TeMPOraL 367 days ago [-]
> "Technical Note: This file, pocorgtfo15.pdf, is valid as PDF document and as a ZIP file of the relevant source code. Those of you who have laser projection equipment supporting the ILDA standard will find that this issue can be handily projected by your laser beams."

So this file is a PDF that's also a ZIP, and the archive contains - among other things - a song in MP3, and another PDF that's also a Git repo. Oh, and the whole bundle is supposedly laser-projector-compatible (that fact I can't verify - I have no access to such equipment).

I love this <3.

FreakLegion 367 days ago [-]
Issue 10 is my all-time favorite:

> The polyglot file pocorgtfo10.pdf is valid as a PDF, as a ZIP file, and as an LSMV recording of a Tool Assisted Speedrun (TAS) that exploits Pokémon Red in a Super GameBoy on a Super NES. The result of the exploit is a chat room that plays the text of PoC‖GTFO 10:3. Run it in LSNES with the Gambatte plugin, the Japanese version of the Super Game Boy ROM and the USA/Europe version of Pokémon Red.

Bartweiss 367 days ago [-]
This is genuinely brilliant. Thanks for sharing.

For anyone who wants to read the back issues: https://www.alchemistowl.org/pocorgtfo/

xorbyte 362 days ago [-]
Back issues are always included in the current issue, hence the zip. Keep recursing that way (or use binwalk)
alltakendamned 367 days ago [-]
As you have a newfound love for file polyglots, have a look at this talk by Ange Albertini, one of the people behind PoC||GTFO


modeless 367 days ago [-]
Has anyone ever been able to make a polyglot executable file that runs on Windows, Linux, and macOS? (Without cheating by adding a PE loader to Linux or anything like that)
FreakLegion 367 days ago [-]
All of those file types use header magic (if for macOS you mean Mach-O), so you can't combine them. For macOS containers (app bundle, DMG), though, you might be able to, depending on how strict the OS is about having random data prepended to the container. But that still won't let you combine PE and ELF.
modeless 367 days ago [-]
True, but Linux executes some things that aren't ELF and Windows executes tons of things that aren't PE. I wish someone would come up with something, because how awesome would it be to be able to distribute a single executable for all desktop platforms?
FreakLegion 367 days ago [-]
If the goal is any execution, you can do it on older (but still used in some places) Windows versions with COM, or if a) it's possible to construct a minimal executable without non-text characters, or b) there's a scripting engine that accepts non-text characters (raw, not just encoded), you could do it with a script. Off the top of my head I can't think of what else you might run in Windows, but I'm much less familiar with Linux.
echelon 367 days ago [-]
Thanks so much for this!

I wrote an ILDA parser in Rust [1], and I also have a virtual EtherDream laser projection DAC (also in Rust [2]) that you can play this against if you're interested.

I'll try to fire this up tonight and see what renders.

[1] https://crates.io/crates/ilda

[2] https://github.com/echelon/etherdream-emulator

pjc50 367 days ago [-]
The previous issue 0x14 is also a NES ROM that prints its own MD5 hash. That issue was dedicated to fun things to do with MD5 exploits.
semi-extrinsic 367 days ago [-]
The good pastor Laphroaig preaches:

If the 0day in your familiar pastures dwindles, despair not! Rather, bestir yourself to where programmers are led astray from the sacred Assembly, neither understanding what their programming languages compile to, nor asking to see how their data is stored or transmitted in the true bits of the wire. For those who follow their computation through the layers shall gain 0day and pwn, and those who say “we trust in our APIs, in our proofs, and in our memory models and need not burden ourselves with confusing engineering detail that has no scientific value anyhow” shall surely provide an abundance of 0day and pwnage sufficient for all of us.

j_s 367 days ago [-]
No Starch Press is taking orders for a limited print edition.


Estimated availability August 2017

Consistent with the journal's quirky, biblical style, this book comes with all the trimmings: a leatherette cover, ribbon bookmark, bible paper, and gilt-edged pages. The book features more than 80 technical essays from numerous famous hackers


zeitg3ist 367 days ago [-]
It seems like a beautiful edition, I'd like to buy it. However, shipping to Europe costs almost as much as the actual book (25$). Are there other sites that sell it? My local Amazon usually has most No Starch books in stock, but I can't find this one.
billpollock 367 days ago [-]
Group buys should save on shipping. We should have stock at Amazon after Defcon, unless we sell out of them.
semi-extrinsic 367 days ago [-]
FWIW, anyone shipping single books from the US to Europe will have roughly the same shipping price; for sure you won't find any under $20, unless some European web store has ordered a few hundred copies for redistribution.
mentat 367 days ago [-]
They're distributing at DEFCON if you know anyone going.
billpollock 367 days ago [-]
We'll have the book in wider distribution after Defcon. If we don't sell out of them.
iOSGuy 367 days ago [-]
Is anyone besides No Startch selling this? I refuse to order from them anymore. :/
durkie 367 days ago [-]
based on...?
367 days ago [-]
theEXTORTCIST 367 days ago [-]
From the PDF: "Bitrot will burn libraries with merciless indignity that even Pets Dot Com didn’t deserve. Please mirror don’t merely link! pocorgtfo15.pdf and our other issues far and wide, so our articles can help fight the coming flame deluge. We like the following mirrors. https://unpack.debug.su/pocorgtfo/ " https://pocorgtfo.hacke.rs/ https://www.alchemistowl.org/pocorgtfo/ https://www.sultanik.com/pocorgtfo/
Retr0spectrum 367 days ago [-]
The server seems to be under fairly heavy load, more download options listed here: https://archive.org/details/pocorgtfo15 (Try the torrent)

Other mirrors:


diggan 367 days ago [-]
Also published over IPFS as QmSYPTz9Eg2HyStSzVtiyUzehPDT1J9LEenBqt3TpFLRrD

You can see the filelisting directly in the browser here: https://ipfs.io/ipfs/QmSYPTz9Eg2HyStSzVtiyUzehPDT1J9LEenBqt3...

Edit: decided to mirror all of them, provided in QmcLWK1R4KK7mDwSDwAm5Ny5gs185vgMpXbnbWbxp44Dvm - https://ipfs.io/ipfs/QmcLWK1R4KK7mDwSDwAm5Ny5gs185vgMpXbnbWb...

TeMPOraL 367 days ago [-]
To those who know how to use IPFS - how do I make it so that my computer mirrors those files with this hash?
diggan 367 days ago [-]
Run this command while the IPFS daemon is running:

$ ipfs pin add QmcLWK1R4KK7mDwSDwAm5Ny5gs185vgMpXbnbWbxp44Dvm

It'll start downloading and then seed about 700 MB of data as long as you have the daemon running.

JosephRedfern 367 days ago [-]
Both the linked PDF and the archive.org PDF were downloading quite slowly for me -- I've uploaded a copy here which (for the time being) should be reasonably quick: http://lithium.redfern.me/pocorgtfo15.pdf
ship_it 367 days ago [-]
You sir, a gentleman. 15 seconds instead of God knows how much.
ESultanik 367 days ago [-]
There's also a Gopher mirror, because of course there is. gopher://firusvg.no-ip.org:7070/
Quiark 367 days ago [-]
I also made a mirror of the PDF on IPFS (BitTorrent is soooo 2000's)


nstj 367 days ago [-]
What a wonderful publication. Reminds me of the Internet pre-2000. Fun times, and kudos to you if you are a PoC || GTFO contributor/publisher and reading this.
fifnir 367 days ago [-]
WCoG||GTFO (Working Code on GitHub)
zellyn 367 days ago [-]
Apparently, the PDF is _also_ it's own git repo. (This is normal for POC||GTFO.)
TeMPOraL 367 days ago [-]
Not the main PDF. If you unzip (!) the main PDF, you get the copy of the "Git as PDF" article in its own separate file (PDFGitPolyglot.pdf), and that latter file you can use as a git repo.

  $ git clone PDFGitPolyglot.pdf testrepo
  Cloning into 'testrepo'...
  Receiving objects: 100% (432/432), 622.40 KiB | 0 bytes/s, done.
  Resolving deltas: 100% (270/270), done.
Within the repo you can find the raw PDF, and all the source files for that PDF (including .tex article) and scripts for turning it into a git repo.
AckSyn 367 days ago [-]
I've never seen this done before, and I'm in awe.
CiPHPerCoder 367 days ago [-]
When zellyn said this is normal for PoC||GTFO, they weren't kidding.

https://www.alchemistowl.org/pocorgtfo/ (Click "Spoiler" for some of the old ones)

michaf 367 days ago [-]
If you are interested in polyglot files like this, have a look at the work of [0] (who was probably directly involved in this particular release).

[0] https://twitter.com/angealbertini

pierrebai 367 days ago [-]
This is all impressive, but the PDF format is what makes all the magic possible. Among its features that make such a thing easily achievable:

- The relevant table-of-content of its data is located at the end, unlike most other file format. (You can put it near the begnning too, known as "optimized PDF" to make displaying the first page faster when downloading sequentially.)

- The PDF format is, surprisingly, text with embeeded byte streams which can contain any data.

- It does require a !PDF marker near the beginning, but it doesn't need to be first.

- It support natively ZIP compression, so embedding a ZIP inside is easy.

- ZIP allows "cheating" by not really compressing data, thus allowing data verbatim and allowing large chunks of arbitrary data, as long as you can control the first few bytes.

With these technical freedom, building a PDF that look like multiple file format is more accessible.

sp332 367 days ago [-]
I think each issue does include the relevant source code. So if you have the PDF file and are reading about the code, you already have the code available and you don't need GitHub.
gcb0 367 days ago [-]
why the free advertisement? bitbucket and others are also pretty good.
philh 367 days ago [-]
(0x15 suggests the 21st or 22nd issue, but the intro says it's only the sixteenth.)

edit: title's been fixed, this is no longer relevant

ESultanik 367 days ago [-]
We number with BCD in honor of the HP48 calculator's floating point implementation, which matches decimal rounding errors. 0x0A, &c., are reserved for special issues in the future ;-)
my_ghola 367 days ago [-]
If there was an issue 0x0, would it be the First issue or the Zeroth issue?
philipov 367 days ago [-]
When they thought of the name, I wonder if any thought was given to the alternate reading of PoC as "People of Color"
CiPHPerCoder 367 days ago [-]
PoC has stood for "Proof of Concept" for a long time, so probably not.

It is amusing to read it as "People of Color || GTFO" as a statement demanding racial equality in companies' hiring practices.

sillysaurus3 367 days ago [-]
There's actually a way to get that. Use work-hire tests.

Work hire tests are anonymous and unbiased. Either candidates can do the work, or they can't.

You have to set it up so that the work-hire test is all that matters, though, which ~nobody does.

jnty 367 days ago [-]
They're not necessarily unbiased or even anonymous (in a meaningful way). The problem which is set might somehow favour applicants from certain backgrounds. The language used might be unnecessarily complex or use local idioms. The comments and variable names might betray the candidate as a non-native (but perfectly proficient) English speaker. If the candidate uses company hardware, the keyboard may be set to a different layout to what the candidate is used to.

There are lots of ways any test which (ostensibly) aims to test raw ability can be very biased indeed. A lecturer of mine once told a story about a horrible experience he had during an exam trying to whisper an explanation of the rules of Checkers to a student who was from a country where the game was rarely played - the possibility hadn't even crossed his mind.

Declaring the interview style you use as "unbiased" from the start seems like a great way to get complacent and have large amounts of bias creep in unnoticed.

sillysaurus3 367 days ago [-]
What are some ways to counter this effect?
tbrownaw 367 days ago [-]
Be intimately familiar with, and fully accepting of and comfortable with, every culture that applicants may potentially come from.

Or, explicitly require / assume that all applicants be fully familiar with your culture.

Or, define an industry standard artificial culture - whether implicit or explicit - and require everyone on both sides to be familiar with it. This could include things like suits and golf for execs, hoodies and beer for techies, social justice activism for webdevs, etc...

jnty 366 days ago [-]
I'm hardly an expert, though I'd probably suggest focusing on avoiding the four pitfalls I mentioned. Like any hard process, it involves working hard to achieve gradual improvement, learning from others where appropriate.

However, I can guarantee that resting on your laurels and calling your process "unbiased" from the start won't work.

wmil 366 days ago [-]
That can get you in trouble.

Under US labour law, any test where minority candidates don't pass at four-fifths the rate of others is presumed to be racially biased unless proven otherwise in court.

Judges don't have to study stats and end up writing most of these laws.


noonespecial 367 days ago [-]
Your test may work perfectly and prove that the only people who can "do the work" within your company's structure are a narrow demographic of $current_majority.

If your company structure/culture is broken your "unbiased" test probably will be too.

door 367 days ago [-]
except not everyone has the time or interest to do a ton of unpaid work for companies they're applying to
CiPHPerCoder 367 days ago [-]
> a ton of unpaid work for companies they're applying to

Okay, that's a logistical objection to work-sample tests, which is easily rebutted with, "Simply don't assign _a ton_ of unpaid work" to your candidates.

The process we use for hiring software developers at my current employer:

  1. Clone this git repository.
  2. Build a trivial feature (e.g. adding a search feature to an
     existing blog platform).
  3. Send a patch or pull request.
Everyone who's being considered gets the same task, and we base our decision off of several factors: Did they implement a working solution? How much new code did they need to create (knowing that the framework does 99% of this already, and is documented)? If so, did they write unit-testable code? Did they write unit tests? Did they find any of the intentional vulnerabilities?

It should, realistically, take most people 2-3 hours at most to complete this task successfully. If they're familiar with PHP development, probably 15-20 minutes. Furthermore, it can be completed at their leisure.

If that seems unreasonable, contrast it with the cost of taking a day off work to get dressed up and perform an in-person interview during business hours with complete strangers who are scrutinizing you for fitness, with a very high chance of not getting accepted.

The burden of work-sample tests shouldn't be on candidates; the burden should lie with the company to ensure they're collecting objective facts about candidates rather than making subjective decisions.

CiPHPerCoder 367 days ago [-]
I'm familiar with tptacek's writing. :)

This will get off-topic quickly, if we allow it to.

sillysaurus3 367 days ago [-]
In situations where a subthread is already off-topic and destined for the bottom, I try to make a substantive contribution. It's possible to pull out some interesting conversation even from the dregs.

It's true that it grows the subthread, but the [-] button exists now.

emodendroket 367 days ago [-]
I am probably not the only person who assumed that was what it was.
367 days ago [-]
SideburnsOfDoom 367 days ago [-]
People with no background in programming, maths or engineering might treat the vertical bars as mere embellishments and read it as a racist slogan.
CiPHPerCoder 367 days ago [-]
The solution to ignorance is education.

Even if someone refuses to learn, educate everyone around them and let social pressure either break their stubbornness or isolate them.

Bakary 367 days ago [-]
>Even if someone refuses to learn, educate everyone around them and let social pressure either break their stubbornness or isolate them.

Out of context this is a very ominous sentence.

CiPHPerCoder 367 days ago [-]
Hah, I suppose it is! But sadly, it's the only effective solution I've found for dealing with e.g. actual Nazis that tried to encroach on my social circle.
SideburnsOfDoom 367 days ago [-]
I'm not quite sure how you get from "this can be misread" to "break their stubbornness or isolate them". Are people who might be put off by the title "stubborn"?
CiPHPerCoder 367 days ago [-]
I was talking about the intentional racists.
SideburnsOfDoom 367 days ago [-]
I see, I had only thought of it in terms of people who might be put off. Those who actually open the book would soon realise that it's not that meaning.

Fortunately, there are no intentional racists in that title.

CiPHPerCoder 367 days ago [-]
My coffee isn't working today, so I apologize if I'm off-point with my communication.
wpietri 367 days ago [-]
Its use for "people of color" goes back to at least 2004: http://www.urbandictionary.com/define.php?term=poc
moyix 367 days ago [-]
The use of the term Proof of Concept goes back to at least 1984: https://en.wikipedia.org/wiki/Proof_of_concept#Usage_history

I'm less clear on when PoC came into vogue, but I think it was likely in the 90s.

Edit: Actually, reading more carefully, you can find "proof of concept" at least as far back as 1967.

TeMPOraL 367 days ago [-]
Different communities, different dialects. I suppose this journal doesn't come from the community that would read "PoC" as "People of Color".
jameskegel 367 days ago [-]
I think Proof of Concept predates your genre of terminology
emodendroket 367 days ago [-]
The oldest sense of a term is not necessarily the predominant one; nobody is going to read "moron" or "imbecile" and think of clinical terms today.
CiPHPerCoder 367 days ago [-]
> nobody

Well, almost nobody, because that's what I think of when people use these terms to degrade others.

emodendroket 367 days ago [-]
While I presume you mean to say that you think that people who go around calling others morons are the real morons, you've written it in a way that suggests you think such a thing is linked to clinical mental retardation.
367 days ago [-]
tomc1985 367 days ago [-]
I don't get these people that would block the title of a publication because one possible definition might be construed as rascist.

If anything it describes a certain hegemony by these disaffected groups as they slowly claw more and more of language as their own...

367 days ago [-]
ESultanik 367 days ago [-]
In the context of the publication, "PoC" additionally stands for "Pictures of Cats". https://twitter.com/fbz/status/876554986569711616
chriswarbo 367 days ago [-]
I have to say I've never come across that usage of "PoC" before. "Proof of concept" and "piece of crap" I have.
fao_ 367 days ago [-]
I spend a lot of time in the communities where PoC is in active usage of that, and I didn't read it as that :)

I guess it's in a different mental context...

coldtea 367 days ago [-]
POC is used so little as "people of color" that it's not even in the most promoted uses in the Wikipedia lemma:


Bakary 367 days ago [-]
I've seen it frequently used on American websites, and on numerous articles submitted to HN (social issues in the US being a frequent topic of inquiry)

I don't think it's surprising that people would read it that way.

Retra 367 days ago [-]
Sure, but it would be surprising to read any uncommon acronym out of context and presume knowledge of what it means.
367 days ago [-]
module0000 367 days ago [-]
Did anyone else read PoC as point of control? The IT seems to be draining out of my immediate mindset.

edit: added link to what I thought PoC was in this context: https://marketdelta.com/how-to-plot-and-trade-naked-pocs-poi...

loopbit 367 days ago [-]
"Trade naked PoCs"... Not sure exactly what it is but it sounds dirty.


module0000 364 days ago [-]
Naked PoC's mean that if there was a particular price in a stock/future/whatever that had more volume done at it than any other price for the day...it's "naked" the next day until the price returns to it.

EG... if today APPL traded at $105 for more shares than any other price, and tomorrow the price is $106, we would say the naked PoC is $105 until it was revisited.