Pwning coworkers thanks to LaTeX

28 Nov 2016
Writing reports in LaTeX is painful. However, it’s a great occasion to bring joy
to the office and pwn a coworker’s laptop while he’s kindly proofreading your
pentest report.

A few techniques allow the
execution of commands
during the conversion of a .tex file to a PDF with pdflatex. It’s
documented, and the following TeX primitives send commands to the shell:
immediatewrite18{bibtex8 –wolfgang jobname}
input{|bibtex8 –wolfgang jobname}

On Ubuntu 16.04, /usr/share/texmf/web2c/texmf.cnf configuration file controls
the behavior of pdflatex (texlive-base package). Here’s an extract:
% Enable system commands via write18{…}. When enabled fully (set to
% t), obviously insecure. When enabled partially (set to p), only the
% commands listed in shell_escape_commands are allowed. Although this
% is not fully secure either, it is much better, and so useful that we
% enable it for everything but bare tex.
shell_escape = p

% No spaces in this command list.
% The programs listed here are as safe as any we know: they either do
% not write

Slack client for Commodore 64

Slack is great. Many smarter people than me also think that Slack is great. Slack is great because its simple and easier to deal with than emails. With all the time it saves me on emails, I   relax   go the beach   write more code   send messages via Slack instead.

But while Slack might be great, it does not have a great native client for the Commodore 64. In fact, they have no client for Commodore 64 at all!

This is clearly a problem.
Reasoning that “a pull request is better than a complaint”, I’m happy to present the first (and most likely only) Slack client for Commodore 64!

“Team communication for the 21st century” … now backwards compatible with 1985!

The C64 has an extension port called the Userport which, via an adapter, can communicate over RS-232 serial. I connected the Userport to a Raspberry Pi with a artisanal, locally sourced,

Sling begins rolling out cloud DVR beta for Roku users

Cord-cutters are certainly aware of services such as Sling TV and devices like Roku, the latter also being popular even with those who still retain a cable or satellite connection. There are drawbacks to some of this since you can’t record a show you’ll miss, though Sling does allow you to go back and watch what has already aired — on certain channels. Now Sling wants to change all of that, bringing a cloud DVR to its service. The new release is a slow roll out and is beta only. However, the stats on it are promising. There is no… [Continue Reading]

