Finally vacations!
I've finally convinced mamy to use the internet. Well, with the promise of a fully configured system, so she only needs to push a button and all happens for her. I've chosen Linux because it's so easily customizable and can be administrated by command line remotely. So there will be some sort of ddns.
I've welded a hub on the last working usb on the laptop. ahahaha Damn that was a stupid idea lol (mean replacing the usbs it came with.. just because they were loosing contact). Furthermore I've acknowledged that a usb hub won't work when connected to a usb extension. That seemed kinda strange, since after all it's suppose to work as any other usb terminal. -_- All connectors where ok except for the drain, there was NO drain! And I guess that's enough to ruin everything.
Another interesting thing was finally making my ethernet port work. Stupid hardware as some kind of flaw that won't handle
auto-negotiation
I've began debug by trying a
watch 'cat /var/log/messages | tail'
and noticed the eth0 device was goind down after the negotiation so I googled this... and finally came in to a blog that posted a configuration to disable auto-negotiation you can use ethtool to do it.
I choose full duplex since I wanted both the machines to talk, and choose the same speed as the other ethernet device. (this is important!)
#ethtool -s eth0 duplex full speed 10 autoneg off
run:
#ethtool ethX
To view device info.
I can't wait to see the green light on that ADSL Modem!!! =))))))))) weeeeeeeee
I missed this... mean.. just fooling arround with things. god how much fun! can you see me bouncing arround? I'm bouncing arround!!... now you handle thouse interrupts to give me some time to be a stable signal. ahahha god ain't drinking no more today.
HAPPY NEW YEAR everyone ;)
terça-feira, dezembro 30, 2008
terça-feira, novembro 04, 2008
rewind and fastforward
Long time since I posted in this blog. Working & studding is harder than I ever imagined and what I miss the most is time to play around like I used to. Routines settle in... A must do is to know what is going on. So on most mornings and some afternoons and nights like right now. There are a certain number of "must open tabs", made easily accessible by a favourites folder called morning on firefox, (OsNews, SlashDot && publico) swimming on my desktop.
On these last few months I've read more man pages, apis, documentation than in the rest of my life all put together. There are number of things that I am specially excited about like php which has not ceased to surprise me in capacity and flexibility. For instance I was wondering how was I going to make this new app we're developing module customizable, by text file. And I reached the conclusion that it would be most pleasent If I could allocate variables, based on that text file. This seams rather simple. Though it may become a headacke to think of the code with a bunch of ifs and elses, or even on a C style of thinking with IFDEF. The intuitive thing would be like
$var = 'myvarname';
$$var = 'myvarname_value';
this is the same as
myvarname = myvarname_value;
I thought this would be impossible. For my narrow mind limited the idea of a variable as memory space, and thought of running code as compiled code, and therefore....
mov 0x50, #50 kind of thing.
well details.. they are so many.. and my time is rather sparse so I'll get to why I decided to write this post.
Slashdot mentioned an article published on arxiv 'bout steganography. This is a new consept for me. When one ponders on the security of information on the web, one thinks: cryptography. One thinks of dissimulating the message, but one does not think of making the message "disappear". In essence: to think of a way to send the message in such a way that the only the sender and the receiver are capable of recognizing that there is a message going through the channel.
I thought this idea was delightful. If you do too, sharp your eyes and open your mind. The article link is just bellow. ;)
A pleasant night to you reader.
"This work investigates a central problem in steganography, that is: How much data can safely be hidden without being detected? To answer this question, a formal definition of steganographic capacity is presented. Once this has been defined, a general formula for the capacity is developed. The formula is applicable to a very broad spectrum of channels due to the use of an information-spectrum approach. This approach allows for the analysis of arbitrary steganalyzers as well as non-stationary, non-ergodic encoder and attack channels.
After the general formula is presented, various simplifications are applied to gain insight into example hiding and detection methodologies. Finally, the context and applications of the work are summarized in a general discussion. "
REF: arXiv:0810.4171v1
On these last few months I've read more man pages, apis, documentation than in the rest of my life all put together. There are number of things that I am specially excited about like php which has not ceased to surprise me in capacity and flexibility. For instance I was wondering how was I going to make this new app we're developing module customizable, by text file. And I reached the conclusion that it would be most pleasent If I could allocate variables, based on that text file. This seams rather simple. Though it may become a headacke to think of the code with a bunch of ifs and elses, or even on a C style of thinking with IFDEF. The intuitive thing would be like
$var = 'myvarname';
$$var = 'myvarname_value';
this is the same as
myvarname = myvarname_value;
I thought this would be impossible. For my narrow mind limited the idea of a variable as memory space, and thought of running code as compiled code, and therefore....
mov 0x50, #50 kind of thing.
well details.. they are so many.. and my time is rather sparse so I'll get to why I decided to write this post.
Slashdot mentioned an article published on arxiv 'bout steganography. This is a new consept for me. When one ponders on the security of information on the web, one thinks: cryptography. One thinks of dissimulating the message, but one does not think of making the message "disappear". In essence: to think of a way to send the message in such a way that the only the sender and the receiver are capable of recognizing that there is a message going through the channel.
I thought this idea was delightful. If you do too, sharp your eyes and open your mind. The article link is just bellow. ;)
A pleasant night to you reader.
"This work investigates a central problem in steganography, that is: How much data can safely be hidden without being detected? To answer this question, a formal definition of steganographic capacity is presented. Once this has been defined, a general formula for the capacity is developed. The formula is applicable to a very broad spectrum of channels due to the use of an information-spectrum approach. This approach allows for the analysis of arbitrary steganalyzers as well as non-stationary, non-ergodic encoder and attack channels.
After the general formula is presented, various simplifications are applied to gain insight into example hiding and detection methodologies. Finally, the context and applications of the work are summarized in a general discussion. "
REF: arXiv:0810.4171v1
terça-feira, agosto 12, 2008
the easy road to heaven is hell
I have installed a new linux distro on my laptop. A friend told me about linux mint and when I saw it my eye balls where falling on to screen. I so wanted it!! It promised to be light and It came with a pretty gnome, a packet manager (synaptic) and of course it replaced
mount -t vfat /dev/sda1 /mnt/usb
konqueror /mnt/usb
by a confortable click on media:/
it recognized my graphics board, my sound card, my weird keyboard keys. It allowed me to install php5, mysql , and of course apache with a bunch of clicks. It let me sudo ifconfig without editing the sudoers file. And here I was all happy with my favorite apps. Until I got sick of the looks and got sick of it being so slow, and jamming whenever the networkconnection was not on, because it was trying to upate my system. So I changed to XCFE.. and It got a little faster.
But here's the real surprise! Somehow I messed up my system, or got hacked or just completely forgot what root password I put in the first place. Irrelevant for the matter. So here I am scratching my head... how the hell am I gonna fix this without reinstalling the system... and all of the sudden it strikes me! I've been sudoing so much stuff can I sudo passwd root? I CAN!
sudo passwd root
just prompts my userpasswd and a new password for root after. This was, on one side of the question... most pleasent. I reset my password. On the other hand it worries me, and somehow makes me sad. Anyone with acess to my shell could change my root passwd. I?m thinking about keeping logs of all commands on all shells by all possible logged in users . A little paranoid I guess.. but hey just because you're not looking for them it does not mean they are not there. :P
The easier to use, the less boring the system... more easily hacked. So where the hell are we gonna find the balance between user friendly and cracker enemy? Is there ever gonna be such a thing? How can you tell what you are going to deny? Allow? Are we gonna tell mary the hot teenager she can't allow her computer to behave like a server on any occasion, because a server is something that provides services, and that means it gives out information to anyone that asks it, even if it is only a request for authentication. By Saying no, it says go another way. But saying not this service it says try another service How are we going to tell mary what the hell a service is? can't open doors, she can't have telnet enabled, if someone is sending a lot of tcp/IP packets with sync on it it smells like port scan. How are we gonna tell mary what a port scan is? Does she care? She pushes the button and puff there's myspace, hi5, facebook. There's msn, ICQ. All sorts of blogging and posting and sharing. And mary... Mary's got fotos, texts, she's got 80% of her life on the computer. Cellphones that auto-sync with the pc, they allow you to save messages, appointments.... all so easy... all so windows... window without blinds.
I need to sleep.
gux_# shutdown -h now
quinta-feira, julho 31, 2008
Last HOPE
This is something you will want to hear . ;)
The last HOPE
"The Last HOPE is the seventh Hackers On Planet Earth conference"...
happened:
July 18 to July 20 2008.
And.... you can hear it online!! ;)))))))
hurry up and get your mouse on it!
The last HOPE
"The Last HOPE is the seventh Hackers On Planet Earth conference"...
happened:
July 18 to July 20 2008.
And.... you can hear it online!! ;)))))))
hurry up and get your mouse on it!
quarta-feira, junho 11, 2008
paranoia... or not!
Well I as reading a book.. and stumbled on the picture below....
I have argued this with several people, some of them seemed resolute to convince me it could not be... or that it was strange. Well it is not strange. My experience was with winXP SP1. The minute I entered the system I was infected...
There are no completly secure systems. There are just those that still have no known vulnerabilities... it so happens that the larger the time gap between release and install. The bigger the probability that someone, somewhere has found a way to get in. And trust me... some people don't sleep just thinking of ways to get in... ways to get information, ways to destroy your machine, ways to make your life harder. why? it's a free game, that never ends.
Lesson to be taken... If your going to walk on menure... make sure to wear rubber boots.
I have argued this with several people, some of them seemed resolute to convince me it could not be... or that it was strange. Well it is not strange. My experience was with winXP SP1. The minute I entered the system I was infected...
There are no completly secure systems. There are just those that still have no known vulnerabilities... it so happens that the larger the time gap between release and install. The bigger the probability that someone, somewhere has found a way to get in. And trust me... some people don't sleep just thinking of ways to get in... ways to get information, ways to destroy your machine, ways to make your life harder. why? it's a free game, that never ends.
Lesson to be taken... If your going to walk on menure... make sure to wear rubber boots.
sábado, maio 17, 2008
the "1001 reasons" why assembly rocks
muihihihii now That was funny. the "1001 reasons" why Assembly rocks. If there's an Assembly Hitler.. it's Randall Hyde!
http://burks.bton.ac.uk/burks/language/asm/artofasm/fwd/fwd.htm
Don't say assembly is bad or the man will hit you with a stick of well supported ideas.
I admit it.. I don't like it just because it's against my HLL style of direct reason and write. Matters of efficiency most times go beyond my knowledge.
I'd still say that you cannot have elite every where. simply because then you'd not have enough programmers to do all that is needed. Sometimes you need to do things that work now, not things that will work perfectly tomorrow.
As Einstein once said: "things should be made simple, but not simpler."
http://burks.bton.ac.uk/burks/language/asm/artofasm/fwd/fwd.htm
Don't say assembly is bad or the man will hit you with a stick of well supported ideas.
I admit it.. I don't like it just because it's against my HLL style of direct reason and write. Matters of efficiency most times go beyond my knowledge.
I'd still say that you cannot have elite every where. simply because then you'd not have enough programmers to do all that is needed. Sometimes you need to do things that work now, not things that will work perfectly tomorrow.
As Einstein once said: "things should be made simple, but not simpler."
terça-feira, abril 22, 2008
form posts and scripts
Well well well ... all nice for get's, even authenticated gets. But how about form posts?
There's always the trouble of Referer. I guess If they want, they can shut me down by now. Damn mindless testing. I've left a trail. If they keep track of referer on requests, it's not even that uncommon, then they can get my script request -_- . I've checked it with wireshark. :S I even tried to modify it by using an XMLHTTPRequest object, but... If I had conveniently read the documentation I'd know in advance some headers can't be modified by reasons of security.... I can see why! =P
So I had to find a way to circle around it. And of course as always, I did. Lol see, the idea is that I needed on the fly modification of a form. To do that, I'd need a script to modify the source of a loaded page for me. Wow! Now that's spooky! But possible! Hihihi The name is GreaseMonkey. And there's even a hole gigantic script built for travian, called travian beyond that you can install. There are no limits to what you can do. With some trouble... the game plays it self. Of course... that takes all the fun out of it. I've proven that I can do it... now, I leave it aside and cut the too much to leave a little help only. =P
So far the application works pretty much as a human would operate on a browser, and asides from the fact that it never sleeps more than 20 minutes. It's untraceable!
The trick is the following:
The server can never know if a human or a script did it, because all it gets it's HTTP / TCP packets. If all is filled out correctly, then... bye bye intuition.
God I love machines and it's layered organization. I had never seen a breach in this model until this very moment. It's like completely separate universes communicating by laser beams. You can shake one of them, break it apart but has long has you keep the beams alive and right... no other universe knows you did.
Abstraction... abstraction...
I'm sleeping happier tonight. ;)
ohhh another curiosity. Imagine the following: some document, has anchors, and these anchors have actionscript calls for onclick. How do you make that code execute without using the mouse?
Reasoning:
Here's the function signature: function onclick(Event);
it's still a function... just another function that happens to be called when a mouseEvent occurs. Now if inside it's body it never uses the mouseEvent, can it tell whether it was called by a mouseEvent or some other thing? I have not checked.. but even if it did, I guess you could always instanciate a mouseEvent, but like this you don't even need it. Null is has valid has an object argument has any instance of an object. So if I do:
var anchors = document.getElementsByTagName("a");
for( i=0; i less Than anchors .length ; increase i )
if( anchors dot onclick diferent from null )
anchors[i] dot onclick (null) ;
I can force execution of all anchor onclicks.
Happy codings ;)
terça-feira, abril 15, 2008
flush String with source from external URL in to Java
Well a fetch source using servlets is nonsence. Servlets run on server side and generate responses to requests so... it's a bad idea to go that way.
If I somehow exported the connection problem outside of the browser window... I'd have an authentication problem. So the best way would be to run it somehow using javascript, there's a Dom object capable of doing HTTPRequests and it's called XMLHTTPRequest. There are several details to take care when using this code. One must set browser to allow connection to remote servers from client pages. So there's a cost in security to achieve this goal. Furthermore I couldn't find a way to configure firefox to lower it's security params so it won't run on it yet.
By now I'm still hocked up to the idea of an Applet to manage flow control, and other heavy weight operations, Though my initial idea of processing the source as a raw string has fallen in the pit of plain stupidity. XMLHTTPRequest returns a DOMDocument which can be manipulated with all the charms of the DOM model, and will certainly be better than any code I could write in 3 life times.
So in conclusion I guess I can sleep better tonight :P
If you're trying to do the same for some reason, the way you'd get a raw String with the source to be inputed in to Java would be to declare an Applet on the page containing the script with the XMLHTTPRequest Object so you can call functions who manipulate it from java using the netscape.javascript package. Furthermore XMLHTTPRequest contains a DOMString propertie which can be cast to String no questions asked, leaving us with a happy:
a) (String)window.call(“getSource”,null).
//- ------------------------------- JS
var client = new XMLHttpRequest();
var source;
function init()
{
if (window.xmlhttprequest) { request = new XMLHTTPrequest();}
else if (window.ActiveXObject) {
try {
request = new ActiveXObject("Msxml2.XMLHTTP");
}
catch (e){
try{
request = new ActiveXObject("Microsoft.XMLHTTP");
}
catch (e){}
}
}
}
function handler( ) {
try{
if(this.readyState == 4 && this.status == 200) {
// so far so good
if(this.responseXML != null)
{ } // success! do nothing}
else{ }
}
else if (this.readyState == 4 && this.status != 200) { // fetched the wrong page or network error...
alert("ups check your glasses, wrong URL?");
}
}catch(e){alert("error on handler" +e );}
}
function fetchSource()
{
//wait for client to be ready =P
if(client.readyState!=4) return null;
return client.responseText;
}
function fetchURL(url){
//alert("fetchy is here!! cuxi cuxi ");
try{
client.onreadystatechange = handler;
client.open("GET", url,true);
client.send();
}
catch(e){alert("error on fetchSource:" + e);}
}
// -------------------------------- APPLET CODE
public static String getURLSource(String url)
{
if(window == null){System.out.println("window is null"); return null;}
try {
window.call("fetchURL",new Object[] {url});
Thread.sleep(2000);//give the server time to respond with source
return (String)window.call("fetchSource", null);
}
catch(Exception e){
System.out.println("GET URL CRACHED!!!");
return null;
}
}
//don't forget to start window :
public void init()
{
try {
Travian.window = netscape.javascript.JSObject.getWindow(this);
Travian.location = (JSObject)Travian.window.getMember("location");
}catch(Exception e ){System.out.println("init can't start JSObject");}
}
// -----------------------------------------------------------------------
happy coddings!
If I somehow exported the connection problem outside of the browser window... I'd have an authentication problem. So the best way would be to run it somehow using javascript, there's a Dom object capable of doing HTTPRequests and it's called XMLHTTPRequest. There are several details to take care when using this code. One must set browser to allow connection to remote servers from client pages. So there's a cost in security to achieve this goal. Furthermore I couldn't find a way to configure firefox to lower it's security params so it won't run on it yet.
By now I'm still hocked up to the idea of an Applet to manage flow control, and other heavy weight operations, Though my initial idea of processing the source as a raw string has fallen in the pit of plain stupidity. XMLHTTPRequest returns a DOMDocument which can be manipulated with all the charms of the DOM model, and will certainly be better than any code I could write in 3 life times.
So in conclusion I guess I can sleep better tonight :P
If you're trying to do the same for some reason, the way you'd get a raw String with the source to be inputed in to Java would be to declare an Applet on the page containing the script with the XMLHTTPRequest Object so you can call functions who manipulate it from java using the netscape.javascript package. Furthermore XMLHTTPRequest contains a DOMString propertie which can be cast to String no questions asked, leaving us with a happy:
a) (String)window.call(“getSource”,null).
//- ------------------------------- JS
var client = new XMLHttpRequest();
var source;
function init()
{
if (window.xmlhttprequest) { request = new XMLHTTPrequest();}
else if (window.ActiveXObject) {
try {
request = new ActiveXObject("Msxml2.XMLHTTP");
}
catch (e){
try{
request = new ActiveXObject("Microsoft.XMLHTTP");
}
catch (e){}
}
}
}
function handler( ) {
try{
if(this.readyState == 4 && this.status == 200) {
// so far so good
if(this.responseXML != null)
{ } // success! do nothing}
else{ }
}
else if (this.readyState == 4 && this.status != 200) { // fetched the wrong page or network error...
alert("ups check your glasses, wrong URL?");
}
}catch(e){alert("error on handler" +e );}
}
function fetchSource()
{
//wait for client to be ready =P
if(client.readyState!=4) return null;
return client.responseText;
}
function fetchURL(url){
//alert("fetchy is here!! cuxi cuxi ");
try{
client.onreadystatechange = handler;
client.open("GET", url,true);
client.send();
}
catch(e){alert("error on fetchSource:" + e);}
}
// -------------------------------- APPLET CODE
public static String getURLSource(String url)
{
if(window == null){System.out.println("window is null"); return null;}
try {
window.call("fetchURL",new Object[] {url});
Thread.sleep(2000);//give the server time to respond with source
return (String)window.call("fetchSource", null);
}
catch(Exception e){
System.out.println("GET URL CRACHED!!!");
return null;
}
}
//don't forget to start window :
public void init()
{
try {
Travian.window = netscape.javascript.JSObject.getWindow(this);
Travian.location = (JSObject)Travian.window.getMember("location");
}catch(Exception e ){System.out.println("init can't start JSObject");}
}
// -----------------------------------------------------------------------
happy coddings!
segunda-feira, abril 14, 2008
Breaking my head against the Travian wall
I've been fixed on the idea of building an Admin interface for the Travian game. Though out of all my crazy ideas this must have been the one with the MOST trouble. Along with the fact that my JS /DOM was very rusty, I've encountered other difficulties... So from the beginning.
Figuring out how it works:
Travian is build on a mix of php, JS & HTML. The big issue being php, because it's executed server side! Client sends a request. Server reply s with html page. I can't read it, can't access it and the only way I could glimpse it's workarounds would be by monitoring variables being passed to it along with every different call made to the server. Now besides not being the easiest task... it never will grant that I can figure params for hidden evolutions. Because it's not a static game. So I'd only be able to implement a scalable application once I reached the end... and well the hole purpose is to build something that will help me do that. So that made me quit the hole hack trough php idea. The objective is to build an application capable of monitoring action just like any human user would do by reading the page, not modifying it.
So that takes us to the next step. Ok.. I can recognize anchors with a scanner algorithm just as easily as I can with my eyes.... so I'll just have to find a way to process the source. All joyful stupid H. wandered around the house jumping and smoking cigarrets while planning the best way to do it. What language am I using? Am I going to go object oriented and define identities so I can delegate tasks and therefore better organize the application? How about GUI? I don't feel like spending hour costuming it! Javascript? It's cool I can generate tables through DOM and it offers anchors that I can customize by just copying the URLS from the source, I don't even have to worry about logging in as long as I grant that I'm opening the admin window on the the same browser window of the game. Java? Java has a bunch of cool classes for manipulating strings, the own String class, with it's contains and substrings gymnastics and Scanner and Tokenizer. Besides a comfortable Thread manipulation and Timer's... Hum... why don't I mix it all.. I just need a bridge between Java and Javascript so I can pass information around. Well.. I found the bridge, it's a package from netscape and it comes with the plugins jar, somewhere in your JRE. There's not much to know about it, it raps the JS object on a JSObject and sends it to java, while unraping it when it's send back to javascript. Furthermore it's very intuitive, you can even cast it directly to string if it's a text object like in document.body.innerHTML. All very cozy and comfortable. I wrote a window with a bunch of frames, drawn the hole communication and generalist aspects of the application. And I thought ok... now I just need to input the source from the site. And here the trouble started!! You can very easily view any source from any URL with a simple access to: window.document.body.innerHTML but if the URL is out side your “server” then the window becomes a fucking cocoon. You can't access document.body, therefore you can't read the source no fucking way without some other workaround external to plain JS. This is very plain simple conclusion but I lost hours!!! t'ill I realized there was no possible workaround for this. I tried to workaround it in a milion ways, by testing if it had anything to do with a particular propertie, going from window, from frame, from context, getting the calls made by different window object and even tried to schedule a call to an echo function by changing window.onload = setTimeout(“alert(window.document.body.html);”,1000); to make it seem like the window which contained the external URL was asking for this, but couldn't ;P
So now basically I'm stuck at a stupid fetch sorce. I can understand that I can't write to the document. But read it... I call this stupid security! Now to something so simple I'm gonna have to just flush the source right in to Java. Using some sort of bridge to HTTP. I smell servlets. But I know nothing 'bout that.... YET!!! hihihi So...
Don't miss the next chapter 'cause I certainly won't.
God what a bad joke!! LOL
I have two tests tomorrow and an assignment presentation at 11h30 AM. Need sleep.
helga@body: shutdown -h now
Figuring out how it works:
Travian is build on a mix of php, JS & HTML. The big issue being php, because it's executed server side! Client sends a request. Server reply s with html page. I can't read it, can't access it and the only way I could glimpse it's workarounds would be by monitoring variables being passed to it along with every different call made to the server. Now besides not being the easiest task... it never will grant that I can figure params for hidden evolutions. Because it's not a static game. So I'd only be able to implement a scalable application once I reached the end... and well the hole purpose is to build something that will help me do that. So that made me quit the hole hack trough php idea. The objective is to build an application capable of monitoring action just like any human user would do by reading the page, not modifying it.
So that takes us to the next step. Ok.. I can recognize anchors with a scanner algorithm just as easily as I can with my eyes.... so I'll just have to find a way to process the source. All joyful stupid H. wandered around the house jumping and smoking cigarrets while planning the best way to do it. What language am I using? Am I going to go object oriented and define identities so I can delegate tasks and therefore better organize the application? How about GUI? I don't feel like spending hour costuming it! Javascript? It's cool I can generate tables through DOM and it offers anchors that I can customize by just copying the URLS from the source, I don't even have to worry about logging in as long as I grant that I'm opening the admin window on the the same browser window of the game. Java? Java has a bunch of cool classes for manipulating strings, the own String class, with it's contains and substrings gymnastics and Scanner and Tokenizer. Besides a comfortable Thread manipulation and Timer's... Hum... why don't I mix it all.. I just need a bridge between Java and Javascript so I can pass information around. Well.. I found the bridge, it's a package from netscape and it comes with the plugins jar, somewhere in your JRE. There's not much to know about it, it raps the JS object on a JSObject and sends it to java, while unraping it when it's send back to javascript. Furthermore it's very intuitive, you can even cast it directly to string if it's a text object like in document.body.innerHTML. All very cozy and comfortable. I wrote a window with a bunch of frames, drawn the hole communication and generalist aspects of the application. And I thought ok... now I just need to input the source from the site. And here the trouble started!! You can very easily view any source from any URL with a simple access to: window.document.body.innerHTML but if the URL is out side your “server” then the window becomes a fucking cocoon. You can't access document.body, therefore you can't read the source no fucking way without some other workaround external to plain JS. This is very plain simple conclusion but I lost hours!!! t'ill I realized there was no possible workaround for this. I tried to workaround it in a milion ways, by testing if it had anything to do with a particular propertie, going from window, from frame, from context, getting the calls made by different window object and even tried to schedule a call to an echo function by changing window.onload = setTimeout(“alert(window.document.body.html);”,1000); to make it seem like the window which contained the external URL was asking for this, but couldn't ;P
So now basically I'm stuck at a stupid fetch sorce. I can understand that I can't write to the document. But read it... I call this stupid security! Now to something so simple I'm gonna have to just flush the source right in to Java. Using some sort of bridge to HTTP. I smell servlets. But I know nothing 'bout that.... YET!!! hihihi So...
Don't miss the next chapter 'cause I certainly won't.
God what a bad joke!! LOL
I have two tests tomorrow and an assignment presentation at 11h30 AM. Need sleep.
helga@body: shutdown -h now
domingo, abril 06, 2008
travian
Ohhh H! You're reading web page's script code again! Damn girl! Well... I just thought this was hilarious and had to share it with you. The following bit of code was taken from unx.js at http://s3.travian.pt/.
function T_Load(url,id)
{
g=false;
if(window.XMLHttpRequest)
{
g=new XMLHttpRequest();
if(g.overrideMimeType)
{
g.overrideMimeType('text/xml');
}
}
else if(window.ActiveXObject)
{
try
{
g=new ActiveXObject("Msxml2.XMLHTTP");
}
catch(e)
{
try
{
g=new ActiveXObject("Microsoft.XMLHTTP");
}
catch(e){}
}
}
if(!g)
{
alert('Can not create XMLHTTP-instance');
return false;
}
g.onreadystatechange=function(){al(id);};
g.open('GET',url,true);
g.send(null);
};
What's so funny in it, is the use of variable g. Which starts as boolean and ends up as an object. This could only be allowed in a language like javascript. And why? Well there's no type declaration, it's optional to do that. Now just how does it reach binary? How can you tell the size? Are they all the same size like in java? Javascript wonders!
Now the reason why I'm reading this:
This travian thing, it's a game. An online, strategy game. Make a village, get an army, attack neighbors kind of thing. But it's real time, things take for ever to evolve. I'd just love to leave some actions recorded to be done in the future. I imagine this would add considerable volume of data in to the server... not to mention that it could be programed so that my soldiers would leave the village and go visit some looser player that can't possibly have an army, while bringing back some resources anytime an attack is coming in. And then again there is the incentive of the “in control” feeling. I just can't bear the infinite number of tabs open one to each field (resources, village, future victims of attacks). I want a frame that lists previous attacks with distance to my village and resources taken, I want to know how long before I have resources to evolve something, I want to be able to put on an “agenda” any build, attack, market action I feel like so I can have my life back. LOL I mean.. I got other things to do!
function T_Load(url,id)
{
g=false;
if(window.XMLHttpRequest)
{
g=new XMLHttpRequest();
if(g.overrideMimeType)
{
g.overrideMimeType('text/xml');
}
}
else if(window.ActiveXObject)
{
try
{
g=new ActiveXObject("Msxml2.XMLHTTP");
}
catch(e)
{
try
{
g=new ActiveXObject("Microsoft.XMLHTTP");
}
catch(e){}
}
}
if(!g)
{
alert('Can not create XMLHTTP-instance');
return false;
}
g.onreadystatechange=function(){al(id);};
g.open('GET',url,true);
g.send(null);
};
What's so funny in it, is the use of variable g. Which starts as boolean and ends up as an object. This could only be allowed in a language like javascript. And why? Well there's no type declaration, it's optional to do that. Now just how does it reach binary? How can you tell the size? Are they all the same size like in java? Javascript wonders!
Now the reason why I'm reading this:
This travian thing, it's a game. An online, strategy game. Make a village, get an army, attack neighbors kind of thing. But it's real time, things take for ever to evolve. I'd just love to leave some actions recorded to be done in the future. I imagine this would add considerable volume of data in to the server... not to mention that it could be programed so that my soldiers would leave the village and go visit some looser player that can't possibly have an army, while bringing back some resources anytime an attack is coming in. And then again there is the incentive of the “in control” feeling. I just can't bear the infinite number of tabs open one to each field (resources, village, future victims of attacks). I want a frame that lists previous attacks with distance to my village and resources taken, I want to know how long before I have resources to evolve something, I want to be able to put on an “agenda” any build, attack, market action I feel like so I can have my life back. LOL I mean.. I got other things to do!
quarta-feira, abril 02, 2008
3 ethernet cards , 2 computers , 1 internet conection
Why I hate windows to the gut?!
Here's a simple problem. 2 computers, 3 Ethernet cards 2 ethernet cables, 1 modem => 1 ISP connection. Objective share Internet connection between two computers. Should be a simple task.
If you're looking for a solution and out of patience just press ctrl+f and type in solution: lol
Now windows was suppose to be your friend. You say: hey I would love to set up a network. This computer connects to the Internet, or this computer connects to a network that somewhere has a computer that connects to the Internet. This would be logical, I send a packet outside of my network and it should find it's way to the gateway (the gate that guards the entrance to my little world) and there it should ask who ever knows and send it to where it's meant to go.
Problems:
I shall call primary to the computer that directly connects to the Internet and secondary to the computer we want to connect to primary so it can also access the internet. It's a wired network! At the very beginning it's like having to separate pipes. One pipe goes from primary to secondary, the other pipe goes from primary to the ISP. So without some trick it's like trying to flush my toilet in some chink bathroom in the other end of the world. There is no connection! The packets can reach the gateway, but they can't get out of it because no one inside the intranet knows where to look for the address. The card from intranet does not know where the card to the Internet is. Thought our friend windows should know!
I hate windows to the gut because windows help files never tell you anything, it's like trying to learn nutrition from a recipe book. Nothing against it when it works but it makes me real mad when it doesn't, it gives me that feeling that you get when you're a little kid trying to open that new toy you got in Xmas with your nails. Someone get the kid a screwdriver!
Well the missing part of the puzzle is bridge! As the name foresees it's something that “connects” the two cards together so they can act as a single connection.
Solution:
I found this at: http://forums.techguy.org/windows-vista/579886-ics-vista-host-xp-client-4.html
posted by: vasudevan84 , I also added some comments because the post sometimes seemed confusing or I really should be sleeping by now or something ;P
okie people..
Hi Guys Try this...
First RUN services.msc on your Vista Machine.
Start Two services.
1. Internet Connection Sharing
//I had trouble here... Vista was telling me It could not enable it 'cause it was not being used
// if so come back to enable it once you've created the bridge
2. Windows Firewall.
now go to Control Panel\Network and Sharing Center\Manage Connection(Left Side Options)
u should see Two connection(i'll rename then to HOME for Local Network and INTERNET for obviously Internet Access) and probably a Bridged Network(if u made one)
1. Now Configure INTERNET(with the IP addresses (TCP/IPv4)For your Internet Access)
//It was only a while ago that I learn how to edit this so... assuming you may be in trouble too
//go to INTERNET properties and then double click on TCP/IPv4 to edit
//most ISPs will want you to get you're IP over dhcp so if in doubt set it to be automatic
2. Set HOME to Auto Config (TCP/IPv4)
3. Select the two Connection now and Right Click\Bridge Connections.
4. Open the Network Bridge options\ UNCHECK the connection INTERNET from there.
5.Make sure the (TCP/IPv4) settings in the NETWORK BRIDGE are set to Auto Config...
6.Now go back to the INTERNET\Sharing TAB\Check option Allow Other Network users to connect through this computers Internet Connection and optionally the second one.
Thats all folks we are done.
PS. Make sure the Connection on XP machine is set to Auto Config again.
This give you File sharing and Inter Connection on Both Vista and XP machine now. BUT the catch is your IP address on XP machine would be dynamic...
Okie the Point is ENABLE the two services on the VISTA machine, bridge the two connection but uncheck the Internet Connetion from the bridge and then share it.
//of course the secondary can be running any Operating System providing dhcp, if on Slackware run
//myName@host: dhclient eth0
Enjoy surfing using your brain and saving 30 euros on a hub.
Nhaaa “Buy a hub!!! buy a hub!!! It so much easier... nha nha nha.“ Ohhh god save them from their stupidity!
Well have been Grumpy lately. ;P
Here's a simple problem. 2 computers, 3 Ethernet cards 2 ethernet cables, 1 modem => 1 ISP connection. Objective share Internet connection between two computers. Should be a simple task.
If you're looking for a solution and out of patience just press ctrl+f and type in solution: lol
Now windows was suppose to be your friend. You say: hey I would love to set up a network. This computer connects to the Internet, or this computer connects to a network that somewhere has a computer that connects to the Internet. This would be logical, I send a packet outside of my network and it should find it's way to the gateway (the gate that guards the entrance to my little world) and there it should ask who ever knows and send it to where it's meant to go.
Problems:
I shall call primary to the computer that directly connects to the Internet and secondary to the computer we want to connect to primary so it can also access the internet. It's a wired network! At the very beginning it's like having to separate pipes. One pipe goes from primary to secondary, the other pipe goes from primary to the ISP. So without some trick it's like trying to flush my toilet in some chink bathroom in the other end of the world. There is no connection! The packets can reach the gateway, but they can't get out of it because no one inside the intranet knows where to look for the address. The card from intranet does not know where the card to the Internet is. Thought our friend windows should know!
I hate windows to the gut because windows help files never tell you anything, it's like trying to learn nutrition from a recipe book. Nothing against it when it works but it makes me real mad when it doesn't, it gives me that feeling that you get when you're a little kid trying to open that new toy you got in Xmas with your nails. Someone get the kid a screwdriver!
Well the missing part of the puzzle is bridge! As the name foresees it's something that “connects” the two cards together so they can act as a single connection.
Solution:
I found this at: http://forums.techguy.org/windows-vista/579886-ics-vista-host-xp-client-4.html
posted by: vasudevan84 , I also added some comments because the post sometimes seemed confusing or I really should be sleeping by now or something ;P
okie people..
Hi Guys Try this...
First RUN services.msc on your Vista Machine.
Start Two services.
1. Internet Connection Sharing
//I had trouble here... Vista was telling me It could not enable it 'cause it was not being used
// if so come back to enable it once you've created the bridge
2. Windows Firewall.
now go to Control Panel\Network and Sharing Center\Manage Connection(Left Side Options)
u should see Two connection(i'll rename then to HOME for Local Network and INTERNET for obviously Internet Access) and probably a Bridged Network(if u made one)
1. Now Configure INTERNET(with the IP addresses (TCP/IPv4)For your Internet Access)
//It was only a while ago that I learn how to edit this so... assuming you may be in trouble too
//go to INTERNET properties and then double click on TCP/IPv4 to edit
//most ISPs will want you to get you're IP over dhcp so if in doubt set it to be automatic
2. Set HOME to Auto Config (TCP/IPv4)
3. Select the two Connection now and Right Click\Bridge Connections.
4. Open the Network Bridge options\ UNCHECK the connection INTERNET from there.
5.Make sure the (TCP/IPv4) settings in the NETWORK BRIDGE are set to Auto Config...
6.Now go back to the INTERNET\Sharing TAB\Check option Allow Other Network users to connect through this computers Internet Connection and optionally the second one.
Thats all folks we are done.
PS. Make sure the Connection on XP machine is set to Auto Config again.
This give you File sharing and Inter Connection on Both Vista and XP machine now. BUT the catch is your IP address on XP machine would be dynamic...
Okie the Point is ENABLE the two services on the VISTA machine, bridge the two connection but uncheck the Internet Connetion from the bridge and then share it.
//of course the secondary can be running any Operating System providing dhcp, if on Slackware run
//myName@host: dhclient eth0
Enjoy surfing using your brain and saving 30 euros on a hub.
Nhaaa “Buy a hub!!! buy a hub!!! It so much easier... nha nha nha.“ Ohhh god save them from their stupidity!
Well have been Grumpy lately. ;P
quarta-feira, março 19, 2008
if(true && false)
let's say that sometimes... I can't help my self when comes to pressing ctrl + U and snicking to take a look at the source code of the web page. I've seen a couple of strange things, but never something like this.
if (true && false) {
//configuration variables
hbx.acct='DM570919C1BC';//abtest account number
//segments and funnels?
hbx.seg=getViewerSegment();//visitor segmentation
hbx.hc3 = "sample_B";
"document.write('\ script language="javascript1.1" src="http://www.hi5.com/friend/js/wss/hbx.js" " <\/script>'); 've seen a couple of strange things, but never something like this.
}
now first reasoning: this is alien logics and that "if" can run on terms I cannot understand.
Second reasoning: it's a dynamically generated page (script included) and somehow variables determined that those parameters should be written separatly... so they ended up being whatever and that whatever is impossible. now this would make some sense... not all the sense because if that is the case why not use the same variables to omit the whole bit of code?
question: is there a way to record this and resend it in my terms? now to do that I'd have to make an app capable of doing my own packets, one of the problems that jumps right in to the eye and fires frustration is Referer. Even If I change the source and then try to load it, the browser will try to find the files on my computer... unless...
ohh well.. no time, no knowledge.
if (true && false) {
//configuration variables
hbx.acct='DM570919C1BC';//abtest account number
//segments and funnels?
hbx.seg=getViewerSegment();//visitor segmentation
hbx.hc3 = "sample_B";
"document.write('\ script language="javascript1.1" src="http://www.hi5.com/friend/js/wss/hbx.js" " <\/script>'); 've seen a couple of strange things, but never something like this.
}
now first reasoning: this is alien logics and that "if" can run on terms I cannot understand.
Second reasoning: it's a dynamically generated page (script included) and somehow variables determined that those parameters should be written separatly... so they ended up being whatever and that whatever is impossible. now this would make some sense... not all the sense because if that is the case why not use the same variables to omit the whole bit of code?
question: is there a way to record this and resend it in my terms? now to do that I'd have to make an app capable of doing my own packets, one of the problems that jumps right in to the eye and fires frustration is Referer. Even If I change the source and then try to load it, the browser will try to find the files on my computer... unless...
ohh well.. no time, no knowledge.
segunda-feira, março 10, 2008
network darkness
Networks and distributed systems must be among the most delightful ideas in the history of mankind. As a concept they are perfect: they are open, they are available, they are transparent and they are reliable. But every hero exists along with a villain and that's where the search able, crackable, copyable, forward(able), scan(able) words come along. With the right kind of knowledge, you can find a persons address (both electronic and physical), pseudo names, photos, biography, dreams... with enough luck even a diary and his friends opinion on that horrible t-shirt that made john doe look like a gay cat that just ran out of a storm in the hula hupy desert.
Anaïs Nin once said: “we don't see things as they are, we see things as we are.”
So the question i pose to you is: how do you look at the Internet? Are you an optimistic supporter or a paranoid avoider?
If you have a blog, a myspace, a photolog, a hi5 profile you are exposed. And people want to be exposed, they want to be fashionable, pretty... known! But all this applause upon the self comes with a price. Where's your privacy? Never the menace “the hole world is going to know you slept with A or B” has been so true. All C as to do is write it online. You can ask: has D ever slept with A or B? How reliable is the information? You can be reading a page written by a florist hobbyist that truly believes TCP/IP is a form manure... only God knows what kind of rubble can be found. But people are working frenetically to try to stop YOU from giving THEM false data. This line of work is know as data mining, and you can see it running on most online forms you fill. Ohh mister your name (say for instance “A.”) is too small. Hey your e-mail address (ex. stop_nagging_me_with_this_bullshit_I_don't_want_your_newsletter) is in an incorrect format. Etc. This would be wonderful if it could ever replace good judgment and conscientious reading, but unfortunately most data verification is done using databases, and you cannot nor will ever can build a database for right ideas. Human beings will have to keep using their external references to decide whether something is true or not. ex. If there's a IEEE page saying a new technology will be implemented you expect it to be reliable, as opposed to reading the same info on john doe's blog that you cannot cross reference with anything in a Google search on the matter.
So.. out of the fog Jesus came walking over the water... ups wrong script.
Hum... hum... all this conversation because I stumbled upon this paragraph:
“Another key topic is government versus citizen. The FBI has installed a system at many
Internet service providers to snoop on all incoming and outgoing e-mail for nuggets of interest
to it (Blaze and Bellovin, 2000; Sobel, 2001; and Zacks, 2001). The system was originally
called Carnivore but bad publicity caused it to be renamed to the more innocent-sounding
DCS1000. But its goal is still to spy on millions of people in the hope of finding information
about illegal activities. Unfortunately, the Fourth Amendment to the U.S. Constitution prohibits
government searches without a search warrant. Whether these 54 words, written in the 18th
century, still carry any weight in the 21st century is a matter that may keep the courts busy
until the 22nd century.”
Andrew S. Tanenbaum - Computer Networks
The government needs a warrant? How about with the new anti-terrorism law? If this software exists then any pimple filled teenager with a nice brain and poor social skills can be reading my e-mail, and tracking my Internet activities. Point being: does this make me comfortable? Not really. Would I ever stop surfing or publishing stuff because of this? Not in a million years!
The important part is to keep everyone informed of the danger involved in Internet communications, how to keep their sensitive data secure (as secure as possible... if it's streaming... its crackable... leave the “lived happy ever after” for Disney movies). So we can all live joyfully in the matrix.
Muahaahahaha
Anaïs Nin once said: “we don't see things as they are, we see things as we are.”
So the question i pose to you is: how do you look at the Internet? Are you an optimistic supporter or a paranoid avoider?
If you have a blog, a myspace, a photolog, a hi5 profile you are exposed. And people want to be exposed, they want to be fashionable, pretty... known! But all this applause upon the self comes with a price. Where's your privacy? Never the menace “the hole world is going to know you slept with A or B” has been so true. All C as to do is write it online. You can ask: has D ever slept with A or B? How reliable is the information? You can be reading a page written by a florist hobbyist that truly believes TCP/IP is a form manure... only God knows what kind of rubble can be found. But people are working frenetically to try to stop YOU from giving THEM false data. This line of work is know as data mining, and you can see it running on most online forms you fill. Ohh mister your name (say for instance “A.”) is too small. Hey your e-mail address (ex. stop_nagging_me_with_this_bullshit_I_don't_want_your_newsletter) is in an incorrect format. Etc. This would be wonderful if it could ever replace good judgment and conscientious reading, but unfortunately most data verification is done using databases, and you cannot nor will ever can build a database for right ideas. Human beings will have to keep using their external references to decide whether something is true or not. ex. If there's a IEEE page saying a new technology will be implemented you expect it to be reliable, as opposed to reading the same info on john doe's blog that you cannot cross reference with anything in a Google search on the matter.
So.. out of the fog Jesus came walking over the water... ups wrong script.
Hum... hum... all this conversation because I stumbled upon this paragraph:
“Another key topic is government versus citizen. The FBI has installed a system at many
Internet service providers to snoop on all incoming and outgoing e-mail for nuggets of interest
to it (Blaze and Bellovin, 2000; Sobel, 2001; and Zacks, 2001). The system was originally
called Carnivore but bad publicity caused it to be renamed to the more innocent-sounding
DCS1000. But its goal is still to spy on millions of people in the hope of finding information
about illegal activities. Unfortunately, the Fourth Amendment to the U.S. Constitution prohibits
government searches without a search warrant. Whether these 54 words, written in the 18th
century, still carry any weight in the 21st century is a matter that may keep the courts busy
until the 22nd century.”
Andrew S. Tanenbaum - Computer Networks
The government needs a warrant? How about with the new anti-terrorism law? If this software exists then any pimple filled teenager with a nice brain and poor social skills can be reading my e-mail, and tracking my Internet activities. Point being: does this make me comfortable? Not really. Would I ever stop surfing or publishing stuff because of this? Not in a million years!
The important part is to keep everyone informed of the danger involved in Internet communications, how to keep their sensitive data secure (as secure as possible... if it's streaming... its crackable... leave the “lived happy ever after” for Disney movies). So we can all live joyfully in the matrix.
Muahaahahaha
sexta-feira, fevereiro 15, 2008
Vista Up and running
Ohhh my my my!! I can barely hold my fingers!! I'm now writing from a recently installed Windows Vista and if surprise could be seen, a person on the moon could see me glowing tonight. I installed Vista directly connected to the Internet and still no sign of virus. It's running wonderfully on my Intel Dual Core at 2.13 Ghz + 2 GB RAM + Nvidea Graphics (256MBs). Even faster than XP and certainly much more appealing visually.
With some gymnastics current Desktop has 3 installed Os (Win XP, Win Vista , Linux Slackware). Of course all made possible by lilo magic and two physical disks split up in a total of (4+2=6) partitions.
SDA(250GB)
sda1 - Windows XP (ntfs)
sda2 – Linux Swap
sda3- Linux Slackware(ext2 )
sda4- Files (Fat32 so I can write on it from linux as well)
HDB(80GB)
hdb1 – Windows Vista
hdb2 – Another FAT32 file partition
It's soon to say, but I'm tempted to mark this as the end of my Microsoft allergy.
Or not... :P still think of it as an OA (as in Open Ass). Not that it's particularly more insecure than linux by default. The question is, I believe, that being vulgar... it's a more apealing target to work on.
With some gymnastics current Desktop has 3 installed Os (Win XP, Win Vista , Linux Slackware). Of course all made possible by lilo magic and two physical disks split up in a total of (4+2=6) partitions.
SDA(250GB)
sda1 - Windows XP (ntfs)
sda2 – Linux Swap
sda3- Linux Slackware(ext2 )
sda4- Files (Fat32 so I can write on it from linux as well)
HDB(80GB)
hdb1 – Windows Vista
hdb2 – Another FAT32 file partition
It's soon to say, but I'm tempted to mark this as the end of my Microsoft allergy.
Or not... :P still think of it as an OA (as in Open Ass). Not that it's particularly more insecure than linux by default. The question is, I believe, that being vulgar... it's a more apealing target to work on.
terça-feira, fevereiro 05, 2008
Geting just about any music you want
If it's streaming in to my computer, then there must be a way to grab it I thought- frustrated while not being able to figure out where the damn file was being pulled from. See most sites now have players in flash, because you can't trace the source of an swf, unless there's some way of decompiling it. But hey! Even if there is, that's a hell of a lot more trouble than reading the html source, or downloading that “hidden” *.js the guy has in some dark directory on the same server.
So... by accident while trying to read some tuts on wireshark, I just stumbled on another you tube magical video.
now this is about video files... but hey, potatoes and tomatoes it's all vegetables. Same to any stream. The guy suggests looking for the file, but my blind eyes and rather hazy mind suggest using ctrl+f , then select string and type your keyword like “mp3” or something like that. And voyla. Host and get bla blabla magic. Concatenate and paste on location in your favorite browser.
In conclusion I must say that I am not in favor of “stealing” everything. Point being that I couldn't have it otherwise. Is it that wrong? I couldn't buy it, I'd buy it if I could! There's no money taken.
Support your favorite artists, more money for them means more music for you do enjoy.
So... by accident while trying to read some tuts on wireshark, I just stumbled on another you tube magical video.
now this is about video files... but hey, potatoes and tomatoes it's all vegetables. Same to any stream. The guy suggests looking for the file, but my blind eyes and rather hazy mind suggest using ctrl+f , then select string and type your keyword like “mp3” or something like that. And voyla. Host and get bla blabla magic. Concatenate and paste on location in your favorite browser.
In conclusion I must say that I am not in favor of “stealing” everything. Point being that I couldn't have it otherwise. Is it that wrong? I couldn't buy it, I'd buy it if I could! There's no money taken.
Support your favorite artists, more money for them means more music for you do enjoy.
Subscrever:
Mensagens
(
Atom
)
