I’ve been sitting on a few bookmarks without posting them because they are just too short to make into a whole post. Of course the logical thing is to put them together to make one awesome blog post.
The first is for the fellas. I have always felt that one of life’s little joys is urinating on ice (TMI?). Snow makes a good substitute as well. Well here is something that lasts a lot longer and is potentially cooler:
The next is for the grammar nerds. You know how when you quote a passage with a typo or grammar error you use [sic] to designate that it wasn’t your mistake but the person’s you are quoting? Well what happens if the person you are quoting put [sic] when there wasn’t really an error? Check out this post with the possibilities. This reminds me of my obsession of using parenthesis within parenthesis (not that I do it that often (but I would if it were more socially acceptable)).
Here is one for the computer nerds – what is the most common phone number? What does the internet think is the most common phone number? Not the same thing! The number 2147483647 is the largest 32-bit signed integer, so if a website stores the number that way and someone enters a number larger than that, their phone number will be stored as 214-748-3647. Which begs the question, who in Dallas actually has that number and how many phone calls do they get that aren’t for them? Keep reading…
My vocabulary is shrinking. I know what you are thinking – the answer is no, I didn’t just take the SAT and then forget everything. This is self-imposed shrinkage.
First a story
I remember a time when I was fairly young that we went on a hike. It must have been pretty long because I made a lot of comments like “we still have a long way to go”, pretty hot because I made many comments like “it sure is hot”, and a pretty big mountain because I made multiple comments like “wow this is steep”. I wasn’t whining, just saying aloud the things that went through my brain.
Fast forward a few hours – once back home we triumphantly retold of our conquest of the mountain. But the stories that I heard from the others did not match my memory of the event! They claimed that I was complaining the whole time. Did I think I was complaining at all? Nope. Just observing. Facts. Turns out that my intention did not match the perception of those around me.
How is this relevant at all Brian?
Today I am attempting to drop two words from my vocabulary: BUSY and TIRED. Attempting? Nay, RIPPING OUT WITH MY TEETH!
These words are great for making excuses. Excuses are a crutch. You know why I’m not drinking tonight? I want to get a good night sleep to enjoy tomorrow morning. You know why we haven’t hung out? I value the other activities in my life more. Straight up. Of course I won’t always provide those answers when asked, but it means that I won’t convince myself that it is because I am tired or busy.
My fear is that anytime I claim to be busy or tired it is going to be perceived as complaining. Couldn’t be farther from the truth. The reason I’m busy is because there are a lot of great people in my life and a lot of things I want to do while I’m here. The reason I’m tired is because I occasionally try to push my limits.
Fake it till you make it
Once I stop saying these words out loud, it is only a matter of time before I stop even thinking them in my head. When I no longer consider being busy or tired an excuse, I have arrived at my goal: to evaluate decisions honestly. No more lying to myself.
“To give anything less than your best is to sacrifice the gift.”
-Pre
How does a distance runner who never held a world record or even won an Olympic medal make such an impact on the world? Steve Prefontaine was a winner, the kind of guy you want to cheer for – an average Joe that proved what was possible if you are determined. Sadly, Pre died over 35 years ago, at the age of 24, before reaching his full potential.
Pre ran track at the University of Oregon during the early 70’s and wasn’t your typical hero athlete. He was a working-class guy from a small coastal logging town in Oregon and had a little edge. A rebel with a cause if you will. He was very outspoken and an absolutely ferocious competitor.
In addition to showing his tenacity on the track, Pre fought hard to overturn the amateur status for track and field in the Olympics. Even though the athletes were generating millions of dollars in revenue both in college and after college, they weren’t allowed to be paid for their appearances and still be eligible to compete in the Olympics. Despite being a world famous athlete, he was forced to live in a trailer and use food stamps to keep his amateur status alive. Just three years after his death Congress took the amateur status requirement away from track and field.
Pre is also famous for his association with Nike. The Oregon track and field coach, Bill Bowerman, was the co-founder of Blue Ribbon Sports in 1964 which later became Nike. Steve Prefontaine would become the first Nike athlete and the company continues to honor him through campaigns like “Pre Lives” and naming buildings after him.
Prefontaine died at the age of 24 after swerving his car (allegedly after several beers) and running into a rock. The MG convertible rolled over and him underneath. At the time of his death Pre held an impressive 14 American running records including every distance from 2 miles to 10,000 meters. If you ever find yourself in Eugene, Oregon I highly recommend stopping by Hayward Field and leaving a running momento at Pre’s Rock.
Here are a few more famous Pre quotes (if these don’t get you fired up you’d better check your pulse):
“How does a kid from Coos Bay, with one leg longer than the other win races? All my life people have been telling me, ‘You’re too small Pre’, ‘You’re not fast enough Pre’, ‘Give up your foolish dream Steve’. But they forgot something, I HAVE TO WIN.”
“I’m going to work so that it’s a pure guts race at the end, and if it is, I am the only one who can win it.”
“Somebody may beat me, but they are going to have to bleed to do it.”
For those of you that think I’m not an emotional person, this post is a little insight into what really gets me going. No, not his death, his competitiveness.
Pre was a huge contributor to the running boom that began in the 1970s. Did you know that jogging was not always a popular exercise? Track and field was a popular spectator sport (weird), but that didn’t translate into everyone going on morning jogs. Ron Burgandy sums up the nation’s exposure:
Many people first heard of Steve Prefontaine when two major movies were released about his life within the same year of each other (Prefontaine in 1997 and Without Limits in 1998). Actually, a documentary Fire on the Track was made in 1995 as well.
From the hilarious Seinfeld episode “The Face Painter”:
George: We discussed toilet paper.
Jerry: Toilet paper?
George: Yeah, I told her how toilet paper hasn’t changed in my lifetime, and probably wouldn’t change in the next fifty thousand years and she was fascinated, fascinated!
Jerry: What are you talking about?
Elaine: Yeah.
Jerry: Toilet paper’s changed.
Elaine: Yeah.
Jerry: It’s softer.
Elaine: Softer.
Jerry: More sheets per roll
Elaine: Sheets.
Jerry: Comes in a wide variety of colors.
Elaine: Colors.
George: Ok, ok, fine! It’s changed, it’s not really the point. Anyway, I’m thinking of making a big move.
It is obvious that computers have improved over the last ten years. Similarly, pretty much everything electric contains a tiny computer chip and has made tremendous strides. But what are the largest advancements made to non-electric technology? The boring items that you (like George) thought never improved?
My answer is protein powder. It was exactly 10 years ago I started taking it for the first time, and boy was it disgusting! No matter what flavor you had (limited to just chocolate, vanilla, and strawberry) it had a similar chalky taste. Even worse was the consistency – when mixed with water the powder would remain in chunks and practically require chewing on the way down.
Today, only 10 years later, protein powder is a delicacy. The taste is comparable to any fast food milk shake, but somehow with only one gram of sugar. The powder dissolves in water with only a light shaking – 10 years ago you couldn’t even achieve these results with a powerful blender. Simply shocking advances! What would you point to as the largest non-electric technology advancement over the last 10 years?
Want some ideas? How about an iron? Maybe golf balls? Yo-yos?
The same but different – what non-electric items will never change and are the best they will ever be?
Artificial Intelligence is a fancy term for smart computers. Any program that can learn from past experience, behave similarly to a human, or strategize is often referred to as AI. A program that follows a set algorithm is not typically called Artificial Intelligence – it may seem the machine is intelligent by multiplying 3215 by 17.34 almost instantly, but that isn’t enough to earn the AI designation.
Believe it or not, there are a ton of problems that cannot be solved algorithmically. Possibly the most common example is a traveling salesman. A salesman wants to travel to 5 specific cities and return home using the minimum amount of gas. This is simple with a small number of cities, but what if he wants to go to 100 cities? How about a million?
When I say that it can’t be solved algorithmically, I mean that you can’t layout steps to getting to the right solution and know that it is the right solution without checking every other answer. Keep reading…
Pop culture references are fun. They let you express yourself with minimal effort, kind of like Facebook. They can be dorky, funny, or cool, but they can also be clever. Do you quote Star Trek, Seinfeld, or Shakespeare? Are you someone that drops obscure references without expecting anyone else to understand? Can you make an original joke or are they all derived from something you’ve heard before in a movie or TV show?
Beyond simply dropping quotes into conversations, I enjoy idioms – a phrase with a different meaning than the literal words (think “back seat driver”, “flip the bird”, or “kick the bucket”). One of my favorite idioms that is widely used is “jump the shark.” The phrase comes from the show Happy Days way back on September 20th, 1977 – 30 million viewers tuned in to watch the third part of the opening episode in season five. Why is this episode so memorable? Fonzie actually water-ski jumps over a live shark to prove his braveness, wearing his leather jacket the whole time of course.
What does the idiom mean? It is the point when a television series reaches the point of no return – it has lost its original magic and tries to recapture the spark through increasingly absurd story lines. It happens to just about every long running TV show, can you think of any “jump the shark” moments in the shows you watch?
Here is my real question for you – is it socially acceptable to make up idioms based on pop culture? Keep reading…
We have established now passwords are stored in Part 3 and the most common ways of extracting hashed passwords in Part 4. In Part 5 we will examine how to crack a hashed password.
After the previous post you likely have a short list of random characters that you want to translate into the password the user actually typed into the computer. In other words, crack the password. How the heck do you do it? Is it even possible given the impressiveness of the hash algorithms? Yes it is and there are a number of tools that will even do it for you!
Determining the hash algorithm
The first step is to figure out what algorithm was used to convert the typed in password to gobbledygook. In theory, this should be incredibly difficult. There are literally endless ways that it could be done. In practice though it is quite easy – just about everyone uses the same couple algorithms!
Most websites are going to do what everyone else does – if the hash algorithm works well enough for others, it must be pretty good. In fact, hardly any small website owner is going to put any thought into this – they are just going to use pre-built solutions. Most pre-built solutions and programming languages have the same hash algorithms built in. MD5 by far the most common and SHA-1 is gaining in popularity.
Not to oversimplify things, odds are if your hash is 32 characters long, you’re looking at DM5. 40 characters long, SHA1.
Let’s crack 94804c0a8c1771947cfba8ec3e0a4c30
The first step is determining the hash algorithm used. Keep reading…
This is part 4 of the Intro to Hacking series. Check our Parts 1 and 2 for interesting hacker stories, and Part 3 for an introduction to how passwords are stored.
We established in Part 3 that user passwords are stored in a database, but they are hashed – meaning they are stored as gobbledygook which you can’t possibly translate into the original password. Before I proceed to tell you about techniques for transforming the gobbledygook back to the password, I think it is important to establish how a hacker would obtain a hashed passwords from the database.
The most common technique is called a SQL Injection Attack. First, a little background on what SQL is. It’s a querying language for databases. Think of a database as a huge Excel document – you have rows and columns, and can potentially many different sheets all within the same Excel document. Databases have rows and columns, the sheets are called tables, and the Excel document itself is called a database. But databases are typically much larger than Excel documents – with millions of rows in some tables and potentially hundreds or thousands of tables.
The querying language allows you to navigate these behemoths and find the information you are looking for. Imagine we have a table (sheet in Excel) called — USERS with columns — USER_ID, NAME, EMAIL, and PASSWORD. A simple query would be “show me all users with the first name Brian.” A little more complex “show me all users with the first name Brian and a gmail address.” This example is still simple because all the information is stored in one table – but often the information is completely spread out and you have to navigate the web of tables to find it.
Every website these days has a log in – it is mandatory to be “social” and allow comments or other user interaction. Popular sights like ESPN, IMDB, Weather.com, PedanticPosts as well as more obscure sites like PassiveAggressiveNotes and HotOrNot. But you can’t have just anyone comment, no no no, they must be validated as an actual person, capable of entering a username and password.
Do you know how your passwords are handled? It’s obvious not every site has the same policy – some websites require at least 7 character passwords, some don’t allow special characters, some require a number or uppercase letter, and some have no requirements whatsoever. Do you trust every website equally with your password? Should you?
Almost all websites have databases which contain the data needed to run the site and store the user information. One important part of the user information is the password. But hardly any website will store your literal password – if your password is “r0xysUrfrGrl” and “r0xysUrfrGrl” was stored in the database, anyone with access to the database would know your password. This would mean that you would have to trust every website administrator with you password. And if a hacker every got ahold of your database (which we will see is quite possible) then they would have everyone’s passwords. Ouch.
Instead, it is common to store a hashed version of the password generated by an algorithm. An example of a dead simple algorithm would be to simply reverse the order of the letters and then replace the vowels with the vowel’s number (i.e. a=1, e=2, etc.). So the password “BeerBuzz” becomes “zz5Br22B”. Not too bad, I doubt you could look at “zz5Br22B” and guess what the password is. Keep reading…
This is Part 2 in the Into to Hacking series. Check out Part 1 for additional hacker stories and come back soon for a more technical look at common hacking methods.
Phone Phreaks
Some of the earliest hackers were phone phreaks, dating all the way back to the 1950’s – they took advantage of their knowledge of how phone systems work to do some pretty cool things.
Switch-hooking: making outgoing phone calls by rapidly picking up and hanging up the phone (5-10 times a second) to mimic a rotary dial. If you were good enough you could impress your friends by dialing without pressing any numbers!
Tone dialing: certain tones were used by the phone company which had a specific meaning to the call routing system, such as 2600 Hz to designate that a call was over. This knowledge could be exploited to provide free long-distance and international calls. It was first discovered in 1957 by a seven-year old blind kid with perfect pitch – he whistled the fourth E above middle C (2600 Hz) while on the phone and the call abruptly ended. The legendary John Draper also discovered that the free whistles in Cap’n Crunch cereal boxes also made the same tone (hence his nickname Captain Crunch), while still others used exotic birds or learned the distinct whistle themselves.
Blue boxes: as the systems became more complex, so did the hackers’ techniques. Blue boxes were fairly simple contraptions built to take advantage of some of the phreak knowledge and caught the attention of the young Steve Wozniak and Steve Jobs. As you might expect, Woz was the main engineer and Stevie wanted to sell them and dominate the world. One famous demo of their device involved Woz calling the Pope pretending to be Harry Kissinger …
Free Porsche!
Radio stations love giving things away Keep reading…