Profile cover photo
Profile photo
Carson Lam
210 followers
210 followers
About
Posts

Post has shared content

Post has attachment
Hipster is not a real job.

But it does require a full-time commitment.
Photo
Add a comment...

Post has shared content
If your credit card processing system's security auditor is asking for a list of plain-text passwords for all user accounts on all your servers, you're gonna have a bad time.

A security auditor for our servers has demanded the following within two weeks:

A list of current usernames and plain-text passwords for all user accounts on all servers
A list of all password changes for the past six months, again in plain-text
A list of "every file added to the server from remote devices" in the past six months
The public and private keys of any SSH keys
An email sent to him every time a user changes their password, containing the plain text password
Add a comment...

Post has shared content
I bought a digital video download today that required a video player from Leaping Brain. As usual, the proprietary player wasn't great and to transfer it to my iPhone I'd need another proprietary player. Ugh. But I browsed around and found that the video had been downloaded into a hidden directory as a bunch of .mov files. Great, except none of the files would play.

It turned out the actual player, launched from their compiled app, was a Python wrapper around some VLC libraries. Nothing funny going on, as far as I could tell, but when I tried to launch the player directly, nothing happened. The compiled app was modifying the .mov files right before they were loaded into the player, and then reverting the file on disk. According to http://leapingbrain.com/mod-machine/faq/:

 "We apply our BrainTrust™ proprietary video encryption to your movies before we upload them to our servers. If someone ever was able to gain access to your content, the files would be useless and unplayable, because they are stored in a scrambled, encrypted format. Once downloaded to the user’s hard drive, the files are still encrypted and only readable via the MOD Machine Player by a legitimate owner. We are not aware of a better DRM scheme than ours. Where Windows Media DRM is easily crackable, and doesn’t run on Macs, BrainTrust™ works great on Windows 8, Vista, Windows XP and Mac, and is virtually uncrackable."

Virtually uncrackable? Well, since they load the file from a Python script, it's easy to make a copy of the "decrypted" file before it's reverted. Having done so, I was curious to see the encryption scheme. By comparing the binary files, I discovered the "proprietary video encryption" algorithm: for the first 15kB, each 1kB block has its initial bytes xor'd with the string "RANDOM_STRING". That's the "scrambled, encrypted format" that leaves these files "useless and unplayable".
Add a comment...

Post has attachment
NYC subway repair and construction proceeding faster than expected.
Photo
Add a comment...

Post has attachment
Photos from Google I/O 2012 and San Francisco trip. Photos from the first day were taken with an iPhone 4. Subsequent photos taken with a Galaxy Nexus.
PhotoPhotoPhotoPhotoPhoto
San Francisco 2012
130 Photos - View album
Add a comment...

I'm going to have Kelly Clarkson - Stronger stuck in my head for awhile. #io12
Tenderloin, San Francisco, California
Add a comment...

Post has attachment
Moscone West hosting Google I/O, and a giant Maps marker at the entrance. Taken at night with a Galaxy Nexus.
Photo
Add a comment...

Turns out I'm going to Google I/O 2012 after all! Spending a week in San Francisco, June 26 to July 2! #googleio2012
Add a comment...

Couldn't get a ticket for Google I/O 2012. Bummer.
Add a comment...
Wait while more posts are being loaded