Cover photo
Marc Chung
Attended Arizona State University
Lives in Phoenix
432 followers|14,349 views


Marc Chung

Shared publicly  - 
Code for America Brigrade
Add a comment...

Marc Chung

Shared publicly  - 
Street Fighter meets ping pong.
Riyad Kalla's profile photo
Given how it starts off, this ended up being about 20x cooler than I expected. Some awesome effects, would really like to see a behind-the-scenes of how you put a video like this together.
Add a comment...

Marc Chung

Shared publicly  - 
Explains how you pass around function literals. Results in cleaner code
Ikai Lan originally shared:
Captain Obvious on Javascript: it's a functional programming language! Worth a read even if you're an experienced Javascript programmer just to refresh your knowledge.
Add a comment...

Marc Chung

Shared publicly  - 
A quick post about Analytics and Google SSL.

A few days ago, I noticed that Google Analytics wasn't reporting keywords for Google (organic search results). Incoming keywords were replaced with '(not provided)'.

This has to do with Google's recent SSL changes--increased privacy for end-users, increased difficulty for inbound marketers. SEOmoz has one of the better write ups describing the situation:

Though, from the comments you'd think there were shenanigans going on.

"all of my top search keyword positions are now "Not Provided"."
"lost keyword information on a little over 2% of our visits and climbing."
"whatever happened to "do not evil"" <-- really?

The good news is that there's a quick fix: enable SSL on your own site. Yes, that's right. You'll need to buy an SSL certificate and install it on your site. You can also setup an htaccess or nginx config that 301 redirects http to https.

Here's why:

The referrer, HTTP_REFERER, is dropped when users move from an SSL website to a non-SSL website, which is the case when a user searches on and is taken to However, the HTTP_REFERER remains intact when users move from an SSL website to another SSL website.

If you want to see this in action, I've setup a quick demo.

1. Visit the demo page:
2. See that link? Click it. It's a specially crafted query that will return only the demo page.
3. Clicking on the first search engine result will take you to the demo page with the HTTP_REFERER intact. The keyword also shows up in Google Analytics.

Looking forward to SSL everywhere in 2012.

(Updated with a quick demo)
Marc Chung's profile photoClifford Wong's profile photoHeather Carnes's profile photo
Good question. Copy and paste it?
Add a comment...

Marc Chung

Shared publicly  - 
Love this organization

"[Khan] takes a dim view of the constructionist idea that students won’t really understand math unless they discover each principle on their own. “Isaac Newton would not have invented calculus had he not had textbooks on algebra.” Bill Gates is even more scathing: “It’s bullshit,” he says. “If you can’t do multiplication, then tell me, what is your contribution to society going to be?”"
Christian Posta's profile photoNicholas DiBiase's profile photoRiyad Kalla's profile photoPaul-Marcel St-Onge's profile photo
I spent a bunch of time on their YouTube channel tonight; great stuff and well done. Presentations made for web not just recorded in a classroom.

I could see teachers feeling threatened. When I took Calculus in high school, it seemed everybody got a second text book or two to better understand what our text and teacher couldn't get across. Khan Academy's presentation would be likely better than the teacher's!

I have to admit, two of the dimmest people on my street are teachers.
Add a comment...
In his circles
147 people
Have him in circles
432 people
Nicholas DiBiase's profile photo
Jim Jeffers's profile photo

Marc Chung

Shared publicly  - 
Feynman would have been 94 today. Among his many areas of interest, the one on software comes to mind.

Here's what he wrote about how the onboard software system for the Challenger spacecraft.

Pay particular attention to the attitude towards high quality (only six errors have ever been found), the attitude towards testing (for safety reasons), and the approach to saving money (cutting scope, and not process)

It was written in 1986.


The software is checked very carefully in a bottom-up fashion. First, each new line of code is checked, then sections of code or modules with special functions are verified. The scope is increased step by step until the new changes are incorporated into a complete system and checked. This complete output is considered the final product, newly released. But completely independently there is an independent verification group, that takes an adversary attitude to the software development group, and tests and verifies the software as if it were a customer of the delivered product. There is additional verification in using the new programs in simulators, etc. A discovery of an error during verification testing is considered very serious, and its origin studied very carefully to avoid such mistakes in the future. Such unexpected errors have been found only about six times in all the programming and program changing (for new or altered payloads) that has been done. The principle that is followed is that all the verification is not an aspect of program safety, it is merely a test of that safety, in a non-catastrophic verification. Flight safety is to be judged solely on how well the programs do in the verification tests. A failure here generates considerable concern.

To summarize then, the computer software checking system and attitude is of the highest quality. There appears to be no process of gradually fooling oneself while degrading standards so characteristic of the Solid Rocket Booster or Space Shuttle Main Engine safety systems. To be sure, there have been recent suggestions by management to curtail such elaborate and expensive tests as being unnecessary at this late date in Shuttle history. This must be resisted for it does not appreciate the mutual subtle influences, and sources of error generated by even small changes of one part of a program on another. There are perpetual requests for changes as new payloads and new demands and modifications are suggested by the users. Changes are expensive because they require extensive testing. The proper way to save money is to curtail the number of requested changes, not the quality of testing for each.
Full Appendix F
Add a comment...

Marc Chung

Shared publicly  - 
Reverse engineering malicious JavaScript.

A few days ago, I got an email with a PDF attachment. When viewing the PDF with Preview, there were only two blank pages. Curiously, I opened up the PDF with a plain text editor and guess what I found embedded in the PDF: (Don't worry, it won't break your computer)

A quick search reveals that Adobe Acrobat is the only PDF reader that executes JavaScript, so I wasn't worried about being compromised. Still curious, I thought I'd figure out what was happening by deciphering (or un-obfuscating) the code.

First, it's kinda cute how much crazy shit you can do with JavaScript. The first thing I did was unescape the HTML entity codes so that ...

&lt; became <
&#000119; became w
w(s&#46;join('')); became w(s.join(''));

... and so on, until I got the following:

Then I opened Chrome, launched the JavaScript console and proceeded to step through the code. (Whenever I reverse engineer these types of attacks it's almost always a bunch of work to obfuscate 'eval()'.)

Here are a few noteworthy entries

(1) The payload only executes when ...


... are equal to each other (in this case, when the variables === 'nct').

I'm not sure on which platforms this is or isn't true, but it does make you consider how popular and widespread JavaScript runtime engines have become.

(2) The next few lines splits a long string into an array and deciphers the array with the following Caesar cipher:

cc="+K_4{3 ;q-QpandD:/xM08u'W.iF}tr\"l^I%7]Ybkf=S[g?mL96svCo&lt;2E,*(yB5)jAVRUchwe1";

(3) After the array has been deciphered, it concatenates the array (into the payload) and runs it through eval.

Here's the rest of the documented code:

I'm pretty sure I did something wrong because the payload has typos, for example: 'return' is 'rcturn' and 'function' is 'funVtion'

You can see the deciphered payload here:

It looks like the string is further obfuscated, but before I continue, can anyone help me figure out why the payload has typos? You can view all four entries here:
Marc Chung's profile photoJ.R. Murray's profile photoClifford Wong's profile photo
I was unfortunate enough to get one of these and have to break it down. It was basically a heap spray (not sure which vuln) that ran some shellcode. It was the usual http downloader, which pulled down the following sample:
Here is a sandbox report as well -
Add a comment...

Marc Chung

Shared publicly  - 
Air Status originally shared:
If you were out on New Years Eve in Phoenix, AZ, you were probably exposed to the poorest air quality for December 31st in the last 7 years.

The highest fine particles (PM-2.5) peaked at around midnight, which we presume is right around the same time that the fireworks went off.

So why the sudden spike? What happened this year?

I'll share some insight into what I think happened. Last year, HB 2246--the Arizona Fireworks law--passed legalizing state-approved or "safe and sane" fireworks. Now because of the timeliness of the bill's passing (on Dec 1st, 2010) not a lot of people heard about it in time to buy fireworks for 2010.

Of course, this changed in 2011, which evidently caused some pretty miserable side effects.
Marc Chung's profile photoLuis Montes's profile photo
and karma strikes back.... 8 mile bike ride just now, and got my recommended monthly allowance of car exhaust.
Add a comment...

Marc Chung

Shared publicly  - 
At a coffee shop overhearing a couple of people mentioning how Google Plus is complicated. One of them appears to be actually stressing out. Damn surprising.
Naum Trifanoff's profile photoRiyad Kalla's profile photoAmy Lastuka's profile photoHeather Carnes's profile photo
Marc - missed u at the GTUG mtg last nite. BTW... my app is +1000 installs now - not bad for a narrow niche. Cheers
Add a comment...

Marc Chung

Shared publicly  - 
They've crossed the status and the private one-on-one streams
Yonatan Zunger originally shared:
More useful-but-maybe-not-obvious features of Google+

* If you want to send a private message to someone, just create a normal post and share it only with them. Bam! Instant one-on-one conversation! If you want to make a post publicly visible but aim it specifically at someone, share it with them and also with Public (or also with your circles, etc).

* Speaking of sharing only with someone: If you type +<name> or @<name>, it shares the post directly with them, just like if you added their name in the sharing targets. You can also do this in a comment, to pull someone else into the conversation.

* Want to see who can see a post? Next to the dateline at the top of a post, you’ll see something like “Public” or “Limited.” “Limited” is a link -- click on it to see who has access.

* At the top right of each post, there’s a little circle-and-triangle menu. For your own posts, this menu lets you edit or delete the post, or disable commenting or resharing. For other people’s posts, it lets you link to the post, mute it, block the person completely, or report abuse.
Beau Simpson's profile photoRobert Heron's profile photo
This will undoubtedly lead to many amusing "oops i thought this was a private conversation" moments. I still say a one-on-one should be done via email, but I'm old fashioned.
In his circles
147 people
Have him in circles
432 people
Nicholas DiBiase's profile photo
Jim Jeffers's profile photo
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Los Angeles - Melbourne - Brunei - Singapore
Contributor to
The man with the plan
  • Arizona State University
Basic Information
Marc Chung's +1's are the things they like, agree with, or want to recommend.

Quickly and easily manage all of your Lookout protected devices.

Authorship - Webmaster Tools Help

Help articles; Webmaster essentials; My site and Google; Using Webmaster Tools; Sitemaps; Help forum; Checklist; Get started; Webmaster Guid

A Comparison of the Effects of Three GM Corn Varieties on Mammalian Health

Int J Biol Sci 2009; 5(7):706-726. doi:10.7150/ijbs.5.706. Research Paper. A Comparison of the Effects of Three GM Corn Varieties on Mammali

AngularJS — Superheroic JavaScript MVC Framework

AngularJS is what HTML would have been, had it been designed for building web-apps. Declarative templates with data-binding

Anglican Journal: Curbside haiku for Christmas

More than 200 colourful traffic signs have appeared at New York City&#39;s busy, high-accident hubs urging caution—in haiku . Photo: New Yor

Not all silences are awkward. | Indexed

Not all silences are awkward. Posted on November 1, 2011 by Jessica Hagy. Share and Enjoy: Digg; StumbleUpon;; Facebook; Twitter

What comes next - Union Square Ventures: A New York Venture Capital Fund...

What comes next. Now is a great time to be an internet entrepreneur. While much of the global economy sputters, tech companies post growth n

American migration map

Recently Popular. Best Math Question EVAR Best statistics question ever 810 comments. Venn piagram The Venn Piagram 15 comments. Address is

Opinions from Newsday

Send Newsday haiku to celebrate this verse form and to share your views.   Yes, it's that time of year again. National Haiku Day is al is a microblogging site for haiku lovers.

Phoenix Business News - Phoenix Business Journal

Phoenix, AZ News - View Daily Local Business News, Resources &amp; more in Phoenix, Arizona.

Saturday Surprises |

A few weeks ago, I took Chris out for a day of surprises. Each surprise began with an envelope with a trivia question. Chris had to answer t

NYTLabs Magic Mirror Reveals News and Health Statistics - information ae...

ATTRIBUTE. Mon 28 November 2011 at 8:08 PM by infosthetics. CATEGORIZE. architecture / news. PARTICIPATE. add to the 1 comment bookmark, sha

U.S. Air Quality: Poor air quality in Arizona and California

Poor air quality in Arizona and California. Last night saw the poorest air quality (Very Unhealthy) for December 31 in Phoenix in 7 years. T

Haiku Traffic Signs Bring Poetry To NYC Streets : NPR

New York City's Department of Transportation has taken an artful approach to safety: colorful traffic signs written in haiku. "Poetry has a

Programmers make time to rhyme in Silicon Valley - San Jose Mercury News

MOUNTAIN VIEW, Calif.—A year ago last July, Freeman Ng set out to write one haiku a day. Now, 514 poems later, hes still writing, and more

Google Reader

Have trouble keeping up with the sites you visit? Read them in one place with Google Reader, where keeping up with your favorite websites is