Tic-Tac-Toe Implemented In Single Call To Printf()

June 5, 2020 by Donald Papp 34 Comments

[Nicholas Carlini] programmed a C implementation of two-player Tic Tac Toe, and he did it in a single call to printf(). The arguments for that single function call get mind-bendingly complex, so it may come as no surprise that it was written for The International Obfuscated C Code Contest (IOCCC).

Most of us are aware that printf() is one of those functions that is considerably more complex under the hood, and capable of far more, than it may appear to be. But did you know that it is capable of Turing-complete computation?

[Nicholas] clearly steps through the theory, so give it a read. In short, a maze of arguments handles the logic of the game while an embedded scanf() reads user input, and printing the game board is always preceded by an escape code to clear the screen.

[Nicholas] is certainly no stranger to in-depth understandings; we’ve seen his work before in demonstrating how to fool speech recognition with hidden commands, including a powerful example showing how two virtually identical-sounding audio files transcribe entirely differently.

Job Application Script Automates The Boring Stuff With Python

May 30, 2020 by Sven Gregori 15 Comments

Job hunting can certainly require a good amount of hoop-jumping in today’s age. Even if you’re lucky enough to have your application read by an actual human, there’s no guarantee the person on the other end has much of an understanding about your skill set. Oftentimes, the entire procedure is futile from the start, and as a recent graduate, [harshibar] is well aware of the soul-crushing experience investing a lot of time in it can be. Well, as the saying goes: if you can’t beat them, join them — and if you can’t join them, automate the hell out of the application process.

As the final piece of a “5 Python Projects in 5 Days” challenge [harshibar] set for herself — which also spawned a “Tinder for Netflix” for the web development section of it — she essentially created a web-scraper that gathers job openings for a specific search term, and automatically sends an application to each and every one of them. Using Beautiful Soup to parse the scraped pages of a certain job portal, Selenium’s browser automation functionality to fill out the online application forms, she can get all her information into the form saving countless hours in comparison to the manual alternative. The program even hits the apply button.

While the quantity-over-quality approach may not be for everyone, there’s of course room for more filtering and being more selective about the job openings beforehand, which [harshibar] also addresses in her video about the project (embedded below). And while this won’t fix the application process itself, we can definitely see the satisfaction a beating-them-at-their-own-game might provide — plus, it can’t have a worse miss rate than your typical LinkedIn “recruiter”. Still, if you’re looking for a more systematic approach, have a look at [Lewin Day]’s view on the subject, he even has advice job hunting is still further down the road for you.

Continue reading “Job Application Script Automates The Boring Stuff With Python” →

This Frequency Generator Knows How To Get Down

May 25, 2020 by Tom Nardi 19 Comments

What kind of clever things could you do with a signal that had a period of 2 hours? Or 20? Any ideas? No seriously, tell us. Because [Joseph Eoff] has come up with a way to produce incredibly low frequency signals that stretch out for hours, and we’d love to figure out what we can do with it.

To be fair, it’s not like [Joseph] has any ideas either. He thought it would be an interesting project, and figures now that he has the technology, maybe some application will come to him. They say that if you’ve got a hammer everything looks like a nail, so maybe the next project he sends our way will be a sinusoidal fish feeder.

[Joseph] says doing the software side of things with Pure Data wasn’t a problem, but getting it out of the computer proved to be tricky. It turns out that your average computer sound card isn’t equipped to handle frequencies down into the millihertz range (big surprise), so they need to be coaxed out with some extra hardware. Using a simple circuit not unlike an AM demodulator, he’s able to extract the low-frequency signal from a 16 kHz carrier.

So if you ever find yourself in need of a handful of hertz, now you’ve got the tool to generate them. At least it’s more practical than how they used to generate low frequency signals back in the 1900s.

Poking Around Inside Of A Linux Security Camera

May 20, 2020 by Tom Nardi 21 Comments

This deep dive into the Linux-powered Reolink B800 IP camera started because of a broken promise from its manufacturer. When [George Hilliard] purchased a kit that included six of the cameras and a video recorder, the website said they were capable of outputting standard RTSP video. But once he took delivery of the goods, and naturally after his return window had closed, the site was updated to say that the cameras can only function with the included recorder.

Taking that as something of challenge, [George] got to work. His first big break came when he desoldered the camera’s SPI flash chip and replaced it with a socket. That allowed him to easily take the chip out of the device for reading and flashing as he tinkered with modifying the firmware. After adding cross-compiled versions of busybox, gdb, and strace to the extracted firmware, he bundled it back up and flashed it back to the hardware.

If you think that’s the end of the story, it isn’t. In fact, it’s just the beginning. While getting root-level access to the camera’s OS would have potentially allowed for [George] to dump all the proprietary software it was running and replace it with open alternatives, he decided to take a different approach.

Instead of replacing the camera’s original software, he used his newly granted root powers to analyze it and figure out how it worked. This allowed for to sniff out some very suspect “encryption” routines built into the software, and eventually write his own server side in Rust that finally allowed him to use the cameras with his own server…albeit with a bit more work than he bargained for.

Projects like these are a fantastic look at real world reverse engineering, and a reminder that sometimes achieving your ultimate goal means taking the long way around. Even if you’re not in the market for a hacked security camera, there’s no doubt that reading the thorough write-up [George] has prepared will teach you a few things. But of course, we’d expect no less from a guy who runs Linux on his business card.

Free Cloud Data Logging Courtesy Of Google

May 11, 2020 by Tom Nardi 22 Comments

Pushing all of your data into “The Cloud” sounds great, until you remember that what you’re really talking about is somebody else’s computer. That means all your hard-crunched data could potentially become inaccessible should the company running the service go under or change the rules on you; a situation we’ve unfortunately already seen play out.

Which makes this project from [Zoltan Doczi] and [Róbert Szalóki] so appealing. Not only does it show how easy it can be to shuffle your data through the tubes and off to that big data center in the sky, but they send it to one of the few companies that seem incapable of losing market share: Google. But fear not, this isn’t some experimental sensor API that the Big G will decide it’s shutting down next Tuesday in favor of a nearly identical service with a different name. All your precious bits and bytes will be stored in one of Google’s flagship products: Sheets.

It turns out that Sheets has a “Deploy as Web App” function that will spit out a custom URL that clients can use to access the spreadsheet data. This project shows how that feature can be exploited with the help of a little Python code to push data directly into Google’s servers from the Raspberry Pi or other suitably diminutive computer.

Here they’re using a temperature and humidity sensor, but the only limitation is your imagination. As an added bonus, the chart and graph functions in Sheets can be used to make high-quality visualizations of your recorded data at no extra charge.

You might be wondering what would happen if a bunch of hackers all over the world started pushing data into Sheets every few seconds. Honestly, we don’t know. The last time we showed how you could interact with one of their services in unexpected ways, Google announced they were retiring it on the very same day. It was probably just a coincidence, but to be on the safe side, we’d recommend keeping the update frequency fairly low.

Back in 2012, before the service was even known as Google Sheets, we covered how you could do something very similar by manually assembling HTTP packets containing your data. We’d say this validates the concept for long-term data storage, but clearly the methodology has changed considerably in the intervening years. Somebody else’s computer, indeed.

Make It Easier For Your Software Project To Accept Contributions

April 29, 2020 by Donald Papp 30 Comments

[Flameeyes] has heard complaints (and at times, he admits, has complained himself) about big companies not contributing improvements to projects they seem to find useful, or rolling their own implementation rather than use and contribute to an existing code base. Having recently left Google after seven years, he has some insights into some of the reasons big corporations (at least Google, anyway) may sometimes seem to eschew making code contributions, and some of the reasons might come as a surprise.

There are things a corporation can do differently, but there are also some things that can be done on the project’s end to make accepting contributions easier. [Flameeyes] took some time to write out a few pointers on how to make it easier for others (particularly large corporations) to contribute code to a software project.

The biggest issue is the software license. Without one, there is no legal structure to use, distribute, or contribute to the code, and no corporate entity will want to touch it. Google specifically forbids creating patches for projects with either no license, or incompatible licenses. An example of an incompatible license is one that forbids commercial use, because everything a corporation like Google does — even research –is considered a commercial endeavor. In addition, on the corporate side making contributions might trigger a code review process of some kind for some licenses, but not for others. [Flameeyes] suggests the MIT license as one that is acceptable to pretty much everyone with a minimum of fuss. Another caution: if a project’s code resides in an online repository, make sure the repository is licensed as well.

A few other small suggestions (such as maintaining an AUTHORS file to track contributors in a tidy way) rounds out the advice. It sounds simple, but software licensing is so critical to the whole affair that it’s important to get it right — he suggests the REUSE tool for anyone wanting to make sure a project’s licensing is tidy.

[Flameeyes] makes a point that none of this guidance is based on secret or institutional knowledge. Google has a public document detailing exactly how they use and deal with open source, and it’s a solid guide for how to make your project more accepting of contributions from a corporate entity like Google. (Or, if you prefer, a guide on how to set up as many barriers as possible for your project.)

In case you missed it, we just want to remind you that our favorite recent open source project from Google is definitely Pigweed.

Beam Your Program To Another Computer

April 28, 2020 by Al Williams 53 Comments

If you’ve programmed much in Linux or Unix, you’ve probably run into the fork system call. A call to fork causes your existing process — everything about it — to suddenly split into two complete copies. But they run on the same CPU. [Tristan Hume] had an idea. He wanted to have a call, telefork, that would create the copy on a different machine in a Linux cluster. He couldn’t let the idea go, so he finally wrote the code to do it himself.

If you think about it, parts of the problem are easy while others are very difficult. For example, creating a copy of the process’s code and data isn’t that hard. Since the target is a cluster, the machines are mostly the same — it’s not as though you are trying to move a Linux process to a Windows machine.

Continue reading “Beam Your Program To Another Computer” →