show and tell for hackers in DC.

Round 33: NULL adhesive heresy

07 Jun 2016

Jessica Garson: What We Learned at PyCon

Jess made another zine (self-published magazine). She made it IN ONE HOUR at a zine-making workshop at PyCon.

Embrace the punk culture! Jess played a punk show with the guy who founded the NYC Hack and Tell too! Portland has an used art supply shop near the convention center where PyCon was, of course. Favorite talks in the zine:

If she had more time she’d add things like demystifying jargon, etc. Make zines with Jess!

Dan Fujita: Heap Spray (JIT Spray)

Heap spray can address space layout randomization. Uses Windows XP IE 6/7. Adds a fraudulent windows Admin user. If the victim accidentally loads the shellcode, Javascript will try to convert the shellcode to unicode. Uses a lot of NOP Sleds interspersed with the shellcode. Triggers a buffer overflow in a vulnerable DLL file.

Dan was able to run his Javascript code on his own computer with the vulnerable DLL to add a fake admin account.

Next up: using JIT Spray to avoid Data Execution Prevention for Windows 10.

Nick Stocchero: Is Metro on Fire? (Twitter @Nick123pig)

The name says it all! Updated by an Amazon AWS Lambda process – checks follows to see whether anyone is mentioning Metro being on fire, or smoke – if so, it will update the /fireapi to say that Metro is on fire

It’s written in JavaScript. There’s a Twitter Node.js library and a S3 library.

People ask me: Should I ride the metro this morning? I’m like, I don’t know it’s a joke! It’s just a joke website!

Fun fact: the metro sometimes misspells fire.

Chris Nguyen: Tabs vs. Spaces, Data from the Holy War (Twitter: @uncompiled)

(mining source code for the answer)

Last week’s episode of Silicon Valley was all about Tabs vs. Spaces, so Chris went through the top 100 starred repos for each language on GitHub, then parsed the files to figure out what do people actually use.

Output is on firebase:

In conclusion: most people use spaces!

Data is available on Firebase:


Personal choice: 4 spaces.

Harlan Harris: App simulating rent stabilization laws

Little app built for the National Day of Civic Hacking, on simulating rent stabilization laws. Some interesting meta issues on the value of hacking and hackathon projects.

See the medium post.

About half of apartments in DC are rent-stabilized. For many apartments built before 1970 with more than 4 units (minus exceptions), there are rules that govern how much your rent can increase year to year.

Assuming a spherical cow, Harlan created a visualization that shows the distribution of outcomes for a variety of simulated apartments.

Lots of sliders to play with that adjust the variables – and it really highlights how adjusting things like the housing stock is really important to the prices.

Check out his visualization:

What are you trying to do at a Hackathon? Are you trying to create a real-world solution or are you trying to create something that can be interesting and let you look at the world in a different way? This is a model that gives you intuitions! It’s not a perfect world, but this is a great approximation!

Created in 4 hours using!

Anna Petrone: A linear program to solve Sudoku games (Twitter: 1littlevictory)

Anna had a traumatic experience with Sudoku early on in school, so she didn’t even play it until last week! Sudoku is where you have 1-9 in all of the columns and 1-9 in all of the rows.

Linear programming defines linear constraints with variables to create a feasible region. If your feasible region is a convex shape, your optimal solution will be at one of the vertices. She wrote a system of linear equations using these variables that describe mathematically the solution to the puzzle. Binary decision variables for each number and each box in the puzzle.. Coded in CPLEX (an IBM optimization package). There is no objective function – any feasible solution will do the trick (this is called a constraint programming problem).

Finds solutions for 9x9, 16x16, and 25x25 grids in a few seconds! But it couldn’t solve a 64x64 grid after an hour!

Future questions and thoughts:

Stay tuned!

Sarah Frostenson and Aurora Nou: Visualizing sound/music with the web audio API and Paper.js (Twitter: @sfrostenson and @auroranou)

WebAudio API and an d SVG framework called Paper.js. WebAudio API creates an Audio Context – you can stream audio, analyze it, and manipulate it. Paper.Js is super cool!

If we can get frequency data out of an audio file, could we create an animation of frequencies over time. Right now a default MP3 is uploaded, but there’s an option to upload your own MP3 file! It creates an animation of your MP3’s frequency! Written in Backbone. First you get the file with JQuery then you use an analyzer node to get the frequency data. Loops through the frequencies and create the animations

Maybe later: an animated gif so you can download the full thing.

It’s open source too, hooray!:

Eddie Nerdphy: Angry nerds art project (Instagram: Angrynerdz)

The Angrynerdz: How the free arts movement changed my life It all started with his first art piece, a nerd face on the Lord Baltimore flag. The Free Arts movement: you create art to leave behind for other people to take His very first piece: He put it in the Jim Henson statue at UMD. Made over 200 art pieces for people to find. Created an arts piece for the Childrens Hospital: Feel Better Bears

Look for his drops at

Some fun nerd puns: Jamie Lee Nerdist, The Nerdinator, Friday the Nerdteenth, Spread the nerd, Nerdstradamus

Travis Hoppe: Deep learning spelling bot (Twitter: @metasemantic)

Recurrent neural networks are great for language modeling! What’s the next letter in sequence? THE CAT IN THE HA

Instead of real language, Travis fed words out of sentence order. Tried Wikipedia as a database, but there are too many crazy words.

Used his RNN to create some seven letter words, and was able to also use the network to score the words based on how “real” the compute thought they were.

Created his own “Lorem Ipsum” but with fake words, looks pretty realistic!

Used the neural network weights to cluster words together– they end up clustering naturally based on spelling patterns. Coded in tensorflow