Just putting it here in case anyone has to do it (I hope no one ever needs it): it is NOT painful at all.
I was told “it’s like a grenade explodes in your spine” by a (stupid) friend, it caused me to refuse to do it for the first time, which if I went through with it, things would’ve been very different for me, I would’ve been diagnosed days faster.
Again, it’s NOT painful at all, they use Lidocaine, you’ll feel way less than when they draw blood from your arm.
I had one of these few weeks ago, and it was the most traumatic experience in my life. They tried 3 times, and it hurt beyond measure. The lidocaine was supposed to be the painful one, but it was like a tickle compared to the punctures.
Then I had a horrible positional headache that lasted a full week. For the whole week I could barely tolerate going to the restroom. And when laying down (only the first 2 days) it ached between my shoulder blades so bad it was painful to breathe. Then for another 3 weeks I started to feel dizzy and weak if I spent over an hour upright.
Love that you had a good experience. I perform these procedures semi-regularly, and in some cases they can be painful (even with lidocaine). Most people tolerate them very well though, I usually compare it to the pain of an IV stick, which most people have already tolerated, but which can also cause some people a surprising amount of distress.
I had one and they Let me walk the next day to other diagnostics, had about 6 months severe headaches afterwards which only were bearable when lying down flat. Glad it went away, finally. If I remember correcly you should stay in bed for 48h after the procedure.
Yes, the possibility of severe and prolonged headaches are part of my consent for this procedure. That said, I'm usually only performing the procedure to help exclude (or confirm) a medical condition with risk of permanent disability or death, so it can be a tough decision at times.
I am glad you had a good experience. For me it was the most scary medical experience I've ever had. I think they hit a nerve because i felt my foot involuntarly cramping. The feeling is hard to describe. Also I lost vision completely for a minute. I was fine after though, just a little weak.
They are spamming other websites with links to my website like in your example. Google crawl those other websites, follow the spammy link to mine, and I get penalized for having a page with spam content.
The solution is to tell the crawler that my search page shouldn't be indexed. This can be done with the robots meta tags.
My two problems with access through libraries is lack of app access, and that every time I login, all my progress is gone (not reset to cover - gone gone), and I have to find the resource again, open it and go to the page/time I was at. Also can’t create my own playlist or favorites.
One feedback I have is that the instant I get the combination correct and complete a challenge, it suddenly pops up a “congratulations” message with a button to go to the next level, I can’t see my final solution.
I really want to take a few seconds to see my final solution, study, understand and admire it.
And that’s why email compromises are so dangerous- aside from all different accesses tied to emails, there’s also a wealth of information inside the inbox.
I don’t think they’re scared, I think they know it’s a lose-tie game.
If you’re correct, there’s not much reward aside from the “I told you so” bragging rights, if you’re wrong though - boy oh boy, you’ll be deemed unworthy.
You only need to get one extreme prediction right (stock market collapse, AI taking over, etc ), then you’ll be seen as “the guru”, the expert, the one who saw it coming. You’ll be rewarded by being invited to boards, panels and government councils to share your wisdom, and be handsomely paid to explain, in hindsight, why it was obvious to you, and express how baffling it was that no one else could see what you saw.
On the other hand, if predict an extreme case and you get it wrong, there’s virtually 0 penalties, no one will hold that against you, and no one even remembers.
So yeah, fame and fortune is in taking many shots at predicting disasters, not the other way around.
Need some help understanding what’s going on here.
In
function example(measurement) {
console.log(calculation); // undefined - accessible! calculation leaked out
console.log(i); // undefined - accessible! i leaked out
<snip>
Why does the author say `calculation` and `i` are leaking? They’re not even defined at that point (they come later in the code), and we’re seeing “undefined” which, correct me if I’m wrong, is the JS way of saying “I have no idea what this thing is”. So where’s the leakage?
Two spaces before each line in the code block. HN doesn't use markdown, it's easy to do even on mobile, a demonstration:
function example(measurement) {
console.log(calculation); // undefined - accessible! calculation leaked out
console.log(i); // undefined - accessible! i leaked out <snip>
It's "leaking" because the variable is in scope, it's associated value is "undefined". This is different than with let/const where the variable would not be in scope at that point in the function. An undefined value bound to a variable is not the same as "I have no idea what this thing is". That would be the reference errors seen with let/const.
Because they either have side deals with the big names, or they want to set precedent for going after them.
Not trying to be a conspiracy theorist here, but my bet is on having a deal with the big players, we allow you to scrape us (or we give you a pipe you can consume out of), and you pay us in monetary or non-monetary terms; like how many business exchanges work
You should start with the Beginner's Quest CTF, by implementing a writeup's solution without looking at the writeup's actual code, and by playing other CTF style challenges such as Overthewire's Bandit.
Great resources and sound advice.
Thank you, will take a look at the beginner’s quest for sure.
Also I definitely will follow the implementation advice. It just clicked. It’ll geerate a ton of aha moments for sure.
I’ve done Bandit years ago and many other wargames and ctfs (htb, defcon etc), and still doing ctfs every Friday, been working in the field for over a decade, and have 3 CVEs (cvss 7+, one 9) to my name. I think I’m missing something else entirely when it comes to Google CTF.
Maybe I need more theoretical knowledge (is that the right word here? By theoretical I mean more around pure cs and math) vs hands on real world (as in day to day) vulnerability research and exploitation.
Would love to hear some feedback to get better.
There’s always more to learn in all directions.
I haven't seriously competed for a while - the team I used to play with is all but disbanded. Back in the day I used to complete a challenge, maybe two, very rarely three in the top tier CTFs - out of 20-30 challenges - so definitely you need a team. (I also often got zero challenges and nothing to show for my time.)
I don't have any references for this but I remember reading that a couple of the bigger teams, those who would win often, had 30-40 players so they have one or two people working on each challenge in parallel. Of course, talent isn't equally distributed - My team usually had 10-12 people, of which maybe 3 people would get us 60-70% of the points we earned.
(I was not one of them. My personal goal was 1/n of our points, so if we were 10 people playing and got 5000 points, I'd be content if I solved challenges worth at least 500. I made it about half the time.)
Anyway, I don't think CS theory is necessarily useful for this - with the exception of the crypto (more on this later). What you really need is a combination of four things:
1) Solid understanding of the elements of each challenge type:
For web or misc, that's how to use sockets, make HTTP requests; what you can and cannot do (can you send a request with unescaped characters? Can you send the wrong Content-Length header? How big a payload can you realistically send?); what basic algorithms exist, how fast they can run and how to use them; Linux permission models. For pwn that's exploitation techniques, ROP, memory protections. For reversing that's reverse engineering techniques, the use of Ghidra or IDA or radare2, sometimes writing processor definitions for them.
For crypto you need to understand linear algebra over finite fields at the very least.
2) Fast learning: You will need to learn a new crypto attack, or the intricacies and gotchas of a particular JS framework, a new language, or a new embedded processor. In [1] you needed to learn what PIL can and cannot parse, how Pickle works under the hood, and, at a shallow level, how PNG image compression works.
3) Iteration. Challenges often have multiple steps. Solving one is usually not enough. Read [1] - it's a great writeup that highlights that point.
4) Resilience. I worked on [2] for a day and a half. But I'm not super up on lattice reduction theory and I didn't know about BKZ reduction. Other people didn't know about it either, learned about it as they went and solved it. I didn't manage. So I didn't solve it. That happens a lot. Live with it and do your best.
Legitimately, they are often too hard. Balancing the problems is quite challenging.
On top of that, the solutions often make the problems seem much intimidating than they are (not that they are easy). Most solutions involve a lot of “happenstance”, where someone tried something and it got an outcome that was useful, which they build on top of. This makes the solutions look crazy complicated (“how would i have ever thought of this!?”), when in reality they are Rube Goldberg machines built out of duct tape and baling wire.
I’ve only solved a few Google CTF problems, and one of them was the one I wrote, lol. That was nearly a decade ago though.
Just putting it here in case anyone has to do it (I hope no one ever needs it): it is NOT painful at all.
I was told “it’s like a grenade explodes in your spine” by a (stupid) friend, it caused me to refuse to do it for the first time, which if I went through with it, things would’ve been very different for me, I would’ve been diagnosed days faster.
Again, it’s NOT painful at all, they use Lidocaine, you’ll feel way less than when they draw blood from your arm.
If it’s needed, don’t hesitate.
reply