I love the plugin he uses:
"From there, there's a cord that connects the streaming box to a VCR. I have cut that wire in half and frayed out that wire. Then, while the footage plays, I manipulate the frayed wire to interrupt the signal between the footage and the recording."
The SF Weekly Best of SF poll
is up -- go vote for us, ok?
Relevant categories include: Best Dance Party, Best Live Theatre (Point Break Live or Mortified), Best Live Music Venue, Best Late Nite Bite and Best Pizza.
Also, hey, why aren't you following us on Instagram yet? I told you about it yesterday and we still have a tiny number of followers. Get on that. @dnalounge, @dnapizza and @codeword_sf.
still doesn't have enough customers, because we have almost no events. Hooray. We've been working more on trying to get on the "corporate party" circuit, courting the kind of people who organize after-parties and whatnot for Moscone conventions, but it's slow going, and that is not our area of expertise.
So, you know... if your company is looking for a space to rent, or if you think you can throw a dance party that will get a hundred people, do let us know.
I understand that the cool kids have been abandoning Twitter for Instagram, so I finally extended our pseudopodia in that direction. If you are of that persuasion, you can follow us on Instagram at dnalounge, dnapizza and codeword_sf.
Some recent photos:
Turbo Drive: Dance With The Dead
Anti-Flag + Leftover Crack
Dear Lazyweb: What are reasonable reverse engineering tools for web sites?
It seems like every few months I find myself cracking the login and upload or download process on some site -- sorry, some "web application". Invariably they either don't provide an API, or their API is wholely inadequate. The "new web" doesn't want you to script it, because that might prevent them from forcing lock-in on you. They all want to be titans of the industry like Compuserve or AOL, apparently not having heard about this little thing called "The Internet" that got really popular for a minute back in the 90s.
So to do the things I want to do, I often have to crack their undocumented protocols and halfassed security measures. I don't enjoy it, but for my sanity and out of self defense, I do it a lot. "Nation Suddenly Realizes This Just Going To Be A Thing That Happens From Now On".
The kind of discoveries I end up needing to make usually look like:
- Their OAuth "application" API is inadequate and intentionally crippled, so let's go straight for the web login page and get a session cookie.
- Oh look, here's the magic URL you are squirting JSON data down.
- Oh, but the arguments to that URL are signed.
- Oh, here's the signing key you embedded in the code but tried to hide.
- (And you're sniffing user agents. Aw, that's cute.)
I don't have proper tools to easily do the sorts of things I need to do to solve these problems. I mean, I manage, obviously, but it sucks. Here are the kind of questions I find myself asking that are harder to answer than they should be:
- This form's "Submit" button isn't actually a form element, and the source doesn't have an onclick handler on it. Something somewhere else has installed a handler ...somewhere... so that when I click it, a JS function runs and a URL gets loaded. What function? What URL?
- Clicking this thing reads and writes a bunch of data to random URLs via XMLHttpRequest, then does a redirect. What URLs did it load and what did it send and recieve? Sometimes I can answer this question using the Resources or Timeline panel in Safari's inspector, but as far as I can tell, the intermediate data vanishes from the timeline as soon as the top-level URL changes, or the DOM gets zeroed out, or something. I don't know. I just know that I can't see a record of URLs being loaded that I know were loaded. Mozilla and Firebug don't seem to be any better than Safari in this respect. "Oh, the document is gone, you must not care about it any more."
I could use mitmproxy and Wireshark for some of this, but that's a huge pain in the ass, and more heavy-handed that I usually need. Also Wireshark is awful (it always leaves me thinking "How was this supposed to be any better than tcpdump?") It makes much more sense to intercept this stuff inside the browser. All the information is in there since it's the thing initiating contact with the server.
Previously, previously, previously, previously, previously, previously, previously.
"I stayed in a hotel with Android lightswitches and it was just as bad as you'd imagine"
The hotel I'm staying at has decided that light switches are unfashionable and replaced them with a series of Android tablets. One was embedded in the wall, but the two next to the bed had convenient looking ethernet cables plugged into the wall. So. [...]
And then I noticed something. My room number is 714. The IP address I was communicating with was 172.16.207.14. They wouldn't, would they?
I mean yes obviously they would.
It's not as bad as it could be - the only traffic I could see was from the 207 subnet, so it seems like there's a separate segment per floor. But I could query other rooms on my floor to figure out whether the lights were on or not, which strongly implies that I could control them as well. [...] Hotels are happily deploying systems with no meaningful security, and the outcome of sending a constant stream of "Set room lights to full" and "Open curtain" commands at 3AM seems fairly predictable.
Previously, previously, previously, previously, previously.
The KLF's album The White Room
came out 25 years ago this week, and it is fucking awful. Really, it's just a deplorable house/disco mess and I hate every track.
The KLF themselves, however, are absolute geniuses and I truly admire their commitment. First they published a book in 1988, The Manual (How to Have a Number One the Easy Way):
WE GUARANTEE THAT WE WILL REFUND THE COMPLETE PRICE OF THIS MANUAL IF YOU ARE UNABLE TO ACHIEVE A NUMBER ONE SINGLE IN THE OFFICIAL (GALLUP) U.K. CHARTS WITHIN THREE MONTHS OF THE PURCHASE OF THIS MANUAL AND ON CONDITION THAT YOU HAVE FULFILLED OUR INSTRUCTIONS TO THE LETTER. TO RECEIVE THIS GUARANTEE PLEASE WRITE TO KLF PUBLICATIONS, BOX 283, HP21 7HG, U.K. WITH YOUR NAME, ADDRESS AND A PHOTOCOPY OF YOUR PURCHASE RECEIPT AND AN S.A.E. YOU WlLL RECEIVE YOUR GUARANTEE WITHIN 28 DAYS. [...]
Firstly, you must be skint and on the dole. Anybody with a proper job or tied up with full time education will not have the time to devote to see it through. Also, being on the dole gives you a clearer perspective on how much of society is run. If you are already a musician stop playing your instrument. Even better, sell the junk. It will become clearer later on but just take our word for it for the time being. Sitting around tinkering with the Portastudio or musical gear (either ancient or modern) just complicates and distracts you from the main objective. Even worse than being a musician is being a musician in a band. Real bands never get to Number One -- unless they are puppets.
It's really pretty amazing. But then they followed their own instructions, and got a number one single later that year. And then they did it again in 1990. And all of this was wrapped up inside a whole lot of Robert Anton Wilson Illuminatus mythological nonsense.
(If you're like me, you might assume that the unrelenting awfulness of their music was, in fact, part of the joke.)
Then they retired in 1992 with a wonderful table-flip mic-drop:
The KLF and crust punk group Extreme Noise Terror performed a live version of "3 a.m. Eternal" at the BRIT Awards, the British Phonographic Industry's annual awards show; a "violently antagonistic performance" in front of "a stunned music-business audience". Drummond and Cauty had planned to throw buckets of sheep's blood over the audience, but were prevented from doing so due to opposition from BBC lawyers and "hardcore vegans" Extreme Noise Terror. The performance was instead garnished by a limping, kilted, cigar-chomping Drummond firing blanks from an automatic weapon over the heads of the crowd. As the band left the stage, The KLF's promoter and narrator Scott Piering announced over the PA system that "The KLF have now left the music business". Later in the evening the band dumped a dead sheep with the message "I died for you -- bon appetit" tied around its waist at the entrance to one of the post-ceremony parties.
Reactions were mixed.
And then in 1994 they withdrew the remaining £1M they had in the bank, and they set it on fire:
"If we had gone and spent the money on Rolls Royces and swimming pools, I don't think people would be upset. It's because we burnt it. [...] Seeing as you're talking about the charity angle: our burning that money doesn't mean there's any less loaves of bread in the world. Any less apples. Any less anything. The only thing there's less of, is a pile of paper."
"But there could have been a little more. More bread, more apples."
"No. We didn't burn any loaves of bread. We didn't burn any apples. Those loaves of bread still exist. There's nothing less in the world."
People rarely commit like these fellows did. Slow clap.
It crossed my mind that the Mozilla billboard on the side of my building might be someone's idea of a joke -- but that would presume that anyone still working for Mozilla remembers who I am, which seems unlikely.
But you'll note that they didn't bother to tear down that billboard before pouring concrete right up to the property line, so perhaps when these condos are demolished decades from now to make way for some new construction the sign will be re-exposed and make someone go, "What the hell is that supposed to mean?"