From bac2a75be6af092a03dcaffcd5c1c20e67cad560 Mon Sep 17 00:00:00 2001 From: osmarks Date: Fri, 25 Feb 2022 20:10:16 +0000 Subject: [PATCH] improve GUIHacker, add TTT, fix RSS, add blog post --- assets/js/h4xx0r.js | 83 +++++- blog/online-safety-bill.md | 2 +- blog/stack.md | 18 ++ experiments/guihacker/index.html | 20 ++ experiments/tictactoe/index.html | 469 +++++++++++++++++++++++++++++++ experiments/whorl/index.html | 2 +- src/global.json | 2 +- templates/rss.pug | 10 +- 8 files changed, 584 insertions(+), 22 deletions(-) create mode 100644 blog/stack.md create mode 100644 experiments/tictactoe/index.html diff --git a/assets/js/h4xx0r.js b/assets/js/h4xx0r.js index a342a45..f993fc5 100644 --- a/assets/js/h4xx0r.js +++ b/assets/js/h4xx0r.js @@ -14,13 +14,26 @@ jargonWords = { "RSS", "XML", "EXE", "COM", "HDD", "THX", "SMTP", "SMS", "USB", "PNG", "PHP", "UDP", "TPS", "RX", "ASCII", "CD-ROM", "CGI", "CPU", "DDR", "DHCP", "BIOS", "IDE", "IP", "MAC", "MP3", "AAC", "PPPoE", "SSD", "SDRAM", "VGA", "XHTML", "Y2K", "GUI", "EPS", "SATA", "SAS", - "VM", "LAN", "DRAM", "L3", "L2", "DNS", "UEFI", "UTF-8", "DDOS"], + "VM", "LAN", "DRAM", "L3", "L2", "DNS", "UEFI", "UTF-8", "DDOS", "HDMI", "GPU", "RSA", "AES", + "L7", "ISO", "HTTPS", "SSH", "SIMD", "GNU", "PDF", "LPDDR5", "ARM", "RISC", "CISC", "802.11", + "5G", "LTE", "3GPP", "MP4", "2FA", "RCE", "JBIG2", "ISA", "PCIe", "NVMe", "SHA", "QR", "CUDA", + "IPv4", "IPv6", "ARP", "DES", "IEEE", "NoSQL", "UTF-16", "ADSL", "ABI", "TX", "HEVC", "AVC", + "AV1", "ASLR", "ECC", "HBA", "HAL", "SMT", "RPC", "JIT", "LCD", "LED", "MIME", "MIMO", "LZW", + "LGA", "OFDM", "ORM", "PCRE", "POP3", "SMTP", "802.3", "PSU", "RGB", "VLIW", "VPS", "VPN", + "XMPP", "IRC", "GNSS"], adjectives: ["auxiliary", "primary", "back-end", "digital", "open-source", "virtual", "cross-platform", - "redundant", "online", "haptic", "multi-byte", "bluetooth", "wireless", "1080p", "neural", + "redundant", "online", "haptic", "multi-byte", "Bluetooth", "wireless", "1080p", "neural", "optical", "solid state", "mobile", "unicode", "backup", "high speed", "56k", "analog", "fiber optic", "central", "visual", "ethernet", "Griswold", "binary", "ternary", - "secondary", "web-scale", "persistent", "Java" + "secondary", "web-scale", "persistent", "Java", "cloud", "hyperscale", "seconday", "cloudscale", + "software-defined", "hyperconverged", "x86", "Ethernet", "WiFi", "4k", "gigabit", "neuromorphic", + "sparse", "machine learning", "authentication", "multithreaded", "statistical", "nonlinear", + "photonic", "streaming", "concurrent", "memory-safe", "C", "electromagnetic", "nanoscale", + "high-level", "low-level", "distributed", "accelerated", "base64", "purely functional", + "serial", "parallel", "compute", "graphene", "recursive", "denormalized", "orbital", + "networked", "autonomous", "applicative", "acausal", "hardened", "category-theoretic", + "ultrasonic" ], nouns: ["driver", "protocol", "bandwidth", "panel", "microchip", "program", "port", "card", @@ -30,7 +43,14 @@ jargonWords = { "virus", "malware", "spyware", "network", "internet", "field", "acutator", "tetryon", "beacon", "resonator", "diode", "oscillator", "vertex", "shader", "cache", "platform", "hyperlink", "device", "encryption", "node", "headers", "botnet", "applet", "satellite", - "Unix", "byte"], + "Unix", "byte", "Web 3", "metaverse", "microservice", "ultrastructure", "subsystem", + "call stack", "gate", "filesystem", "file", "database", "bitmap", "Bloom filter", "tensor", + "hash table", "tree", "optics", "silicon", "hardware", "uplink", "script", "tunnel", + "server", "barcode", "exploit", "vulnerability", "backdoor", "computer", "page", + "regex", "socket", "platform", "IP", "compiler", "interpreter", "nanochip", "certificate", + "API", "bitrate", "acknowledgement", "layout", "satellite", "shell", "MAC", "PHY", "VLAN", + "SoC", "assembler", "interrupt", "directory", "display", "functor", "bits", "logic", + "sequence", "procedure", "subnet", "invariant", "monad", "endofunctor", "borrow checker"], participles: ["backing up", "bypassing", "hacking", "overriding", "compressing", "copying", "navigating", "indexing", "connecting", "generating", "quantifying", "calculating", "synthesizing", @@ -38,7 +58,11 @@ jargonWords = { "injecting", "transcoding", "encoding", "attaching", "disconnecting", "networking", "triaxilating", "multiplexing", "interplexing", "rewriting", "transducing", "acutating", "polarising", "diffracting", "modulating", "demodulating", "vectorizing", - "compiling", "jailbreaking", "proxying", "Linuxing" + "compiling", "jailbreaking", "proxying", "Linuxing", "quantizing", "multiplying", + "scanning", "interpreting", "routing", "rerouting", "tunnelling", "randomizing", + "underwriting", "accessing", "locating", "rotating", "invoking", "utilizing", + "normalizing", "hijacking", "integrating", "type-checking", "uploading", "downloading", + "allocating", "receiving", "decoding" ]}; // Generates a random piece of jargon @@ -56,6 +80,7 @@ function jargon() { var raw = choose(jargonWords.participles) + " " + thing } else { var raw = thing + " " + choose(jargonWords.participles) + .replace("writing", "wrote") .replace("overriding", "overriden") .replace("shutting", "shut") .replace("ying", "ied") @@ -195,7 +220,18 @@ function GuiHacker(){ "Locating crossbows...", "Enabling algorithms and coding", "Collapsing Subdirectories...", - "Enabling Ping Wall..." + "Enabling Ping Wall...", + "Obtaining sunglasses...", + "Rehashing hashes.", + "Randomizing numbers.", + "Greening text...", + "Accessing system32", + "'); DROP DATABASE system;--", + "...Nesting VPNs...", + "Opening Wireshark.", + "Breaking fifth wall....", + "Flipping arrows and applying yoneda lemma", + "Rewriting in Rust" ]; this.isProcessing = false; this.processTime = 0; @@ -274,7 +310,9 @@ function scaryNum() { } } -GuiHacker.prototype.consoleOutput = function(){ +var accessDenied = document.querySelector(".accessdenied") + +GuiHacker.prototype.consoleOutput = function(initiatedByTyping){ var textEl = document.createElement('p'); if(this.isProcessing){ @@ -283,6 +321,9 @@ GuiHacker.prototype.consoleOutput = function(){ if(Date.now() > this.lastProcess + this.processTime){ this.isProcessing = false; } + if (initiatedByTyping) { + this.processTime -= 500 + } }else{ var commandType = ~~(Math.random()*4); switch(commandType){ @@ -301,6 +342,9 @@ GuiHacker.prototype.consoleOutput = function(){ } var outputConsole = settings.outputConsole; + if (outputConsole.childNodes.length > 1000) { + outputConsole.removeChild(outputConsole.firstChild) + } outputConsole.scrollTop = outputConsole.scrollHeight; outputConsole.appendChild(textEl); @@ -312,7 +356,7 @@ GuiHacker.prototype.consoleOutput = function(){ } var self = this; - setTimeout(function(){self.consoleOutput();}, ~~(Math.random()*200)); + if (!initiatedByTyping) { setTimeout(function(){self.consoleOutput();}, ~~(Math.random()*200)) }; }; @@ -347,7 +391,7 @@ if (hash){ } var adjustCanvas = function(){ - if(settings.gui){ + if(settings.gui) { settings.canvas.width = (window.innerWidth/3)*2; settings.canvas.height = window.innerHeight / 3; @@ -362,13 +406,24 @@ var adjustCanvas = function(){ settings.vpy = settings.canvas.height / 2; settings.ctx.strokeStyle = settings.ctxBars.strokeStyle = settings.ctxBars.fillStyle = settings.color; - }else{ + } else { document.querySelector(".hacker-3d-shiz").style.display = "none"; document.querySelector(".bars-and-stuff").style.display = "none"; } - document.body.style.color = settings.color; - }(), - guiHacker = new GuiHacker(settings); + document.body.style.color = settings.color; +} +guiHacker = new GuiHacker(settings); -window.addEventListener('resize', adjustCanvas); \ No newline at end of file +window.addEventListener("resize", adjustCanvas) +window.addEventListener("keydown", ev => { + if (ev.key === "d" && ev.altKey) { + console.log("denying access") + accessDenied.style.display = accessDenied.style.display === "none" ? "block" : "none" + ev.preventDefault() + } + else if (Math.random() > 0.8) { + guiHacker.consoleOutput(true) + } +}) +adjustCanvas() \ No newline at end of file diff --git a/blog/online-safety-bill.md b/blog/online-safety-bill.md index d35a7ef..2251e4f 100644 --- a/blog/online-safety-bill.md +++ b/blog/online-safety-bill.md @@ -21,4 +21,4 @@ Update (19/07/2021): also consider reading [this](https://boingboing.net/2012/01 Update (06/08/2021): [Oh look, Apple just did the client-side scanning thing](https://appleprivacyletter.com/). I do not think this sets a good precedent; this is the most obviously defensible usecase for this technology, and now future extensions can just be portrayed as a natural extension of it. The best case is that this is a prelude to E2EE iCloud, but this is still a fundamental hole in the security of such a thing. Whatever happens, given government pressure, reverting this will be quite hard. -Update (19/08/2021): As it turns out, NeuralHash, which Apple intend to use for the above, is [easily collidable](https://github.com/anishathalye/neural-hash-collider) (using a fairly generic technique which should be applicable to any other neural-network-based implementation). This seems like something which should have been caught prior to release. And apparently it has [significant variations](https://github.com/AsuharietYgvar/AppleNeuralHash2ONNX) from floating point looseness, somehow. The "1 in 1 trillion" false positive rate is maybe not very likely. It [is claimed](https://www.theverge.com/2021/8/18/22630439/apple-csam-neuralhash-collision-vulnerability-flaw-cryptography) that this is not a significant issue primarily because the hashes are secret (because of course); however, this still creates a possible issues for the system, like editing the hash of an actually-bad image to avoid detection, or (with this and some way to get around the later review stages, like [adverserial image scaling](https://bdtechtalks.com/2020/08/03/machine-learning-adversarial-image-scaling/) or just using legal content likely to trigger a human false-positive) generating otherwise okay-looking images which are flagged. Also, the [Apple announcement](https://www.apple.com/child-safety/) explicitly says "These efforts will evolve and expand over time", which is a worrying thing I did not notice before. \ No newline at end of file +Update (19/08/2021): As it turns out, NeuralHash, which Apple intend to use for the above, is [easily collidable](https://github.com/anishathalye/neural-hash-collider) (using a fairly generic technique which should be applicable to any other neural-network-based implementation). This seems like something which should have been caught prior to release. And apparently it has [significant variations](https://github.com/AsuharietYgvar/AppleNeuralHash2ONNX) from floating point looseness, somehow. The "1 in 1 trillion" false positive rate is maybe not very likely. It [is claimed](https://www.theverge.com/2021/8/18/22630439/apple-csam-neuralhash-collision-vulnerability-flaw-cryptography) that this is not a significant issue primarily because the hashes are secret (because of course); however, this still creates a possible issues for the system, like editing the hash of an actually-bad image to avoid detection, or (with this and some way to get around the later review stages, like [adverserial image scaling](https://bdtechtalks.com/2020/08/03/machine-learning-adversarial-image-scaling/) or just [using legal content likely to trigger a human false-positive](https://news.ycombinator.com/item?id=28238071)) generating otherwise okay-looking images which are flagged. Also, the [Apple announcement](https://www.apple.com/child-safety/) explicitly says "These efforts will evolve and expand over time", which is a worrying thing I did not notice before. \ No newline at end of file diff --git a/blog/stack.md b/blog/stack.md new file mode 100644 index 0000000..e9298c1 --- /dev/null +++ b/blog/stack.md @@ -0,0 +1,18 @@ +--- +title: Site tech stack +description: Learn about how osmarks.net works internally! Spoiler warning if you wanted to reverse-engineer it yourself. +created: 24/02/2022 +--- +As you may know, osmarks.net is a website, served from computers which are believed to exist. But have you ever wondered exactly how it's all set up? If not, you may turn elsewhere and live in ignorance. Otherwise, continue reading. + +Many similar personal sites are hosted on free static site services or various cloud platforms, but mine actually runs on a physical server. This was originally done because of my general distrust of SaaS/cloud platforms, to learn about Linux administration, and desire to run some non-web things, but now it's necessary to run the full range of weird components which are now important to the website. The hardware has remained the same since early 2019, before I actually had a public site, apart from the addition of more disk capacity and a spare GPU for occasional machine learning workloads - I am using an old HP ML110 G7 tower server. Despite limited RAM and CPU power compared to contemporary rackmount models, it was cheap, has continued to work amazingly reliably, and is much more power-efficient than those would have been. It mostly only runs at about 5% CPU load and 2GB of RAM in use anyway, so it's not been an issue. + +The main site itself, which you're currently reading, is in fact just a simple static website. Over the years the exact implementation has varied a lot, from the original not-actually-that-static version using Caddy, some weird PHP scripts for Markdown, and a few folders of HTML files, to the later strange combination of Haskell (using Hakyll) and makefiles to the current somewhat horrible Node.js program (which also interacts with someone else's Go program. Fun!). The modern implementation of the compiler does templating, dependency resolution, Markdown and some optimization tasks in about 300 lines of poorly-described JavaScript. + +Being static files, many, many different webservers could have been used for this site. In practice, it's mostly alternated randomly between [caddy](https://caddyserver.com/) (a more recent, Go-based webserver with automatic LetsEncrypt integration) and [nginx](https://nginx.org/) (an older and more powerful but slightly quirky program) - caddy generally had easier configuration, but I arbitrarily preferred nginx in some ways. After caddy v2 suddenly required me to rewrite my configuration and introduced a bunch of weird issues, I permanently switched over to nginx and haven't changed back. The configuration file is now 600 lines or so, even with inclusion of includes to shorten things, but it... works, at least. This is mostly to accommodate the bizzarely large set of subdomains I now have for various people, and reverse proxy configuration for backend services. I also use a custom-compiled build of nginx with HTTP/3 (QUIC) support and some modules compiled in. + +Some of these backend things are only for personal use, but a few are related to the site itself. For example, the comment server is a standalone Python program, [isso](https://posativ.org/isso/), with corresponding JS embedded in each page. This works pretty well, but has lead to some weird quirkiness, such as each separate 404-erroring URL having its own list of comments. There's also the Random Stuff API, a custom assemblage of about 15 different Python libraries and external programs which, while technically not linked on the site, does interact with other projects like [PotatOS](https://git.osmarks.net/osmarks/potatOS/), and internal services on the same infrastructure like my [RSS reader](https://miniflux.app/). The images subdomain also uses a [PHP program](https://larsjung.de/h5ai/) to generate a nice searchable index; in fact, it is one of two PHP things I have unfortunately not yet been able to purge. There also used to be a publicly available status page using some custom code, but this doesn't work very well and has now been dropped; previously I had a Grafana (and earlier Netdata) instance there, but this has now been cancelled because it leaks a worrying amount of information. + +As for the underlying OS everything runs on, I currently use [Arch Linux](https://i.osmarks.net/memes-or-something/arch-btw.png) (as well as Alpine on a few lower-resourced cloud servers). Some form of Linux is inevitable - BSDs aren't really compatible with much, and Windows is obviously unsuited for server duty - but I mostly use Arch for its stability (this sounds sarcastic, but I've actually found it to be very reliable with regular updates), wide range of packages (particularly from the AUR; as I don't really run critical production infrastructure, I can generally afford to compile stuff from source a lot), and better general ease-of-use than Alpine. As much as I vaguely resent it, this is mostly down to systemd - despite it being a horrific bloated monolith, `journalctl` is very convenient and unit files are pleasant and easy to write compared to the weird OpenRC scripts Alpine uses. + +I am actually considering yet another redesign, however; switching to a dynamic site implementation instead would allow me to integrate the comment system and achievement system better, make things like the "from other blogs" tiles actually update at reasonable intervals, and arbitrarily A/B test users, although it would break some nice things like this site's very aggressive caching and fast serving. Please leave your thoughts or lack of thoughts on this in the comments. \ No newline at end of file diff --git a/experiments/guihacker/index.html b/experiments/guihacker/index.html index e70492c..826c3bc 100644 --- a/experiments/guihacker/index.html +++ b/experiments/guihacker/index.html @@ -40,8 +40,28 @@ description: My fork of GUIHa .description { display: none; } + + .overlay { + top: 0; + left: 0; + width: 100%; + height: 100%; + position: fixed; + display: flex; + justify-content: center; + align-items: center; + } + + .accessdenied { + font-size: 4em; + background: #a00; + color: red; + padding: 0.5em; + border: 0.05em solid #666; + }
+
\ No newline at end of file diff --git a/experiments/tictactoe/index.html b/experiments/tictactoe/index.html new file mode 100644 index 0000000..abe4670 --- /dev/null +++ b/experiments/tictactoe/index.html @@ -0,0 +1,469 @@ +--- +title: Tic-Tac-Toe (4³) +description: Your favourite* tic-tac-toe game in 3 dimensions, transplanted onto the main website via a slightly horrifically manual process! Technically this game is solved and always leads to player 1 winning with optimal play, but the AI is not good enough to do that without more compute! +slug: tictactoe +--- + + + +
+
+
+ + + + + + Select Opponent + +
+ + \ No newline at end of file diff --git a/experiments/whorl/index.html b/experiments/whorl/index.html index f995c34..2cc6ddb 100644 --- a/experiments/whorl/index.html +++ b/experiments/whorl/index.html @@ -1,6 +1,6 @@ --- title: Whorl -description: Dice-rolling webapp. +description: Dice-rolling webapp. Not very useful pending me writing a good parser. slug: whorl --- diff --git a/src/global.json b/src/global.json index d066203..1553256 100644 --- a/src/global.json +++ b/src/global.json @@ -1,5 +1,5 @@ { - "name": "Oliver's Website", + "name": "osmarks' website", "domain": "osmarks.net", "siteDescription": "Whimsical uselessness available conveniently online.", "feeds": [ diff --git a/templates/rss.pug b/templates/rss.pug index 92e11cf..a8ea7b5 100644 --- a/templates/rss.pug +++ b/templates/rss.pug @@ -9,8 +9,8 @@ rss(version='2.0') each item in items item - title= item.title - description= item.description - link= `https://${domain}/${item.slug}` - if item.updated - pubDate= item.updated.toDate().toUTCString() \ No newline at end of file + title= item.title + description= item.description + link= `https://${domain}/${item.slug}` + if item.updated + pubDate= item.updated.toDate().toUTCString() \ No newline at end of file