6274 stories
·
54 followers

Meanwhile in a parallel universe…

2 Comments

Read the whole story
fxer
1 day ago
reply
Man bites droid!?
Bend, Oregon
Share this story
Delete
1 public comment
drchuck
1 day ago
reply
Stay tuned for our review of Rocky 5... thousand.
Long Island, NY

Same.

1 Comment and 3 Shares

Same.

Read the whole story
fxer
4 days ago
reply
ISO 8601 position
Bend, Oregon
freeAgent
3 days ago
I use YYYYMMDD to save space on the hyphens and decrease time required to type it out.
Share this story
Delete

Google Bug Bounty – The $5k Error Page

1 Comment
Comments

Google Bug Bounty - The 5k Error Page

Well, this is going to be quite a short post ..
In January I was looking at some Google services hoping to find something worth a bounty. I came across https://login.corp.google.com which is nothing more than a simple login page (seems to be for Google employees themselves …)

login.corp.google.com Login Page

login.corp.google.com Login Page

Every time the page is accessed, a new image from https://static.corp.google.com is loaded directly into the page. Nothing too fancy happening here hm?!
An example of such an image URL is https://static.corp.google.com/corpsso/images/PICT0004.jpg

Well, after trying some other things I thought provoking an error here is the best thing I can do: I accessed https://static.corp.google.com/corpsso/asd/ and the default Google 404 page appeared with one difference:

Special Google 404 Page

Special Google 404 Page

I found a feature!

Lets check out what this is about. The “Re-run query with SFFE debug trace” link pointed to https://static.corp.google.com/corpsso/asd/?deb=trace.

SSFE and XFE HTTP Request

SSFE and XFE HTTP Request

Uff … That’s bad …

I was able to access internal debug information on static.corp.google.com by just adding “?deb=trace” to a 404 URL.
I saw the complete X-FrontEnd (XFE) debug trace and much more. I am still not sure what “SFFE” stands for but it seems that it’s something like a request engine in Googles backend that handles for example Bigtable Lookups. Bigtable is a “high performance NoSQL database service for large analytical and operational workloads”. For more information go here.

I was also able to view the SFFE response headers which indicate, that nothing was found …

SSFE Response Headers

SSFE Response Headers

In another section of the debug page I had access the complete Bigtable lookup flow which was performed due to my request (sorry for all the blacking):

Replicated Bigtable Lookup Flow

Replicated Bigtable Lookup Flow

This flow contained table names and paths of different Bigtables which were queried because of my request. So basically I was able to access Google internal information like:

  • Internal IP of the server which was used for the query (I think ..) + its uptime
  • Name of the server (the name is actually a link which is not accessible from the Internet but seems to point to Google Borg clusters)
  • SFFE Request and Response Headers
  • XFE HTTP Request
  • Replicated Bigtable Lookup Flow
  • Service Policies

The page did not allow any user interaction and I haven’t found anything to “go deeper” into the system so i reported it right away.

It was my first bounty I got from Google!

Detailed Reporting Timeline

19/01/2017 – Initial report
20/01/2017 – Report triaged
20/01/2017 – Nice catch!
10/02/2017 – Google already fixed the issue but forgot to tell me … I contacted them asking for an update
19/02/2017 – Got a response, they implemented a short-term fix and forgot to sent my report to the VRP panel …
10/03/2017 – Got $5000 bounty
16/03/2017 – Google implemented permanent fix


Comments
Read the whole story
fxer
7 days ago
reply
How the sausage is made
Bend, Oregon
Share this story
Delete

Woodrow Wilson Bridge in Oxon Hill, Maryland

1 Comment

Woodrow Wilson Bridge

If you take the Capital Beltway over the Potomac River by driving across the Woodrow Wilson Memorial Bridge, you will pass through the states of Virginia and Maryland as well as, very briefly, Washington, D.C. This rare bridge is the only in the United States that passes through three different jurisdictions.

Named for the 28th president of the United States, the drawbridge connects the city of Alexandria, Virginia, on the western end, to Oxon Hill, Maryland on the eastern. The majority of the bridge spans a portion of the Potomac that falls within the Maryland border. But a part of it passes through the very southernmost tip of Washington, which meets its neighboring states in the river, just south of the bridge. Thus, for about 300 feet on the mid-span of the bridge, drivers are not in Maryland or Virginia, but in the United States capital.

The bridge was first constructed in 1961, named after President Woodrow Wilson in honor of the 100th anniversary of his birth. Wilson was an advocate for the future of cars and highways in America, and his namesake bridge was designed to carry 75,000 commuters every day. But by the end of the 20th century, it was transporting more than 200,000 cars each day. The original bascule bridge could open two spans to allow for the passage of tall boats, and this, in addition to the overwhelming car traffic, caused problems. Plans were made for a new double bridge (two spans side by side) that could better handle both kinds of traffic. The new structure, built between 2000 and 2008, is 20 feet higher than the old bridge with a total of 12 lanes, twice the number as the original. 

Up until that point, Washington, D.C., had owned and operated its small span of bridge, the only span of the interstate system (I-95/I-495, the Capital Beltway) that was federally controlled. After the completion of the new bridges, that span of bridge was turned over to the Virginia and Maryland departments of transportation, which now share responsibility for the whole bridge.

To add a touch more Americana intrigue to the tale of the bridge, a nest of bald eagles within the construction zone (on the Maryland side) was protected as the new bridges were being built. Sixteen eaglets were born in that time.

Read the whole story
fxer
7 days ago
reply
Is the bridge super racist? Does it segregate cars into lanes by color?
Bend, Oregon
Share this story
Delete

New Dark Crystal Netflix series could be exactly what we all need

1 Comment

A teaser trailer for the new Netflix series, Dark Crystal: The Age of Resistance

For Jim Henson, creator of the Muppets, the feature film Dark Crystal was a passion project. It's the tale of a world divided between good and evil creatures whose war has destroyed the environment and almost driven the humanoid Gelflings to extinction. Now Netflix has just announced a prequel series, Dark Crystal: The Resistance, which tells the backstory of the evil Skeksis' rise to power and a group of brave Gelflings who challenge their reign.

The team behind the series is promising. The Resistance is executive produced and directed by Louis Leterrier, who started his career working with Luc Besson on the Transporter movies and later helmed The Incredible Hulk and Clash of the Titans. Plus, the writing team includes fan favorite Javi Grillo-Marxuach (Middleman, The 100), which is great news. Grillo-Marxuach is known for blending humor into dark scenarios, and that will be the perfect touch for the Dark Crystal universe. Anyone who saw the original film knows it wasn't afraid to be silly despite its epic sweep.

Jim Henson Productions

Read 3 remaining paragraphs | Comments

Read the whole story
fxer
7 days ago
reply
Hope they bring back the Kristen Bell puppet
Bend, Oregon
Share this story
Delete

Touching tips CDC

2 Comments

Read the whole story
fxer
7 days ago
reply
How babies aren't made
Bend, Oregon
dreadhead
6 days ago
Depends who you ask.
DMack
7 days ago
reply
The Creation of Adam
Victoria, BC
Share this story
Delete
Next Page of Stories