Not just writing assembly, rewriting a compiled object file without letting any of the addresses change, without having the source to work with, and presumably with almost no documentation, to patch a program that has been left untouched for almost 20 years.
Those properties come by definition. Addresses don't change because you can't (realistically) change things any much and move things around.
Basically, think of it like this: you have an old book, written in some magic runes and is told that a certain (quite short) paragraph is wrong and can be badly misinterpreted due to poor wording. You know, the magic spell goes kaboom.
You have tools that can easily and painlessly: a) translate the runes into a text that mere mortal can reasonably easily read; b) scrub runes off the page and write any new ones over; c) translate your text into runes. There is a simple correspondence between text length and how many runes it would take. Now, all you need is to write the new text that must be no longer than old one was. Not a trivial task, but not something extraordinary. Just rare, because we don't deal with magic runes those days as familiars take orders and handle all the gory details.
Writing assembly requires a skill. So does reading old assembly code of a particular function and figuring out what it did. That's admirable, but not something unbelievable.
It's just rarer to see those days, but not a lost art or anything like that. Crackmes are still alive. On the game cheat forums such patching (albeit, for a different purposes) was the norm, and probably still is for the games that aren't protected. And many embedded developers have their fights for code size quite often.
It is easy to not let addresses change, because compilers without “-O2+“ do lots of extra stack ops. Documentation is not needed there, because it is overflow fix, it is catchable by debugger and both caller and callee are right in bt. And the fact that this program was not recompiled for 20 years actually adds to the possibility of what was done. Modern compilers are much less forgiving.
Anyway, your points are pretty weak and oh-magic-driven, and I don’t see any reason gp comment to be gray or work to be called stellar. Though of course it was done by asm-skilled person.
I think it's easy in all the superficial churn of frameworks and languages to forget how much depth there is in our field. To me, writing a compiler isn't that big a deal anymore; it's the kind of exercise I might use to try a new language out. But when I was a sophomore in college, even after a few years of computer usage, it would have been magic to me.
It takes a lot of work to get to the point of skill demonstrated in this article... but there's still a lot of skill runway beyond that level of skill, too. It's simultaneously true that this is an impressive amount of talent, and that there are people for whom this would be an entertaining momentary side diversion from their normal job.
I kind of agree with the sentiment. It isn't that crazy.
We do this as a matter of course all the time. Patching a small handful of instructions is pretty easy. You could learn to do it on a week or less if you are a decent programmer.
Do it well? Do it quickly? Do it idiomatically and in a short amount of time.... Takes real skill.
I used to patch games for infinite-lives, or to allow my serial numbers to be accepted. Doing this wasn't hard, as somebody who grew up writing assembly language on 8-bit machines in the 80s.
One fun self-challenge was always to make my modifications as small as possible. e.g. one-byte changes were a lot more impressive than two-byte changes.
It's interesting. I have observed if people learn on an 8 or 16 bit machine, like in Microcorruption, they tend to be able to pick up more complex ISAs much easier. It helps to know the first principles.
It is indeed a lost art. I can count with just one hand the amount of colleagues that I know that are capable of doing this. Also this is not assembly, it is object code.
Disassemblers exist. You can take the binary, generate the assembly code, fix it and then re-compile to find the needed changes. I cracked a few sharewares with OllyDbg this way (just for fun, never distributed), and I'm no "leet coder".
> This is way more tedious that disassembling and reassembling a binary.
It used to be stuff we did for fun.
Back in the day we might not even load the entire program into memory - I remember manually patching disk sectors on the C64 with tools that'd let me disassemble arbitrary content to see if it happened to match code.
I also spent a couple of years programming assembly directly in a "machine code monitor" - an assembler used to assemble/disassemble memory instruction by instruction rather than from a file.
This was something several members of my primary school class would do for entertainment.
The idea that this is particularly difficult just reflect that fewer developers have spent time getting familiar with assembly these days.
We still do! When I added Retroarch to my HTPC I wanted it to use the "ok" and "power" buttons on my remote instead of "enter" and "escape" which are only found on a keyboard. While I did contribute a patch to the Retroarch project, which I tested using a laptop, binary patching was much easier on the Raspberry Pi ARM binaries than figuring out the build system for LibreELEC (the binary patch drops support for enter/escape, so it's literally changing two bytes for the two keycodes).
It stopped being fun for me when I moved to an x86 box, I'm afraid. Though I do get my share of asm thanks to my (very slow moving) Ruby compiler project, it's more painful than fun.
Yes, disassemblers will often write raw bytes directives (e.g. "db 72, 101, 108, 108, 111") if they can't disassemble the instruction, so you can get 1:1 by disassembling and reassembling; but I doubt this patch was done by doing that on the whole binary.
To elaborate, you sketch out the assembly you need, assemble it and literally drop those new bytes in.
Tools like IDA Pro, Binary Ninja, and Hopper make this quite easy. A good hex editor and knowing the file offsets is also fine. This is seen as magic because it is a bit of a lost art, but it turns out to be easy to learn.
Check out "crackmes" if anyone has become interested in this topic of mangling binaries by hand. They are fun and you will get results quickly on the easier challenges.
I wouldn't call it a lost art... Assembly is used many places, even for new projects. But it makes sense that assembly programming might seem impressive (or antiquated) to the HN crowd, which I have an impression is composed of a lot of newly grads, web developers, and comparatively few old hats.
Not sure. Just saying it's easy to add a cross and be truly and not leave the question of bias out there. This is becoming a mountain out of a molehill thing though. I just don't want Google villified by you know whos.
I'm a Christian and I feel this is a cheap shot. I believe this to be malicious, especially coming from Google. Could even be some kind of inside joke.
I'm a Christian and I just feel this came from a team that didn't have much in the way of a Christian on their team. That said we as Christians aren't faring well at being represented at all at most tech companies. Even moreso I bet at google but that's just me assuming. I fear the worst but assume the best of google about this. It's really a small detail.
How about: "we don't even know who the alleged rapists are, so maybe we shouldn't form an opinion on their skin color being different before we jump to conclusions"?
It also obviously excuses your behavior regardless of what you do.
Let's say you're a selfmade man with working class background parents, and you worked two jobs while going to school, and now operate and run your own business, making enough money to support your family and have a nice life.
Apparently, because someone comes from a different socioeconomic background, they're entitled to take whatever they want from you.
Wow, nice way to setup a really weak straw man! It's got the whole self-made man story there just for extra "relatable" points. Amazing job!
I didn't realize that now pointing something out is condoning it. Would you say that by pointing out demographics might be playing a factor, the original poster was condoning their behavior?
I would like to see a fair referendum about net neutrality. And by fair I mean to also see the good parts of not having net neutrality, like zero rating.
Tell people they can get zero rating on their favourite services, and the result of such a referendum will be uncomfortable for many.
I'm really tired of seeing people everywhere thinking net neutrality is "unquestionable", "universally good" and "the will of the people". Ever bothered to ask anyone outside the tech circles? Or you simply think you know what's best for everybody?
I work for a growing medium sized ISP - and I'm against net neutrality. I could write an entire essay about the unintended consequences, hypocrisy, ridiculous internet memes, and monopolies but I'll only leave one point that hopefully strikes a chord in those who only see one side.
As a smaller ISP we are constantly asked for cheaper plans for - typically - older people who "just want to check their email." Thanks to net neutrality we cannot offer these people anything.
We are forced to compete DIRECTLY against the comcast's and AT&T's in our region. A competition where our only weapon is cost. And if we lower our costs we only get a bunch of power users who consume 10x more bandwidth than typical users - the big business marketing departments eat our budgets for breakfast.
Without net neutrality the first thing we'd do is setup a "email only" plan - charge $5 a month and literally knock on doors in retirement homes and sign up swaths of people. We could probably oversell the single line by an order of magnitude more than usual.
Net neutrality directly prevents any sort of choice for the consumer as to what level of internet access they want or need. And yes that might sound scary - but the VAST majority of people in certain age groups just simply dont WANT to pay $80 a month to check their email.
In a non-NN world, nothing will stop Comcast or ATT&T from also offering an "email only" plan. Except in their version of the plan, it costs $0/month if you use their own hosted email service. And when the grandkids come over they can watch Netflix for free because Netflix is paying the ISP to subsidize bandwidth.
Eliminating NN will make competition even worse for smaller and medium sized ISPs because the big ISPs have disproportional leverage to extract subsidies from media companies and make all sorts of deals. In some cases, the ISPs even own the media companies (for example, Comcast owns NBC). How can you possibly expect to compete with that?
Assuming there are a sufficient cohort of those potential customers to make it worthwhile going after them in the first place:
Under current net neutrality rules, is it possible to sell a data capped plan (but content agnostic), with overages, where the data capped portion is below rival “uncapped” plans?
That way it seems like one could attract that demographic without the downside you highlighted.
There is an entire undeserved niche from the dialup crowd who are extremely unhappy paying more than $10 a month - so yes it could be well worth the investment.
As for caps - which do you think would sell people better: "You have full access to anything on your email" vs "You can download 500 mb of data a month"
And what will happen to their service when the grand kids come over and want to watch netflix?
> There is an entire undeserved niche from the dialup crowd who are extremely unhappy paying more than $10 a month
A low-speed broadband plan (or even dialup) would serve those customers fine, no?
> As for caps - which do you think would sell people better: "You have full access to anything on your email" vs "You can download 500 mb of data a month"
What if those emails link to some other site on the internet? Or contain photo or video links? Does it still count as “full access” if things slow to a crawl in those cases? With email being so small anyway, how does that differ in practice from just a low speed plan? It could still be marketed as “access to everything in your email.”
> And what will happen to their service when the grand kids come over and want to watch netflix?
This question itself seems to undermine your point. What would happen in that situation, on a plan like the one you’d like to sell?
Without NN there would be a ton more providers to choose from because we'd be able to compete on more than price.
Comcast's of the world can oversell their lines by 4x what we can because they can simply get the word out to low-traffic users better than we can. Thats 4x the revenue smaller ISPs just don't get directly because of NN.
NN is explicitly there to _stop_ you from competing on more than price, because introducing free market capitalism to basic infrastructure is a horrifying idea. Should utility companies be able to compete on more than price? Should roads be able to compete on more than price?
Being able to do so is great for the company in charge of the utility, but literally everybody else immediately loses hard.
This would work if ISPs with the pipes were forced to peer with other providers. Just like people have (some) choice to get their power from green generation, but it uses the same grid lines.
There's nothing stopping them from doing this now, but the fact of the matter is ISPs don't want competition.
Please explain how NN is keeping competition down. Also consider that we haven't had 'official' common carrier NN until last year. So where was all the competition then since NN was not a barrier?
> Comcast's of the world can oversell their lines by 4x what we can because they can simply get the word out to low-traffic users better than we can.
So NN prevents you from getting the word out? Huh?
What happens when the photos are on Google Photos? What happens when they need to update their browser because theirs is outdated and becomes incompatible? What happens when one of their grandchildren sends them a YouTube link to their concert performance from school? I absolutely guarantee you that in each of these scenarios they will call and complain because their email isn't working.
They think that they only want email, but what they really want is to access the internet via their email.
So not only do you want to snoop your legitimate customer's traffic, you also want to own their personal computers at a level that would allow you to make that distinction? I find that disgusting.
Also, I don't think I've ever heard such a misuse of the word "simply"
>To eliminate support calls I would simply design a system where any place they went FROM their email would work - maybe up to 3 or 4 links past email.
What? What constitutes a "link"? This doesn't make any sense.
How are you determining this without sniffing everyone's traffic? How do you know if someone typed youtube.com into their browser window or clicked a link from an email without access to things like referral headers?
Thank you very much for this perspective from a smaller ISP. Regulation specifically written to address the worst practices of the largest actors in a market can indeed place disproportionate burden on the smaller players. I.e. regulation is always imperfect, especially when lawmakers become zealous about issuing only minimal regs, neglecting nuance. My question, tho, is what sort of regulation in broadband service would you see as beneficial? If you're a WISP, your wire-line competitors hang their service on publicly funded utility poles for attachment fees that don't really share the burden of maintenance. Just ask electric customers experiencing consistently rising bills. Those competitors will continue to depress the level playing field to tilt towards them, which can dramatically stifle innovation too.
1. You do not need "net neutrality/not net neutrality" for this. if your cohort is people in nursing homes/old people's home then you provide a reference URL to the nursing home and in T&C tell them that by agreeing to this plan they agree to you monitoring their internet usage for "blah blah blah" and in exchange for that you provide price X. If they want unfiltered intewebz, they get it for price X+Y
2. If you are not providing last mile, you are not competing with comcast, verizon, at&t or whoever else owns that infra.
I'm sure you'd like that. But I cannot allow it, because while I'm sure you'd have perfectly benign intentions of just using it for stuff like that, Comcast and AT&T don't. And there is no fucking way I am going to let them have the ability to carve up the internet, and fuck the rest of us, just so you can offer your cheap plan.
I care far, far, far more about net neutrality, and not having the internet get fucked, than about your company making money.
Time for a standard issue HN automobile analogy where for various engineering reasons commercial automobiles all have about the same order of magnitude of horsepower regardless of elderly demands that they just want to drive to church on Sunday and are not interested in racing thru national parks at 100 MPH like the TV commercials and young people supposedly demand.
In theory you'd think we could make motorized land vehicles with all random power outputs just like boats, but in practice they're all within an order of magnitude, how odd.
From an engineering standpoint I'm not sure what we could take away from a modern car to make a "Sunday church only" car that would still be street legal and not result in immense staggering levels of customer dissatisfaction. In addition, I'm kinda claiming old people saying all they want is email, are lying. The instant you sell that "email only" product the instant the phone lines light up with support calls. They don't actually want it, they want cheaper prices and they're hoping that stereotype will sell their request. They have no idea that "email only" would be costlier to provide, they just think its an inferior position so gimmie a lower bill. In summary, we can't sell it because it would be a support nightmare and its maybe not possible to engineer without significant extra expense.
The thing about market segmentation is that its very expensive to implement legacy long distance telco style era billing infrastructure... we aren't gonna split product prices from current price X into X/2, X/3, X/4 for inferior products. To fund the billing infrastructure we're going to split into 2(X+100), 0.75(X+100) etc. Both a VERY high offset to fund the billing costs, and an additional medical insurance style monopoly increase to multiples of higher price, not lower. Killing net neutrality is about monopoly middlemen raising prices, never about lowering them.
An even closer although more stretched analogy is a modern car that can drive across the country at high speeds is going to cost almost exactly as much as a car that can just barely drive to the post office. Its not like turn signals or air bags are any cheaper. Certainly there's no such thing as single mode fiber optic lasers that are only rated for email checking vs 10G multiplayer gaming use.
I've noticed watching my kids that bandwidth use has stopped increasing. Thru my life bandwidth use only increased, over many orders of magnitude. That era is over, and we're raising kids who have constant BW use over the course of their lives. For context my daughter is the same age as Youtube and nothing has happened since then WRT BW use. Everything other than streaming video is a rounding error and trillions of hours watched show resolution and quality are totally optional for video consumption despite decades of broadcast engineers and professional producers claiming the contrary in the legacy media.
You may or may not be surprised that many tools needed to provide an "email only" service already exist and are quite easy to implement.
Something as easy as allowing email + 3-4 links past email would solve virtually all problems and support calls and a bit of usage monitoring would eliminate the fraud
Tell me again how charging by amount of data use and speed is not already solving this problem? I can go to comcast.com and buy an email only package right now. Also, why is this suddenly going to allow you to take market share from Comcast? Do you honestly think the reason we don't have competition in the ISP space is due to not being able to unbundle packages?
This is why you tell people about the consequences of no net neutrality.
Ask people if they like being more-or-less forced to use some companies over others, or if they like paying a premium for online gaming. Ask people how they'd feel if Optimum decided to slow down traffic to Fox News if Fox News released a story unfavorable to Optimum. Ask people how they'd feel if a startup that intended to compete with Netflix was effectively shut out of the market by deals like theirs with TMobile.
Better yet, show them an image of internet packages ala cable. That'll make them change their tune.
I have no problem with any of the above, IF and ONLY IF the barriers to entry for competition weren't so high. I feel that the only reason we are discussing NN right now is because government regulation has effectively given major telcos a safety net wherein they can make small competition jump through an infinite amount of hoops to service an area.
Free up the protectionism we're granting to major telcos and let the consumer choose what they are willing to pay for.
Edit: Ultimately the consumer must own the "last mile" that is feeding their residence. In that way, ISPs would lease space in the residential IDF to tie willing customers in that neighborhood in.
This is absolutely the issue at hand. The two sides are monopoly + public utilities commission (FCC) or market competition. To get market competition, we'll still have to have SOME monopoly unless you want multiple "last miles".
Zero rating is only good for the companies that get it. If you're trying to compete with a company that has zero rating, but you don't, then you're fucked.
You're gonna have to do a much, much better job of explaining why zero rating is a good thing.
This would be really neat. Thing is, as far as I remember, notepad.exe uses a standard Windows control to display text, so that change would have to be system-wide as well, which could break backwards compatibility.
Consumers certainly can't evaluate each product individually, and that is where certification is a simpler form of evaluation.
It also isn't necessary for every consumer to care about certification. All it takes is a minority to do so - enough to tip sales away from the competition. Certification is also easy to mention in reviews and product feature lists.
We should abolish prisons then? It's a ridiculous argument. Abuses can happen with full backing of the courts, but I expect them to not happen.
In all the years that this system has been in place in Spain I have never seen it used for anything other than blocking websites that were in breach of the law.
Wait, what? How do you get abolishing prisons out of that?
Back to the subject, what if a law is bad, but the mere act of saying publicly that the law is bad is, in itself, breaking the law? That's where this is all heading.
It starts with prohibiting the utterance of specific words because they hurt someone's feelings, but hidden under "consumer safety" or "public order." No one speaks against it because "of course we shouldn't hurt the feelings of others with mean words."
So what? We have hate speech laws in Europe. Try saying "the holocaust never happened" or "homosexuals are vile creatures" and you will see what can happen to you. There's no free speech in Europe anyway.
The point wasn't that it was extrajudicial, she was just demonstrating that a tool instituted "for consumer protection" can, once implemented, easily be used for democratic suppression or censorship.
They didn't say it was blocked using this proposal. Just that it was expedited through website blocking infrastructure that was put in place for other purposes.
P1. Infra A exists.
P2. Infra A has been abused.
C1. If we build infra A, it can be abused.
P3. Abuse is bad.
P4. This proposal proposes that we build infra A.
P5. A proposal to build something that can be abused is bad.
C2. A proposal to build infra A is bad.
That's all fine. It's all fine, except P1 still stands even at the time we reach C2. The infrastructure already exists. So the argument sounds funny. Not unsound, but somewhat unconvincing.
It's a much better argument for the proposition that we should dismantle the infrastructure, than that we shouldn't make additional legitimate use of the infrastructure.
>Compared to Facebook or LinkedIn, for example, it has much less focus on the network aspect, connecting individual users, and a much larger focus on what is being posted.
They are completely redesigning and rewriting the website from scratch with the objective of turning into an actual social network. Look what the new user profiles look like: https://www.reddit.com/user/spladug
