The earliest memory I have of ‘programming’ is in the early/mid 90s when my father brought home a computer from work. We could play games on it … so of course I took the spreadsheet program he used (LOTUS 123, did I date myself with that?) and tried to modify it to print out a helpful message for him. It … halfway worked? At least I could undo it so he could get back to work…

After that, I picked up programming for real in QBASIC (I still have a few of those programs lying around), got my own (junky) Linux desktop from my cousin, tried to learn VBasic (without a Windows machine), and eventually made it to high school… In college, I studied computer science and mathematics, mostly programming in Java/.NET, although with a bit of everything in the mix. A few of my oldest programming posts on this blog are from that time.

After that, on to grad school! Originally, I was going to study computational linguistics, but that fell through. Then programming languages (the school’s specialty). And finally I ended up studying censorship and computer security. That’s about where I am today!

But really, I still have a habit of doing a little bit of everything. Whatever seems interesting at the time!

Mongo DB Data Exfiltration via Search Conditions

I recently participated in a security capture the flag (CTF) exercise through work. The goal was–in a wide variety of ways–to find a hidden string of the form flag{...} somewhere in the problem. Some required exploiting sample websites, some parsing various data formats or captures, some required reverse engineering code or binaries, and (new this year) some required messing with LLMs.

As I tend to do for just about everything, I ended up writing up my own experiences. I won’t share that, since it’s fairly tuned to the specific problems and thus 1) not interesting and 2) probably not mine to share, but I did want want to share a few interesting techniques I found/used. If it helps anyone either defend against similar attacks in the real world or (more importantly đŸ˜„) someone comes across this while trying to solve a CTF of their own, all the better.

Okay, first technique: extracting data from a MongoDB database using search conditions.

read more...


Adding local search to Hugo with Pagefind

At this point, I have very nearly 2500 posts going back almost 20 years (… whoa). In a lot of ways, it’s a second brain for me. I actually find myself (from time to time) going back and looking up my various old posts.

Sometimes, I wanted to know how I solved a particular programming problem, sometimes I wanted to know when I went somewhere (by pictures!), and sometimes I wanted to know what a particular book or movie was about.

So for the longest time, I’ve had (up in the corner there) a nice search box. Powered by Google: Don’t Be Evil. Well, today, let’s see if we can do better!

read more...


Crosslinks by Title in Hugo--But Better!

Once upon a time, I solved Crosslinks by Title in Hugo. Back then, I added a shortcode so that I could link to any post by title like this:

{{< crosslink "Title goes here" >}}

It worked pretty well, but … it never really felt ‘Markdown’y. Which I suppose was the point.

But more recently, I came across Markdown render hooks.

What’s that you say? I can write code that will take the parameters to any Markdown link (or image/heading/codeblock) and generate the HTML with a custom template?

Interesting!

read more...


StackLang Part IX: Better Testing

Two posts in two days? Madness! Posts in StackLang: StackLang Part I: The Idea StackLang Part II: The Lexer StackLang Part III: The Parser StackLang Part IV: An Interpreter StackLang Part V: Compiling to C StackLang Part VI: Some Examples StackLang Part VII: New CLI and Datatypes StackLang Part VIII: Compiler Stacks StackLang Part IX: Better Testing But really, it got a bit late yesterday so I figured I’d split this into two different posts.

read more...


StackLang Part VIII: Compiler Stacks

Let’s continue StackLang Part VII: New CLI and Datatypes and implement lists stacks in the compiler! Posts in StackLang: StackLang Part I: The Idea StackLang Part II: The Lexer StackLang Part III: The Parser StackLang Part IV: An Interpreter StackLang Part V: Compiling to C StackLang Part VI: Some Examples StackLang Part VII: New CLI and Datatypes StackLang Part VIII: Compiler Stacks StackLang Part IX: Better Testing In this post:

read more...


StackLang Part VII: New CLI and Datatypes

Another day, another Stacklang! Posts in StackLang: StackLang Part I: The Idea StackLang Part II: The Lexer StackLang Part III: The Parser StackLang Part IV: An Interpreter StackLang Part V: Compiling to C StackLang Part VI: Some Examples StackLang Part VII: New CLI and Datatypes StackLang Part VIII: Compiler Stacks StackLang Part IX: Better Testing Today, we’ve got two main parts to work on: A new CLI New datatypes (VM only; so far!

read more...


StackLang Part VI: Some Examples

We’ve gone through all sorts of things building up the StackLang language so far: Posts in StackLang: StackLang Part I: The Idea StackLang Part II: The Lexer StackLang Part III: The Parser StackLang Part IV: An Interpreter StackLang Part V: Compiling to C StackLang Part VI: Some Examples StackLang Part VII: New CLI and Datatypes StackLang Part VIII: Compiler Stacks StackLang Part IX: Better Testing But what can we actually do with it?

read more...