Playing Chess Against Your Printer, With PostScript

Can you play chess against your printer? The answer will soon be yes, and it’s thanks to [Nicolas Seriot]’s PSChess. It’s a chess engine implemented in PostScript, of all things. It’s entirely working except for one last hurdle, but more on that in a moment.

What’s it like to play PSChess? Currently, one uses a PostScript interpreter (such as GhostScript) to run it, much like one would use the Python interpreter to run Python code. The user inputs moves by typing in commands like d2d4 (representing a piece’s source coordinate and a destination coordinate on the 2D board). Then the program makes a move, and outputs an updated board state to both the console and a PDF document. Then it’s the user’s turn again, and so on until somebody loses.

The chess parts are all working, but there’s one last feature in progress. The final step of the project is to enable PSChess to be run directly on a printer instead of using GhostScript as the interpreter. Intrigued? You can find the code at the project’s GitHub repository.

So why PostScript? While it is a Turing-complete stack-based interpreted language, it was never intended to be used directly by humans. There are no meaningful development tools to speak of. Nevertheless, [Nicolas] finds PostScript an appealing tool for programming projects and provides tips and techniques for like-minded folks. One of the appeals is working within constraints to solve a problem, just like implementing a chess engine in only 4k, or draw poker in 10 lines of BASIC.

This Week In Security: Apple’s 0-day, Microsoft’s Mess, And More

First up, Apple issued an emergency patch, then yanked, and re-issued it. The problem was a Remote Code Execution (RCE) vulnerability in WebKit — the basis of Apple’s cross-platform web browser. The downside of a shared code base,is that bugs too are write-once, exploit-anywhere. And with Apple’s walled garden insisting that every browser on iOS actually run WebKit under the hood, there’s not much relief without a patch like this one.

The vulnerability in question, CVE-2023-37450, is a bit light on further details except to say that it’s known to be exploited in the wild. The first fix also bumped the browser’s user-agent string, adding an (a) to denote the minor update. This was apparently enough to break some brittle user-agent detection code on popular websites, resulting in an unhelpful “This web browser is no longer supported” message. The second patch gets rid of the notification.

Microsoft Loses It

Microsoft has announced that on May 15th, an attack from Storm-0558 managed to breach the email accounts of roughly 25 customers. This was pulled off via “an acquired Microsoft account (MSA) consumer signing key.” The big outstanding question is how Microsoft lost control of that particular key. According to an anonymous source speaking to The Washington Post, some of the targeted accounts were government employees, including a member of cabinet. Apparently the FBI is asking Microsoft this very same question.

Speaking of Microsoft, there’s also CVE-2023-36884, a vulnerability in Microsoft Office. This one appears to be related to the handling of HTML content embedded in Office documents, and results in code execution upon opening the document. This along with another vulnerability (CVE-2023-36874) was being used by storm- another unknown threat actor, Storm-0978 in an ongoing attack.

There’s an interesting note that this vulnerability can be mitigated by an Attack Surface Reduction (ASR) rule, that blocks Office from launching child processes. This might be a worthwhile mitigation step for this and future vulnerabilities in office. Continue reading “This Week In Security: Apple’s 0-day, Microsoft’s Mess, And More”

Linux Fu: PDF For Penguins

PostScript started out as a programming language for printers. While PostScript printers are still a thing, there are many other ways to send data to a printer. But PostScript also spawned the Portable Document Format or PDF and that has been crazy successful. Hardly a day goes by that you don’t see some kind of PDF document come across your computer screen. Sure, there are other competing formats but they hold a sliver of market share compared to PDF. Viewing PDFs under Linux is no problem. But what about editing them? Turns out, that’s easy, too, if you know how.

GUI Tools

You can use lots of tools to edit PDF files, but the trick is how good the results will look. Anything will work for this: LibreOffice Draw, Inkscape, or even GIMP. If all you want to do is remove something with a white box or make an annotation, these tools are usually great, but for more complicated changes, or pixel-perfect output, they may not be the right tool.

The biggest problem is that most of these tools deal with the PDF as an image or, at least, a collection of objects. For example, columns of text will probably turn into a collection of discrete lines. Changing something that causes a line to wrap will require you to change all the other lines to match. Sometimes text isn’t even text at all, but images. It largely depends on how the creator made the PDF to begin with. Continue reading “Linux Fu: PDF For Penguins”