Kyle Powers

bored-im:

Sickest Candle ever.

"Asswipe," replied Yahoo's server. That's when I knew I had it.

Yahoo's public chat rooms have passed away. It is for the best, for the spam had spread everywhere. But they had a good run, operating for a decade and a half, an Internet eternity.

Here are three funny stories from the Yahoo chat protocol.

Body and Zoul

Yahoo chat rooms started life as a Java applet, chugging along in Netscape Navigator 4. Support for chat was later added to Pager, their native app, which did its own chugging in Visual Basic. Initially, Pager had custom text rendering, but then they replaced it with an HTML view.

Oops. Pager didn't escape message contents, and so it was possible for a message sender to coax the recipient into displaying arbitrary HTML - even fetching images off the web. XSS in its infancy.

Oh dear, what to do? Not everyone would install a security update. But all messages went through Yahoo's servers, so they could fix it server-side: block the attack by rewriting the messages before sending them along. So Yahoo replaced the troublesome opening bracket < with a letter that sort of looked like a bracket: a capital Z. Messages containing <html> or <body> would be rewritten to Zhtml> and Zbody>.

And more than a decade later, this methuselan workaround lives on:

md55555555555...

Yahoo chat was not as full of sexually unfulfilled college girls as the spam bots would have you believe. Before the captchas arrived in 2007 (which did little in any case), Yahoo battled the bots by obfuscating the login protocol. And once the bots caught up, obfuscating it again. Rinse and repeat - by the end, the protocol had grown to outrageous complexity. A puny excerpt of the login sequence:

1. md5 the user's password
2. md5 the password, followed by the fixed salt, followed by the password again
3. md5 the password, followed by a fixed salt, followed by the second hash, followed by parts of the password, but interspersed with zeros
4. hash the password
5. hash the third hash
6. Iterate the previous two steps 50 times, including the password in the hash every seventh time, and salting the hash too, except every third time
7. md5 the result of that loop...

And we have only barely begun. Should you wish to dive further, see the function yahoo_process_auth_0x0b.

The Sacred, but Mostly the Profane

fish wrote a client for Yahoo chat, but the protocol was not public. Reverse engineering the login protocol for a native OS X client meant running Ethereal in X11 to inspect a Java program running in the OS 9 Classic environment: a remarkable feat, but man, was it slow going. For a long time, connection attempts were met with radio silence and disconnection. Nothing, nothing, nothing...

And then, all at once, Yahoo unleashed a stream of filthy, filthy obscenities. Yessss.

You see, Yahoo was concerned that people might swear on the Internet, so they provided a list of words that the client should filter. But this list might need to be updated dynamically, in case someone on the Internet managed to think up a new word for sex. So rather than build the list into the client, they sent it to you from the server. Right in the first packet. In alphabetical order. Login successful, bitch.

A kind soul has preserved a packet dump from a successful login. Cover your childrens' eyes and click the box below to read it:

59 43 48 54 00 00 01 00 : 00 00 00 01 00 00 01 7F    YCHT            
41 73 6B 46 6F 72 42 6F : 6F 7A 65 C0 80 61 68 6F    AskForBooze¿Äaho
6C 65 2C 61 68 6F 6C 65 : 73 2C 61 73 73 68 6F 6C    le,aholes,asshol
65 2C 61 73 73 68 6F 6C : 65 73 2C 61 73 73 77 69    e,assholes,asswi
70 65 2C 62 69 61 74 63 : 68 2C 62 69 74 63 68 2C    pe,biatch,bitch,
62 69 74 63 68 65 73 2C : 62 6C 6F 5F 6A 6F 62 2C    bitches,blo_job,
62 6C 6F 77 5F 6A 6F 62 : 2C 62 6C 6F 77 6A 6F 62    blow_job,blowjob
2C 63 6F 63 6B 73 75 63 : 6B 65 72 2C 63 75 6E 74    ,cocksucker,cunt
2C 63 75 6E 74 73 2C 64 : 69 63 6B 68 65 61 64 2C    ,cunts,dickhead,
66 75 63 6B 2C 66 75 63 : 6B 65 64 2C 66 75 63 6B    fuck,fucked,fuck
69 6E 67 2C 66 75 63 6B : 6F 66 66 2C 66 75 63 6B    ing,fuckoff,fuck
73 2C 68 61 6E 64 6A 6F : 62 2C 68 61 6E 64 6A 6F    s,handjob,handjo
62 73 2C 6D 6F 74 68 65 : 72 66 75 63 6B 65 72 2C    bs,motherfucker,
6D 6F 74 68 65 72 2D 66 : 75 63 6B 65 72 2C 6D 6F    mother-fucker,mo
74 68 65 72 66 75 63 6B : 65 72 73 2C 6D 75 74 68    therfuckers,muth
61 66 75 63 6B 65 72 2C : 6D 75 74 68 61 66 75 63    afucker,muthafuc
6B 65 72 73 2C 6E 69 67 : 67 61 2C 6E 69 67 67 61    kers,nigga,nigga
73 2C 6E 69 67 67 65 72 : 2C 6E 69 67 67 65 72 73    s,nigger,niggers
2C 70 65 64 6F 66 69 6C : 65 2C 70 65 64 6F 70 68    ,pedofile,pedoph
69 6C 65 2C 70 68 61 67 : 2C 70 68 75 63 2C 70 68    ile,phag,phuc,ph
75 63 6B 2C 70 68 75 63 : 6B 65 64 2C 70 68 75 63    uck,phucked,phuc
6B 65 72 2C 73 68 61 74 : 2C 73 68 69 74 2C 73 68    ker,shat,shit,sh
69 74 73 2C 73 68 69 74 : 68 65 61 64 2C 73 68 69    its,shithead,shi
74 74 65 72 2C 73 68 69 : 74 74 69 6E 67 C0 80 54    tter,shitting¿ÄT
61 6E 67 6F 62 68 C0 80 : 20 C0 80 30 C0 80 31       angobh¿Ä ¿Ä0¿Ä1

Eat your heart out, George Carlin.

R.I.P. Yahoo chat. You will be remembered as you were: a crazy phuc. Whatever that means.

Pound House

The University of Nebraska–Lincoln's Raikes School of Computer Science and Management on Friday will spotlight the work of its capstone students in its annual Raikes Design Studio Project Showcase.

The event, which takes place in the Kauffman Center on the university's campus, begins at 1:30 p.m. with a presentation by tech industry veteran Maynard Webb. The former COO of eBay (1999-2006) is the author of the recently released New York Times best seller, "Rebooting Work: Transform How You Work in the Age of Entrepreneurship". A 30-minute reception follows Webb, and the main event, the project showcase, takes place from 3-5 p.m.

The showcase is the culmination of a school year's worth of work by teams of student. In the Design Studio, teams build software for local and national businesses, such as Nebraska Global, Hudl, Hayneedle and Microsoft.

"If we mess something up, it really does affect them. It's not just our grade," Jessah Hofker, a former Raikes student, told Silicon Prairie News in 2011.

For more information on the event, which is free and open to the public, visit raikes.unl.edu.

To learn more about the Design Studio, see our past coverage:

• "Raikes School students unveil fruits of yearlong Design Studio projects"
• "Amidst change, Raikes School strives to foster interdisciplinary innovation"

There is a town in Nebraska with a population of 1, the Mayor grants herself a liquor license yearly.

source

We all try.

Bitcoin is on an unending march towards mainstream adoption and with that, $100 bitcoins are nearly here. We just had a $10 jump in the last 12 hours and it’s obvious we’re on a run away freight train to the currency of the future.

I would like to formally apologize to anyone I doubted. I am truly jealous of everyone’s sage investment strategies and now I’m stuck with my dick in my hand while everyone else is getting rich. Are we going to see $1000 in the future? The captains of industry tell me so.

To Bitcoins! up uP UP!

 

“In 2009, Americans spent $7,960 per person on health care. Our neighbors in Canada spent $4,808. The Germans spent $4,218. The French, $3,978. If we had the per-person costs of any of those countries, America’s deficits would vanish.” 

The above quote comes from Ezra Klein at The Washington Post. Most Americans don’t need someone to tell them that healthcare is expensive - they know it. But nothing quite captures it like a visual. 

These graphs, released annually by the International Federation of Health Plans, compare the cost of various medical procedures between countries. They reinforce just how high prices are in America:

America’s prices are the only ones shown as a range because it is the only country whose system allows prices to differ so dramatically. 

Other countries have centralized pricing systems, often with the state negotiating for lower prices. In the United States, a hodgepodge of different insurance companies and government programs negotiate prices, leading to huge price disparities.

The average price in America is not always the highest, but is consistently the priciest or close to it. 

While the average is the important number for understanding costs on a macro level, given how many Americans lack insurance or pay significant portions of their healthcare bills, the wide variation in prices can have a huge effect on individuals’ lives.

Prescription drugs are particularly overpriced - almost always double the average of other countries in these examples - especially for a product that is standardized and identical. In general, Americans pay twice as much for brand name drugs as other industrialized countries.

An unexpected effect of America’s overpriced prescription drugs and health care is that Americans pay for the lions share of health care investment. In the words of the director of the International Federation of Health Plans:

“We end up with the benefits of your investment. You’re subsidizing the rest of the world by doing the front-end research.”

Is this a positive example of American exceptionalism? Maybe. But most Americans would probably just prefer the reasonable health care prices the rest of the world experiences.

H/t to Ezra Klein for reporting on this.

This post was written by Alex Mayyasi. Follow him on Twitter or Google Plus.

You know, one of the things that really hurt Apple was after I left John Sculley got a very serious disease. It’s the disease of thinking that a really great idea is 90% of the work. And if you just tell all these other people “here’s this great idea,” then of course they can go off and make it happen.

And the problem with that is that there’s just a tremendous amount of craftsmanship in between a great idea and a great product. And as you evolve that great idea, it changes and grows. It never comes out like it starts because you learn a lot more as you get into the subtleties of it. And you also find there are tremendous tradeoffs that you have to make. There are just certain things you can’t make electrons do. There are certain things you can’t make plastic do. Or glass do. Or factories do. Or robots do.

Designing a product is keeping five thousand things in your brain and fitting them all together in new and different ways to get what you want. And every day you discover something new that is a new problem or a new opportunity to fit these things together a little differently.

And it’s that process that is the magic.

—Steve Jobs

From Bootstraps button documentation:

IE9 doesn’t crop background gradients on rounded corners, so we remove it. Related, IE9 jankifies disabled button elements, rendering text gray with a nasty text-shadow that we cannot fix.

It is my educated opinion that everybody should strive to write documentation like this.

Mersenne from Something Awul turned us on to this hilariously useless but kinda neat project.

So apparently some guy developed a hilariously roundabout method for mining Bitcoins on a NES.

 

Of course, like most things Bitcoin, this is only technically true:

*Communication with the Bitcoin network

This part is pretty simple. I’m using bitcoind to do the network communication. This is pretty standard for bitcoin mining, the mining software focuses on doing the hashing and lets bitcoind do the p2p network stuff. There’s a few standard protocols for those two pieces to communicate with varying levels of efficiency, but I’m using the most basic ‘getwork’ protocol because, heh, this isn’t going to be the bottleneck in this operation.

For the portions of computing that do not happen on the NES, I’ve got a raspberry pi housed in a Makerbot Replicator2 3D printed case. I believe I am now fully 2013 Hack Project compliant.

Raspian’s repos were serving some crusty version of arm bitcoind, so I compiled my own from the latest source. This is not hard, except that my rpi has 256MB of RAM and g++ just gives up when its all filled up. I’m sure there’s a more elegant cross-compilation environment available, but adding a 2GB swap and letting it crank all night worked for me.

*Data in

There are a couple pieces involved in getting data into the NES, many of which I’m just pasting together from other people’s code. They deserve the credit for their respective projects.

First, I’m using a python implementation of the mining protocol by jgarzik (https://github.com/jgarzik/pyminer) to do the jsonrpc communication out to bitcoind and basic structure.

Next, I’m using a NES that I modified with a USB CopyNES (http://www.retrousb.com/product_inf…&products_id=36). Inserting this board inbetween the NES’s mainboard and processor adds a USB port to an NES that affords for lots of development capability, including the ability to write to RAM carts. The RAM cart I’m using is a PowerPak Lite, also from retrousb.com (http://www.retrousb.com/product_info.php?products_id=35)

For the USB serial communications to the NES I’ve gutted and hacked up mstrand’s script (https://github.com/mstrand/copynes)

So the rpi getworks a chunk of data, wraps it up into a ROM (detailed below), and sends it to the console using via USB CopyNES.

*Doing the hashing

SHA256 hashing uses many 32-bit operations, and the 6502 in the NES is an 8-bit CPU. Initially I thought this would be a significant challenge, but with some modifications, I got an open implementation of SHA256 to compile to a 6502 target using the cc65 compiler (cc65.org)

The rpi getworks a chunk of data, compiles it into a ROM that includes the SHA256 algo and current target data, and sends it to the console via USB CopyNES.

Each ROM computes and tests a single hash.

*Data Out

After the NES computes and tests the hash against the target value, the NES knows if this iteration was a success. But we need to pass successes back out to the bitcoin network.

If the generated hash is less than the target value, the background color of the screen will be green, otherwise it will be red. A Playstation Eye camera pointed at the screen takes a picture and, using OpenCV, checks for the predominant color in the image.

If there’s more green than red in the picture that the webcam snaps then it gets reported out to the bitcoin network as a success. If not, then we start the process over again with a freshly grabbed chunk of getwork data.

(emphasis mine)

So to recap: This guy is using a Raspberry Pi to pull transaction data from the network, packs it into a ROM containing a built-in SHA256 implementation and a single hash, and copies it via USB into a flashcart. The NES then computes and displays the result, and depending on the background color the webcam pointed at the screen reports this result back to the network as either a success or failure.

Again, all of this is for a single hash.

It’s even better once you actually see the thing running in that video he posted. If you count the time between screen refreshes, that setup is chugging along at approximately five hashes a minute, or 0.083 hash/sec.

At the current difficulty level, the average time per block would be 10,987,004,979 years, or more than twice the age of the earth. Truly the next generation of mining rigs! 

In Washington, D.C., women often complain about the lack of available men. On the other hand, “Man Jose” gets that nickname for having too few available women for the men of Silicon Valley. But is it fact or fiction? In love, as with real estate, it’s better to get the inside scoop before you start your search.

To figure out where the gender ratio is most skewed in each direction, we went right to the data. We know from our consumer survey about love and housing that not all singles are equally in demand, at least when it comes to dating. Among unmarried adults, 62% prefer to date someone who lives alone; only 14% prefer to date someone who lives with other people. Perhaps living alone sends the right signal about independence and availability – or perhaps living alone just makes dating easier (does anyone really want to hear their mom ask, “Honey, can I make you and your friend some pancakes?”).

Whatever the reason, we get it: so we looked at the ratio of men living alone to women living alone in order to assess the dating scene. We also subtracted estimates of the gay and lesbian population in order to focus on men and women interested in dating someone of the opposite sex; check out our Welcome to the Gayborhood post if that’s news you can use. Finally, we excluded people older than 65 since differences in life expectancy skew the gender ratio in the later years. (Just ask my grandfather, who was very popular in the Miami Beach coffee shop scene back in the day.) How did we do this? See the methodology at the end of this post.

Where the Boys Are
Women looking for single men should try their odds in Vegas, where the ratio of men living alone to women living alone is the highest among the 100 largest metros: 1.34. That’s four men for every three women. San Jose, it turns out, also has plenty of men to choose from, with 1.23 men for every woman. Several warm spots – Honolulu, Palm Bay-Melbourne-Titusville, FL, and Miami – also skew toward men (remember we’re not including those 65+), as do some mid-size metros around the country, like Worcester and Tacoma.

#	U.S. Metro	# of men living alone per woman living alone
1	Las Vegas, NV	1.34
2	Honolulu, HI	1.27
3	Palm Bay- Melbourne-Titusville, FL	1.26
4	Gary, IN	1.23
5	San Jose, CA	1.23
6	Salt Lake City, UT	1.21
7	Miami, FL	1.20
8	Worcester, MA	1.19
9	Allentown, PA-NJ	1.19
10	Tacoma, WA	1.18
Among 100 largest metros, excluding those with few singles living alone.

The most lopsided ratios, however, are not in these large metros. The ratio of men to women is above 2 in Williston, ND, Gillette, WY, and Rock Springs, WY. Each of these smaller metros is the center of a male-dominated industry: Williston is at the heart of the North Dakota oil boom, and Gillette and Rock Springs are Wyoming mining towns. In fact, rural areas and smaller metros generally have a higher ratio of men to women.

All the Single Ladies
Women outnumber men in the big three power centers of the Northeast: Washington, D.C., Boston, and New York. The ratio is highest in the Bethesda-Rockville-Frederick metro, which is just over the Maryland border from Washington, D.C. Nine of the 10 metros with the highest ratio of women to men are in the East: Oakland is the only exception.

#	U.S. Metro	# of women living alone per man living alone
1	Bethesda-Rockville- Frederick, MD	1.20
2	Washington, DC-VA-MD-WV	1.12
3	Boston, MA	1.09
4	New York, NY-NJ	1.07
5	Raleigh, NC	1.07
6	Richmond, VA	1.06
7	Atlanta, GA	1.06
8	Baltimore, MD	1.04
9	Peabody, MA	1.04
10	Oakland, CA	1.03
Among 100 largest metros, excluding those with few singles living alone.

The ratio of women to men tends to be highest in larger metros. None of the smaller metros are skewed toward women nearly as much as Williston, ND, is skewed toward men, but Napa, CA, and Santa Fe, NM, are two of the small metros with the highest ratio of women to men.

Uptown Girl, East End Boys
Billy Joel and the Pet Shop Boys – who otherwise couldn’t be more different – were both onto something. Billy Joel’s New York City had an uptown girl and a downtown man; the Pet Shop Boys sang of London’s West End girls and East End boys. The data back them up. In every big metro, there are neighborhoods where men outnumber women and neighborhoods where women outnumber men, as these maps make clear:

In New York, Lower Manhattan and parts of Queens, including Long Island City, have more men living alone than women living alone. But the Upper East Side ZIP code of 10021 – which covers most of the East 70’s – has almost two women living alone for every man who lives alone. In Los Angeles, men outnumber women across the downtown area, but women outnumber men across much of the west side, including Beverly Hills, Pico-Robertson, the 3^rd Street area, and around the Beverly Center. Farther west, along the coast, men outnumber women in El Segundo, Manhattan Beach, and Hermosa Beach.

Here are the best neighborhoods for finding single men or single women in 10 of the largest metros, based on the ratio of men and women living alone:

Best Neighborhoods for Finding Love
U.S. Metro	Highest Ratio of Men to Women	Highest Ratio of Women to Men
New York	Long Island City, Queens (11109)	Upper East Side (10021)
Los Angeles	Downtown / Fashion District (90021)	Beverly Center (90048)
Chicago	Greektown / West Loop (60661)	Near North Side/ Old Town (60610)
San Francisco	Tenderloin (94102)	Marina (94123)
Washington DC	Rosslyn (22209)	Upper Connecticut Ave (20008)
Boston	Downtown / Waterfront (02110)	Beacon Hill / West End (02114)
Houston	Great Uptown (77056)	Astrodome (77054)
Dallas	Deep Ellum (75226)	North Dallas (75251)
Seattle	Pioneer Square (98104)	North & West Queen Anne (98119)
Atlanta	Home Park (30363)	Dunwoody / Perimeter (30346)
Most unbalanced ZIP code in each metro, among ZIPs with at least 1000 total population and 20% of population living alone.

What do these neighborhoods have in common? Billy Joel was right: in most metros, the neighborhood with the highest ratio of men to women is in or near downtown, as well as in recently redeveloped neighborhoods like Boston’s Waterfront or Long Island City. Even man-rich Rosslyn is a major employment center despite being in northern Virginia, outside of Washington D.C.

The neighborhoods with the highest ratio of women to men tend to be more residential, like San Francisco’s Marina and Seattle’s Queen Anne, and more upscale (and safe), like the Upper East Side and Upper Connecticut Avenue. Some are near major retail centers, like Chicago’s Near North Side, the Beverly Center in LA, and Atlanta’s Perimeter Mall, though Houston’s Great Uptown neighborhood — which skews toward men — is near the Galleria, Texas’s largest mall.

Of course, we’re only talking about the quantity of men and women, not whether they’re your idea of a great date. If you’re not into the men of Vegas or the women of the Upper East Side, that’s your business. We can point you to cities and neighborhoods where you’ll have more dating options, and we can even help you find a home there. But if you’re looking for love, you’ll need to take it from that point. We’re not going to make you and your friend pancakes.

 

Note: these data are based on the 2010 decennial Census. “Neighborhoods” refer to Zip Code Tabulation Areas (ZCTA’s), an approximation of ZIP codes created by the Census. In calculating the number of men living alone and women living alone in each metro or ZCTA, we excluded people living in “group quarters” (e.g. dormitories, prisons, barracks, and other institutions) and people aged 65 and older. We adjusted these counts of men and women living alone based on our estimates of the prevalence of single gay men and women in each ZCTA, in order to estimate the number of heterosexual single men and women living alone. To do this, we used 2010 Census counts of same-sex partners – based on the correction described here – and assumed that single gay men and women were distributed geographically in proportion to same-sex male and female couples. 

» IE6 Usage in China Seems to be Collapsing

In a market that has historically been very slow to adapt to browser technology, StatCounter shows a significant drop in IE6 usage, and a more recent (but also significant) uptick in Chrome.

℅ @necolas

confirmed: rocket piano IS the Ultimate Piano

Want to catch next week’s Season Finale of Workaholics before your fellow brajers? Check this list of advanced screenings hosted by our friends at Comedy Central.

Snag some tickets NOW because yelling “A-O Maggots!!!” at the door won’t get you in.

Irvine, CA — 3/19 — Irvine Improv
Hollywood, CA* — 3/19 — Hollywood Improv
Ontario, CA — 3/18 — Ontario Improv
San Jose, CA — 3/19 — San Jose Improv
Phoenix, AZ — 3/19 — Stand Up Live
Palm Beach, FL — 3/19 — Palm Beach Improv
Ft. Lauderdale, FL — 3/19 — Ft. Lauderdale Improv
West Nyack, NY — 3/19 — Levity Live
Kansas City, MO — 3/19 — Kansas City Improv
New York, NY — 3/18 — Caroline’s on Broadway
Boston, MA — 3/19 — The Wilbur Theatre
San Francisco, CA — 3/19 — Cobb’s Comedy Club
Nashville, TN — 3/19 — Zanie’s Comedy Showplace
Charlotte, NC** — 3/20 — The Comedy Zone

* Features a stand-up set by Adam Devine following the screening
** Hosted by Erik Griffin (Montez)

» Learn CSS Layout

A fantastic new primer on the fundamentals of using CSS for layout.

℅ luxuryluke