Thursday, December 29, 2011

Sunday, December 25, 2011

Custom Facebook Emoticons

People wants emoticon. And whenever the chatting system does not allow to customize them, they start to complain.
Think of Skype. They sometimes add 2-3 new emoticons, and people starts again ranting.

Another place where I have been watching people asking for custom emoticons is Facebook. Many hoaxes came around, like "spam this page to everyone in the world and you'll receive custom smiles!", but few know that a custom emoticon system is already there.

Further, we all have a custom emoticon of ourselves!

Try this. I want a trollface emoticon to add into chat message. I search for a page and find this one:

Now, I note that there is a numerical code in it: 313306795360291

If in the chat board I type [[313306795360291]], this emoticon will show up:  

If you try with a personal page, you might find a link like:

Again, use [[NUMBER]] and you will get that person's emoticon!

Sunday, December 18, 2011

Code Obfuscation (Example 1)

Following through the series of posts about code obfuscation and unmaintainable code, I want to show here a C code snippet:

#define x(y,z) z , y
#define y(z,x) x z
#define a(b,c) c##b
#define x167 }
#define x879 x167;
#define x798 '\0'x879
#define x98 {
#define _ a(ain,m)
#define __ ()
#define b(c,d) a(c,d)
#define w a(ar,ch)
w ____[] = x98 x(0154, x(0145, 0110)), 108, 111, 30+02, 87, 0x6f, 0162, 0x6c, 0x64, x798
w ___[] = x98 '%', 's', x(x798, '\n')
_ __ x98 y((___, ____),a(ntf,pri)); x167

This is indeed a full working program, and the techniques used here to screw the code are simple enough. What's the actual purpose of this program?

Compile & running it (or gcc -E) are good means to see in its internals.

No further explanation is being given here, as I consider this to be easy enough!

Thursday, December 15, 2011

Drive Safely

A recent scientific result tried to clearify everything about driving:

The study was to show that, unless you're in a situation where three to five minutes will make a significant different in an outcome, there's no point in speeding.

But it should be noted that this graph actually suggests that you reap a pretty significant benefit from speeding if the speed limit is less than 30 mph.

So the moral of the story is: speed in school zones and residential areas, not on the highways.

Monday, December 12, 2011

Converting PDF into Plain Text

At work I often receive pdf documents with no OCR information in it, and in order to modify/extract parts from them I need to convert them to plain text.

As a Unix user, I love the command line, and I have been searching for something like:

./pdf2text file.pdf

So this is what I have written in order to provide support for this useful command line tool. Is is based on tesseract, which is now under development by Google.
Remember that in order to interpret documents which are non-English, data files for the language must be installed separately, as most distributions just bring the English one with the main package.

As tesseract is able to work with TIFF images, the first tool to be developed is pdf2tif. If none is already available on your machine, you can use the following script which is based on ghostscript:


# Derived from pdf2ps.
# Convert PDF to TIFF file.

while true
        case "$1" in
                -?*) OPTIONS="$OPTIONS $1" ;;
                *) break ;;

if [ $# -eq 2 ]
elif [ $# -eq 1 ]
        outfile=`basename "$1" .pdf`-%02d.tif
        echo "Usage: `basename $0` [-dASCII85EncodePages=false]
        [-dLanguageLevel=1|2|3] input.pdf [output.tif]" 1>&2
        exit 1

# Doing an initial 'save' helps keep fonts from being flushed between pages.
# We have to include the options twice because -I only takes effect if it
# appears before other options.
gs $OPTIONS -q -dNOPAUSE -dBATCH -dSAFER -r300x300 -sDEVICE=tiffg3 "-sOutputFile=$outfile" $OPTIONS -c save pop -f "$1"

This script will be later invoked by out pdf2text, which will take as input a pdf file, which will create a temporary folder, convert every pdf page into a separate tif image, and then feed tesseract with them.




# takes one parameter, the path to a pdf file to be processed.
# uses custom script 'pdf2tif' to generate the tif files,
# generates them at 300x300 dpi.
# then runs tesseract on them

mkdir $1-dir
cp $1 $1-dir
cd $1-dir

pdf2tif $1

for j in *.tif
        x=`basename $j .tif`
        tesseract ${j} ${x}
        rm ${x}.raw
        rm ${x}.map
        #un-comment next line if you want to remove the .tif files when done.
        #rm ${j}

cat *.txt > $1.txt
mv $1.txt ..

cd ..
rm -rf $1-dir

After its execution, a .txt file with the same basename as the pdf's will be created, containing the OCR'd text in it!

Saturday, December 3, 2011

Latex in HTML (revisited)

Some time ago I published a post where I was presenting an easy tool to be integrated into web pages which allows to render LaTeX equations just embracing the code into $ sings.

I never noticed how much I used the dollar sign until I developed this script!! It has texified so much text which wasn't expected to be, that I decided to change the approach a bit. Now, Instead of parsing the whole document, I'm just parsing the divs the class of which is "latex".

So now, depending on the class of the actual container of the text I can have this behaviour:

$3 + 2 = 5$

or this one:

$3 + 2 = 5$

As easy as changing the div's class. The code in the previous post has been updated accordingly!

Saturday, November 26, 2011


Quando ti metterai in viaggio per Itaca
devi augurarti che la strada sia lunga, 
fertile in avventure e in esperienze. 
I Lestrigoni e i Ciclopi
o la furia di Nettuno non temere, 
non sarà questo il genere di incontri
se il pensiero resta alto e un sentimento
fermo guida il tuo spirito e il tuo corpo. 
In Ciclopi e Lestrigoni, no certo, 
ne' nell'irato Nettuno incapperai
se non li porti dentro
se l'anima non te li mette contro.

Devi augurarti che la strada sia lunga. 
Che i mattini d'estate siano tanti
quando nei porti - finalmente e con che gioia -
toccherai terra tu per la prima volta: 
negli empori fenici indugia e acquista
madreperle coralli ebano e ambre
tutta merce fina, anche profumi
penetranti d'ogni sorta; piu' profumi inebrianti che puoi, 
va in molte città egizie
impara una quantità di cose dai dotti.

Sempre devi avere in mente Itaca -
raggiungerla sia il pensiero costante. 
Soprattutto, non affrettare il viaggio; 
fa che duri a lungo, per anni, e che da vecchio
metta piede sull'isola, tu, ricco
dei tesori accumulati per strada
senza aspettarti ricchezze da Itaca. 
Itaca ti ha dato il bel viaggio, 
senza di lei mai ti saresti messo
sulla strada: che cos'altro ti aspetti?

E se la trovi povera, non per questo Itaca ti avrà deluso. 
Fatto ormai savio, con tutta la tua esperienza addosso
già tu avrai capito ciò che Itaca vuole significare.

- Kostantin Kavafis

Tuesday, November 22, 2011

Il Viaggio

Qualche giorno fa pensavo alla bellezza di viaggiare, incontrare nuove persone e scoprire nuove culture. Poco dopo mi sono imbattuto in una copia del mio tema di maturità. Il caso?

Il turista non è il viaggiatore: le cose, e non gli esseri umani, sono oggetto della sua predilezione. Viaggiare dovrebbe essere tutt'altro: fermarsi più a lungo e girare di meno. Chi vuole davvero viaggiare dev'essere a conoscenza del fatto che è meglio un'esperienza spazialmente più limitata ma carica di emozioni e sensazioni, piuttosto che un gran numero di immagini che al termine del viaggio si affastellano l'una dietro l'altra nella memoria, senza quasi più un ordine logico. Il vero viaggiare è un'operazione complessa, che necessita della collaborazione e della consapevolezza del viaggiatore: non è cosa da poco, non è soltanto uno spostamento, è molto di più.

Tuesday, November 15, 2011

50 ways to cope with stress

Stress is everywhere around us. At work, in our homes, even on each word (yes, that's English humour!).

Here is a list of things I find useful to fight stress away. Doing all of them every day is difficult, somewhat impossibile. But if you are interested in this post, then you should definitely give them a try!

  • Get up 15 minutes earlier
  • Prepare for the morning the night before
  • Don't rely on your memory... write things down
  • Repair things that don't work properly
  • Make duplicate keys
  • Say "no" more often
  • Set priorities in your life
  • Avoid negative people
  • Always make copies of important papers
  • Ask for help with jobs that you dislike
  • Break large tasks into bite sized portions
  • Look at problems as challenges
  • Smile more
  • Be prepared for rain
  • Schedule a play time into every day
  • Avoid tight fitting clothes
  • Take a bubble bath
  • Believe in you
  • Visualize yourself winning
  • Develop a sense of humour
  • Stop thinking tomorrow will be a better today
  • Have goals for yourself
  • Say hello to a stranger
  • Look up at the stars
  • Practise breathing slowly
  • Do brand new things
  • Stop a bad habit
  • Take stock of your achievements
  • Do it today
  • Strive for excellence, not perfection
  • Look at a work of art
  • Maintain your weight
  • Plant a tree
  • Stand up and stretch
  • Always have a plan B
  • Learn a new doodle
  • Learn to meet your own needs
  • Become a better listener
  • Know your limitations and let others know them too
  • Throw a paper airplane
  • Exercise every day
  • Get to work early
  • Clean out one closet
  • Take a different route to work
  • Leave work early (with permission)
  • Remember you always have options
  • Quit trying to "fix" other people
  • Get enough sleep
  • Praise other people
  • Relax, take each day at a time... you have the rest of your life to live

Tuesday, November 8, 2011

Print Bits

I was handling a bitmap some time ago, and I came into the need to see what was the actual bit representation of the numbers I was using. So I wrote this function:

void print_bits(int number) {
        unsigned long mask = 0b10000000000000000000000000000000 ;
        char digit;

        while(mask) {
                digit = ((mask & number) ? '1' : '0');
                mask >>= 1;

This function accepts an integer, and prints on screen it's actual binary representation. Basically it takes a mask whit only the most significant bit set, bitwise ands it with the number and prints either 0 or 1 depending on that bit's value. Then it shifts the mask one position right and iterates, until all the bits are shown.

The 'b' in the mask is a GNU extension, which tells that the number is represented directly in binary. If you are not using gcc, or don't like that series of 0's, simply replace it with the hex counterpart: 0x80000000.

This works both in 32 and 64 bits on Intel x86, as integers there are both 32 bit wide. If you want to deal with a larger number representation, either change the initial mask, or set it to 0x1 and change the shift from >> to <<.

You can use this code to see how numbers are represented. With some minor changes, you can use it to show any representation, be that a float or a more complex struct, for example by dereferencing a pointer.

Saturday, November 5, 2011

Google e i commenti di Facebook

Qualche giorno fa è comparso su tweeter questo messaggio:

ossia: "Il robot di Google diventa sempre più intelligente. È ora in grado di eseguire AJAX/JS per indicizzare alcuni commenti dinamici", dove i commenti dinamici sono proprio quei commentini che compaiono quando si clicca su un pulsante e compare il box senza dover aggiornare la pagina (Facebook oramai è zeppo di AJAX per queste cose...)

Questo significa che Google ora è in grado di restituire nelle sue ricerche il contenuto di uno qualsiasi dei commenti che vengono scritti ogni giorno su Facebook e su qualsiasi altro social network.

È una funzionalità molto avvicente e può avere delle implicazioni utili... Occhio però che se scrivete qualcosa di compromettente (o se avete scritto in passato!!!) in qualche commento, ora sarà tutto ricercabile via Internet!

Monday, October 31, 2011

Multithread Barrier (yes, it's a join!)

This post doesn't want to clearify all aspects of parallel programming. It's just an example to show how you have to thinkg when writing parallel code!

When you deal with concurrent programming, everything is going to be screwed up very easily. Debugging is a pain in the ass, and every one who has ever written a multithreaded software, although very simple as a concurrent server, has experimented with such a pain.

One fundamental operation in multithreaded programs is synchronization. In particular, one operation which I consider very important is a thread barrier, that is a line of code in the program which guarantees that if a thread is executing before it, no one else is executing after it, and if there is some thread after it, then every other thread is, at least, executing that line, but not anything before...

Friday, October 21, 2011

Super Mario Flash

I want to use the space on my blog to spread the word about this Super Mario Flash game, developed by Pouetpu Games.

I find this to be an excellent game, in terms of playability, sound quality, game design, robustness of the code, and furthermore... c'mon guys it's Super Mario! :)

The feature i love the most is the level builder, which reminds me of the old days when I was still a beginner programmer, and I passed from developing my platform games with QBasic to doing the same using The Games Factory by ClickTeam (yes, it was ages ago, when I didn't have the geometry background needed to program with openGL/DirectX).

The only caveat is: try not to end like this:

Sunday, October 16, 2011

The web in 60 seconds (and its storage requirements)

Have you ever wondered how is the web evolving?

A recent research has shown some facts which have been summarized in this picture:

Let's now concentrate on some of these facts. By this research we see that every 60 seconds:

  • 6600 pictures are uploaded on Flickr
  • 25+ hours of videos are uploaded on YouTube
  • 98000 twits are published
  • 21500+ blog posts are sent (summing up the ones on tumblr and the others)
  • 695000 status updates on Facebook
Fire up your calculator now and check these facts:

  • Consider, for the sake of simplicity, that one picture is 2 Mb on average. Every 60 seconds we use 13,2 Gb of storage for new pictures on Flickr.
  • By the fact that the picture shows that 600+ videos are uploaded every 60 seconds, this means that one video is 2,5 minutes long. Assuming (as a worst case) that every video is uploaded in HD, by simplicistic calculations we can say that one video uses 500 Mb of storage. Therefore, we burn 300 Gb on YouTube's hard drives every minute.
  • One tweet is 140 characters long. This means that (having no meta-data per tweet, which is of course impossible) we have 140 bytes per tweet, which leads to 13,4 Mb of tweets per minute. Of course, I'm not taking into account the possibility of attaching pictures to them.
  • A good post's length should be (by some computations on this) 2500 characters in length. Assume this is the mean value, and that no one is attaching pictures and other content in blogs. Assume blog posts are just plain text, so no formatting, which means no more characters for css/html style. Again, no meta-data is stored along with any blog post. This leads to 2,5 Kb per post and 53,8 Mb per minute.
  • A Facebook status update is bounded by 420 keystrokes. Taking this as an upper bound, under the same assumptions as before, we have 420 bytes per update and 278,4 Mb per minute.
This means that considering only these social activities, every minute we use 313545,6 Mb of storage around the world.

Nowadays we have 1 TB hard drives widely available. If social sites were only using this kind of storage, in 3,34 minutes one disk would be filled up by our social bullshit. (And yes, with this post I'm contributing!)

This means that as we have 1440 minutes in one day, we trash 431,14 1TB hard drives per day. Which is 157365,27 per year.

My computations are very simplistic. But maybe this is the sole reason why Cloud Computing is taking its step. And we all should give up at trying to develop the new best algorithm for optimizing computation. As we maybe only need storage...

Friday, October 7, 2011

LaTeX in HTML with Javascript and Google Charts

Using LaTeX in HTML documents is really useful. I'm myself using it in this blog.

Of course, creating images for each formula and manually embedding it would be a pain. So, why don't we automatize it? It would be really nice to use them as in LaTeX documents, so simply writing them in between the dollar sign.

Well, several services exists on the Internet. I've been using the one offered by WatchMath for a while painlessly, until this summer when what everyone can expect when relying on an external service happened. I found that the formulas where not rendering anymore. I visited their page and found out that they changed the location of their script.

Too bad, fixing it was just as easy as pointing to the new location.

Nevertheless, today I came into the Mathematical Formulas page on Google Charts. This is a set of APIs Google has developed to support several things such as statistics and charts on Blogger, or equations in Google Documents. Luckily, they are exposing all of them to the public!

So the idea came to me immediately: why cannot I code a script to exploit this service and replace the formulas in my blog?! Google is not going to redirect its engine, likely! So this approach should not produce any service interruption!

I felt lazy today, so I decided to go for JQuery, instead of coding plain Javascript. As a first step, we have to "include" the JQuery library in our page. Since I am going to implement this into my blog, I'm not likely given any space to store the library downloaded from the official site. So, I went to Google to look for an online version to link to, and (guess what?!) I found it on Google APIs:

<script src="">

Now, let's look at how to convert formulas enclosed in dollar signs all within an HTML page:

(Oct 20th 2011 update: as a great dumbass, I used code which contains dollar signs... therefore the script was trying to texify portions of this code. I only noticed this few minutes ago and fixed it replacing the dollar signs with a dollar-sign image... Then, be careful if you copy&paste this code, as you will have to re-insert the dollars, or JQuery won't understand a bit!)

(Dec 3rd 2011 update: I never noticed how much I used the dollar sign until I developed this script!! It has texified so much text which wasn't expected to be, that I decided to change the approach a bit. Now, Instead of parsing the whole document, I'm just parsing the divs the class of which is "latex". The code in this post has been updated accordingly.)


The first thing I do is to specify some constants so that if I want to change the look&feel I can leave the code untouched. These are:

  • height (unspecified, which means: "Google, give me your default height", which is good for my blog);
  • background color (which is set as black, but completely transparent, this is what the extra 00's are there for);
  • text color (again, black).

Then I declare the convert_latex() function, which takes the <body>'s content and scans it using a regular expression, looking for all the occurrences of text enclosed in dollar signs. Every occurrence is replaced with the value returned by an ad-hoc function which takes the found text (not including the dollars), formats it accordingly to the Google Mathematical Formulas syntax and inserting our formatting, and inserts it in an <img> tag.

The last touch is to insert the following line:

$(document).ready(function() {convert_latex();});
which calls our function when the document is completely loaded. Of course, the last two snippets must be enclosed within <script> tags.

The final result is that now I can write $\LaTeX$ using Google!

Monday, October 3, 2011

Fortunato di essere un programmatore

Questo scritto è datato "21 ottobre 2008, ore 1.38" ed era apparso sul mio primo blog (oramai distrutto da qualche system restyle). Gli impegni di questi giorni ed una lunga telefonata di qualche giorno fa me l'hanno fatto tornare in mente. Sono andato in giro a ripescarlo ed eccolo qui. Ho solo riadattato qua e là lo stile da quello che usavo 3 anni fa a quello di oggi. Ma il senso decisamente non cambia...

Fortunato di essere un programmatore
pubblicato da Alessandro Pellegrini il giorno martedì 21 ottobre 2008 alle ore 1.38

Nelle scorse settimane, ho lavorato ad un progetto che richiedeva ogni tipo di sforzo di programmazione. Ora è a buon punto, quindi posso tornare (quasi!) agli impegni normali. Tuttavia, quando la gente mi sente parlare delle "ore di pazzia" che ho trascorso, spesso mi dice che le dispiace. Non dovrebbe!
Non è un tipo di vita che farei spesso, né per lunghi periodi, o senza un compenso adatto, ma la verità è che questi concentrati di programmazione sono alcuni tra i periodi che preferisco nella mia vita. Nelle giuste condizioni, scrivere software provoca un piacere talmente intenso che dovrebbe essere reso illegale.

Friday, September 23, 2011

Oggi cade un satellite

Oggi cadrà sulla Terra un satellite. E (guarda caso) tra i possibili bersagli c'è proprio l'Italia, come se in questi mesi non avessimo già abbastanza problemi.

Il satellite in questione, che si chiama UARS, è stato lanciato dalla Nasa nel 1991 per studiare il ruolo della termosfera e della esosfera nei cambiamenti climatici. Questo simpatico aggeggino, che monta vari strumenti per la misurazione dei composti chimici all'interno dello strato di ozono, per misurare la forza delle correnti ventose e per studiare quanta energia arriva dal Sole a quelle altitutidini, doveva avere una vita operativa di 3 anni.

Invece è durato molto di più, ma ora, dopo 7317 giorni in orbita, è arrivato per lui il momento di rientrare. Non sarà un rientro tranquillo, perché lo scopo di questa operazione non è quella di recuperarlo per raccogliere dati, no: quelli vengono inviati via radio costantemente. Lo scopo è fare un po' di pulizia, e questo si ottiene facendolo disintegrare a contatto con la stratosfera.

Ma qualcosa è andato storto: le simulazioni della Nasa affermano che non tutti i pezzi si disgregheranno, alcuni riusciranno ad arrivare al suolo. Ovviamente tutto ciò è dedotto da una simulazione computerizzata (e se le simulazioni che fanno loro sono simili a quelle che vedo fare io ogni giorno, ci sta davvero che non si può essere sicuri che il risultato atteso sia esatto!), la conferma ufficiale deve ancora arrivare. Mi viene solo da far notare che probabilmente queste conferme, visti i tempi, arriveranno ben dopo lo schianto dello stesso...

(Queste le possibili traiettorie di caduta)

Quindi c'è una grande allerta. Attenti tutti, che vi casca l'alettone solare in testa tra qualche ora! Le probabilità che qualcuno venga coinvolto sono 1:3200!

Da parte mia, mi viene solo da sperare che il satellite abbia buona mira, e magari prenda in pieno Berlusconi...

Thursday, September 22, 2011

Backwards compatibility of PNG

If you design website templates, the possibility to use transparent images is very useful. In particular, relying on PNG images is somewhat awesome, because it can contain an alpha (transparency) channel, which tells the renderer how much every single pixel must be transparent. This allows, unlike GIF, to create smooth blendings of the images, no matter what the background color/image is.

Unfortunately, this format is not completely supported by every browser (especially by Internet Explorer, prior to version 7), even though the more modern ones are in step with the times. This problem was (is!) so annoying that the W3C Consortium has one page dedicated to inline transparency testing.

Compatibility issues are an important aspect when dealing with websites, most of all if you're running commercial pages.

Several strategies have been proposed to address the alpha channel issue in PNGs. The one I am proposing here is a javascript-based one.

The principle of this technique comes bundled in a filter included in Microsoft Internet Explorer since version 5.5, called AlphaImageLoader. It takes an image and displays it within the boundaries of a pre-existing image in the HTML DOM, giving support for PNG transparency.

The idea is now straightforward: a completely-blank 1px GIF image is displayed, adapted to the desidered size, and then the requested PNG is applied over it. This could be easily done with the following code:

Unfortunately, this is not as fair as we might think. In fact, this code is completely unportable: Chrome, Mozilla or Opera browsers don't implement AlphaImageLoader filter, so under those browsers, we would get just a blank image.

Then, we have to find a workaround to the workaround. This can be done through Microsoft IE's Conditional Comments. In short, what we're going to do, is to produce some javascript code, save it in a .js file, and include it in the html document as follows:

<!--[if gte IE 5.5000]>
<!--[if lte IE 7]>
<script language="JavaScript" src="pngtransp.js"></script>

The full source code for pngtransp.js can be found here. Let's now have a closer look at the interesting snippets, starting from the last line:

window.attachEvent("onload", correctPNG);

This is put there just to "arm the code": when the document is fully loaded, the correctPNG starts up automatically.
That function's purpose is to scan for all images in the document, and check whether they are PNGs or not. This is achieved as follows:

for(var i=0; i<document.images.length; i++)
if (imgName.substring(imgName.length-3, imgName.length) == "PNG")

Later on in the code, we retrieve all information about the image, such as its title, alignment, class name and so on.
Then, we generate new code for the image, which is:

var strNewHTML = "<span " + imgID + imgClass + imgTitle;
strNewHTML += " style=\"" + "width:" + img.width + "px; height:" + img.height + "px;" + imgStyle + ";"; strNewHTML += "filter:progid:DXImageTransform.Microsoft.AlphaImageLoader"; strNewHTML += "(src=\'" + img.src + "\', sizingMethod='scale');\""; strNewHTML += onMouseOver + onMouseOut + "></span>";
in which we create a span with all the previously retrieved information, but with the AlphaImageLoader filter specified. This way, when we invoke:

img.outerHTML = strNewHTML;

the current PNG will be correctly displayed. The procedure is repeated for each PNG image in the document.

The rest of the code is just for overriding the commonly used Dreamweaver's functions to swap images on mouse over, and are not of deep interest to this arcticle.

This way of handling PNG will leave the images untouched if we're using a more "modern" browser, but will correct the alpha blending in more primitive ones.
Though, it has some drawbacks:

  1. Doesn't work in IE versions earlier than 5.5, since AlphaImageLoader is not supported. No cure for those versions.
  2. Javascript must be enabled: you can't assume this on all machines!
  3. CSS image background with PNGs is not supported at all!
  4. If you are displayng a huge document, before the onload event triggers, a while could pass, so at the beginning PNGs could be displayed with the unpleasant gray box around!

The only solution to correctly handle PNGs, is to switch definitively to another web browser!

Tuesday, September 20, 2011

New Template

I decided it was time to drop the support for old 800x600 resolution.

The main reason is that I believe no one is still using it. And if you are, then it's your own business...

As I'm pretty busy now, I went for a predefined template. Yes, it's not stylish, but some customizations will be coming in the next days (as long as I find some time). In the meanwhile, it seems to be helping in readability!

Friday, September 16, 2011

Windows Graffiti (or how to mangle text from 3rd party applications)

When experimenting with low level code, trampolines quickly peep out.

To make the long story short, it's a nice technique which can be used to make some function transparently (to the caller) execute other pieces of code.

It is a technique so powerful (and neat) that it is widely used in fundamental issues (library calls, to make an example, where - in the ELF executable format - got and plt tables are used to dynamically relocate code after the actual process has been started, usually according to some sort of lazy load policy).

Much more interesting is the possibility to use trampolines to dynamically (i.e., at runtime) modify some process, to hijack its execution and make it do something which it was not intended to do when it was written. Several mature tools exist to help achieve this task (like DynamoRIO), and even some simpler tools like DYNINST or a rule-based instrumentor which I'm working on since 2 years (and which will be released, eventually).

Monday, April 11, 2011

Sei modi per mandare Linux in crash. Perché è divertente ed inutile!

Questo è uno di quei post assolutamente senza senso, ma che mi piacciono. È come giocare alla WII: non ha senso, ma ti (ci) piace!
Qui di seguito ci sono alcuni modi per mandare in crash un sistema Unix. Alcuni di essi sono ben conosciuti, come la Fork Bomb, altri sono più oscuri. Alcuni sono irreversibili, altri invece durano soltanto "una sessione", e dopo un bel riavvio tutti gli effetti sono spariti.

  • La Fork Bomb: è un classico che non può essere omesso da questo elenco. In effetti, gli viene dedicata persino un'intera pagina su Wikipedia!
     :(){ :|: & };:
    Questo comando, incollato in una shell, farà terminare alla macchina tutte quante le risorse, a meno che il numero di processi per utente non venga limitato in /etc/security/limits.conf.
  • Il comando seguente sovrascriverà l'MBR com dati (pseudo) casuali. In questo modo, si potrà essere sicuri che la propria macchina non riparta più (no, neppure con Windows).
    dd if=/dev/urandom of=/dev/sda bs=512 count=1
  • Leggere dalle porte di I/O può avere dei simpatici effetti secondari. Provate ad eseguire questo comando, e capirete quello di cui sto parlando:
    sudo less -f /dev/port
    Il risultato sarà che la vostra macchina si inchioderà. Non ho ancora approfondito il motivo alle spalle di questo fenomeno, ma è comunque divertente!
  • Cosa succede se la memoria di un processo viene sovrascritta? Di solito, ci si imbatte in un segfault. Si può infilare un po' di divertimento (casino!) nella memoria di sistema:
    cp /dev/zero /dev/mem
  • Quest'ultimo è diventato un cult, dal momento che un sacco di gente ci si è imbattuta (forse anche tu). In qualche modo si fa confusione, e si rimuove ogni singolo file dal disco rigido
    rm -rf /*

In ultimo, si può utilizzare il potere del comando 'find', con l'argomento 'exec' che eseguirà il comando scritto immediatamente dopo. Questo è esattamente quello che può capitare quando si va di fretta.
find . -type f -name * -exec rm -f {} \;
Per fortuna, molti di questi comandi (eccezion fatta per la Fork Bomb), non danneggeranno il vostro computer se lanciati come utenti senza privilegi di amministratore, perché il sistema non vi lascerà accedere a file per i quali non avete i permessi.
Ovviamente, se si prova a scrivere qualche modulo del kernel, è molto probabile che esso vada in crash con la vostra approvazione! :) A quel punto, qualsiasi cosa è possibile, perché sarete diventati l'"Onnipotente"!

Wednesday, March 23, 2011

Large Hadron Rap

This is an evergreen which dates back to 2008, when this huge experiment was set up at CERN, to find the presence of antimatter... I came again into this some hours ago... And I had to republish this, along with its text and a translation for my fellow Italians... :)

(by the way, alongside there is a second experiment, which demonstrates why scientists should never try to play as showmen... :))

Saturday, March 12, 2011

Come scrivere codice incomprensibile: camuffaggio

Molte delle abilità alla base della scrittura di codice incomprensibile è l'arte del camuffagio: nascondere le cose, o farle apparire per quello che non sono. Molte di queste abilità dipendono da fatto che il compilatore è più bravo dell'occhio umano nel fare fini distinzioni.

Codice che si maschera da commento, e viceversa
Un'ottima idea è quella di includere del codice commentato, che però non sembra esserlo:

for(j = 0; j %lt; array_len; j += 8) { 
   total += array[j+0]; 
   total += array[j+1]; 
   total += array[j+2]; /* Il corpo principale
   total += array[j+3]; * del ciclo è espanso
   total += array[j+4]; * per aumentarne la
   total += array[j+5]; * velocità
   total += array[j+6]; */
   total += array[j+7]; 

Se non ci fosse il coloratore della sintassi, qualcuno si accorgerebbe mai che quattro righe di codice sono commentate?

Wednesday, March 9, 2011

Showing a Tree

In these GUIful days, where everything we do on a computer involves using the mouse pointer, sometimes there comes situations where we want an old-fashioned visualization of data.

For example, in these days I'm working hard on the restyling of an application which be released soon. This entails cutting old functions, adding comments, rewriting Makefiles, and rearranging the directory tree. Yes, the boring part off programming.

For easiness, I decided to print the whole directory tree listing of my project, to better visualize the changes I have to apply to my project. Thus, before coming into tree(1) I opted for the hard-coded solution, and produced this command:
ls -R | grep ":" | sed -e 's/://' -e 's/[^-][^\/]*\//--/g' -e 's/^/   /' -e 's/-/|/'
Which will draw the currents' directory tree listing. Surely, using tree is much easier and more efficient, but this old-fashioned approach is what I like most!

Monday, February 21, 2011

Intercepting Keystrokes in any Application

This post is about one simple question: is Windows' software secure?

The answer is: no, it's not.

In the next few lines, I will show you how to easily write some code which will allow you to intercept text which is being typed into any other application! In particular, I will illustrate how to write a simple dll which will delete any lowercase vowel typed by the user...
And yes, this is one of the techniques behind keyloggers...

Since these are multimedial days, here there is a video showing how this dll can interact with a common application (Microsoft Word):

Tuesday, January 25, 2011


L'idea di hacking può riunire assieme preconcetti come vandalismo elettronico, spionaggio, capelli tinti e piercing. La maggior parte della gente associa l'hacking all'infrazione della legge, etichettando quindi tutti coloro che si dedicano all'hacking come criminali. Sicuramente in giro c'è gente che utilizza tecniche di hacking per infrangere la legge, ma tutto questo non c'entra nulla con l'hacking in sé.

L'essenza dell'hacking è quella di trovare usi delle leggi o delle proprietà di una data situazione che non erano previsti oppure venivano tenuti segreti, al fine di riapplicarli con modalità nuove e con inventiva per risolvere un problema. Il problema in questione può essere la mancanza di accesso ad un computer, oppure cercare di trovare il modo per utilizzare vecchi apparecchi telefonici per gestire un modello di controllo ferroviario. Di solito, le soluzioni hackerate risolvono questi problemi in modo unico ed inimmaginabile da coloro che sono confinati nella metodologia convenzionale.