[HN Gopher] No-more-secrets: recreate the decryption effect seen...
___________________________________________________________________
No-more-secrets: recreate the decryption effect seen in the 1992
movie Sneakers
Author : tambourine_man
Score : 767 points
Date : 2023-07-20 12:57 UTC (10 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| jh00ker wrote:
| Who here clicked the YouTube link at the top of the README.md
| file and DIDN'T watch it all the way through? I admire your
| resolve!
| janee wrote:
| Made me think of cool retro term, which I haven't checked out in
| I want to say 10 years...lo and behold someone already applied
| this to the green version haha
|
| https://user-images.githubusercontent.com/121322/32070715-16...
|
| See https://github.com/Swordfish90/cool-retro-term
| geekifier wrote:
| Is there any reason this would not work on a Mac and iterm2? I
| get the initial encryption effect, but sadly, no decryption :). I
| tried different fonts and iterm2 settings to no avail. I guess I
| could try the ncurses option, but curious to see this not work
| natively.
|
| Edit: as helpful comments below me explained, you either have to
| press another key to decrypt, or launch it with the `-a` option.
| ant6n wrote:
| Macs are more secure.
| adammarples wrote:
| You gotta press enter again lol
| bluedino wrote:
| Did you forget the `-a` option on the nms command? Works for me
| on a Mac with iTerm2
| geekifier wrote:
| Indeed I did, thanks!
| azubinski wrote:
| Because the web is getting more and more boring... If you embed
| this toy in any terminal browser so that every opened page is
| "decrypted", you get something very very funny :)
| nailer wrote:
| I _really_ want a modern version of Sneakers where someone works
| out that a quantum computer has probably been built (maybe years
| ago) and they have to steal it if it exists.
|
| Totally fits in with the original Sneakers "no more secrets"
| meme.
| nocoiner wrote:
| I personally could have been on board with a remake with the
| original cast (though the original was already about aging and
| maturity, so I don't think the passage of yet another
| generation would have been all that compelling of a story), but
| RIP River Phoenix and Sidney Poitier (had to check and see if
| Ben Kingsley was still alive, though).
|
| I actually think the original holds up shockingly well, for a
| movie that is at least tangentially about technology. It in
| part got lucky that it was juuuuust pre-WWW and that critical
| systems running on mainframes is still a thing in 2023.
| xtracto wrote:
| Yes!! Why dont they do reboots , sequels, prequels , or even
| shitquels of the films I loved as a kid?
| jtwaleson wrote:
| Always fun :) Years ago I wrote a similar single file python
| script "decrypt.py" which does roughly the same thing. Sadly it's
| still my most popular GitHub project:
| https://github.com/jtwaleson/decrypt
| [deleted]
| mikae1 wrote:
| I need a JavaScript version of this!
| mydriasis wrote:
| DUDE that is so cool. I love the "line feed" and "scrambling"
| effect. Wow!
| Anthony-G wrote:
| Very cool. It's easy to build the project from source and I
| appreciate the _uninstall_ target in the Makefile (not all
| projects include this).
| iancmceachern wrote:
| I absolutely love this movie. I grew up watching it on VHS and
| coincidentally bike by the setting of one of its major scenes
| daily. There is that brick courtyard that currently sits between
| Google and Wharton. In the movie its a outdoor dining area, and
| Sidney Poitier says, holding the car phone in Martin's Karman
| Ghia, "Martin, It's your mother". And then they realize they're
| not with the NSA. Anyway, they've added a floating firehouse
| there now, and the road looks a bit different, but I love how
| similar the view is there now as to when the movie was filmed.
|
| I really do love this movie, it's really well done all around.
| francisofascii wrote:
| HOLY COW! What the hell is this?
|
| - Whistler.
| housebear wrote:
| One of my favorite movies of all time.
| henriquez wrote:
| So neat. I just hacked into the FBI!
| jrflowers wrote:
| Seatec Astronomy was an anagram for Too Many Secrets, not No More
| Secrets.
| cpuguy83 wrote:
| But the machine makes it so there are no more secrets.
| rconti wrote:
| SETEC Astronomy, actually. And "No more secrets" was what Coz
| said to Marty about the decryption machine.
| gumby wrote:
| I wish programs included stuff like this in their demo modes.
| Beeps with keypresses, animations, and the like.
|
| Back when there were trade shows this would have been great on
| the show floor (fun to look at and give the salesperson more time
| to talk). Beeps on keypresses, noises while computing, and of
| course cool graphics like this.
|
| That stuff would be super annoying when actually using the
| software for real. Perhaps it could be enabled in the free
| version and suppressed when you bought the license.
| LinuxBender wrote:
| Like the cool retro terminal it appears this is also in
| VoidLinux. Any other distros also have this?
| xbps-query -Rs no-more-sec [-] no-more-secrets-1.0.1_1
| Recreate the famous decryption scene from Sneakers
| sandyarmstrong wrote:
| This is one of my favorite movies of all time. The decryption
| scene is so iconic in my memory. You absolutely NAILED it!
|
| Thank you for this lovely surprise.
| bmmayer1 wrote:
| Obligatory two idiots, one keyboard link:
| https://www.youtube.com/watch?v=u8qgehH3kEQ
| junon wrote:
| The thing about NCIS is that they had these sorts of jokes
| coming with actual technical background. This wasn't just a
| thing some writers thought people wouldn't notice, I'm pretty
| convinced NCIS did this on purpose.
|
| The "I looked at the source code and 1 out of every 337
| payments went to <name>", or the "The printer is coded using
| assembly" while HTML is shown (two opposite ends of the
| spectrum) really convinced me that the tech was supposed to be
| so obviously fake to tech people that it allowed them to still
| be entertained by it.
|
| Compare this to CSI:Cyber which wasn't taking the piss out of
| IT and simply made stupid, ridiculous things up ("cyber nuke")
| or Numb3rs which described IRC as "two boats passing in the
| ocean communicating through the ripples of the water" or
| "thankfully I speak leet".
|
| NCIS seemed to actually try to either get things right, or make
| them purposefully outlandish. I respect the writers for that.
| unbalancedevh wrote:
| I think they could have improved the effect if they'd had
| Gibbs start moving the mouse around and clicking when he
| first stepped up.
| _nub3 wrote:
| Thanks for the title. Went right up into my alltimefaves.
| jvanderbot wrote:
| Wait, you're telling me I can just download these 3-5 source
| files, type `make`, and it will _just build_?
|
| No:
|
| * Setting up an isolated build env
|
| * Pulling 1600 dependencies and building them from source
|
| * installing a filesystem layer with 1600 .so libraries
|
| * running docker, npm, etc?
|
| _AND_ it compiles in a fraction of a second?
|
| Amazing what this new language C can do.
| Name_Chawps wrote:
| Crazy how few dependencies a toy console program needs.
|
| I wonder how minimal a giant web app written in C would be?
| Would it still compile in a fraction of a second?
| marcus0x62 wrote:
| It would compile quickly -- on a relative basis -- it would
| just take 2 - 10x longer to write than something in a
| language more suited to web development...
|
| And probably also contain a bunch of RCE vulnerabilities.
| jvanderbot wrote:
| I've deployed microservices in C! It's a PITA. Not to build,
| but to get the microservice to accept C. It builds real fast.
| Then zip, and `aws lambda blah blah` works fine.
| echelon wrote:
| > Amazing what this new language C can do.
|
| One well-maintained C project in isolation. I've also seen
| nightmares that are difficult to build on certain platforms or
| require undocumented build dependencies. Let's not forget how
| horrible the automake/Cmake/Scons/etc. ecosystem can be.
|
| Everything is awful when there's no attention to the dev
| experience.
| andai wrote:
| It's funny, C++ projects either have the best or the worst
| setup experience.
|
| Took me hours to get Audacity building on Windows. Actually, I
| might have given up and installed Linux instead, and built it
| there. That's usually way easier!
|
| But the other day I built an old MP3 encoder (BladeEnc) in a
| split second. It brought a tear to my eye. That's with Visual
| Studio 6. Which somehow builds an entire project before the new
| VS even begins compiling!
| lsh123 wrote:
| This is a property of Windows C++, not other C++'s :) :) :)
| theamk wrote:
| Once you have gcc installed, yes it just works. It's only 184MB
| and 2153 files (tested on random VM).
|
| Python is actually smaller, 82MB and 1461 files, and has a much
| better stdlib.
|
| If you never wrote zero-dependency python scripts, give it a
| try! It's a very nice experience: download file / clone repo,
| run a file and that's it. Not even a build step.
| sgarland wrote:
| This (and learning stdlib better) is precisely why on a
| Python project of mine, the only external dependency is a C
| shared library to run some parts faster than Python can
| (making giant arrays of ints and shuffling them). I bundle
| precompiled libraries for the architectures I have available,
| so you don't have to make if you don't want to.
| anthk wrote:
| check tcc
| xtracto wrote:
| Aah this brought me back memories! Waaaaay back in the day
| (90's) I would implement my own methods I stead of say
| including stdlib.h or other libraries because I had the (wrong)
| idea that including it would _bloat_ my C programs (didn 't
| know how a like worked uh?) .
|
| 12 year old me would choke seeing NPM, pip, or bundle these
| days... or Electron!
|
| We could do so much with so little!
| kstrauser wrote:
| I helped interview a front end developer who bragged about
| and insisted on hand-writing every bit of JavaScript so that
| we'd have the leanest possible website.
|
| He did not make it past me.
|
| Not that we don't care about those things, but we have better
| uses for our time and money than implementing an in-house
| version of React. Also, our other engineers would probably
| have strangled him.
| tambourine_man wrote:
| You may have lost a good developer. Enthusiasm is valuable.
| Trying to do the best possible thing, even if misguided.
| dheera wrote:
| I've always loved programs that didn't even need "make". The
| ideal build and install experience should be:
| $ gcc foo.c; cp a.out ~/bin/foo $ foo
|
| Now that is a REALLY good build experience.
| chungy wrote:
| You don't need a Makefile, but you can just run "make foo"
| and it'll automatically run "cc -o foo foo.c" for you.
| tomcam wrote:
| You probably know that this is routine and even simpler in
| Go: $ go run main.go
| dheera wrote:
| Yes, and it boggles my mind why C/C++ hasn't come up with
| a better built-in build system already.
|
| I shouldn't have to specify a ton of flags to g++
| something, it should find them within the project
| directory and pull in dependencies automatically.
|
| Header files should be done with. Poof. Gone. There is
| zero reason for them to exist. I know exactly _why_ they
| exist, but it 's an artifact of a system where
| preprocessor, compiler, linker are separate. I should be
| able to do "import<foo/bar>" multiple times and it should
| pull in all the classes and functions in "./foo/bar.cpp"
| or "./foo/bar.so" (whichever is available), just like
| Python, and cache the ".so" files just like Python caches
| ".pyc" files.
|
| Improving C++'s build experience would have absolutely
| zero impact on execution speed.
|
| Yet they're busy adding some stupid spaceship operators
| and other things people almost never use.
| tomcam wrote:
| I'm annoyed too, because I love C and back in the 90s
| languages like Turbo C and Microsoft C were quite
| intuitive to use from the command line and using whatever
| old editor you wanted. I would still very happily be
| using modern C if the overall experience were like Go.
| morning-coffee wrote:
| > Yes, and it boggles my mind why C/C++ hasn't come up
| with a better built-in build system already.
|
| Wait... you didn't get the memo? They did, and renamed
| the language in the process... it's called Rust. ;)
| fsociety wrote:
| Just wait until you add a bunch of dependencies. Then you get
| to discover the nasty parts.
| stavros wrote:
| From personal experience, the number of times that I've typed
| `make` and it worked are so few, that now I basically think
| "cool, but there's no way I can compile that" and close the tab
| whenever I see a C project.
|
| This project built fine, though.
| theandrewbailey wrote:
| Agreed. 90+% of the times that I've wanted to compile
| something, I couldn't. I suspect that it was mostly because
| of missing or outdated dependencies. The only things that I
| can reliably compile are image encoders.
| uwagar wrote:
| if ud like to ride a rollercoaster try this:
|
| http://plusplus.free.fr/rollercoaster/
| pixelbath wrote:
| And the repo doesn't ask you to pipe curl output directly into
| the shell? Neat!
| speedgoose wrote:
| Yes it's very different. You download source code and execute
| it. Compared to downloading source code and executing it.
| opan wrote:
| The more manual and stepped method makes it more likely
| you'll read through it first.
| speedgoose wrote:
| I don't believe the average user carefully analyse the
| makefile or similar build instructions.
| bdavbdav wrote:
| Is this code for "check out the number of git stars and
| go ham on the .sh"
| netfortius wrote:
| Where is the API GW cluster load balancer?
| twic wrote:
| > Wait, you're telling me I can just download these 3-5 source
| files, type `make`, and it will _just build_?
|
| No. You need make and a C toolchain installed.
|
| If you have those installed, you almost certainly also have
| Python, Perl, and possibly even a reasonably recent Java (not
| on MacOS, yes on most Linux distros, i think) installed, and
| all of those are also capable of doing this with zero
| dependencies.
| asveikau wrote:
| When I set up a Linux system, it only installs what I ask it.
| Perl and python are popular enough that they'll probably get
| pulled in by stuff I want to use, including things like the
| distro's package manager. But Java? No way.
| croes wrote:
| I think parent wrote that because nowadays many projects are
| for JavaScript or Python with lots of dependencies.
| kramerger wrote:
| Not only that. The build systems can also be really crazy
|
| I've seen embedded C code that requires Python AND Ruby to
| build.
|
| Linux is still using makefiles (+ config). Your project
| cannot possibly be more complicated
| danuker wrote:
| > Python AND Ruby to build
|
| The `cryptography` library (I'd say quite an important
| one in the Python ecosystem) requires Python, C and Rust
| to build, since v3.4.
|
| https://cryptography.io/en/latest/installation/
| Eduard wrote:
| The cherry on top: visiting the
| https://cryptography.io/en/latest/ landing page, a Python
| outsider wouldn't be able to tell that this is for
| Python.
|
| A full text search for "python" reveals only a single
| match hidden at the bottom within the FAQs section;
| ironically within the context "Why are there no wheels
| for my Python3.x version?".
|
| Most of the other FAQs add to it:
|
| - I cannot suppress the deprecation warning that
| cryptography emits on import
|
| - cryptography failed to install!
|
| - Why does cryptography require Rust?
|
| - Installing cryptography produces a fatal error:
| 'openssl/opensslv.h' file not found error
|
| - cryptography raised an InternalError and I'm not sure
| what to do?
|
| - Installing cryptography with OpenSSL 0.9.8, 1.0.0,
| 1.0.1, 1.0.2, 1.1.0 fails
|
| - Installing cryptography fails with error: Can not find
| Rust compiler
|
| - I'm getting errors installing or importing cryptography
| on AWS Lambda
|
| - Why can't I import my PEM file? What happened to the
| backend argument?
|
| - Will you upload wheels for my non-x86 non-ARM64 CPU
| architecture?
|
| Python is by far the most platform-dependent, brittle
| programming environment, and the prime example that the
| "interpreted languages run everywhere!" trope is
| increasingly dead.
|
| Build nonce, fail everywhere.
| tremon wrote:
| Linux, being a kernel, has no external dependencies
| (except for its menuconfig, which requires ncurses). That
| sort of isolated build tree is very rare in almost every
| other software project, even something like gcc has a
| dozen external dependencies IIRC.
| endgame wrote:
| It does, including at least a shell, a C++ compiler,
| make, and a bunch of other UNIX/GNU tools to run the
| whole thing. And where do you get those programs from,
| and can you trust them? If you look really seriously, a
| scary problem emerges. (See: Trusting Trust Attack)
|
| The Guix project recently hit a massive milestone in
| untangling this, by creating a package set which starts
| by building a _357-byte_ program and works its way up to
| the utilities you 'd expect:
| https://guix.gnu.org/blog/2023/the-full-source-bootstrap-
| bui...
| martinjacobd wrote:
| Embedded projects can be more complicated to build than
| the Linux kernel in two respects: Embedded projects are
| usually cross-compiled; whereas, one is ordinarily
| building the Linux kernel for that machine or one like
| it. And, hardware vendor code is usually bad.
|
| I had one embedded project that I handrolled the makefile
| for, and it was all in pure C, no OS. That was fine, but
| ensuring that the versions of the hardware abstraction
| layer, and other drivers I wanted to use _from the same
| vendor_ was a source of annoyance. Keeping track of which
| source files were to be enabled and disabled in the
| makefile was also annoying.
|
| Another project I am working on uses platformio on an
| RTOS (and a much bigger micro). Platformio is written in
| Python to handle all of that 'seamlessly' and it does
| work pretty well from my perspective. And I don't have to
| manually install separate toolchains to /opt (or
| wherever) and keep track of them; it 'just works.'
|
| I like the makefile approach. With only a little work,
| it's possible to make clean build directories without .o
| files littered around like mouse droppings. I know
| exactly what code is being built, and, because I usually
| have to write the linker script, where it is being put.
| But once it gets more complicated with different
| toolchains and compatibility problems (and it usually
| does if you have an RTOS), it sure is nice to have
| something like Platformio.
| petsfed wrote:
| There's also the aspect that a lot of the really good
| packages for dealing with e.g. text or the OS don't
| translate well to the constraints of embedded systems.
|
| So I could go to all the trouble to have a cascading
| compilation all in pure c or c++, so the git SHA is
| written into a given source file, which is in turn built
| and flashed onto my target device. Or I could use an
| interpreted language for all the off-the-device
| operations, completely skip over configuring a separate
| development environment, and do it all in a fraction of
| the time.
|
| The only reason I want to be compiling c or c++ for the
| host is because I'm also writing a driver at the same
| time, and even then...
| aidenn0 wrote:
| I'll see your "Python _and_ Ruby " And raise you to "A
| windows batch file that calls perl, python, nmake, and
| gnumake" It's like each person who contributed to the
| build system just used whatever tool was closest.
| a1369209993 wrote:
| I've got a (bash) build script that that uses perl (with
| lots of regular expressions), python (apparently for no
| other reason than that the version of perl it started
| with didn't have `say`), dc (to calculate absolute memory
| addresses, because python and perl don't have a
| convenient equivalent of `P`), and runs a windows batch
| file under wine to build the .exe version with MinGW
| (although that will print a warning and continue if wine
| or MinGW is missing or out-of-PATH).
| Dylan16807 wrote:
| > I think parent wrote that because nowadays many projects
| are for JavaScript or Python with lots of dependencies.
|
| Of course they did. But they made it sound like _the
| language_ is the deciding factor, and that 's not true.
|
| C can have horrific-to-install dependencies, even worse
| than you see with binary python packages.
| tetha wrote:
| Python is very much funny.
|
| Like, a ton of our ops-scripting, things have 2-3 direct
| dependencies and maybe 10 transitive dependencies. And the
| latter is an actual flask application with pydantic, so a
| bit outside of "scripting". We've settled on a set of these
| versions, put them into a venv on a system and that's it.
| Update every few weeks, get accustomed to the libraries.
| Nice and stable base to work with.
|
| And then we have some of our python-based ML teams. I'm not
| joking, but I have entire classes of servers which -
| including their dataset - are smaller in storage footprint
| than some of their python containers including tensorflow
| and models and panda and all manner of things. Feel free to
| accuse me of comparing apples and oranges, but that feels
| very, very strange.
| reaperman wrote:
| Yeah the ML envs are insanely bloated, but honestly it
| works well enough for us doing that work. It's nice
| having lots of battery-included stuff. It really sucks
| having to manage the primary dependency chains (mostly
| centered around CUDA versions and GPU drivers), but it's
| slowly getting slightly better. The overall bloat of
| packages generally doesn't feel like it gets in my way.
|
| I come from an embedded systems / microcontroller
| background though, so the bloat does feel completely
| insane.
|
| For me things like Django feel "worse" overall in terms
| of developer QoL than the ML universe does, but maybe
| just because I don't know it as well and my last real
| webdev experience was before PHP4/HTML5.
| tetha wrote:
| I mean it's entirely fine, at least that's what the
| company decided.
|
| The snark is mostly arising because I recently wrote a
| little tool to do an inventory of our private docker
| registry, because storage was getting difficult to
| manage. After a whole bunch of messy data collection and
| setup, it sets up a graph of the layers in the registry,
| assigns images and tags to owners. From there it
| backpropagates "ownership" of layers - if a layer is only
| referenced by images attributed to one team, that layer
| belongs to the team, else it's marked as mixed.
|
| Before doing that, people were enthusiastic about making
| image builds more efficient, tagging smarter, collecting
| faster. A great atmosphere I'm finding myself enjoying
| more and more in the company, which is great.
|
| However, doing the analysis pretty much showed us that
| 90% - 95% of the storage used in the private registry was
| used by these python/ml docker images. We found several
| projects whose CD images were not being garbage collected
| by the setup for 2 years or so. This wasn't great, but
| the entirety of their images took up less storage than
| like 2 base images of the ML stack.
|
| It's the thing we have to do, but I reserve my right to
| make fun of it.
| philsnow wrote:
| Don't forget the bad-old-days of `sudo make install`.
|
| I'll note that this project does come with an `uninstall`
| Makefile target, but not a lot of projects do/did.
| chaxor wrote:
| Don't advertise these languages, else they will become like the
| wretched python is now.
|
| Python used to be fantastic. It actually used to _just work_.
| That stopped once everyone caught on to the language, Nvidia
| got involved, and tensorflow / pytorch /ML ruined everything
| with so many script kiddies writing nonsense that had no
| interest in making their packages compatible with anything. The
| community is the best, but also very very much the worst part
| of the language.
| nsxwolf wrote:
| I expected to have bad luck on my Mac, but I ran:
|
| git clone https://github.com/bartobri/no-more-secrets.git
|
| cd no-more-secrets
|
| make
|
| ./bin/nms
|
| It worked!
| omniglottal wrote:
| I just did the same on Android in Termux. Clone, make, and it
| "just works".
| the_gipsy wrote:
| Same for every language: if the env is installed and the
| program has no dependencies, just run build command.
|
| This one needs some unspecified versions of gcc, make, and
| ncurses installed.
| jvanderbot wrote:
| Minimizing dependencies is a lost art, is mostly what I'm
| saying.
| flykespice wrote:
| It's because programmers nowadays think efficiency is a
| one-dimensional concept that only applies to the code.
|
| They don't think on the big picture the efficiency on the
| resulting binary size and build time (implied by the number
| of dependencies).
|
| Another thing that is ignored is the external dependency
| that the user would need to run the program (whether none
| with a native compiled binaries or a whole runtime
| environment to run your python program)
| sophacles wrote:
| That's not what you said though, you said i could just
| download it and type make and it would just work.
|
| That's not what happened for me, and it seems to be a very
| odd way of presenting a very different message.
|
| Turns out the minimal dependencies needed involve several
| OS packages and also the special "dev" versions of those
| packages installed, and I need to use one of the right
| subset of terminals.
|
| Having the implicit knowledge to get the "magic", doesn't
| have anything to do with minimizing dependencies. Sounds
| like the real thing being said is: "It's neat when people
| use a toolchain and environment I'm familiar with". I don't
| think that extrapolates to "minimal dependencies are what
| we want".
| jvanderbot wrote:
| "Minimizing Dependencies"
|
| Consider the set of dependencies required to recreate
| this in language / framework X.
|
| I assert that this set of dependencies is larger (in some
| cases much larger) for probably _all_ languages and
| frameworks, _except_ those that are built using the same
| language, compiler, and libraries used by, and shipped
| with, the target operating system. I would _also_ assert
| that the speed to build, install, and deploy the package
| would be worse. Larger here means "includes more lines
| of code", as well as "requires more libraries" and
| "requires more executables, probably from interpreters".
| "Worse" here means "more time required to resolve",
| "requires more downloads", and/or "requires more CPU
| cycles to solve the multiple levels of indirection from
| interpretation".
|
| It just so happens I have npm, nodejs, cargo, g++,
| python3, pip, and gcc floating around, and I _almost
| always_ find that 'make' with `gcc` is the fastest gun
| in the west, as long as you stick to some basic OS
| libraries, as this project does. Cargo is real, real
| close, and probably equal if you ignore the long
| dependency chains that result for almost any project.
|
| But that's much more verbose, and I think the original
| message implied this for most readers.
| sophacles wrote:
| The compiler and libraries aren't shipped with most
| operating systems. They are available as additional
| dowloads for most operating systems, just like any other
| language and environment. But the biggest linux distros,
| OSX, Windows, and ChromeOS don't ship with a compiler in
| the default install.
|
| I would assert, that this could be done in C, python,
| rust, and go - no libraries just whatever ships with
| installing the compiler package. Probably others too but
| I don't know them well enough to say this about them with
| the same level of confidence.
|
| I will concede that some of the packages to install those
| languages may be bigger (in the more bytes sense) than
| gcc + dev versions of the c libraries.
|
| Literally it just does a few syscalls to read from input
| and write to output, all those syscalls are available in
| the stdlib of the languages I mentioned. Everything else
| is just a few simple loops and some table lookups (there
| is the ncurses version that does it a bit different, but
| it includes the raw vt100 codes too - I'm ignoring the
| ncurses version to be kind to your assertions about
| dependencies).
|
| For the languages I listed you need the same number of
| binaries, or fewer. For go - you just need the go binary.
| For python, the same. For rust you need cargo, rustc and
| ld (vs C's make, gcc, ld). (note ld here is shorthand for
| all the tools ld invokes too).
|
| As for cpu cycles, you may be right but that is also
| unrelated to the minimizing dependencies message -
| although I don't know that the binaries created by rust
| or go would actually use more CPU cycles, and likely not
| enough to matter on any computer made in my lifetime.
|
| As for compile times - I don't think python or go would
| have a noticable difference (python is compiled to
| bytecode to run on a vm at startup, its not a true
| interpreter so what I mean is that the python text ->
| bytecode part will not result in a noticeable startup
| delay).
|
| Looking at the project code, I can see several ways to
| make it have lots of additional dependencies in C or any
| other language. For instance we could consider the
| ncurses version in the repo itself, that adds a
| dependency which must be downloaded (ncurses is installed
| often by default on linux, but ncurses-dev or whatever is
| an extra install). But why stop at ncurses, we could make
| it use glib and getopt and so on.
|
| At best, the dependency thing seems orthogonal to the
| language.
|
| As for packaging - well I just don't believe it would be
| worse.
|
| It would be the same set of tools to create the package
| for each of them - for go and rust you wouldn't even need
| additional OS dependencies to install the package -
| really it's just a change of the build command and the
| binary path to copy into the package, though you would
| for python - fortunately that _is_ included as part of
| the default for many OSes that don 't include make and C.
| theamk wrote:
| If we are talking about source code distribution, then
| Python-with-stdlib-only would be have smaller overall
| dependencies (measured in bytes or executables), easier
| to build (no build step) and faster to build (0 seconds).
| The runtime speed will be much lower but you don't need
| high performance for terminal graphics.
|
| But if you want a really lightweight language, you'll
| want something like Lua. It's like 0.2MB in a single
| binary which has a (very small) stdlib already built in
| it.
|
| There is a reasons old-style routers/embedded devices
| with megabytes of flash came with lua (and rarely
| python/perl), and almost never with gcc or other
| languages.
| VectorLock wrote:
| I love glorifying doing things the hard way as much as the
| next guy, but the fact is dependencies are a way of life.
|
| We build on the shoulders of giants. We pull in other
| peoples code because we don't want to duplicate work, ours
| is likely not to be as good, any code is a liability, and
| sometimes _we just aint got time for that._
| badsectoracula wrote:
| > We build on the shoulders of giants
|
| The problem is that most of the time said giants are
| actually sand golems and it is giants all the way down.
| the_gipsy wrote:
| You played this on C, but there is nothing about C that
| makes this special. You can do this with python,
| javascript, rust, go... except java maybe. Just imply that
| the compiler and build systems are installed. There is
| nothing special in C about implementing some terminal
| escape sequences that couldn't be done elsewhere.
|
| Actually, C is worse: it could all be any compiler/version,
| make version, or ncurses lib version - nothing is fixed,
| not even documented. At least in other language there is
| some standard way of pinning dependencies.
| sempron64 wrote:
| A lot of pain comes from OS apis which are not supported
| in the standard library, like graphics, audio, and media.
| These inevitably need libraries and frameworks to work
| cross-platform.
| sophacles wrote:
| This is also true in C... you make an excellent point:
| that for toy programs the default stdlib for any given
| language is often sufficient.
| jjav wrote:
| > You played this on C, but there is nothing about C that
| makes this special.
|
| Yes there is something special about C (on Unix/Linux). C
| is the mother tongue of Unix so it's more intertwined
| with the system than anything else (other than shell
| scripting also). You'll nearly always have cc installed.
| The libraries you need are often in /usr/lib as part of
| the OS install.
| the_gipsy wrote:
| Meh, you can say the same about python, or a bash script
| for that matter.
| jjav wrote:
| I did say the same about shell scripting.
|
| Python, no way. Now you have to start pip installing
| dozens of packages and then you run into dependency mess
| so then you reach for some tools to manage multiple
| environments and suddenly you're a few hours into what's
| become a project when all you wanted was to run a script.
| the_gipsy wrote:
| It's definitely worse with C. Most projects just give you
| a general "you need X library". Unknown version. Check
| with your distro which of multiple (or none) package that
| might be. Then also the X-devel for the headers.
|
| Aaaaand then there's all the arcane configure script
| nightmares.
| mindcrime wrote:
| _You can do this with python, javascript, rust, go...
| except java maybe_
|
| You can absolutely "minimize dependencies" with Java as
| well. Obviously you can simply choose not to use 3rd
| party dependencies, but even with regards to the standard
| library you can leave out stuff from your runtime that
| you don't use.
|
| https://adoptium.net/blog/2021/10/jlink-to-produce-own-
| runti...
|
| https://www.baeldung.com/jlink
|
| https://access.redhat.com/documentation/en-
| us/openjdk/11/htm...
|
| https://docs.oracle.com/en/java/javase/11/tools/jlink.htm
| l
| [deleted]
| benguild wrote:
| don't worry, someone will port it to JS
| jonmasters wrote:
| But it would probably be better as a containerized microservice
| with 100 RPC endpoints. Just think how flexible this would be.
| Even better, 1000 containerized microservices with failover and
| autoscaling.
| lxe wrote:
| _shakes head in windows_
|
| > make: The term 'make' is not recognized as a name of a
| cmdlet, function, script file, or executable program. Check the
| spelling of the name, or if a path was included, verify that
| the path is correct and try again.
| msla wrote:
| The supported Windows version is WSL.
|
| Everything else is weirdo legacy crap.
|
| /s
| j1elo wrote:
| To be honest, I must admit to believe that whoever else did
| this same tool with JavaScript, no doubt would have used a
| _package.json_ that needed to download at least a couple
| hundreds of dependencies.
| sophacles wrote:
| And unless a person is using linux with the right tools
| installed, they have to go download an entire OS, get it set
| up, install all the right libraries and then, maybe (if they
| did it right) they can type make and pretend to "not have to
| install a whole bunch of dependencies".
| j1elo wrote:
| Your comparison is a bit disingenuous. I thought that the
| reasonable point of comparison was obvious, so let me state
| it in case it's not:
|
| * For this C program: Let's say a default install of a
| Debian system, with GCC and Make installed. Nothing else.
| Just clone and run _make && ./bin/nms_.
|
| * For an hypothetical JavaScript implementation: Same
| Debian system, with Node.js installed. _Nothing else_. Just
| clone and run _node . /src/nms.js_.
|
| Now tell me that the second point would ever happen, of
| course without the obvious trick of vendoring tens or
| hundreds of dependencies in the repo itself. Given the
| current trends and ecosystem incentives in the JS
| development world, I highly doubt it.
|
| These trends only favor mindless composition, of which the
| latter is good, but the former is bad. IMHO most devs would
| probably not even consider the idea of writing a compact,
| self-contained piece of code and have their own termio [1]
| or charset [2] implementations, to begin with.
|
| [1]: https://github.com/bartobri/no-more-
| secrets/blob/master/src/...
|
| [2]: https://github.com/bartobri/no-more-
| secrets/blob/master/src/...
| sophacles wrote:
| So your assertion is that if those exact same devs would
| write C, they would somehow magically stop seeking out
| libraries to solve the problem for them? Because there
| are thousands and thousands of C libraries, just like
| there are libraries in every other language. That seems a
| bit of a stretch - my "disingenuous" assertion is that
| library use is orthogonal to language.
|
| Also, there are plenty of non-C languages (js may be one
| of them, but it's been half a decade since I touched it
| and longer since I used it in any meaningful way) that
| you could transliterate this program into - its a handful
| of lookup tables, a couple loops, and a couple syscalls
| available in every stdlib I'm familiar with. It seems
| disingenuous to assume that there are only C and JS (or
| being generous that those extremes are the only options).
| j1elo wrote:
| > _library use is orthogonal to language._
|
| > _assume that there are only C and JS_
|
| Not so much ignoring other languages, as just talking
| about the one which coincidentally (or maybe not) is the
| one that usually attracts most conversations about
| dependency ballooning, at least around here on HN.
|
| > _if those exact same devs would write C, they would
| somehow magically stop seeking out libraries to solve the
| problem for them?_
|
| I'd posit that an ecosystem which doesn't encourage to
| add a third party library for the tiniest of needs, yes,
| does indeed discourage from using libraries except for
| the most egregious needs.
|
| E.g. you wouldn't implement a whole object-based oo-style
| programming paradigm in C, it would be wiser to just use
| GLib with its GObject implementation.
|
| But it would be uncommon to use a stupid library like is-
| even. Something that is very common to do in JS.
|
| And actually this leaves the space of being opinion based
| and is more supported by evidence. You'd hard pressed to
| find this kind of mindless lazy usage of libraries in
| well consolidated and popular C-based software. But I bet
| you wouldn't need even 30 seconds to find some popular JS
| package that in its transitive dependency tree ends up
| using a left-pad [1] level of library.
|
| [1]: https://www.theregister.com/2016/03/23/npm_left_pad_
| chaos/
| tempodox wrote:
| Even more incredible is that the project readme actually
| explains everything and you don't have to be a member of some
| cult to get the secret knowledge that makes everything klick.
| varispeed wrote:
| > Amazing what this new language C can do.
|
| To be fair it's a very old language, but what's crazy is that
| decades later engineer still have not come up with a way to
| execute the C directly, but have to rely on a process called
| "compilation". I mean how hard is it to make a CPU that
| understands C? /s
| charcircuit wrote:
| >decades later engineer still have not come up with a way to
| execute the C directly
|
| The dynamic C listener from symbolics C could do this decades
| ago.
| Pixie_Dust wrote:
| For a realistic depiction of hacking, bring back Mr. Robot.
|
| https://www.imdb.com/title/tt4158110/
| e12e wrote:
| Somewhat in the same vein, the original "23" (not the awful
| Hollywood film with same name):
|
| https://m.imdb.com/title/tt0126765/
| atmosx wrote:
| Trinity's nmap & lcamtuf's SSH CRC32 exploit[^1] was pretty
| neat in Matrix II.
|
| [^1]:
| https://packetstormsecurity.com/files/24249/adv_ssh1crc.txt....
| parpfish wrote:
| that show deserves a spot in the pantheon of hacker tv-shows
| along with silicon valley and halt & catch fire.
| xeromal wrote:
| I never could finish the final episode of halt & catch fire.
| Hurt my heart too much. :( Rough way to go.
| VikingCoder wrote:
| And read Daemon and Freedom by Daniel Suarez...
| smrtinsert wrote:
| Not nearly as fun or aspirational. The Elliots of the world can
| be tedious.
| dylan604 wrote:
| I missed Mr Robot's first season when it originally aired. I
| watched the first 2 seasons, and then somehow life got in the
| way. I recently went back to this earlier this year, and holy
| cow was that a mind bender of a show. I also just happened to
| have had a recent friend go through a hard drug enhanced
| psychotic episode a few months prior, so the timing of watching
| the complete series and seeing Elliot's journey was much more
| affecting than I would ever expect. The whole time, I was
| wondering if this was anything like what my friend's experience
| was like (minus all of the hacking). Reading about the show
| online, there is a lot of commentary on just how realistic
| people thought the portrayal was.
| unixhero wrote:
| S1 is the best
| antihero wrote:
| Do you think watching it could be quite triggering for
| someone who has experienced this sort of episode?
| dylan604 wrote:
| I have no earthly idea about anything like that. I have
| nothing resembling training/learning/experience of what
| goes on in someone's head. I can't even fully grasp what's
| in my own noggin let alone to assume I could for someone
| else.
| lvncelot wrote:
| This together with cool-retro-term[1] is an absolute must on my
| machines for real hacker hours.
|
| [1] https://github.com/Swordfish90/cool-retro-term
| kraquepype wrote:
| Wow that amber screen brings back memories, thank you for
| sharing. My first helpdesk job included mainframe support, and
| I got to use one of the old IBM quad screen plasma terminals
| they still had there. Our ticketing system was still on the
| mainframe so it was actually useful in my helpdesk duties.
|
| (Pretty sure it was this one, or very similar:
| https://www.argecy.com/ibm-3290-plasma-terminal)
| VikingCoder wrote:
| I installed cool-retro-term and no-more-secrets on my
| Chromebook with Linux, and it does indeed look nice:
|
| https://www.youtube.com/watch?v=_gRIG_zK4SQ
| azubinski wrote:
| :)
|
| This is for the lonely boring nights...
| VikingCoder wrote:
| Classic!
| red-iron-pine wrote:
| great way to spook the normies at the coffee shop
| nobleach wrote:
| So crazy that at the news of Kevin Mitnick's passing, I
| immediately started thinking of this movie. Probably a lot of
| folks did. Thanks for sharing this.
| danhon wrote:
| For added verisimilitude, when using sneakers
|
| you could also trigger playback of the appropriate track ("Too
| Many Secrets") from James Horner's soundtrack:
| https://www.youtube.com/watch?v=4KOuCe2-fj8
| vorticalbox wrote:
| Is there a way I can make zsh just pipe everything into this so
| every command I run has this effect?
| [deleted]
| owlbynight wrote:
| Cool, thanks for this welcomed break from work today.
|
| https://www.youtube.com/watch?v=KM7CXt1zXDU
| jb1991 wrote:
| It actually works, too. We've been using this in production for
| two months and it requires little downtime or ongoing
| maintenance.
| kenrose wrote:
| I have to ask: how are you using this in prod?
| Angostura wrote:
| He could tell you, but then he would have to kill you.
| jb1991 wrote:
| You said it, not me.
| hnlmorg wrote:
| Not the OP but it's a good way of encrypting your shell.
| archgoon wrote:
| He works for Setec Astronomy.
| sneak wrote:
| I actually have a shell identity/company that I use for
| special projects that is a different anagram of Setec
| Astronomy.
| playingalong wrote:
| Maybe they meant movie production.
| ClassyJacket wrote:
| To decrypt stuff. Duh.
| stavros wrote:
| Clearly, they lost their encryption keys.
| VikingCoder wrote:
| Awesome!
|
| Are there other movie graphics available too?
|
| I've seen plenty of Matrix screen savers.
|
| I've seen some things like Global Thermonuclear War from War
| Games.
|
| What other movie effects exist?
| Flatcircle wrote:
| One of my favorite films
| dylan604 wrote:
| I love the download and install section's lack of assumptions
| that someone looking to install this specific package doesn't
| already have gcc/git/make avaialbe. "Hi, I'm a brand new *nix
| user on a fresh install of my distro, and I want to install a
| command to recreate the Sneakers decryption effect" says no one,
| ever. =)
|
| So many packages make these kinds of assumptions. I tend to find
| that in those situations, the likelihood of some other salient
| bit of information gets left out as well. Also bonus for not
| being an npm install type of something.
| Cthulhu_ wrote:
| But also, on the other hand, I'd like software to be easy to
| install, so it being included in package distributions is
| convenient. That said, being able to run from source without
| dependencies would be cool as well; that's probably why some
| tools are still built in pure shell code.
| HeckFeck wrote:
| Too many hours have been lost battering make and searching for
| lib-$THING in apt, just going from the names of the missing .h
| files.
| kwk1 wrote:
| One should use `apt-file search foo.h` for this (apt-file is
| a separate utility from apt and requires installation)
| ghusto wrote:
| > npm install type of something
|
| THIS! I was a little disheartened when I saw I had to build it,
| but the repo is tiny, and the build is a second. This should be
| the norm, not a pleasant surprise!
| bamfly wrote:
| I _hate_ this in documentation. Snippets of code or config that
| don 't work on their own, and it may not even be clear _where
| they 're supposed to go_ or what they're nested in. May use
| imports the name of which cannot be found on the page. That
| kind of crap.
|
| Please, at the very least, put a full-fat example or a link to
| it at the bottom of the page. _Something_.
| sixothree wrote:
| "The rest is left as an exercise for the reader".
|
| I 100% agree with the frustration. Anything that involves make
| as described by a repo such is this is not something I want in
| any of our processes. It's going to fail.
|
| But this is really a toy and not meant to be taken seriously.
| msmith wrote:
| This is great. It reminds me that I tried to recreate this effect
| with Turbo Pascal back in the 90's when I first got into
| programming.
|
| Sneakers, Wargames, and BBS culture were pretty influential for
| me at the time.
| cube00 wrote:
| Cootys Rat Semen
| aidenn0 wrote:
| I'm interested in all kinds of astronomy.
| acheron wrote:
| I want peace on earth and goodwill towards men.
| myself248 wrote:
| We're the United States government. We don't do that sort
| of thing.
| starkparker wrote:
| Blog post (2016): https://medium.com/@bartobri/the-movie-based-
| terminal-effect... (the comments are more interesting than the
| post)
|
| Previously: https://news.ycombinator.com/item?id=11584535
| joshstrange wrote:
| I cannot hear the word "Passport" without saying (at least in my
| mind) "My voice is my passport".
| sumtechguy wrote:
| For me it is 'cattle'... 'cattle mutilations are up'
| myself248 wrote:
| "Give him he-- Give him help."
| pengaru wrote:
| Have you ever seen an Akroyd interview. like in a podcast
| format? He wasn't even acting in that role.
| dylan604 wrote:
| I just love to hear someone say the word passport
| joshstrange wrote:
| Every few times I hear passport I also have to go watch that
| clip because I find it so funny.
| Winse wrote:
| "...verify me" that wasn't easy, what I just did.
| HeckFeck wrote:
| Is it bad that PASSPORT.MID began playing in my head? It has
| been so many years and I still remember it note for note. Maybe
| I need therapy.
| renewiltord wrote:
| HSBC has voice recognition on their call center and they
| announce it by saying "Your voice is your passport" or maybe
| "password". I forget now.
| etblg wrote:
| Verizon still has you say "at verizon, my voice is my
| password" for their voice authentication over the phone.
|
| Not a fan, I disabled it right away.
| Minor49er wrote:
| Bell used to actually have this feature which The Phone Losers
| of America exploited. The hack was directly inspired by the
| movie. PLA showcased this in one of their podcast episodes
|
| https://phonelosers.com/2008/05/pla-radio-episode-17-voice-a...
| nycdotnet wrote:
| needs to be said as a question. Passport?
| nocoiner wrote:
| Verify. Me?
| tptacek wrote:
| True fact: there's a subset of real cryptanalysis attacks --- the
| CBC padding oracle, Bleichenbacher's RSA padding oracle, the ECB
| byte-at-a-time attack --- that (I think?) Juliano Rizzo coined
| the term "Hollywood Attack" for, because when you run the
| exploits for them, they look like decryption in Sneakers.
|
| It's a good term, everybody should use it, it's even a little
| useful for getting the intuition behind the attack (a lot of
| cryptanalytic attacks work by finding creative ways to isolate a
| single byte of ciphertext instead of having to work against the
| entire 128 or 2048 bit message).
| diyftw wrote:
| This takes me back to my BBS days. ANSI animations were all the
| rage. I can't for the life of me remember the name of the
| software I used, but in the mid 90s I created numerous ANSI
| animations that looked very much like the movie.
| myself248 wrote:
| Likely TheDraw!
| INTPenis wrote:
| I'll forever be piping gpg -d into this tool.
| [deleted]
| VikingCoder wrote:
| Ooh, I lack the time to play with this, but I think someone could
| compile the lib to WebAssembly and tie it in to
| https://xtermjs.org/
|
| Then you could have a web page with static DOM elements that do
| this effect!
| dylan604 wrote:
| but I think someone could...
|
| let's try that again, but I think you should... the beauty of
| open
| VikingCoder wrote:
| Should no one on HN share their ideas? Must they implement
| them all themselves to satisfy you? Do you think you're
| improving HN by discouraging people from sharing ideas they
| don't have the time to implement?
| dylan604 wrote:
| I'm not the one making the suggestion that someone else do
| something on a hacker board where the common thread between
| readers is that hacker spirit. A hacker with an idea is one
| of the most [useful|dangerous] combinations. Sure this
| isn't SO where you say here's what I tried, here's what it
| didn't do, help? And yes, I'm sure there are plenty of
| examples of someone saying "oh, cool idea, stand back and
| hold my beer" then 2 specific days later "Show HN"
| reaperducer wrote:
| _Do you think you 're improving HN by discouraging people
| from sharing ideas they don't have the time to implement?_
|
| I'm with you. I think the constant "Do it yourself,
| everything is trivial!" meme has a chilling effect on
| people who would like to contribute their ideas.
|
| I also think it's part of the reason that some people get
| turned off by Linux.
|
| Someone will write, "I wish Linux did _x_ ," and the
| response they'll get is "Well, the beauty of Linux is that
| you can write your own drivers and compile your own kernel
| all by yourself!"
|
| No, not everyone can.
|
| Some people have families and jobs and other obligations,
| responsibilities, and restrictions that prevent them. That
| doesn't mean their ideas aren't good ideas. The fact that
| their ideas are not welcomed by the core Linux community
| because they can't roll their own is one of the things
| keeping Linux back.
|
| Some people are "idea people" and some people are
| "execution people." There are entire industries built
| around both of these things. Very few people are good at
| both.
| aceazzameen wrote:
| I'm with you. Absolutely nothing wrong with throwing an
| idea out into the wild for someone else to pick up. That
| kind of stuff is community building.
| Cthulhu_ wrote:
| Ideas are cheap though, and I can see how people get miffed
| at people coming up with ideas, if the reader assumes
| whoever came up with the idea that someone else should put
| in the work.
|
| But seriously, for every 100 startups that post their Show
| HN on here, there's been 10.000 ideas but only 1 that will
| eventually translate into a product.
| VikingCoder wrote:
| Is anyone under the illusion that this will become a
| product?
|
| No, it's just neat.
|
| And I realized there's a way to make it available in more
| places.
|
| If we can convince the mods to post a guideline, "please
| don't share ideas for others to implement", then that's
| fine. I'll try to abide.
|
| Until then, I think it's stupid to complain about other
| people sharing their ideas.
| dylan604 wrote:
| Let's try s/complaining/challenging/ and see how that
| changes the actual spirit of the comment.
| filmgirlcw wrote:
| You are purposefully being an asshole and then double and
| tripling down on it, that's the spirit of the comment.
| rezmason wrote:
| Not only cool looking, but good code and attention to detail!
| i-use-nixos-btw wrote:
| This is it. This is the pinnacle of terminal experience. It's all
| downhill from here.
|
| Perhaps this is the time to quit and become a farmer, so I don't
| have to witness the decline.
| wood_spirit wrote:
| Hey, has anyone used an llm to "enhance" the output of terminal
| programs and make them a little bit more hackerish or Tolkien or
| something? So we have a shell for mundane work that makes you
| feel like you're hacking or exploring or whatever? :)
| javajosh wrote:
| I wonder if there is an encryption scheme that could be
| visualized to look like that.
| rcme wrote:
| How come the `ls` output is colorized? I thought that ls normally
| checked isatty before colorizing output.
| Toreno96 wrote:
| Maybe they aliased `ls` to `ls --color=auto` or `ls
| --color=always`.
| dylan604 wrote:
| hey! get out of my .alias file! next, you'll be giving away
| the ultimate secret with ..=cd .., ...=cd../.. ;-)
| wmichelin wrote:
| [[ tsu *_* ]]tsu homebrew pls
| S33V wrote:
| looks like it's there: https://formulae.brew.sh/formula/no-
| more-secrets#default
| jonmasters wrote:
| The best movie of all time
| wasabinator wrote:
| This is really great. Love the movie.
| tracker1 wrote:
| Same, neat little effect. Thinking it could be fun to use this
| in conjunction with like a BBS ascii based door or something.
___________________________________________________________________
(page generated 2023-07-20 23:00 UTC)