Steganography involves hiding data in something else — for example, encoding data in a picture. [David Buchanan] used polyglot files not to hide data, but to send a large amount of data in a single Twitter post. We don’t think it quite qualifies as steganography because the image has a giant red UNZIP ME printed across it. But without it, you might not think to run a JPG image through your unzip program. If you did, though, you’d wind up with a bunch of RAR files that you could unrar and get the complete works of the Immortal Bard in a single Tweet. You can also find the source code — where else — on Twitter as another image.
What’s a polyglot file? Jpeg images have an ICC (International Color Consortium) section that defines color profiles. While Twitter strips a lot of things out of images, it doesn’t take out the ICC section. However, the ICC section can contain almost anything that fits in 64 kB up to a limit of 16 MB total.
The ZIP format is also very flexible. The pointer to the central directory is at the end of the file. Since that pointer can point anywhere, it is trivial to create a zip file with extraneous data just about anywhere in the file.
Humans can turn anything into a competition. Someone always wants to be faster or drive a ball farther. Technical pursuits are no different, which is why a lot of people overclock or play regular expression golf. [Alok Menghrajani] sets himself some odd challenges. A few years ago, he hand-built a bootable floppy image that had a simple game onboard and managed to fit it in a Twitter message. Twitter has increased their number of characters, so — you guessed it — this time he’s back with a CDROM image.
His tweet is a command line that starts with perl. The text is base64-encoded binary and if you run the Tweet from a shell — which is an odd thing to do with a Tweet, we grant you, you’ll be rewarded with a file called cd.iso. You could burn that to a CDROM, but it is more likely you’ll just mount in a virtual machine and boot that. [Alok] says it does work in QEMU, VirtualBox, and — yes — even a real CD.
Over the past few years, Reddit user [callingyougoulet] has created Boozer, a DIY beer dispenser that keeps track of how much of your brew you have left in your kegs. Installed in a Keezer (a freezer that contains beer kegs and faucets) [callingyougoulet]’s dispenser uses a Raspberry Pi to keep track of things. A series of flow sensors determine how much liquid has passed through them and, when the drink is poured, can calculate how much you poured and how much you have left.
Starting with a chest freezer, [callingyougoulet] built a nice wooden surround as well as installed a tower on top to hold the faucets. The top of the freezer has nice granite tiles covering it, and some LED accent lighting adds to the end product. However, taking the granite off in order to get at the kegs inside takes some time (about 20 minutes.)
Inside the freezer is the Raspberry Pi and four flow sensors, each one connected to a GPIO port on the Pi. After some calibration, the Python code running on the Pi can calculate a pretty close estimate of the amount of liquid poured. There’s also a temperature sensor in the freezer, so that you can tell how cool your beer is.
If the build had stopped there, it would have been a great project as-is, but [callingyougoulet] added twitter, Slack and MQTT outputs as options, so that a home automation system (or the entire internet) can tell how much and when you’ve been drinking and, more importantly, you can know how much is left in your kegs! There are some very cool keg cooling builds on the site, such as, a kegerator built from the ground up, and a very elegant kegerator built on the cheap check them out for ideas!
Good morning Hackaday universe! Hackaday Belgrade 2018 has just started, and we’re knee-deep in sharing, explaining, and generally celebrating our craft. But just because you’re not here doesn’t mean that you shouldn’t take part.
What a time to be alive! The range of things you never knew you needed but absolutely must have expands at a breakneck pace, such that it’s now possible to pick up a belt buckle with an embedded LED matrix to scroll messages. We have no idea what the use case for something like this is, but some people will buy anything.
One such person was a friend of [Brian Moreau], who doubled down after being gifted the glowing bauble by turning it into a WiFi enabled Tweet-scrolling belt buckle. It appears to be a just for fun project, and to be honest one would need a heck of a belt for the buckle after his mods. He added an ESP8266 to take care of monitoring his Twitter account and driving the display on the belt buckle, a non-trivial task given that the thing is programmed with only two buttons that scroll through characters to compose a message. The microcontroller might have fit inside the original buckle or only added a little to its bulk, but [Brian] decided to replace the two coin cells powering it with an external 6-volt battery pack. That required a buck converter to power the ESP, so the whole thing ended up being thrown in a case and acting more like a neat display than a flashy fashion statement.
We’d bet some tradeoffs could be made to reduce the bulk and get that buckle back where it belongs, though. Once it does, maybe it’ll be part of a complete LED-laden ensemble, from head to toe.
How many people liked your last tweet? Oh yeah? Didja get any retweets? Was it enough to satisfy your need for acceptance, or were you disappointed by the Twitterverse’s reaction?
If you couldn’t see the number of likes, retweets, or followers you had, would you still even use Twitter?
[Ben Grosser] wants to know. He’s trying to see if people will look their relationship with social media squarely in the eye and think honestly about how it affects them. After all, social media itself isn’t the bad guy here—we are all responsible for our own actions and reactions. He’s created a browser extension that demetricates Twitter by removing any bluebird-generated quantifier on the page. It works for tweets, retweets, and the number of tweets playing the trending tag game. Numbers inside of tweets and on user profiles aren’t hidden, however, so you’ll still be able to see, for example, tweets containing Prince lyrics.
The Twitter Demetricator is available as a Chrome extension, and as a userscript for Tampermonkey for the other browsers people actually use (read: no IE support). Here’s what we want to know: Can he gamify it? Can he make a game out of weaning ourselves off of these meaningless metrics and inflated sense of self and FOMO and whatever marketing guff they come up with next to describe the modern human condition? We’re getting low on dopamine over here.
This isn’t [Ben]’s first foray into the social aspects of social media. We covered his Facebook demetricator way back in ’12.
Twitter is kind of a crazy place. World leaders doing verbal battle, hashtags that rise and fall along with the social climate, and a never ending barrage of cat pictures all make for a tumultuous stream of consciousness that runs 24/7. What exactly we’re supposed to do with this information is still up to debate, as Twitter has yet to turn it into a profitable service after over a decade of operation. Still, it’s a grand experiment that offers a rare glimpse into the human hive-mind for anyone brave enough to dive in.
One such explorer is a security researcher who goes by the handle [x0rz]. He’s recently unveiled an experimental new piece of software that grabs Tweets and uses them as a “noise” to mix in with the Linux urandom entropy pool. The end result is a relatively unpredictable and difficult to influence source of random data. While he cautions his software is merely a proof of concept and not meant for high security applications, it’s certainly an interesting approach to introducing humanity-derived chaos into the normally orderly world of your computer’s operating system.
This hack is made possible by the fact that Twitter offers a “sample” function in their API, which effectively throws a randomized collection of Tweets at anyone who requests it. There are some caveats here, such as the fact that if multiple clients request a sample at the same time they will both receive the same Tweets. It’s also worth mentioning that some characters are unusually likely to make an appearance due to the nature of Twitter (emoticons, octothorps pound signs, etc), but generally speaking it’s not a terrible way to get some chaotic data on demand.
On its own, [x0rz] found this data to be a good but not great source of entropy. After pulling a 500KB sample, he found it had an entropy of 6.5519 bits per byte (random would be 8). While the Tweets weren’t great on their own, combining the data with the kernel’s entropy pool at /dev/urandom provided something that looked a lot less predictable.
The greatest weakness of using Twitter as a source of entropy is, of course, the nature of Twitter itself. A sufficiently popular hashtag on the rise might be just enough to sink your entropy. It’s even possible (though admittedly unlikely) that enough Twitter spam bots could ruin the sample. But if you’re at the point where you think hinging your entropy pool on a digital fire hose of memes and cat pictures is sufficient, you’re probably not securing any national secrets anyway.
(Editor’s note: The way the Linux entropy pool mixes it together, additional sources can only help, assuming they can’t see the current state of your entropy pool, which Twitter cats most certainly can’t. See article below. Also, this is hilarious.)