I’m stuck on level04 of Stripe’s CTF Challenge.
Right away the strcpy screams buffer overflow but I’m having trouble figuring out how to get a valid EIP. :-/
So I switched to trying a return-to-libc attack but I am having problems figuring out how it works as the address of system/exit keep changing (probably has to do with ASLR).
I need to read up on these more it seems 
I’m a terrible at visual design. My excuse is that most of my fellow software engineers are also the same way. But that doesn’t mean that I don’t recognize good design or appreciate it. It’s just that I can’t come up with them myself normally -_-
This personal problem of mine has lead me on many a search for the perfect color scheme for my terminal, my vim, my ide (IntelliJ for java development and vim for pretty much everything else. I give xcode a few chances but always end up regretting it.)
So it excites when I see things like this post by Steve Losh but saddens me that it’s only for zsh. I have nothing against zsh, I just don’t use it. I’ve used it before but I am not now. It’s all very simple and not very worthy of religious discussions. So I’ve tried ports for it such as bash-it but that turned out to be terrible (no offense to the community that supports bash-it but I’m a sucker for updating frequently and it seemed that every time I would do it with bash-it something broke).
So I’ve made my own version (boring and not as feature rich but pleasing to my eyes). I might one day decide to actually sit down and make it more robust but until that day comes I’m ok with just tweaking it occasionally.
The thing that it lacks however is a good vim theme (I use delek atm) and, more importantly, a good terminal color scheme. I did attempt to use some colors (based on bash-it no less) and they were nice but after a while I got bored of the same colors.
So it was nice today to have found a color scheme for iTerm. That gist is a fork of a port of another Steve Losh post (wow say that one 10 times fast).
The obvious downside is that it isn’t portable to my different environments. I guess I could spend them porting it to my .bash configs. Or I can just continue my ongoing search for the perfect color scheme. ^_^
I accidentally deleted a file with a set of revisions today and didn’t realize it until several revisions later.
Trying to restore the file using all forms of svn merge/copy/update etc didn’t work.
I couldn’t figure out what was wrong until I stumbled on this guy’s post.
http://www.canfield.com/content/svn-restore-deleted-file
I’m copying the relevant portion here in case the link above changes:
svn copy -r 98 https://{URL}/canfield.conf .
This fails with a strange error:svn: ‘/svn/crg/!svn/bc/102/trunk/canfield.conf’ path not found
Apparently, since there is no canfield.conf in the current revision it cannot copy to it?!? I admit that this doesn’t make any sense to me at all but I am sure SVN gurus will find it obvious. After some research I found an additional option for the URL; the @{revision}. Let’s try using that:svn copy -r 98 https://{URL}/canfield.conf@98 .
And it works! Don;t forget to save this file, the above just copied it into our working area, it did not commit the file to the repository yet.
What the hell? Even the redbook is wrong on this as it was the mechanism that I was trying.
http://svnbook.red-bean.com/en/1.5/svn.ref.svn.c.copy.html
SynergyKM is a great OSX GUI wrapper above synergy but it hasn’t been updated since 2009-09-07 (as of this writing).
There’s a hugely annoying bug (depending on how you download it apparently) that causes it to ask you to give permissions to Synergyd application to launch because it was downloaded from the internet.
This can be fixed by de-quarantining it.
I’m reposting the instructions for it here in case the above link goes dead with altered syntax.
cd /Library/PreferencePanes/SynergyKM.prefPane/Contents/Resources/
sudo xattr -l Synergyd.app # this will show you that it is quarantined and the name of the browser used to download it
sudo xattr -rd com.apple.quarantine Synergyd.app # this will remove the quarantine on it and its children
The next problem though is that it contains a synergy client (and server if you are using it to launch your server) that is based on synergy 1.3.1.
As of this writing, synergy is now merged with synergy-plus and has become synergy-foss. But more importantly, synergy is on 1.3.6 and there are some nice bug fixes in it that may help if you are seeing issues from synergy.
You can update SynergyKM yourself by downloading 1.3.6 and unzipping the distribution.
You will find 2 files, synergyc & synergys.
Copy those 2 into /Library/PreferencePanes/SynergyKM.prefPane/Contents/Resources/Synergyd.app/Contents/Resources and reconnect to your server using SynergyKM (you don’t even have to restart SynergyKM).
To verify you did everything correctly, go into SynergyKM preferences and click on About.
You should see that it is now using version 1.3.6.
I haven’t updated my server version (1.3.4) yet but it doesn’t seem to make a difference.
Note: only tested up to 1.3.6 currently for obvious reasons.
My experiment with nginx and php5-fpm for running WordPress has not gone so well.
php5-fpm processes spike on every request causing incredible delays on WP requests as well as noticeable lags on any process that I’m running on the server at the time.
I can’t figure out if it’s php5-fpm or WordPress 3.x.
I’ll probably switch back to apache just to make sure its not something with php5-fpm to experiment.
Update: Actually following the great instructions that I found here, the nginx/php-fpm/wordpress setup is performing much better.
This is only for Intellij on OSX.
By default Intellij runs as 32 bit even though you may have set 64 as the default java.
If you go to /Applications/{your-IDEA-version}/Contents and open Info.plist you will see JVMVersion/JVMArchs/LSArchitecturePriority under Java
Move x86_64 in JVMArchs and LSArchitecturePriority to the first element and change your JVMVersion to 1.6* (should be that by default unless you are at an older version of Intellij).
Now you can change your max heap to be larger than 2gb
Lastly, run activity monitor and make sure it says Intel (64bit) under “Kind”
If you recently updated to Apple’s latest Java update (10.6 update 3) you would probably have noticed that your java sources disappeared.
I noticed this when I tried to browse to the source of a java provided annotation recently using Intellij.
Well, apparently there are 2 locations for 1.6.0_22.
One of them is in your /Library/Java/Home directory (symlink to symlinks here but you get the point).
The 2nd you can find by doing “echo `/usr/libexec/java_home`”
Which happens to point to /Library/Java/JavaVirtualMachines/
The 1.6.0_22 folder in here though is curiously not a symlink to any of the above locations.
It’s its own hard directory. One that contains the src/doc jars.
If you use that instead of the standard one when configuring jdk in intellij, it will pick up src and docs.
Note: The above location does not exist until you download Java for Mac OS X 10.6 Update 3 Developer Package
I received a copy of Camel In Action from Manning MEAP last Thursday and started reading it over the weekend.
I’ve been aware of Camel for only a few months but have loved it so far. Only recently, I’ve decided to incorporate it as part of a production project and really starting to ramp up my knowledge of it. So I’m looking forward to reading and reviewing this book while working with Camel from a novice standpoint as compared to some of the other reviews that I’ve done or been asked to do in the past where I was already familiar with those technologies at a more advanced level.
As such, I’m trying to do this as a chapter by chapter review to see how it goes. No promises 
Ok this one’s a PITA.
I haven’t found a better way yet so it requires access to a non-blocked machine atm
Background
Ubuntu keyservers typically use the port 11371. If you are looking up a key from http://keyserver.ubuntu.com/ for example. It will go to a link that looks like
http://keyserver.ubuntu.com:11371/pks/lookup?search=0x8275A2B297B853E77ABC195BF53DE96D71FCFB2B&op=index
Unfortunately, that port is inaccessible through the network at work
If you use the newly provided add-apt-repository script you will get output that looks like
Executing: gpg –ignore-time-conflict –no-options –no-default-keyring –secret-keyring /etc/apt/secring.gpg –trustdb-name /etc/apt/trustdb.gpg –keyring /etc/apt/trusted.gpg –primary-keyring /etc/apt/trusted.gpg –keyserver keyserver.ubuntu.com –recv 8275A2B297B853E77ABC195BF53DE96D71FCFB2B
gpg: requesting key 71FCFB2B from hkp server keyserver.ubuntu.com
gpgkeys: HTTP fetch error 7: couldn’t connect to host
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
The repository will still get added to your sources.list but the key wouldn’t be added.
So on an apt-get update you will see output such as
W: GPG error: http://ppa.launchpad.net lucid Release: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY F53DE96D71FCFB2B
hacky solution
From a machine that is not restricted (I use my personal server) run the command above
sudo add-apt-repository ppa:maglione-k/ppa
You will the output of
Executing: gpg –ignore-time-conflict –no-options –no-default-keyring –secret-keyring /etc/apt/secring.gpg –trustdb-name /etc/apt/trustdb.gpg –keyring /etc/apt/trusted.gpg –primary-keyring /etc/apt/trusted.gpg –keyserver keyserver.ubuntu.com –recv 8275A2B297B853E77ABC195BF53DE96D71FCFB2B
gpg: requesting key 71FCFB2B from hkp server keyserver.ubuntu.com
gpg: key 71FCFB2B: “Launchpad wmii” not changed
gpg: Total number processed: 1
gpg: unchanged: 1
Ignore the not changed line.. I’ve already imported it before this example.
Note the recv line above and the value of 8275A2B297B853E77ABC195BF53DE96D71FCFB2B
Use that with the apt-key command and run:
sudo apt-key adv –keyserver keyserver.ubuntu.com –export –armor
8275A2B297B853E77ABC195BF53DE96D71FCFB2B
You’ll see output of
Executing: gpg –ignore-time-conflict –no-options –no-default-keyring –secret-keyring /etc/apt/secring.gpg –trustdb-name /etc/apt/trustdb.gpg –keyring /etc/apt/trusted.gpg –primary-keyring /etc/apt/trusted.gpg –keyserver keyserver.ubuntu.com –export –armor 8275A2B297B853E77ABC195BF53DE96D71FCFB2B
—–BEGIN PGP PUBLIC KEY BLOCK—–
Version: GnuPG v1.4.10 (GNU/Linux)
mI0EStZv7QEEALorUcGdFwGwPF7R915YdAkVxq10yY3IaWg3SPdFA+9pmYaSiZ6d
3N0Nvg3T9gFdG+VEauvKRe6U+FQekWP0OqEzdRwiEgtqGpDl65nik25/0hPcZ8iB
55bVoxFRLKsQWbrjtUulgKgOm8sWhQPb1Y8EGcaDjZgQxFawrWW3wlUlABEBAAG0
DkxhdW5jaHBhZCB3bWlpiLYEEwECACAFAkrWb+0CGwMGCwkIBwMCBBUCCAMEFgID
AQIeAQIXgAAKCRD1Peltcfz7K8vBA/90ywpWmxKxawP3SwVfTEGFzu/NA2RcoCjN
PHocUm8bGaIcpZuY1vYiMpZ1Yn1cqSJkkiCwe6tmWBUEnudZDtjxD1xQcMxhrdce
Xv5vsxPWTlkV3oYZS5YUbqSMCTyKs5+3jJQVSyMDWBlCijC9UWhMZeGBUY/ERMcX
Q9dyJBRFyw==
=PG1A
—–END PGP PUBLIC KEY BLOCK—–
Redirect the output of the above to a file (I just > xxx.key) and scp that to your restricted machine. Don’t worry about the extra output on top of the key.
From that machine run:
sudo apt-key add xxx.key
And that should be it.
Now apt-get update and you should be fine.
I know that java generics were implemented with type erasure as a way to support backwards compatibility with older (non-generic) code. But occasionally, I am rudely made aware of just what this means.
In a recent project using MyBatis, I was doing the following (classnames and some interfaces changed to protect the innocent 
. ie. don’t blame me if the code has typos)
Notice no selectAll defined? I’m expecting a failed test (TDD-ing lol)
In guice:
bind(FooDao.class).to(FooDaoImpl.class);
In test (yea yea. I know that testing actual db access is bad in code. I’ll refactor it out later):
This test should fail right? But actually it passes
WTF. Ok so what is in the List of items that it returned?
Well first FooDao indeed returned FooDaoImpl
Instead of posting the whole list that was retrieved I’ll post the first object:
Bar@468f7fbb
Notice that a List<Foo> is now holding Bar? There is no relationship between the 2.
WTF?
Well as it turns out. BarDao also has a selectAll method and MyBatis will look up FooDao.selectAll by its short name of ‘selectAll’ because I did not define it in FooDao. So it finds BarDao’s selectAll method instead.
[Small OT/Rant] – Funny enough, if I have another Dao (ADao for example) that also had a selectAll method defined, MyBatis would have complained that the short name reference of selectAll is ambiguous. But in this case I would have expected that MyBatis noticed that I am expecting different return types from my Daos (List<Foo> vs List<Bar>) and I had no selectAll for that return type and gave me a gracious ‘YOU FAILED’ message. But it didn’t. Although, if you imagine the type erased version of the code above it probably couldn’t.
Instead it ran BarDao.selectAll and java silently allowed it. So how can you tell if this happens to you?
Well, quite simply, your List<Foo> will now contain objects of Bar.
So if you ran for(Foo foo : myList) it would blow up with a ClassCastException.
~_~ These are the moments that make me wonder if Java 7 will be able to save us.
Reified Generics or whatever other mechanism it choices, I just hope that it chooses wiser this time.