-P
(FWIW I have since almost certainly lost all the soure code, keygen program, and god-mode compilation .prc. If someone is really really interested I could be convinced to go looking through my backups and archives as it may be around there ... somwhere. But damned if I know where.)
As most people even vaguely in hacker mindset, I think that:
* obscurity is not security
* if enough people want it to be cracked, it will be, period; maximum time 6 months (e.g. StarForce took about that long to be broken)
- viz. Windows Vista activation is not yet cracked (there's a workaround though, which is time-limited to june '07). But I'm certain it will be way before then, even though I'm also certain that Microsoft paid a lot of people a lot of money to prevent just that
* cracking-prevention programs are often counterproductive, as they can be buggy, introduce other problems, or otherwise harass both legitimate and pirate users
* harassing pirates is an ineffective way to get them to stop or to buy the product, but only to make them want to crack the harassment
* cracking is ethically neutral, as (per above) it's the implementation that is ethics-bound
Hacking
Again, I've never done it in the "break into someone else's system for malicious purposes" sense. I have broken into systems for other (beneficient) purposes, though generally through (to me) relatively simple methods. I don't consider myself particularly skilled at it, but here I am comparing myself against what I know to be the standards amongst those who are.
Malicious purposes (e.g. virii to install rootkits to operate an eggdrop zombie farm) are by definition unethical an I am strongly opposed to them.
Neutral purposes can be ethical if done properly & carefully, e.g. purely for curiosity, exploration, etc; if the legitimate owner can't get in and needs a "locksmith" who can, etc.
Whitehat pruposes - e.g. breaking into a system and then telling the op how to fix it - are a good thing.
That's all I have to say about that.
"Hacker"
To me, this is not a label describing a particular set of activities (viz., cracking, system compromise, etc) but rather a general worldview and approach to things.
Components (some core, some cultural):
1. Curiosity. Wanting to know how things work, even if you have no particular intention to use them, just because - rather than being satisfied with the dumbed-down-instructions version
1.1 Analytical mindset. Desire and ability to figure out how things work in their detailed subcomponent parts and in gestalt. Applies to everything. (This post is an example.)
1.2 Rationality. Using valid logic routinely as a matter of course standard wherever it is applicable, e.g. to any empirical question and many emotional ones. (Emotion is frequently considered "irrational", but I disagree - it merely has a different axiom set and places a far higher stress on associative inference than inductive logic does.)
2. Control: Desire to be maximally in control of systems; irritation at artificial limitations to this, like restrictive permissions, poor design, etc.
2.1 Configuration. Desire to have things configured just right - which is essentially a matter of making up for poor design. (Note how many hackers are still happy with well-designed things, like ipod's UI)
2.2 Freedom. Extreme dislike of any sense of restriction on fulfilling personal desires or whims (even hypothetical ones), whatever the source.
3. Information freedom. Desire to have most information (with ethical limits) be as free and easily found as possible.
4. Humor
4.1 Recursivity and self-reference
4.2 Cross-discipline puns
4.3 Intellectual / dry / witty / serious humor
4.4 Terseness
5. Meritocracy. Lack of instinct for "respect for authority" or respect for people by virtue of the positions they hold. Strong instinct for respect based on acheivements, talents, skills, or other personal qualities.
5.1 Personalization. Strong dislike of depersonalizing, "soulless" systems.
6. Design aesthetic. Love of good design, things that Just Work Right, are Pretty, are Shiny, are Powerful, or are otherwise Good Things (tm).
7. Personal drive. Belief in one's own desires, interests, etc. Holding one's own values as more important than those of the surrounding culture. Disdain / pity for people without strong personal interests as borderline-zombies.
7.1 Internalization over obediance. Belief that un-internalized rules are borderline useless; that they will be "cracked anyway" if someone wants to; and disobeyed when not enforced. Thus a preference for internalized, consensus-based governance; decentralization; generic anti-authority / anti-centralization stance.
7.2 Drive-based learning. Learning things when and where they are useful to learn, or expected to be in the future (unless they come under 'curiosity for its own sake' above). Dislike of being forced to study facts that are irrelevant, uninteresting, rote, and bullimically regurgitated.
8. Systems approach. Belief that most things are systemic, rather than one-time exceptions; that the source of a problem in the system itself must be fixed rather than patching the symptoms; that systems are a powerful tool. And conversely, that systems can be evil inasmuch as they take a life of their own and start existing to sustain themselves, rather than to serve their original beneficial purposes, and that when that happens they must be reformed (if possible) or destroyed and replaced (if not).
You'll note that these have very little to do with what someone actually does per se, though the mindset lends itself better to some jobs (programmer, designer, artist) than others (corporate wageslave, advertising, yesman, etc). It is also ethically neutral; I consider the blackhat/whitehat or hacker/cracker sort of distinction to be a completely separate one, and that people can be any combination of the above.
Only an incidental byproduct of this is being a skilled computer programmer. I have only had a handful of computer projects I wanted to accomplish - I learned what was necessary to accomplish them. I am not particularly interested in/by programming for its own sake, though I certainly appreciate programming as an art form. I am thus quite (or completely) unskilled in a number of areas of programming, simply by virtue of the fact that they have never been needed to accomplish something I felt like accomplishing.
This is why I would describe myself as a 'hacker', and consider it a term of praise when applied to others.
Schooling vs education (a short rant)
One thing I think is a terribly unforunate truth in the original Hacker's Manifesto - one echoed by almost all hackers I know - is of the extent to which our schooling failed us. Betrayed us even, as schools should exist to teach, and we of all people hunger to learn.
Schools are not too bad for educating most people, I suppose. I wouldn't really know; I have little empathy for that area of things. I only know my experience and those of my peers.
I have been in "gifted" programs throughout my life; this meant I took advanced versions of courses and (for math only) was several grades ahead by virtue of outside schooling (Kumon). I was held back from being blanket promoted some number of grades; my opinion on this matter was not particularly sought or understood, so I don't know how or why that happened. I was utterly bored for 99% of school, with all the ego-destructiveness of that boredom. I was not, until relatively recently, driven enough to be able to overcome that and learn for myself except in limited ways. I was smarter than most of my teachers. I had a scant few who were worth anything; I remember those. Some, like Colin Quinton (my chemistry teacher in HS) were later corrupted by the system themselves, which is an amazingly sad thing to see happen.
I don't know whether it would be possible to solve that problem while still working within the existing system. On the one hand, to teach me properly - i.e. to really fully max me out - would require an individually tailored program, and probably some very smart teachers. On the other, retaining all the psychological and social support any human needs would be very challenging.
The halfass approach - where with mainstreaming I have always been too different to be assimilatable anyway and the opportunities I was given for self-teaching were too daunting and unsupported - is simply not viable.
It has to be solvable. I believe that part of it is to teach people by giving them real projects that they would be self interested in pursuing. Not busy work that is challenging purely for the sake of being work. From my perspective that is straight abusive. Not things that are completely dissociated from the real world, real projects, real useful things. Not the stupid shit that I remember from elementary and junior school, and much of high school - the glorified posterboards, 'art' projects in English and history classes, etc. Absolute trash. To make me really learn, you have to first make me care.
Once I care, damn near all you have to do is help me along the way - answer questions as they come up, provide interesting things to read and problems I could solve, etc. Play with serious toys. This was always true.
I think in all this that I am completely not unique. I would guess that most of my fellow hackers feel likewise, and many of my friends who are not hackers.
I'd like the problem to be solved before it comes time to educate my own children, but I will educate them myself if I think that is the best available solution.
(This is of course one of the reasons for my interest in teaching as a profession, though I don't know if I would find satisfaction in teaching at the level at which I am complaining about here, i.e. in elementary and middle school, unless I were exclusively teaching hackers like myself - that could indeed be very rewarding, if combined with the usual assortment of other gigs.)
So, my perspective on these issues.
Warez (aka "pirated software") - I pronounce it "wares", not 'wah-rez' or 'way-rez'.
I've never been involved in warez except as a user of releases. I would bet that I am about 3 hops away from a release group; I know people I suspect are involved in the scene. But I've not had any interest in that, and I'm aware that security is a major issue for them, so I have never really asked for details.
My ethics about use of warez is relatively simple. It clearly is not direct theft, i.e. one in which you are stealing something from someone else in a way that deprives that person of the item. It is possibly indirect theft, i.e. if you obtain something through warez that you would otherwise have paid for, then you cost the seller that money you would otherwise have paid.
I'm a cheap bastard, so that means that if I can't obtain software for free I probably can't afford to pay for it, and thus I'm not in that category. Ergo, my obtaining software for free is not theft of any kind.
However, I have strongly advocated for others who *can* afford the cost of the software to just buy the stuff legit.
It is however ethical IMO to try software through warez that you do intend to buy if it is actually worth the money (i.e. if you would, in the opinion informed by having used the warez, decide to buy it if you couldn't get the warez)
Cracking
I've never done it, but I am fairly familiar with the theory. I simply have not had a need to actually try my hand at it.
Similarly, I'm only theoretically familiar with anti-cracking techniques, except to be certain that my level of skill at doing so is not going to surpass the skill of a good cracker.
I have only ever released one piece of software to the public; that was my shareware program SaiD3U aka Palm Familiar, a D&D companion software for Palm OS. I discontinued it because of legal reasons; essentially, the terms of the D&D owner corp's quote-unquote "open gaming license" were such that a viable program for a small-memory, slow-cpu platform was simply not worth the effort. (Essentially it would have required that all algorithms covered by the OGL be in plain text, aka XML, rather than hardcoded.) I made a couple hundred off of that in registrations while it was still in beta. I probably could have made a decent amount if I fully released it. Ohwell.
SaiD3U/PF had a serial-based registration system that I'm pretty sure would have been trivially easy to both crack and release a keygen for. I made no effort to guard against that, as I figured anyone skilled enough to even know how to start was skilled enough to be not worth my effort to try to stop. And also that my app wasn't nearly a big enough target for someone to try cracking it. :-P
(FWIW I have since almost certainly lost all the soure code, keygen program, and god-mode compilation .prc. If someone is really really interested I could be convinced to go looking through my backups and archives as it may be around there ... somwhere. But damned if I know where.)
As most people even vaguely in hacker mindset, I think that:
* obscurity is not security
* if enough people want it to be cracked, it will be, period; maximum time 6 months (e.g. StarForce took about that long to be broken)
- viz. Windows Vista activation is not yet cracked (there's a workaround though, which is time-limited to june '07). But I'm certain it will be way before then, even though I'm also certain that Microsoft paid a lot of people a lot of money to prevent just that
* cracking-prevention programs are often counterproductive, as they can be buggy, introduce other problems, or otherwise harass both legitimate and pirate users
* harassing pirates is an ineffective way to get them to stop or to buy the product, but only to make them want to crack the harassment
* cracking is ethically neutral, as (per above) it's the implementation that is ethics-bound
Hacking
Again, I've never done it in the "break into someone else's system for malicious purposes" sense. I have broken into systems for other (beneficient) purposes, though generally through (to me) relatively simple methods. I don't consider myself particularly skilled at it, but here I am comparing myself against what I know to be the standards amongst those who are.
Malicious purposes (e.g. virii to install rootkits to operate an eggdrop zombie farm) are by definition unethical an I am strongly opposed to them.
Neutral purposes can be ethical if done properly & carefully, e.g. purely for curiosity, exploration, etc; if the legitimate owner can't get in and needs a "locksmith" who can, etc.
Whitehat pruposes - e.g. breaking into a system and then telling the op how to fix it - are a good thing.
That's all I have to say about that.
"Hacker"
To me, this is not a label describing a particular set of activities (viz., cracking, system compromise, etc) but rather a general worldview and approach to things.
Components (some core, some cultural):
1. Curiosity. Wanting to know how things work, even if you have no particular intention to use them, just because - rather than being satisfied with the dumbed-down-instructions version
1.1 Analytical mindset. Desire and ability to figure out how things work in their detailed subcomponent parts and in gestalt. Applies to everything. (This post is an example.)
1.2 Rationality. Using valid logic routinely as a matter of course standard wherever it is applicable, e.g. to any empirical question and many emotional ones. (Emotion is frequently considered "irrational", but I disagree - it merely has a different axiom set and places a far higher stress on associative inference than inductive logic does.)
2. Control: Desire to be maximally in control of systems; irritation at artificial limitations to this, like restrictive permissions, poor design, etc.
2.1 Configuration. Desire to have things configured just right - which is essentially a matter of making up for poor design. (Note how many hackers are still happy with well-designed things, like ipod's UI)
2.2 Freedom. Extreme dislike of any sense of restriction on fulfilling personal desires or whims (even hypothetical ones), whatever the source.
3. Information freedom. Desire to have most information (with ethical limits) be as free and easily found as possible.
4. Humor
4.1 Recursivity and self-reference
4.2 Cross-discipline puns
4.3 Intellectual / dry / witty / serious humor
4.4 Terseness
5. Meritocracy. Lack of instinct for "respect for authority" or respect for people by virtue of the positions they hold. Strong instinct for respect based on acheivements, talents, skills, or other personal qualities.
5.1 Personalization. Strong dislike of depersonalizing, "soulless" systems.
6. Design aesthetic. Love of good design, things that Just Work Right, are Pretty, are Shiny, are Powerful, or are otherwise Good Things (tm).
7. Personal drive. Belief in one's own desires, interests, etc. Holding one's own values as more important than those of the surrounding culture. Disdain / pity for people without strong personal interests as borderline-zombies.
7.1 Internalization over obediance. Belief that un-internalized rules are borderline useless; that they will be "cracked anyway" if someone wants to; and disobeyed when not enforced. Thus a preference for internalized, consensus-based governance; decentralization; generic anti-authority / anti-centralization stance.
7.2 Drive-based learning. Learning things when and where they are useful to learn, or expected to be in the future (unless they come under 'curiosity for its own sake' above). Dislike of being forced to study facts that are irrelevant, uninteresting, rote, and bullimically regurgitated.
8. Systems approach. Belief that most things are systemic, rather than one-time exceptions; that the source of a problem in the system itself must be fixed rather than patching the symptoms; that systems are a powerful tool. And conversely, that systems can be evil inasmuch as they take a life of their own and start existing to sustain themselves, rather than to serve their original beneficial purposes, and that when that happens they must be reformed (if possible) or destroyed and replaced (if not).
You'll note that these have very little to do with what someone actually does per se, though the mindset lends itself better to some jobs (programmer, designer, artist) than others (corporate wageslave, advertising, yesman, etc). It is also ethically neutral; I consider the blackhat/whitehat or hacker/cracker sort of distinction to be a completely separate one, and that people can be any combination of the above.
Only an incidental byproduct of this is being a skilled computer programmer. I have only had a handful of computer projects I wanted to accomplish - I learned what was necessary to accomplish them. I am not particularly interested in/by programming for its own sake, though I certainly appreciate programming as an art form. I am thus quite (or completely) unskilled in a number of areas of programming, simply by virtue of the fact that they have never been needed to accomplish something I felt like accomplishing.
This is why I would describe myself as a 'hacker', and consider it a term of praise when applied to others.
Schooling vs education (a short rant)
One thing I think is a terribly unforunate truth in the original Hacker's Manifesto - one echoed by almost all hackers I know - is of the extent to which our schooling failed us. Betrayed us even, as schools should exist to teach, and we of all people hunger to learn.
Schools are not too bad for educating most people, I suppose. I wouldn't really know; I have little empathy for that area of things. I only know my experience and those of my peers.
I have been in "gifted" programs throughout my life; this meant I took advanced versions of courses and (for math only) was several grades ahead by virtue of outside schooling (Kumon). I was held back from being blanket promoted some number of grades; my opinion on this matter was not particularly sought or understood, so I don't know how or why that happened. I was utterly bored for 99% of school, with all the ego-destructiveness of that boredom. I was not, until relatively recently, driven enough to be able to overcome that and learn for myself except in limited ways. I was smarter than most of my teachers. I had a scant few who were worth anything; I remember those. Some, like Colin Quinton (my chemistry teacher in HS) were later corrupted by the system themselves, which is an amazingly sad thing to see happen.
I don't know whether it would be possible to solve that problem while still working within the existing system. On the one hand, to teach me properly - i.e. to really fully max me out - would require an individually tailored program, and probably some very smart teachers. On the other, retaining all the psychological and social support any human needs would be very challenging.
The halfass approach - where with mainstreaming I have always been too different to be assimilatable anyway and the opportunities I was given for self-teaching were too daunting and unsupported - is simply not viable.
It has to be solvable. I believe that part of it is to teach people by giving them real projects that they would be self interested in pursuing. Not busy work that is challenging purely for the sake of being work. From my perspective that is straight abusive. Not things that are completely dissociated from the real world, real projects, real useful things. Not the stupid shit that I remember from elementary and junior school, and much of high school - the glorified posterboards, 'art' projects in English and history classes, etc. Absolute trash. To make me really learn, you have to first make me care.
Once I care, damn near all you have to do is help me along the way - answer questions as they come up, provide interesting things to read and problems I could solve, etc. Play with serious toys. This was always true.
I think in all this that I am completely not unique. I would guess that most of my fellow hackers feel likewise, and many of my friends who are not hackers.
I'd like the problem to be solved before it comes time to educate my own children, but I will educate them myself if I think that is the best available solution.
(This is of course one of the reasons for my interest in teaching as a profession, though I don't know if I would find satisfaction in teaching at the level at which I am complaining about here, i.e. in elementary and middle school, unless I were exclusively teaching hackers like myself - that could indeed be very rewarding, if combined with the usual assortment of other gigs.)
I wonder if the project management system I'm working on could be scaled up.
At present, it only manages stuff for our team, which is relatively small. It manages (or will soon) most of what we do though - projects, [censored]s, contacts, etc.
However, I think it could be scaled to be something run across the company. This would be of course Very Interesting, and AFAIK it'd be a damn sight better than what's being used now. *cough*
Of course, scaling from a handful of users and maybe a thousand records to hundreds or thousands of users and 100k-1M records is, ah, non-trivial.
I wonder how much in the way of extra features I'd need to add, aside from scalability concerns / easier UI / etc.
It'd be really really nifty to do, though. Evidently my boss is going to show it off to some of his fellow high-up people within a few weeks. (My boss is 2 away from the company president. And Medtronic is a bloody huge company.) So if I can make it pretty / stable enough by then and perhaps put together a good pitch of what the enterprise-ified version would like like, it would actually happen.
I should get around to reading 37 signals - Getting Real.
At present, it only manages stuff for our team, which is relatively small. It manages (or will soon) most of what we do though - projects, [censored]s, contacts, etc.
However, I think it could be scaled to be something run across the company. This would be of course Very Interesting, and AFAIK it'd be a damn sight better than what's being used now. *cough*
Of course, scaling from a handful of users and maybe a thousand records to hundreds or thousands of users and 100k-1M records is, ah, non-trivial.
I wonder how much in the way of extra features I'd need to add, aside from scalability concerns / easier UI / etc.
It'd be really really nifty to do, though. Evidently my boss is going to show it off to some of his fellow high-up people within a few weeks. (My boss is 2 away from the company president. And Medtronic is a bloody huge company.) So if I can make it pretty / stable enough by then and perhaps put together a good pitch of what the enterprise-ified version would like like, it would actually happen.
I should get around to reading 37 signals - Getting Real.
http://windowshelp.microsoft.com/commun
*very irritated*
And I don't know how to fix it either. GRRR.
EDIT: Some debugging and numerous BSODs later, I've determined that it's coming from my wired internet connection. I disabled it and have had no crashes since. No idea how to fix it though, since it's already on the latest driver revision. :-/
But it's not practically much of a burden, assuming my wireless doesn't start suddenly dropping out. Which it used to do, actually. Sigh.
*reinstall reinstall hack hack*
*very irritated*
And I don't know how to fix it either. GRRR.
EDIT: Some debugging and numerous BSODs later, I've determined that it's coming from my wired internet connection. I disabled it and have had no crashes since. No idea how to fix it though, since it's already on the latest driver revision. :-/
But it's not practically much of a burden, assuming my wireless doesn't start suddenly dropping out. Which it used to do, actually. Sigh.
*reinstall reinstall hack hack*
Now running Vista RTM (rather than RC1).
Clean install, which means I have to reinstall everything, but that's probably for the better. No data loss, hopefully (though I'm wrestling with permissions and with some encrypted files... :-/)
Otherwise, things are running relatively well. Will be a bitch to get everything running again. Sigh. Worth it I guess/hope.
Incidentally, uninstalling IntelliPoint really really really should NOT uninstall my touchpad driver. Stupid MS. At least I have the all-keyboard hax0r fu. :-)
Clean install, which means I have to reinstall everything, but that's probably for the better. No data loss, hopefully (though I'm wrestling with permissions and with some encrypted files... :-/)
Otherwise, things are running relatively well. Will be a bitch to get everything running again. Sigh. Worth it I guess/hope.
Incidentally, uninstalling IntelliPoint really really really should NOT uninstall my touchpad driver. Stupid MS. At least I have the all-keyboard hax0r fu. :-)
[With many thanks to Jamis Buck for his sage advice as always.]
Doing eager loading pagination on multiple many-to-many tables in Rails is VEEERY SLOOOOW if you have more than a couple (or a lot of records).
Why?
Well, my primary table is 'projects'. It has 6 associated tables, variously many-many, 1-m, m-1 or 1-m-1.
SQL load time for the pagination query with :include -ing 0-6 of those associations is respectively (in seconds, one run): 0.001, 0.004, 0.012, 0.12, 0.17, 0.8, 3.8. Not hugely bad except toward the end, where it's joining a bunch of m-m tables and getting too big for its buffer and thus resorting to filesort. Which is slow. This is with everything using indices BTW.
However, Rails then instantiates an object for every Cartesian product thereof. So you multiply each previous set but the number of rows in the next-added join table. Yes, that's exponential. Time for this: 0.091, 0.171, 0.168, 0.48, 1.2, 4, 5, 26.2. At that point it's a Problem.
So what to do now? Denormalize - i.e. store the result of some those associations in the table itself, so it doesn't have to actually look 'em up and thus do the mean many-many eager load. Which implies hooks and updating and making sure everything's synchronized and all that. Won't that be fun...
But at least I won't have my primary page either taking way too long to load, or crippled 'cause I have to nerf it to remove those eager loads for now. But I'll nerf it for now anyway 'cause it's not a priority so long as it's at least functional an not taking forever. Extra sorts is a bonus feature; tolerable speed is a requirement. And I have other priorities for what to do next. At least I know where it's going wrong now. :-)
Doing eager loading pagination on multiple many-to-many tables in Rails is VEEERY SLOOOOW if you have more than a couple (or a lot of records).
Why?
Well, my primary table is 'projects'. It has 6 associated tables, variously many-many, 1-m, m-1 or 1-m-1.
SQL load time for the pagination query with :include -ing 0-6 of those associations is respectively (in seconds, one run): 0.001, 0.004, 0.012, 0.12, 0.17, 0.8, 3.8. Not hugely bad except toward the end, where it's joining a bunch of m-m tables and getting too big for its buffer and thus resorting to filesort. Which is slow. This is with everything using indices BTW.
However, Rails then instantiates an object for every Cartesian product thereof. So you multiply each previous set but the number of rows in the next-added join table. Yes, that's exponential. Time for this: 0.091, 0.171, 0.168, 0.48, 1.2, 4, 5, 26.2. At that point it's a Problem.
So what to do now? Denormalize - i.e. store the result of some those associations in the table itself, so it doesn't have to actually look 'em up and thus do the mean many-many eager load. Which implies hooks and updating and making sure everything's synchronized and all that. Won't that be fun...
But at least I won't have my primary page either taking way too long to load, or crippled 'cause I have to nerf it to remove those eager loads for now. But I'll nerf it for now anyway 'cause it's not a priority so long as it's at least functional an not taking forever. Extra sorts is a bonus feature; tolerable speed is a requirement. And I have other priorities for what to do next. At least I know where it's going wrong now. :-)
http://www.hopenumbersix.net/speakers.ht
(Hackers On Planet Earth conference)
Has a number of interesting talks.
(Hackers On Planet Earth conference)
Has a number of interesting talks.
- Music:Paul Renda - Can Security Detectors Be Hack
- Mood:
productive
http://www.prayermatch.org:11234 works and should be able to take any load it's likely to get. I'm not 100% sure that the WEBrick server I kludged will stay up or not though -it's not how it's meant to be running.
The Apache server on port 80 (i.e. normal http without the port specified like above) is still borked. Hopefully will be fixed soon.
Also, http://forums.prayermatch.org works (newly made phpBB).
Various data stuff fixed in the background, capistrano deployments actually working reliably & correctly (OMFGZ!), svn fully working, ssh not blacklisted (yay, being able to log in to my own server).
New data models added to support profiles; next is just a relatively simple matter of scaffolding some CRUD for them, tweaking it, making sure it won't break anything, and pushing another deployment.
Once that, and the Apache config, are done - then it should be ready for prime time.
(Of course, there'd still be the actual assignment mechanism, etc etc, but at least you'd be able to fully sign up.)
The Apache server on port 80 (i.e. normal http without the port specified like above) is still borked. Hopefully will be fixed soon.
Also, http://forums.prayermatch.org works (newly made phpBB).
Various data stuff fixed in the background, capistrano deployments actually working reliably & correctly (OMFGZ!), svn fully working, ssh not blacklisted (yay, being able to log in to my own server).
New data models added to support profiles; next is just a relatively simple matter of scaffolding some CRUD for them, tweaking it, making sure it won't break anything, and pushing another deployment.
Once that, and the Apache config, are done - then it should be ready for prime time.
(Of course, there'd still be the actual assignment mechanism, etc etc, but at least you'd be able to fully sign up.)
- Mood: productive
Two words: Bump keys.
Here are some GIFs and a short YouTube video that should explain it quickly for those of you who already know something about lockpicking. Look at them first before you read the rest and see how smart you are. ;-)
Executive summary:
* tools needed:
1. one hammerlike thing (eg a screwdriver, wooden stick, mallet, flashlight, a frozen banana, whatever)
2. one bump key for the lock type you want to open (e.g. Kwikset, Schlage, Medeco, etc)
- to make it: one key blank from the lock you want to open; the use of one key cutting machine to cut said blank to all 9s - OR - patience and a metal file; a metal file to shave off a small bit of the shoulder (.5 mm) & tip (1 mm) of the blank
- cost: <$10
- or buy a set of the major US 5 on eBay for ~$15 and then file down the shoulder / tip
* vulnerable locks: practically everything (i.e. any pin tumbler lock) except:
- combo (eg Ye Generic Masterlock Knockoff)
- electronic or RFID (eg really fancy cars, high tech installations, etc)
- disc locks (eg many car & cabinet locks)
- rotary pin locks (eg from laptops, bike locks, vending machines, etc)
- locks you can't obtain a key blank for (eg custom locks or ultra high security blanks)
- uber simple locks (eg mechanical ward locks)
- (halfway) sidebar cut locks - need to obtain the matching sidekey cut blank, but these happen to be regionally distributed...
- some rare, very well designed pin tumbler locks (see the long video - last linked - for details)
* time to open: a few seconds
* skill needed: very low
* legality: legal until you Do Something Bad with it or look like you're about to
* forensics: very difficult to detect normally... BUT may damage the lock after hundreds of uses
* same principle as a pick gun (Newton's Law), but more versatile
Here are some PDFs that explain it in great technical detail for those of you who want to know more. :-)
Here is a legal analysis PDF. (Summary: in CA at least, they're totally legal to purchase and own, and to use on your own locks [or ones the owner asks you to], and are quite innocent on their own; but if you act really suspicious - e.g. skulking around property you don't own, with tools, at night, with a big bag and a notebook listing your favorite fences - you're probably fucked. Same as if you carried a crowbar in those circumstances; crowbars are perfectly legal and useful tools, but are misdemeanor / felony burglary tools IFF appropriate conditions exist.)
Finally, here are some very convincing WMV demo movies (warning: big file sizes!) showing how this works close up on absurdly complex & expensive locks (e.g. 15-pin 3-sided ones, or pin-in-pin "ultra high security" pins, etc). Ironically, this technique actually works better with good locks (i.e. ones with very close manufacturing tolerances).
Note: These videos will seriously make you go OMG (and laugh hysterically if you're a hacker).
I could give you plenty of good resources on how to pick keys the old fashioned way (i.e. with lockpicks), but that's frankly a skill that takes quite a bit of practice - and much more time in most cases. (Though it's very possible to get ~30% of locks within a few seconds with just a rake & tension wrench even for a newb.) This seems to be a much better method.
Of course, the lock manufacturers won't upgrade their wares until the public knows enough about it to demand better. It's certainly possible to defeat this technique... but it would require major revisions to lock design vs. what's currently in use on 99% of locks (including dimple locks). Basically, anything that's based on a spring mechanism is vulnerable; it works on Newton's Law.
To address the usual concerns:
1. security through obscurity, ain't - basic law of hacking
2. it's as legal as any other tool (e.g. a hammer)
3. a criminal is much more likely to do what they usually do, i.e. break something (e.g. a nearby window) instead of trying to be clever about it
4. maybe we'll all have fancy electronic locks in the next few years with enough pressure. :-)
Note: it's also possible to pick locks with a banana (not kidding!). But that takes some skill. ;-)
Edit: For an example of a bump-proof lock (PDF)... take a look at the Kaba Penta Frontview lock (@ ~1h20m into the last video). OMG INSANE! Dimple-type, 22 pin-in-pins, 5 *radial* rows, multiple design bottompins (impressionproof, bumpproof, pickproof, drillproof...), <.01mm tolerances... holy shit that's got to be a bitch to open if you lose the key. :-O Easier to just drill out the surrounding door most likely.
- Mood: impressed
( 'if ur hcker its nuthin to do such stuff i mean hackin email ids' )
[16:46] saizai1: what's the account name?
[16:48] saizai1: I think I can help you after all
[16:48] saizai1: it would amuse me.
[16:51] saizai1: I'll need the account name, what you want the password changed to, and what email address I should email when it's done
[16:51] saizai1: and the target person's name
[10:18] zohaib84: well thnx buddy
[10:18] zohaib84: email id is
[10:19] zohaib84: sid17_khan@hotmail.com
[10:19] zohaib84: target name is sadaf khan
[10:19] zohaib84: n i want u to change the password to zt3258
[10:19] zohaib84: its zt3258
[10:19] zohaib84: thnx alot
[12:42] saizai1: not a problem
*emails the log to sadaf khan*
[16:46] saizai1: what's the account name?
[16:48] saizai1: I think I can help you after all
[16:48] saizai1: it would amuse me.
[16:51] saizai1: I'll need the account name, what you want the password changed to, and what email address I should email when it's done
[16:51] saizai1: and the target person's name
[10:18] zohaib84: well thnx buddy
[10:18] zohaib84: email id is
[10:19] zohaib84: sid17_khan@hotmail.com
[10:19] zohaib84: target name is sadaf khan
[10:19] zohaib84: n i want u to change the password to zt3258
[10:19] zohaib84: its zt3258
[10:19] zohaib84: thnx alot
[12:42] saizai1: not a problem
*emails the log to sadaf khan*
![[info]](http://p-stat.livejournal.com/img/userinfo.gif){kind=small}
