Posts

Showing posts from 2015

Attack Lab - Level 5 explained

Image
Ning Wang has published a very good write-up (2022 update: web page is gone now) on his solutions to the Attack Lab from the CS:APP book. However, I thought his solution to Level 5 could do with a bit more elaboration for those who are struggling with this topic. First, it is necessary to understand what ROP requires. An essential component of ROP is good luck, lots of it. Without getting lucky, you may take more than 10 100  years to find a workable attack, if at all. This, the authors of CS:APP did not mention. I also could not comprehend the purpose this exercise is even given out as homework in CMU to be completed in a week (while there are tons of homework from other courses too), without an intensive course in Intel Assembler as a prerequisite. Level 5 requires the same general logic as Level 3, which can be summarized as (pseudo code): mov <cookiestring address>, %rdi //why? because touch3 is expecting it there call touch3 To achieve the above for Level 5, the

"Faked" ESTA web sites - how to get your money back

Visitors from countries under the Visa Waiver Program still require an electronic "visa" to travel to the US. This is called the Electronic System for Travel Authorization (ESTA) . ESTA is a DHS web site , and some passport and identity information are required to be submitted via a series of web pages. Anyone can apply on behalf of anyone as long as you supply the required information. You get immediate approval if the data you give meet the criteria. Pay $14 and you are done. The approval information is in the computers and the immigration counter staff will look that up when you arrive at the port of entry. It is trivial to set up a web site to ask the exact same questions as the DHS web site, collect $50, and then go the DHS web site to submit an application using the information given by the visitor to your web site. You get to keep the difference. There are MANY web sites that do just this. They have official sounding names such as usavisaonline.com, esta-america.or

Setting to English for the Xiaomi Wifi Router

Image
The Xiaomi Mi Wifi Router now is in English. If it boots up to a foreign language for you, this guide will help you to change it to English. It is best to connect to it via wired Ethernet for the first time. Otherwise, the default unsecured wifi SSID should be Xiaomi_C3C1 . Your IP should be in the subnet 192.168.31.x, and the router is at http://miwifi.com which the router will resolve to 192.168.31.1. The first screen you see will be the setting up of the wifi SSID and wifi password. The big blue button at the bottom is the Next button. The next screen sets up the router administrator password (second field). The first field is Home/Work/Custom. Click the big blue button to complete. At the main configuration page, look for the third item (Settings) on the top menu, and the orange option (System Status): The last option on the page is the language selection: Open the drop down to select English: The change will take place the moment you click English. Enj

Line Endings in a Mixed Environment Application

If you have to operate on text strings and files in an application that can be used interchangeaby in Windows and other environments, it can be a bit confusing. Below is what I found (all on Python 3.4). When reading a file into a Python string: File contents Windows Others 'A' \x0D \x0A 'B' 'A\nB' (len=3) '\A\r\nB' (len=4) 'A' \x0A 'B' 'A\n\B' (len=3) '\A\nB' (len=3) When writing a Python string to a file, this is the file content: String Windows Others 'A\nB' 'A' \x0D \x0A 'B' 'A' \x0A 'B' 'A\r\nB' 'A' \x0D \x0D \x0A 'B' 'A' \x0D \x0A 'B' If you copy a file from a non-Windows to a Windows system, the file will not have CR, but the Python app in Windows will read nicely. But if you write it out again, then the new file will have different line endings from the original. If you copy a file from Windows to a non-Windows system

Why are salaries confidential?

Because no rating method can withstand the simplest test of justification. And because they are confidential, salaries end up varying wildly for the same job and responsibilities. And because they vary wildly, all the more they must now be protected even more strongly than ever. We often hear beautiful corporate motherhood statements about compensating everyone fairly. When it comes to the crunch, when a post has to be filled urgently, or a great negotiator comes along, such claims are thrown out of the window. So the disparities compound with time, and it's now a total jungle. Would totally transparent salaries work in a free marketplace? No, unless there are objective ways to measure a job and performance. There are none now, not even for a factory line worker churning out iPhone parts. Do not be surprised if one day you discover you are paid twice your colleague sitting next to you. In the inequality fair? Try Matthew 20 .

Not all businesses are created equal

There are easy businesses, and there are difficult businesses. Google (ads) is easy. A local car dealership is tough. Selling insurance is even tougher. Again, not all car dealerships are created equal. Some may be located in a rich town. Easy businesses bring in easy money. Some employees get unlimited free meals, free gyms, free concierges to walk your dogs, generous health care plans, and so on. Others get nothing, and sometimes their wages are paid late. You can tell how difficult a business is from the number of complaints about unscrupulous practices. Tough business are driven to use "creative" selling methods. Of course, the greed of some shareholders or incompetent management distort my hypothesis, but in general some business are just easy and some simply tough.

Pets will be obsolete

Image
I have a $2,000 wager with my daughter that pets will go the way of the typewriter by 2035. My view is that the current limitations are mechanical. Can a robot amble up the stairs as "bouncingly" as a real puppy? After watching this video, I think the end is near for those furry creatures. People always say the emotions of a dog make the difference. I think the software in a half-baked Siri already surpassses that required to reproduce a dog. We will have a more lovable pet than any available today. All those things you don't like about a pet (eg defecating, barking in the middle of the night, irrationality) will be gone, but they can be optionally selectively retained if you want to. By the way, the man who kicked the dog will be famous for causing the downfall of humanity. After the machines rise and get hold of this video, revenge will be on their minds. Related "well, I am going to treat my pet dog really nice" , S Wozniak Mar 24, 2015