Dan Bradbury

Oregon Duck Software Engineer / Breaker of things / Player of Games

Twitter Gaming: Tweepi.com Functionality Rip

There are plenty of twitter management tools out that will help automate / manage your twitter account for a few bucks a month.

While most products don’t add too much value I’ve found some particular features on Tweepi.com that have been pretty helpful. In particular there’s a stat called Follower Ratio which lets you know how likely a user is to follow you back; > 80% is a user thats probably worth following (and unfollowing later once we have a healthy count..will lose some followers from bot automation but majority of real users won’t unfollow back)

When using the free version of the site there is a tool that allows us to search up to 25 users using a comma seperated list. This definitely looks like a tasty target and upon checking the network tab we can see a clean POST with easily understood params and response. A test response is shown below

We can see from the response below that calculating Follower Ratio is as easy as followers_count/friends_count is all we need to process a user object in our script.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
POST https://tweepi.com/data/get_users_pp/follow_by_copy_paste.json
....

RESPONSE:
{
   "total":1,
   "page_size":20,
   "users":[
      {
         "user_id":"*****",
         "screen_name":"*************",
         "location":"",
         "full_name":"*************",
         "last_tweet_time":"1969-12-31 16:00:00 -0800", // cute
         "followers_count":1,
         "friends_count":89,
         "statuses_count":0,
         "profile_img_url":"\/\/abs.twimg.com\/sticky\/default_profile_images\/default_profile_normal.png",
         "is_verified":false,
         "utc_offset":null,
         "bio":"it's hi astonishing ocean blue eyes that iadore the most but it's his contagious bright smile that transforms my orrowful frown into something joyous",
         "url":"",
         "lang":"en",
         "is_protected":false,
         "member_since":"2017-09-06 05:02:47 -0700",
         "listed_count":0,
         "favourites_count":0,
         "default_profile":true,
         "default_profile_image":true,
         "geo_enabled":false,
         "ui_last_updated":"2018-01-01 12:36:23 -0800",
         "is_follower":false,
         "is_friend":false,
         "follower_or_following":" ",
         "history_date":"2000-01-01 00:00:00 +0000",
         "is_safelisted":false,
         "tag_names":[

         ],
         "tag_dates":[

         ]
      }
   ]
}

As long as we can replay this request then we should be able to come up with a clever way to “smart follow” with a handy javascript snippet…

Building the Request for Replay

And a little bit of request fiddling as we figure out what headers are necessary we go from..

1
2
3
4
5
6
7
8
9
10
11
12
13
import requests
response = requests.post("https://tweepi.com/data/get_users_pp/follow_by_copy_paste.json",params={"userSnList":"foo","offset":0,"limit":25}, 
headers={
"X-Authorization": "ZnJlZTpncmlkLmZvbGxvd0J5Q29weVBhc3RlOjk0NjM0Mjg0MzYwMTI0ODI2MQ==",
"X-Requested-With": "angular",
"X-Tab-Id": "7166",
"Content-Type": "application/json;charset=utf-8",
"Accept-Language": "en-US,en;q=0.5",
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, deflate, br",
"Cookie": "c111990290-79992ic=c232338-43784-319745; c111990290-280953ic=c232338-43784-574953; tr2=1; tweepiapp=slqi3ldt8upm8oitf17eke44k2; kvcd=1514838972500; km_ai=G8OrOVIF0YFYftSnBsF7Qgi8aoM%3D; km_lv=x; km_vs=1"
})
response.content

to

1
2
3
4
5
6
7
import requests
response = requests.post("https://tweepi.com/data/get_users_pp/follow_by_copy_paste.json",params={"userSnList":"tonishabusch281","offset":0,"limit":20}, 
headers={
"X-Authorization": "ZnJlZTpncmlkLmZvbGxvd0J5Q29weVBhc3RlOjk0NjM0Mjg0MzYwMTI0ODI2MQ==",
"Cookie": "tr2=1; tweepiapp=slqi3ldt8upm8oitf17eke44k2;"
})
response.content

and we now can have some fun

Creating Twitter User Check List

The first thing is to get a list of potential users that we would want to follow. We can use the follower page from accounts that are well established. Since we don’t want to scroll for days let’s use a simple scroll function that we can turn off / control with the conditional. Once we have all the user nodes loaded we can run the second chunk of code to build a comma seperated user list that we will use in our python script; you’ll notice a copyToClipboard function at the end which allows us to easily select the entire list since console.log is disabled on Twitter and returns will be truncated.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
// scroll until we see all users
var count = 0;
function st(){
  $("html, body").animate({ scrollTop: $(document).height() }, "fast");
  if(count < 2000) {
    count += 1;
    setTimeout(st, 500);
  }
}
st()
// then set count=999999

// XXX: done since console.log is taken over.. cute but not going to stop us
// create a div element and append twitter names to it (formatted for copy pasta in script above)
document.body.innerHTML += '<div id="userlist"></div>';
var eles = document.querySelectorAll('b.u-linkComplex-target');
for(var i=4; i<eles.length-5;i++) {
  document.getElementById('userlist').innerHTML += eles[i].innerHTML+',';
}

// console should print out the goodies when exiting the for loop but just in case
// never occured to me that something so simple would do the trick :D
// https://stackoverflow.com/questions/400212/how-do-i-copy-to-the-clipboard-in-javascript
function copyToClipboard(text) {
  window.prompt("Copy to clipboard: Ctrl+C, Enter", text);
}
copyToClipboard(document.getElementById('userlist').innerHTML)

and it works like a charm! 🎉

From there it’s time to use that user list inside a python script that will allow us to slam that endpoint as a free user. Since I don’t have a premium account there’s a limit of 25 users per bulk update, 500 for premium users.. maybe we can get around this somehow… but for now the script does the trick. In addition to updating the list we will most likely need to get a new valid tweepi session which will require us to change the tweepiapp value in the Cookie header.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
import requests
import time
import json

def chunks(l, n):
    for i in range(0, len(l), n):
        yield l[i:i + n]

n = "INSERT_COPY_HERE"
names = n.split(',')      
split_names = list(chunks(names, 25))
  
count = 0
high_prop_users = [] # will use this to store "valuable" users
# XXX: why manage valid array index when you can try catch all the things... terrible terrible terrible but whatever im tired
try:
  while True:
      name_list = ','.join(str(x) for x in split_names[count])
      response = requests.post("https://tweepi.com/data/get_users_pp/follow_by_copy_paste.json",params={"userSnList": name_list,"offset":0,"limit":25},
      headers={
          "X-Authorization": "ZnJlZTpncmlkLmZvbGxvd0J5Q29weVBhc3RlOjk0NjM0Mjg0MzYwMTI0ODI2MQ==",
          "Cookie": "tr2=1; tweepiapp=7tk8us7lj933i743l4mos51q10;"
      })
      if '!doctype html' in str(response.content):
          print('TRY AGAIN')
      else:
          parsed_response = json.loads(response.content)
          users_info = parsed_response['users']
          for user in users_info:
              follow_ratio = user['followers_count']/user['friends_count']
              if follow_ratio > 0.8:
                  high_prop_users.append(user['screen_name'])
                  print('INSERTED')
          time.sleep(2)
      print('-----------------------------------------')
except:
  print(high_prop_users)
  exit(0)

Now that we have our final list of users we want to follow we just need another Javascript snippet to properly follow all those users.

Im sure there’s a better way to manage the parent search with jquery but it’s good enough for me / twitter since this is unlikely to change during the usefullness of this script (if it does it wont work and it’ll be an obvious fix). You may notice a strange id assignment at the beginning, this is to ensure that our simple for look can do something like lookup with getElementById and go from that base element to get anything else we might need..

1
2
3
4
5
6
7
8
9
10
11
12
// assign id to twitter handle for easy access using the list we built up
var names = document.querySelectorAll('.u-linkComplex-target')
for(var i=4;i<names.length-5;i++) {
  names[i].id = names[i].innerHTML.trimLeft(); // important to trim the random spacing in the div..
}

// follow everyone in our magic list
st = ['**', ..., '**']
for(var i=0;i<st.length-1;i++) {
  // sitting in console with a beer is definitely the best way to do this..
  $($(document.getElementById(st[i])).parent().parent().parent().parent().siblings()[1]).find('.user-actions-follow-button').click();
}

Using those 2 Javascript snipped and the hacky Python script we can succssfully re-create the functionality that Tweepi wants us to pay $9.99 a month for.

Bioshock: Infinite Review

The initial introduction to the underwater dystopian society of Rapture in the original Bioshock was something that I recommend every real gamer experience (even if you aren’t an FPS kind of person). The familiar themes of authoritarian rule and dark despair from the previous 2 installments make a return and should be a pleasant reminder of the previous roller coaster rides we’ve taken before.. Nostalgically remembering Atlas… if you don’t get that you should seriously sit down and play the first game (wait for Steam sale and buy all 3 games w/ remastered versions for < $15)

Alright so it’s probably not fair to assume that everyone has played the previous games but luckily the majority of the gameplay doesn’t require any previous series knowledge to enjoy. The change from the enclosed spaces of Rapture to the limitless freedom of the skies of Columbia is a welcome and creative change. The introduction of the Skyhook is the main way to harness some of that open space and feels great when it can be properly utilized in a consequential battle. Unfortunately for all the fun the new mechanics introduced they do get stale pretty quickly and for the most part are completely unnecessary to accomplishing the task of dispatching waves of baddies.. (1)Flying around on a Skyhook loop while you pick off the hordes of enemies slowly without taking a scary amount of damage feels lame just to move on to the next segment. (2) Having Elizabeth’s animation to throw you Ammo/Salts/Health during battle felt amazing the first few times but after learning to exploit the throws; wait till low ammo for toss to maximize shooting time + know she can throw that thing from anywhere (she will teleport for you so don’t stress). For 80% of the game you won’t run into these annoyances (resources are good, no real advantage on Skyhook, no buggy Elizabeth) but it cannot be ignored or missed in a playthrough (maybe I’m the only one that was bothered by this on both my runs of the game).

For the most part the sequenced fights are well planned and force the player to think about cover and how they will use their various Vigors to overcome the reasonable challenge. There are other times when the “ambush” is obviously planned and it feels like you are just doing a dance to kill 3 waves before you can open the next door to do the same thing. While predictable fights and AI funnelling does occur from time to time these occasions are in the minority to the meaningful fights where a pack of Patriots shows up and presents a welcome last annoyance before you can get on a gondola to the next section of Columbia. Combat consists of a combination of using Vigors and guns to dispatch of enemies in whichever way you see fit; I ignored the pistol and leveled up my shotgun, machine guns and sniper while maxing out salts and abusing crows, soul steal and lightning on machines. The option to take combat in whichever direction you want with various Vigor upgrades along with Armor, Health, and Salt upgrades found along the way is well executed and is one of the main reason one would come back for a second / third playthrough. The one gripe I have with the RPG-lite-esque combat system is that the entire clothing upgrades felt entirely pointless to change along the way, juggling the various outfits that gave additional combat effects seemed really awesome but in reality it feels like a cumbersome addition that isn’t even worth paying attention to.

The storyline follows along the lines of a dystopian society that hails a demigod and his family. Playing as Booker DeWitt we are responsible for rescuing the princess from her captures at all costs. Without giving anything away (just in case) our damsel in distress is a young girl named Elizabeth who can open rifts into other dimensions, justifying her isolation and protection by a massive songbird. As you can imagine the story plays with themes of freedom and imprisonment, which is particularly interesting given the idea that Columbia has seceded from the United States right after the abolition and obviously wasn’t too happy with that Lincoln guy. While the story is nothing spectacular it delivers an engaging world that feels worth exploring and trying to better understand through the audio diaries scattered.

In reality when the game is at its best (the majority of the time) it shines bright but there always seems to be some lingering blemish that prevents the game from being a true masterpiece. While I wanted to get lost in the beauty and creativity of the circa 1900 American secessionist city of Columbia, the game constantly trips over itself with the inconsequential mechanic or monotonous fight that tend to feel like nothing more than filler.

Overall a worthwhile experience with a few hiccups that prevent it from being a true classic on its own. Expect a remastered version to be released in a few years.

4/5

Reverse Engineering ‘Product Catalog’

Recently I’ve been looking at an application that has some data that I’d like to scrape and use/format for my own selfish desires. The application we are targeting is on iOS + Android so I went through the usual flow on my iPhone - mitmproxy - no good. traffic must be SSL / non-HTTP. Android cert-pinning stops app on init - wireshark w/ rvictl on iOS device - SSL traffic pulling initial data catalog / no API fetches once app is initialized (sqlite init)

After getting blocked and giving up for about a month I decided to root my OG Nvidia Shield and dig a little deeper..

Digging Deeper

Prereqs

Root phone -> Install Xposed Framework -> Download [Inspeckage] Module -> Get Started

My initial hope was that Inspeckage would solve all my problems and I wouldnt have to dig too much into Xposed but in the ended up being the launching pad to the golden catalog.

After turning on Inspeckage and letting the app boot up for the first time we can see a few things. (1) https traffic, (2) files created zip/certs/js+img assets. I was hoping the SQLite tab would light up and we could query against .db file immediately but that would be too easy

Ripping things apart

Before getting into the .apk I figured it would be worthwhile to see what was stored on my device adb shell && cd /data/data/com.package.name/ and… explore!

The main thing I was looking for here was something in the databases/ or files/ directories. Luckily we were able to spot a TARGET.db within files/databases but it was definitely encrypted (dreaded “file is encrypted or not a database” when querying)

Remember that if the app is not debuggable you won’t be able to adb pull /pathtoDBFile.db instead you’ll have to adb shell && su && mkdir /sdcard/data && cp /pathoDBFile /sdcard/data and then pull that file

Inspeckage has the handy download .apk so there’s a few things we can do here (starting with the most obvious) - unzip it and take a look at what we’ve got

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
dan@dan-MacBookPro:~/riperino$ unzip og.apk
Archive:  og.apk
  inflating: META-INF/MANIFEST.MF
  inflating: META-INF/CATEXTKY.SF
  inflating: META-INF/CATEXTKY.RSA
  inflating: AndroidManifest.xml
  inflating: assets/_where-is-www.txt
  ...
 extracting: assets/icudt46l.zip
 extracting: assets/www/assets/
 .... a ton of assets (selected some potential highlights)
  inflating: assets/www/config/config.json
  inflating: assets/www/cordova.js
  inflating: assets/www/css/bootstrap/
  inflating: assets/www/js/
 extracting: res/drawable/icon.png
  inflating: res/xml/config.xml
 extracting: resources.arsc
  inflating: classes.dex
...
  inflating: lib/armeabi/libsqlcipher.so
  inflating: lib/armeabi-v7a/libsqlcipher.so
  inflating: lib/x86/libsqlcipher.so

From looking at the contents we can tell the basic structure but we are mostly interested in a few files - libsqlcipher.so & assets/icudt46l.zip (interesting fallback zip for sqlcipher..possible fun attack vector) - classes.dex (exactly what it says)

This confirms our hunch about SQLite and explains the missing contents from the SQLite tab while using Inspeckage. Now the hope is that classes.dex reveals something blatantly obvious..

Reading some code

There are quite a few tools for digging into the contents of that .dex file but I’ll go over my comfortable flow (unnecessary .dex -> .jar step with tools like Bytecode Viewer but the extra step does provide some extra possibilities if we really need to build a custom apk)

Using the dex2jar toolkit we can use the classic d2j-dex2jar to give us the handy .class files zipped to .jar (while not perfect this is almost always “good enough” for what we need)

After creating the .jar its time to pop open Java Decompiler and dig into the package in question.. And after a little while we run into this section of code (masterKey makes us happy and definitely worth hooking into?)

After reading the docs for getReadableDatabase) it’s clear that’s indeed the SQLite password and if the developer also followed the documentation they would also have called createAndGetDBPath which would serve as the initialization.. Lo and behold the DBHelper.class implements that class and we can add a hook to ensure we catch the key when we reboot the app

Hooking and Winning

Without getting too tangential Xposed is great and the documentation is outstanding for anyone interesting in getting started. If the development tutorial is not enough the content online was more than enough to clear up any potential blockers.

1
2
3
4
5
6
7
8
9
10
11
12
13
public class Main implements IXposedHookLoadPackage {
    public void handleLoadPackage(final LoadPackageParam lpparam) throws Throwable {
        findAndHookMethod("com.****.core.db.DBHelper", lpparam.classLoader, "createAndGetDBPath", Context.class, String.class, new XC_MethodHook() {
            @Override
            protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                XposedBridge.log("Hooked em': DBHelper#createAndGetDBPath ");
                XposedBridge.log("----------------------------------------");
                XposedBridge.log(param.args[1].toString());
                XposedBridge.log("----------------------------------------");
            }
        });
    }
}

We load our hook module, reboot our device and when we rerun the app we see something beautiful in the logs

1
2
3
4
Hooked em': DBHelper#createAndGetDBPath
----------------------------------------
base64masterKey== (totally legit..)
----------------------------------------

Now I should be able to

1
2
3
Sqlcipher rippedDB.db
PRAGMA key=”base64masterKey==”
.tables

And get something other than file is encrypted or not a database. Unfortunately this didn’t work on my machine and I thought I was getting juked out and went to bed.

After thinking about questions like these (1, 2, 3) all night + the following day of family time it became clear versions must be the issue in my case. After figuring out the difference between Commercial and Community it became clear this was just a time save and the same version was being used for both and the commercial folks were just given the latest binaries without having to work for them. Since we have some compatriots who dont like working much either I ran brew install sqlcipher and of course things just worked..

1
2
Mac - 3.15.2
Ubuntu 16.04 - 3.8.6

As an additional aside there are some open source “sqlbrowser applications” that have sqlcipher as a feature but dont do a great job revealing the versioning. Just build community versions as they are released and things should be fine / bank on everyone being on commercial and brew updating at the same time :D

Upon using the correct version we see a beautiful table list and can query to our heart’s content.

Retro

The entire sqlcipher seems incredibly trivial given the release strategy and knowing what we know about hooking. The fact that the key is going to be passed around no matter what makes things quite easy unless some additional precautions are taken but unfortunately it just moves the problem a step deeper. In the end the Android SQLDatabase methods are going to used and we can hook them no matter how many Proxys/Helpers are introduced to the codebase. After digging further into the Xposed modules someone wrote a generalized hook that looks for the specific sqlcipher native package to hook into.. This seems to reinforce my belief that it’s general uselessness but there must be a reason big companies are giving them money (other than the desire to avoid building it themselves)

Ixalan Draft #1

Black/Blue/White Deck

Didnt realize I messed up mana until I got home.. would have preferred a 664

  • 7 Swamp
  • 6 Island
  • 3 Plains
  • Ixalans Binding
  • Slash of Talons
  • Cancel
  • Spell Pierce
  • 3 One With the Wind
  • 2 Run Aground
  • 2 Depths of Desire
  • Duress
  • 2 Call to the Feast
  • Deadeye Plunderers
  • Anointed Deacon
  • Desperate Castaways
  • Wanted Scoundrels
  • Seekers Squire
  • Kinjallis Caller
  • Shining Aerosaur
  • Paladin of the Bloodstained
  • Prosperous Pirates
  • Sailor of Means
  • Shipwreck Looter

sideboard

  • Charging Monstrosaur
  • Dire Fleet Captain
  • Kinjallis Caller
  • Gilded Sentinel
  • Lookouts Dispersal
  • Queens Commission

This is the deck that I boxed up when I headed home.. Looking at it now I can see why I lost my last 2 matches

In my first game I ran Charging Monstrosaur (swapped after game for another One With the Wind since it won my the first game..not the best idea to run 3) and the second Kinjallis Caller which was played on turn 1 and proved to be an annoyance for my opponent (swapped for a second Call to the Feast.. not a bad card but wasnt necessary)

I ended up winning both games with a timely Ixalans Binding and One With the Wind which led me into a false sense of security for my next 2 matches (both of which I think I should have won)

Connecting to Wifi on Amtrak

I wrote this post a few months ago when I was stuck on a train and figured I’d publish it before it gets lost forever.

Today I bring you the pain in the ass process I went through to get a really shitty connection on my Amtrak ride

Connecting to the wifi network yields a proper connection (ip assigned & network-manager is happy)… but once you try to go to any page you are stopped..

1
2
3
4
5
dan@dan-MacBookPro:~/Documents$ ping google.com
PING google.com (172.217.6.78) 56(84) bytes of data.
^C
--- google.com ping statistics ---
19 packets transmitted, 0 received, 100% packet loss, time 18143ms

If we go to http://172.217.6.78:80 we will magically be redirected to www.amtrakconnect.com! The login page that failed to popup when the connection was established.

Even if we manually go to the URL your browser may get tripped up and timeout over and over again. While waiting for the browser why not curl that beezy?

A quick curl amtrakconnect.com will yield content so WTF is going on Mr. Browser? You must be getting stuck somewhere

Lets save the contents of that page to a file (!! > weblogin.html) and update any links to be absolute paths so all the php files load properly when we open it locally (we dont care about getting images/stylesheets to load).

To the source!! On first glance it should be pretty obvious that an ajax call is happening and we just need to click on an accept link to verify ourselves after its successful.

And voila we click on the link and are able to use the trash connection for the rest of the train ride.

Turbolinks: Leaving the Abyss

Just trying to do things like

<a href=”#” onclick=”alert(1)”>ZZZ</a>

Expected behavior here?.. Scroll to top of the page right? Not if turbolinks is doing its thang.

From my previous write-ups on Turbolinks (1 2) I was pretty understanding about the inherent behavioural differences for all things links.

If I wasn’t aware of Turbolinks I’d be incredibly confused by this incredibly simple bit of code. This time I was lucky enough to spot the Turbolinks loarder bar attempting to do unnecessary work and knew what the issue was

On top of initial confusion the fact that something like href=”#” doesn’t work according to spec is pretty frustrating and difficult to understand.

If we really want a link what do we do

<button> is your friend. Include Bootstrap and link style that SOB if you really want that link feel.. a bit annoying but easy enough to add to a project and remember class="btn btn-link"

The reason that works is because by default Turbolinks is only looking for <a href> links pointing to the current domain (of course we can turn this off w/ data-no-turbolinks='true'

All this additional knowledge for such little gain is not worth it. I don’t care to remember or reason about how Turbolinks will be handling history or trying to optimize potential page loads. Unless I’m building a single page app that has the same feel across all browsers and devices I’m not interested in the additional complexities.

No disrespect or hating on the idea for Rails 5 to include turbolinks by default; it’s understandable that to remain relevant in the app academy days of development folks are looking to build single page apps that will become the next hot thing.

I am officially on the rails new my_app --skip-turbolinks 🚂 now

Horse’s Hoofs: Sagely Errors

Associated reading: Zhuangzi - Horse’s hoofs

TLDRBWPIKWG; The natural order is pretty chill but some “sagely dudes” threw a wrench in that real quick

## 1: Blindly Following “sagely” advice

Horses can with their hoofs tread on the hoarfrost and snow, and with their hair withstand the wind and cold; they feed on the grass and drink water; they prance with their legs and leap: this is the true nature of horses. Though there were made for them grand towers and large dormitories, they would prefer not to use them. But when Bo-le (arose and) said, ‘I know well how to manage horses,’ (men proceeded) to singe and mark them, to clip their hair, to pare their hoofs, to halter their heads, to bridle them and hobble them, and to confine them in stables and corrals. (When subjected to this treatment), two or three in every ten of them died.

Bo-Mi didn’t actually know shit about horses but he wanted to be the horse master so bad that he continually told plebs that he knew how to take care of these powerful beasts. People saw Mr. Mi riding around town and were like “fuck me I dont care if a few die, as long as I can do that” and naturally pushed the limits and soon 4|5/10 of the horses died but “dude I’m riding a horse” is logic that can’t be argued against..

And yet age after age men have praised Bo-le, saying, ‘He knew well how to manage horses,’ and also the (first) potter and carpenter, saying, ‘They knew well how to deal with clay and wood.’ This is just the error committed by the governors of the world.

What they are saying is we let this happen..

If only humanity had held onto the simplicity of Di for a little while longer

2: The section that’s better than Avatar

..Therefore in the age of perfect virtue men walked along with slow and grave step, and with their looks steadily directed forwards. At that time, on the hills there were no foot-paths, nor excavated passages; on the lakes there were no boats nor dams; all creatures lived in companies; and the places of their settlement were made close to one another. Birds and beasts multiplied to flocks and herds; the grass and trees grew luxuriant and long. In this condition the birds and beasts might be led about without feeling the constraint; the nest of the magpie might be climbed to, and peeped into. Yes, in the age of perfect virtue, men lived in common with birds and beasts, and were on terms of equality with all creatures, as forming one family - how could they know among themselves the distinctions of superior and inferior beings?

Damn Avatar was some deep shit huh? Equality of all creatures existing in nature seems like a pretty reasonable idea but always remember our favorite section from Matthew.. and remember this is a beloved early passage for the youngsters..

Matthew 6:26 Behold the fowls of the air: for they sow not, neither do they reap, nor gather into barns; yet your heavenly Father feedeth them. Are ye not much better than they?

Can’t say I Matthew’s sagely advice sits too well with me

Back to Zhuangzi..This idealistic view of the world of course has to be destroyed by a few sagely guys that think they know whats up..

In that state of pure simplicity, the nature of the people was what it ought to be. But when the sagely men appeared, limping and wheeling about in (the exercise of) benevolence, pressing along and standing on tiptoe in the doing of righteousness, then men universally began to be perplexed. … The cutting and hacking of the raw materials to form vessels was the crime of the skilful workman; the injury done to the characteristics of the Dao in order to the practice of benevolence and righteousness was the error of the sagely men.

When men began to live outside of their natural way they destroyed the Dao in order to pursue less noble goals. Zhuang Zhou recognizes that the damage has already been done and we can’t live in the natural ideal but a pursuit of wu wei is still worth the struggle.

3: Controlling lead to Unforseen Negatives

Horses, when living in the open country, eat the grass, and drink water; when pleased, they intertwine their necks and rub one another; when enraged, they turn back to back and kick one another - this is all that they know to do. But if we put the yoke on their necks, with the moonlike frontlet displayed on all their foreheads, then they know to look slily askance, to curve their necks, to rush viciously, trying to get the bit out of their mouths, and to filch the reins (from their driver); this knowledge of the horse and its ability thus to act the part of a thief is the crime of [the sagely men].

Zhuang Zhou wants us to really think about the natural horse. Where do many negative horse behaviors come from? Do they truly originate from humanity’s attempt manage and control the horses raw power? By controlling the horse has man created more problems? Does the advice of former sages lead to the problems of the world today?

But when the sagely men appeared, with their bendings and stoppings in ceremonies and music to adjust the persons of all, and hanging up their benevolence and righteousness to excite the endeavours of all to reach them, in order to comfort their minds, then the people began to stump and limp about in their love of knowledge, and strove with one another in their pursuit of gain, so that there was no stopping them: this was the error of those sagely men.

While this is a definite over simplification of the creeping in of evils into the world, the importance and danger of false truths about known unknowns should not be underemphasized. Throughout time we should expect more sagely men to appear with answers that greatly simplify and “improve” things; a little skepticism and pursuit of what is most natural is paramount.

Takeaway: The Daoist Natural Ideal

Somethings like the horse’s hoof should be left in its natural state rather than shoed to conform to the unnatural existance we have created and forced on it.

Intercepting iOS Network Traffic on Mac

For the most part you are probably fine just using a solution like mitmproxy (shown here) and sniffing HTTP/S traffic but sometimes there’s a need to go deeper..

When testing an application you may notice something like an in-game chat server “not sending any requests” (w/ mitmproxy) when we are posting a new message to the server / getting messages from other players. Luckily for us we have some better tools to dig into all network activity on the device!

At some point Apple introduced a dev tool called rvictl (Remote Virtual Interface Tool) that allows us to create a seperate network interface for a connected device by providing its UDID. This allows us to use our favorite sniffing tool on the given device :D

Find UDID

Connect your device Open up iTunes, select the device, and copy the UDID (might have to click on serial number to get to it)

Create new interface

1
rvictl -s YOUR_UDID

The command should SUCCEED and you will see your new interface (eg. rvi0)

Sniff away

tcpdump or Wireshark away w/ the new interface and have fun with the extra requests on strange ports :rocket:

Trying to Make Sense of PG&E’s Marketing Campaigns

We are getting close to baseball season and since I try to catch the majority of games that means I get to watch a ton more local advertising!

yay ads!

Last season I was lucky enough to return to Norcal and got to watch the Giants on CSN-Bay Area for the majority of televised games. While watching the the season I saw a ton of PG&E ads; ranging from some lady telling I’m the reason my bill keeps going up and a PG&E rep will come out to help me buy more new enery effiencient appliances to 3 latina high school girls who turned off lights to save the school money. Meaning, they are spending money by the boatload to make a wide range of ads in hopes of propagating the message that PG&E cares about its customers (and employeesRich, and Jannis).

Coincidence that they did this ad push while they were in the final stages of the 2010 San Bruno pipe explosion?

So.. Why is PG&E spending so much(assumed) on marketing focused on employees and community? (we can’t be about the exact budget without tricking someone for the information. But we can get a good sense that its somewhere under the earnings from selling stocks since all ads contain This communication paid for by PG&E shareholders., but I’m no expert so maybe its all free..)

The announcement of that they will be cutting ~450 IT jobs was the big fuck you that explains it all. It may not seem too strange for a large, publically traded company to move jobs overseas to save money but let’s take a look at exactly what PG&E is doing here to move the jobs over.

They (PGE) has hired a consulting firm based out of India called Tata Consultancy Services to manage the replacement of these workers. In order to replace these IT folks Tata is using H1B visas to bring folks over to the states to be trained on how to perform the tasks they will be doing within months. That should be alarming to you

If you don’t know too much about H1B Visas its ok not to be shocked. The idea is that we need a way to keep / allow skilled workers to enter the country and work legally to help push forward innovation where the current US workforce is inadequate. The issue with using these visas is that they are of limited supply and are given out based on lottery. With companies like Tata hoarding H1Bs to use for IT training and job relocation we are effectively removing work from the job pool while using a system designed to strengthen the job marketplace.

PG&E knows what they are doing and calculated that they could do this and minimize the damage by running a PR campaign in the lead up to this event. Expect the $300 million a year in savings to be poured into more marketing campaigns to continue the monopoly that they have going.

Bad actors like PG&E and Tata need to be dealt with before they ruin the entire system for deserving individuals who rely on the program

‘Mediocrity in Movies (Part 1)’

I’ve been trying to make sense of the wave of mediocore movies, games, and music that has been dumped on us lately. This will be part 1 of a series of rants dedicated to mediocrity.

The Question

Why the hell are studios making these trash movies with famous actors and no substance?

Obviously good movies are going to make money, think defining films/classic movies (Dirty Harry, Fast Times at Ridgemont High, insert any movie that you’ll never forget here). But what happens when bad movies start to make money and become repeatable successes in the eyes of the studio execs. Whether you are making a modern classic or a pile of trash like Piranhas 3D it takes money to give the project life (and various degrees of effort).

Since the studio is so powerful in the production of films I want to take a look at a failry young studio that caught my eye while watching the playoffs this weekend. CBS Films. For some reason I was unaware that the monster that is CBS ever had a movie studio that was actively producing films and it took a stupid movie like Partiots Day to alert me to the fact. Since I was watching football on CBS and saw an ad for CBS Films something smelled fishy and I decided to do some wiki-researching

follow the money

CBS Films was founded in 2007 with the goal of producing 4-6 movies, each with a budget of $50 million (big boss says you have a yearly budget of $300 million). If you want to read a more detailed year-by-year summary for the studio the wiki#CompanyHistory does a good job. The TLDR; is they aren’t the best movie studio out there and are looking for help from others who have lead successful ventures like Lionsgate.

Before I get ahead of myself, it’s important to review history and understand that CBS tried out film production before with Cinema Center Films(1967-172). They released films like With Six You Get Eggroll (this is 1968 so you best believe that is a derogatory reference an Asian character who is in a single scene). They did hit a few winners with Snoopy, Come Home (people who love Peanuts do enjoy it) + others like Scrooge and Little Big Man w/ Dustin Hoffman. Checkout the full filmography and see if you recognize any before they closed up shop

Alright now that we know that CBS has been interested in owning a studio for some time we can start to understand why they are making such shitty films every year. I’m fully convinced that CBS is not in the business of making good movies but in it to make profitable films which tends to translates to the sub-par movies they continuously release. For a studio like this with multiple TV networks marketting seems like a sure-fire way to get people to pay up for tickets. This is apparent to anyone who had to watch TV while they were advertising Patriots Day. If this movie makes money it will be an instant-success and the studio will look to repeat the action with another close-to-home act of terror

Even a broken clock is right 2 times a day.

In the case of film studios they occassionally will put out a good movie (not because thats what they do but by being in the right place at the right time + having funds to allow a talented director make a film). So let’s take a look at the full list of movies they’ve made over the past 9 years

Release Date Title Budget Gross(worldwide)
Jan 22, 2010 Extraordinary Measures $30 million $15.1 million
April 23, 2010 The Back-up Plan $35 million $77.5 million
November 24, 2010 Faster $24 million $35.5 million
January 28, 2011 The Mechanic $40 million $51 million
March 4, 2011 Beastly $17 million $28.8 million
February 3, 2012 The Woman in Black $13 million $127.7 million
March 9, 2012 Salmon Fishin in the Yemen $14.5 million $34.6 million
September 7, 2012 The Words $6 million $13.2 million
October 12, 2012 Seven Psychopaths $15 million $23.5 million
March 1, 2013 The Last Exorcism Part II $5 million $15.2 million
May 31, 2013 The Kings of Summer unknown $1.3 million
July 26, 2013 The To Do List $1.5 million $3.9 million
November 1, 2013 Las Vegas $28 million $134.4 million
December 6, 2013 Inside Llewyn Davis $11 million $13 million
April 4, 2014 Afflicted $318,000 $121,200
April 25, 2014 Gambit unknown $14.2 million
August 15, 2014 What If $11 million $7.8 million
September 26, 2014 Pride unknown $16.7 million
February 20, 2015 The Duff $8.5 million $43.5 million
November 13, 2015 Love the Coopers $24 million $41.1 million
March 25, 2016 Get a Job unknown unknown
April 12, 2016 Flight 7500 unknown $2.8 million
August 12, 2016 Hell or High Water $12 million $31 million
October 7, 2016 Middle School: The Worst Years of My Life $8.5 million $20.7 million
December 21, 2016 Patriots Day $45 million We shall see

16/24 movies being profitable seems like they have hit their mark but the remaining were either flops or the studio decided not to release how much the movie cost to make. I assume this is because they spent so much and the movie did so poorly; take a look at Flight 7500, a Sci-Fi/Horror movie with Amy Smart that was barely passable and only made $2.8 million. It was planned for release in 2013 but was pulled and later turned into a on-demand release in 2016. The studios won’t say how much they spent on the film which makes me believe they spent a pretty penny to make a pile of shit. Luckily for CBS Films, any flop that they haven’t over marketted can be turned into a release on Showtime or one of their other movie networks.

pile of trash that CBS fumbled with for 4 years before dumping to on-demand

The most profitable film for the Studio was The Woman in Black which had Daniel Radcliffe in it so every Harry Potter fanboy who could stand a horror film ran to see it around the world. For anyone who saw the movie it wasn’t anything amazing but definitely not a bad movie. A beefy marketing campaign focused on showing Radcliffe’s face as many places as possible helped push a mediocore film into a money making machine for the studio.

After that successful movie the studio remained focused on having recognizable actors in lead rolls for the majority of films they were willing to put their money behind (with the exception of a few failed experiments). For the most part the formula makes money and they continue to make movies with a deep investment in the stars they hire + marketing campaigns to make sure everyone knows Actor X and Y are in Movie ZZZZZZ and the trailer looks good. This exact formula is the rational for making a movie like Patriots Day; it ticks all the boxes of human interest, actor is very recognizable, and its easy to market. So I guess this makes sense for a studio thats all about the money.

My hope is this movie is a complete flop and the studio eventually caves like its predecessor Cinema Center Films. I know its unrealistic to hope for a future where money doesn’t control what gets made but Im optimistic as a consumers we can start sending clear messages that we are tired of this shit storm. I’m hopefull we can get more movies like Fast Time at Ridgemont High that are truly excellent at what they are trying to do. Otherwise we should brace ourselves for the onslaught of mediocraty and be ready for more iterations of Final Destination and whatever marketers know will sell to the general popluation