Carlos Fenollosa — Blog

Thoughts on science and tips for researchers who use computers

Links for 2019-12-01

December 01, 2019 — Carlos Fenollosa

Ocarina of Time glitches and code execution

Arbitrary Code Execution in Ocarina of Time (30 min, video via)

I find these kinds of glitches fascinating. See for yourself!

Online tools for pet projects

Software Tools for Hobby-Scale Projects (RH, via)

Below is a list of useful tools I’ve come in contact with over the years.

  • They cost less than a coffee or are free.
  • They can be learned quickly.
  • They allow you to accomplish a single task in a short timeframe (such as a Sunday afternoon)
  • They are less focused on the needs of long term projects (scalability, speed, etc.) and more focused on ease of use and prototyping speed.

Rick Carlino has compiled a very nice list of online tools, such as mobile push notifications, VPS and DB hosting.

I have to admit that many of these were new for me, so it's definitely not a rehash of the usual links. Great list!

BBS: The documentary

BBS The Documentary (5 hours split in 8 videos)

In the Summer of 2001, Jason Scott, a computer historian (and proprietor of the textfiles.com history site) wondered if anyone had made a film about these BBSes. They hadn't, so he decided he would.

Fascinating. I've just put the videos in my watch queue.

Trying out NomadBSD

NomadBSD | Installation & First Impressions (20 min, video via)

For some reason, this is the first time I've heard about NomadBSD. It's a "portable" version of FreeBSD, to be run from a USB drive.

Anybody remember Knoppix? The first popular Linux distro that could be run from a CD. It contributed to hardware discovery on boot, and thanks in part to their efforts, Linux hardware setup did a huge leap forward.

Hope that NomadBSD can do that for FreeBSD, which already has reat hardware support, albeit limited, but its defaults are not so great.

Darwin OS

A Look at PureDarwin - an OS based on the open source core of macOS (5 min, via) provides some background, history and status of the PureDarwin project, a 100% free software OS built on top of the Darwin (macOS) kernel

PureDarwin Xmas, showing the applications xcalc, xclock, xterm and xfontsel running in the Window Maker desktop window manager

Metadata leak with SSH keys

Public SSH keys can leak your private infrastructure (5 min, via)

You don't need a private key to validate if a server allows access from a particular public/private key combination. That is, by having access to a public key, you can check if a server allows access for the specified public key and a username pair

This is a known issue. Filippo Valsorda posted a related proof of concept in 2015.

My SSH server knows who you are (5 min, 2015, via)

Did you know that ssh sends all your public keys to any server it tries to authenticate to?

If this metadata disclosure is a problem for you, the solution is very simple.

  • Configure your ssh to NOT send any pubkey to unknown hosts
  • Create a new ssh keypair for every new host you want to connect to (see link above)

Instructions here, courtesy of HN user chrisfosterelli.

Advent of Code 2019

Advent of Code 2019 (RH, via)

Advent of Code is a code advent calendar. Each day unlocks a new programming challenge. You score points by completing the challenges quickly

A few years ago I solved some of their challenges and they're really fun.

Be careful! As lobste.rs user narimiran says:

Don't be fooled: You will not just solve tasks and be over with it. There will be tasks that you'll think about all day and you won't be able to think about anything else. And you'll love it :)

Yup. The RH tag is warranted here.

Writing a simple window manager

Challenge: Write a bouncy window manager (RH, via)

Julia Evans plays with tinywm and her enthusiasm is contagious.

Though I use the admittedly weird dwm as my WM, and I've hacked some of its code, I've never considered to write my own WM, or even realized how easy it is.

Give it a try: tinywm is just 50 lines of very readable C.

a terminal window bouncing around the screen

On messaging services

Choosing the Right Messenger (10 min, via) is not a list of messenger services, but rather a thoughtful discussion on privacy tradeoffs: encryption, metadata, sign up process, source code availability, etc.

I highly recommend that you read the article if you're interested in learning more context on why some messengers are more secure/private than others.

The end of IPv4

The RIPE NCC has run out of IPv4 Addresses (1 min)

Our announcement will not come as a surprise for network operators - IPv4 run-out has long been anticipated and planned for by the RIPE community.

Let's see if we can quickly move to an ipv6 world -- my mail server will surely benefit from an untainted ip.

The Twitter Purge

Twitter prepares for huge cull of inactive users (1 min) and Twitter account deletions on 'pause' after outcry (1 min)

Twitter is (was) planning to remove inactive accounts. Even though it would free their handles for new users, apparently the main reason is that those users didn't accept the new terms of service.

There are many interesting angles, but for once, I have to stay on Twitter's side.

However, they should have provided an option to archive these old accounts; after all, users accepted that their content was to be owned and distributed by Twitter. Even if they can't log in, or their account is deleted, Twitter could have stored the content somewhere visible.

Tags: roundup

Comments? Tweet