category: hacking

Golf GTI Scale-Electric Flash Game

By way of promoting the new Golf GTI, Volkswagen have produced a flash game at the GTI Project website - racing a miniature red Golf around a scale-elecric track. It's actually quite good - it uses live action video for the track and cut-scenes, is well produced and fun to play. Morish, even. It was novel to play a driving game with only one dimension of control.



You can play for time or join/start a group to play competitively. The premise of the rankings is that you can win a Golf GTI to drive for three months. Consecutively, one would guess.



For pure geekery I'd be interested in studying the game's physics model. I tend to wipe out quite a bit, if one were to disassemble the game it should be possible to work out the maximum speed at every point on the track and then using the game's values for acceleration and drag find the fastest possible time. It's probably different for each lap (you don't start from 0 except on the first lap, which will change the optimal pattern of acceleration for the next lap, which will feed forward into the next and so on). I'd like to know the fastest lap time possible in this game universe, I'm certainly not achieving it.



Link: Play Here. Have Fun.

[read on...]

Pictures from the Moscow Gas Pipeline Fire

Wow, just wow. [link]


from Quattro's LiveJournal

[read on...]

The Hotlink Lottery

Great power stems from being in the path of information. I was reminded of that this weekend while watching (across the Limpopo) the media blockade surrounding the recent Zimbabwean election. With this lesson in mind I got to thinking about all the image hotlinking strix.org.uk carries. It's a lot, more than half of my bandwidth, and it costs money.

For the non-technical, hotlinking (or inline linking) is the practice of using files hosted on someone else's server in the HTML of web pages coming from your own server. It seems a perfect externality, shifting hosting costs from one site directly onto another. Site owners - jealous of their content and sensitive to the bottom line - can get very worked up about it. When being derogatory, the practice is referred to as 'leeching', 'bandwidth theft' or 'theft of service'.

I'm not as eager to assume it's a bad thing. If someone likes something on strix.org.uk enough to want to share it with their readers, that's pretty cool. One depressing evening in 2006 I drew a picture and posted it to the blog, a hotlink turned up with it in a greek blog post. What could be a better compliment for someone learning to draw? Sure, it'd be better if the blogger had copied it to their own server and provided an attribution link, but color me pleased. I'm happy for my stuff to get more exposure, hence the copyleft (cc) license.

In the more contemporary Web 2.0 view, hotlinking isn't a big deal. The nature of syndication and data mashing usually requires sources of information that are separate from the applications people use to combine and filter it. Most of the web applications I write hotlink images from other sites, sanctioned by the likes of flickr and youtube, and any number of services - from Google Reader to Babelfish - hotlink strix.org.uk. It's a good thing.

But.. there are some circumstances where the benefits are not as obvious. Those circumstances look like this:



Behold! a LolDuck. I've no idea where it came from, it was found on a forum and to the forums it returned. Such is the way of the LolDuck. The hotlink was copied from post to post and site to site, reproducing virally and exponentially. This site serves one every few seconds, and it's a lot of bandwidth to bear for nothing in return. The benefit? I am now in the path of information.

Since the image comes from strix.org.uk the file referenced by the link can be changed at this end. Thanks to the magic 'Referrer' field it can be done with some discretion, serving any image at all on any site with the hotlink. The LolDuck may not provide a direct benefit but it has created a microphone, an organic, unintentional broadcast system to say anything at all to surfers on hundreds of other sites.

The only question now is... what to say. One can tell where individual people are on the net (Referrer), where they are in the real world (IP address), that they're bored enough to be surfing Lol and can put an image on their monitors. Advertisers would love to be in this position. Most webmasters at this point do something distinctly uncreative; they replace the image with a tiny 'No Hotlinking' graphic and dismiss the opportunity.

Not I, but what to say? 'Vote Obama!', 'Womens Rights Are Human Rights', 'Help A Nun Kick The Habit'. Maybe. PSAs are Plan B. Best idea so far is to interact, to play a game with web surfers and engage them. An image lottery. I gathered together some random funny pictures, some disgusting shock pics, and some hentai (brown paper packages tied up with string, these are a few of my favorite things). The concept is a drinking game to be played with friends, every time the hotlink is loaded an image is chosen at random, if it's hentai, drink! If not, everyone can still laugh and groan at the funny/gross images. Though it needs some refining, the hotlink now looks something like this on forums/myspace:



And like this as a youtube background:



The hotlink directs people back here to play an expanded version of the game, an AdSense banner kicks a few cents toward the hosting costs, and someone gets drunk and giggles at Japanese sex comics. Everybody wins. So, if you came here wondering why there's strange and random crap appearing on your website, now you know. Feel free to copy stuff from strix.org.uk if you'd like to use it. Please link back :-) Thanks.

If anyone has an idea for a better use of this ability (other than Goatse on MySpace), I'd love to hear about it in the comments. Over the course of a day your idea could be broadcast to tens of thousands of people all over the web.

[read on...]

The BBC iPlayer

I'm very interested in the ongoing saga of the iPlayer, the BBC's content-on-demand service. Online rental and VOD services have been available for some time now, alongside streaming media, podcasting, iTunes and the usual slew of pirate systems, but the iPlayer is a very special case. The difference is that while other content distribution services are run as for-profit ventures whose general aim is to sell eyeballs to advertisers, the BBC is a taxpayer funded public service whose charter requires it to operate in the public interest with the stated purposes of "sustaining citizenship and civil society; promoting education and learning" [link to charter].

In the commercial model programming is used to divide the public into demographic groups of supposed gormless consumers, people with no rights whose only purpose is to be titillated and frightened into buying stupid crap they don't need. To help prevent them changing channel they're yanked around by their emotions with sensationalized 'news' coverage, fired up with sex and violence and held with dramatic cliffhangers over ad segments. This model is thus most successful when it has the greatest control over the attention of its viewers, it seeks to disempower people, lest they exercise their freedom to flip over to the competition or turn off the TV and read a book.

"Sony Connect (for itself and for its content providers) reserves the right to enforce any usage rules with or without notice to you ... your rights to access, download and use the Content are subject to immediate termination, without notice ... AND [you] HEREBY WAIVE, TRIAL BY JURY AND/OR ANY DEFENSES ..." - Sony Connect EULA

In the socalised model, by contrast, broadcasters are most successful when they best serve the interests of the public. Sure, there'll be some bickering about what those best interests are, but it still means that news can strive for objectivity, rather than ratings and that those making content can focus on what they're doing without having to be attractive to advertisers. This model serves citizens, people whose rights and self-determination are respected, it seeks to empower people. I think it's an excellent model and would love to see the BBC carry this MO into new services as new forms of media and content distribution emerge.

Because these purposes are so different, I'd expect there would be different design goals in setting up an online on-demand service for a public broadcaster than for a private one. What would such a service look like, how would it be functionally and technically different to an ad or subscription based service? I really wanted to know. So I joined the iPlayer Beta. (continues after the jump...)

[read on...]

Westboro Baptist Voltron

Google Video has a an excellent five part BBC Documentary about the Wrestboro Baptist Church, that nutty crowd of theists who picket the funerals of US soldiers killed in Iraq, among other tasteful occupations (their website is godhatesfags.com), and it's car-crash fascinating to see their point of view. If you don't feel like watching all that, I've made a one minute abridged version which more or less covers everything, enjoy!


[download this video] [view large]

[read on...]

Sexy Golden Livestock

"Enough of your words. Take your people, your cattle, your God, and your pestilence. Take what spoils from Egypt you will, but go!" - Pharaoh Rameses

..and that's what I'm going to tell the next door-to-door theist I encounter. Who remebers the 1956 biblical epic 10 Commandments [IMDB]? The one with Charlton Heston parting the red sea:


...when the Lord commanded a fish to swallow Jonah, and it was *THIS BIG*

Anyhoo, a couple months ago a prop from the movie came up for sale on eBay, and it is *beautiful*. I can't afford a 30k golden meat-animal, nor do I have a use for one, but if I ever get into Second Life, I'm sculpting me one of these:


Lets all worship Ba'al! (image used without permission)

Link: Script of 10 Commandments Movie (1956)

[read on...]

Installing Ubuntu

I'm finally making the switch from The Goodtimes Virus Windows XP to Ubuntu on my desktop (I use Debian for my laptop and server boxen) Installation is effortless and straighforward, even with my quirky ancient hardware. With XP I'd be reading those lame blue screens right now. The ones about how Windows XX is the Best Windows Yet! With extended support for sound and games, and will make your life easier for work and play, and will enable the business models of spyware like never before, and will store roadkill in your freezer. With Ubuntu I'm reading BoingBoing instead, even as the OS installs :-) *Sweet*


[read on...]

Hacking iFriends

A couple years ago I wrote a Greasemonkey script to patch up the display of iFriends SuperSearch and fanclub pages. I'd been ripped off by this outfit and was briefly motivated by pique, pettiness, vengeance and a love of boobies. And then, a short while later, I got over it and stopped caring. And mostly the world didn't care either. I posted the script on my blog, nothing happened. Then a few people downloaded it, then a whole bunch more nothing. Then, all of a sudden, some chathosts got pissed at me, and then calmed right down again. And then one day I was the third result on Google for the term 'iFriends'. Holy crap! Wasn't that an exciting story? Here's the graphic novel:



Anyhoo, it turns out that iFriends system architecture is an incredibly poor, ill thought out, unmaintaintined, insecure, outdated, inconsistent, unergonomic, low resolution, unattractive, tag-heavy, popup-spewing, privacy-destroying, 2001-looking heap. But it has a large, varied stable of chathosts and an archive of their shows.

It has been known for some time, by many, that due to the complete lack of security on iFriends it is not actually necessary to pay for any resource on the site, which is just as well because of the #2 Google result for q=iFriends. My greasemonkey script exposes some thumbnail and low resolution images, but everything, from recorded peep shows to unpublished material to live video chats are accessable. It's a porn hacker's wet daydream. (continues after the jump)

[read on...]

Revenge of the LolDuck



I have no attribution for this, found over at LolCats Generator. Asking yourself WTF? Wikipedia Explains Kittah. And while I'm at it, let's make today a Caturday.

[read on...]

The Strange Case of Dollcam

I likes me some cam hacking; random webcams used for building security or just attached to an unsecured network somewhere. The best ones are often found right out in the open, via a special Google search. I've seen some wonderful stuff over the years - from hundreds of Chinese people ballroom dancing to sunrise over Los Angeles - but few are as cool as the Dollcam. At least, that's my name for it. 85.235.16.148 is the IP address used by a single Axis brand webcam to stream video of a a doll on a turntable. Specifically, a blonde doll in national costume spinning endlessly in front of a picture of mountains. That's it. Some person or persons set up this scene in front of a $200 camera, hooked it up to a Swedish broadband connection and keeps it supplied with electricity. In the weeks I've been watching it the camera has moved once, so its now closer to the doll. There must be a motive, a static IP alone would cost me GBP 20 or so, but I'm absolutely stumped as to what its purpose is. Googling turns up some comment about this cam from last November when (shock!), it apparently stopped spinning.



A fertile imagination could turn a few possibilities, maybe the doll's part of a window display in a travel agency, and it's nobodys job to fix a broken camera mount that should face the other way. Maybe its not a camera at all, it's a web server with a loop of video that's emulating a webcam, but is really a disguised front door to some sort of private service, not for public consumption. Maybe it's a demonstration model, or a honeypot. Security people do that sometimes, they'll set up a system with no apparent purpose to the public in the hope that they'll get hacked or infected with viruses, so that they can catch samples of wild malware for study and learn of new exploits on their firmware. Maybe its an art project, and in some gallery somewhere is a big projected map of the world with little people icons that light up to show the location of humans and robots watching the doll. (continues after the jump)

[read on...]

Factoring Engine Prototype

factorize 100

But it turns out there's a faster way...

... moving along ...

[read on...]

Recipe for a Boggled Mind

Webcomic 013 Primes

Here's a good way to boggle your mind. Think about prime numbers. Just think about them, for like 48 hours. It starts off being very strange and difficult. They're just ordinary numbers, right? Numbers that don't happen to be divisible by other natural numbers, save zero and one. The lone pines that stand at odd intervals after the firs have been toppled and chopped up with division lines. Pillars of obstinance in the mess if fickle, irresolute, factorisable integers.

But they're not random. There's a pattern, a clear and bafflingly complex one. A few hours in, you start to notice small things. Only two primes ever touch, two and three. They like to end in 9. They like to end in 3. If you black out the prime multiples one by one you see how it builds up, and where the next prime will be. I thought it was like a wave at first, because I didn't know any better, with each prime adding new curves to the waveform, new harmonics and a multiplied wavelength.

It's not like that. What it is: a developing pattern of gaps, each hole in the pattern of blacked out numbers is a new prime, which blacks out more of the holes ahead of it, making a bigger but perfectly repeating pattern up the number line. It's like a printing wheel that snowballs bigger and bigger as it rolls away from 0. When you see this, you realize why one is not treated as a prime number, I never understood that until now.

Ancient mathematicians knew this and gave it a name, it's called the Sieve of Eratosthenes. This is the same Eratosthenes fellow who devised the latitude and longitude system we use today to navigate the globe, and invented the orrery [flickr] hundreds of years before the Church declared the world flat.

But back to the primes. Once you've watched the wheel turn a few times in your head - and this takes a loooong time - you see how the primes are thinning out as the wheel gets bigger, more primes add more black so the white gaps become sparser. When real mathematicians talk about this they call it the Prime Number Theorem.

Then you realize that the blacked out bits don't much matter, the numbers they cover up are all discarded so the only information is the length of the black bits, the distance between primes. The wheel now shrinks down from a stripey black and white printing press to a small tight wheel of numbers. And still the pattern builds, but you can see it clearly

and... *BANG!* your brain shorts out. You sit in your chair, completely dazed, unable to think about anything. All the understanding, the beauty and form you saw clearly a moment ago is replaced by static.

Bodily functions resume, you suddenly realize you're hungry, thirsty and need to pee. Hours have passed, wince at the time spent when you remember all that you need to get done.

But it's not entirely wasted. If a computer program can be written to efficiently draw the wheel as it grows, up to a list of gap lengths a few gigabytes long then a list of the first x many primes can be made in short order. I fancy it can be done. Once we have the primes we can maybe make a program to create rough rules that prove a large number is not divisible by that prime, or pattern of primes, allowing the rapid elimination of huge swaths of prime factors by a logical tree. It doesn't have to prove if it is divisible, just cut down most of the numbers we might have to test.

Simple example, say 5. Compare to your number to factorize, does that number end in 5 or 0? no? Then it's not divisible by 5. Or 15, 25, 3214320985, etc. One logical rule that nixes a great many numbers we'd have to consider as factors. Thus the program imputes a decision tree for arriving at a small number of candidate primes, which are easily checked against the number we wish to factorize, and factorize but Foxtrot Oscar quickly. We allow perhaps a terabyte, or as much space as we can get, for this tree, and it can process all numbers below a limit of the largest prime squared, producing either the
factors or quickly telling us if the large number is yet another prime. We're sacrificing computational simplicity in exchange for computation time on a grand scale, and automating that.

Sooo... what? The factoring problem is one of the great, some say intractable, problems of mathematics. Being able to factorize large numbers would be a kind of comp-sci superpower, all manner of hard tasks become trivial. All the locks on public-key encrypted messages would open for you. The SSL on your bank website, the cypher on your cellphone or the new DVDs, a million hidden messages all made transparent. All kinds of people would step up to give you awards (and money, lots of money) in addition to all the prize money waiting for those who decrypt ciphers, such as offered by RSA and the EFF. Well worth thinking about a little, no matter how unlikely you are to crack it.

[read on...]

Hurricane Sergio

sea surface hurricane sergio

Playing with mash-ups of NOAA data :-) Shown here: Hurricane Sergio, sea surface temperature overlay.

As at yesterday: When its minimum central pressure dropped to 965 mbar on November 15, Sergio became the strongest hurricane to form or exist in November in the Eastern or Central North Pacific, surpassing 1991's Hurricane Nora.

Source: 2006 Pacific Hurricane Season

[read on...]

DIY Hardware Botnet

gumstix board

Here's a crafty idea I had for a small, clandestine network of servers. GumStix sells tiny linux computers about the size of a stick of gum. They weigh about a quarter ounce - less than two teaspoons of water - and require very little power to run. They can also be configured to connect to WiFi or ethernet networks and set up like any other linux server, using a few cheap gigs on an SD card. All you need to do is set it up to automatically connect, enable remote access and connect it to a network somewhere. Voila, hidden server not easily traced to you, and because of it's small form factor it's easy to hide.

I came up with a couple ideas for setting up the botnet. We'll want to hide them on a lot of different networks, make sure they're always connected, and always have power. All over the world, ideally, and we don't want to do a lot of sneaking around to install them. Simplest idea I've had so far is to buy a bunch of cheap broadband/Wifi routers and put the gumstix PC inside the case. It has power, it's safe and dry, they're almost always online. Cover up one of the ethernet ports with a piece of PCI slot cover and connect the pins to your little server. Fiddle with the firmware on the router to allow it to invisibly access the net, then sell it on eBay UK.

Most Joe Bob Anybodys aren't going to open up their router to poke around, even if they did one more tiny green board is unlikely to arouse any suspicion, it's not like consumers pour over the circuit diagrams of their stuff. The UK is saturated with cheap broadband right now, so the router's likely to be plugged in to at least four megabits, sixteen if we're lucky (or we make our own luck). If you keep the server's bandwidth use moderate Joe Bob's highly unlikely to notice anything amiss :-)

Admittedly this is a fairly expensive way to go about building a personal botnet, but I it has advantages in terms of building web hosting swarms, and it sidesteps most of the issues you'd have to deal with when setting up a net. Compromised PCs can be turned of, get spyware infections, get replaced more often than routers and are not a good place to hide a bunch of files you're publishing.

Another idea is to do the same thing with a network printer, those big office printers that connect directly to the network rather than through a PC. The drawback to this is that business are more likely to have a clued-up IT department watching (and auditing) network traffic. But... who's going to suspect that the printer is up to no good? Watching. Listening. Projecting cold, critical malice from it's little LCD display, blowing whispered curses out the exhaust fan. Its hatred can be felt, warm to the touch, on every fresh page that slides out of it. No one ever suspects the printer.

But I digress. Newbie admins, take note. Printers are a serious risk to sensitive data and overall security. They know all about your documents before you can even put them in a folder marked Top Secret. It's been done before, during the cold war the CIA had Xerox technicians install a camera in the Russian Embassy's photocopier in Washington. Imagine the implications of a compromised printer in a bank or your small, local stockbroker's. But I'm more concerned with making a distributed hosting setup.

With WiFi in the mix the possibilities multiply. By playing the part of 'repair guy' they could be installed in electric signs, street lights, etc inside a weatherproof case (marked with *dire* warning labels) within range of hotspots. But that seems like more work than just posting them inside of cheap plastic routers.

Then again, I don't actually have use for a botnet, it's fun to work out some options :-)

. . . Image credit cs.gmu.edu, Academic Free Licence

[read on...]

Hacking Dating Websites

An approach to giving yourself unfair advantages.

If you read junky news media you may have the unfortunate impression that to 'hack' computers means to commit crimes on the internet, a digital equivalent of breaking and entering. Hacking is the skillful, creative use, repurposing or modification of systems. I won't answer specific 'How' questions. To teach someone to hack combination locks you might describe to them a common flaw in their design, you wouldn't just give them the series of numbers that opens one particular lock.

Let's start by considering our goal and the realistic problems we must solve to attain it. Me, I'm a little cynical about dating websites: Yahoo Personals, Match.com, the like. When I was 22 I came to the UK with a suitcase, £500 and a relative's phone number. I didn't know anyone, my social life was a blank canvas, a fresh start. It was clear that the first flowers I wished to paint into the relationships landscape would be attractive, interesting, liberal young women. So there's the goal. I placed free profiles on several dating sites. I used the search function to find members in my area and send them what I thought were witty, original emails that showed off what a 'nice guy' I was - chivalrous, romantic, with a good sense of humor. I didn't just send out one email to lots of addresses, I read the profiles, and thought about these girls, and wrote in a way that would speak meaningfully to each of them. Needless to say, I didn't get a single response. Not even a rejection. Silence. I can't remember where half of those profiles are now, but if one of them ever causes a girl to contact me I'll be most surprised. Pick-my-earwax-in-disbelief type surprised.

Doing the same thing over and over again and expecting different results may be a definition of either stupidity or insanity. And that's what I did, and I'll wager that's what some of you have done as well. Because I was naive and under the ridiculous misapprehension that hot girls would be attracted to nice guys and that the 'dating experts' writing articles on MSN about '10 ways to make a winning profile' actually held some magic key to unlocking limitless opportunities with comely nymphs. Way to think inside the box.

But maybe you still dream of writing that winning profile, and getting an email from the one special girl who's read it, who you'll meet and fall in love with and have a happy fulfilling life with forever after. If you actually want to succeed that dream dies now. The odds on dating sites are massively stacked against the average single guy and using them as they are 'supposed' to be used is an exercise in futility and mental masturbation. They are merely systems in the world which may possibly be co-opted into serving a goal that is independent of them, for which they are not designed. They don't exist because some benevolent website owner wants you to get laid. They exist to make money. No one's rooting for you to get laid, not even your own mother. This is something that you must go out into the world alone and get.

Let's consider the life of a very attractive young woman. She has a lot of options, guys hit on her in Real Life all the time, maybe ten different guys a day (conservative estimate), every day, for years. She doesn't need to use the net to find guys, they pick up on her so much it's tiresome as far as she's concerned. It may then seem counterintuitive that she would go online to meet males, she already has her pick of them. She has a following of suitors, and admirers and a bunch of poor devils she's shoved into that dark, cold, horrible place called 'just friends'. If she has a profile online it's not so she can collect more supplicating 'nice guys' who want to buy her food and flowers and drinks until they end up in a pigeonhole in her glass display cabinet marked 'Lovable Losers Im Not Having Sex With'. I know I'm belaboring this point, it's important. That cute 18yo whose profile you're spanking it to is not desperate to hear from you or 99% of males. She's looking for someone who makes her feel a certain way, she doesn't have rational qualifiers that men can understand (rational disqualifiers, yes). The feeling she wants to experience, the reason she put the profile up, is vague and intangible and men will never understand. It's an emotion we don't get, describing it to us would be like trying to describe a beautiful sunset to someone blind from birth; we won't really understand because we won't ever experience it.

But that feeling's not what she's about to get. It's not unusual for a sexy hottie to over 100 responses per day to her profile. Most will be generic emails mass copy/pasted by guys who send out swarms of them every day, the content of which whill be mostly macho swagger - like you might expect from Justin Timberlake - and the occasional photoshopped picture of the sender's penis. This is not actually a bad strategy if you're just looking for sex, because if you send out enough thousands of pictures of your penis you'll eventually hit a game wench who likes macho swagger, and you won't waste a lot of time 'getting to know' a bunch of girls who aren't in it for a shag. This is because the penis shot makes them self select by not responding to you.

But this is a crude path, and while it may eventually get you laid it won't bring you a relationship with an attractive girl who's also interesting, stable, intelligent, creative, healthy and wonderful. Compared to beauty alone, women of quality are very rare (as Mystery points out). Also this is hardly hacking. We don't want to work hard, we want to give ourselves superpowers.

Hopefully now you have an idea what you must do. When an eligible hottie signs up and creates a profile to dating site X your email should be the first one that arrives in her inbox, or at least in the first three. Imagine she gets 100 responses (mostly our Justin Timberlake impersonators) in the first day. She'll probably read the first three. After 50 or so they'll all start to look the same, and she's not even going to bother opening your email if it's number 93, and replying to an existing profile is probably useless. If it's been up there three months at a rate of 100 per day there's 9000 competitors in the inbox. That's a lottery. Which is a pity, because some guy wrote two pages of heartfelt text to this girl and she's never going to read it.

If within ten days of joining the site she goes on a date with someone she met there then maybe one in 10x100=1000 emails to her achieved its purpose. A 99.9% failure rate.

Since the site has a hairy, sweaty horde of married men watching all the time for new profiles being consistently the first to make contact would require inhuman speed and 24/7 attention, so it's not a job for humans. Some sites offer feeds (RSS or otherwise) so use them. If there's not a feed, make one. Automate a search based on your criteria and location and have a script alert you when a new match turns up. For this I would use GreaseMonkey (easy to use, harder for site operators to spot) both to create the feed and send me a rapid breakdown on a cellphone. If you don't know how to make this, learn JavaScript, then get GreaseMonkey installed and read some AJAX docs to learn how you'd bring in a cellphone picture messaging service, or alternate protocol, there's oodles of things cellphones can do nowadays. You might even be able to run your feed on your phone.

Obviously, there's no need to reinvent the wheel, if the dating site you choose has feeds and email alerts, use them. Set your email address on the site as one that forwards to your phone. Only if the site does not have features you can create will you have an advantage over that hairy, sweaty horde I mentioned.

Right, so now you know the instant a girl signs up who's within certain parameters. But there isn't time to type a response. Spend an evening with the wikipedia and come up with some interesting things to say about interests your matches will commonly have. Get these from analysis of existing search results. Now get some chick crack. Chick crack is stuff like palmistry and horoscopes that girls go moggy for when it promises some deep and meaningful explanation of life in a way that relates more to emotional thinking than rational/logical thinking. Then write/find several funny sentences about the human experience that can be used interchangeably. These will be used to convey a measure of confidence so make them as haughty/arrogant as you would ever be in real life.

Finally, make a PHP script to tie these together. The script takes a few variables provided by your greasemonkey script, returns a response note. Your cellphone beeps, you glance at it, press a button, and the greasemonkey calls the PHP script which provides an email to reply with. For example, you beep 'yes' on your phone to a new profile with interests listed as 'spirituality', 'classic rock', 'synchronized weasel dunking'.

The PHP script returns:

Hello! You know Swami Vivekananda said that learning and wisdom are superfluities, the surface glitter merely, but it is the heart that is the seat of all power. I think that's bull because octopuses have like 16 hearts and no power at all. So who are you anyway? your profile says you're into [synchronized weasel dunking]. Does that mean you're one of those annoying chicks who talks on a cell phone the whole time?

Anyway, I always say that [life is too short to spend it thinking] and [we should experience as much as makes us grow].

So if you want to go on an adventure to feed donuts to the zoo cops sometime email me back. But only if you can think of a better adventure or are willing to dress up nice.

Dave


The first paragraph is spit out anytime 'spirituality' appears in a profile, the rest is randomized combinations of a few stock sentences. Arranged by the script in milliseconds and in her inbox seconds after that. Of course none of it makes any sense, but that doesn't matter. It's unusual, and therefore more likely to be remembered, it's provocative to a degree, so it may get a response. Any response is a good response, if she calls you an asshole she's at least thinking about you and you have a much better chance than the keyboard jockeys and bulk-mailers do. It also demonstrates a confident perspective and some standards on my part, in an unwillingness to put up with chicks who are on their phones the whole time (don’t you just HATE that, grrr).

The purpose of this is to open communications with the girl. Once she knows your name and has invested time and thought replying to you, even just a little, you are in the game and can escalate it from there, with hand typed, offbeat, flirty email. Since it's a new profile she's probably not used online dating before - so she doesn't have a lot of preconceptions stemming from bad experiences with it that would otherwise need to be overcome. More importantly she's not yet tired to the deluge of penis photographs so she may still be optimistic about her chances of getting that feeling she's after. So far so good.

Of course, the majority of girls, even hot girls, will not be the one you're looking for. She may seem like everything you want to a templated profile, but when you get to meeting her she's psycho/on drugs/wanting children/vapid/religious crazy/chav or otherwise not your ideal partner. So you'll have to spend time with a lot of hot girls (things will be hard on you) to find a keeper. So think about cheap date options, like a bag of donuts to feed to the security on a cheap day at the zoo. Be happy, most of the guys on the site will never have this much choice.

Setting this up may seem like a lot of work, but it's fun work and ultimately less effort for more result than you'll get by emailing photos of your Johnson around. Some folks will be uncomfortable with the automated emailing bit, spamming doesn't sit well. It'll help if you stop thinking of this as regular human social interaction. Using a dating site isn't like talking to someone in class or at a coffee shop. It's more like sperm competition in the uterus. Millions of little packets of information swimming out of males into the void with the hope of being the first that reaches a female counterpart to bring two complimentary sets of information together. Profiles not chromosomes, relationships instead of babies. The comparison can be taken a long way. If you only have a few bad sperm you will lose, life has no mercy or compassion for slow sperm. They fail silently and are not forgotten because they were never even noticed.

That's not to say I'm suggesting this is the only way to gain leverage on computer dating systems. With imagination there are infinite possibilities. One reason your profile doesn't work so well for you is that it is a generic, defined thing. It is a dating profile, like an egg is an egg. Up on match.com or wherever it is surrounded by millions of other similar profiles all clamoring to exert themselves as unique and superior to the rest. If you're in an egg factory full of thousands of eggs you're unlikely to notice one in particular over all the rest, unless there's something obviously wrong with it. One egg is much like another. If, however, you step into an elevator and there's an egg taped to the button panel you'll notice. And wonder about it. And you might remember that one egg for quite some time.

So move your profile off the dating site. Google up secretarial colleges, modeling agencies, universities, etc in your area. Is there a nightclub in your area which always has a line outside it that goes right around the block? Print out your profile on paper, find a derelict spot on the block and glue it up with poster paste. Underneath stick a bunch of tear-off strips with your email and profile username. Hundreds of hot young girls are going to be stood around bored waiting to get into the club and not expecting to see a dating profile. Not into bouncy clubber chicks with ADD? Me either. Many colleges, shopping malls, etc often have notice boards for random stuff. Sometimes there's one that never gets checked and has a bunch of out-of-date fliers stuck up. Rave posters from last August, yellowed want-ads, etc. Take the out-of-date stuff down and put up five printouts of your profile. It's easy, cheap, and more effective than it would be gathering dust on the dating site.

Hopefully this article has started a little lateral thinking for some of you who are frustrated with dating sites. The ideas here are not necessarily what will bring you to your goal; it's the way of analyzing systems that creates such ideas which matters. I wish you luck. I won't be joining you on this quest as I'm smitten right now, but I'll be very interested to hear your results and ideas if you feel like adding them in the comments. Oh, and may the force be with you.

Trackbacks: I'm uninteresting and objectionable. Whee!

[read on...]

PhuxOred - UCLA spambot

Happy Friday Everyone. Apparently we have only four more days to live before the nucular war [sic].

In actual news: the rise of the machines. Regular visitors may have noticed a few changes hereabouts. For one, the captchas are gone, enticing spambots to leave their little electronic bowel movements on the blog.

There is a *very* passive-agressive bot trap lurking behind the form. Ordinary comments pass as usual, any that fail a battery of tests get rerouted to a script that tries a number of methods to catch or kill the bot.

So... if you have a comment to make about, say, viagara and mortgages email it to me rather than using the form. The script is intended to total web browsers (legally, no funny business with viruses), please accept genuine apologies if affects anyone commenting in good faith.

Enough disclaimer, let's look at the log :-)

Comment name: Simon
Comment email: [email protected]
Comment http: http://return2india.com/HyperNews/get/forums/shipping/1760/31.html
Comment text: Well done!
Mysql_time: 2006-09-7 11:24:02
REMOTE_IP: 219.37.206.21
REMOTE_HOST: 219.37.206.21
HTTP_HOST: strix.org.uk
HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP_ACCEPT_LANGUAGE: en
HTTP_HTTP_CONNECTION: close

.......................................................................
Comment name: Andy
Comment email: [email protected]
Comment http: http://bioinfo.mbi.ucla.edu/Members/shawnpamel/buy-viagra-online.html
Comment text: Nice site!
Mysql_time: 2006-09-7 11:28:20
REMOTE_IP: 72.232.67.243
REMOTE_HOST: 72.232.67.243
HTTP_HOST: strix.org.uk
HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP_ACCEPT_LANGUAGE: en
HTTP_ACCEPT_ENCODING: identity
HTTP_HTTP_CONNECTION: keep-alive



........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
...........[10 lines skipped]


Each dot represents one minute of bot time spent receiving image tags pointing to huge jpegs courtesy of google. Check out the URL in the second spam comment, from the bioinformatics server at UCLA (fascinating course, btw). I emailed their admin about it but the contact email bounces. Curious that.

Nuclear war will begin September 12th 2006. Or not. link: BoingBoing

[read on...]

To Pwn a Spambot

Ah, comment spam, how do I love thee. Let me count the ways... I actually haven't had too much comment spam of late, the captchas and blocklist seem to have kept it out, but maybe I should. This blog should have more comment spam. Why? Because I want to mess with the spambots. I've been reading about the state of the spambot arms race and there's a fair bit of inventiveness on both sides. For one thing, they're getting smarter. Well equipped comment-spambots can now read captchas, operate off botnets parse javascript, convincingly emulate humans and sidestep a whole raft of systems designed to stop them. They're no longer simple little script-kiddie things that make HTTP posts to predictable pages.

If I were to set about making a spambot today, I would not be looking at a script (like most comment-spambots of the last several years), it would be a browser add-on. To convincingly emulate a human the bot should use the same tools and surf similarly to a human. It must produce unique, relevant text in its comments and field a set of working email addresses to reply to verification forms. It should use bugmenot or similar to bypass registration where required. It should use a large number of proxy servers or zombie machines and never the home IP, working gradually and returning often, keeping track of it's progress and regularly checking up on comments posted. It should post *one* comment per site, not thousands, and do so very discreetly. Where possible it should analyse comment and posting trends on a site (time of day, comment length, grammar, etc) to blend in. It would be formidable, and fortunately I have no interest in making it.

Mark my words, bots as I have described already exist and will become common, perhaps in the next two years. And they'll just keep getting smarter. AI will eventually be employed to this end. There's a lot of money in spam and with the blogosphere continuing to double every six months the potential markets become enormous. So long as dumb people continue to buy dumb stuff off the internet (honestly, who are these retards buying all those penis pills, I dont know *anyone* that stupid), this form of spam will increase.

So, as a webmaster, what do you do about bots like that? The thing that struck me most when reading about the development of systems like SpamKarma is their focus on blocking either the bots or the comments, using Baysian filters, P2P systems, etc. The focus is very much a 'close the door on them' approach. It won't work. They'll come through the windows, or dress up as your creepy Aunt Gladys. Baysian filters can be poisoned, and P2P systems can be joined and co-opted (like Kazaa - served!).

My approach is different. Next time a telemarketer calls dont just hang up the phone, try this:


  • talk at length about your problems, and how depressing the world is

  • say 'No honey, get away from there.. sorry, my 3 year old is playing by the pool/at the top of the stairs/with my gun, be right back...' and see how long they'll hold.

  • try to gently initiate phone sex (bonus: with a member of the same sex)

  • ask questions. What does this person think about Sex and the City? Low rise jeans? It's really easy to do. They'll start asking questions about you, just respond with something like 'Yes, I could use some home insurance. Seems like a sensible, almost cosmopolitan thing to do. I bet Carrie has home insurance, do you think Sex and The City promotes things like that? What do you think about Carrie? Really, I've always liked Miranda better...'



Savour the fun you have with these poor people, because it won't last. In no time at all you'll be put on *their* do-not-call list, which is shared between companies, and you wont have any more phone marketers to play with. Likewise if you get Jehovas Witnesses every Sunday, answer the door in your underwear and say 'Hey, can't chat, we're playing strip twister. Wanna come join us?'. People mention stuff like that to one another. Pretty soon a whole bunch of JWs will be praying for your wretched soul. But I digress, back to comment spambots.

The approach I want to take with them is basically to invite them in, and have some fun. The majority of these bots are still the older, dumber, script based type that make a lot of HTTP posts and little else. Many methods to detect them already exist, so I'll skip over that. Once one is identified, there's a few things we could do. We can send the standard error/blocked/go away page, but that's boring. Things I'm considering

  • Redirect the bot to a blog you don't like with a HTTP 302 response, let some wingnut/racist/evangelical deal with it. Use the bot as a tool to some other end. The site you redirect to should run on the same blogging software as yours for best results.

  • send a normal, correct HTTP header, XML document descriptor, and then an endless stream of invalid characters. If implemented as a shell script this will make the terminal it's running on beep endlessly at the user, as well as holding up the bot. It may continue to download indefinitely, halting it's run and if we're lucky crashing the program when it runs out of memory.
  • three words: buffer overflow exploit :-) a computer virus, padded a certain way, can sometimes be run by overflowing the memory assigned to some data with JUMP instructions to the beginning of the virus code. As these instructions flow into code memory a process may hit one and launch the virus, possibly giving you control over the spammer's computer. Then the fun begins in earnest. Well written programs are usually immune to this, but I'll bet my hat that most spambots are not very well written.

  • 302 (temporary redirect) to another port on the next page viewed by the bot, see if it follows. This is to mess with bots using unsecured HTTP proxies, many of which won't go to some random, high number port. If badly coded the bot may interpret this as non-functioning-proxy, causing it to remove that proxy from its list, making it think it has less resources than it does. Overall, a hindrance and also useful information on how a particular bot works.


And I'm sure there's more. Now, for the current generation of bots, the smart ones that load a page completely, images and all, and parse the javascript. First we'll want to tell actual browsers from browser emulators. This I think can be done best by giving the bot octal or DWORD URLs to follow. Most people have never heard of octal URLs, their use a forgotten memory of the dark ages of the internet, but Internet Explorer and other browsers still understand them. More on this. There is very little chance that a kiddie programmer writing a browser emulator will have included code to handle these, no-one uses them anymore, which lets us know if we've got a bot using an actual browser to load the pages.

If it is, perhaps its vulnerable to a browser exploit? Maybe we can install us a trojan. Another option is to include on a page a huuuuuge image or ten and kill the browser by using all its memory (and make windows machines grind to a halt when we use up all the swap file). A PHP script could generate such an image on the fly without loading it into memory, just writing a picture file to the bot from a predefined jpeg header, so it's no work for our server but a huge load for the bot as it tries to draw the thing. The bot may have a maximum size for stuff it downloads so we'll leave off the Content-Length HTTP header field and let it guess how much data we're going to be sending.

Here's an idea of identifying the source of comment spam. If we suspect a bot, we can include an image in the page that's served off an FTP URL. Bots using HTTP proxies might not also have an FTP proxy set up, so while you can't tell where the webpage requests are originating from, the FTP connection of the browser getting the image might yield the IP address (and thus ISP and geographic location) of the spammer, a good clue to finding the actual person responsible. Then we cook up some mischief for them... a monkey for their back, if you will.

[read on...]

Context Free Grammars with POV-Ray

context free tree

I've been playing a lot with Context Free recently, and was inspired to write a program to do the same thing in three dimensions. It's still in early beta and there's quite a lot I'd like to add, both to the program and the grammar language. So, if you know what a context free design grammar is and have a copy of POV-Ray handy, check out:



Feedback, bug fixes and mirrors always welcome, and I'd love to see what you make with this :-) If there's interest I'll add an image/rules gallery as at ChrisCoyne.com.

Many thanks to Chris Coyne, Mark Lentczner, John Horigan and others for Context Free. It rocks.

Link to Context Free
Context Free Grammars on Wikipedia

[read on...]

Image converter for Context Free

licence plate shell

Context Free is a kickass free renderer for making fractals and abstract art using context free grammars. With this program the grammars are written in the form of rules for drawing shapes on a canvas and recursively calling other rules according to probability. Nice intersection of mathmatics and art.

My script converts images into rules for use with Context Free. Shown here is a licence plate I photographed with an unsecured Panasonic webcam in New Jersey. Seemed to be a car park security camera. Someone was obviously concerned about me zooming it in on the licence plates (technique for estimating camera's location) and switched the camera off.

If you drive a black BMW with NJ plate SMV-21N, rest assured that your carpark security guy is diligently watching his camera, especially when random folks from the other side of the world are using it to look around.

The spiral's a simple, elegant shape to start off with:

startshape plateSpiral

/* define a rule */
rule plateSpiral {
/* draw the licence plate */
bmpImg {}
/* rotate 10 degrees, y -10, */
/* size 98%, repeat */
plateSpiral {s 0.98, y 10, r 10}
}
rule bmpImg {
...
}

So have a play, I'm sure you can do better than mine, and I'd love to see what you make :-)

Image Converter for Context Free
Download the Program
Gallery of Context Free Art

[read on...]

about hacking

neworder.box.sk's EyeScream has an excellent article about hacking. If you want to learn more about it NewOrder is a good place to get rid of the media/teenager image of what a hacker is and read a thing or two about creative use of computers.

Hacking Begins…
by EyeScream


You wanna know what a *hacker* is?

Switch off your TV. I know its hard. Its been nurturing you since childhood, taught you right from wrong and all the rest, huh?

Now I know the TV told you that a *hacker* is the cyber bogeyman, an evil genius that sleeps with his eyes open in front of his computer just waiting for YOU to turn on your computer and then WHAM! steal all that is precious to YOU and destroy the rest. He may even sell some of the things he got from you – the TV hadn’t decided yet. You’ve also heard the stories about those little boys and girls that went playing in the Dark Codewoods without their friend McAfee…

What if I told you that the TV is WRONG?

Are you alright? You look kinda pale and sweaty, do you want me to bring you your inhaler?

No, then I’ll continue.

There have been hackers since the dawn of civilization. Yes, I know there weren’t any computers at that time, but who said that hacking is to do with computers exclusively… I told you to switch off that TV didn’t I!

The term *hacker* was first coined at MIT in the 50s. As we nowadays use the term *cool* to describe something or someone, the term hacker was at that time designed to describe a person who enjoyed playing with things (computers being one of them), by taking them apart, learning as much as possible about their inner workings, making original modifications and thus improving their performance or even coming up with different purposes for use altogether. The mentality behind all of this was good ol’ fashioned … *fun*. The hackers *enjoyed* thinking about new applications for existing tools. For them it was a *game* that never stopped and could be applied to anything be it an object or a hole field of art such as Physics, Computers, Mechanics or Literature. Thus this universally applicable activity became known as *hacking*.

So how come the TV says…?

Back in the 80s young teenagers who were fascinated by computers discovered that there is another world out there, one you couldn’t really see or touch but which was populating fast with like-minded people. In this world you could meet others through Bulletin Board Systems (BBS) even if they lived thousands of miles away. It was all very exciting...

link

[read on...]


[1] [2] >>



Toys

Ransom Notes
Stencil Maker
Mix Poetry
Sarcasmotron
Shocked Robin
Jailbaiting
Google Adult
Yahoo Adult
Context Free
Google Video
myCFDG3d
Hotlink Lottery

Categories


hacking
internet
introspection
music
photography
stuff
stupid
things
webcomic

hacking

Golf GTI Scale-Electric Flash Game
Pictures from the Moscow Gas Pipeline Fire
The Hotlink Lottery
The BBC iPlayer
Westboro Baptist Voltron
Sexy Golden Livestock
Installing Ubuntu
Hacking iFriends
Revenge of the LolDuck
The Strange Case of Dollcam
Factoring Engine Prototype
Recipe for a Boggled Mind
Hurricane Sergio
DIY Hardware Botnet
Hacking Dating Websites
PhuxOred - UCLA spambot
To Pwn a Spambot
Context Free Grammars with POV-Ray
Image converter for Context Free
about hacking
Google based thesaurus
make your own banner
email ping-pong
iFriends GreaseMonkey Script
Bots Broken

Webcams

 [See the world >>]
82.99.149.31:1080 - Axis 210.172.213.198 - Panasonic KX Series 211.2.179.199 - Panasonic KX Series 217.169.130.236 - Axis 131.188.69.22 - Axis 195.60.9.213:8181 - Axis

Blogroll

Geoff's Blog An account of Geoff's adventure into the big bad world (Canada) [Avast, Eh?]

Baby Shoes Braver than me to be a schoolteacher in Britian. [Kristy's Blog]

Tards Association of Zimbabwe Third world community site needs more hot women. [Pudding!]

Zimbo Zebra My friend Kev. [Enda]

Epentesis Cool, Spanish and I don't understand a word she says (but I like it) [over here]

EKhaya ICT A software development company building bridges across the Digtial Divide. [start]

CC Developing Nations
  Support Bloggers` Rights!
Developing Nations Licence.
dumbbuthappy at gmail dot com

- (Made By Machines) -