Get That Dream Job, With A Bit Of Text Injection

Getting a job has always been a tedious and annoying process, as for all the care that has been put into a CV or resume, it can be still headed for the round file at the whim of some corporate apparatchik. At various times there have also been dubious psychometric tests and other horrors to contend with, and now we have the specter of AI before us. We can be tossed aside simply because some AI model has rejected our CV, no human involved. If this has made you angry, perhaps it’s time to look at [Kai Greshake]’s work. He’s fighting back, by injecting a PDF CV with extra text to fool the AI into seeing the perfect candidate, and even fooling AI-based summarizers.

Text injection into a PDF is a technique the same as used by the less salubrious end of the search engine marketing world, of placing text in a web page such that a human can’t read it but a machine can. The search engine marketeers put them in tiny white text or offset them far out of the viewport, and it seems the same is possible in a PDF. He’s put the injection in white and a tiny font, and interestingly, overlaid it several times.

Using the ChatGPT instance available in the Bing sidebar he’s then able to fool it into an affirmative replay to questions about whether he should be hired. But it’s not just ChatGPT he’s targeting, another use of AI in recruitment is via summarizing tools. By injecting a lot of text with phrases normally used in conclusion of a document, he’s able to make Quillbot talk about puppies. Fancy a go yourself? He’s put a summarizer online, in the link above.

So maybe the all-seeing AI isn’t as clever as we’ve been led to believe. Who’d have thought it!

Compare PDFs Visually

Sometimes a problem seems hard, but the right insight can make it easy. If you were asked to write a program to compare two PDF files and show the differences, how hard do you think that would be? If you are [serhack], you’ll make it much easier than you might guess.

Of course, sometimes making something simple depends on making simplifying assumptions. If you are expecting a “diff-like” utility that shows insertion and deletions, that’s not what’s going on here. Instead, you’ll see an image of the PDF with changes highlighted with a red box. This is easy because the program uses available utilities to render the PDFs as images and then simply compares pixels in the resulting images, drawing red boxes over the parts that don’t match.

Continue reading “Compare PDFs Visually”

Annotate PDFs On Linux With PDFrankenstein

On Windows and Mac machines, it’s not too troublesome to add text or drawings (such as signatures) to PDF files, but [Mansour Behabadi] found that on Linux machines, there didn’t seem to be a satisfying way or a simple tool. Being an enterprising hacker, [Mansour] set out to fill that gap, and the way it works under the hood is delightfully hacky, indeed.

The main thing standing in the way of creating such a tool is that the PDF format is a complex and twisty thing. Making a general-purpose PDF editing tool capable of inserting hyperlinks, notes, images, or drawings isn’t exactly a weekend project. But [Mansour] didn’t let that stop him; he leveraged the fact that tools already exist on Linux that can read and create PDF files, and tied them all together into what was at one point “a horrific patchwork of tools” which inspired the name pdfrankenstein.

The tool is a GUI that uses Inkscape and qpdf to convert a PDF page to an SVG file, set it as a locked background, then let the user add any annotations they desire, using Inkscape as the editor. After changes are made, the program removes the background, overlays the annotations back onto the originals, and exports a final file. Annotations can therefore be anything that can be done in Inkscape.

Curious about these and other tools for handling PDFs? We’ve shared some programs and tricks when we previously covered dealing with the PDF format in Linux.

Linux Fu: PDF For Penguins

PostScript started out as a programming language for printers. While PostScript printers are still a thing, there are many other ways to send data to a printer. But PostScript also spawned the Portable Document Format or PDF and that has been crazy successful. Hardly a day goes by that you don’t see some kind of PDF document come across your computer screen. Sure, there are other competing formats but they hold a sliver of market share compared to PDF. Viewing PDFs under Linux is no problem. But what about editing them? Turns out, that’s easy, too, if you know how.

GUI Tools

You can use lots of tools to edit PDF files, but the trick is how good the results will look. Anything will work for this: LibreOffice Draw, Inkscape, or even GIMP. If all you want to do is remove something with a white box or make an annotation, these tools are usually great, but for more complicated changes, or pixel-perfect output, they may not be the right tool.

The biggest problem is that most of these tools deal with the PDF as an image or, at least, a collection of objects. For example, columns of text will probably turn into a collection of discrete lines. Changing something that causes a line to wrap will require you to change all the other lines to match. Sometimes text isn’t even text at all, but images. It largely depends on how the creator made the PDF to begin with. Continue reading “Linux Fu: PDF For Penguins”

Old Textbooks Galore

This collection of public domain books proclaims to not be about survival, but for survivors. It is a extensive collection of text books, manuals, etc., in over 150 categories from Accounting to Woodworking. Because of the copyright duration laws, most are around one hundred years old.

You might not want to have your appendix removed by someone who has only learned surgery from reading Dr John Sluss’s 1908 tome, “Emergency Surgery for the General Practitioner, with 584 illustrations, some of which are printed in colors“. But some knowledge is timeless. And much is of historical interest as well, helping us get a better appreciation of what bodies of knowledge people had in the beginning of the last century. There are books on farming, forging and casting, steam engines, clockmaking, telegraph and telephone, and even back issues of Scientific American and 73 magazines, just to name a few.

Here’s a random sampling of a few illustrations from electronics-related books.

High speed electrons from “Inside the Vacuum Tube” by John F. Rider, 1945, a relatively modern book from this collection. This book alone is worth downloading just to see the excellent illustrations. Mr Rider wrote so many technical books that he formed his own publishing company.

Using triangles from “Mechanical Drawing, Prepared for the Students of the Massachusetts Institute of Technology” by Linus Faunce, 1898.

The Weidemann system of wiring lamps, from “Electric-Wiring, Diagrams and Switchboards” by Newton Harrison E.E., published in 1906, complete with “one hundred and five illustrations showing the principles and technics of the art of wiring”. This system employed equal lengths of wires between each lamp in a (failed) attempt to make the voltage drop the same for each bulb.

Do you have any timeless reference or text books you like to use? Let us know down below in the comments. And thanks to [David Gustafik] for the tip.

Show Your Skills With A Bootable CV

It’s a thankless task, searching for a job. You send off your CV, or resume, and it joins a thousand other destined for the round file. What on earth can you do to make your career stand out, and catch the eye of the recruiter?

Your bootable CV isn't eye-catching if the recruiter uses GitHub to view the PDF.
Your bootable CV isn’t eye-catching if the recruiter uses GitHub to view the PDF.

If you are [Pablo Jiménez Mateo], the answer is straightforward enough. Simply combine the document as a PDF with an x86 bootloader, to make a readable document that will also boot an x86 computer system. He can do this relatively easily by prepending the bootloader file to the PDF, as long as the “%PDF” header of the CV remains within the first 1024 bytes it will remain a readable document. Which it does, though as our GitHub screenshot shows, not in all PDF readers.

A bootable PDF is pretty cool and we have to salute his effort in getting it in front of us in the hope of  career boost, but it would be fair to admit that it’s a trick that has been done before. So it’s time to turn attention to the bootloader itself, whose code comes in the form of an extremely well-commented assembly file that loads some sprites and a border to a VGA screen that looks as though it might be the first room in a top-down adventure game. Through the code we can gain an appreciation of just how simple a bootloader can be, and that in itself makes this project worth a second look.

If writing your own bootloader interests you, that’s certainly a subject we’ve covered in the past. It’s possible to make bootable images very small indeed, even down to fitting in a Tweet.

1 Trillion USD Refund! (PDF Enclosed)

Security researchers have found that it is possible to alter a digitally signed PDF without invalidating its signatures. To demonstrate it, they produced a fake document “refund order” of $1,000,000,000,000 dollars, with a valid signature from Amazon. This sparked my attention, since I was quite sure that they didn’t use some sort of quantum device to break the cryptography involved in the signing process. So what exactly is going on?

The researchers claim to found at least three different ways to, in their words:

… use an existing signed document (e.g., amazon.de invoice) and change the content of the document arbitrarily without invalidating the signatures. Thus, we can forge a document signed by invoicing@amazon.de to refund us one trillion dollars.

That’s not good news if you take into account that the main purpose of digitally signing a document is, well, prevent unauthorized changes in that document. The good news is that you can update your software to fix this flaws because of this research; the main PDF readers companies were given time to fix the issues. The bad news is that if you rely on the signature verification for any sensitive process, you likely want to go back and see if you were using vulnerable software previously and check that documents were correctly validated. I’m thinking about government institutions, banks, insurance companies and so on.

The implications are yet to be seen and probably won’t even be fully known.

There are three classes of attacks that work on different software. I’ll try to go into each one from what I could tell from reading the research.

Continue reading “1 Trillion USD Refund! (PDF Enclosed)”