Hacker News new | comments | show | ask | jobs | submit login
PoC or GTFO 15 [pdf] (alchemistowl.org)
164 points by jaybosamiya on June 19, 2017 | hide | past | web | favorite | 82 comments

> "Technical Note: This file, pocorgtfo15.pdf, is valid as PDF document and as a ZIP file of the relevant source code. Those of you who have laser projection equipment supporting the ILDA standard will find that this issue can be handily projected by your laser beams."

So this file is a PDF that's also a ZIP, and the archive contains - among other things - a song in MP3, and another PDF that's also a Git repo. Oh, and the whole bundle is supposedly laser-projector-compatible (that fact I can't verify - I have no access to such equipment).

I love this <3.

Issue 10 is my all-time favorite:

> The polyglot file pocorgtfo10.pdf is valid as a PDF, as a ZIP file, and as an LSMV recording of a Tool Assisted Speedrun (TAS) that exploits Pokémon Red in a Super GameBoy on a Super NES. The result of the exploit is a chat room that plays the text of PoC‖GTFO 10:3. Run it in LSNES with the Gambatte plugin, the Japanese version of the Super Game Boy ROM and the USA/Europe version of Pokémon Red.

This is genuinely brilliant. Thanks for sharing.

For anyone who wants to read the back issues: https://www.alchemistowl.org/pocorgtfo/

Back issues are always included in the current issue, hence the zip. Keep recursing that way (or use binwalk)

As you have a newfound love for file polyglots, have a look at this talk by Ange Albertini, one of the people behind PoC||GTFO


Has anyone ever been able to make a polyglot executable file that runs on Windows, Linux, and macOS? (Without cheating by adding a PE loader to Linux or anything like that)

All of those file types use header magic (if for macOS you mean Mach-O), so you can't combine them. For macOS containers (app bundle, DMG), though, you might be able to, depending on how strict the OS is about having random data prepended to the container. But that still won't let you combine PE and ELF.

True, but Linux executes some things that aren't ELF and Windows executes tons of things that aren't PE. I wish someone would come up with something, because how awesome would it be to be able to distribute a single executable for all desktop platforms?

If the goal is any execution, you can do it on older (but still used in some places) Windows versions with COM, or if a) it's possible to construct a minimal executable without non-text characters, or b) there's a scripting engine that accepts non-text characters (raw, not just encoded), you could do it with a script. Off the top of my head I can't think of what else you might run in Windows, but I'm much less familiar with Linux.

Thanks so much for this!

I wrote an ILDA parser in Rust [1], and I also have a virtual EtherDream laser projection DAC (also in Rust [2]) that you can play this against if you're interested.

I'll try to fire this up tonight and see what renders.

[1] https://crates.io/crates/ilda

[2] https://github.com/echelon/etherdream-emulator

The previous issue 0x14 is also a NES ROM that prints its own MD5 hash. That issue was dedicated to fun things to do with MD5 exploits.

The good pastor Laphroaig preaches:

If the 0day in your familiar pastures dwindles, despair not! Rather, bestir yourself to where programmers are led astray from the sacred Assembly, neither understanding what their programming languages compile to, nor asking to see how their data is stored or transmitted in the true bits of the wire. For those who follow their computation through the layers shall gain 0day and pwn, and those who say “we trust in our APIs, in our proofs, and in our memory models and need not burden ourselves with confusing engineering detail that has no scientific value anyhow” shall surely provide an abundance of 0day and pwnage sufficient for all of us.

No Starch Press is taking orders for a limited print edition.


Estimated availability August 2017

Consistent with the journal's quirky, biblical style, this book comes with all the trimmings: a leatherette cover, ribbon bookmark, bible paper, and gilt-edged pages. The book features more than 80 technical essays from numerous famous hackers


It seems like a beautiful edition, I'd like to buy it. However, shipping to Europe costs almost as much as the actual book (25$). Are there other sites that sell it? My local Amazon usually has most No Starch books in stock, but I can't find this one.

Group buys should save on shipping. We should have stock at Amazon after Defcon, unless we sell out of them.

FWIW, anyone shipping single books from the US to Europe will have roughly the same shipping price; for sure you won't find any under $20, unless some European web store has ordered a few hundred copies for redistribution.

They're distributing at DEFCON if you know anyone going.

We'll have the book in wider distribution after Defcon. If we don't sell out of them.

Is anyone besides No Startch selling this? I refuse to order from them anymore. :/

based on...?

From the PDF: "Bitrot will burn libraries with merciless indignity that even Pets Dot Com didn’t deserve. Please mirror don’t merely link! pocorgtfo15.pdf and our other issues far and wide, so our articles can help fight the coming flame deluge. We like the following mirrors. https://unpack.debug.su/pocorgtfo/ " https://pocorgtfo.hacke.rs/ https://www.alchemistowl.org/pocorgtfo/ https://www.sultanik.com/pocorgtfo/

The server seems to be under fairly heavy load, more download options listed here: https://archive.org/details/pocorgtfo15 (Try the torrent)

Other mirrors:


Also published over IPFS as QmSYPTz9Eg2HyStSzVtiyUzehPDT1J9LEenBqt3TpFLRrD

You can see the filelisting directly in the browser here: https://ipfs.io/ipfs/QmSYPTz9Eg2HyStSzVtiyUzehPDT1J9LEenBqt3...

Edit: decided to mirror all of them, provided in QmcLWK1R4KK7mDwSDwAm5Ny5gs185vgMpXbnbWbxp44Dvm - https://ipfs.io/ipfs/QmcLWK1R4KK7mDwSDwAm5Ny5gs185vgMpXbnbWb...

To those who know how to use IPFS - how do I make it so that my computer mirrors those files with this hash?

Run this command while the IPFS daemon is running:

$ ipfs pin add QmcLWK1R4KK7mDwSDwAm5Ny5gs185vgMpXbnbWbxp44Dvm

It'll start downloading and then seed about 700 MB of data as long as you have the daemon running.

Both the linked PDF and the archive.org PDF were downloading quite slowly for me -- I've uploaded a copy here which (for the time being) should be reasonably quick: http://lithium.redfern.me/pocorgtfo15.pdf

You sir, a gentleman. 15 seconds instead of God knows how much.

There's also a Gopher mirror, because of course there is. gopher://firusvg.no-ip.org:7070/

I also made a mirror of the PDF on IPFS (BitTorrent is soooo 2000's)


What a wonderful publication. Reminds me of the Internet pre-2000. Fun times, and kudos to you if you are a PoC || GTFO contributor/publisher and reading this.

WCoG||GTFO (Working Code on GitHub)

Apparently, the PDF is _also_ it's own git repo. (This is normal for POC||GTFO.)

Not the main PDF. If you unzip (!) the main PDF, you get the copy of the "Git as PDF" article in its own separate file (PDFGitPolyglot.pdf), and that latter file you can use as a git repo.

  $ git clone PDFGitPolyglot.pdf testrepo
  Cloning into 'testrepo'...
  Receiving objects: 100% (432/432), 622.40 KiB | 0 bytes/s, done.
  Resolving deltas: 100% (270/270), done.
Within the repo you can find the raw PDF, and all the source files for that PDF (including .tex article) and scripts for turning it into a git repo.

I've never seen this done before, and I'm in awe.

When zellyn said this is normal for PoC||GTFO, they weren't kidding.

https://www.alchemistowl.org/pocorgtfo/ (Click "Spoiler" for some of the old ones)

If you are interested in polyglot files like this, have a look at the work of [0] (who was probably directly involved in this particular release).

[0] https://twitter.com/angealbertini

This is all impressive, but the PDF format is what makes all the magic possible. Among its features that make such a thing easily achievable:

- The relevant table-of-content of its data is located at the end, unlike most other file format. (You can put it near the begnning too, known as "optimized PDF" to make displaying the first page faster when downloading sequentially.)

- The PDF format is, surprisingly, text with embeeded byte streams which can contain any data.

- It does require a !PDF marker near the beginning, but it doesn't need to be first.

- It support natively ZIP compression, so embedding a ZIP inside is easy.

- ZIP allows "cheating" by not really compressing data, thus allowing data verbatim and allowing large chunks of arbitrary data, as long as you can control the first few bytes.

With these technical freedom, building a PDF that look like multiple file format is more accessible.

I think each issue does include the relevant source code. So if you have the PDF file and are reading about the code, you already have the code available and you don't need GitHub.

why the free advertisement? bitbucket and others are also pretty good.

(0x15 suggests the 21st or 22nd issue, but the intro says it's only the sixteenth.)

edit: title's been fixed, this is no longer relevant

We number with BCD in honor of the HP48 calculator's floating point implementation, which matches decimal rounding errors. 0x0A, &c., are reserved for special issues in the future ;-)

If there was an issue 0x0, would it be the First issue or the Zeroth issue?

When they thought of the name, I wonder if any thought was given to the alternate reading of PoC as "People of Color"

PoC has stood for "Proof of Concept" for a long time, so probably not.

It is amusing to read it as "People of Color || GTFO" as a statement demanding racial equality in companies' hiring practices.

There's actually a way to get that. Use work-hire tests.

Work hire tests are anonymous and unbiased. Either candidates can do the work, or they can't.

You have to set it up so that the work-hire test is all that matters, though, which ~nobody does.

They're not necessarily unbiased or even anonymous (in a meaningful way). The problem which is set might somehow favour applicants from certain backgrounds. The language used might be unnecessarily complex or use local idioms. The comments and variable names might betray the candidate as a non-native (but perfectly proficient) English speaker. If the candidate uses company hardware, the keyboard may be set to a different layout to what the candidate is used to.

There are lots of ways any test which (ostensibly) aims to test raw ability can be very biased indeed. A lecturer of mine once told a story about a horrible experience he had during an exam trying to whisper an explanation of the rules of Checkers to a student who was from a country where the game was rarely played - the possibility hadn't even crossed his mind.

Declaring the interview style you use as "unbiased" from the start seems like a great way to get complacent and have large amounts of bias creep in unnoticed.

What are some ways to counter this effect?

Be intimately familiar with, and fully accepting of and comfortable with, every culture that applicants may potentially come from.

Or, explicitly require / assume that all applicants be fully familiar with your culture.

Or, define an industry standard artificial culture - whether implicit or explicit - and require everyone on both sides to be familiar with it. This could include things like suits and golf for execs, hoodies and beer for techies, social justice activism for webdevs, etc...

I'm hardly an expert, though I'd probably suggest focusing on avoiding the four pitfalls I mentioned. Like any hard process, it involves working hard to achieve gradual improvement, learning from others where appropriate.

However, I can guarantee that resting on your laurels and calling your process "unbiased" from the start won't work.

That can get you in trouble.

Under US labour law, any test where minority candidates don't pass at four-fifths the rate of others is presumed to be racially biased unless proven otherwise in court.

Judges don't have to study stats and end up writing most of these laws.


Your test may work perfectly and prove that the only people who can "do the work" within your company's structure are a narrow demographic of $current_majority.

If your company structure/culture is broken your "unbiased" test probably will be too.

except not everyone has the time or interest to do a ton of unpaid work for companies they're applying to

> a ton of unpaid work for companies they're applying to

Okay, that's a logistical objection to work-sample tests, which is easily rebutted with, "Simply don't assign _a ton_ of unpaid work" to your candidates.

The process we use for hiring software developers at my current employer:

  1. Clone this git repository.
  2. Build a trivial feature (e.g. adding a search feature to an
     existing blog platform).
  3. Send a patch or pull request.
Everyone who's being considered gets the same task, and we base our decision off of several factors: Did they implement a working solution? How much new code did they need to create (knowing that the framework does 99% of this already, and is documented)? If so, did they write unit-testable code? Did they write unit tests? Did they find any of the intentional vulnerabilities?

It should, realistically, take most people 2-3 hours at most to complete this task successfully. If they're familiar with PHP development, probably 15-20 minutes. Furthermore, it can be completed at their leisure.

If that seems unreasonable, contrast it with the cost of taking a day off work to get dressed up and perform an in-person interview during business hours with complete strangers who are scrutinizing you for fitness, with a very high chance of not getting accepted.

The burden of work-sample tests shouldn't be on candidates; the burden should lie with the company to ensure they're collecting objective facts about candidates rather than making subjective decisions.

I'm familiar with tptacek's writing. :)

This will get off-topic quickly, if we allow it to.

In situations where a subthread is already off-topic and destined for the bottom, I try to make a substantive contribution. It's possible to pull out some interesting conversation even from the dregs.

It's true that it grows the subthread, but the [-] button exists now.

I am probably not the only person who assumed that was what it was.

People with no background in programming, maths or engineering might treat the vertical bars as mere embellishments and read it as a racist slogan.

The solution to ignorance is education.

Even if someone refuses to learn, educate everyone around them and let social pressure either break their stubbornness or isolate them.

>Even if someone refuses to learn, educate everyone around them and let social pressure either break their stubbornness or isolate them.

Out of context this is a very ominous sentence.

Hah, I suppose it is! But sadly, it's the only effective solution I've found for dealing with e.g. actual Nazis that tried to encroach on my social circle.

I'm not quite sure how you get from "this can be misread" to "break their stubbornness or isolate them". Are people who might be put off by the title "stubborn"?

I was talking about the intentional racists.

I see, I had only thought of it in terms of people who might be put off. Those who actually open the book would soon realise that it's not that meaning.

Fortunately, there are no intentional racists in that title.

My coffee isn't working today, so I apologize if I'm off-point with my communication.

Its use for "people of color" goes back to at least 2004: http://www.urbandictionary.com/define.php?term=poc

The use of the term Proof of Concept goes back to at least 1984: https://en.wikipedia.org/wiki/Proof_of_concept#Usage_history

I'm less clear on when PoC came into vogue, but I think it was likely in the 90s.

Edit: Actually, reading more carefully, you can find "proof of concept" at least as far back as 1967.

Different communities, different dialects. I suppose this journal doesn't come from the community that would read "PoC" as "People of Color".

I think Proof of Concept predates your genre of terminology

The oldest sense of a term is not necessarily the predominant one; nobody is going to read "moron" or "imbecile" and think of clinical terms today.

> nobody

Well, almost nobody, because that's what I think of when people use these terms to degrade others.

While I presume you mean to say that you think that people who go around calling others morons are the real morons, you've written it in a way that suggests you think such a thing is linked to clinical mental retardation.

I don't get these people that would block the title of a publication because one possible definition might be construed as rascist.

If anything it describes a certain hegemony by these disaffected groups as they slowly claw more and more of language as their own...

In the context of the publication, "PoC" additionally stands for "Pictures of Cats". https://twitter.com/fbz/status/876554986569711616

I have to say I've never come across that usage of "PoC" before. "Proof of concept" and "piece of crap" I have.

I spend a lot of time in the communities where PoC is in active usage of that, and I didn't read it as that :)

I guess it's in a different mental context...

POC is used so little as "people of color" that it's not even in the most promoted uses in the Wikipedia lemma:


I've seen it frequently used on American websites, and on numerous articles submitted to HN (social issues in the US being a frequent topic of inquiry)

I don't think it's surprising that people would read it that way.

Sure, but it would be surprising to read any uncommon acronym out of context and presume knowledge of what it means.

Did anyone else read PoC as point of control? The IT seems to be draining out of my immediate mindset.

edit: added link to what I thought PoC was in this context: https://marketdelta.com/how-to-plot-and-trade-naked-pocs-poi...

"Trade naked PoCs"... Not sure exactly what it is but it sounds dirty.


Naked PoC's mean that if there was a particular price in a stock/future/whatever that had more volume done at it than any other price for the day...it's "naked" the next day until the price returns to it.

EG... if today APPL traded at $105 for more shares than any other price, and tomorrow the price is $106, we would say the naked PoC is $105 until it was revisited.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact