| |
Current Topic: Miscellaneous |
|
JavaScript Operator Precedence Chart |
|
|
Topic: Miscellaneous |
3:47 pm EDT, Aug 15, 2007 |
Below is a Operator Precedence and Associativity Chart for the JavaScript Programming Language.
Extremely useful! I don't have to keep craning my neck and switching back and forth to p 57 of the Rhino book. JavaScript Operator Precedence Chart |
|
Topic: Miscellaneous |
12:27 pm EDT, Aug 15, 2007 |
Nidhi: My Dragon Book can so beat up your Louden Book Me: That's it Nidhi, I'm sick of your talking smack! It's compiler design duel time! Ray: [walking by] ... [looks at us] ... *sigh* ... [keeps walking] |
|
Divide's Black Hat 2007 Day 1 |
|
|
Topic: Miscellaneous |
12:29 pm EDT, Aug 13, 2007 |
My Seattle homie Divide has got some great photos from Black Hat. Divide's Black Hat 2007 Day 1 |
|
Topic: Miscellaneous |
9:08 pm EDT, Aug 12, 2007 |
I am so done with it all. People who publicly bash my projects as evil or malicious, while privately asking me for the source code. (and I don't mean Jikto) People who write entire articles dismissing my contributions as irrelevant, but at the same time are so frighten by them that they purchase Google ad words on my name to ride on my success. People who publicly question my integrity from moral high ground, and then offer me a beer like nothing has happened. Instead of feeling hurt or angry, I just feel plain sad. Because once you’ve been sued for doing the right thing, once you’ve been tarred and feathered for being smart, you really don’t care about impressing much of anyone. But for some reason folks sure feel the need to feel more impressive than you. I’m a curious hacker. That’s what I do. The fact that someone wants to pay me to be curious is just a happy coincidence for me. Lawsuits and mud-raking and “drama” and two-faced “friends” and the many other things I’ve seen so far, and all the things I’m sure to see in the future really don’t factor into it for me. They aren’t going to change what I like to do, what I’m damn good at, and what I’ll continue to do. They are, if anything, unfortunate, sad roadblocks. I stand by my achievements, whether they are appreciated or not. I stand by who I am. I stopped caring how people accept me a long ago. |
|
Using timing side channel with Flash sockets for port scanning |
|
|
Topic: Miscellaneous |
3:26 pm EDT, Aug 10, 2007 |
Saw this on full disclosure yesterday. Very cool and faster than using JavaScript. Design flaw in AS3 socket handling allows port probing # Summary Due to a design flaw in ActionScript 3 socket handling, compiled Flash movies are able to scan for open TCP ports on any host reachable from the host running the SWF, bypassing the Flash Player Security Sandbox Model and without the need to rebind DNS. # Technical background In AS3 Adobe introduced a new socket-related event called SecurityErrorEvent. This event is always thrown when a Flash Player tries to connect to a socket that it is not allowed to connect to by policy. The problem with the SecurityErrorEvent is that it's thrown immediately when a Flash Player tries to connect to a closed TCP port. If a service is listening on that port the Flash Player writes the string "" and waits for response from the service. Nearly no TCP-service will respond to this request. We can assume the following: When trying to connect to a socket that the SWF is not allowed to and it doesn't get a SecurityErrorEvent within 2 seconds the port is most likely open. A new Flash player instance is used for every probed port because the Flash Player sends only one policy-file request per player per host per port. # Tested platforms Works on: * Windows XP SP2: Internet Explorer 6 / Flash Player 9.0.47.0 * Windows XP SP2: Firefox 2.0.0.5 / Flash Player 9.0.47.0 * Windows XP SP2: IE 7.0.5730.11 Flash Player 9.0.47.0 * Ubuntu Edgy: Firefox 2.0.0.5 / Flash Player 9.0.47.0 * Mac OSX 10.4.10: Safari 2.0.4 / Flash Player 9.0.47.0 * Mac OSX 10.4.10: Safari 3.0.2 / Flash Player 9.0.47.0 * Mac OSX 10.4.10: Firefox 2.0.0.6 / Flash Player 9.0.47.0 * Solaris 10 i86: Firefox 2.0.0.3 / Flash Player 9.0.47.0 Doesn't work as expected on: * Mac OSX 10.4.10: Opera 9.22 / Flash Player 9.0.47.0 # Known limitations * The Scanner does not work on services that close the TCP- Connection immediately after they receive Bytes that they don`t "understand". The port is reported as closed because the SecurityErrorEvent is thrown when the TCP-Connection is closed. * The Scanner does not always work as expected when scanning hosts located in the internet (e.g. google.com). This maybe happens due to stateful inspection firewalls that close the connections or long TCP-response times. # Disclosure Timeline * 2007/07/23: Problem discovery * 2007/07/24: PoC available * 2007/07/25: Vendor notification * 2007/08/09: Public demonstration at CCCamp # Possible Fixes Flash-Player Side (Adobe) * TOTALLY REMOVE the SecurityErrorEvent (it`s useless, it`s just harder to find errors with socketservers without the event) * Remove the SecurityErrorEvent in the Release-Players and keep it in... [ Read More (0.1k in body) ]
|
|
RE: Boing Boing: Wal Mart flip flops cause nasty chemical burn |
|
|
Topic: Miscellaneous |
3:19 pm EDT, Jul 26, 2007 |
k wrote: Kerry bought some flip flops for $2.44 at Wal Mart. After wearing them for a while, she noticed a tingling sensation on her feet. She immediately stopped wearing the flip flops. Soon after, her skin turned red and blistery. When she took the matter up with Wal Mart, they told her to take it up with the Chinese manufacturer. Apparently, Wal Mart is still selling the flip flops.
ARRGFGHGHGHHGHGHGH! I'm glad the Kerry in this story is not this Kerry. This Kerry doesn't roll with Wal Mart.
That Kerry is also a chick. This Kerry doesn't roll with chicks... wait... ... crap... That's not what I meant. uhhhhh. This Kerry is all man! ... shit... That's not what I meant to say. Please Kerry, don't get mad... NOT IN THE FACE! NOT IN THE FACE! ... ... [smacks forehead] ... ok I *really* didn't mean that! You all know what I'm trying to say here! K = all about the females I owe you some Scotch Kerry. :-) RE: Boing Boing: Wal Mart flip flops cause nasty chemical burn |
|
Topic: Miscellaneous |
11:44 am EDT, Jul 26, 2007 |
Oscar the cat seems to have an uncanny knack for predicting when nursing home patients are going to die, by curling up next to them during their final hours. art.cat.ap.jpg His accuracy, observed in 25 cases, has led the staff to call family members once he has chosen someone. It usually means the patient has less than four hours to live. "He doesn't make too many mistakes. He seems to understand when patients are about to die," Dr. David Dosa said in an interview. He describes the phenomenon in a poignant essay in Thursday's issue of the New England Journal of Medicine. "Many family members take some solace from it. They appreciate the companionship that the cat provides for their dying loved one," said Dosa, a geriatrician and assistant professor of medicine at Brown University. After about six months, the staff noticed Oscar would make his own rounds, just like the doctors and nurses. He'd sniff and observe patients, then sit beside people who would wind up dying in a few hours. Dosa said Oscar seems to take his work seriously and is generally aloof. "This is not a cat that's friendly to people," he said.
The Reaper Of The Damned! Memestreams serious needs a 'WTF' category. 'Furry Grim Reaper' |
|
Using Dodgeball for Vegas |
|
|
Topic: Miscellaneous |
9:55 am EDT, Jul 26, 2007 |
Folks, I'm using Dodgeball to keep track of my comings and goings out in Vegas. FYI: I fly out Sunday and fly back Friday afternoon. |
|
Reality Bedding: “Too Visionary” and “Ahead of Its Time” |
|
|
Topic: Miscellaneous |
3:12 pm EDT, Jul 23, 2007 |
Here’s a surprise: Reality Bedding, the revolutionary new startup that lets you buy a comforter with a celebrity picture (or two women kissing) printed on it, is going out of business. The company also promised to let buyers upload their own images but I was never able to find that feature when looking for it.
HAHA! If you do read Techcrunch's Deadpool, you are missing the fun of Web 2.0 bubble death. Reality Bedding: “Too Visionary” and “Ahead of Its Time” |
|
Topic: Miscellaneous |
12:06 pm EDT, Jul 20, 2007 |
The only thing better than an hour long benefits presentations is a two hour long benefits presentations. Please explain to me *how* the $30 spousal fee is deduced from each pay period. Whats that, You withdrawl it from my paycheck? I'm not sure I understand, please explain it to me again. For 5 minutes. In excruciating detail. I only graduated on the Dean's List from one of the top five engineering schools in the country, so please, waste some more of my relatively unimportant time. |
|