Digg down, suggests you watch some p0rn while they restart the servers

Digg was down for a couple of minutes. Check the highlighted links :-). I'm wondering if that's a bug or a feature...




Doesn't look like anything was hacked though, google indexed it and all.



Either way, some of the links aren't exactly "Safe for Work" and it seems pretty irresponsible to put them on the front page like that, heh.

International High IQ Society

TA3 is the most difficult standardized IQ test provided by the International High IQ Society. It's geared for accurate higher IQ levels, rather than 90-110 IQ levels. Nice if you're sick of all those online IQ tests where you always score 160...

Macbook Air - Razor Thin Computing

Razor thin MacBook
64 GB Solid state drive and 1.36 kg is awesome for a 1.6-1.8Ghz machine with 2GB of RAM.

Installing Quake 3 on Solaris, fixing lib issues

Want to play some games on Solaris? You can grab Quake 3 + data (demo) here. pkgadd -d the packages (data first).

This is also a way to troubleshoot various missing files or LD issues on Solaris.

Run /usr/local/bin/ioquake3.sh

% /usr/local/bin/ioquake3.sh
ld.so.1: ioquake3.i386: fatal: libGLU.so.1: open failed: No such file or directory
/usr/local/bin/ioquake3.sh: line 39: 1678 Killed ${EXEC_DIR}/${EXEC_BIN} ${EXEC_FLAGS} $*

Well, that's no good. Let's find libGLU.so.1:

% grep libGLU.so.1 /var/sadm/install/contents
/usr/X11/lib/GL/amd64/libGLU.so.1=../../mesa/amd64/libGLU.so.1 s none SUNWxorg-mesa
/usr/X11/lib/GL/libGLU.so.1=../mesa/libGLU.so.1 s none SUNWxorg-mesa
...

Well, this should do it. What is that script running though? A simple grep for EXEC_BIN and EXEC_DIR in /usr/local/bin/ioquake3.sh gives us the location: /usr/local/share/games/quake3/ioquake3.i386

% ldd /usr/local/share/games/quake3/ioquake3.i386 | grep "not found"
libGLU.so.1 => (file not found)

So, now all we need to do is add libGLU.so.1 to the proper library path, and we're good to go:

export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/X11/lib/

Use /usr/local/bin/ioquake3.sh to start Quake 3.

Enjoy :-).

Unconventional Oracle Database installation in a straitjacket

Bored? http://blogs.oracle.com/otn/2008/01/03#a1182

Run ancient UNIX v5 on your Gameboy with gbaunix

Bored? Why not run UNIX 5th edition on your gameboy..

http://www.kernelthread.com/publications/gbaunix/



Double bored? Emulate the GBA :P.

Johnny Lee's back with more Wii hacks - Head Tracking

Virtual Reality, Cheap! Johnny is back with more Wii hacks. This time, he uses the Wii infrared camera (Wii Remote) to perform head tracking (using 2 Infrared LEDs or the Nintendo Sensor Bar). Basically, this allows him to use the data for positioning the viewer's head in space (by solving the triangle) and move the displayed data around to emulate a 3D display.




He makes the source code to his applications fully available, so if you feel like using a 3D display, an air keyboard or a virtual chalkboard, check his projects:

http://www.cs.cmu.edu/~johnny/projects/wii/

Gigabyte i-RAM memory disk - acts like regular SATA disk

iRAM is a RAMDISK that acts like a regular SATA drive, but uses DDR memory modules(4 battery backed 184-pin DIMM slots that accept any DDR DIMM and support up to 4GB unbuffered / non-ECC memory).



http://techreport.com/articles.x/9312

Some cool usage: Using more iRAM drives in a RAID-0 :-).

http://kiti.main.jp/Report/Waller/Waller1.htm
http://kiti.main.jp/Report/Waller/Waller2.htm

Why I hate Gnome...

I have been using GNOME for over 7 years now, and feel that with every release it gets more unstable, buggy and bloated. Good features get removed or reimplemented in some horribly broken form. Or they just mess around with sane default settings (see Always Open in Browser windows to Windows 95 style open a new window for each browser). Sometimes they hide the icons, the trash can, the delay settings... and they so love to complicate the configuration files. But now....

It looks like GNOME is desperately trying to become the new "Microsoft BOB":

Bug 324253 – "New document" and "Open terminal" non active by default in context menu

- "Open terminal" is frustrating (and scary) for users not knowing what to do with a terminal, the vast majority of GNOME users nowadays. If anybody needs to open a terminal there is an easy way to do so through Applications. If really needed, the user could activate this preference from Preferences.

Yes people, that is why the right click - open terminal shortcut was REMOVED from Gnome 2.14 and later. It's a BUG since it SCARES away users. Boooo.. and now you need to install a "plugin" like nautilus-open-terminal. WTF. Yes, all users must be retarded, let's remove a useful feature...

Linus Torvalds had some things to say about Gnome too:

"This 'users are idiots, and are confused by functionality' mentality of Gnome is a disease. If you think your users are idiots, only idiots will use it. I don't use Gnome, because in striving to be simple, it has long since reached the point where it simply doesn't do what I need it to do."

Where Gnome aims to be in 5 years:



// Sorry for the rant, but I just had to get his off my chest... I miss Sawfish :-(.

Cool April RFCs - RFC 1149 - IP datagrams on avian carriers - Pigeon and OCR Implementation

A couple of cool April 1st RFC's:

RFC 1149:Standard for the transmission of IP datagrams on avian carriers
RFC 2549: IP over Avian Carriers with Quality of Service

Of course someone "wrote" an implementation...
http://blug.linux.no/rfc1149/index.html
Pictures from the worlds first RFC 1149 implementation. (IP datagrams printed, transmitted via pigeon messages, scanned, OCR-ed and re-assembled).

Karl Magnus with a test packet:



PS: the bloke in the Red Hat [SIC] is Alan Cox, Linux kernel developer.

Turn a Wii into a whiteboard or tracking system

Now this is cool:

"Using an LED array and some reflective tape, you can use the infrared camera in the Wii remote to track objects, like your fingers, in 2D space."



"Since the Wiimote can track sources of infrared (IR) light, you can track pens that have an IR led in the tip. By pointing a wiimote at a projection screen or LCD display, you can create very low-cost interactive whiteboards or tablet displays. Since the Wiimote can track upto 4 points, multiple pens can be used."

http://www.cs.cmu.edu/~johnny/projects/wii/

Repair MBR in Windows using mbrfix, fixmbr, bootrec, testdisk, dd and gag

Accidentally rewritten your MBR (or even the partition table) and can't find your old Win9x friend, "fdisk /mbr"? Well, here's a couple of ways on how to fix it:

• Fixmbr.exe - Repairs the master boot record of the boot disk. The fixmbr command is only available when you are using the Recovery Console. Example: "fixmbr \Device\HardDisk0"
• Bootrec.exe tool in the Windows Recovery Environment to troubleshoot and repair startup issues in Windows Vista. The /FixMbr option writes a Windows Vista-compatible MBR to the system partition. This option does not overwrite the existing partition table. Use this option when you must resolve MBR corruption issues, or when you have to remove non-standard code from the MBR.
• MbrFix.exe - Free tool that performs several Master Boot Record (MBR) tasks like backup, restore, rewrite (fix) the boot code in the MBR, etc. Supports Windows NT, Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows PE. Both 32-bit and 64-bit x64 edition. Don't use for GUID Partition Table (GPT) disks. Example: "MbrFix /drive 0 fixmbr /vista /yes"
• TestDisk is a powerful free data recovery softwar designed to help recover lost partitions and/or make non-booting disks bootable again.
  
• GAG is an open source graphical boot manager which supports multiple operating systems. The floppy or CD can be used to boot Windows (or any other OS), then use recover tools to recover the MBR.

The MBR resides within the first 446 (0x1BE) bytes , the next 64 bytes are the Partition Table, and the last two bytes in the sector are a signature word for the sector and are always 0x55AA.This means that you can use the "dd" tool to backup, restore or modify your MBR "by hand". Example:

dd if=/dev/YOURDISKHERE of=mymbr bs=446 count=1

Will perform a backup copy that can be later restored using dd :-).

What about Linux or other operating systems? Well, you're probably using GRUB or LiLO, so you can simply boot your partition using (any) LiveCD (or GAG) and restore them. As simple as boot, fsck, mount, chroot, grub - you're set. You can also try using SuperGrubBootDisk.

Cracking wireless keyboards

Cracking the encryption on wireless keyboards and setting up a keylogger is trivial.

Computer Randomly Plays Classical Music

"Your computer may play "Fur Elise" or "It's a Small, Small World" seemingly at random. This is an indication sent to the PC speaker from the computer's BIOS that the CPU fan is failing or has failed, or that the power supply voltages have drifted out of tolerance. This is a design feature of a detection circuit and system BIOSes developed by Award/Unicore from 1997 on." - Microsoft Support

Cracking Cisco type 7 and type 5 PIX passwords with Cain and Abel

Number one reason you shouldn't paste your Cisco configs or password hashes on the Internet:

Cisco's PIX password encryption is a base64 encoded MD5 hashsum, using only one MD5 update (no salting or anything). This also permits for cryptanalysis attacks using rainbow tables to speed up the process.

Simple hashes like:

enable password RLPMUQ26KL4blgFN encrypted

Get cracked instantly. -> 1234


Also, note that MD5 has know weaknesses in the algorithm, that may allow for more complex password cracking attacks.

Also, if you're using a "type 7" password, that's pretty much useless, since it can get cracked instantly. People can just use simple tools such as Cain and Abel, or Solarwinds Router Password Decryption to reverse the crypto on type 7 passwords.

someuser privilege 0 password 7 06351A3149085123301517391C501918

IOS type 5 passwords (MD5 using 1000 rounds) is more complex, and harder to crack, but yous still shouldn't paste your hashes for everyone to see... Remember, even with type 5 passwords, you're still vulnerable to dictionary attacks, hybrid attacks, rainbow table attacks (PIX only), md5 repository attacks, or plain old password guessing.

If you're going to paste your config files anywhere, use the "show tech-support" command available in newer IOS versions. It gives more info, and strips confidential information, password hashes and such.


You can even use decrypt.pl - a neat little Perl script to instantly decrypt type 7 passwords:

#!/usr/bin/perl -w
# $Id: ios7decrypt.pl,v 1.1 1998/01/11 21:31:12 mesrik Exp $
#
# Credits for orginal code and description hobbit@avian.org,
# SPHiXe, .mudge et al. and for John Bashinski
# for Cisco IOS password encryption facts.
#
# Use for any malice or illegal purposes strictly prohibited!
#

@xlat = ( 0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f, 0x41,
0x2c, 0x2e, 0x69, 0x79, 0x65, 0x77, 0x72, 0x6b, 0x6c,
0x64, 0x4a, 0x4b, 0x44, 0x48, 0x53 , 0x55, 0x42 );

}

while (<>) {
if (/(password|md5)\s+7\s+([\da-f]+)/io) {
if (!(length($2) & 1)) {
$ep = $2; $dp = "";
($s, $e) = ($2 =~ /^(..)(.+)/o);
for ($i = 0; $i < length($e); $i+=2) {
$dp .= sprintf "%c",hex(substr($e,$i,2))^$xlat[$s++];
}
s/7\s+$ep/$dp/;
}
}
print;
}

Exploiting md5 and other hashing functions collisions for fun and profit

The crytographic hash function MD5 has been broken. In March 2005, Xiaoyun Wang and Hongbo Yu of Shandong University in China published an article in which they describe an algorithm that can find two different sequences of 128 bytes with the same MD5 hash.

More links can also be found on Wikipedia's MD5 page.

SHA-0 has also been broken and The security of SHA-1 has been somewhat compromised by cryptography researchers. Chinese cryptographers showed that SHA-1 is not collision-free. That is, they developed an algorithm for finding collisions faster than brute force. There was also an attack reported in RIPEMD.

Practical applications of md5 collisions:

• Magnus Daum and Stefan Lucks have created two PostScript files with identical MD5 hash, of which one is a letter of recommendation, and the other is a security clearance.
• Eduardo Diaz has described a scheme by which two programs could be packed into two archives with identical MD5 hash. A special "extractor" program turn one archive into a "good" program and the other into an "evil" one.
• Here's a pair of valid X.509 certificates that have identical signatures. The hash function used is MD5.
• Here's a paper demonstrating a technique for finding MD5 collisions quickly: eight hours on 1.6 GHz computer.
• Hashclash - Vulnerability of software integrity and code signing applications to chosen-prefix collisions for MD5
• The Status of MD5 after a recent attack (1996 whitepaper)
  

The following is an improvement of Diaz's example, which does not need a special extractor. Here are two pairs of executable programs (one pair runs on Windows, one pair on Linux).

• Windows version:
  • hello.exe. MD5 Sum: cdc47d670159eef60916ca03a9d4a007
  • erase.exe. MD5 Sum: cdc47d670159eef60916ca03a9d4a007
• Linux version (i386):
  • hello. MD5 Sum: da5c61e1edc0f18337e46418e48c1290
  • erase. MD5 Sum: da5c61e1edc0f18337e46418e48c1290

What does this mean? You should use at least 2 hashing algorithms (RIPEMD-160, Tiger, WHIRLPOOL, SHA-256, SHA-512), as the chances of finding the same collisions in more than 1 hashing algorithm are practically 0.

Reavealing passwords fields (asterisk *** ) stored in your Web Browser - Opera, Firefox, IE, whatever

As shown on RaimondCC's blog, revealing the password fields in a webpage is as easy as pasting a bit of JavaScript in the Web Brower (Firefo, Opera, IExplore, whatever supports JavaScript) address bar. Note to self: never let your Internet Browser (or any other application for that matter) remember your passwords, you're better off with Gator :-). This basically means people can recover any stored password with ease .

javascript:(function(){var s,F,j,f,i; s = ""; F = document.forms; for(j=0; j < F.length; ++j) { f = F[j]; for (i=0; i < f.length; ++i) { if (f[i].type.toLowerCase() == "password") s += f[i].value + "\n"; } } if (s) alert("Passwords found:\n\n" + s); else alert("No passwords found.");})();

Blue Pill - Malware Virtualization

Blue Pill is a prototype malware that uses the virtualization capabilities of AMD processors (AMD-V extensions, previously know as Pacifica) to inject a rootkit in a running Vista operating system to create a lite hypervisor that takes complete control of the underlying operating system.

According to Joanna Rutkowska, a stealth malware researcher at Singapore-based IT security firm COSEINC, the author, by using Pacifica, Blue Pill would be able to trap a running instance of the operating system into a virtual machine, and would then act as a hypervisor, with complete control of the computer. Joanna Rutkowska claims that, since any detection program could be fooled by the hypervisor, such a system would be "100% undetectable". While this statement was proven false, it's still a fun toy to play with, especially since the source code is available.

How to Charge an iPod using electrolytes and an onion

You can charge your iPod from an onion and some sugar/salt/water combination (or Gatorade / Powerade which are then stored within the cells of an onion.

sudo dd if=~/loveletter of=/dev/rwd0c

xkcd ftw!



In love with a BOFH :-).