"hacks" entries

Four short links: 25 November 2014

Four short links: 25 November 2014

NSA Playset, Open Access, XSS Framework, and Security Test Cases

  1. Michael Ossman and the NSA Playset — the guy who read the leaked descriptions of the NSA’s toolchest, built them, and open sourced the designs. One device, dubbed TWILIGHTVEGETABLE, is a knock off of an NSA-built GSM cell phone that’s designed to sniff and monitor Internet traffic. The ANT catalog lists it for $15,000; the NSA Playset researchers built one using a USB flash drive, a cheap SDR, and an antenna, for about $50. The most expensive device, a drone that spies on WiFi traffic called PORCUPINEMASQUERADE, costs about $600 to assemble. At Defcon, a complete NSA Playset toolkit was auctioned by the EFF for $2,250.
  2. Gates Foundation Announces World’s Strongest Policy on Open Access Research (Nature) — Once made open, papers must be published under a license that legally allows unrestricted re-use — including for commercial purposes. This might include ‘mining’ the text with computer software to draw conclusions and mix it with other work, distributing translations of the text, or selling republished versions. CC-BY! We believe that published research resulting from our funding should be promptly and broadly disseminated.
  3. Xenotixan advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is claimed to have the world’s 2nd largest XSS Payloads of about 4700+ distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. Xenotix Scripting Engine allows you to create custom test cases and addons over the Xenotix API. It is incorporated with a feature-rich Information Gathering module for target Reconnaissance. The Exploit Framework includes offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation.
  4. Firing Range — Google’s open source set of web security test cases for scanners.
Comment
Four short links: 16 October 2014

Four short links: 16 October 2014

Eye Catcher, Exoskeleton, Homebrew Cray, and Information Architecture

  1. Eye Catcher (We Make Money Not Art) — the most banal-looking wooden frame takes thus a life of its own as soon as you come near it. It quickly positions itself in front of you, spots your eyes and starts expressing ‘emotions’ based on your own. Eye Catcher uses the arm of an industrial robot, high power magnets, a hidden pinhole camera, ferrofluid and emotion recognition algorithms to explore novel interactive interfaces based on the mimicry and exchange of expressions.
  2. FORTIS Exoskeleton (Lockheed Martin) — transfers loads through the exoskeleton to the ground in standing or kneeling positions and allows operators to use heavy tools as if they were weightless. (via CNN)
  3. Homebrew Cray-1A – fascinating architecture, but also lovely hobby project to build the homebrew. The lack of Cray software archives horrifies the amateur historian in me, though. When I started building this, I thought “Oh, I’ll just swing by the ol’ Internet and find some groovy 70′s-era software to run on it.” It turns out I was wrong. One of the sad things about pre-internet machines (especially ones that were primarily purchased by 3-letter Government agencies) is that practically no software exists for them. After searching the internet exhaustively, I contacted the Computer History Musuem and they didn’t have any either. They also informed me that apparently SGI destroyed Cray’s old software archives before spinning them off again in the late 90′s.
  4. How Do Committees Invent? — 1968 paper that gave us organizations which design systems […] produce designs which are copies of the communication structures of these organizations. That was the 1968 version of the modern “your website’s sitemap is your org chart”.
Comment: 1
Four short links: 2 January 2014

Four short links: 2 January 2014

3D Model-to-Printer, GCode Visualizer, AC Power Control, and Public Domain Sadness

  1. slic3rconverts a digital 3D model into printing instructions for your 3D printer. It cuts the model into horizontal slices (layers), generates toolpaths to fill them and calculates the amount of material to be extruded.
  2. gCodeViewer — GCode is the “numerical control language” for telling extruders, mills, polishers, etc. where to move to and when. This open source package is a visual GCode visualizer, viewer and analyzer in your own browser! It works on any OS in almost any modern browser (chrome, ff, safari 6, opera, ie10 should work too). All you need to do – is drag your *.gcode file to the designated zone.
  3. AC Power Control with Arduinoin the video video and the code, we take an in depth look at the hardware for using Arduino interrupts to control AC power through a triac. Using a zero-crossing detector Arduino will detect the pulse then calculate a delay to control the power output to a load.
  4. What Didn’t Enter the Public Domain Today — a reminder of what the public domain lost because of the Sonny Bono/Disney copyright term extension, timely given there are bad times ahead.
Comment
Four short links: 2 December 2013

Four short links: 2 December 2013

Learning Machine Learning, Pokemon Coding, Drone Coverage, and Optimization Guide

  1. CalTech Machine Learning Video Library — a pile of video introductions to different machine learning concepts.
  2. Awesome Pokemon Hack — each inventory item has a number associated with it, they are kept at a particular memory location, and there’s a glitch in the game that executes code at that location so … you can program by assembling items and then triggering the glitch. SO COOL.
  3. Drone Footage of Bangkok Protests — including water cannons.
  4. The Mature Optimization Handbook — free, well thought out, and well written. My favourite line: In exchange for that saved space, you have created a hidden dependency on clairvoyance.
Comment
Four short links: 22 November 2013

Four short links: 22 November 2013

GAFE MOOCs, Recommendations Considered Self-Fulfilling Prophecy, Glitch Art Given, and Cool Visual Hack

  1. Google Educator MOOCs — online courses for teachers who use Google in their classrooms.
  2. Algorithms and AccountabilityThus, the appearance of an autocompletion suggestion during the search process might make people decide to search for this suggestion although they didn’t have the intention to. A recent paper by Baker and Potts (2013) consequently questions “the extent to which such algorithms inadvertently help to perpetuate negative stereotypes”. (via New Aesthetic Tumblr)
  3. Glitch Content Enters Public Domain — amazing contribution of content, not just “open sourcing” but using CC0 to give the public the maximum possible rights for reuse.
  4. Sprite Lampa tool to help game developers combine 2D art, such as digital painting or pixel art, with dynamic lighting. This is pretty darn cool. (via Greg Borenstein)
Comment
Four short links: 11 November 2013

Four short links: 11 November 2013

Squid in the Dark, Beautiful Automation, Fan Criticism, and Petabyte Queries

  1. Living Light — 3D printed cephalopods filled with bioluminescent bacteria. PAGING CORY DOCTOROW, YOUR ORGASMATRON HAS ARRIVED. (via Sci Blogs)
  2. Repacking Lego Batteries with a CNC Mill — check out the video. Patrick programmed a CNC machine to drill out the rivets holding the Mindstorms battery pack together. Coding away a repetitive task like this is gorgeous to see at every scale. We don’t have to teach our kids a particular programming language, but they should know how to automate cruft.
  3. My Thoughts on Google+ (YouTube) — when your fans make hatey videos like this one protesting Google putting the pig of Google Plus onto the lipstick that was YouTube, you are Doin’ It Wrong.
  4. Presto: Interacting with Petabytes of Data at Facebooka distributed SQL query engine optimized for ad-hoc analysis at interactive speed. It supports standard ANSI SQL, including complex queries, aggregations, joins, and window functions. For details, see the Facebook post about its launch.
Comment
Four short links: 13 August 2013

Four short links: 13 August 2013

Retro Hackery, Etsy Ops, Distributed Identity, and lolcoders

  1. How Things Work: Summer Games Edition — admire the real craftsmanship in those early games. This has a great description of using raster interrupts to extend the number of sprites, and how and why double-buffering was expensive in terms of memory.
  2. IAMA: Etsy Ops Team (Reddit) — the Etsy ops team does an IAMA on Reddit. Everything from uptime to this sage advice about fluid data: A nice 18 year old Glenfiddich scales extremely well, especially if used in an active active configuration with a glass in each hand. The part of Scotland where Glenfiddich is located also benefits from near-permanent exposure to the Cloud (several clouds in fact). (via Nelson Minar)
  3. Who Learns What When You Log Into Facebook (Tim Bray) — nice breakdown of who learns what and how, part of Tim’s work raising the qualify of conversation about online federated identity.
  4. lolcommits — takes a photo of the programmer on each git commit. (via Nelson Minar)
Comment
Four short links: 30 July 2013

Four short links: 30 July 2013

Transit and Peering, Quick Web Interfaces, Open Source Licensing, and RC Roach

  1. Why YouTube Buffers (ArsTechnica) — When asked if ISPs are degrading Netflix and YouTube traffic to steer users toward their own video services, Crawford told Ars that “the very powerful eyeball networks in the US (and particularly Comcast and Time Warner Cable) have ample incentive and ability to protect the IP services in which they have economic interests. Their real goal, however, is simpler and richer. They have enormous incentives to build a moat around their high-speed data networks and charge for entry because data is a very high-margin (north of 95 percent for the cable companies), addictive, utility product over which they have local monopoly control. They have told Wall Street they will do this. Yes, charging for entry serves the same purposes as discrimination in favor of their own VOD [video-on-demand], but it is a richer and blunter proposition for them.”
  2. Ink — MIT-licensed interface kit for quick development of web interfaces, simple to use and expand on.
  3. Licensing in a Post-Copyright WorldThis article is opening up a bit of the history of Open Source software licensing, how it seems to change and what we could do to improve it. Caught my eye: Oracle that relicensed Berkeley DB from BSD to APGLv3 [… effectively changing] the effective license for 106 other packages to AGPLv3 as well.
  4. RC Cockroaches (Vine) — video from Dale Dougherty of Backyard Brains Bluetooth RoboRoach. (via Dale Dougherty)
Comment
Four short links: 11 April 2013

Four short links: 11 April 2013

Automating NES Games, Code Review Tool, SaaS KPIs, and No Free Lunch

  1. A General Technique for Automating NES Gamessoftware that learns how to play NES games and plays them automatically, using an aesthetically pleasing technique. With video, research paper, and code.
  2. rietveld — open source tool like Mondrian, Google’s code review tool. Developed by Guido van Rossum, who developed Mondrian. Still being actively developed. (via Nelson Minar)
  3. KPI Dashboard for Early-Stage SaaS Startups — as Google Docs sheet. Nice.
  4. Life Without Sleep — interesting critique of Provigil as performance-enhancing drug for information workers. It is very difficult to design a stimulant that offers focus without tunnelling – that is, without losing the ability to relate well to one’s wider environment and therefore make socially nuanced decisions. Irritability and impatience grate on team dynamics and social skills, but such nuances are usually missed in drug studies, where they are usually treated as unreliable self-reported data. These problems were largely ignored in the early enthusiasm for drug-based ways to reduce sleep. […] Volunteers on the stimulant modafinil omitted these feedback requests, instead providing brusque, non-question instructions, such as: ‘Exit West at the roundabout, then turn left at the park.’ Their dialogues were shorter and they produced less accurate maps than control volunteers. What is more, modafinil causes an overestimation of one’s own performance: those individuals on modafinil not only performed worse, but were less likely to notice that they did. (via Dave Pell)
Comment
Four short links: 10 April 2013

Four short links: 10 April 2013

Street View Tiles Hacks, Policy Simulation, Map Tile Toolbox, and Connected Sensor Device HowTo

  1. HyperLapse — this won the Internet for April. Everyone else can go home. Check out this unbelievable video and source is available.
  2. Housing Simulator — NZ’s largest city is consulting on its growth plan, and includes a simulator so you can decide where the growth to house the hundreds of thousands of predicted residents will come from. Reminds me of NPR’s Budget Hero. Notice that none of the levers control immigration or city taxes to make different cities attractive or unattractive. Growth is a given and you’re left trying to figure out which green fields to pave.
  3. Converting To and From Google Map Tile Coordinates in PostGIS (Pete Warden) — Google Maps’ system of power-of-two tiles has become a defacto standard, widely used by all sorts of web mapping software. I’ve found it handy to use as a caching scheme for our data, but the PostGIS calls to use it were getting pretty messy, so I wrapped them up in a few functions. Code on github.
  4. So You Want to Build A Connected Sensor Device? (Google Doc) — The purpose of this document is to provide an overview of infrastructure, options, and tradeoffs for the parts of the data ecosystem that deal with generating, storing, transmitting, and sharing data. In addition to providing an overview, the goal is to learn what the pain points are, so we can address them. This is a collaborative document drafted for the purpose of discussion and contribution at Sensored Meetup #10. (via Rachel Kalmar)

Comments: 2