Ok, so who wants to one-up this and write a full-featured text-rasterizer in pure JS?
I propose a JavaScript that can load a server-side TTF file (or OpenType or whatever) and walk the DOM, reading the CSS font name, and replacing the normal text with a rendering of the same in the specified CSS font, but rendered by the JavaScript instead of by the browser so it is gaurenteed to be done right. Of course, if the user has no JS, it will fall back to the CSS font names (which require the user have the font installed) and if the user has no CSS, it will fall back HTML 3.6 fonts.
The wheels in my head are already turning...
Oh, and before any of you leeches goes and patents it, I hereby declare prior art on the concept, so there!
That's not new either. In any page where I use JavaScript I make sure that things still function sanely, albiet not as prettily without JS.
One definate advantage I see here over PNG seems to be the ability to select (for copy-paste) sections of the text (and thus less difference from "normal" text as far as the viewer is concerned)
Personally, I don't like the overuse of Flash, but then again, most people out there don't care if their sites look good in eLinks. (yes, it actually bothers me when a site looks funny in eLinks... go figure)
Well, considering you posted to Slashdot, I would assume that either you don't care if the authorities find out that their "bug" has been reappropriated, or perhaps you wish to blatenly rub that fact in their face? If your friend can be reasnoably certain that the bug did not capture any sensitive conversation (which I might guess is the case by her willingness to trust you with the drive rather than destrying it outright), then why not post a torrent? I'm sure plenty of amatuer and moonlight crypanalysists, file-system and audio engineers would love to check that data out. You can use "cat/dev/hdb | gzip >/image.gz" to pull the image off the drive, compress it, and dump it into a file which you could then release to the public.
Most filesystems store data at the lowest level in a more-or-less raw format on the disk for performance reasons. (on-the-fly compression or encryption is CPU intensive) Even something like ReiserFS would have chunks of recognizable (though perhaps out-of-order) raw audio file visible on the drive. Try feeding the output to your sound card. A good way to do this would be with "SoX" (Sound eXchange, an audio conversion tool for linux... "apt-get install sox"). SoX comes with "play" a command which basically just sends data to the sound card, and for raw data allows you to specify what format (8 bit or 16 bit? 22khz or 48khz?) it should play the audio at. Also if you suspect something other than 8 or 16 bit, try bitshifting the sample a couple times so that the first sample begins on a byte boundry.
Another useful tool is called "ent", which applies a number of entropy tests to a sample. True raw audio data should have only some entropy. Blank filesystem structure should have almost no entropy. Encrypted or very highly compressed data will appear to be almost entirely entropy. ("apt-get install ent" on Debian or Knoppix)
You could anylise the drive in chunks to see how much is filled with medium entropy (uncompressed audio), how much is high entropy (encrypted or compressed data) and how much has almost no entropy (empty space), and using this statistic in conjunction with any info you can find on the sample rate and number of bits from the chip, calculate how much audio is stored on the drive, and thus how long it has been installed.
I've seen that "line-drawing" before. It is probably just your BIOS telling you it can't find a boot sector on the drive. (which isn't terribly supprising) But if the people who made the device were particularily nefarious, it could be a fake splash screen which only *looks* like your BIOS, at which you must enter the secret code to proceed into the true playback application. (But that's almost too far-fetched to be a possibility. almost...) If you really wanted to eliminate that possablity, you would use hexedit (apt-get install hexedit) to look at the first sector for the magic number. it should be at the end of the sector (offset of 512k minus 4 I think), but I can't remember off the top of my head what the magic number is supposed to be for bootable i386 media. If the magic number is not there, that splash screen is just your BIOS. (Also a good way to check for stealth-boot-sector viruses. >:-} )
Anyway, good luck, and I hope you have firm legal ground to stand on where you are. Be careful. Angry Feds are not a pleasant thing.
Dude, that's like, totally bogus! Try using the Fish on it... Maybe its in like, Polish or something...
Seriously, it would be interesting to see the technology behind Google Translate or AltaVista Babelfish applied not only to proper languages but also to specialized jargon and dialects: Legalase, Technobabble, maybe even Diner.
Hmmm, imagine using the fish to translate "From Legalese to Engrish" *cringes*
Somebody please amend the OP. When the site finishes melting down no one will have a clue what this is about:
Essentially it is just a bunch of puzzle pieces with 2-D barcodes printed on them, and a computer+webcam+python used as a barcode reader.
(oh, and as a bonus, the 2-D barcodes are somewhat colored so that it looks like a picture from a distance.)
It is no more a "Jigsaw Puzzle Solver" than a locomotive's wheels are an autopilot decive. They each achieve the end goal only when the rails have been laid in advance.
Its been a while since I hacked up any real-mode 8086 code, but... Shouldn't there be a way dump the modded BIOS into shadow RAM and execute it to test that the system doesn't crash hard with the modded BIOS before actually flashing anything? (it should look like a warm boot to the BIOS and hardware, and if it fails, just poweroff and you have your original BIOS back) I mean as long as the system boots well enough to be able to run the flash app, it should be safe to flash, since you can always just flash back if you screwed up something more subtle.
America's Army official servers all run unmoderated, relying on the automated PunkBuster system to weed out hackers. Unfortunately it just plain doesn't work. AA has been getting as bad as Red Faction was with hacks recently. I hope they do something effective, although threats may not be the best way to do it. They ought to look into something other than punkbuster, for example UT had quite a few independantly-developed anti-cheat mods which worked quite well, and AA runs on the UT engine anyway... I'm tired of rapid-fire 203s, dammit!
I have a nice 55" Philips rear-projection HDTV powered by 3 CRT tubes. The picture is awesome, the contrast is great, and there is no annoying color-shift or contrast change when not viewing dead-on. I would consider an LCD rear-projection to be a step down, and I won't buy plasma with the burnout problems. Now OLED is a different story; I would jump on that in a minute if I could get 60 inches of it for under 3 G's. Full-size high-contrast active-matrix flatpanel LCD with EL backlight might be ok too... maybe. But only if I can't get OLED.
Actually that's exactly what I read too. It sounded interesting. Then I realized it was only a teleprompter. That's old news. Been there, built that.;) I built a teleprompter from an old pentium laptop, a floppy disk, a parellel cable, 3 Roland DP-12 foot pedals, and some assembly code. Works great. My friend Johnny used it when he toured with Axel Rudi Pell in europe early this year. It runs right from the bootloader off a floppy; no OS or hard drive needed. I wrote my own variable-width bitmap font engine, so I can use pretty much any size bitmap font on the screen for easy readability. As far as user-interface, there are two modes: title mode, and lyric mode. The center foot pedal flips between the two modes. When in lyric mode, the lyrics for a particular title are displayed on the screen one page at a time, and the left and right pedals flip through pages. When in title mode, one title is displayed on the screen at a time (along with any notes about the title), and left and right pedals flip through titles.
Not that I would know, being but a lowly techwizard myself, but perhaps you should go to the source? Universities are still popping out MBAs like it's going out of style. Find a reputable university and ask their job placement department or business professors about fresh MBAs to exploit. Or if you prefer slightly aged MBA, perhaps your local headhunter (the one who was always trying to sell you extra ALGOL programmers and VAX technicians) knows of an MBA who has recently dropped off the corporate radar due to cutbacks or outsourcing. Obviously said executive would be in no position to hire normal headhunter fare without a company, but would likely welcome with open arms the full hit-it-big package complete with techwizardry, angel investors and solid gold ideas. -CyberVenom
Speaking of SurfCity, they will be providing fiber service over Verizon's hardware as soon as Verizon gets around to actually installing said hardware. Just ask Rosemary.:-) (I'm a SurfCity customer too, unfortunately I don't live in any of the fiber roll-out areas and my current apartment wiring is barely dealing with 768/128...)
My guess would be Raven. They have always worked closely with id and are often one of the first to use the new id engines. id does an awesome job technically, and Raven takes the engine, mods the hell out of it (um, pun not really intended, but hey, it works) and makes something equally spiffy on the technical end, but a bit cooler from the gameplay side.
As you guessed, I haven't had time to play with this feature. (I only found the article a couple of days ago and haven't reinstalled anything windows since) I would guess that they wouldn't affect the molasses factor, but I may be wrong if it eliminates some of the registry clutter that otherwise accompanies the SP4 install. (And, yes, I have noticed that the SP4 install slows the computer to the point of making XP look fast. Coincidence? I don't know, but I wish I could get "Windows 2000 Second Edition". If they could clean it up and integrate the service pack fixes, it would be a very appealing product. (And no, XP is not 2kSE, I'm talking about something that only fixes problems, not that adds new features.)
Actually, if you don't spring for the extras, ActivePerl is free (As much as ActiveState would like to prevent you from realizing that). The package that includes the.exe compiler and the service compiler costs money, but the base free package covers pretty much exactly the same functionality as you get on Unix systems with the additional benefit of being able to use some Windows-native features like OLE and ODBC.
Reinstalling windows is a normal part of using the OS, and you will surely be doing it soon - that may be the best time to resolve this. Microsoft has an official (and overly complicated) procedure for integrating the service pack installations into the base windows install. (This is aimed mostly at OEMs and Sysadmins, but any tech-savvy geek should be able to accomplish it with minimal head-banging) When installed in this manner, the service packs and security hotfixen do not leave backup data or Add/Remove programs entires. See the "Combination Installation" section of this article: http://www.microsoft.com/technet/archive/security/ tools/tools/hfdeploy.mspx (This is for 2000, and I'm not sure if you can do the same to XP) Just a thought, but if you dig through the appropriate resource kit utilities and knowledgebase docs, you may find a way to put all this on the install CD. (maybe as simple as dumping it in the i386 folder?) A script to automatically build a windows install+sp+hotfix iso from an install CD and a pile of hotfix and service pack files would be a tool well appreciated by the community and an interesting evening project for any geek with too much spare time.;) Just imagine not having to install all the old hotfixen separately every time you reinstall windows!
Well, like any contract, it is a two sided agreement. If you are a highly skilled employee, you should be able to propose an altered contract with your employer that specifically omits the more insane parts of the non-compete clauses. If you are a valuable enough asset to them, they will agree to an altered (within reason) contract. If you are not valuable enough, I wonder how long they will keep you before budget concerns force them to cull the lower ranks and drop you on your 2-year contractual non-compete clause?
Not "Free Software" in the RMS sense, but still transparent source: you could simply publish the source under age-old copyright law. Just like a script to a movie. The author (or developer) still retains all rights to the script (the source), but the public gets to read it, and maybe even act it out with their friends at home (akin to compiling the source yourself for testing), but is forbidden from creating directly derived works or publishing their own movies from the script...
Maybe, but one must consider:
Does the reverse-engineering of a virus directly test the security of a computer system?
I would have to say, no, although reverse-engineering of the operating system in the name of discovering potential exploitable holes would fall under this clause.
Strangely, that would mean that by the letter of the law, in the act of making a virus, the viruswriter has more leagal grounds than the AV professional has in the analysis of that virus. (The release of the virus into the wild, or even the intent to do so would fall under another damages-related law I'm sure, but the DMCA security testing clause would be an interesting defense for a virus writer caught in the act of writing a virus, but with no proof of intent to release it.)
(I'm not sure if this works; haven't had a chance to try it yet, but it should. It should also be noted that if you actually do start 2 debuggers on the same process, the debuggers will end up debugging each other and getting rather confused...)
Along the lines of "Debugging itself", the virus could use the INT3 trick. This could be teoretically patched out of the virus, but it gets very hard to deal with if INT3 is actually used extensively in the code for more than just a debugger check, since remapping many instances of INT3 (a 1-byte opcode) to a different 2-byte INTterupt would cause problems with overwriting memory or skewing offsets, making debugging a real pain.
The PSAPI is used under Win32 to debug processes. SoftICE bypasses this, but most other debuggers have to use this API in order to gain access to the target program's memory space without generating a protection fault.
It's ok, man! Just bust out your L337 H4X0R 5K1LLZ and patch Kernel32.dll:-D Of if you're really lazy, just ask nicely and I'll make a anti-anti-debugger patch for K32 when I get home.:-p Oh, wait, that would violate DMCA wouldn't it, since I live in the US...? Which begs the question: Can the code used in a virus be copyrighted, and if so, can the DMCA be used to prevent reverse-engineering? What if the virus contains legitimate copyrighted code stolen from a respectable organization - could the DMCA be used in this case to prevent the AV companies from dissecting the proprietary code?
Slashdot Mirror
Ok, so who wants to one-up this and write a full-featured text-rasterizer in pure JS?
I propose a JavaScript that can load a server-side TTF file (or OpenType or whatever) and walk the DOM, reading the CSS font name, and replacing the normal text with a rendering of the same in the specified CSS font, but rendered by the JavaScript instead of by the browser so it is gaurenteed to be done right. Of course, if the user has no JS, it will fall back to the CSS font names (which require the user have the font installed) and if the user has no CSS, it will fall back HTML 3.6 fonts.
The wheels in my head are already turning...
Oh, and before any of you leeches goes and patents it, I hereby declare prior art on the concept, so there!
same idea, just done client-side, which saves bandwidth.
That's not new either. In any page where I use JavaScript I make sure that things still function sanely, albiet not as prettily without JS.
One definate advantage I see here over PNG seems to be the ability to select (for copy-paste) sections of the text (and thus less difference from "normal" text as far as the viewer is concerned)
Personally, I don't like the overuse of Flash, but then again, most people out there don't care if their sites look good in eLinks. (yes, it actually bothers me when a site looks funny in eLinks... go figure)
Check out KDE's offering in this respect.
t tp://packages.debian.org/unstable/net/krfb
krdc and krfb claim to be RDP and VNC compatible.
http://packages.debian.org/unstable/net/krdc
h
Well, considering you posted to Slashdot, I would assume that either you don't care if the authorities find out that their "bug" has been reappropriated, or perhaps you wish to blatenly rub that fact in their face? If your friend can be reasnoably certain that the bug did not capture any sensitive conversation (which I might guess is the case by her willingness to trust you with the drive rather than destrying it outright), then why not post a torrent? I'm sure plenty of amatuer and moonlight crypanalysists, file-system and audio engineers would love to check that data out. You can use "cat /dev/hdb | gzip > /image.gz" to pull the image off the drive, compress it, and dump it into a file which you could then release to the public.
Most filesystems store data at the lowest level in a more-or-less raw format on the disk for performance reasons. (on-the-fly compression or encryption is CPU intensive) Even something like ReiserFS would have chunks of recognizable (though perhaps out-of-order) raw audio file visible on the drive. Try feeding the output to your sound card. A good way to do this would be with "SoX" (Sound eXchange, an audio conversion tool for linux... "apt-get install sox"). SoX comes with "play" a command which basically just sends data to the sound card, and for raw data allows you to specify what format (8 bit or 16 bit? 22khz or 48khz?) it should play the audio at. Also if you suspect something other than 8 or 16 bit, try bitshifting the sample a couple times so that the first sample begins on a byte boundry.
Another useful tool is called "ent", which applies a number of entropy tests to a sample. True raw audio data should have only some entropy. Blank filesystem structure should have almost no entropy. Encrypted or very highly compressed data will appear to be almost entirely entropy. ("apt-get install ent" on Debian or Knoppix)
You could anylise the drive in chunks to see how much is filled with medium entropy (uncompressed audio), how much is high entropy (encrypted or compressed data) and how much has almost no entropy (empty space), and using this statistic in conjunction with any info you can find on the sample rate and number of bits from the chip, calculate how much audio is stored on the drive, and thus how long it has been installed.
I've seen that "line-drawing" before. It is probably just your BIOS telling you it can't find a boot sector on the drive. (which isn't terribly supprising) But if the people who made the device were particularily nefarious, it could be a fake splash screen which only *looks* like your BIOS, at which you must enter the secret code to proceed into the true playback application. (But that's almost too far-fetched to be a possibility. almost...) If you really wanted to eliminate that possablity, you would use hexedit (apt-get install hexedit) to look at the first sector for the magic number. it should be at the end of the sector (offset of 512k minus 4 I think), but I can't remember off the top of my head what the magic number is supposed to be for bootable i386 media. If the magic number is not there, that splash screen is just your BIOS. (Also a good way to check for stealth-boot-sector viruses. >:-} )
Anyway, good luck, and I hope you have firm legal ground to stand on where you are. Be careful. Angry Feds are not a pleasant thing.
Dude, that's like, totally bogus! Try using the Fish on it... Maybe its in like, Polish or something...
Seriously, it would be interesting to see the technology behind Google Translate or AltaVista Babelfish applied not only to proper languages but also to specialized jargon and dialects: Legalase, Technobabble, maybe even Diner.
Hmmm, imagine using the fish to translate "From Legalese to Engrish" *cringes*
Somebody please amend the OP. When the site finishes melting down no one will have a clue what this is about:
Essentially it is just a bunch of puzzle pieces with 2-D barcodes printed on them, and a computer+webcam+python used as a barcode reader.
(oh, and as a bonus, the 2-D barcodes are somewhat colored so that it looks like a picture from a distance.)
It is no more a "Jigsaw Puzzle Solver" than a locomotive's wheels are an autopilot decive. They each achieve the end goal only when the rails have been laid in advance.
-CV
Its been a while since I hacked up any real-mode 8086 code, but...
Shouldn't there be a way dump the modded BIOS into shadow RAM and execute it to test that the system doesn't crash hard with the modded BIOS before actually flashing anything? (it should look like a warm boot to the BIOS and hardware, and if it fails, just poweroff and you have your original BIOS back)
I mean as long as the system boots well enough to be able to run the flash app, it should be safe to flash, since you can always just flash back if you screwed up something more subtle.
America's Army official servers all run unmoderated, relying on the automated PunkBuster system to weed out hackers. Unfortunately it just plain doesn't work. AA has been getting as bad as Red Faction was with hacks recently. I hope they do something effective, although threats may not be the best way to do it. They ought to look into something other than punkbuster, for example UT had quite a few independantly-developed anti-cheat mods which worked quite well, and AA runs on the UT engine anyway... I'm tired of rapid-fire 203s, dammit!
hear hear!
I have a nice 55" Philips rear-projection HDTV powered by 3 CRT tubes. The picture is awesome, the contrast is great, and there is no annoying color-shift or contrast change when not viewing dead-on. I would consider an LCD rear-projection to be a step down, and I won't buy plasma with the burnout problems.
Now OLED is a different story; I would jump on that in a minute if I could get 60 inches of it for under 3 G's.
Full-size high-contrast active-matrix flatpanel LCD with EL backlight might be ok too... maybe. But only if I can't get OLED.
-CyberVenom
Actually that's exactly what I read too. It sounded interesting. Then I realized it was only a teleprompter. That's old news. Been there, built that. ;) I built a teleprompter from an old pentium laptop, a floppy disk, a parellel cable, 3 Roland DP-12 foot pedals, and some assembly code. Works great. My friend Johnny used it when he toured with Axel Rudi Pell in europe early this year. It runs right from the bootloader off a floppy; no OS or hard drive needed. I wrote my own variable-width bitmap font engine, so I can use pretty much any size bitmap font on the screen for easy readability. As far as user-interface, there are two modes: title mode, and lyric mode. The center foot pedal flips between the two modes. When in lyric mode, the lyrics for a particular title are displayed on the screen one page at a time, and the left and right pedals flip through pages. When in title mode, one title is displayed on the screen at a time (along with any notes about the title), and left and right pedals flip through titles.
Not that I would know, being but a lowly techwizard myself, but perhaps you should go to the source? Universities are still popping out MBAs like it's going out of style. Find a reputable university and ask their job placement department or business professors about fresh MBAs to exploit.
Or if you prefer slightly aged MBA, perhaps your local headhunter (the one who was always trying to sell you extra ALGOL programmers and VAX technicians) knows of an MBA who has recently dropped off the corporate radar due to cutbacks or outsourcing. Obviously said executive would be in no position to hire normal headhunter fare without a company, but would likely welcome with open arms the full hit-it-big package complete with techwizardry, angel investors and solid gold ideas.
-CyberVenom
Speaking of SurfCity, they will be providing fiber service over Verizon's hardware as soon as Verizon gets around to actually installing said hardware. Just ask Rosemary. :-) (I'm a SurfCity customer too, unfortunately I don't live in any of the fiber roll-out areas and my current apartment wiring is barely dealing with 768/128...)
My guess would be Raven. They have always worked closely with id and are often one of the first to use the new id engines. id does an awesome job technically, and Raven takes the engine, mods the hell out of it (um, pun not really intended, but hey, it works) and makes something equally spiffy on the technical end, but a bit cooler from the gameplay side.
As you guessed, I haven't had time to play with this feature. (I only found the article a couple of days ago and haven't reinstalled anything windows since)
I would guess that they wouldn't affect the molasses factor, but I may be wrong if it eliminates some of the registry clutter that otherwise accompanies the SP4 install. (And, yes, I have noticed that the SP4 install slows the computer to the point of making XP look fast. Coincidence? I don't know, but I wish I could get "Windows 2000 Second Edition". If they could clean it up and integrate the service pack fixes, it would be a very appealing product. (And no, XP is not 2kSE, I'm talking about something that only fixes problems, not that adds new features.)
Actually, if you don't spring for the extras, ActivePerl is free (As much as ActiveState would like to prevent you from realizing that). The package that includes the .exe compiler and the service compiler costs money, but the base free package covers pretty much exactly the same functionality as you get on Unix systems with the additional benefit of being able to use some Windows-native features like OLE and ODBC.
Reinstalling windows is a normal part of using the OS, and you will surely be doing it soon - that may be the best time to resolve this. Microsoft has an official (and overly complicated) procedure for integrating the service pack installations into the base windows install. (This is aimed mostly at OEMs and Sysadmins, but any tech-savvy geek should be able to accomplish it with minimal head-banging) When installed in this manner, the service packs and security hotfixen do not leave backup data or Add/Remove programs entires./ tools/tools/hfdeploy.mspx ;) Just imagine not having to install all the old hotfixen separately every time you reinstall windows!
See the "Combination Installation" section of this article: http://www.microsoft.com/technet/archive/security
(This is for 2000, and I'm not sure if you can do the same to XP)
Just a thought, but if you dig through the appropriate resource kit utilities and knowledgebase docs, you may find a way to put all this on the install CD. (maybe as simple as dumping it in the i386 folder?) A script to automatically build a windows install+sp+hotfix iso from an install CD and a pile of hotfix and service pack files would be a tool well appreciated by the community and an interesting evening project for any geek with too much spare time.
Well, like any contract, it is a two sided agreement. If you are a highly skilled employee, you should be able to propose an altered contract with your employer that specifically omits the more insane parts of the non-compete clauses. If you are a valuable enough asset to them, they will agree to an altered (within reason) contract. If you are not valuable enough, I wonder how long they will keep you before budget concerns force them to cull the lower ranks and drop you on your 2-year contractual non-compete clause?
Not "Free Software" in the RMS sense, but still transparent source: you could simply publish the source under age-old copyright law. Just like a script to a movie. The author (or developer) still retains all rights to the script (the source), but the public gets to read it, and maybe even act it out with their friends at home (akin to compiling the source yourself for testing), but is forbidden from creating directly derived works or publishing their own movies from the script...
Maybe, but one must consider:
Does the reverse-engineering of a virus directly test the security of a computer system?
I would have to say, no, although reverse-engineering of the operating system in the name of discovering potential exploitable holes would fall under this clause.
Strangely, that would mean that by the letter of the law, in the act of making a virus, the viruswriter has more leagal grounds than the AV professional has in the analysis of that virus. (The release of the virus into the wild, or even the intent to do so would fall under another damages-related law I'm sure, but the DMCA security testing clause would be an interesting defense for a virus writer caught in the act of writing a virus, but with no proof of intent to release it.)
Along the lines of "Debugging itself", the virus could use the INT3 trick. This could be teoretically patched out of the virus, but it gets very hard to deal with if INT3 is actually used extensively in the code for more than just a debugger check, since remapping many instances of INT3 (a 1-byte opcode) to a different 2-byte INTterupt would cause problems with overwriting memory or skewing offsets, making debugging a real pain.
The PSAPI is used under Win32 to debug processes. SoftICE bypasses this, but most other debuggers have to use this API in order to gain access to the target program's memory space without generating a protection fault.
It's ok, man! Just bust out your L337 H4X0R 5K1LLZ and patch Kernel32.dll :-D :-p
Of if you're really lazy, just ask nicely and I'll make a anti-anti-debugger patch for K32 when I get home.
Oh, wait, that would violate DMCA wouldn't it, since I live in the US...?
Which begs the question: Can the code used in a virus be copyrighted, and if so, can the DMCA be used to prevent reverse-engineering? What if the virus contains legitimate copyrighted code stolen from a respectable organization - could the DMCA be used in this case to prevent the AV companies from dissecting the proprietary code?
Well, he seems to have a Slashdot account, and we all know how well Slashdot verifies its users, so of course you can trust him!