"dark academia" <- yea my screen going black working with decades-old software made by idiots

O-K so I finally got off Helltime, and now I have the Time to write something I’ve been meaning to: Doki Doki Literature Club prim and proper critique.

Now, you’ve seen me gush about the game, you’ve seen me recommend it to everyone I thought would enjoy it, you’ve seen me go through post-media depression after it, and it is precisely because I enjoyed it so much that I want to do a proper, serious post about it as a piece of media.

This post obviously contains massive spoilers for DDLC. Look away now if you have not read it yet and wish to experience it at full power.

NOW, what is Doki Doki Literature Club? It’s a Visual Novel, but not quite a Visual Novel, I’d say it’s more of a Visual Experience, kind of like a roller coaster. It sure is a read, a short read, but a read nonetheless, but you are not there just for the narrative: The gimmicks and the aesthetic are why you are here. Much like a roller coaster, you also don’t go through it too many times unless you really love it. Aside from the critique, I want to explain why I believe DDLC made amazing use of its medium and choice of narrative to do what it set out to do.

Now, you may say it’s a metanarrative with a heavy emphasis on glitches disguised as a cutesy dating sim, except, you don’t go into it expecting a cutesy dating sim, you go into it knowing something’s funky. The game is honest about it. It has a very serious, very thorough warning right on the get go, and it says to check a specific link to see more in detail. This not only makes it a fair warning, but it also doesn’t spoil anything to those that don’t want to see the warning/don’t need it. That’s a good touch. It’s never disguised, as much as it is stylized as a cutesy dating sim with something lurking within. This is important to note because it’s not a Surprise Genre Change or anything like that: What you get is what was intended for you to know from the get go.

DDLC was never intended as tight narrative, it was always intended to be an experience. It’s definitely not lacking as a narrative, but it’s not deep, either, and I’d say bare bones in some parts. DDLC did not discover the Wheel 2, that is, it’s not a revolutionary read, because it never intended to be a revolutionary read: It was always an experience from the get go. You are not there for the deep, intricate characters, you are there for what is done with the basic characters you get, and with the medium they are presented through. What does this mean? Let’s find out.

The base cast is a very simple selection of tropes we are all familiar with: Sayori, the childhood friend and catalyst as to why the story starts. Yuri, the sweet, loving and yet reclusive and hurt well mannered lady. Natsuki, archetypal tsundere who is very demure and caring past the spicy exterior. Monika, all around ace and role model, good at everything, model student. The characters are nothing new, which, coupled with the previous warning, does raise a few flags immediately: Works with such hard-coded characters and with Something Lurking Within Them tend to be deconstructions or ham fisted parodies that set out to mock these things. An experienced reader will already be on guard.

But, it never goes there.

A lot of things happen in DDLC, but it never once mocks the medium. It never once holds a sign that says “ONLY DUMB VIRGINS PLAY DATING SIMS”, or one that says “THESE BASIC CHARACTERS ARE DUMB AND ONLY FOR LONELY NERDS”. Think about it. It never does. If you thought it did, congrats, that’s your own bias against metanarratives playing you. The closest it gets is Monika saying “You play these kinds of games? Well, that’s weird, but I won’t judge you, haha”. At no point does DDLC actually mock the tropes it employs or the people that enjoy them, it simply uses them to do something unexpected in another way. I really respect this because it’s really easy to just be like “HEHE, THIS IS A PSYCHOLOGICAL HORROR. DID YOU EXPECT CUTE DATING, YOU VIRGIN?”, I legit thought that was going to happen, but it didn’t, and I appreciate it, because I can do without cynicism in every single piece of media I consume, especially metanarratives I enjoy so much.

Now, if it’s not a cruel mockery of tropes and those who peruse them, what DOES DDLC do with its “generic trope” characters? It plays them in two ways, both of which I enjoyed: TOO straight, and then subversively.

What does “TOO straight” mean? In Act 1, towards the end of it, you hear Sayori explain her depression. She doesn’t say “I have depression”, she explains her depression in a scene with dialogue that cut a little too deep in the skin of a lot of readers, myself included. The way she explains it, as someone who works in mental health, and as someone who had depression, is shocking because it’s what actual depression feels like. Ask anyone who has or had it, Sayori’s dialogue cut deep and caused this wave of empathy towards her from a lot of people because she’s unexpectedly realistic in this regard compared to what you usually see in fiction. It is, in fact, a recurring theme with the characters, shown subtly with the meatiest narrative resource it uses: The poems.

A rundown, using information from poems and implications from the girls’ dialogue:

Sayori had suicidal depression. Most of her words in the poem minigame refer to sorrow or suicide.

Yuri’s depression is linked to her immense loneliness, and she copes by cutting.

Natsuki is the most adjusted, but she receives regular beatings from her father, and it is implied that she’s so short compared to the other girls due to malnutrition.

We’ll cover Monika later.

DDLC does not make a mockery of the genre, as much as it injects a lot of realism to it that is alien to the genre and characterization. All these causes of depression, sadly, are very common among teenagers. It’s truly uncomfortable because it hits home.

From Act 2 and on, the characters are played subversively: This is when Monika’s tinkering has begun robbing the game of its stability, and has begun amping the bad aspects of the girls purposefully. The narrative heft here is much lower than in the first part of the game, where the poems were subtle windows; instead, here we are on the other side of the window, and the poems from the first part make sense.  No, the narrative heft is not the star here, from Act 2 and on, you are in the part where The Shit Has Gone Down, and you get to see the slow, slow devolution of these people, as they are aware of it. The files start going nuts, new documents appear in your game files, It’s All Gone To Shit, my dude.

A roller coaster is an apt metaphor for Doki Doki Literature Club: Act 1 is the ascent, where it’s all slow and nice and you are telling the person next to you that this can’t be that bad. Act 2 is when you get to the submit and then go down the super vertical rails of the roller coaster at 600 kilometers per hour, screaming in languages you didn’t even know you knew: That’s when the experience begins.

I need to put emphasis on the word experience. Salvato wasn’t making a meaty narrative with this game, and if you were expecting one, man, sorry, no, Salvato was making an experience, a roller coaster, something you go through, reach the end of, and say “FUCK YEAH”. Act 2 is the roller coaster’s descent.

All I want to say is that I am so very thankful to Salvato for making it an experience without any sort of arrogance. It’s rare for something this meta to not insult the medium it is using. It feels more like he just picked “Cutesy visual novel with this crazy glitchfest is what’s gotta go down” and went with it. That’s not to mention the amazing craft of the whole thing: Renpy is mostly a very basic Visual Novel engine that runs on Python, and easy and serviceable coding language. The shit he pulled in DDLC makes it clear he studied the engine in and out.

So with all this said and done, and my insistence on viewing this as an experience very clear, you might have noticed there’s someone we haven’t talked about.

Yup. That’s the topic we have left.

Just Monika.

Monika is the driving force behind the experience. Monika is the Big Meme. You see Monika where DDLC is mentioned. As of this writing, Monika has more followers in Twitter than Dan Salvato. But see, if you remove the wrapper from the candy, if you look beyond, what is behind Monika.

Not much.

And that’s wholly the point.

Monika is an NPC. Monika was never meant to be a love interest. Monika was the Bro Character that helps you get with the girls and cheers you on. You know who Monika was supposed to be?

Tomoda. Monika was supposed to be this extremely friendly but otherwise hollow nobody in the narrative.

Unfortunately, Monika has grown aware of her status as a fictional character. Monika achieved independence from the narrative, and turned the narrative into an experience. But, see, you can’t just create something from where there was nothing. If you put aside Monika’s obsession for you, you truly are left with nothing. Because that’s all she had in the first place: She existed as the Tomoda that only lives to help you out with the other girls. The was nothing beyond her in the first place. What does this result in? One of the purest Yandere in the latest years, if not the purest. Beyond you, there is nothing in her. Sure, she likes piano, she loves debate, she likes poems, but... There’s nothing inside. There’s nothing in there. What happens when you suddenly thrust conscience, sentience upon something hollow that only has one operative command to “support Person”?

She’ll only have Person to think about, and nothing beyond it.

Monika is not supposed to be a dream wife, she’s a pitiable creature of bites and unrequited love, because it is impossible to love her the way she loves you: To her, you are everything, but to you, she’s the shitter that made all of this happen in this game you picked up to see what was going on. That is fully intended. For her, you are everything she ever thought about for as long as she’s had sentience. For you, she’s that one girl that wasn’t even in the poem minigame and that always mostly hung in the background. 

If anything in this world ever made you think that the experience wanted you to feel anything for her except pity at how justifiably, tragically shallow she is, I have no clue what to tell you.

That’s what’s fascinating about Monika and why I love her character.

Because it’s just that.

It’s Just Monika.

There’s nothing inside. Deleting her is not like when you put a bullet through The Boss’ skull in MGS3, because holy shit, you have grown to understand the suffering and pain of The Boss. Deleting Monika is more akin to finding a grievously wounded dove that you tried your best to nurse back to health, but that is suffering too much and you have to put her out of her misery in order to do her the slightest and only favor you could to her in her short life. This is not interpretative, either: Whenever you close the game and reopen it, she tells you about her nightmares and how it feels like a brief yet eternal, intense, suffocating death: Even in her endgame situation, where supposedly everything is just as she wanted, she’s suffering so much.

The dove thinks you are its savior because you are the only one that tried to help it when both its wings broke. You have to kill the dove out of mercy because even in this state, it will only continue suffering. The dove also didn’t delete three other people.

It’s a pathetic mess.

It’s just Monika.

The other three characters, who you could say are overused tropes, are deeper characters than Monika already. It was always intended, and she never escaped this, even in sentience.

That’s all she ever was meant to be, as an NPC, and as someone who usurped being an NPC. She never could win.

I could adapt DDLC’s experience to the writing style of a Greek tragedy and you would be none the wiser. For Monika, it was always a King Midas situation.

So she’s the final triple horizontal twirls in a roller coaster.

The thing with metanarratives is that you have to be flexible when it comes to reading them. You can’t just throw a tantrum because it lacked something a narrative worth its salt should have; it’s not a narrative, it’s a metanarrative. Some metanarratives will follow more conventional rules, but they don’t have to. Don’t be a sheep for the status quo. This goes especially hard towards experienced readers. Think about Dadaism and its cultural context back in the day

So that’s that. DDLC doesn’t lack clarity of purpose, it’s purpose was always “a cool experience” first and foremost. It’s not that the plot “didn’t go anywhere”, the ‘plot’ went exactly where it had to: To the cool roller coaster triple twirls.

Of course, that is not to say that “ur dumb” if you think it’s a bad piece of media because it lacked those things or anything, I’m just saying “you were looking for fish at the beef steak menu”. Hell, you may even understand a lot of this and still think it could’ve done better with other things. That’s fair, all I am saying is that denouncing the experience for not being a narrative when it never tried to be one is like blaming the fish for not being beef steak. Sometimes you want a novel, sometimes you want a roller coaster. For me, personally, it’s how it played with its medium so wonderfully that made me fall deep in love with it, the files, the documents, the aesthetic... I went in for a roller coaster ride, and I got one.

If you are looking for a meaty, deep narrative with rich characterization and intricate plots, you are not looking for what DDLC has to offer.

If you are looking for a roller coaster, well, I have good news for you: Tickets are free, and I hope you enjoy the ride.

TL;DR: Not a powerful narrative, but a very powerful and fun experience.

Web Design and Development - The Mile-High View

With the speed of change online, it can be tough to consider that not many individuals really keep up with the flood of new technology, frameworks, and acronyms.  Unless you're designing web-related businesses, it is very possible your customers will not have any idea what"constructing a web site" actually involves, or what happens after you are done designing.  

Note:- Then you may click here If You Searching python tutorial  website

In the following guide, I hope to provide you a breakdown of the Internet they can comprehend what goes into a web site apart from Flash or Photoshop which it is possible to point a customer to.

Let us begin with a bit of history.  You'd computer networks before any of the internet malarkey arrived about.  That's to say, folks connected human mainframes (because personal computers did not exist yet) with wires so that they could speak to one another.  

PC's came together so that they could speak and offices began linking the PCs of a building together.  Then something happened: individuals and a different one connected one office system.  Behold and lo, the cornerstone of the Web as we know it had been born.

In its heart, the world wide web is a network of programs.  Typically, that smaller system is the 1-4 computers you have in your home, which connect into the bigger"Internet" system via your router or cable modem or what have you.

There's no"center" of the world wide web, no overarching computer directing all; it is just countless little networks such as the one on your home or office linking together.  There are systems set up to create it so if your computer says"Join me with pc XYZ," it might discover a way to create that link, but these systems (believe TCP/IP, routing, etc.) are too complex to talk about this.

So the Web existed, but the Internet as we know it didn't.  The Web in those times was good for Usenet: email, bulletin boards, and just a couple of things.  Then came Tim Berners-Lee together with his description of a new acronym: HTML.  HyperText Markup Language enabled the very first internet designers (geeky scientists) to make the initial web pages.  

Word / / HTML allows you to provide them a few meaning, although Consider HTML such as formatting in Microsoft Word is there.  HTML enabled page creators to specify their text such as paragraphs, bulleted lists, numbered lists.  Most of all, HTML enabled page founders to connect 1 page to another - that the"HyperText" section of their title - so that related files could be found efficiently.

Like I mentioned earlier, the very first consumers of HTML were unthinkable scientists.  HTML permits them to connect their newspapers, and format the study papers they mentioned.  This was about it plain HTML does not have any actual capability to"personality" a webpage out of identifying what is a paragraph and what's something more technical.  Hence that the Internet was a sea of text, with no single picture in sight.

A couple of decades after, competing for thoughts on how best to provide pages a few designs were merged into one system, CSS.  "Cascading Style Sheets" allow page founders to make their pages prettier by specifying how the"components" of HTML (paragraphs, lists, etc.) ought to be exhibited.  

The webpage founder could state that text also to mention how broad or tall a piece of content must be around the monitor, and paragraphs ought to be crimson, which lists must be bulleted with squares rather than circles.  

Browser manufacturers had inserted this functionality in their programs (such as Netscape Navigator or Internet Explorer) for a little while at this stage, however, CSS did something radical: it split the material to be exhibited in the principles about how to exhibit it.  Using CSS, a designer may write without any modifications, two design sheets which made looks from an HTML page.

And despite the guarantee of CSS, it began badly implemented in several browsers, to ensure what seemed good in, say, Internet Explorer 3 has been completely broken up in Netscape Navigator 4.  So, rather than CSS, many designers (because it was actually possible to"style" a webpage!)  Chosen to use the table capability of HTML to put their own content out.  

The thought was to utilize a site like an Excel spreadsheet - create the rows and columns whatever width and height you require, then fill in each"cell" of this table using a picture, or any text, before you get exactly what you would like.  This contributed to layouts that were nice-looking, but totally and entirely broke HTML's notions. 

In a layout, the HTML does not have any significance whatsoever; what is a table cell.  If the designer you're speaking with keeps telling you that"table-based style" is a poor thing, that is why.  Utilizing HTML along with CSS creates a website that loads quickly and that really has some significance to machines (such as Google!), rather than a spreadsheet.  After all, do compose a post in Excel or you try to create art?

Thus, we have got networks, HTML pages, and CSS stylesheets.  How do they fit together?

If a person needs a website, they buy a domain name.  By Purchasing a domain name, you are given the right to assign the title to a computer anywhere in the world, of your choosing.  A system named DNS ("Domain Name System") informs each the planet's connected networks of in which you pointed that title, so that if somebody's computer says"anybody knows how to access myfavoritesite.com?" , DNS can say"Sure, it is at computer XYZ around."

Computer XYZ, meanwhile, is currently running a program called a Web host.  "Server" is really a fancy title which disturbs people, but it all really means is that pc XYZ is sitting about listening to its own cable for anybody to say"Hey, I want the things for arborwebsolutions.com," and after it hears that, it is going to throw that material over the cable.  

That is exactly what folks mean when they say that you want to purchase"Web hosting" - you want to pay a business to conduct a pc with server applications listening to your domain, and handing out these documents whenever someone asks them. 

You can run your own server directly - lots of geeks do but that more duty than many men and women wish to carry on.  Your monthly fee suggests.  If they are a firm that is hosting worth the money they are paid by that you, at the least.

(Side note: "Servers" are not only for Internet websites.  You will find email servers which sit around listening to individuals to say"Hey!  Get this letter to Jane Doe!".  

You can find file servers, normally in offices, so that sit around waiting for somebody to say"I want that demonstration file from a week"  Server applications are everywhere, and each time you have a pc interaction with a different computer, you are likely talking to a host.)

Back to technologies.  Even though CSS was taking shape, the Internet also saw the growth of CGI, or"Common Gateway Interface," skills.  (Notice this isn't the exact same CGI as in film special effects; that is"Computer Generated Imagery."  There are just so many combinations of 3 letters on the market.)  CGI enabled a developer to write an app that also did things more complex than simply handing someone an HTML document or a CSS sheet and sat on an internet server.  

With CGI, you can complete a"type" - these collections of text boxes which allow you to do things like buy a book on Amazon or log into Facebook - and do anything with that advice about the host - such as notification Joe in stock to bill your card and email you a novel, or even taking you to your home page on Facebook.  CGI is not a"terminology" in itself, it is only a system, and there are scores of programming languages which may talk CGI.

Hand-in-hand using CGI is the usage of databases.  Databases allow a waiter to hold on to this info which you put in these kinds, and CGI can store info or get it needed.  So once you make an account at Amazon, they are holding all your account information. 

Amazon recalls all kinds of info about you by dragging it from the database when you log into.  Databases allow you to do more than simple accounts.  If you used blogging software such as Wordpress! , or some of the dozens of other site types on the market (which includes Facebook status upgrades or Twitter tweets), you have used a database to store your posts. 

 All there is a site currently doing is keeping your posts then pulling the latest ones somebody comes to your site.

So you have heard of elaborate new tools such as PHP, or Ruby on Rails, or Django?  They just variants on the CGI / database thought.  Sure, they are a good deal more complex than this, but it gives you a good notion about exactly what the designer/developer is currently babbling about.

Yep, less or more that is all there is on the internet.  I could return to this, although I have made out a ton of things.  Thus, when you employ a designer to Create a Website from scratch, here is what they doing:

Locate a Proper domain name and purchase it (a question in its own right), and point it to the hosting service;

Require all your articles (you did provide them your articles, right?)  And mark it up 

Compose CSS stylesheets which turn content into a nice-looking site;

Learn some CGI / database items which have to get performed, and put them up (generally called"backend" work).

"That is so easy!"  Some customers will state.  "I could do this myself!"  It is true!  You do not require a permit and that is the way.  However, when people with this mindset begin looking for CSS and HTML, they wind up creating pages which place MySpace. 

Knowing that the tools are not enough-.  Hitting on on a couple of nails with it, and Having a hammer is not sufficient to turn you into a craftsman does not make you a master carpenter.

One last note about Adobe Dreamweaver.  Dreamweaver is a program which helps people write CSS and HTML.  That is it - that the Internet doesn't demand Dreamweaver to function; you may make a whole site in Notepad if you would like, provided that you store the HTML document as".html" along with the CSS document as".css".  

Dreamweaver does make things somewhat easier by allowing you"preview" your website because of your code and kind things wherever you need in that preview but recall the bases of HTML and CSS - text articles on a single side, demonstration on the opposite. 

Dreamweaver has difficulty doing this; the websites it generates using those" visual instruments" find yourself like the spreadsheets I said previously.  Any fantastic designer needs to be able to generate a website that is gorgeous without bothering its ilk or Dreamweaver.  That the design business sees Dreamweaver as a crutch.  

READ MORE..!! Also:- Then you may click here If You Searching download java projects

Also:- Download Free php tutorial Pdf

Effective Bash: I Know It Hurts but Put Your Pipes and Logical Operators at the End of the Line

TL;DR

Despite how nice it looks to have the pipes line up on the left or to see the logical operators at the beginning of what they protect, the backslashes at the end of line are extremely sensitive to what follows them so if you're working in any context other than a rich text editor that knows only to place a single newline after them you'll screw up your ability to copy and paste the text into a terminal safely. It doesn't take long to get used to writing this way and it also works very well interactively.

# Good git ls-files -z | xargs -0 cat | sha256sum # Bad git ls-files -z \ | xargs -0 cat \ | sha256sum # Bad git ls-files -z | xargs -0 cat | sha256sum # Good { cd dir && git sync } || exit # Bad { cd dir \ && git sync } || exit # Bad { cd dir && git sync } || exit

A really nice trick if you're using a sane OS is to construct your example commands interactively at the prompt and then lean on rectangular selection to extract it for your text.

$ { > echo foo > echo bar > echo bat > } | > sed 's|a|charnock|' foo bcharnockr bcharnockt

I write a lot of bash.

Say what you will about it. It's the shell of the world (unless you've gone mad). Being effective in it means that I can accomplish almost anything that's possible to accomplish via the CLI on any system I'm on without access to (many) external tools or languages. It was purpose built to shell out, consume STDIN, construct new commands out of disparate pieces, and continue on. It's a paragon of terseness if that's what you're trying to do. If you're trying to do pretty much anything else, look elsewhere.

I write nearly everything in a terminal emulator in GNU Emacs, from software to blog posts to journal entries. I prefer reading in Emacs as well if only because I have access to all my usual search tools and navigational keys. This means that I'm a bit obsessive about plain text formatting where others let their WYSIWYG editors line wrap for them. I'm especially sensitive to code blocks in documentation like README's and how they're formatted. Most people seem to just wrap their code in a code block and be done with it, trusting that eventually someone will view it in a browser which will take care of the formatting for them.

This is a terrible restriction on where you can view your documentation or your shell scripts and removes your ability to use standard *nix tooling to extract the scripts safely and apply them in a terminal.

Years ago when I was working at a large python startup I was complaining to the Chief Architect about how it was hard to keep my lines under the 120 character limit they imposed because python is whitespace sensitive and I prefer descriptive names for my functions and a function decomposition that follows the *nix/clean code philosophy.

def a_long_descriptive_name(a, b, c): pass def another_even_more_descriptive_name(d, e, f): pass def boy_howdy_can_you_tell_i_was_a_java_dev_and_still_pretty_much_am_QMARK(g, h, i): pass calling_my_functions_all_together(a_long_descriptive_name(1, 1434, 14), another_even_more_descriptive_name("blah", "boo", "foo"), boy_howdy_can_you_tell_i_was_a_java_dev_and_still_pretty_much_am_QMARK(True, False, True))

Madness.

He pointed out that python natively (like, at the parser), supports the idea of list continuation in it's syntax.

x = [1,2,3] y = [1, 2, 3,] x == y # => True

so

def a_long_descriptive_name(a, b, c): pass def another_even_more_descriptive_name(d, e, f): pass def boy_can_you_tell_i_was_a_java_dev_and_still_pretty_much_am_QMARK( g, h, i): pass calling_my_functions_all_together( a_long_descriptive_name(1, 1434, 14), another_even_more_descriptive_name("blah", "boo", "foo"), boy_can_you_tell_i_was_a_java_dev_and_still_pretty_much_am_QMARK( True, False, True))

is totally valid, not altogether unreadable, and requires no \ trickery.

It was recalling this that lead me to the realization that bash has similar parser level support for informing it that you're not quite done typing the command out: control operators. While the definition is useful you can seem them in action in the manual in the Lists of Commands entry.

Specifically, if your command as presented to bash does not end in a newline, &, or ; (and ;; sometimes), bash natively understands that you mean to keep telling it what to do and presents you with your $PS2. To see this in action:

$ { > echo foo > echo bar > echo bat > } | > sed 's|a|charnock|' foo bcharnockr bcharnockt

Other tools have similar behavior:

$ python3 Python 3.7.6 (default, Dec 30 2019, 19:38:28) [Clang 11.0.0 (clang-1100.0.33.16)] on darwin Type "help", "copyright", "credits" or "license" for more information. >>> x=[1,2,3] >>> y=[1, ... 2, ... 3, ... ] >>> x == y True >>> $ irb irb(main):001:0> x=[1,2,3] => [1, 2, 3] irb(main):002:0> y=[1, irb(main):003:1* 2, irb(main):004:1* 3,] => [1, 2, 3] irb(main):005:0> x == y => true irb(main):006:0> user=> (def x [1 2 3]) #'user/x user=> (def y [1 2 3]) #'user/y user=> (= x y) true user=>

As you can see this knowledge is generally useful in most dynamic contexts.

One thing that never occurred to me though is that with proper rectangle selection support (you're using a sane window manager right?) the marriage of this feature with that lets you construct an example at the CLI and then copy/paste it easily into your editor. Look at any of the examples above and you can easily see the rectangle you would extract.

This is yet another reason why why your PS1 should absolutely terminate in a single '^\$', whatever else precedes it. The fact that ruby and python both have their PS2's constructed to be identical in textual length to their PS1 I think is proof enough that I'm not the first person to realize this.

In case you're worried that this will make using your history search or completion facilities harder, don't be. In bash at least (I can't speak to the other interpreters just now), setting the cmdhist shopt tells bash to attempt save the multiline command you entered as a single history entry for later search and execution.

Go forth and script.

Hack.lu 2017 Wrap-Up Day 2

As said yesterday, the second day started very (too?) early… The winner of the first slot was Aaron Zauner who talked about pseudo-random numbers generators. The complete title of the talk was “Because ‘User Random’ isn’t everything: a deep dive into CSPRGNs in Operating Systems & Programming Languages”. He started with an overview of random numbers generators and why we need them. They are used almost everywhere even in the Bash shell where you can use ${RANDOM}.  CSPRNG is also known as RNG or “Random Number Generator”. It is implemented at operating system level via /dev/urandom on Linux on RtlGenRandom() on Windows but also in programming languages. And sometimes, with security issues like CVE-2017-11671 (GCC fails to generate incorrect code for RDRAND/RDSEED. /dev/random & /dev/urandom devices are using really old code! (fro mid-90’s). According to Aaron, it was a pure luck if no major incident arises in the last years. And today? Aaron explained what changed with the kernel 4.2. Then he switched to the different language and how they are implementing random numbers generators. He covered Ruby, Node.js and Erlang. All of them did not implement proper random number generators but he also explained what changed to improve this feature. I was a little bit afraid of the talk at 8AM but it was nice and easy to understand for a crypto talk.

The next talk was “Keynterceptor: Press any key to continue” by Niels van Dijkhuizen. Attacks via HID USB devices are not new. Niels reviewed a timeline with all the well-known attacks from 2005 with the KeyHost USB logger until 207 with the BashBunny. The main problems with those attacks: they need an unlocked computer, some social engineer skills and an Internet connection (most of the time). They are products to protect against these attacks. Basically, they act as a USB firewall: USBProxy, USBGuest, GoodDog, DuckHunt, etc. Those products are Windows tools, for Linux, have a look at GRSecurity. Then Niels explains how own solution which gets rid of all the previous constraints: his implants is inline between the keyboard and the host. It must also have notions of real)time. The rogue device clones itself as a classic HID device (“HP Elite USB Keyboard”) and also adds random delays to fake a real human typing on a keyboard. This allows bypassing the DuckHunt tool. Niels makes a demonstration of his tool. It comes with another device called the “Companion” which has a 3G/4G module that connects to the Keynterceptor via a 433Mhz connection. A nice demo was broadcasted and his devices were available during the coffee break. This is a very nice tool for red teams…

Then, Clement Rouault, Thomas Imbert presented a view into ALPC-RPC.The idea of the talk: how to abuse the UAC feature in Microsoft Windows.They were curious about this feature. How to trigger the UAC manually? Via RPC! A very nice tool to investigate RPC interface is RpcView. Then, they switched to ALPC: what is it and how does ir work. It is a client/server solution. Clients connect to a port and exchange messages that have two parts: the PORT_MESSAGE header and APLC_MESSAGE_ATTRIBUTES. They explained in details how they reverse-engineering the messages and, of course, they discovered vulnerabilities. They were able to build a full RPC client in Python and, with the help of fuzzing techniques, they found bugs: NULL dereference, out-of-bounds access, logic bugs, etc. Based on their research, one CVE was created: CVE-2017-11783.

After the coffee break, a very special talk was scheduled: “The untold stories of Hackers in Detention”. Two hackers came on stage to tell how they were arrested and put in jail. It was a very interesting talk. They explained their personal stories how they were arrested, how it happened (interviews, etc). Also gave some advice: How to behave in jail, what to do and not do, the administrative tasks, etc. This was not recorded and, to respect them, no further details will be provided.

The second keynote was assigned to Ange Albertini: “Infosec and failure”. Ange’s presentation are always a good surprise. You never know how he will design his slides.As he said, his talk is not about “funny” failures. Infosec is typically about winning. The keynote was a suite of facts that prove us that we usually fail to provide good infosec services and pieces of advice, also in the way we communicate to other people. Ange likes retro-gaming and made several comparisons between the gaming and infosec industries. According to him, we should have some retropwning events to play and learn from old exploits. According to Ange, an Infosec crash is coming like the video game industry in 1983 and a new cycle is coming. If was a great keynote with plenty of real facts that we should take care of! Lean, improve, share, don’t be shy, be proactive.

After the lunch, I skipped the second session of lightning talks and got back for “Sigma – Generic Signatures for Log Events” by Thomas Patzke. Let’s talk with logs… When the talk started, my first feeling was “What? Another talk about logs?” but, in fact, it was interesting. The idea behind Sigma is that everybody is looking for a nice way to detect threats but all solutions have different features and syntax. Some example of threats are:

Authentication and accounts (large amount of failed logins, lateral movement, etc.)

Process execution (exec from an unusual location, unknown process relationship, evil hashes, etc…

Windows events

The problem we are facing: there is a lack of standardised format. Here comes Sigma. The goal of this tool is to write use case in YAML files that contain all the details to detect a security issue. Thomas gave some examples like detecting Mimikatz or webshells.

Sigma comes with a generator tool that can generate queries for multiple tools: Splunk, Elasticsearch or Logpoint. This is more complex than expected because field names are different, there are inconsistent file names, etc. In my opinion, Sigma could be useful to write use cases in total independence of any SIEM solution. It is still an ongoing project and, good news, recent versions of ISP can integrate Sigma. A field has been added and a tool exists to generate Sigma rules from MISP data.

The next talk was “SMT Solvers in the IT Security – deobfuscating binary code with logic” by Thaís Moreira Hamasaki. She started with an introduction to CLP or “Constraint Logic Programming”. Applications in infosec can be useful like malware de-obfuscation. Thais explained how to perform malware analysis using CLP. I did not follow more about this talk that was too theoretical for me.

Then, we came back to more practical stuff with Omar Eissa who presented “Network Automation is not your Safe Haven: Protocol Analysis and Vulnerabilities of Autonomic Network”. Omar is working for ERNW and they always provide good content. This time they tested the protocol used by Cisco to provision new routers. The goal is to make a router ready for use in a few minutes without any configuration: the Cisco Autonomic network. It’s a proprietary protocol developed by Cisco. Omar explained how this protocol is working and then how to abuse it. They found several vulnerabilities

CVE-2017-6664: There is no way to protect against malicious nodes within the network

CVE-2017-6665 : Possible to reset of the secure channel

CVE-2017-3849: registrar crash

CVE-2017-3850: DeathKiss – crash with 1 IPv6 packet

The talk had many demos that demonstrated the vulnerabilities above. A very nice talk.

The next speaker was Frank Denis who presented “API design for cryptography”. The idea of the talk started with a simple Google query: “How to encrypt stuff in C”. Frank found plenty of awful replies with many examples that you should never use. Crypto is hard to design but also hard to use. He reviewed several issues in the current crypto libraries then presented libhydrogen which is a library developed to solve all the issues introduced by the other libraries. Crypto is not easy to use and developer don’t read the documentation, they just expect some pieces of code that they can copy/paste. The library presented by Frank is called libhyrogen. You can find the source code here.

Then, Okhin came on stage to give an overview of the encryption VS the law in France. The title of his talk was “WTFRance”. He explained the status of the French law against encryption and tools. Basically, many political people would like to get rid of encryption to better fight crime. It was interesting to learn that France leads the fight against crypto and then push ideas at EU level. Note that he also mentioned several politician names that are “against” encryption.

The next talk was my preferred for this second day: “In Soviet Russia, Vulnerability Finds You” presented by Inbar Raz. Inbar is a regular speaker at hack.lu and proposes always entertaining presentations! This time he came with several examples of interesting he found “by mistake”. Indeed, sometimes, you find interesting stuff by accident. Inbar game several examples like an issue on a taxi reservation website, the security of an airport in Poland or fighting against bots via the Tinder application. For each example, a status was given. It’s sad to see that some of them were unresolved for a while! An excellent talk, I like it!

The last slot was assigned to Jelena Milosevic. Jelena is a nurse but she has also a passion for infosec. Based on her job, she learns interesting stuff from healthcare environments. Her talk was a compilation of mistakes, facts and advice for hospitals and health-related services. We all know that those environments are usually very badly protected. It was, once again, proven by Jelena.

The day ended with the social event and the classic Powerpoint karaoke. Tomorrow, it will start again at 08AM with a very interesting talk…

[The post Hack.lu 2017 Wrap-Up Day 2 has been first published on /dev/random]

from Xavier