Ticket Trick: Hacking companies through their helpdesk

September 22, 2017 by Bramus! Leave a comment

Clever way, unearthed by Inti de Ceukelaire, to getting access to private communications channels (such as Slack) by leveraging the create-by-email feature of issue trackers/the helpdesk of a company.

First target of Init was Gitlab’s Slack channel:

Anyone with a valid @gitlab.com e-mail address can join their Slack team. At the same time, GitLab offers a feature to create issues by e-mail by sending them to a unique @gitlab.com e-mail address.

I tried to join their Slack team using this issue creating email address, just to see what would happen. I then refreshed my issue list and saw the verification e-mails added as an issue to my project:

The freshly added issue contained the magic link needed to join their internal Slack team. I clicked the link to see if it’d actually work — and it did. I was greeted by the list of channels I was able to join.

From there one it’s only a minor thing to dig through the chat history and discover links/usernames/passwords/etc.

The fix is to provide your app users with e-mail addresses using a domain different from your main one (*). Additionally verify all e-mail addresses used to sign up.

How I hacked hundreds of companies through their helpdesk →

(*) The same goes for user hosted content, hence by Github switched from username.github.com to username.github.io domains a few years ago.

Elsewhere , , , Leave a comment

Antarctica, the Confusing Continent

September 21, 2017 by Bramus! Leave a comment

Elsewhere , Leave a comment

Playing with React VR

September 21, 2017 by Bramus! Leave a comment

The folks at Hashrocket have a nice introductory writeup on getting started with the aforementioned React VR.

So if you’ve been doing React or React Native for the past months, you’ll see that React VR is super simple to get started and will let you build exciting 360 experiences.

Starting from the default React VR example scene, they eventually build up to a scene with a rotating object and realistic lighting.

Playing with React VR →

Elsewhere , , , Leave a comment

AUTOMATICA – Robots vs. Music

September 19, 2017 by Bramus! Leave a comment

Nigel Stanford has created an installation sporting industrial robot arms to play a song named “Automatica”

A behind the scenes is also available:

Also worth checking out is his “CYMATICS: Science Vs. Music”

Elsewhere , Leave a comment

Getting Started with the Web Animations API

September 19, 2017 by Bramus! Leave a comment

The Web Animations Api (short WAAPI) tries to combine the power of CSS with the flexibility of Javascript in order to allow complex animation sequences. There are big differences between the WAAPI and for example libraries like GSAP, the biggest one being that the WAAPI is going to provide native browser support without needing to load an external library.

Getting Started with the Web Animations API →

Elsewhere , , Leave a comment

How to make an ARKit app in 5 minutes using React Native

September 19, 2017 by Bramus! Leave a comment

Apple has made ARKit very easy to use, but it still requires quite a lot of efforts to properly set it up and run the first demo, especially for those who are not very familiar with 3D programming. What we are going to show you in this article is, with the help of React Native and react-native-arkit, you can skip the non-trivial setting-ups and will be able to write your AR app in just 5 minutes.

// index.ios.js
import React, { Component } from 'react';
import { AppRegistry, View } from 'react-native';
import { ARKit } from 'react-native-arkit';
export default class App extends Component {
  render() {
    return (
      <View style={{ flex: 1 }}>
        <ARKit
          style={{ flex: 1 }}
          debug // debug mode will show feature points detected and 3D axis
          planeDetection // turn on plane detection
          lightEstimation // turn on light estimation
        />
          <ARKit.Box
            pos={{ x: 0, y: 0, z: 0 }}
            shape={{ width: 0.1, height: 0.1, length: 0.1, chamfer: 0.01 }}
          />
        </ARKit>
      </View>
    );
  }
}
AppRegistry.registerComponent('MyFirstARKitApp', () => App);

How to make an ARKit app in 5 minutes using React Native →

Elsewhere , , , Leave a comment

A New Kind of Map: It’s About Time

September 19, 2017 by Bramus! Leave a comment

The Mapbox Team:

Recently, we’ve been thinking of a visualization that cuts directly to the way in which people make decisions about where to go: what would a map look like if we swept the physical world away completely, in favor of the time needed to move around it?

We’ve been prototyping a simple discovery tool on this idea. We take search results from the Foursquare API and array them around the user at the center

And yes, that prototype is publicly available 🙂

A New Kind of Map: It’s About Time →
TimeMap Prototype →

Elsewhere , , Leave a comment

Strategies for Derailing a React Conversation

September 19, 2017 by Bramus! Leave a comment

Fun list tweeted just now by Redux creator Dan Abramov:

Strategies for derailing a React conversation:

  • HOC vs render props
  • Is binding functions expensive
  • CSS in JS
  • PATENTS
  • Redux
  • Web Components
  • class vs className
  • <If>
  • Size of node_modules
  • Context

I wonder which ones, if any, will matter in three years.

Always keep questioning the status quo.

Elsewhere , , Leave a comment

Javascript : The Curious Case of `null >= 0`

September 15, 2017 by Bramus! Leave a comment

Abinav Seelan takes a deep dive to unearth why exactly this happens in JavaScript:

null > 0; // false
null == 0; // false

null >= 0; // true

How can a value not be greater than 0, not be equal to 0, but be greater than and equal to 0?

Javascript : The Curious Case of `null >= 0` →

Elsewhere , Leave a comment

One-off Futurama Podcast “Radiorama”

September 14, 2017 by Bramus! Leave a comment

Futurama’s back … with a one-off podcast episode:

I’ve listened to this one whilst driving home today. Quite enjoyed it 🙂

Elsewhere , Leave a comment