I saw this question being asked on here years ago with few but interesting answers. I'd imagine that a lot of you still have some pretty interesting stories to tell about some crafty workarounds.
I was located in Sydney Australia, trying to fix a literally showstopper bug in the signal processing of the bank of Land Mobile Radio base stations that were being used to coordinate the stage management for the Opening Ceremony of the London Olympics. Less than 24 hours to go before the final dress rehearsal, and the production company was preparing to spend megabucks to pull all the radios out and replace them with a different manufacturer's, unless the bug was fixed in the next few hours.
I ended up hacking the radio firmware to bypass the signal processing and stream the raw received samples from London to Sydney. I hacked a radio in Sydney to feed the London samples into its signal processing, then streamed the resulting samples back to the transmitter in London. I now had an LMR base station running in real-time over the Internet, with the radio hardware in London and the signal processing in Sydney. I was able to attach a JTAG hardware debugger to the DSP in the radio running the signal processing and find the bug. From there we did a firmware release and uploaded new firmware into the radios in London. Our radios stayed in and handled the stage management for the Opening Ceremony of the London Olympics.
Edit:
The customer must have been happy with the outcome, as they ended up using our radios for the Sochi Winter Olympics two years later.
What bugs me the most is that when you talk about engineering or even search for anything engineering-related all that ever shows up is software engineering. It's become much harder to find information about more classical engineering subjects.
It was intended as both actually: a sloppy imitation Australian accent, as well as a nod to Mr. Noyce. There are very few occasions where the two intersect so nicely.
You don't think it's safer to assume that this was an intended pun?
Bob Noyce is pretty well heard of here.
Neverheless, very Noyce of you to link the article.
After playing a lot of Tetris Friends, I started getting deja vu. Sometimes, after starting a new game and placing maybe 10-20 pieces, I would think, "Haven't I seen this exact board before?" Eventually I tested my theory through brute force: I would start a fresh game, write down the first 10 pieces, then restart. Over and over and over, until finally, I found it -- a duplicate!
Apparently, Tetris Friends only seeded their RNG once, and there were only a few hundred possible seeds (perhaps 256? I didn't check). So if you got the same initial seed, you got the exact same pieces for the entire game. Tetris Friends also happened to have a highly competitive global leaderboard, where you tried to clear 40 lines as fast as possible... and I happened to have recently learned how to use AutoHotKey. You see where this is going.
I restarted over and over until I got a good seed, then carefully played through a whole game, copying my inputs into a giant AutoHotKey script. Tetris Friends was a flash game, meaning it could only process so many inputs per second, so I had to insert a short delay between each input. Testing/debugging was a nightmare too, because I had to restart until I found the same seed again! But after a few hours, my script made it all the way through a game, and bam, I was #1 in the world.
Felt real good for about a week, until Tetris Friends purged the leaderboard. :^)
I had a similar experience about a decade ago with an online rock-paper-scissors vs. computer site. I quickly figured out the pattern and was able to win a few dozen times in a row (late night) and got bored, but it was a very intriguing exercise.
i wrote a script that played Facebook bejeweled for me. took screenshot and then pick out the pixel colors from a grid since they're all different and mostly static. then simulated some clicks. it was a bad player but stupid fast so it racked up the score nonetheless.
I once scripted Farmville, and quickly overtook all my friends who played it. Then somewhere at level 60 or 80 the game became so extremely slow that I gave up. The game could only handle a certain number of clicks per second, and the script would have to run for dozens of hours to gain yet another level.
EDIT: That's because gaining levels required XP, and there was literally 1 XP for each click, regardless of what you did. You could figure out a strategy to get more gold, but I already had way more gold than I could spend. But there was no strategy to get more XP other than "click more". Up to certain level it was manageable, I just let the script run when I was away from the computer, and it took a few minutes to gain another level. Up to certain point, the required XP per level grew quadratically; behind that point it started growing exponentially, so I knew that I could never make more than 5 or 10 more levels past that point.
Had a similar but simpler experience with Telegram's Lumberjack game [1]. Wrote a small Python script that scans a few pixels of screen and sends arrow key signals when sees a branch. The game was gradually speeding up to the point that script was not able to keep up yet it was beating any human easily.
In my first job I work on a database product in development that leaked memory slowly, leading to crashes after hours of usage. The software was written in C and there were no tools like Purify or Valgrind back then to deal with memory problem. It was a vexing problem that got punted until release time, when it became a show stopper.
I looked into the problem and found that the memory allocation used malloc and free. I then defined macros for malloc and free in a common header to call my_malloc and my_free functions with the standard __FILE__ and __LINE__ macros passed in as parameters. Re-compiled the whole program with the macros, which redirected every call of malloc and free to my functions. My functions logged all the calls with the allocated memory pointer, the filename, and the line number. Once I collected enough log data from test runs, I sorted the lines in the log file by the memory pointer address. Every pointer address should come in pair, one from the malloc() and one from the free(). The odd number pointer addresses are the ones with missing free(). And I got their filename and line number right there.
I was in the process of porting some C code (a physics engine) to javascript. After porting the code I benchmarked it - and, no surprises - it was waay slower than the original C code.
One reason C is faster than javascript is that C structs get "inlined" into the containing object. For example, in C struct Body { vec2 pos; vec2 velocity; } would just be 1 object. But the equivalent javascript code would allocate 3 objects instead.
I inlined vec2 (replacing it with pos_x, pos_y, etc) and performance got a lot better. But I was curious what other structs were thrashing the garbage collector. So I added a call into all my constructors which generated a stack trace (new Error().stack), and used the stack trace as the key in a javascript object - with the value being the number of times that stack trace was seen.
After sorting and printing the result, I had a hit list of the hottest stack traces which were thrashing V8's garbage collector. I fixed all the worst call sites and by the time I was done performance improved by about 3x or so!
You know, that's surprisingly an elegant hack. I'm sure it's obvious to some folks, but for some reason I never came up with it during my old C programming days.
Oh I was desperate. I was the most junior guy in the team on my first job after school whom got thrown with a hard problem. Luckily I remembered __FILE__ and __LINE__ in C, and it was a matter of working backward to link those to malloc and free somehow. My Unix command-fu (sort, uniq -c) learned back in school came through in dealing with the huge log file.
It was a huge boost to my confidence on my job and earned my cred with the team.
The eternal curse of the C programmer is knowing that macros are Right There, just waiting for you to take them up and craft the most elegant… footgun.
This is awesome, i had to do the same, ended up writing a
.h file that redefined malloc/free with macros, and then reported the missing and double frees.
Oh man this brings back memories, and is the exact same approach I used a couple of decades ago — there was some undefined behaviour in some code, and it ended up being nearly impossible to reproduce when using valgrind.
Using the approach you described is extremely effective and low-overhead, and allowed me to actually reproduce the issue (I think in the end it was due some async / race condition issue, because I was using “if map[key]” in a place where I shouldn’t, which actually inserts the key if it’s missing (and thus mutates the map).
This is a great strategy even today, with the only difference being how you'd implement it: typically by interposing malloc and free and having it walk its own stack.
I applied for a job at a medical cannabis operation in Canada right before legalization hit.
I was curious to see if they had checked out my personal website, so I grabbed my webserver logs and I recognized one IP from the city the job was based in. More than likely, the public IP of the business in question.
On a whim, I ran the IP through Shodan.io and it showed that 47808 was open - The BACNet protocol. I had no idea what this protocol was, but I was able to download some odd enterprisey software that had the ability to speak BACnet. I connected to the IP:Port and found a long list of connected things - water levels, temperatures, lights, and more.
I wasn't interested in doing anything questionable with this information. I'm not even certain it allowed me to do anything more than look, but I like to think I could have e.g. turned off lights or adjusted temperatures in the grow rooms. I made the (risky) executive decision to let the hiring manager know that their public IP had an important port open to the world. I wound up getting hired by that business, and the first task I was assigned was to fix the open port.
I'm not sure if that counts as "hacking", but I was proud of finding the vulnerability / misconfiguration nonetheless.
Reminds me of the time I found a “warm introduction” referral, an open invitation to potential network management positions at a company, buried in their BGP/ASN infrastructure information. (It’s been about a decade so I don’t remember exactly what specifics the info was in, but you wouldn’t have found this specific email and opening line without mucking round with their BGP and ASN info.)
I emailed but they weren’t hiring and I was mainly curious if the job would be better than what I had at the time.
Being in Scotland and poor to the point of trying to eat on a few pounds ($5) a week.
I discovered (by watching another customer) that a certain kind of very expensive Scottish smoked salmon was 4 pence more expensive than the price listed on the shelf. The supermarket (Tesco) also has a large sign stating that if the price was wrong on any item, they would both give you the item for free and the money it costs.
I promptly went and loaded up a cart with nothing but smoked salmon.
It took 42 minutes of arguing with different store managers and pointing to the sign, but I managed to eat for free that week and even had enough to pay my electricity bill.
The reason I don’t feel bad is that particular store very, very often charged the customers more than the listed price and no one ever seemed to catch them.
I went in three months later, and the same salmon still rang up at 4p more than it was listed at.
My uncle was in a similar situation: bought a granola bar, price was wrong, free granola bar. He went back a few days later and the price was still wrong. He’s a lawyer, and he sued the store and won (false advertising or something) to get them to fix the price. Pretty awkward because it’s the closest store to his family’s house. His son said it best one day, “dad, are you bored at work?”
"..He went back a few days later and the price was still wrong."
I've occasionally wondered about this, as an entirely new class of crime. One where a motivated regional manager at a modern supermarket chain could get together with someone in the IT infrastructure and decide to tweak a number (a price) in a database, and carefully watch the uncontested sales vs requests for refunds ratio. These 'mistakes' could be happening all across the stores' offerings and no one, including most of the employees, would ever be the wiser.
I've half-suspected that Harbor Freight does this. Doing the analytics could be a good business opportunity. I'm sure once the metadata companies (Amazon, Facebook) meet real retail (not just the high-dollar retail like Whole Foods), there will be interest in this measure of consumer's price awareness.
I like those McDonald's hacks where people exploit flaws in the price calculations to get burgers for free. IIRC in one case they noticed that you could order a hamburger without patty, and it had a slightly negative price. So they ordered twenty hamburgers without patty and one normal hamburger, and got all free of charge.
That's just the right combination of brilliant and bizarre.
It used to (and might still be) the case that at Waitrose multibuy type offers are still honoured on reduced items, and applied by discount - based on the original price - meaning you could/can get a further reduction on yellow labels, or potentially be paid to take them.
was buying beer once for a party, and a crate of 12 pint bottles was ringing up for the price of a single bottle. so I bought 4 crates. we drank well that weekend
One time I accidentally overwrote my hard drive with dd while making an installation thumbdrive. While unfortunate, it was only the first 8GB or so. This nuked the partition table, bootloader, and start of the Windows partition, but fortunately my daily-driver, still-running Linux system partition was unaffected. I kept my cool and figured it was recoverable. I ended up recovering the partition table from RAM and writing it back to the disk and reinstalling a bootloader. Talk about a nervous reboot! I'm just glad the power didn't go out...
Ah, this reminds me of the time a few years ago when I accidentally deleted `sudo`. A lot of stuff broke and it was interesting running around in a system where things would sort of work, but sort of not really.
I learned then that sudo was really just a binary, so I tried to get a copy and put it in the right place. I couldn't, though, because I didn't have write permissions to it without sudo!
In hindsight I guess I could've just run the binary itself to get access, or put it elsewhere on my $PATH, or use `su` instead. Not sure if I tried those things, it was a while ago and I was pretty new to Linux. Maybe I got the file from the internet and didn't know to make it executable.
Anyway, what I ended up doing was booting up from a live Ubuntu USB and copying the sudo from the live environment to my installation on disk. It worked, and my newbie self felt like a proper hacker, fixing the unfixable. For one day I was a heart transplant surgeon :)
This reminds me my old Laptop with Linux installed that had Optical drive broken and no USB boot option, there was also no option to buy new Optical Drive. I was moving directories around to make some space on root directory. I've moved /var/ to /home directory and create symlink and it worked. But then later I wanted to do the same with /usr directory that had all shared libraries in /usr/lib/. In the process of moving files got some error I was not able to use any binary file like cd, ls or ln. Only applications that was running was working.
I was certain that the laptop was dead and I will not able to use it anymore since I will not be able to install new system. So the task was to copy somehow all my important data. Luckily I was using Firefox and I've had FireFTP installed, so I've borrow my mother Windows laptop and installed FTP server and was able to copy my data over WiFi. Later it turns out that you could buy used DVD burner for that laptop, so it was resurrected and after installing Windows XP I've given that laptop to my mother.
Nice solution and good instincts! I bet you’re a pretty advanced user by now. I used to keep an Arch Linux bootable thumb drive around as sort of an insurance policy against things like this. Good reminder for me…
Oh, what fun! Our system administrator decided once to duplicate the boot partition of a server, so we had a spare should the usual one fail. He used dd of course. And the next day, he was off to a USENIX conference. What he had forgotten, though, was that the first partition on the disk actually contained the partition table! (This was on Solaris, or possibly SunOS.) Since the source disk and the target disk had different partition tables, things started falling apart. It did not happen all at once, probably due to caching. But we started getting more and more weird errors. It took me half the day to figure out what had happened. By great luck, I had actually saved a copy of all partition tables just a few days prior. They were in human readable form, but good enough for me to restore the damaged partition table to its original state. A reboot later, all problems were gone.
I had something like this happen once -- a company I was at had these old RAID arrays that we kept limping along while we waited for budget to buy ones from a company that hadn't ceased to exist, and at some point a disk failed in some way that caused the RAID system to lose its internal partition table information (to my recollection... it's been awhile).
I could still access the block devices, but couldn't instantiate the logical volumes, and dumping dd chunks showed that there was data there... so I wrote some code to scan the disk for ext2 magic numbers, and once I found them did some math on paper to find the partition boundaries and very... carefully... recreate them. I have a photo of the piece of paper here: https://www.flickr.com/photos/jedwards/4494268626/
That’s great, I had the same problem but didn’t hack it like you did unfortunately. I overwrote the first 30 GB of my 6 TB HDD and am trying out GetDataBack Pro to get my files back, no luck so far. I had some tens of thousands of photos that I can’t replace.
Oh yeah overwriting the partition table can be "fun". Once wrote the partition table of a floppy to my hard drive. That was when I was still running DOS. Used a disk hex editor (I think it was part of pctools) to change it back to the correct values.
That reminds me of a hack I did. In the fairly early days of Android I realised you could install an app to a device from the Play Store using the website on the PC, and have it auto-run when triggered by an event such as the charger being plugged in. Combined with the API to disable the lock screen (eg when receiving an incoming call so the user can answer) it was a way to remotely disable the lock screen.
I created my first ever Android app in one evening and released it for free. It was the first one of its kind and was quite popular, mainly for parents who let their kids play with their phone and accidently lock it, or for people who wanted access to their loved ones device after they died.
However I received loads of bizarre and abusive support requests from people who demanded I help them, and even call them personally. Eventually I got fed up and started to charge a nominal amount and the support requests suddenly became much more polite and intelligent, filtering out the toxic support requests.
I read a post on HN about how increasing price on something can result in higher sales because people value it more. I decided to increase the price as an experiment, and sure enough the sales went up!
For 3 hours of work one evening creating the app, it made a few £10ks over a few years.
Eventually Google prevented the ability to auto-run newly installed apps due to malware using the same vector, now you have to launch the app manually the first time. While it still worked on older devices I eventually removed it because it failed more than it worked.
Writing a first-gen PSX (Playstation) game, NASCAR Racing, we had an in-house physics engine that needed the physics thread to run on a constant 30 Hz. PSX SDK didn't have pre-emptive multi-tasking. Sony US "checked with Japan" who said we were out of luck.
Then I remembered my old Atari 8-bit programming days and the vertical blank interrupt (which there was on the PSX, but we couldn't run all the physics in the VBI time allotment). What we could do though, was to use setjmp/longjmp to switch contexts between threads and then hack the vertical blank interrupt to save off the registers from the main thread, longjmp back to the physics thread, which would then restore the registers of the main thread and longjmp back to it. Bingo, 29.94Hz pre-emptive two-threading (which was all we needed).
(I don't recall if we actually used setjmp/longjmp or if we just stored away the PC register to return from the interrupt and monkeyed with it to return from the interrupt to the physics thread [as if it was interrupted at the start of a cycle of the engine] and then return from there to code that would restore the registers and make it appear to the main thread that it was returning from a VBI.)
I wrote multithreaded code in C++ before for a different use case. Was the challenge here just getting 30hz or was there something limiting where you couldn’t get that output with just running a dedicated thread? I’m no expert. Teach me :)
We couldn't find another way to get a steady 30Hz. I don't think there was a pthreads implementation for the PSX SDK, but it's been a little over 27 years, so I can't swear to it. I do know we didn't do it without trying a bunch of other more conventional alternatives.
About 10 years ago, I worked for a Toyota supplier. My job as, the only software guy in a house full of hardware people, was to find out every single Toyota and Lexus dealership in America, and then find out what kind of cell phone reception they had (3G, Edge or none) for each of the major carriers (AT&T, T-Mobile and Verizon, IIRC). They imagined this would be done manually so they estimated a few weeks to do the job.
Within 3 days, I wrote a script to locate the dealerships, load each of the carriers' web pages, enter the address/coordinates into their coverage map, then take a screenshot of the results. Each of the carriers, of course, had their own way of displaying the coverage information, but it was mostly a color-coded map (example: green area = 3G, blue area = edge, gray area = no reception). So, I wrote another script to process the screenshots and deduce what kind of reception they had at the dealership (some 3500 in total, if I remember right).
Unfortunately, this feat was met with the proverbial "great, while you're fixing things can you also fix the printer" kind of response, but damn if I wasn't proud to compress a few weeks into 3 days in a clever way, even if I had no one to appreciate it.
By the way, the reason we needed this information is because we were rolling out Lexus RES+ (an early version of the remote engine starter) and they wanted to make sure that every single one of the dealerships could demo the service to potential customers.
This reminds me of the response I got once when working for a government agency. I managed to automate their quality assurance process, reducing a two week manual testing routine down to a five minute test suite. Their response? I got fired for "poor performance". I guess I made too many unproductive government employees fear for their jobs. Lesson learned!
Same thing happened to me working as an administrator in a warehouse.
I basically made all midnight-shift administrators redundant (including myself), as their job could be completely automated as long as someone on the floor could put the tickets into a slot. In the morning, the 'actual' administrator(s) would batch-scan these documents which then got picked up by a script I wrote. It categorized all the tickets and sent out the necessary emails depending on which what where when, saving the result to files to be used in reporting (normally written by hand).
They didn't like this, and refused to use it. I tried to explain that the entire office side of the company was filled with this type of low hanging fruit, but they wouldn't hear it.
Company eventually folded due to lack of solvency. When I asked the CEO why this was considering the large amount of paying customers we had, he stated 'rising employee costs'. The headcount of people working on the ground had stayed the same during this entire process, new hires were exclusively doing admin work.
But did it match reality? I know that I’ve found both Optus and Telstra’s network coverage maps next to useless in both metropolitan Melbourne and regional Victoria, Australia, for as long as I’ve been paying attention, which started in roughly 2015. They claim almost total coverage in a way that is simply not true, especially with cheaper phones’ modems (they often have poor antennae) and modems that lack total frequency band overlap (surprisingly common, even among flagship phones from the domestic market), but even on phones with good modems and support for all frequencies. Telstra only say whether it’s 3G, 4G or 5G, with no indication of likely strength (which is extremely important—near me, they claim 4G coverage, but in practice you’ll get a weak 3G signal outside and probably nothing inside, and I believe it’s served from a tower in the next town over 10km away, but of course no one that lives here uses Telstra, when there’s an Optus tower right in the town), and Optus are only a tad better, splitting it into two strengths, without and with antenna.
I wish they’d tell you where the towers actually were, because then even a layman could do a better job of estimating how usable a signal will be.
Super minor compared to a lot of the stuff here, but when I was a young data scientist I had the job of creating a model to tell our call center sales agents when an ancillary product would be a good fit to upsell to customers, and when not to waste their time. The only problem: integrating it into the sales application was nearly impossible, IT said it was a huge effort, nobody wanted to do it.
So what I did was built a greasemonkey script to watch the DOM as they went through the sales flow and record the values as they were entered. I then built decision tree model of moderate size, exported it to a string, converted that into a big javascript function. Then, if the model said things were looking good, I modified the DOM to insert a little "alert" box on the top of the page. I handled all the state manually in case they navigated away or did things in a funny order. I knew zero JS or web development at the time, so this was SUPER hacky. But it worked! I then manually walked around to sales agent computers and installed the greasemonkey extension/script. I even got IT involved eventually to serve the script from an internal endpoint, allowing for easier updates.
The actual model ended up being just okay, and didn't have a huge impact on actual sales, but the exec team was SUPER impressed with the delivery mechanism. We had a parent company and they loved to brag to their superiors how we had deployed a machine learning model "for zero IT cost". They had me a do a writeup and everything in case someone wanted to copy my revolutionary idea. I'm sure some guy at the HQ took a look at my writeup and got a good laugh out of how incredibly obtuse, insecure, and hacky the whole thing was.
That said, I still think it was a clever solution and even wondered about turning it into some kind of product at one point.
I was looking for an apartment to rent (circa 2010-ish), on Craigslist and Kijiji. Neither had a map feature, and both suffered from a lot of reposts. If a nice place came up, you had to be extremely responsive (like, contact the poster within minutes of the ad going up) to stand any chance against competing renters.
I wrote a pile of scripts that scraped both sites, parsed and cached the data, and displayed it on a map. I was able to set search criteria based on location, and kludged it so that if something good came up, the system would automatically email the landlord if they made the email available, text them if they left a number, and text me a notification with a link.
The scraper eventually got pretty fancy as I expanded the service across multiple cities - it self-throttled and self-scheduled, based on the average frequency of postings on each platform in each city at a given time of day. The repost detector was working pretty well too, it added a layer of data to the results (eg, "this rental was re-listed 12 times in the past two weeks).
Once I found a place I liked, I made the site public and shared it with some friends, and it didn't take long until I was seeing steady daily use. The site even won an award from CIRA.ca!
I wrapped things up when I learned of Craigslist suing Padmapper for scraping their data. I wasn't monetizing, it was a cool project, but it felt like it was done.
Thanks! I found at least one place using padmapper back in the day that worked out really well! In 2022 craigslist still sucks at removing duped postings for apartments, cars, etc.
I discovered that I could use VBA from Word to shell out to cmd bypassing all of the security. This opened a world of possibilities...
This being the era of AOL punters I created a neat VBA utility in a Word doc to that used netsend to spam other computers in the school. Shared the file widely.
Then I used the technique to explore the network... eventually was able to use net use to connect to a remote drive in the school administrator's office where I found a text file of every student birthday, home address, and SSN... which I then could use to sign into anyone's account (password was derivative of name and SSN).
Culminated with pwning a school rival by putting all his files in a password protected zip on the desktop and dropping a batch file in his startup folder that printed a text file with the password to the printer when he logged in.
Reminds me of high school. We also had locked down computers, but one day I noticed that one of the programs on the system had a directory structure of hundreds, if not thousands, of executable plugins that needed run-access for the program to execute properly.
My hypothesis was that the IT guys were lazy and just unblocked anything in that directory. Even if a networked computer didn't have this program on it, you could just recreate the directory structure and drop any portable executable there and run it. Pretty soon we were all playing brood war in every free period.
School PC "hacking" and bypassing locking was a great past-time.
One of the schools I went to had a computer lab in the Library, ran on Windows NT 4. I found so many work-arounds to their security controls that they ended up making me an admin and told me to fix them all. That was my intro into group policies and domain management.
Another student made a credential-phishing program - it was a full-screen VB6 app that looked like the normal NT4 login. They'd log in, launch the credential-phishing app, and then walk away. It wrote the stolen creds to their 'home' drive and then logged out after showing some fake "There was a problem with your password, try again" message.
Many years later, but still on NT4/Windows 2000, at technical school we found that the campus-wide internet was run through a single Windows-based proxy, with rules on the router to prevent traffic to the internet except from that proxy.
They also did various content-filtering things, allowing only certain white-listed sites.
At that time Windows's networking was iffy - and if it detected that another computer was using the same IP, it'd disconnect itself from the network.
Our class had a computer lab with removable 3.5" drives and we were learning about setting up networks. Well, install a Linux distro, install squid with rules to allow all traffic. Then once it was working, change your machine's IP to that of the proxy. Now the entire campus's internet traffic was going via your lab machine, and you had free access to the internet. We just kept a 'proxy' disk around and put it in anytime we needed something that wasn't whitelisted. I don't know if the network admins either didn't care, or didn't know because it wasn't fixed for a few years.
I had something similar. They installed Windows 95, but the DOS files Windows 3.1 files were still there too. I was able to open Solitaire, QBASIC, and other programs, including the Windows 3.1 registry editor, which can display and edit parts of the Windows 95 registry but not all of them. (The Windows 95 registry editor did not load, due to the policies)
Using VBA in Microsoft Word, I also had figured out, too.
Once the teacher wanted took the students to the computer lab to make greeting cards, but the program to do so was no longer in the menu; fortunately I knew where it was and was able to describe (using VBA in Microsoft Word) so that everyone in the class could load the program.
Later, they removed many restrictions but all files were reset when rebooting, so any program could be accessed without damaging it.
Something less prohibited was defining a password for print jobs to avoid getting them mixed up with everyone else's.
After reading an inspiring story in the mid 90s about someone that collected rejection letters for jobs they weren't qualified for (CEO of a national rail carrier etc), I turned to a life built on a similar idea. I applied for jobs I thought I could do, using mostly made-up resume information. If I was scheduled for an interview I would study like mad every waking hour until the interview. My career was absurdly successful by any measure and I retired rich 30 years early.
The resume is the dumbest blocker in our society. If you can do the job, just write that on your resume along with whatever else you think they want to see.
A bit younger here, but back in elementary school we got chromebooks when chromebooks were barely becoming a thing (replacing the rack of netbooks that was normally wheeled into our classroom).
Two things I did that were very fun:
1. School blocked a lot of popular flash game websites. My friends and I downloaded a bunch of flash games and threw together a website that we hosted on our chromebooks using '200 OK - Webserver for Chrome' or something. It was just a bunch of janky HTML and CSS, but we got it working. The school didn't block it because it was on the local network. We handed out slips of paper to our friends with the local IP address of my laptop. At one point someone made a Google Site with a link to the local address. It was a hack, but playing RUN 2 on your chromebook during social studies in 5th grade... man, those were the days.
2. Around that time one of my friends stumbled across crouton, a way to run Linux on a chromebook in parallel with ChromeOS. After a lot of trial and error (didn't know what bash was at the time), we were able to get Ubuntu installed. I remember downloading Blender and trying to do a fluid sim, which was super slow. I was able to render the first 20 frames of a domino and fluid animation using Cycles, which frames I still have sitting on my hard-drive somewhere to this day.
Some of my first hacks, older me is surprised how much younger me was able to get done given how much younger me didn't know.
A lot of older techies bemoan the fact that phones and appliance-like computers lock everything down and obscure the inner workings, claiming it will stop kids from learning to hack. I think this is a great counterpoint... some kids are going to find ways around things no matter what!
When Web Sockets were still not finalized, I was writing a C# program using them but there wasn't a functional library available. There was however a nice open-source Java implementation. I copied it into Visual Studio, changed all the file extensions, and spent half an hour hitting build then fixing syntax and import red squigglies. It eventually built successfully and happily sent data to a NodeJS front end for years.
Cool. I did something similar with an old C program from the 80s by Peter Langston called Riffology, which was the algorithm used to generate the procedural music in Ballblazer.
I pasted the C files into Eclipse, deleted some `register` keywords, made a bunch of tweaks, and it ran fine as Java.
Not that hacky or mind-boggling, but does involve a hex editor and lots of money...
I added support for the '\ ' PostScript escaped space sequence to a custom, high-performance PDF parser.
A former employer used this to derive key figures from financial statements. Any change to the parser had to be Pareto-optimal: so if you modified the parser, it should not fail to parse any key figure that was previously possible to parse. Adding this improved reading word-wrapped text in hundreds of cases and key figures in dozens; I recall that my bosses thought it must be a mistake, and that I had to convince them by finding the right section in some Adobe PDF spec.
I wasn't an expert at the PDF format. But stumbling on a number split in two by apparently nothing, and digging up a 0x5C 0x20 '\ ' with a hex editor, I seemed to recall that PDF was built on top of PostScript, and that TeX / LaTeX syntax was somehow related to PostScript. So it struck me that what was a literal backslash in the PDF must just be an escape sequence.
Oh, your comment reminded me of one of my proudest moments as a high school student!
Norton Utilities was a must for any MS-DOS user, and so, poor students pirated it when they could. The problem was once installed, it asked for a password, and subsequent runs would demand it. My friend got ahold of a diskette with a complete but password-locked copy, and while he knew the password, he found it annoying and wanted to bypass it.
By trial and error, we found a location where the binary stored the password, but it was encrypted. Studying the "encryption", it turned out it was an XOR of the password padded with spaces until I think 20 characters, so you could change that location to XORed spaces to enter the password with a single Enter, or change it to zeros so it behaved like a new install.
I don't know what my friend did with his copy, I just remember the high of beating the copy protection of the legendary Peter Norton.
I often create screen recordings for my classes, but it's very boring and time consuming. I'm a perfectionist, and if I mistype a command I prefer to re-record everything. Moreover, every time one of the tools used in the videos gets a significant update, I feel compelled to redo the video.
I have started using xdotool [1] to create bash scripts that send mouse clicks and keystrokes to apps. Interleaving calls to xdotool with the "sleep" command [2] produce a convincing effect. If I need to redo a video to fix typos or after a program update, I just fix the bash script and restart the recording.
Alas, the only thing that is missing in my videos is the sound of keyboard clicks… But nothing is perfect!
We used something similar in 2008 at CeBIT (which was the biggest IT trade show in Germany at the time). A publishing house for IT magazines set up a side area for minibooths and gave them out to a dozen open-source projects. I was there with a bunch others to represent KDE. We only had a few posters and stickers, nothing fancy, so we had to make our booth flashy somehow. My friend quickly hacked together something with a similar input simulation tool that opened applications from the start menu, flipped through directories in Dolphin, and such, and set it up to run in a loop. It sure did help us catch people's attention.
> I have started using xdotool [1] to create bash scripts that send mouse clicks and keystrokes to apps. Interleaving calls to xdotool with the "sleep" command [2] produce a convincing effect.
If adding mouse/keyboard sounds the main challenge is the variability in sounds, for instance how hard keys are pressed. Also, repetetive sounds, or sounds that are mis-timed to the corresponding action, are worse than no sound at all.
For those who weren't or haven't, it was a geofenced, anonymous message board app targeted to college students that became fairly popular over the first two years of its existence before gradually fading into obscurity and finally being shut down in 2017 (but as of 2021 was rebooted with pseudonymous accounts, IIRC). Users could see any messages within a certain radius (0.5 miles or so, I think) and messages could be upvoted and downvoted, and were sorted by their vote score. Messages with a score of -5 disappeared forever, and I think also eventually aged out.
Being a chaotic sophomore with some Android experience, I decided it would be fun to decompile the app and see how it worked. I discovered that each device was assigned an ID based on a timestamp, IMEI, and a few other pieces of information that could be easily spoofed, by calling a fixed HTTP endpoint to generate as many new IDs as I liked.
I generated ~500 or so IDs using some Java code, hardcoded them into a .class file, and added some hooks to intercept existing calls to set up the Android UI and add my own event listeners. From there I added a button to the app's menu bar with a radiation hazard icon that would use the generated IDs to nuke every message in range of the user, downvoting them all to -5 and causing them all to disappear instantly. I also added the ability to long-press the upvote and downvote buttons, which would bring up a dialog with a slider allowing the user to upvote or downvote any post up to 500 times, sending it to the top of the list (or downvoting it to oblivion). Finally, I rebuilt the app with my added .class file patch.
Needless to say, this was a source of great fun and mischief for my friends and I. The most entertaining event was attending a hackathon at our (much larger) rival university's campus, where we nuked every local post a few times a day for 72 hours and voted our own posts up 500 times.
It was fun to mess with for a few months or so. We never distributed the patched app, for obvious reasons, and we never used it for anything truly malicious beyond being a mild local nuisance denial-of-service.
In the early 90s, when ECUs were just becoming a thing, my colleague, who was a weekend rally driver, plonked one on my desk and asked if I could figure out how it worked and, if possible, to tune engine parameters for maximum performance.
I identified the microprocessor as a 6502, based on board topology, even though all IC markings were removed. At the time (before the internet), I could not find a 6502 disassembler, so I wrote my own. I successfully decompiled the code, figured out how it worked and found the parameter "maps" stored in ROM.
Loaded these into Matlab and wrote scripts to allow my colleague to tune the maps and write them back to EEPROM.
It was a couple of weekends' work for me, and I never thought about monetizing the knowledge. Several years later, I met another colleague who did the same for the Mazda RX7 ECU, and made a tidy side income selling "performance ROMs". C'est la vie.
A few years ago, the company I work at switched to using Alpine-based docker images for most containerized things. One side effect was that our Ansible playbooks (running from inside one of these containers) would fail with inconsistent network timeouts when targeting a couple thousand servers. It turned out that the issue wasn't with the network nor with Ansible. The way that Ansible invoked some library functions for keeping track of SSH connections caused it to create a bunch of POSIX semaphores via sem_open().
glibc had a dynamically allocated data structure to keep track of semaphores, but musl libc only had a fixed-size 256 element array. When the semaphore limit was exhausted, Ansible would fail to keep track of the connections, resulting in a network timeout error message. I fixed the problem by forking musl's semaphore functions, making the array resizable, and loading the implementation with LD_PRELOAD: https://github.com/chenxiaolong/musl-sem-ext. Worked perfectly for 6 years until we decommed our data center :)
When requesting pizza delivery from the Domino's site I captured and modified the http request to delete the `crust_type` field. Turns out most of the price was calculated from that so I was getting incredibly cheap pizzas for a while until they found out and invalidated requests without crust selection.
Classic crust IIRC. The best thing is that even the paper receipt was lacking the crust selection, so it looks to me that every system in the pipeline looked at that `null` value, sighted, and passed it along to the next system, until it reached the cooking area where they will blame the IT guys and slap in the "default" crust. Also I waited for the day that I will receive a plastic cup with just salsa and floating ingredients, but sadly it never happened.
My proudest hack and the hack I'm most known for both happened at the same company.
My proudest (and also maybe least proud at the same time) was writing a BASH script that was able to successfully replicate a complex server environment that had been previously built by contractors for an essential service that we needed to re-deploy, both for growing regions, but also to resolve a possible security issue due to how the contractors had deployed it. I had to basically reverse engineer every aspect of the service, built a deployment backend that I triggered, and did all of it in a fully-automated way that would break in known manners if it failed. That script went on to be used to deploy the entire service globally to ~12 regions on hundreds of servers.
The thing I'm most known for in that company was when I was working night-shift support and a customer called in with a server that had one of the drives fail on a Windows box, and apparently had decided it was worth saving $1/mo to not have backups. Because it was night-shift and nothing else crazy was going on, I decided to delve deep and I managed to get things back up by rebuilding their partition table by hand in a hex editor and avoiding some specific bad blocks so we could copy the data to a second drive DCOPS temporarily installed in the server, then we reinstalled the box and I migrated all their data back and brought their website back up. It took me around 9 hours, and at the end of it, the customer called in to complain about how long their site had been down, gave me the whole spiel. I had ended up staying late, so handed things off to the most senior person on the next shift that had a chance of understanding what I had done, and when I got done transferring the call I walked up two floors to talk to them directly to warm handoff and could hear the customer screaming through their headset from 3 cubes away. I became a legend for doing the most thankless task anyone had ever done for a customer in support.
I basically have done the same thing on both occasions except the first one I have oddly done multiple times. One of the occasions still felt like I wasted all of my time and effort too because it was for a custom HPC environment(I was performing a major OS upgrade that also involved getting a lot programs to work on a 64 bit OS when they were originally written for a 16 or 32 bit OS) that was trashed within two months after the environment was fully up and running. The client not only bought new hardware(after repetitively telling me they wouldn't have a budget to do that for a couple of years) but also pulled a 180 on the decision that certain Opensource tools could be used within the environment after a code review and approval process was completed.
Did you try to recover the corrupted windows partition table first using either Testdisk by CGSecurity or Hiren's BootCD? If it was on a UNIX or Linux file system that sort of thing can be recovered a lot easier thanks to alternate superblocks and the ability to basically copy the partition sectors from another disk that is the same size with the same partitioning thanks to the dd command.
Not my hack, but a team effort.
Many years ago, I worked for a premium car manufacturer.
We wanted to present a new product idea to convince visitors from HQ that we had a project worth funding: The core idea was that the car could be opened not only with the normal car key but also by other means, for example from a smartwatch.
Usually we would simply have modified/rewired a car so that a bluetooth connection to open it would work (for the demo only, of course).
However, the keyless entry was designed to be so secure that it would have taken us far too long, even with our insider knowledge.
My team leader had the brilliant idea of simply printing a 3d housing in which the original car key and an arduino-controlled servo could be installed, so that the arduino could press the key.
We placed this device close to the car and remotely controlled the arduino.
The demo worked perfectly and everyone was happy (afaik the project was not funded though).
Was reminded the other day about the time I arrived early at the night shift to learn a particular manual "scheduling" technique (how to match single size and double size packages to hundreds of deliverables, and I think there was some options too).
I saw the excel file, asked for 5 minutes, came back after 15 and had solved the problem to such a degree that it went from wasting two hours for two teamleaders on every night we did this job to being almost trivial for one to do in 5 minutes.
And the solution was trivial. Like really trivial. But no one had thought of it before : )
Second best probably when I saved a messed up server in US (an person on site hadn't noticed the . in rm -rf ./bin and had proceeded to use sudo without thinking, as every Linux user does when they go through that dangerous phase).
I realized I still had one ssh connection to the server, realized either scp or rsync or something was in sbin (or somewhere else) and we could use it to copy the necessary binaries to get it back on track.
This easily saved us a 3 days (RHEL with Oracle 11g something easily took days to get right and it also was a massive pain to do).
First, you might have overestimated the complexity of it. I tried to describe it as uncomplicated as possible without giving up the exact details of what it was, but I admit I might have failed at it. It was utterly trivial.
Basically we produced single packs and two-packs of a product and customers would order 1-n of them, sometimes with customizations.
The trivial but immensely tedious job was to make production and packing lists that took this into account.
I.e. with these orders:
Customer 1: 5 packs
Customer 2: 3 packs
That would end up like
Customer 1: 2x2-packs + 1 single pack
Customer 2: 1x2pack + 1 single pack modification x
Total:
5 2-packs
+ 1 single pack
+ 1 single pack modification x
Of course a real production run would have hundreds of these.
What I did once I got hold of the list was just to integer division (or what it is called) by 2 on each row to get the number of double packs in one column, something like (original number - 2x doublePacks) to get a 1 or 0 for single pack and then make a sum at the bottom for all columns.
I might have made som checksums too.
As for modifications I cannot remember anymore, I might have added some color or something, but once the immensely tedious first part was done it wasn't much of a problem IIRC.
One that's fun from a historical point of view was my hack for fixing palette flash. Back in the early 90s PC graphics cards typically had a "palette" of 256 colors at one time, selected from a possible 256K colors.
In theory this gave you a lot of options, but in practice, switching palettes tended to cause "palette flash" where the previous image changed color in a distracting flash.
I was doing a multimedia project that had video in it, and each CODEC had its own built in palette -- one for Cinepak, one for Indeo, etc. Then there were other palettes for the images. If you wanted to display video in a window on a page that had other graphics, you could determine the palette of the CODEC (with some effort) and then use that to dither your graphics. Theoretically they should play nice together, and it worked on some cards, but you'd still get palette flash on other mainstream graphics cards.
I tried every trick I could think of but could not eliminate the flash on every single card until I came up with this hack:
Make a video consisting of a single frame with a 1x1 black pixel, compressed in the desired CODEC, display a black screen for a moment, play that video (which was as fast as could be because it was so tiny) over the screen, then load your image and real video.
The black screen couldn't flash, and when the next screen and video (the real one we wanted to play) came up, the palette was already set correctly. And it worked on every video card.
Oh, this reminds me of something I once did, but sort of backwards. I was working on a little hobby space game, and there was a star field. I wanted a hyperspace warp effect, like in Star Wars, so I coded something up. But there was a problem. The "stars" in the hyperspace effect were different than the "stars" in the star field. So when you engaged hyperspace, it looked like all the stars kind of "jumped", changing positions immediately before the hyperspace effect began. I "fixed" this by inserting a single frame of all white to flash the screen, and this somehow prevented people from noticing that the stars jumped.
In the early 1990s, I was part of a group of high school students who wanted to enter the Finnish demo scene. I was responsible for coding most of our demos in 386 assembler. One of the things I wrote was a player for MOD, ST3, and S3M music files, which were similar to MIDI but included WAV samples. The player ran in the background on a hardware interrupt, while other code ran on the foreground to display something on the screen. For most sound cards, the player had to mix the samples in real-time and output a byte to an I/O port at a rate of 22 kHz, for example.
To enter a demo competition, one of the criteria was support for Sound Blaster sound cards. The problem was that we didn't have one and didn't want to buy one because we had already spent all our money on Gravis Ultrasound cards. Fortunately, a member of our group was able to borrow a Sound Blaster for a day. We had to figure out how to add support for it, but we had no documentation and there was no internet to speak of yet.
I figured that it must be possible to add support by sending I/O to the card. We put the card in my computer and started a third-party MOD player that had Sound Blaster support. I traced the execution in a debugger, instruction by instruction, while my friend took notes on all the I/O instructions. After some thought, it became clear that the program was scanning for a Sound Blaster and, if I recall correctly, configuring the card to DMA a particular byte in memory as the sound card output.
I added some hardcoded "OUT" instructions to my player and it worked instantly; my real-time mixer output was played through the Sound Blaster! There was a lot of cleaning up the code to be done, but we were able to add support for the Sound Blaster in just one day.
I once wrote a keygen for AI War, an indie RTS game by Arcen Games. The game was written in C#, so I decompiled it and found the function that checked the keys. It used some kind of PRNG, maybe a Mersenne twister, but customized a bit. Rather than reverse engineer the whole thing, I loaded the "buildKeyFromPrefix" function right out of the exe (like it was a DLL), then built a WinForms wrapper that would show a valid key for each of the expansions. It used a predictable incrementing integer ID for each expansion, so I even included a few future ones.
I never shared this beyond my personal friend group. We went on to play (cumulatively) probably two thousand hours of AI War using this crack. Once I got out of college and got some income, I bought 4 copies to make up for it. Sorry Arcen!
Around 1993 I had my tonsils out, which involved general anesthesia. Back then they administered a prep drug that put the patient in a weird dissociated awake state that I would describe as not realizing you're awake. This being my third time through the process (knee surgery, wisdom teeth, now tonsils), I tried really hard to maintain self awareness.
We'll, it sorta worked. In this state I somehow recognized that the device placed on my fingertip must be a blood sensor of some sort, and that squeezing my finger might mess with the readings. I made it through two rounds of setting off alarms before the nurses caught me. I was immensely pleased with myself!
I reverse engineered a part of the firmware on the (then new) Vortex 150 racing quadcopter. There were 3 different SKUs as i recall, i had the EU version with 25mW VTX transmitter limit. The hardware was capable of much more and the US version had ~200mW i think.
There was a wand thing with an NFC writer some people could buy that could temporarily ignore the region check and put it in “race mode” which allowed any power level to be set. However those were restricted sales, the consumer version of the wand didn’t have the race director mode. Eventually i ended up with one of the race director wands too but not before i tried to hack the quad.
Anyway, i dumped the firmware. Figured out what the CPU was. Disassembled the firmware blob. I traced where the region check was performed then overwrote the instructions with noop’s. Assembled, flashed and then promptly flew it into a tree at 50mph.
It survived just fine. I still have it to this day, just with upgraded motors.
I've worked on a single-machine computer vision system which used RabbitMQ to send messages around, including JPEG frames which were rather heavy, in contrast to other messages.
After we hit a certain number of frames/second, RabbitMQ became a bottleneck. My solution was to write the JPEG frame in the shared memory, then pass around shared memory ID, offset and frame length, instead of the whole frame. Only services that actually needed the frame would read it, others would just pass around a small JSON object. After that was implemented, the bottleneck disappeared.
I don't know if this qualifies as a "hack", but it certainly felt that way in the moment.
What's really awesome about this is I think you independently discovered a huge trick in performance optimization. "Zero copy" solutions for eliminating the overhead of moving frames around are very popular - if you look up that term you'll see it pop up everywhere. Companies/teams of engineers spend months coming up with this solution and its a reliable way to reduce overhead of moving data around. It works across all layers and in fact entire hardware architectures are designed to allow for this kind of stuff. Kudos :)
Most USB cameras send JPEG frames because USB 2.0 isn't nearly enough to support raw frames: 60 frames/second * 1920*1080 pixels/frame * 4 bytes/pixel = ~475MiB/s, while maximum USB 2.0 bandwidth is ~60MiB/s. You also don't want to store raw frames on the cloud storage, your bill would skyrocket. Those are some of the reasons for using JPEG.
If you're using dockerized services (which are a must for NVidia-based CV, since their CV libraries are a dependency hell), you must use some kind of networking solution to communicate. RabbitMQ might be considered overkill, but it does the job and is robust.
It's not nice to talk that way about others' work, especially when your comment insults, but doesn't provide any insight whatsoever.
> If you're using dockerized services (which are a must for NVidia-based CV, since their CV libraries are a dependency hell), you must use some kind of networking solution to communicate.
Eithen the two processes can share memory, in which case they don't need to communicate via network, much less RabbitMQ, or they can't, in which case the hack wouldn't have worked at all.
I suppose what I meant to say is you need to communicate between processes somehow. Shared memory is fast, but it's hard to communicate with it exclusively - message-based protocols are better suited for that, and most of them are implemented over TCP.
A lot of standard protocols can run over a unix domain socket, if you're not at the level of implementing a shared memory communication protocol but want to cut some overhead for more or less free.
Yea you're right of course, I was being glib. Glad it worked out in the end for you. For the record I don't think RabbitMQ was overkill, I think it's just way too much overhead to work for something like sending frames of video (which I think is the moral of your story). Anyway I'm guessing this was for a school project and you won't have to live with it so it's moot.
It was actually a production system we built on my first job. It wasn't just sending frames from A to B, it did have a few moving parts. It eventually got stable and stopped changing, so in a way, I don't have to live with it. But it's up and running and does its job.
I was 16 or 17 and had a guest account on the local universities Ultrix server. I discovered that all of /dev/tty* was world-readable UNTIL someone had successfully signed in.
So a “cat /dev/tty* > passwords.txt” and waiting an hour collected the credentials of everyone logging in to the server.
At some point, I had logged into the account of one of the sysadmins who msgd me and let me know he’d changed his password and this would be my last time on his account. (If he only knew.). He offered me my own account if I told him who I was, and he might have meant it, but I didn’t bite. About a month later, a patch fixed the issue and that was that.
should be /dev/sda instead. End up erasing my external hard drive with all my photos, instead of creating a bootable pendrive.
recovered all the images using Foremost [1], fresh out of image processing and machine learning class, end up writing a image clustering "software" [2] that help me separate the useful images from worthless thumbnails and images that chrome have cached.
This is so completely random, and not really code related, but it was huge at the time (circa 1990). I was compiling large bibliographies of research documents for NSF that eventually had to be read into Word Perfect 5.1 for DOS for printing. We had written a very complex system of WP macros to search for tags that we programmatically put in the file, but they took forever to run and would often crash. My colleague and I found that we could only use search/replace to send begin/end pairs of tags for any formatting code (e.g. bold, italics). However, if we replaced the closing tags first, then the opening one, WP would notice that there were pairs of empty tags and get rid of the extra closing tag so that the underlying text would be formatted properly.
We were doing this everyday, so it cut the processing time from many hours to seconds. We swore each other to secrecy about this development and marched off to Dunkin’ Donuts with our giant ice coffee belt-loop holsters to celebrate.
I mix [heavy cream powder] and powdered milk in equal portions to make half-and-half that I can keep at my desk without refrigeration. I keep it in [baby formula dispenser]s so I can shake it up for homogeneity and dispense it without digging in with a spoon.
I mix 5 parts of Walmart great value brand whitener, 1 partnestle choco powder, 3 parts granulated fine sugar (table sugar), 2 parts instant coffee (thumb pressed through a metal tea sieve to break all clumps). Part measurement is a scoop cradle. This gives me exact mixture as Nestle 3-in-1 coffee mix.
I spilled water on my favorite keyboard and broke it, then let it dry and fixed it by using a pencil to trace over the damaged circuits. It worked fine again after that!
(Graphite in pencil lead is a weak conductor, enough to make the keyboard circuit work)
ep0: 3c509 in test mode. Erase pencil mark! This means that someone has
scribbled with pencil in the test area on the card. Erase the pencil
mark and reboot. (This is not a joke).
Pretty much -- IIRC connecting the pad bypasses the internal EEPROM and loads a default configuration, and from there you can read/write the EEPROM as well.
It is the user’s responsibility (with help from the configuration program) to avoid configuring the boot PROM on the adapter in such a way that the system is not able to boot. If this does occur, you can manually jump the Test Via using a #2 pencil. The Test Via forces the adapter into test mode, which disables the boot PROM so that the adapter configuration program can be run. You must cover the designated area thoroughly with the pencil mark.
Test mode forces the adapter not to perform the Automatic Initialization sequence, which means the EEPROM is not read and the adapter is left in the following configuration:
■ Address Configuration register = 0000h
■ Resource Configuration register = 0000h
■ Product ID register = 0000h
Test mode also shortens the ID sequence to 8 bytes (first is still FFh and last is 69h) and forces it to the active state (that is, the adapter is active and will respond to I/O cycles at base address 0200h even without going through the ID sequence).
After you are done, thoroughly erase the pencil mark.
I was working at Compaq in 1998 or so, and they had this thing called "SmartStart", which was a CD-ROM with drivers for Windows, SCO OpenServer, SCO Unixware, Netware, etc. Especially important were the storage drivers, because they had to be injected into the OS install to allow the OS to be installed on Compaq's newest RAID controllers, which the OS didn't have drivers for. There was a build process for all the SCO OpenServer and SCO Unixware drivers that was done once a week, through a checklist of manual steps. This was a process that took a few hours. Among the steps for this process was creating floppy disc images, and Openserver didn't have a loopback device, so we just left a floppy in the drive to write out images to physical media and read them back in via dd. Some step in the process seemed to want an actual floppy device. This was problematic because the floppy discs would fail from time to time and they were terribly slow.
I was kind of wanting to move from the SmartStart team to the storage driver team, but I didn't really know too much about drivers, so I started digging into how to write drivers for SCO OpenServer, and made a little driver where you could write 256 bytes into it, it would store this in memory, and then you could read them back out. Suddenly, an idea occurred to me... what if instead of 256 bytes, I made the buffer 1.44M bytes, the size of a floppy? I'd have a RAM disk that I could use in the build process instead of physical floppies. (The native RAM disk wouldn't work for reasons I now forget). So I tried it. It failed, on some ioctl call. I coded up some dummy code for this ioctl in my driver, and... it worked. And it was way faster than the actual floppy drive (obviously). So I ended up completely automating the build process, eliminating the error prone and slow floppy drive, and having now written a driver, I ended up getting off the SmartStart team and onto the storage driver team, which was way better.
My favorite hacks mostly came from when I worked in a robotics+computer vision research lab, ~13 years ago.
If you've never worked with stereo vision systems, they have multiple cameras as input. The algorithms need to know the exact position of each camera. These calibrations are extremely sensitive - if the camera moves even a teensy bit, the algorithms start to fail because the image features aren't where they expect. Anytime we had a bad calibration, we needed to rerun calibration. This was a process where we waved a checkerboard in front of the cameras at tons of different angles, and software would process all the images and deduce the pose of each camera. It typically took at least an hour, and sometimes it'd fail and you'd need to redo it. Typically we'd need to recalibrate systems every few weeks, no matter how hard we tried to make the whole rig rigid.
Anyways, one day I accidentally drove the robot's sensor head into a table right before a demo with the people funding the project. The program started spitting out "BAD CALIBRATION" warnings. This would basically mean we'd need to cancel or postpone the demo to recalibrate, which would look really bad since they traveled all the way to our office only to be told "never mind!"
As a last-ditch effort. I grabbed the cameras and started wiggling them back and forth, and managed to force them into an orientation where the calibration worked. The demo went off perfectly. I later told the researchers about it and they hated it. "You should just always do calibration," etc.
My favorite hack that I've seen someone else do was at Google, where some specific project had a weird test that checked some ratio like "lines of tests to lines of code." Someone checked in a test with the comment "If you're not cheating you're not trying", and it just had the same assertion over and over for hundreds of lines to satisfy the metric. I never looked into why the person couldn't just disable the test, but I like the simplicity of the solution.
But that is a calibration. In fact it's exactly how you'd do an automatic calibration of a system like this: mount cameras on robotic arms or some other multi-axis system, then move them around with a feedback loop until cameras produce the wanted image.
So I once made a script with python and selenium to make fake petitions to bring back Wendy's spicy chicken nuggets. It stopped around 9,000 when the script crashed after awhile... I think they did bring it back though so I feel like I was responsible.
I built/launched an entire transactional site: signup/login/purchase membership while walking the Camino de Santiago in Spain, in 2017, for a small event (swing dance event).
Was supposed to spend the two months prior to going there working on it, but because of delays in planning etc. I didn't really get started until the week right before, which meant I had to haul my old MBP 2015 on the walk. So basically, I trekked something like 18-20 miles a day lugging that thing (and the charger), then spending mornings/evenings in the little hostels (more like barracks) writing code (most had wifi, thankfully), then the next 4-6 hours thinking through how to design/build every little piece, then find a cafe with wifi to implement some of that in 2 hours, then walk another 4-ish hours. Then write more code.
Surprisingly, there were almost no bugs at all, since I'd have to iron out every single thing during the walk (what else are you going to do walking through middle-of-nowhere Spain, which is all farm land, anyway?).
In the end everything worked! Paypal integration worked! Hundreds of people signed up and bought membership on the system! Oh, and this was my first project of this sort, and I was the solo designer/developer on it. I also had to design our logo, branding, and T-shirt as well.
A few years ago I started taking up running regularly but I didn't have a buddy that I could run with so I decided to adopt a dog. Unfortunately the shelters were relatively far away from my home making it inconvenient to go in and check continuously on the weekends. I later realized that nearly all of them connected to a central city database which contained all of the dogs in the nearby shelters and furthermore that that database was behind a publicly available rest endpoint.
I whipped up a program that periodically every 10 minutes would query the database filtering for dogs matching the qualifications I was looking for using a combination of regex to search for any dogs that were:
- Between 50 and 100 lbs
- Did not have a history of behavioral problems
- Matched a list of active breeds
When it found a potential match it would send an SMS via Twilio to my phone with a picture of the dog, a link to the shelter, and a picture.
Several years later my huskee / Pyrenees hybrid is the best running partner I could ever have asked for. That's my proudest hack and I think she would agree with me.
I must have been about 12 years old. I wanted to rent a movie on DirectTV.
To rent a movie, a phone line had to be connected to the receiver box. The box would dial out to DirectTV and send over the information that "jrib purchased movie X".
I learned that I could connect two phones directly with a 9V battery and the right resistor in the middle. So I connected a phone line on one end to the DirectTV receiver and on the other end to random phone.
The receiver waited for a dial tone, so then I played a dial tone sound on repeat on my computer into the phone's microphone.
It worked and I got to see the movie!
I felt really guilty though so I told my parents a few days later and we let the satellite box connect to a real phone line to pay for the movie :)
Years ago I worked in the VAX/VMS development group at Sybase where SQLServer originated. SQLServer was basically an SQL interpreter consisting of several layers of loops. The innermost loop was written in assembler for speed.
I was able to remove one (1) machine language instruction from that innermost loop. I no longer recall if this resulted in a measurable difference but I've always been proud of this.
Happy to read VAX/VMS here :-) - my first project as a college fresher was migrating critical data from VAX/VMS ISAM files (written using Fortran code) to Digital Unix. The days when these two machine's did not talk to each other. Learnt dd, tape drive record limiter issues, all data was floating point so issues with binary compatibility etc.
One of the best accomplishments in my career.
Very carefully scheduling NMI and IRQ updates to achieve a virtual sound channel on an old NES, resulting in a sawtooth bassline with volume control. This steals about 13% of the CPU time. The biggest hack in the arrangement is the scheduling of OAM DMA to sneakily just barely fit between timed audio updates, since it pauses the CPU and would otherwise cause an audible glitch. Among other things, if NMI notices that it interrupted IRQ, it apologizes profusely and exits immediately, which is a rather unusual workaround on 6502 systems.
I've open sourced the technique with a more detailed writeup [1] and I like to think the game I created with it is pretty fun, [2] but of course that's subjective. You can try it in your browser here. [3]
Cool. Kind of unrelated, but is there anything stopping someone from just generating a sawtooth DPCM sample at runtime and using the channel as normal without having to use crazy timing stuff?
Yes, it comes down to how the DPCM channel encodes sound data. A sawtooth gets most it's energy and harmonics from the sudden jump at one end. This impulse is impossible to encode in 1-bit delta encoding, the closest you can get is a slightly steeper slope. The audible effect is similar to a low pass, with the strength dependent on the intended amplitude, so instead of a nice sharp saw, you get a muddy not quite triangle.
A few commercial games did use the DPCM channel melodically, but the main drawback is the large size of the samples relative to the commonly available ROM chips of the era. Price is a big factor when you need to put one chip in every game. Here's how that sounded in practice:
Further problems! The DPCM channel can only address memory from the region 0xC000 - 0xFFFF, due to how its "address" byte is interpreted. Most cartridges cannot place RAM in this memory region, so you're stuck baking the samples into ROM space. Many cartridges cannot even bank switch this region, so the samples additionally cut into your "fixed" ROM that is usually precious space for interrupt service routines and common framework code.
Ah very interesting, thanks for the explanation! I'll definitely check out your lib if I ever get around to writing a homebrew NES game, I love quirky audio tricks :)
Debugging mysterious recurring hangs in a storage appliance. The nodes were connected via Infiniband, so there were two parts to the hack. The first was to write a program which would find all of the kernel memory areas and register them with the Infiniband controller. The second was to slurp up all of the memory on a hung node via Infiniband from one of its peers, and convert that into dump format so we could use gdb on it. After collecting a couple of dozen such dumps and poring over them for a couple of days, I was finally able to debug one of our most intractable problems.
That led to a second, though lesser, hack. The problem turned out to be code that was allocating way too much memory. (Userland programmers working in the kernel, ugh.) This would sometimes cause the stack pointer for one task to jump all the way over its task structure into the stack of the previous task, which would make that stack very confusing. That's why it took two days to figure out, even with dumps in hand. (Also, putting the stack right next to the task structure was a stupid decision on Linux's part.) To find the dozens of places where this was happening, I wrote a tool to disassemble all of our kernel code and look for the part of the function prolog that allocated stack space, thus creating a list of those that were allocating too much. Then I spent a week fixing them.
It was a grueling process, under lots of pressure at a struggling startup, but ultimately the result was very rewarding.
I was just curious if I could improve our PHP-based site’s performance.
So I attached strace to an Apache process and followed the log of syscalls and counted milliseconds between them.
Sure enough, I discovered that 20 ms was being spent each time on a DNS lookup to a statsd metrics collector service over UDP (I remember being told that this was lightweight, since it was UDP). PHP didn’t cache DNS lookups and this was sometimes happening many times per request. I added a static entry in /etc/hosts and the overall latency improved by 30% across all endpoints.
Another hack:
I once was consulting for a client who was running Drupal and was going to launch their new site the next day, but suddenly it started crashing on some of the pages.
I found out that you can take a core dump of Apache and load it into gdb. Then if you run some gdb macros, you can see the PHP stack trace at the time the crash occurred.
Turns it it was some module (tokens?) they had recently enabled which was recursively calling into itself. Not sure why it didn’t hit some stack limit, though. We disabled the module, which fixed it and the client was super happy.
If I knew more about Drupal, I probably would have disabled modules in a form of binary search as a first troubleshooting step. But I did know a little about gdb, so that came in handy.
I was working for a medical device company that shall remain nameless. They had a system that was used in operating rooms that had a fairly nice user interface - bubble keyboard, touch screen, good graphics. It let you input patient information and stuff. (At least part of it was running embedded Linux under the hood.)
In the source code, I saw what it did with the patient name - it used a call to system() to store it in a file. So naturally, I tried an injection attack. I put in "[Name]; sync; sync; reboot". Sure enough, it rebooted the system.
But before the reboot, it had also saved the "patient name" in the file (and, because of the "sync", it had been written out). On boot, it read the information from the file and tried to treat it like a newly-entered patient name, which caused it to reboot again...
We had to re-image the device to recover. We added some validation to user input after that little demonstration.
Way back in the Napster days before streaming services were a thing, I'd ripped all of my CDs to MP3 and had a bunch of live stuff from P2P networks. I wanted to listen to this stuff at work, but technology of the time was either CD based or limited to 16-32 MB of solid-state memory.
At the time, Microsoft had some live broadcast streaming service built into Windows 2k server that would allow you to stream audio from the computer, so I put together a web front that allowed me to build and save a WMP playlist file along with controls for to start/stop WMP, causing it to re-read the file.
The result was that I could listen to my own music on any device capable of receiving streamed audio, and could control it on anything with a web front end.
I worked on a MIPS SOC that had a pair of registers that controlled DDR timing. The formula for calculating the correct timing was complicated and I am bad at math. Most of it was constant but 2 values were important. After failing to get it right a few times I wrote a firmware program (had to fit in 16k of I-Cache) to try every value, run a simple memory test, and print the number of errors to the serial console. This resulted in a grid where the number of errors would converge to 0 at the correct settings.
As it turned out, due to bugs in the hardware and the board, the "correct" answer by the manual would not work and this was the only way to get a working setting. My little hack became part of every boot of the system - it auto-generated the DDR timing. This was back in the early 2000's before DDR training at boot became standard practice.
When I was in highschool I wrote a Tetris game for the TRS-80. My clever hack was that I could make it twice as fast by keeping the state of the falling shapes in video memory instead of a separate object model. In an early version of this, I failed to completely draw the "cup" the objects were falling into, and one fell straight through the bottom into system memory and crashed the machine.
I did the same for a snake game for the TI-83. I didn't think of it as a clever hack so much as it was inexperience; I figured it's how games normally worked. System dialogues like "your battery is low" suddenly became parts of the playing field which was funny if nothing else. My code was slow enough that I didn't need any sleeps or busy loops, maxing out the CPU with my inefficient code just turned out to be the right playable speed which didn't occur to me as a coincidence until much later
Reminds me of a similar story of someone creating a Tron lightcycle game on an Apple IIgs. They had created a bug so that the lightcycle could travel off-screen and into memory, causing all sorts of undefined behaviour.
About 15 years ago, my brother used to run a shoutcast (Internet radio) server. He wasn’t getting many listeners since the list of stations people browse was sorted by popularity - number of listeners.
So I disassembled and then hexedited the shoutcast server binary so that the initial number of listeners was 60-something (which meant the listener count would never drop below that). Then he actually started getting a few listeners :)
Not that I'm particularly skilled in this, but for fun I once decompiled an Android app that accompanied cheap electronic door locks we had installed in the office. I found the C files that were generating temporary passwords, manually parsed for what I was looking for, then wrote a shell script (with help from a friend) that could find/generate more temporary passwords from any existing temporary password+approximate timestamp pair.
About a year later an intern showed me that a coffee stirrer also can work to open the lock, but I bet he won't write about that in a forum.
I hosted a server, in my bedroom back in the late 90s. By server, I mean a desktop running Slack, connected to the internet and allowing me to SSH into it. It could recover just fine from a power outage, but unfortunately due to a RAM issue it would just randomly die - and RAM just wasn't something the local computer store was ready to bring in.
Enter my Lego Mindstorm. I effectively built a box, on wheels with a big thick stick pointing out I loaded that guy up with NQC - built a small application for my Palm Pilot. The modem on the palm pilot would pick up, accept a certain DTMF code, and fire via the infrared port a signal to the Mindstorm. The Mindstorm rolled forward X revolutions of the wheels so that the long arm hit the reboot button, rolled back.
Yes, eventually I bought RAM, but that eliminated all the fun.
This reminds me of a story that isn't mine; one of my coworkers working a university and had a similar problem. They glued a stick to the CD-ROM drive of one server pointing at the restart button of another server. When they needed to force reboot that second server, they issued a command to the first server to open its CD-ROM drive.
I was a junior freelancer. Barely knew what i was doing with web development. Was given SSH credentials to a server hosting a WordPress site. Had to change a bunch of lines in a bunch of files. Hundreds of them.
Took two hours to begin learning about a sed command.
Spent a half hour testing it locally on the MacOS terminal. I didn't wanna screw it up. Made several mistakes on local. But eventually I think I got the hang of it.
Now it was time to run it on live. I'm nervous again even though I just spent a while testing. Ran the sed command to search and replace text.
Worked like a charm.
Pretty much a trial by fire moment. No mentor to show me how. Just me and my ability to read to documentation and apply it. That's all I had at my disposal.
I know server admins do this shit like in a couple of minutes but at the time this was me venturing into servers and making a change on live site and reading a man page and blog tutorial. So for me it was a big deal. It taught me not to fear to learn the shell.
I've done way harder things since but I still remember this moment of almost a decade ago.
> I know server admins do this shit like in a couple of minutes
Yeah, but only from the second time on, and just until our notes become so crowded that we start gambling on re-learning being faster than maybe finding wherever the solution was documented ;)
Back in 2003 while I was still studying I spent some time working at a bank helping write some boring web form using a java servlet. I was really junior, and the code was an absolute mess - every time they made a new web form they copy+pasted a 3000 line java class (with no unit tests) from the previous form and modified it. For source control we were using visual source safe - which is one of the worst programs I've ever used. Every few days the repository corrupted itself and needed to be rebuilt.
Well, I made a horrible mistake. Right after deploying (compiling then manually copying a .class file onto our server), I accidentally lost the source code to all my work. There was no backup of the changes I'd made, and source control didn't have it. All testing was manual - which was a horrible process we went through before every deployment. So if I half remembered my changes, I'd have to manually test everything again and hope I didn't mess anything up.
All I had left was the compiled java .class with my changes in it. I was terrified to even tell my boss given all the work.
Well, I tried decompiling the .class file with my changes in it - but the result was 10k lines of nightmare fuel. How could I find my changes in that? But I also had the java file from a few weeks earlier, before I made my changes. So I compiled the previous version, then decompiled it. Then I diffed the two decompiled source code files. That showed me (in decompiled java form) all the places where I'd made changes, and with some work I managed to figure out what all my changes were.
A few hours later I had re-implemented all my changes in the java source file. I could guarantee I'd done it correctly because the output from the decompiler matched perfectly. So we didn't even need to re-do all our manual testing.
Internet related would be, back in the early 2000s when I was building out infrastructure of pinkbike/trailforks I was optimizing things and discovered that this initcwnd parameter was hardcoded to something like 2 or 3 packets in the linux kernels. This was causing the initial page to require multiple RTTs to load so I figured I would change that and recompile the kernel to make sure all out pages would be transmitted in one go. This made out site perform a lot better compared to most sites at the time.
Funny at the time I was a bit worried that the IETF would discover this and shut us down or something.
These days that parameter is default to something like 10 and you can increase it with a config parameter.
My first IT job was supporting Point of Sale systems for service stations and other retail outlets. The company had some clients in really remote areas, and we provided 24 hour phone support. The software we supported was DOS based, and the configuration was really arcane. Lots of serial port hardware, but instead of configuring it on a COMn port, you needed to know the exact port address and interrupt. This incident happened back in the mid-90's, so very much pre-internet.
One Saturday afternoon a call was escalated to my mobile while I was at a friend's house. A remote site had a server failure, everything was down, and they couldn't pump petrol, help! I spent a little bit of investigation aided only by a non-technical console operator acting as my remote hands we determined the server was beyond repair. So then I talked the operator through installing the network operating system on a different computer, reinstalling the POS software, re-configuring all of the serial hardware for the ports on the new machine, setting up file sharing, restoring data backups, etc. Essentially building an entirely new system from scratch.
After 4-5 hours on the phone they were back up and pumping petrol again. All completely from memory, no computer, manuals or documentation to hand.
Proudest is probably my first and not particularly clever, but I am very fond of it.
Early 90s, a friend let me borrow a copy of a game he had, which included a physical codewheel you use to prove that you own the shareware. I thought about copying the codewheel so I could return the floppy to him and still play, but I'd read that computers have no way to make random numbers and usually seed the random number generator with the current time. I made a batch file that set the time to a specific value and then launched the game, and memorized the code I'd get if I sped through the main menu as fast as possible.
About 10 years ago I was contacted by an agency I used to work with, that they needed to change a little feature in the android app for the austrian lotteries.
The problem they had was that they had managed to lose the source code of the app, lol. Since the app was a simple webview wrapper I decompiled the apk to some horrendous java monstrocity and carefully extracted all used logic, the html, css and js and created a new webview app with the slightly modified code.
Oh and I had no experience in Java or Android development :)
Another hack I was very proud of:
Some weeks ago I had to pick something up with a car trailer. I went to my parent's place to get it and when checking if the lights worked (it was dark already) it turned out that they did not. Since I was driving to a larger city I could not just go without lights.
The problem was, that I really had to pick this up and also I had no extra time to find an alternative solution, so I wiggled the jack of the trailer's cable in all directions hoping to clear out some oxidation. After some minutes of trying I found a specific position in which the lights seemed to work.
Taking out the good old duct tape from my car's trunk I fixated the jack against the trailer hitch. For some reason it actually worked and did not break. I was very proud of this hack!
Maybe not the proudest, but here's a fun one for which my friend Nial Peters should get most of the credit.
We were on Mt Erebus and I needed to power some 6V carbon dioxide sensors for my work. We had lots of 12V lead-acid batteries, but we knew they were made up of 6 roughly 2V cells. We drilled a hole and put a screw in the middle. Now we had 6V batteries.
Tribes 2 had in-game scripting. You could open a console and enter commands or run script files. I was young and just beginning to learn programming.
I noticed that if you malformed a certain command, a mere syntax error, it would crash the game clients of everyone else you were in a chat room with (the game had in-game chatrooms). I was apparently one of the few who knew this because the game didn't immediately become a crash fest as it would have if word had spread.
There was a game mode where players would begin the game frozen with the clock stopped. This allowed serious games to be organized where all players were ready before the match began. I found a command that allowed me to unfreeze my character, and I could move about while everyone else was frozen.
There was a debug command that would dump the location of all players and deployable items. I wrote a script to dump this data, parse it, and update my hud with the data, several times per second. This was cheating, but it did serve as one of of my first experiences with programming. It was a hack I made myself and did not share, although I know others were aware of this cheating technique. This was later in patched out of the game.
Did you use a brainwallet (ie, the hash of the password as the private key)?
It looks like the funds were drained within an hour of you loading the bounty. People have made giant lookup tables of brainwallet passwords and monitor the corresponding addresses for transactions. Reddit user u/btcrobinhood is known for doing this and returning the funds.
Update: funds were not stolen. PortableSecret wasn't cracked (yet)!
What happened is: the wallet app I'm using automatically performs CoinJoin[1] when funds are received (In fact, this is their business model! They take 0.3% of the amount to automatically anonymize all inbound coin).
CoinJoin is a protocol that breaks up the sum received in tiny pieces and scatters them across a large number of "sub-wallets".
So my wallet still has the funds. Bt the 'receive' address I used looks drained, that's because it was only a temporary address to share with the sender. Funds were soon after scrambled/tumbled/anonymized.
This was an interesting experience. I spent all day thinking about what could have happened, researched and learned a bunch of stuff in the process.
Why bother with BTC? Monero implements such protections (plus many stronger ones) with TX fees in the order of a single cent, and obviously without any fees for laundering your entire balance every time you're given money.
When I was 18 I found an offshore online casino that had a video poker game that paid out slightly over 100% if played perfectly. I don’t remember exactly why I couldn’t just reverse engineer the API so I wrote a program that would scrape the screen for the cards, determine which cards to hold, and physically move the mouse and click the correct buttons. I had the program running on a laptop in my mom’s kitchen all day and night, it drove her crazy (I liked having the sound effects on so I knew it was running 24/7). Made the house sound like a casino, lol. I was skeptical that it would actually work, I figured this random offshore casino probably rigs the RNG anyway, but it actually did pay out as expected. I logged every hand and it was pretty amazing seeing the royal flushes actually come up once every ~40,000 hands - needed those to make the whole thing work, obviously.
They eventually caught on after around 10 million hands I think, banned me, stopped me from cashing the remaining funds out (wasn’t that much since I withdrew frequently), and changed the odds of the game.
In my master's thesis, I was generating component graphs from source code.
One issue I had was the generated graphs were suuuuper ugly due to the connections between components overlapping in a non-optimal way. Turns out, untangling graphs is a NP-HARD problem. I got around it by using a spring-repulsion simulation, where connections between components pulled them together but components repelled other components when they got close. It wasn't a perfect solution, but it got me 90% of the way!
It's such a powerful technique and it's so simple to implement! I used the same technique for putting a bunch of icons on a map and making sure they were as close as possible to their target position without overlapping.
Not the one I'm most proud but at least this one I can explain.
I initial did it to help a friend who wanted to customize and sell bycicle bells. since most printing techniques are made for flat surfaces this creates an interesting challenge.
The solution I eventually arrived at involves a pen plotter and a custom fixture. There's actually a article about it here: https://www.evilmadscientist.com/2019/bike-bells-with-axidra...
And by the way, the obvious way to produce them would probably using transparent stickers a heat gun an a coat of varnish but where's the fun in that.
A few years ago I was planning to meet some friends in Brazil for the holidays. I waited until the last possible day to apply for a visa. When I tried to apply for the visa, there was an off by one error in the front end form validation that was checking that some dates were valid, and since one of the dates on the form was in December, the validation thought that it wasn't a valid date. I had to edit the JavaScript on-page to allow myself to submit the form. Got it submitted and got my visa a couple days later. I'm wondering if I'm the only person who managed to apply online for a Brazilian visa that day.
I automated math education for my 9 year-old. It's a Unity application where a student required to solve basic (currently) math examples.
For 10 examples you're getting a 25-cent coin from a coin dispenser. You can keep it or you can use this money to buy Internet access. My OpenWrt router is connected straight to coin acceptor. For one coin you're getting 30 minutes of Internet on all devices (iPad and PC).
Since it's all automated I don't need to involve too much into education process. Math score in school has greatly improved, the kiddo solved thousands of examples.
Coin dispenser is proprietary (found on ebay, one of popular model), so I literally had to hack the USB protocol. The coin acceptor had no USB interface, so I had to introduce one. I've connected this USB to my OpenWrt 32-bit router, which is also ARM - so I had to hack some USB libraries along the way so my binaries can work with USB right from OpenWrt.
I moved back to Texas from college without any job prospects and found myself living in my car, relying on Walmart Wi-Fi for internet access.
So, I resorted to a few low-quality hacks.
The first was a QR Code parking app. It worked by just placing a qr code on public parking meters. I marked up the parking from like from 50 cents to a dollar. I kept 50 cents and payed for the parking through the official app with mitmproxy. Someone eventually reported it.
I had to ask my dad for help reimbursing the city—which he was not too happy about.
The second hack of a washing machine was disclosed properly, although no firmware patch was ever released.
Wow, that's quite a story! It sounds like you got a bit of a wake-up call from your dad, but it's commendable that you took responsibility for your actions. It's also great that you reported the washing machine hack properly so that it could be fixed. It's unfortunate that no firmware patch was released, but at least you did the right thing.
I was color calibrating a prototype holographic printer with a 30Hz pulsed laser spatially modulated by a 60Hz LCOS, phase locked of course. I was chasing down a funny issue where the response curve of the LCOS seemed to change every time we power cycled the machine - specifically, it would randomly flip between one of two modes. I had a suspicion that the LCOS was flickering (they're known to do that) and that therefore the two possible embeddings of 30Hz in 60Hz behaved differently.
But how to measure this? The LCOS displays were buried deep inside some optics, and the only light that reached them was the laser light which was pulsing at the same frequency as the signal I wanted to measure, and the laser PSU was incapable of driving it faster. I did however have an pulsed energy meter, which I'd managed to interface to a computer so I got a readout for every pulse.
Sudden insight: flip the switch on the laser power supply from "Ext. trigger" to "Internal trigger". Twiddle the fine adjustment on the PSU frequency knob until the laser frequency was 29.95Hz. Watch in satisfaction as the energy meter described a neat sine wave over the course of 20 seconds - the beat frequency between 30Hz and 29.95Hz - confirming that the reflected energy swung wildly depending on the relative phase.
It was a small and simple hack, and I've poured much more sweat into much grander "hacks", but I will always be proud of that lightbulb moment.
Honestly, probably futzing around with Prince of Persia level assets in ResEdit to bypass the piracy check, as a child. My capacity for pride diminished with exposure to the world.
More recently, replacing `7z.exe` with a PowerShell script that logged input, to get archive passwords for an obfuscated data format. Not technically impressive at all but a few days were saved and lolz were had.
As a young buck who's parents didn't want him tying up the only phone line in the house to get on the internet whenever he wanted, I was limited to an hour of internet time a day. I also would pick up free trial discs from local stores, even though I couldn't sign up for a free trial without a credit card or checking account, of which teenage me had neither. One day, however, late at night on a weekend, I tossed in a PeoplePC disc into my machine and ran it through the trial setup to see what I could do.
PeoplePC's sign up was completely online, which was pretty new for the day. The trial setup would first dial a toll-free number to get local POP numbers, and then dial the local number to complete the registration. Well, after poking around to see if I could get around the dialup procedure for the temporary Dial Up Networking account (young me at the time wouldn't know that those creds were in the registry for my perusal), I popped open a web browser, and to my surprise, the local pop account had full internet access. Unfortunately, the trial had a timebomb, so after 10 minutes of inactivity in the setup app, it would close the connection, and remove the DUN account.
Young me however was a wannabe hacker, and had among other tools, a hex editor at my disposal. Finding the temporary setup directory, I copied the contents into another folder that would persist beyond the setup, and started scanning through various files. Eventually, I found what looked like a username and password cleartext in a binary, and copied them out. Tossed them into a fresh DUN entry, and discovered that the account... just worked. Like that, I had free dial-up networking, effectively whenever and wherever PeoplePC had a POP. I rode that for a good couple years until we eventually got our first DSL modem.
Honestly not the hardest or most impressive hack in the world. For all I know, PeoplePC was aware of my usage of it, but because the password was etched into hundreds of thousands of setup discs, it's not like they could rotate the creds. But for a teenage me that just wanted access to the unfettered internet, it was pretty neat.
When I was a teenager, my friends and I played this free MMO game online. A friend was told by another friend of him about a bug in the game. This bug would let you receive the reward of a certain mission without marking it as complete, so you could get the reward as many time as you wanted.
Me and my friend started exploiting the bug like crazy, spending hours literally just doing that. The problem was that the process to exploit this bug was very convoluted and a pain to do manually.
I had no experience of programming nor anyone around who knew anything about it, but I felt that there must be a way to do the whole process automatically. Computers are meant to automate stuff, right? Anyway, I started investigating online and found AutoIt, which is a BASIC-like scripting language that allows you to automate GUI stuff.
I then began building a script that did literally what I had to do manually to exploit that bug. And literally means literally. The way I made it work was by scanning colors in coordinates (to check whether a window it's opened, etc), moving the mouse and clicking. The script was full of duplicate code. I didn't knew about loops. All I knew was if conditions and mouse actions. I even remember having to go to a forum and asking for help (in super broken English) because I wanted to keep the program running indefinitely (they told me to use `while true`). But it worked.
Anyway, I spent about two weeks of after school afternoons building this bot. Then, when I had it working, got banned in a matter of days :^)
This might not seems like much, but I remember it fondly as this was my introduction to programming and the reason this became my career. I'm still holding onto the (terrible, terrible) script.
Emulating a lineprinter at our end of a frame relay circuit to capture print jobs from a service provider's mainframe and putting them into a database. This was in the 90s and it saved us a boatload of money and paper.
Shared a house with some friends in college and we found a bug in a local Pizza place's site to stack coupons and get huge pies that were normally like $30 for $5, basically really good fancy pizza for cheaper than dominos. Really a blessing and a curse since it became breakfast, lunch, and dinner since it was hard to justify buying anything else.
Project was months behind schedule and had "six months to go" but the truth was nobody knew. The mpp calendar had all these 4 day blackout periods for loading data. I ended up getting that down to 2 hours but scheduled it between india/USA shifts so all the 4 day periods went away and (literally) months of project time got clawed back.
Vendors wouldn't share code so I broke it, looked at the error logs and wrote my own version of a indexed vector that reordered the operations using a knapsack algorithm and in a way that allowed us to run 50-100 parallel threads. Maybe 500 lines of code.
Knocked some heads together to get downstream systems to start importing data as soon as the first files arrived rather than wait until the end.
CTO (I'd never heard of him, it was a $30B company) didn't believe management about the months of time we'd saved, needed it all explained, was very happy.
Rewriting a C++ matrix library to change its API back in 1996/1997, for a 100x speedup.
It was a nice library... It had things like a = b + c; ... but back then, C++ really didn't have tools to support that syntax with great performance. Especially mixed with a bad allocator, that prevented multi-threaded allocation.
Access to a Facebook profile of a bully, from a PSP console, when I had 10 years old using social engineering. I literally only asked for the answer of his email recovery secret answer and I got access to all his stuff.
A few jobs ago I was working on printer firmware. There was some bug where after so many pages were printed the colors would start to band. Anyways, the fix ended up changing a == to a <=. I looked up an ascii table and it was literally a 1-bit change. I like to brag about that one on occasion but it also put things into perspective how the difference between something working or not can literally come down to a single bit.
Yeah, most software cracks on x86 used to involve changing a byte's value from 0x74 to 0x75 or vice versa, literally a single bit change making it a cracked program or not :)
We needed to take delivery data from a proprietory legacy system. It already printed delivery notes so I spliced into the RS232 cable to the printer and took a feed into a second PC.
I then wrote a quick and dirty comms program to suck the data in, discard the unwanted control codes etc, and scrape the data into a usable form.
This was in pre-windows days, so the data going to a dot matrix printer was pretty simple. It would be a lot more chewy now I suspect.
An old manager used to like giving me PITA (Pain In The Ass) Projects that solved something useful, but were a bit arcane for some reason or other. A couple were printer-related, for our customers.
One customer had a cheque-printing routine that used a blob of HP PCL (Printer Control Language) for some reason when printing these cheques. The blob included image date of the finance person's signature, and they'd changed executives. We didn't have information about how this blob had been created initially, but I was able to pick it apart with a printer manual and hexl-mode in Emacs. That let me edit hex data which could still change size, and replace one image with another.
Another customer had salt mines, which are very corrosive environments, and you didn't want much in the way of computer gear there. They needed to be able to print shipping sheets from head office, ideally without any PC or server on-site. Using a modem and a dot-matrix printer with a serial interface, I figured out a way to connect and send a print job that worked. Not sure if they ever ended up using it though.
About 15 years ago I was trying to debug a pesky timing issue and couldn't reproduce it.
I wrote a script to capture and replay network traces from Wireshark (then called Ethereal) that included keeping the timings intact. Caught the bug reliably every time.
About ten years ago I got invited to do a college recruiting event for my company. All of the opportunities were for weekend visits to podunk colleges in the US and Canada, but there was one week long trip to a couple of colleges in Europe. The problem was the button was greyed out and I couldn't click it (probably reserved for people in a higher pay grade). F12ed that mf-er and got a free vacation...
I worked for a client in the streaming music space. They were going through the technical testing phase of partnering with a high end audio manufacturer. One of their requirements was to retrieve the metadata of N songs within a fixed time limit, simulating their customer playing our streaming audio on their hardware.
The testing office was in LA. The audio and metadata was in Ireland. The lag across the public internet consistently failed their tests.
So I deployed a small read-only copy of the API in an LA data centre which tunnelled inside the cloud provider back to Ireland. I used DNS geo tools to ensure the tester transparently hit the local LA data centre.
We passed their tests with ease and landed a 6-figure contract.
The hardware customers probably had a terrible experience though...
I worked for a healthcare startup that interfaced with a lot of large insurance companies. They had no API access for their patient information and would just give us credentials to ancient web portals instead.
I wrote my own browser automation scripts to create our own internal patient API. Ended up reducing claim billing errors by a ton and resulted in 6 figures a month in additional revenue.
What impact did the 6 figures in additional revenue bring to you personally vs. the owners of your startup? How were you acknowledged or compensated for this feat?
Honestly I was a brand new hire and it was my first real engineering job so I gained nothing from it. At the time I had no idea how to advocate for myself or my accomplishments. Big lesson learned.
I once needed to install a very large piece of enterprise software in a locked-down enterprise environment. The client had contractually agreed that we would download the software rather than using physical media and for complicated reasons due to IP licensing we were not allowed to install via physical media.
However the enterprise IT/infosec folks at the client didn’t like our project and refused to whitelist our upstream host so it was not possible to download things into the client environment without going through a virus-checking firewall. This imposed various restrictions:
1) It prevented any executable, tarball etc from being downloaded. Basically if it was in a useful file format it was no bueno.
2) It prevented any file over a certain size from being downloaded. If it was over the size, the firewall would just cut the connection.
Time to get the unix toolset out and get to work. I realised first that I could easily get around #2 by slicing the file into chunks, downloading each chunk and then reassembling on the client side
#1 was a bit more tricky. The first thing I tried was encrypting the file. This would theoretically mean the virus scanner wouldn’t be able to find any signatures of hostile file formats, but it turned out that the encryption itself made the first bit of the file predictable and so my first chunk kept getting blocked.
Soo….. I added some random noise onto the front of the file. Once I tuned the length, it meant the virus scanner didn’t understand the encrypted file so it got through.
The two resulting shellscripts (called “shred” and “unshred”) are probably my favourite ever hack. You’d run “shred” on the far side, which would take any listed input files, put them in a tarball, encrypt it, add some random noise to the front and then cut it up into chunks small enough to get through the firewall, and then on the far side you’d download them and run “unshred”, which would reverse the process.
Once we had demonstrably got our software through the firewall a few times, IT/infosec realised their objections were futile and they relented and whitelisted our upstream so we could just do a normal install for all future releases.
Oh I just thought of another one. I was working at a client and it was going pretty well until we did a demo to a pretty quantitively aware person and he asked whether our thing (a time-series analysis and reporting tool basically) did linear algebra. Well it didn’t, and he was pretty sarcastic about that.
So I went back to my hotel room, put on some coffee and spent most of the night writing a bunch of boilerplate code wiring in various methods in apache commons math. The next day I had another meeting with him to discuss something. I chose as an example a function we had quickly knocked up that did a bunch of matrix math. “I thought you said it didn’t do linear algebra?” He said. Felt pretty good to say “Yeah that was yesterday. I just added it”.
2 daily scheduled 20 minute naps (8AM, 3PM) with noise cancelling headphones and a face mask neutralizes the side effects of sleep fragmentation with a new child.
1. I was working as an intern at a router company (basically doing manual QA of software releases). One day one of the software developers comes by and wants to see how hard it would be to add a feature (IP address autonegotiation for point-to-point links). The code already existed in a library, but there was not official way to enable it. The developer did mention that it could happen automatically if the up address was unspecified.
I was able to get it active by creating a virtual interface with a manually set IP address, setting the point-to-point link to use the same IP address as the virtual interface, then deleting the virtual interface.
2. I was working on a Government funded research project and some other company was responsible for developing the board support package. The board we were working on had 1 ARM core and a 7-core DSP in a NUMA configuration. I had a processing pipeline that split the processing between cores so that each core handled a different part of the chain. The full code did not fit in DSP memory, so we had separate images for each core. I was seeing crashes every time one of the DSP cores finished handling a message. Eventually I was able to determine that the messages passed between cores by the platform were actually C++ classes with a virtual destructor. My work-around was to overwrite the first 4 bytes of any message the DSPs received with 4 bytes from an empty reference message created locally. That overwrote the vtable and prevented the crash.
I'm a script kiddie with only the most basic JS and Python knowledge.
I came upon an online contest by a food company where you had to submit pictures of yourself cooking with your kids using their products. People could then vote on the submissions (one vote per day / cookie) and the top 10 would win travel vouchers of between 500 to 5000 bucks value.
I found out they'd done that before in other countries where apparently you had to submit videos, because there were tons of them on YT. I then used screenshots from those videos to make fake submissions.
Then I found the url to cast votes, put them in a script within a legit advertising banner from a marketing campaign my company was currently running (I guess that's XSS?). I knew how many ad impressions each banner was to receive, so it would cast a vote only every 2k impressions or so.
I ended up making off with about 4 grand. I'm only partly ashamed because: The call to cast votes would also return the current vote count. So I'd cast a vote for each submission once a day and put it in a db in order to monitor the current rankings. Turns out there was another guy whose votes would go up by exactly 100 a day, so it was either him or me taking home the money.
I did this sort of stuff a couple times back when these exploits were more commonly possible (marketing people and their devs seem to have learned) and every single time there would be someone else who was also cheating. So really it was a hacker vs hacker (or rather kiddie vs kiddie) sort of battle rather than taking from the legit players.
Saved my canoe building company by making 900,000 face shields. Or making an auto clicker with apple script in 2000 — to click on ads and make money. I let it free and made $70!
Still recall the fun I had building the hardware and code to use a 45-baud teletype machine as a console for a 110-baud ASCII computer. Each direction needed a code conversion and a speed conversion. Hardware port access was simple and wide open. (And the baudot could come from any source, not just the teletype. Off the air! Baudot pictures! Save to tape instead of paper!)
A helluva lot more rewarding tweaking wide-open custom hardware than making adjustments to uBlock.
In 1997, I had to convert a legacy unix (SCO System V?) application's comms from X.25 to tcp/ip. Had the source code, but it was a weird case of the system you built it on didn't have a networking stack (or was somehow massively different that it was a pain to build and now unsupported) and while I'd written some basic networking bits (some telnet utils etc) in C on windows, but felt like this was a bit of a stretch of my skills/abilities.
Anyway, after playing around with different flavours of linux, I ended up with a rather simple solution that ended up being easy to install. Essentially it was a two line script that piped the serial port to the destination server IP address, and inbound tcp/ip piped to the serial port.
So just plugging this little (old school) 486 box in-between the serial port on the legacy system and an RJ-45 connector which plugged into the 'corporate' network and we not only had an upgraded comms layer, but we now had remote system management, which we never had before.
Think it saved $250k+ minimum replacement at next to no cost. Just me barrelling up and down the country installing the new hardware. Was a fun project in the end and started me down the linux appreciation route.
1999 or 2000 I think. Checkpoint was the big dog in firewalls and they were ludicrously expensive. I had been noodling around with OpenBSD and realized that you could make the image small enough to boot from floppy and run its firewall in a ramdisk (IIRC ipf- this predates the replacement with pf). So we replaced a commercial firewall with ipf running entirely in memory from an immutable floppy disk and it just blew Checkpoint out of the water.
My first job out of college was QA testing for a GIS consultancy. This peeved me off because I had a CS degree and wanted to code. I kept begging to get access to the repo even just to fix the bugs I was finding, as I found them, but to no avail.
Then one day, a client asked for the ability to draw things on top of the map view we provided. This was pre-HTML5 and nobody on the team knew anything about graphics (which just so happened to be a major area of focus I had done in my CS degree and part of why I thought working on mapping software would be fun. Turns out they delegated all that to ArcGIS). Everyone started talking about Flash and how the mapping server probably wouldn't work with it, it was going to take so long, blah blah blah.
I piped up that I could do it in a couple of days. I hacked together a 2D drawing library in JavaScript that used DIV tags as "pixels" (oh yes, I was also the only person in the company that knew JavaScript. At that time, "serious" software didn't use such "lowly" scripting languages). Pulled out my copy of Foley, Van Damme, Finer, and Hughes and got to implementing Bresenham's. Even made a huge performance optimization by concatenating contiguous strings of DIV pixels in flat, vertical and horizontal runs, into a single, wide-or-tall DIV.
Several years later, HTML5 came out and CanvasRenderingContext2D was nearly identical in design. Well, that was no accident. We both based our work on Java2D.
I didn't report to the QA team after that hack. And that's how a hack got me my first programming job.
Honestly, it's been all dirty hacks in JavaScript like that, ever since.
I can’t remember the details exactly but there was/is a script injection vulnerability in the Salesforce formula field parser. Years ago I used this to emit a touch event from a click event back when those were different to get a UI working on a tablet for a client. The guy I was working with was fairly impressed which was good because he went on to much bigger things and ended up hiring me 4 or 5 years later for a lot of money.
Around the time that tap-to-pay apps were in their infancy, vendors were offering extremely generous bonuses... a combination of a couple of these ended with essentially free snacks for the entire time this promo existed (~6 month period).
This was back when the tap-to-pay app was called ISIS, for context.
I combined a couple offers:
Amex's Serve (prepay debit card thing) offered a $1 off any transaction over $1 (a fixed $1, not a percentage), up to 50 transactions a month.
The vending machine company near me that had machines in my office offered a buy-4-get-1-free promo using tap-to-pay that has a very weird implementation: The dollar limit for the buy-4 portion had no lower limit, and the get-1 had a fixed $4 worth of payout.
Essentially, every time I got up and went to the bathroom I'd stop by a vending machine, buy 4 items worth $1.25 (costing me, $1 total), and then use the get-1 portion to buy $4 worth of items.
I'd then turn around and sell said $1.25 items to folks in my department for well under ($0.75 for $1.25 items, etc). I told them exactly what I was doing, nobody wanted to deal with the hassle though. And the dollar amounts were so small. The real reason I sold them to coworkers was because I wanted quarters for the pool table at a nearby bar.
In addition to those two offers, the Amex Serve also just straight up gave you something like $60 for signing up for the account plus adding some small amount of money to the card. This basically funded this series of $0.25 purchases for the entire 6 months.
I basically got unlimited snacks for myself, and a freeish source of quarters to fund my pool games for that time period.
People have gotten millions of airline rewards miles through credit card churning. They don't even try to conceal what they're doing. For a while, people were purchasing thousands of dollars in coinage from the government, using their credit cards. Another method which still works is purchasing gift cards and using them to purchase money orders which can be deposited into a bank account.
These credit card offers are designed to exploit people who have difficulty living within their means. It's interesting how creative people are in exploiting the loopholes left behind.
I once really enjoyed a shareware game on my MacBook pro named "Galcon". I enjoyed this game so much I was considering buying the complete version, but it was a bit pricey and I really wanted to know whether the unlocked content would be worth the $20 for an unlock key.
I realized the game was written in Python and dug into the .app directory. It was mostly binary data, but there was one python script with two lines, essentially "import game" and "game.start()". I inserted a pdb checkpoint between those two lines and started the game, dropping into a terminal with the game module loaded. I started peering around with "dir" and ended up finding the function which validated purchase keys, so I replaced it with "return true" and I was able to see the unlockable content.
Unsatisfied with just that, next I used the "dis" module to disassemble the key validation function, decompiled it by hand into python code, and inverted it to make a function which could generate arbitrary keys.
Then I revealed all this to the author and he never got back to me.
My worst hack was a bug in a small network I wrote to interface to some barcode readers and displays. There was a buffer overflow in the interrupt routine of my 8088 assembler code, which would occasionally miss an outgoing character.
The prompt should have read "Please scan card count", but unfortunately it missed the "o" out of the last word...
We had a similar but not quite as funny occurrence when our teletype would sometimes flip a bit. When users logged into our system via the Asynchronous Multi Line Controller we got a console message AMLC IN USE however the last char was changed to A. Made us giggle since we were in Auckland NZ at the time.
I don't know if its my proudest, but certainly a recent one...I leveraged python and Bash/cli to automate content work... I'm proud of it because prior to that i had not coded any apps or even minor bash scripts in about 15 years.
In the midst of the pandemic (2020), i worked for a non-profit....and they published all manner of important economic research data on different strata of incomes, families who struggle putting food on the table, etc. All data that they sell to governments for policy work (its that great, valuable, and expertly published) and they also sell it to other research firms, NGOs, etc. (Side note: when i worked for them, they were severely under-pricing their data for way too low prices for how others used, referenced the data) Anyway, among the steps involved in reviewing the reports, I automated link checking of urls used within their reports. The report content lived in PDFs, so i automated grabbing all content from PDFs (not fun!), then picking out urls from the massive copy, then running link checker scans, finally producing a report of any links that were broken. The overall authoring of the reports encompassed many, many months of work - by top-notch research teams - and the design and production of said reports also (sadly) took months to perform. Well, when i automated even just the link checking portion, i reduced their work from many weeks (sometimes 1 or 2 months) down to 1 or 2 days. I left before i could extend my automation, so it still required a human to trigger some steps. But, if i still worked there, i planned to automate far more, and start moving upstream for other areas (like scaling out their report designs, etc.).
Was it some hacker-level thing or rocket science? No way. But, all in all, it was a neat use of python, python pdf modules, some minor bash/cli scripting, etc. I learned a bunch of fun stuff, and the non-profit saved tons of time. I still feel so good when i reflect on that little project!
My wife and I wanted to travel around Europe on a tight budget for a month. As we didn’t care for the order we’d visit each location I built a multi-stop-with-some-constraint flight optimizer based on scraped google flights data. I could enter the airport names and min/max days to stay there. Worked great, we payed like 200€ for all our travels!
In 1978 Linotron 606 phototypesetters had an intermittent problem that sometimes a small section of text would appear as if the letters had been chopped up in a blender. Nobody could figure it out for about 6 months. Turned out to be a bug in the routine that handled disk errors when the character vector data was being downloaded from disk. The character buffer that contained the character vectors had a blank scan line used for white on black reverse video background placed at the beginning of the buffer. The routine that handled disk errors just refilled the buffer from the beginning without the blank and so all the addresses of the start of each of the characters was off. My favorite actual hack came a couple of years later at Bell Labs Naperville where I made the curses library terminal version of Space Invaders play PacMan instead.
I learned to "speak modem" in order to test a bank of modems. The calling station was roughly 100 feet from the modem bank. If a call got jammed up, I needed to know which modem was stuck, being it used a next-modem-up rule. If I simply left the call station and jogged to the rack, the problem modem usually had hung up already. I realized an actual modem call keeps the answering modem trying longer, but I wasn't allowed to hook one up there, being stuck with a voice phone. So I practiced sounding enough like a modem to keep the answering modem trying longer. It worked! The server room admins thought I was nuts, even after I explained it. They joked that I dated Daleks.
We had a very large monorepo at my previous company and building Docker images required us to set the context at the root of the directory (libraries, protos and helpers scattered around the repo). On macOS this is extremely slow as Docker copies the context into the daemon. This used to take several minutes.
Fortunately, we also used Bazel. So I created a custom Bazel rule that aggregates all the required files of a target/service then builds the Docker image within the Bazel sandbox which only contains the files we need. This massively reduced the context size and thus the image build time. From several minutes to single digit seconds.
I was cleaning up some stuff on an old but still pretty important prod server and not paying enough attention on that day.
Turns out in retrospect that accidentally deleting ~/.ssh/authorized_keys on the main user account was not a good idea.
As the panic was starting to sink in, I managed to find out that an unprivileged user account was still available for SSH login.
Once I got a hold of it, I then tried my hand at running several privilege escalation exploits... until one of them worked (what a relief) and I could finally restore proper SSH access on the main user account.
It was both a proud and a pretty embarrassing moment.
Whenever I need to try some new service online which requires my credit-card(CC), then I make sure that I create account with a disposable email (using iCloud+) and a virtual credit-card (using Revolut) with max allowed spending to 1~2$ configured and use those for that account. As soon as my account (post CC auth charge) is created then I delete my virtual CC so that I am sure that knowingly/unknowingly I won't be charged or spammed.
Once I am sure that I would really like to use that service, then sign-up with my actual email and CC. I simply love this hack and use it extensively.
I've done it a few times but my favorite hack for Windows is to use a bootdisk to swap the accessibility app with command prompt so you can wipe the local admin password.
Not code. But I bought an ATM once, set the surcharge to something like $10, then opened some checking accounts with "free ATM rebates", then just started making withdrawals like crazy. In case it's not obvious, the cash just goes in a circle and the ATM surcharge shows up as profit for the ATM owning entity (the expense of the surcharge fee is refunded by the bank, so no cost to that entity). Banks assume these are separate entities.
Lol yeah it definitely felt shady. My attorney said it was legal but they could probably bankrupt me with legal fees if they wanted to. I thought of it the same as any type of reward people like to find ways to take advantage of (miles, cash back, etc) and I just found a loophole that was pretty high friction so kind of off the radar (friction = I had to buy an ATM!).
Did you just cycle the money in the machine, or did the cycle somehow involve taking a bunch of cash, depositing it in your checkings account, getting new cache delivered by courier, put it through the money machine, repeat...
or a tighter loop I can't grasp how it would work with your account?
It was a lot of logistics with physical cash. But yeah I tried to run it as close to "real" as possible in case I did hit legal issues (isolating the entities, not comingling funds). Also, had to make sure for taxes that the cycled cash wasn't possibly viewed as income to either entity. There were a few optimization steps I found that helped me streamline the logistics but I still was withdrawal-ing cash from the ATM business account daily. To start the cycle over again.
I kept a small amount in the consumer accounts. Maybe $300-500. The cash took 2-3 days to do the loop if I recall. And this allowed me to keep do multiple $20 withdrawals each day on each account.
It got big enough that I employed someone to sit at the ATM and make transactions. Then I bought 2 more ATMs so they could multitask / reduce idle time during the 1 minute it took for the machine to process and dispense.
I stopped it when I realized the numbers were getting kind of big and a few banks had caught on and closed my accounts. Then because of the physical cash, I was worried about getting robbed. I was getting very paranoid about the whole thing and decided to wrap it up. I remember meeting a few times with attorneys during it to get varying opinions. Over time, the advise turned into "we think it's legal, but you should really stop it".
There was also another smaller but pretty invisible loophole I found with interchange. I could set the surcharge to $0 and so long as the cardholder bank didn't charge "foreign ATM fees" then I'd make about $0.50 per transaction. Much smaller, but order of magnitude more banks offer this feature versus the surcharge rebate feature. The surcharge and the rebates were line items on the bank statements. So, any person at the bank that looked at my account could see the fees and that it was costing them money. With this hack, there was no line item on my bank accounts (only the amount withdrawn). So it looked like the ATM owner did not benefit at all. But, in the background the ATM owning entity received ~$0.5 per transaction of interchange fee.
It sounds stupid, but at the time, my idea was to test this out and then sell a 'get rich quick' style ebook explaining how it works.
How did you discover these loopholes in the first place? Did you work in the finance industry or an ATM maker or something like that and just figured it out?
Can’t say I remember exactly. No particular experience other than a general knack for spotting loopholes like this.
If I remember correctly I had some vague knowledge that basically anyone can own an ATM and set the surcharge as they want. I probably looked into it as a passive income stream at some point (these things had a high growth phase some time ago). Then I think the first time I heard about ATM rebates was on an advert of some sort and the whole thing seemed obvious. So I looked into the fine print and it seemed to check out.
I don’t think this was ever a thing until online banks came around during Web 1.0 , traditional banks would charge you a fee for using out of network ATMs (which is still pretty standard), but the online banks resorted to offering surcharge rebates as a way to compete with brick and mortar banks. And also to overcome the obvious pushback of people wanting quick access to their cash. Then smaller banks started offering it as a way to compete with the national banks that have huge ATM networks.
You can do that. It nets to an inflow of $3 for the operator. and the interchange depending on how they’re registered and what their transaction volume is.
You could just give them $55 in cash if you want. This is just a net to any profit you’d have left from the surcharge revenue. It was irreversible by practically all measures, so no real risk. The only issue I ever saw cause a reversal is a mechanical vend error.
I think the main thing is you have to properly notify the cardholder what shape their outflow will take and that the cash value is the same. At the end of the day, it’s just a vending machine.
Back in 1988 we used a Toshiba ‘286 laptop for programming something on the manufacturing plant floor. That laptop came with the useful Multisoft PC-Kwik Power Pak on 3.5” floppy disk.
I owned a generic ‘286 12 MHz DOS computer at the time. Since PC-Kwik was the Toshiba edition it would not run on generic ‘286. So I used DOS program Codeview, also on floppy, to find and successfully patch the code in the executable program that checked for identification as a Toshiba product. My very first reverse engineering experience.
We had a laser printer in our computer lab that would, once in a while, shift the subscript in a mathematical formula several centimeters to the right. This was in a LaTeX-produced document. In those days, the path to print was LaTeX to dvi, dvi to PostScript, then send the PS file to the printer. I got hold of a LaTeX file exhibiting the problem. Oddly, if I made any change to the document before the problem spot, no matter how insignificant, the problem would go away.
So I dove into the generated PS file, located the code setting the subscript, noting that it placed the subscript using the rmoveto operator. The ‘r’ is for relative: It would take a pair of coordinates off the stack, add those to the current position, and move the current point to the new location.
So I added some code to the PS file, first to collect some information along the way, and then print it out at the bottom of the page. I turned out that the rmoveto operator got it wrong! So what to do?
I replaced the rmoveto operator by a few lines of PostScript reading the current position, do the addition, and then execute a moveto operator instead. That cured the problem! The next step was to put that code into a small job exectuting the magic operator exitserver (reads the printer password off the stack), followed by my redefined rmoveto operator. The effect is now global and applies to all print jobs until the printer is power cycled. So that print job went into a cron job running every 15 minutes. Problem solved! That hack was left in place until the printer was retired, years later.
Years ago I was developing firmware for a measuring instrument (an ultra-low current ammeter) based on an 8-bit CPU, the Motorola 6809. I was the first person in the company to use our newly-adopted C language development system with in-circuit emulator. The firmware used interrupts for I/O and was built on an RTOS, so it was multi-threaded. All of the math for measurement processing was done with long (32-bit) integers (on the 8-bit CPU).
Once in a while the instrument's readings were wildly wrong. After we ruled out actual signal glitches in the analog front end, I started poking around with the debugger, which did have some very nice breakpoint capabilities. This is when I discovered that the C compiler implemented long math operators using anonymous function calls. And that these functions were not thread safe (they used temporary variables below the stack pointer)! If an interrupt occurred during a math operation, the function returned a wrong value. Disabling interrupts for long enough to do a long divide was not an option as that would seriously mess up the operation of the analog front end.
I duplicated the functions in assembler, but with proper use of the stack, and then replaced all the naked math operators in my source code that operated on longs with calls to my new functions.
I used to play games for free at the local internet café. Not sure how the system locks work today, but back then there was some special software preventing you from using the computer unless you had paid for access. I read somewhere that there was a keyboard combination, I think it was Win + U, which brought up an accessibility screen. From there you could click on a "Read more" link and it would open up a browser and bypass the lock!
I'm guessing that internet cafe used Smartlaunch, and let me tell you, that was far from the only bypass you could run to get around its frontend, haha.
I feel this barely qualifies but I still think back on it as a formative moment. My dad had parental controls installed on the family computer, and they were pretty strict (I remember at the time that, for example, IGN was blocked). One day either my sister or I discovered that he'd written his passwords down on a sticky note.
I'm not sure exactly how I figured out to do this, but I was able to log into my dad's account, open up the terminal, then kill the daemon program that controlled the firewall to disable it. My fading memory tells me that I was simply inspecting the list of running programs on top, saw one named 'integod' (Intego being the name of the company that produced the firewall program), and targeted it. Worked like a charm and you can probably imagine what I used my newfound freedom for (I was in middle school).
Pretty basic command-line stuff, but I do credit the early exposure for my ability to pick up more advanced concepts more quickly when I entered the workforce.
--------------------
One of my more proud work hacks was on a business trip where I couldn't deploy a source code change but could change the compiled binaries and libraries, so I changed some instruction to a NOP to get around a showstopper bug.
1.-When i was like 14 i went to a school where they teach you how to use a computer, i picked up everything really fast and found out that they recorded student payments in a csv file, the file was in a shared folder in a windows 95 machine, editing the csv to add my name and amount paid was really exciting.
2.-There was a series of flash animations named HuevoCartoon you could see them in their website but if you saved the swf it would jump to the end so i used HIEW to open the swf and if i recall correctly it had a script that checked if you had the swf open in a browser and if the url in the address bar was a specific one, well so what i did is 090 the whole instruction and i could play it offline, i remember sharing them with my friends at school, eventually those guys decided to do that check every frame so i wrote a tool in C to look for it and 090 the instructions.
3.-One day i did not have too much to do at work and i was talking with a friend and he explained how bored he was with his job, what he did then, it was take a set of 3 pdf files and create an xml with the file names and put them in a zip file with a name structure like john_doe_12345678_xrftv and upload the file to a server , well i told him to install python and i wrote a script that would automate all that, it took like 5 minutes to generate the xml and the zip file for like 20,000 sets, so he spend almost all the time playing battlefield 3 and on Friday he would upload a little bit more than his boss was expecting, it was a contract for 6 months, he finished his job a couple of weeks ahead and got a bonus and a job offer, he is still working for that company and is a really good Python coder, he decided to learn after that experience.
Nothing impressive, but when I was 12 my neighbor had an old C-band satellite dish and I'd hang out with their son watching movies.
The parents had put a parental block on some R-rated channels and we wanted to watch those movies.
We found 2 different ways to get around it. The first one was to use the built-in timer to go to that channel at a specific time. I wondered if it still blocked the channel and no, it didn't! So just set a timer for 1 min from now and "poof!" could watch that channel.
The other way was that with C-band dishes the satellite dish had to move along an arc to receive signals from specific satellites. The receiver would remember the positions and the satellite was "identified" by a certain position on the arc it traversed. Of course the parental block was just a combination of "satellite-channel" block. So you could manually move the dish via the remote a very small amount so that it was on a part of the arc the receiver didn't consider "the satellite" but you could still pick up the signal. Boom, no parental block and you didn't have to wait for the timer to change the channel.
Back in the day, I wanted to share savegames of Final Fantasy (for PS2) online. So I installed a modchip and then I built a TSR driver which would emulate the memory card and upload the savegame onto an FTP server instead.
Along the way, I noticed that the game still had debug printfs contained, so I built another little tool to replace their printf handler with my own. Seeing this diagnostics data for some odd reason made me very happy :)
Self-modifying code in a EPROM, written backwards. It was the start-up sequence of the boot ROM for my home computer, based on the RCA 1802 chip way back in the 1970's... It had to save the contents of (almost) all the registers for debugging. I was short of space - I had added 2.5 kb to the 2kb program, and the EPROM was only 2kb, so we needed to optimize everything we could. The shortest way to save the registers relied on self-modifying code. Such can not run from an EPROM, so it had to be copied in RAM. Luckily we had other stuff to copy, so copying a bit more did not cost extra bytes. And the shortest copy loop was using an auto-increment load instruction and a auto-decrement push instruction, so the stuff had to be written backwards in the rom.
There were other dirty tricks, for example the table of (one-letter) commands was at the end of the ROM, and was terminated by a letter with the 8th bit set, which we got by reading the address after the ROM. As a aside effect, you could extend the commands by installing a second ROM in the proper place.
That time I knew the instruction set for the 1802 by heart. I even dreamed directly in hex.
I studied CS engineering at a fancy uni with a pretty strict curriculum.
One year I fancied going on an around the world trip on this program called "Semester ar Sea" (SAS) for a study abroad. This was explicitly out of scope for the curriculum and the dean vehemently roadblocked my request.
My school happened to have one of those design your own major options so I went in and wrote my own major that was something like "cse and international business" and designed the curriculum so that SAS was a perfect fit.
A few weeks later I pitched the dean and her staff on this "engineering with an international context" major and they LOVED it. She signed on the dotted line smiling and that's when I informed the room that I'd be doing Semester at Sea because it was a perfect fit.
Best of all, having a dean stamp of approval, my scholarship transferred over.
So I spent the next 9 months earning college credit living on a cruise ship with 500 other kids traveling literally around the planet. It was one of the best experiences of my life and I could fill a book with stories by the time I finally came home.
To this day I'm not sure if the dean was pissed or proud or both of me
During a hackathon, I used SadConsole + MonoGame and DSharpPlus to create a Discord bot that renders a PNG of colorful text. Since MonoGame isn't intended to be used like that, I had to find a few workarounds.
1. I created a static List<Action> of "jobs"
2. The Discord user sends a command to render some colored text
3. We create a SadConsole.Console instance; draw the text onto the Console; and push a job to the job list.
4. When the MonoGame instance enters the "Render" call, it runs each job in the job list.
5. The job we pushed then saves the Console to a PNG in a memory stream (file operations were substantially slower in thread for some reason), and then calls Discord API to send the response.
I'm personally proud of this because I used MonoGame in a way that it was not intended for.
The code worked at the time it was written. Unfortunately, it does not work anymore at this time (likely due to some API update).
My first company's primary product was a CMS-like system that integrated with some archaic backends for inventory management. The CMS was likewise relatively barebones and inflexible. Most of the pages involved placing a selection of widgets that could query backend data in fixed ways into fixed positions on one of a handful of templates.
We got a client whose brand and web presence was relatively more-modern. I soon found out that the sales and design teams landed the client by promising much more than what the CMS could deliver-- responsive, hand-tooled pages with flexible layouts. The timeline was a few weeks.
I took a walk and despaired. The way that CMS pages were implemented meant that even small changes to page layouts required database changes, which themselves required DBA review (which only happened when the DBAs deigned to descend from the mountaintop). There was no way that we could also support arbitrary layouts with the fixed database columns.
An idea finally came to me and I found one of the only backend devs that was willing to play along. We reused one of the existing templates, a simple one with only one large content area. I wrote a frontend that injected itself into that page and rendered a canvas with slots to place arbitrary widgets. The entire configuration was then JSON-encoded and stuffed into the single text database column, and when the page was loaded from the CMS we hijacked the load to decode the config and render our widgets instead of the CMS field.
The company actually won an award for the system and gave out beer steins at the holiday party with the system's branding on it. Over the next few years, they retooled the entire CMS to actually support the concept as a first-class idea instead of my hack, although I moved on fairly shortly after that moment of triumph.
Early in my career in late ‘80s, I was troubleshooting asynchronous communication protocol used for semiconductor equipment. These where streams of data packages carried over an RS-232 serial cable in a hierarchical format that you can think of like XML. These were request/reply messages, but asynchronous. In order to understand which reply messages paired to which request messages, the protocol allowed for 4 “context bytes” in the header of every message. If you send over a context ID of 100 in a request, the reply or replies will include that same 100. Also for your mental imagery, please see me just a year out of college, sitting by myself in a bunny suit in a massive and noisy clean room, sweety hands in latex gloves, and usually fogged up safety goggles because of the mask over my face.
I was troubleshooting a new interface for a piece of equipment from a company called Lambda Ace. Metrology equipment like this one in semiconductor fabs at that time were poor in this protocol. In this case, the context IDs that came back from the tool appeared to be random and far off from what I was sending. I typically sent small numbers and it was sending me huge numbers. I started looking for patterns in the data and once I looked at this in Hex, it all started to come together. The last 2 bytes were always 0x4C and 0x41. In the text version of the Hex dump, it showed those were the ASCII values for the characters L and A, or Lambda Ace.
I was on an Intel processor which stored bytes in little-endian, so those last 2 bytes were higher order bits making the 4 byte number quiet large. The hack was to figure out the constant from 0x4C41 that I always needed to subtract from my reply's context bytes. I also had to be sure I kept my set of context bits to values that fit in the lower order 2 bytes. It was a kludgy hack for sure and I’m sure broke again with future tools of this type.
Once upon a time, there were computers made by IBM, Wang, and a few others that did nothing but word processing. They were massively expensive, and in the early 80's, were quickly killed off by the WordStar program running on the first wave of commercial desktop PC's.
I was contracted by a law firm to manage about a dozen temp workers to convert 1000s of Wang-formatted files to WordStar. Their IT people had us opening each Wang file with a conversion feature in WordStar, and then saving it. WordStar had to be opened and closed for each conversion. (The PCs got files from what was, essentially, a shared hard disk, but DOS and WordStar ran from floppy disks. I.e., it was all very slow.)
I spent my first few hours on the job figuring out what WordStar was doing. I discovered the conversion feature was a stand-alone program, and then worked out the syntax for feeding it a file. Then I built a batch file that would recursively convert entire directories. Needless to say, I was out of a crushingly dull job in a few days instead of a month or so.
I worked on a messaging convergence product in the early 2000s. I'd written several components including the POP3 server. The product owner had a demonstration scheduled with a potential telco buyer. Two weeks out, we learned that having IMAP4 capability was critical for the client. IMAP4 was on our roadmap, but still twelve months away. The requirement was to demonstrate IMAP4 in two weeks, not to provide a finished IMAP4 implementation, but neither of the architects could see any way of delivering a demo.
I had a bright idea in the shower one morning, went to work and told our project manager that I could deliver an IMAP4 demo in two days. I explained how, the architects admitted it would work, so I knuckled down and wrote a new API for our POP3 server that understood and responded to high level IMAP4 requests (we didn't need to return message parts or anything more atomic that an entire body).
Of course, the day after we finished testing this, the product owner decided we wouldn't include it in the demonstration, but that's life.
I had a trackball (ploopy nano) that had no buttons, a keyboard that didn't support qmk, and a WM that didn't support mapping clicks to keystrokes, so I couldn't use my keyboard to send the proper scan codes for a 'click'.
I wrote a uhid driver that listens on a socket and a cli that sends click/release events to the driver so I could map left and right click in my WM.
When my father suddenly passed away, he left a laptop protected with a BIOS password. I wanted to restore and use the laptop myself.
I bought a broken spare off Ebay, opened it up and found something that looked like an EEPROM (a 24cXX 8 pin chip) on the motherboard. With terrible SMT soldering skills, I swapped the chips and I was in. It's a pretty cool buzz when you're 19 years old. I guess the contact knowledge from my father, an electronic engineer specialized in Microchip microcontrollers, helped a lot.
Also, deeply antisocial follow-up: my father was working on a project for a company, and was deeply underpaid and died poor. I knew they wanted his hard drive to get the source code, so I made a backup, shredded it multiple times with random data and prepended the string "CrYpT" at the start. I gave it to them, said it was encrypted and I could do nothing about it. Last I heard (this was almost 20 years ago) they sent it off to an expensive data recover facility but they could not recover anything.
A story I like to tell is early high school, I was (and still am) obsessed with reverse engineering things. The school I went to had a custom LMS similar to how Canvas is used now. They'd set it up using Drupal with custom content types and a pretty intricate front-end. Knowing just a smidge about Drupal I tried using some of the alternate permalinks it generated, things like "/node/12345". In some contexts I could bypass a lot of the custom stuff and get access to Drupal's default editors which gave me a lot more permissions in terms of viewing/editing. Like a good egg, I wrote up a summary of what I found and emailed the developers. I was even nice enough to reverse engineer a solution to their problem and give them a detailed write up on how it could be fixed.
Apparently, this department had absolutely no idea that their email was publicly available. I was friends with our IT guy who greeted me when I came into his office with "Why is my boss asking me who is <my deadname>?".
I went in some coffeeshop in Iceland, and when I got there I saw locked wifi. I guessed the password which was related to the coffeeshop name and it worked from the first time. Thats my proudest 'hack'
And the luckiest hacks were when I was editing diablo 2 save files with HEX editor in FAR commander and getting tons of super cool items in the process. And sometimes a broken save file
I will tell about my most recent more significant hack. I was building a Yocto image and it failed, because it filled remaining space of my 128G disk. I run some diagnostics. ncdu showed clearly that it is all Yocto builds. Then remembering how Yocto gets lots of the same files in the build process I was curious and run fdupes to find duplicates. I took a hacky python script that interprets fdupes output to calculate the size duplicates take, I wrote the script a few months earlier for unrelated issue. It showed around 36G of duplicates. From the same directory I took a script that replaces duplicates with hardlinks, small change to the mentioned script - I know that it is a common thing for duplicate software to do, but I wanted it to work on the fdupes output, so it would not have to recalculate anything for lots of time.
I run the build and eventually it failed. It failed, because Yocto keeps inode numbers in an SQLite file for an LD_PRELOAD library, that fakes root privileges or something like that. I did a simple SQLite utility in C before and I modified it so it would put correct inode numbers for all the files. After I made it to compile I was surprised that it just worked. I run a find with -exec of my tool for those database files.
Now the build mostly worked, but occasionally it failed. I don't remember exactly, but some of the hard linked files had to be replaced with a copy. I did not investigate further to make it automatic, but I considered checking the build log and doing the copying automatically or maybe to get to know how differentiate which files to leave alone. There was not a lot of files like that and after the build I did not have to do a big rebuild like that often enough to care.
It was not smooth, but I made it work. I wondered about creating a separate BTRFS partition (even in a file) that would do the dedup hidden or a fuse filesystem that would mask my own dedup.
In my first startup I built a cellular circuit with a Quectel UC20 using only basic/educational through hole components like transistors, LEDs and resistors. The company Field engineer assigned to me and all the official schematics suggested it was impossible. My circuit worked and was one of the first IoT devices tested successfully in Qualcomm Mexico city labs.
My trading empire in the early days of World of Warcraft.
I found a trick that I called "graveyard jumping", which involved sneaking a Level 1 character into a high-level zone far enough to reach the area of the next graveyard before dying, then the next graveyard, then the next.
After a couple of days of survival horror gameplay, I had a dozen of Level 1 characters in multiple high-level areas of the world. The point of reaching these areas was vendors with rare items on cooldowns -- usually recipes or trade books.
I would log into those Level 1 characters (to sheer bewilderment of higher-level locals), buy the cooldown items from the vendors, then send them via mail to my main character in the capital, who would sell the items on the Auction House at an enormous markup, collect the profits, and send some gold to the Level 1 characters so they could cover their item mailing fees.
I never raided or belonged to a guild, but I had so much money that a friend, who was a leader of a high-ranking raiding guild, sometimes came to me to borrow some gold.
As Jenkins CI was gaining popularity, before they added native support for templating (which I think they have now. At least in their enterprise solution?)and a few other things. I hacked a plug-in together that implemented templates. You’d configure the “template job” like any normal job, except you’d use a variable syntax ($whatever or similar) for any values you wanted the template to use. Then you could create new jobs with only one step “implement template” which had some prompts for the variables used in the template job.
It would rewrite the implementation jobs whenever you saved either the template or the implementation. It wasn’t super fancy or even that difficult to be honest. Just would copy the xml and do a text replace then force Jenkins to reload it.
It was a pretty inelegant and somewhat fragile solution. But it worked for what I needed. It even was the top google result for “Jenkins templates” for a while. I eventually had someone else start contributing bug fixes and I made them the maintainer.
I wiped a scammer's email campaign software database one time after receiving a Bitcoin extortion email from them which spoofed my email to make it look like it came from me and bypassed gmail's spam detection. This was several weeks after Ledger leaked their customers' information. Not my proudest moment, but I think the receiving party deserved it.
In the early 2000s, the web hosting industry was still evolving quite a bit. We had recently started offering PHP and MySQL as an alternative to using Perl CGI scripts.
Then we notice the server is getting terribly slow. They were under a high load and finally my boss at the time figured out why: The disks were being hammered by database reads and writes.
I was the junior most among the three of us who managed servers, and I recall standing In a circle one afternoon discussing the problem and possible solutions.
We considered things like building dedicated database servers, And I really don't recall what else. But while I was thinking about the problem, any delightfully simple answer came to mind.
I presented my idea and it was adopted right away. Better than that, it solved the problem.
The hack? Install another hard drive and put /var/lib/MySQL on it.
These days that would be a terrible solution. But back then we were running things like Celeron 300s in giant 4U cases and had plenty of power and space overhead to make room for another disk
In the mid 90s I was trying to figure out how I could play quake on my local lan as well as with friends on the (young at the time) internet.
The only thing out there that would support it was this software called WinGate that did a thing called socks proxy.
The problem was that WinGate cost over two hundred dollars, which I couldn't afford and I refused to pirate it.
I was reading a book about the internals of the IP protocol and I had an idea...
What if I took the traffic that was addressed to an external IP address and assigned it to a high port number, specific to each computer. When I got network packets back on that high number port, I could rewrite the IP packet to deliver it to the originating computer.
I coded up a minimal little working example in C.
What I didn't realize at the time was that I'd basically (re) invented NAT.
I never ended up developing into a robust solution because it was around then that the Linux kernel added "ip masquerading" with a custom kernel compilation flag, which did the same thing but better.
Basically zero effort/intelligence compared to a lot of these, but the business wanted backup records from our CMS (of sorts), because they were gun shy of catastrophic losses after spending like 250 human hours on manual entry the last time. Thing was, the API provided zero means for export, either mass or individual.
Motivated to prove myself, I ended up writing a crawler with all kinds of contingencies for the crap UI, which would press the "Download" button that downloaded each record as a JSON file (couple thousand of these). Then my little node app would shoot the JSON files to an S3 bucket for safekeeping, parse them, and save each record in DynamoDB I believe it was.
Doesn't take a genius to come up with the idea to write a crawler, but no one else did, and the business was entering a state of frantic desperation re: this issue, so I felt pretty smart for a bit.
Then a few months later they abandoned the CMS and all it's corresponding data.
In the late 90-early 2000s, all the rage was PHP2/3, flash and IRC. We had a small hosting company with a friend, backed by a workstation in his room.
We would host small websites with PHP and PHPMySQL, as well as eggdrop and bouncers.
Most of these kinds of hosting were flaky and half baked at the time, and we were no exception. There was a brutal war of who would become the biggest host of egg drops and bouncers.
I'm not specially proud of it, but we did manage to find some PHP vulnerabilities on some competitor website (the typical kind at the time, where you type "?page=index.html" and that would load anything).
We managed to upload one of our PHP files on their server as an avatar on their PHPbb forum, and could then execute it with the include-from-url vuln.
We then proceeded to host eggdrops as PHP scripts on their servers that we would start by just loading the page we uploaded there.
No real harm done though, I think both us and them were just teenagers way too concerned by IRC social status :)
I’ll start by saying I’m a lawyer, not ever a professional coder. Years ago, I wanted to help a friend translate a Japanese video game and release a fan translation. I had some experience in assembler a long time before it, but I had forgotten most. I had little experience in disassembly. I also had never learned anything about compression algorithms or theory.
Turns out this particular game company (Falcom) had a habit of implementing their own compression on their assets. So I had to painstakingly read the disassembly. It got to the point that I had notebooks of hand written disassembly so I could read and think about the code when not at a computer. Eventually I figured out how to both decompress images and text and then save the decompressed assets in a way that bypass the compression. I wrote the hack and patch and was super happy. Of course it blew up the size of the game assets for translated materials, but it worked.
At one place I worked one of the perks was you could buy their products at ~cost, and the way they'd do this is by sending each employee a load of coupons that they could redeem. When I got my coupons through I noticed they looked remarkably sequential:
HDGT26YA
HDGT26YB
HDGT26YC
HDGT26YD
...
Half an hour later I had a list of 10,000 working coupons with a value of a few million (if you could somehow redeem them all). I emailed some marketing manager who'd initially sent them out and got a snotty reply along the lines of "This isn't a problem p.s. please delete those coupons immediately", then started CCing in people progressively higher up the chain until they decided it was actually a problem. A couple of weeks alter a fresh batch of coupons came out that were better randomised.
Not that big in the grand scheme of things but pretty satisfying for an afternoons work.
basically, redesign the arguments for a function such that I can call it again at a given spot with one parameter changed and, to a first order approximation, it acts as if the function is resumable.
I've used this trick in a few places now, just recently in idiomorph to allow head elements to load before the rest of the content is morphed:
I once realized it was trivial to dynamically load a ruby class & module on a request-by-request basis in a rack app, which invented an easy way for a group of non-programmers to modify a rails apps views by overloading methods in a file called FooBarCom.rb where FooBarCom could be any domain the app was hosting. :-)
I built a software implementation of a half-QWERTY keyboard:
- in ObjC, with no prior knowledge of it or any lower level language than PHP or JS
- by dynamically switching the OS keyboard layout to a custom reverse-QWERTY one I somehow figured out how to hobble together
- and a daemon to restart it when it crashed because I presumably had horrific memory management issues I didn’t know how to debug at the time
- with one hand, because my left hand was unusable for a couple months after a serious bike accident
… all so I could keep working at a normalish pace, because at the time I couldn’t afford to take time off to recover, much less fairly expensive (to me at the time) and patent encumbered half-QWERTY keyboard hardware.
There are other use cases [not just those ;) but also those], but that little pile of hacks legitimately prevented my injury from being a life destroying catastrophe.
I’d share the pile of hacks but I probably need to run it by lawyers first.
Had a job in a NOC at an almost empty datacenter doing nothing for 12 hours at a time without the ability to watch YouTube (streaming video wasn't yet a thing) to pass the time. Upon noticing embedded YouTube videos had no issue getting past the corporate firewall I realized I could make a simple html file with the embedded links to the YouTube videos I wanted to watch and I could sit there entertained for the 12 hours. I found the ID's by searching google adding the embedded prefix to the ID in the html file. Not much of a hack, but 12 hours is too long to sit there without video.
The second "hack" I performed in this role was adding the default route 0.0.0.0 back to a Checkpoint firewall after an MBA genius deleted it thinking it was erroneous. Look, the datacenter is back online!
I was reading Twitter and someone posted a tweet with a photo and that it was created in CSS. It turns out the post was a hoax, but I figured that you can actually create photos in CSS, using box-shadow hack (you create 1x1px div and each pixel is single box-shadow). I was using it few years ago to create pixel graphic editor demo. So I've created something quickly on CodePen that get all pixels and create one big box-shadow. When I opened Google Chrome Dev Tools to copy the code it frozen because it was few MB of box shadow data. I was able to copy the text eventually and create HTML file. Later I've added a way to download a HTML file with your image on CodePen.
Hacking Wc3 custom maps to unlock all the good stuff by modifying memory.
(I was 9 but I still haven't recaptured the same pride of 'beating the system' even in such a trivial arena)
Unfortunately all downhill from there, even shipping market disrupting SaaS feels like a step back in problem solving.
Back in the nineties, I walked out of a training session on animal capture and flew to a little island in the south. I was surfing its eastern shore, when my vision began to flash.
W̴̯͊̉̄͗̇͛h̷̻̯̗̖̝͖͓͗̇̆͒̈́̏͑͛͜a̶͉͔̗̖̘̹̾̓̂̑̈́͗̈̅͋̎͜t̷̢̼͓̺͓̬̩̥̟̺̋̈́̓̑̉̔̚͝ ̸̞̰̜͕͙̰͓͍́̀̓́̈́͜͠h̴͈̑́̍̕̚͠a̷̢̗̼̹͆͑͑͊̔͊͛͑́̒͜p̴̧̧̮̻͓̗͍̔́͗̿͗̚p̵̰̰̘̤̜̘͕̈̉͜ę̵̬͖̺̬͇̦̃ͅn̴̢̡̛͉̹̮͗̀̚e̷̤͈̭̱͋͆̑͑̓͝d̷̛̲̩̓̄̈́̀́̉͝͝ ̴̛̛̯̽̃͛́̕n̸̢̛͉̺̜͕͕̑͝ě̴̫͎̪̦̠̫̣̈́͆͛́̿̈́ͅx̶̡̫̯̙̝͉̹̰͔̉̏̾́̋̂t̴̯̪͒̐̅̈́̈́͝ ̷̡̡̙̮͓͔͇̗̠̒̐̾͑͆͘ͅw̴̨̢̛̠̅̐̈̕͠a̶̖̥̼̪̗̟̝͕̅͗̊̚͘͠͝s̶͈͉̼̘̰̰̄́͆̃͠ ̵̨̨̛̱͉̼͔͙̠̦̌́̃̊̿̔̋̀͝ḿ̷̢͙̩̫͍̜̹̓̐͑͜ơ̸̮͍͒̈́̎̾͛s̸̪̻̥͎͍̿̈̇͌͜t̴͇̞̲̊̉͘ͅ ̸̨̰̤͔͚͌͠p̶̠͋́̽̌͂̀ē̵̼͍̙̹͙̦͔̬̖͆̈́̔̊̋c̶͎̊͛͑͂̈u̵͈̰͎̙̲̓̓l̸̜͙̘͕̤̣͆̅͛̀̔̚̚̚͠í̵͔̘̺͈̹̰̓̀ā̶̡̝͕̺͇̪͙̎̊̎̓̀̒̌̀̋ř̸̳͊̂͊̎͑̊̕͝…̷̨͍͓̱̥͔̠̅̌͑̈͝
I help support 3rd party plug-ins in our apps. I was debugging an issue a customer found that involved a 3rd party plug-in. So I went to the plug-in vendor’s website and downloaded the demo of their plug-in and installed it. But I noticed that none of my debugger breakpoints were being hit. It turned out the plug-in was disabling the debugger using a system call. So I figured out how to trap the system call they were using and replace it with an immediate return so that patching out the debugger did nothing. I was then able to debug everything, including stepping into their code which would have allowed me to see how their copy protection worked if I had cared to.
In my teens, we would swap Commodore 64 games with each other. One day, I discovered that I can use a hex editor to change some stings in the games, writing my name or other silly messages in the games before passing them on, to surprise my peers!
Some early Web forum software packages were vulnerable to SQLi and XSS and that was pretty nifty.
What I found more entertaining was that two of the biggest names of the era were also vulnerable to commands to terminate forum text entry boxes, and begin displaying other parts of the page. Thus, a creative security tester could end the text fields box, and add commands to display other things.
Because part of this was interpreted server side, and partly client side, it was like a two for 1 enabling command execution server-side, and opening up the door for client side nefariousness too.
Providing a handy working link to download the SAM file on Windows from the repair directory, or output /etc/shadow
Had a school homework problem: Find the last 3 digits of 7^9999. We were supposed to try manually and see that it was periodic. Instead I used my home computer. I had 12 Kb of memory, so using 1 byte for each digit I could have the result in memory once. I did the multiply by seven with seven additions, as the CPU didn't have multiply instructions. (RCA 1802, if you are curious). I managed to get the result, saved it on a cassette tape, and went to see a friend who had a printer. Printed the number out, if I remember right it was about 3 pages long. Drew a circle around the last three digits, and showed to my teacher. She was suitably impressed.
I once signed up to a service (privately run VPN thing) run by a university club that required confirming a real university student email address without having such an address. So, you needed to click a confirm link sent to "studentfoo@uni.tld".
Then, mostly as a goof, I tried signing up with an address like "studentfoo@uni.tld@example.com" where I controlled the second domain. Lo and behold, the confirmation email showed up in my catchall inbox on that domain.
Pretty sure the only check the site did was .contains("@uni.tld") and assumed it was good enough. (or whoever wrote it put it in as a backdoor) Really regret not reporting that bug to them.
One of the new ones: I started using chatGPT to write feedback for an annual review. I would have never be able to write such bullshit without feeling sick, but the model amazingly well - I apply only minuscule changed to the generated text.
I was performing as the principal bassoonist in a symphonic band concert. We played a piece or two, the audience clapped, and when I sat down, I looked down and one of the pads had fallen off one of the highest keys. The pad is what seals the hole allowing the instrument to play different notes. Since I effectively had a leak at the very top of my instrument, I literally was incapable of playing anything at all. The bassoon turned into a squeaky toy.
Anyways, as we began the 3rd piece, I looked at the 2nd bassoonist and told her she would have to play all the solos (which she hadn’t prepared for).
At intermission, I had a crazy idea, so I found my sister in the audience and asked her if she had a stick of gum. To my delight she did, so I chewed it up, stuck it to the back of the pad, and put the pad back on the instrument. To my surprise the hack worked, and I was able to complete the rest of the concert.
tl;dr: My snot nosed 20 year old self violated a school-owned $20,000 instrument with 10 cents worth of chewing gum at intermission, but managed to play all my solos, and then afterwards learned how to properly reseat pads with a lighter.
My son plays the clarinet. Last year he lost a pad. (He has a nice instrument that he plays often). I went to a reputable shop and they said one should always replace all the pads at once, some were loose, and a complete revision was in order. The cost was €350.
I told them I would think about it, went home, ordered a set of pads online for €7 and replaced the missing pad myself with the help of a couple of youtube videos.
The clarinet has been working perfectly since. Two months after my repair my son had an exam at the conservatory. I was a little worried because it was a formal affair with a jury of five professionals and should the instrument have an audible whistle of some kind I was sure they would noticed it.
He passed with flying colors. I was proud of him, but also of my repair.
Following up on my World Cup '98 adventures [1], on June 30th 98 I was home for the first time for a very long time, and suddenly I realized that the Argentina-England round of 16 was beginning, and Carlos didn't call me to check for updates on the software before the match (there were bugfix updates every day up until the last few days).
I called him "you didn't call, did you update the software before the match?"
- "I didn't want to bother you, all is under control"
- "The latest software is the only one managing overtime and match end penalties, if you didn't update and the match end on a tie we're in trouble. Like we can't display scores to 2 billion TV viewers."
- "Shit, I didn't check and didn't upgrade. Let's pray..."
What did you think happened? 90 minutes of game later, we're on a tie, and the software doesn't manage it. Of course it's impossibly risky to upgrade the software once the match is ongoing anyway.
Fortunately we could manage overtime manually by resetting the match in the software, then adding goals before starting up.
- "Let's hope there are no penalties..."
What did you think happened? Overtime ended, and still a tie!
So we resetted the timer and score again, but we had no way to use the software to display the correct scores at the very end.
Therefore the only way was to manually update the score directly in the Antero software on the SGI Octane (instead of using the remote control PC), by rapidly typing in the data seconds before setting up the page on air. Of course, I was the only one knowing how to use Antero, so I was in front of my TV, watching the live broadcast, and telling Carlos on the phone as soon as the referee blew his whistle:
"On the keypad type 5000 then Enter. Hit tab twice. Enter 4. Hit Tab twice. Enter 3. Tab 4 times. Enter 5. Tab 2 times. Enter 3. Hit Escape. Press shift+* on the keypad. Press Ctrl+Enter on the Keypad. On air!"
And there it was on air before the world's eyes, correct score and stats.
At a previous job we had a process on a server that was connecting to a third party system, but the third party system was speaking a version of SSL/TLS that our process couldn't connect to (I seem to recall there was an F5 load balancer between us somewhere?). Since we couldn't change our running system to support that SSL/TLS, we stood up another machine with mitmproxy and pointed our process to that. Took about 3 days of trouble shooting and 1 hour of resolution.
I dialed into a BBS that had pirated content. After creating an account you needed to wait for 3 users to vote up your access level. I created 3 more users and voted myself up.
I fixed my "broken" washing machine by bypassing the "drum is open" (while it is not) security with a single magnet. It was 10 years ago. Not the best engineering or smartest idea but I really appreciate how the simplest trick allowed me not spending money on a new one. And I really didn't want to. I'm still amazed by it every time I wash my underwears and I'm like "Yeah. F the system" looking at that small magnet.
I hacked Lotus 1-2-3 release 1a to remove the necessity of inserting the distribution floppy to start the program after installing it on a hard drive. The floppy had an "extra" dummy sector, and the hack involved NOP-ing out two instructions. I had to disassemble the released code to find it, which took a while. The hack only took seconds once I knew what was going on.
I posted the hack on the old Compuserve BBS and it had over a million downloads the last I looked.
My proudest hack would have to be when I figured out how to bypass the administrator password on my parent's computer. I had been trying to access certain programs and files that were restricted, and after some research and trial and error, I was able to successfully hack into the administrator account without them knowing. It was a satisfying feeling to finally have access to everything on the computer. It was the Windows XP era.
My side project is built around a major hack, overriding the pause action on your headphones. Pressing pause will shift from music to podcasts and vice versa. For reference: https://shiftfm.app I made this (with my friend) because we often shift between podcasts and music during workouts, and its just super nice to be able to do it without using your phone.
When I applied for my first job at 18, I got really bored with sending CV's. Spent a few days developing a website that scanned job applications online for emails, then made a Python script that sent out pretty generic applications. It attached my CV to the email too. Pretty handy as a first-job type of deal, but would never use it for anything that requires discernment. I got three offers out of it, picked one of them.
In the early 80's I built an Apple II clone. There was a known problem with power supplies failing due to excessive (short interval) power cycles by the user. This was due to the game developers hijacking the reset key forcing the user to cycle the power to reboot. I modified my ROM to force a reboot when a joystick button was pressed at the same time as the reset. Then they introduced the IIe ... and stole my idea :-)
another one, not much of a hack, more of automation
2001
I worked for a localisation company and we had to do this mind-numbing work that involved opening an image, selecting the picture, cropping it to a certain size, selecting the image, adding a feather to the selection and adding a faded border around the edge, in photoshop
I discovered photoshop actions, which let me record a macro and automate and chain together a bunch of actions.
For weeks, I always had my work done on time. like, a few hours of work done in the first few minutes of the day, and I could spend the rest of the time surfing the internet.
Then eventually I messed up - the format had changed slightly but I was using my old automation and made a record number of mistakes. they were on to me. my team lead made me show him the trick, and introduced it across the team. And for the rest of that month, we were the most productive team in the company, and all had our work done within half an hour of the start of the day, and the rest of the day to mess around on the internet and play games (I wanna say doom but that seems super old for the time - maybe they were just shitty PCs and couldnt handle anything else)
Most recently, it'd had to be how I added event generation upon completion of commands over ssh at https://nudgenotifier.com/ without installing Nudge on the server side.
I look for hostname@ in the streaming stdout of my ssh process and if I see one, in addition to other heuristics, I notify that a command completed over ssh.
I hacked a running magazine’s online poll for “best high school runner of all time in $homeState” to have my friend (who was extremely talented and went on to run at Stanford) as #1. I don’t remember exactly what I did but there was a nonce related to epoch time and I had to rate limit it. Everyone’s friends and family were obviously voting multiple times but I was the only one to automate it
High school, ca. 1994. I had written a history paper in TeX (just plain TeX, not LaTeX) and somehow the PostScript file (we didn’t have PDF then) I had generated at home got slightly corrupted on the floppy and wouldn’t print correctly on the HP LaserJet in the school computer lab. Somehow, I opened the .ps file in EDIT on MS-DOS and was able to fix the file to the point where it printed.
i just told this story earlier today on HN! It's something I did just in the past few days, but it is quite satisfying.
My site has recently been the target of some extremely aggressive "card testers" (criminals who have huge lists of stolen credit cards; they use bots to stuff small donations into donation forms to test which cards are still working). At first I just blocked the offending IPs, but they kept finding new IPs, creating a lot of annoying work for me. So I pivoted--instead of blocking their IPs, I started feeding them randomly generated false responses with a statistically accurate "success" rate. They are trying to build a list of working cards, and getting absolute garbage results.
It is still ongoing, but so far they have run ~50k card tests in over a week, and 99.9% of the data they have collected from us looks legit, but it is totally bogus. It pleases me to know that I am polluting their data, and ultimately wasting a lot of their time and effort. Consume excrement, evil-doers!
Good one. At first I didn't get how this worked, but then I figured you run a donation site. One idea for you: if you can distinguish the illegal card validation attempts from 'normal', keep them - card companies pay for up-to-date pools of stolen card numbers to weed out the fraudsters from thei stream of transactions. Though this potentially violates PCI-DSS.
I was pretty proud of some software hacks I did in the early years of my career, but later came to the conclusion that it's always better to avoid using such tricks.
I'd still use them if there just was no other way - or if I needed a time-critical band-aid that stops the bleeding for now, while I work on a proper fix. But these days I feel more ashamed rather than proud afterwards...
WinNT 4 days, default permissions for windows/system32 were wide open. Replace default.scr with a copy of cmd.exe.log off and wait... Boom command prompt running as System. Easiest way without debug/admin permissions to get a copy of the windows PAM file. Think it may have still worked under Win2k. Eventually they stopped running Screensavers as the system account...
I hacked a water dispenser timer into my fridge. Maybe not proudest, but definitely most visible and useful.
In the process, I accidentally damaged the (secondary) ice maker, so I called an appliance repair tech. After I explained the situation, he said I had a better chance of repairing it than he did.
It's a real world version of a bug that I was clever enough to create, but not clever enough to fix.
Use kitchen scissors to cut and any herbs . At our university we cannot park closer to our classroom building because that parking was reserved for only professors. However I observed that the people who check if any students parked in that parking area come at specific times . I made note of their schedule and used to park and remove when they about to come
In Magento (but can be applied to any type of product really), I added XSS to all $_POST requests in code and managed to find an XSS. Even though it was self-XSS and I didn’t receive a bug bounty, it was a really simple way of finding it. I’m sure there are browser extensions that do the same but still. Same could be applied with SQL injections.
Had internet outage one day, and i managed to write python script to make the chrome dino run autonomously, without any tweaks to the game and did through screen capture.
I have so many but the one I always look back proudly on was non-technical and fairly devious. I was a disaffected middle-schooler. I had lost my science book which I would have to pay for if I didn't find it. I had, however, "procured" someone else's science book. The problem was that all the books had been numbered on the edge by the teacher who kept a list of which student had been issued which book. I wanted to somehow make the number of this book match the number of the book I had lost but they looked nothing like each other. So ... I took a marker and crossed out the number on the book. Then I wrote the _same_ number right next to it. Then I took it to the teacher. I said "Hey someone stole my book and tried to pass it off as theirs!" The teacher took one look at it, said something like "what an idiot" and then proceeded to update the list with my name for that book instead of the original owner's. I don't know what happened to the other kid - it never came back to me. I felt bad later but believe me it was a deeply satisfying minor victory for me at a time when not much was going my way.
My still-favorite was a little 10-liner bash script that checked for a 200 response from http://organization.tld (from the webserver itself, but running out to the internet and back to find it)
This one is so silly but also, was one of the first hacks I ever executed.
I was a kid, trying to play the game "Thief" on a newer computer. The game would never boot, always crashing when it tried to load video. I found all the video files, and deleted them, and the game worked. I felt like a god.
My proudest hack was completing my bachelor in 2 years instead of the usual 3 (The Netherlands). I could just enroll into 3rd year courses. I told my study advisor this. He told me that it could not be done with a very stern face. I told him: I'll prioritize my second year courses over my third year courses, deal? He reluctantly agreed. He told me I'd burn out. He was wrong. Well, at one point I almost did but that was because I did 6 months in 2 months for fun (done that for a whole year, it'd be 1 year in 3 years). I realized that 2 academic years per actual year was my comfortable study rate.
He gave me a graduation speech where he expressed his surprise as no one had done it for a very long time.
Meanwhile while putting stuff like that on my CV (including stuff like cum laude, TA, teaching as a web development bootcamp instructor, some actual programming experience, hall of fame with computer graphics engine building). No one cared :')
Other than Facebook (3 years after graduation), no one interviewed me at a FAANG. No cared about my big achievement that I'm proud of. People don't get it. You think it's only possible in 3 as if it's a set in stone rule (people at my uni certainly believed it) and you defy that and succeed! The disbelief on people their faces. And I shared my exploits and other students were able to do it too! The sheer rebellion of it all! Yea, it was fun :)
For anyone in uni, you can most likely do it too.
The fact that no recruiter or hiring manager at any hip company I wanted to work at cared, it made me bitter for a few years. I really wanted to work for a big tech company for those few years. In truth, I wanted that because I wanted to earn some good money while being fully immersed in the tech world and just focus hardcore on tech. I never got that opportunity (other than FB, which I failed). Focusing hardcore on tech, I did get that by simply studying at VU
Instead, now I work 4 days per week and am mostly working remote living my life as a digital nomad. That's my hack to the question "how do you become rich right now?" If you're single, work 4 days per week and travel. I'm on a Western European salary, so it's doable but I'm not making any savings. Like I said, it's a hack.
And if you're like "we meant computer systems!" Well, it wasn't specified, so I could hack my answer ;-)
I played a lot of hackthebox.eu and I realized that: hacking is a spirit.
I have a theory that some companies have a rage meter on customers on hold. I find that if I yell expletives at the hold music before getting connected to a rep initially, I get connected faster. Usually there’s a brief ring before getting connected to compose yourself :)
I had opposite experience with a health insurance company where it hung up on me. They have so many angry callers that they filter them out when the voice menu fails instead of giving you a person.
My experience with SuddenLink was also similar. Their voice driven menu was so much accent sensitive that my English with Indian Accent was not getting recognized most of the time, & then system was simply disconnected after saying, please try again.
If you have a very oily/stained Tupperware container - put in a drop or two of dishwashing liquid, a little bit of warm water, and a ripped up square of paper towel. Put the lid on and give it a shake for about 20 seconds and the container will be good as new again.
Captured the requests in a flash client used in a 6 hour defensive driving class to skip to the last page. Got my certificate. My friend did the same thing and the company reached out trying to figure out why they were getting all of these database errors...
I hexedited an old Devart DLL that refused to pick up our valid license with the Mono License Compiler to just... not check for a license. I had to find the exact right byte pattern manually then flip the flip 2 of them to a brfalse.0
Worked for a web hosting company. Created a regional routing and fail over mechanism that leveraged the CDN's own cache to store routing information so sites could be dynamical and individually re-routed by the CDN.
I rewrote 2,650 lines of C as a seven line shell script. The previous programming team had written a data transfer program with its own implementation of ftp. I just used the one that was already on the computer.
Thanks! I may be fine tuning the installation process on newer Ubuntu/Debian if I have time over the holidays.
(the code is stable, that's why there are no new features, although I do plan to move up from Python 3.5 to whatever is the least common denominator across distros to clean up a few things)
only just remembered this. going back about 20 years. a radio station was having a competition to win $5k. the game was, you had to identify all the song titles hidden in a block of text they read out only once. I worked in a net cafe at the time, so I used one of those digital radio services and recorded the blurb, played it back several times until I got all the answers and fired in the answer using webtext, where I had already pasted in my name and number.
I was able to copy a c64 cartridge by inserting it crooked and then dumping the memory to floppy disk. Then you could load it and run `sys 32768` to get it to run.
Reverse engineered the proprietary cryptographic hashes used by drivers of a major game console so I could use the devices for digital currency mining.
This isn't my most elegant hack, but it is the one I'm most proud of given both the stakes involved and the amount of learning I had to due under pressure.
This is the story of how early in my career (~15 years ago) I saved the jobs of 100+ employees along with $20M+ of accounted revenue...
I had built an application that had become the core of a large and prestigious business (can't describe the software or business sector due to NDA). One night I get an alert that one of the drives in the server hosting the application was failing and needed to be replaced -- not a big deal since the system was running RAID-5 so it it could take a hit. So I contact the IT company providing service for the business and they sent out a tech...
.. who was a little green...
When they reconnected the drives to the motherboard they were out of order and the RAID controller went to work using the new (zero'd out drive) as part of the main array. The tech freaked out when the system wouldn't mount and then proceeded to swap the cables around several times while rebooting!!
This effectively "encrypted" the drives!
I get a call much later that night from a crying tech informing me that the machine is trashed and that the backups had failed!!
I immediately drive to the site and collect the hard drives to bring back to my home office, first thing in the morning I purchase several large drives to duplicate on to and return the original drives to the business so they can send them out to a pro data recovery company.
Upon examining the drives I learn that there are three different partition schemes across the four drives which are using RAID-5 with LVM, but with unknown RAID parameters...
So I start hitting the books, and by that I mean reading the source code for ext3, LVM, and MDADM -- at the time the relevant block level device driver code for MDADM was extremely terse, almost un-commented, and in German, which I do not speak O_O
I took several 16-20 hour days of pouring through sector by sector hex dumps of the drives, but I was eventually able to line up and decode the LVM header blocks and work backwards to find the ext3 superblocks and the start of the filesystem. I then wrote my own RAID-5 virtual loopback device driver that knew about the permutations in the data blocks caused by the drive shuffling and was able to extract a complete filesystem. After hand patching the superblocks I was able to mount it and recoverd all of the mission critical data!
Prior to this I only had an abstract sysadmin-level knowledge of Linux filesystems :)
Also, the pro data recovery firm wasn't able to recovery anything and tried to lie saying that the drives were physically damaged! The CEO and CFO had me sit in on the phone call and jump in to correct them, the tech from the recovery company was speechless and then accused us of trying to set them up! We (the C-levels and myself) had a good laugh and then went out to have a couple drinks ;)
I was working during high school for a non-profit in the 90s. They had machines that were on the end of life-cycle. One had a hard disk that was making huge noise similar to circular saw. I knew from experience that this sound probably comes from the resonation of the mechanical metal disk on top of the hard disk, and it can be solved by pushing the disk in just slightly. And it worked.
Another one was during high school as well, as an exchange student. In the computer science class there was a certain network game, and we were joking about high scores. So I checked out the score file format using hex editor, and created a tool that was able to modify the high score table.
When in the university, I needed to graduate soon, as I was heading to Silicon Valley. I had one weekend reserved to do a major statistics assignment. The assignment had to be done using a certain MS-DOS based tool, created by the professor. I had planned to use university computers to do it, but my electronic key had expired. It was not possible to extend the key during the weekend. It was possible to get a license for your own laptop, but even that required somebody to give you the licensing key, and that was not possible during the weekend. So I started my assignment by cracking the licensing for the tool. The licensing was based on a challenge, that was based on random number. Fortunately for me, the random number seed was the time (in seconds). So I put the machine to work for the first night, and it was able to brute-force the right challenge by resetting the system clock before each trial.
Later years one hack that I was proud about was creating an entry in the Linux drivers for my digital camera, and I submitted it as a patch as well.
Not a Windows guy, but I was working on a server software that was also ported to Windows. We had a weird timing bug that we knew approximately how to reproduce, but it was so rare we could not do it, and it was happening only with production version, not debug version, and only on Windows. We did not have a core dump (or whatever that was called on Windows at the time). So I created a framework to start the server, execute the operation on the server, and use Windows facilities catch crashes and save the core dump. With that framework I was able to find and fix the bug.
My latest proud hack is a system for time lapse microscopic photography. I have a lab microscope, and I mounted a Canon DSLR on top of it. An Arduino is connected to the camera through remote shutter port, so I can wake up the camera from sleep. I had to create the shutter control hardware on the Arduino from a remote shutter button. The Arduino is also controlling a stepper motor, which has a Lego wheel on, which on turn has a caterpillar track, which in turn is controlling the zoom on the microscope. This allows me to control the Arduino zoom. Then I have created custom keep-focus software, which uses images from the DSLR, and calculates how close the image is to the original, and tries various adjustments to find where the focus is closest.
edit: Actually saving the atomic numbers of all the periodic table of elements to my calculator as variables lets you do chemistry math with "He9" resolving to "18" might be better than the below.
I had - ahem - acquired some user logins for my local ISP. Not knowing any of their dialup numbers on account of not being a customer, I just called them and asked for it. They gave it to me no problem.
The weakest chink in the armor of any company will always be its humans. The unpatchable hole.
Runner up: I was noticing that if it was really quiet I could hear noises from my speakers even when nothing was playing from my computer. I eventually listened long and closely enough to hear that it was a local radio station. In a flash of brilliance that came from where I don't know, I looked up their website and emailed their engineer. I got the most detailed and thorough response I think I've ever received back from a cold email.
A protip in that vein: If you want to read a scientific paper but can't afford the journal fee online, email the author(s). Turns out they love when people are interested in their work, have the right to share it, and will send you a copy 100% of the time I've tried this. Sample size: 1
I'd have to think more about "proudest" but here is a recent one:
Reshaped RAID by
* LVM moving entire storage off to external iscsi SAN
* wiping the controller config and recreating it from scratch in desired layout
* migrating it back from SAN
(before the whiners, it had backups and it was a node in cluster so even if it died no availability loss).
Similar weird admin trick was
* removing all of the nonessential LVs in LVM
* creating a big fat file in /dev/shm (essentially ramdisk)
* migrating storage to that file
* shredding content of hard drives
* voila, shredding drives of system without restarting and with still having ability to clean shutdown it.
I really liked your probe ... and yes freebsd-update(8) may be useful for small updates from -pX to -pY but large updates like from 12.1 to 12.2 are real PITA.
The HardenedBSD (FreeBSD fork) made its own hbsd-update(8) tool which just fetches whole new OS and after extraction installs/updates needed things. But its PITA for small updates :)
Sorry to hear you have bad experiences with FreeBSD Froums ... but to be honest I do not often go there now - just ocasional visits.
I used to love BSD forums when the BSDForums.org existed. Then we started over with DaemonFroums.org as BSDForums.org was shutdown by some asshole admin ... and not long ago official FreeBSD Forums appeared.
Not sure why they (at FreeBSD Forums) would chase you as you provided really nice solution/frontend to freebsd-update(8) tool.
It's a strange thing, people like Shaun Webb that demonstrate high intelligence in a specialized field can simultaneously be mindless sheep and follow/advocate "the current thing"...
OpenBSD had a similar issue with pkg_add, later it used caching (and anyway, curl connects much faster than ftp(1) ) and package updates are much faster now.
I ended up hacking the radio firmware to bypass the signal processing and stream the raw received samples from London to Sydney. I hacked a radio in Sydney to feed the London samples into its signal processing, then streamed the resulting samples back to the transmitter in London. I now had an LMR base station running in real-time over the Internet, with the radio hardware in London and the signal processing in Sydney. I was able to attach a JTAG hardware debugger to the DSP in the radio running the signal processing and find the bug. From there we did a firmware release and uploaded new firmware into the radios in London. Our radios stayed in and handled the stage management for the Opening Ceremony of the London Olympics.
Edit:
The customer must have been happy with the outcome, as they ended up using our radios for the Sochi Winter Olympics two years later.