Max has produced a list of “naughty strings”: things you might try injecting into your systems along with any fuzz testing you’re doing to check for common errors in escaping,
processing, casting, interpreting, parsing, etc. The copy above is heavily truncated: the list is long!
It’s got a lot of the things in it that you’d expect to find: reserved keywords and filenames, unusual or invalid unicode codepoints, tests for the Scunthorpe Problem, and so on. But perhaps my favourite entry is this one, a test for “human injection”:
# Human injection
#
# Strings which may cause human to reinterpret worldview
If you're reading this, you've been in a coma for almost 20 years now. We're trying a new technique. We don't know where this message will end up in your dream, but we hope it works.
Please wake up, we miss you.
This is a basic Python shell (really, it’s a fancy wrapper over the system shell) that takes a task and asks OpenAI for what Linux bash command to run based on your description. For
safety reasons, you can look at the command and cancel before actually running it.
…
Of all the stupid uses of OpenAI’s GPT-3, this might be the most-amusing. It’s really interesting to see how close – sometimes spot-on – the algorithm comes to writing the right command
when you “say what you mean”. Also, how terribly, terribly ill-advised it would be to actually use this for real.
Plus many, many things that were new to me and that I’ve loved learning about these last few days.
It’s definitely not a competition; it’s a learning opportunity wrapped up in the weirdest bits of the field. Have an explore and feed your inner computer science geek.
Wix, the website builder company you may remember from stealing WordPress code and lying about it, has now decided the best way
to gain relevance is attacking the open source WordPress community in a bizarre
set of ads. They can’t even come up with original concepts for attack ads, and have tried to rip-off of Apple’s Mac vs PC ads, but tastelessly personify the WordPress community
as an absent, drunken father in a therapy session.
I have a lot of empathy for whoever was forced to work on these ads, including the actors, it must have felt bad working on something that’s like Encyclopedia Britannica
attacking Wikipedia. WordPress is a global movement of hundreds of thousands of volunteers and community members, coming together to make the web a better place. The code,
and everything you put into it, belongs to you, and its open source license ensures that you’re in complete control, now and forever. WordPress is free, and also gives you freedom.
…
For those that haven’t been following the relevant bits of tech social media this last week, here’s the insanity you’ve missed:
Wix’s Twitter and YouTube responses suddenly swing from their usual “why is your customer service so slow to respond to me?” level of negative to outright hostile. LOL.
Sure, I’m not the target audience. I’ve been a WordPress user for 15 years, and every time I visit a Wix site it annoys me when I have to permit a stack of third-party JavaScript just
to load images like they’ve never heard of the <img>tag or something. Hell, I like WordPress enough that I used it as a
vehicle to get a job with Automattic, a company most-famous for its WordPress hosting provision. But even putting all of that aside: this
advertising campaign stinks.
I don’t normally watch videos of other people playing video games. I’m even less inclined to watch “walkthroughs”.
This, though, isn’t a walkthrough. It’s basically the opposite of a walkthrough: this is somebody (slowly, painstakingly) playing through Skyrim: Special Edition
without using any of the movement controls (WASD/left stick) whatsoever. Wait, what? How is such a thing possible?
That’s what makes the video so compelling. The creator used so many bizarre quirks and exploits to even make this crazy stupid idea work at all. Like (among many, many more):
Dragging a bucket towards yourself to “push” yourself backwards (although not upstairs unless you do some very careful pushing “under” your feet).
Doing an unarmed heavy attack to “stumble” forward a little at a time, avoiding the stamina loss by eating vegetable soup or by cancelling the attack (e.g. by switching
quickselected arrows), which apparently works better if you’re overencumbered.
Mid-stumble, consuming a reagent that paralyses yourself to glitch through thin doors. Exploit a bug in dropping gear for your companion near an area-change doorway to get all of
the reagent you’ll ever need.
Rush-grinding your way to the Whirlwind Sprint shout and Vampire Lord “Bats” ability so you’ve got a way to move forward quickly, then pairing them with paralysis to catapult
yourself across the map.
When things get desperate, exploiting the fact that you can glitch-teleport yourself places by commanding your companion to go somewhere, quicksaving before they get there, then
quickloading to appear there yourself.
This video’s just beautiful: the cumulation of what must be hundreds or thousands of person-hours of probing the “edges” of Skyrim‘s engine to discover all of the potentially
exploitable bugs that make it possible.
Dr. Doe’s latest Sexplanations vlog is on polyamorous language, and despite being – or, perhaps, because I’m – a bit of a long-toothed polyamorist these days, fully a quarter
or more of the terms she introduced were new to me! Fascinating!
While I was traipsing off around the countryside to commemorate the anniversary of the death of my dad, one of his
former colleagues uploaded to YouTube a video that he originally produced for the UK Bus Awards Presentation Ceremony 2012.
As his son, it felt a little weird for me to be marking the occasion on what: the ninth anniversary of his death? It’s not even a nice round number. But clearly I’m not the
only one whose mind drifted to my father on 19 February.
Fun fact: this photo – extracted from the video – was originally taken by me:
My dad’s crouching to make sure he’s in the frame, because I was less than half his height at this point. The horizon is wonky because I’m crouching too, in order to imitate him, and
I’ve lost my balance. Altogether, I rate this piece of photographic art… umm: not bad for a preschooler?
Maybe I should be asking for royalties! Or at least, using the video as an excuse to springboard my career as a professional photographer.
A slightly tongue-in-cheek (see the “serial monogamy” chain and some of the subtitles!) but moderately-complete diagram of popular varieties of relationship structure. Obviously there’s
gaps – relationships are as diverse as their participants – and lots of room for refinement, but the joy of an infographic is making visible the breadth of a field, not in providing
encyclopaedic comprehension of that field. I especially like the attention to detail in “connecting” often-related concepts.
The basilisk collection (also known as the basilisk file or basilisk.txt) is a collection of over 125 million partial hash inversions of the SHA-256cryptographic hash
function. Assuming state-of-the art methods were used to compute the inversions, the entries in the collection collectively represent a proof-of-work far exceeding the computational capacity of the human race.[1][2] The collection was released in parts through BitTorrent beginning in June 2018, although it was not widely reported or discussed until early 2019.[3] On August 4th, 2019 the complete collection of 125,552,089 known hash
inversions was compiled and published by CryTor, the cybersecurity lab of the
University of Toronto.[4]
The existence of the basilisk collection has had wide reaching consequences in the field of cryptography, and has been blamed for catalyzing the January 2019 Bitcoin crash.[2][5][6]
…
Electronic Frontier Foundation cryptographer Brian Landlaw has said that “whoever made the basilisk is 30 years ahead of the NSA, and the NSA are 30 years
ahead of us, so who is there left to trust?”[35]
Presented in the style of an alternate-reality Wikipedia article, this piece of what the author calls “unfiction” describes the
narratively believable-but-spooky (if theoretically unlikely from a technical standpoint) 2018 disclosure of evidence for a new presumed mathematical weakness in the SHA-2 hash function set. (And if that doesn’t sound like a good premise for a story
to you, I don’t know what’s wrong with you! 😂)
Cryptographic weaknesses that make feasible attacks on hashing algorithms are a demonstrably real thing. But even with
the benefit of the known vulnerabilities in SHA-2 (meet-in-the-middle attacks that involve up-to-halving the search space by
solving from “both ends”, plus deterministic weaknesses that make it easier to find two inputs that produce the same hash so long as you choose the inputs carefully) the “article”
correctly states that to produce a long list of hash inversions of the kinds described, that follow a predictable sequence, might be expected to require more computer
processing power than humans have ever applied to any problem, ever.
As a piece of alternate history science fiction, this piece not only provides a technically-accurate explanation of its premises… it also does a good job of speculating what the impact
on the world would have been of such an event. But my single favourite part of the piece is that it includes what superficially look like genuine examples of what a hypothetical
basilisk.txt would contain. To do this, the author wrote a brute force hash finder and ran it for over a year. That’s some serious dedication. For those that were fooled by this seemingly-convincing evidence
of the realism of the piece, here’s the actual results of the hash alongside the claimed ones (let this be a reminder to you that it’s not sufficient to skim-read your hash comparisons,
people!):
Coca-Cola is to test a paper bottle as part of a longer-term bid to eliminate plastic from its packaging entirely.
The prototype is made by a Danish company from an extra-strong paper shell that still contains a thin plastic liner.
But the goal is to create a 100% recyclable, plastic-free bottle capable of preventing gas escaping from carbonated drinks.
The barrier must also ensure no fibres flake off into the liquid.
…
If only somebody could invent a bottle suitable for containing Coca-Cola but 100% recyclable, plastic-free, and food safe.
Oh wait… for the vast majority of its history, all Coca-Cola bottles have met this description!The original Coke
bottles, back in 1899, were made of glass with a metal top. Glass is infinitely-recyclable (it’s also suitable for
pressure-washing and reusing, saving even more energy, as those who receive doorstep milk deliveries already know) and we already have a recycling infrastructure for it in place. Even
where new glass needs to be made from scratch, its raw ingredient is silica, one of the most abundant natural resources on the planet!
Bottle caps can be made of steel or aluminium and can be made in screw-off varieties in case you don’t have a bottle opener handy. Both steel and aluminium are highly-recyclable, and
again with infrastructure already widespread. Many modern “metal” caps contain a plastic liner to ensure a good airtight fit (especially if it’s a screw cap, which are otherwise
less-tight), but there are environmentally-friendly alternatives: bioplastics or cork, for example.
The worst things about glass are its fragility – which is a small price to pay – and its weight (making distribution more expensive and potentially more-polluting). But that latter can
easily be overcome by distributing bottling: a network of bottling plants around the country (each bottling a variety of products, and probably locally-connected to reclamation and
recycling schemes) would allow fluids to be transported in bulk – potentially even in concentrate form, further improving transport efficiency… and that’s if it isn’t just more
ecologically-sound to produce Coke more-locally rather than transporting it over vast distances: it’s not like the recipe is particularly complicated.
In short: this is the stupidest environmental initiative I’ve seen yet this year.
This is cool. Twist the outside dial to transpose the tonal centre of your key. Twist the inner dial to shift the mode of the scale. Turn on- or off- individual tones to shift into
more-exotic modes. Use triangles to illustrate the triads of your major, minor, and sustained chords, or add the sixth or seventh with the help of a trapezoid.
The amateur music theorist in me continually struggles to visualise what and why a key is what it is. This kind of thing helps. Plus, what a cool software toy!
This folktale comes from The Big Book of Myths of Shropshire by Sir Colin Ogden. In 1701, a big cat died of “collick”, contracted from a dead fish.
…
This folktale is spoken of in North Yorkshire. In 1520, a witch named Nana Clayton received a bejewelled stool, said to have the power to see right from wrong, from a virgin in the
inn, The Five Horses.
…
I might start using this widget to generate random background detail for fantasy roleplaying games.
I’ve been changing my relationship to being online.
Some of it is keeping in touch with friends who are fascinated by the same sorts of hybrid creations I am. Friends who build things. Friends in different professional communities.
Paying attention when they mention some new discovery or avenue of interest.
Some of it is using an RSS reader to change the cadence and depth of my consumption—pulling away from the quick-hit likes of social media in favor of a space where I can run my
thoughts to their logical conclusion (and then sit on them long enough to consider whether or not they’re true).
…
I wish I could get more people to see the value in the “slow Web”. The participatory Web. The creative Web. The personalised Web.
When you use an app to browse a “stream” in most social media, you’re seeing a list of posts curated to keep you watching, keep you seeing adverts, keep you on the app so that as much
personal data as possible can be leeched from your behaviour. If it feels satisfying and especially if it feels addictive, the social network has done its job, but don’t be fooled: its
job is not to improve social connections – it’s job is to keep you from doing anything else.
You don’t have to use the Web this way. You can subscribe to the content creators and topics that actually interest you. You can get that content on basically any device or medium you
like, or across a mixture: want notifications by email? Slack? IRC? Discord? In a browser? In an app? As-it-happens or digests? You
can filter for what interests you most at any given moment, save content for later, and resharing is supported thanks to an old-school invention called a “URL“. And you’ll see fewer ads and experience less misuse of your behavioural data.
Sure, there’s a learning curve. But it’s worth it. I wish I could get more people to see that.
When this comic (go read the full thing) came out at the tail end of last year, I thought to myself: yeah, that’s about right.
I’m resharing that on my birthday in a week or so.
‘Cos I’m forty today, and I sort of had a half-baked dream that I’d throw some kind of big party and get people together. My surprise party for my
thirtieth birthday party was an excellent (and much-needed) bash, and I guess I’d thought I’d try to replicate the feel of that, but a decade on (and
not a surprise party… although in the end the last one wasn’t either).
But 2020’s the year that keeps on giving, so I’m postponing my party plans to… “some other time”. And so this comic really spoke to me.
