在我的一个项目中,,我需要在Fyne编写的GUI中播放视频。然而Fyne这个框架原生并不支持视频播放,所以我引入了MPV作为视频解码与播放的库。
为了将MPV的输出集成到Fyne的GUI中,我可以通过设置MPV的wid选项来控制。在Windows上,这个WID就是Windows
handle id (HWND)。 在Linux中,这个ID通常为X11的window id。
然而,Fyne同样不支持直接获取window id。为了实现这个功能,我们需要对Fyne进行一些修改,具体修改如下。
In Feb.6 2022. I miss the interview with ****(name reducted). The reason for that is that my calendar had its sheduled interview time at 12:30 instead of 11:30.The event in the calendar was automatically added using an todo list application (a sub module of FMA) written by myself, so there must be a hidden bug I didn't find.
I first analyze the process of event synchronization. There are basically two stage, the first stage is parsing, the second stage is send request to calendar api.
I first test calendar api using an unit test I've already written. Everything works fine.
So, the problem occurs in time parsing stage.
After running another unit test, I found out there was a bug in time conversion. I forgot to change timezone value
// to unix time
currentTime.Add(time.Hour*(-7))because In Canada, there is a daylight saving time. In winnter, it is actually -8 instead of -7!
As a result, the calculated time is one hour later than the actual time.
// to unix time
currentTime.Add(time.Hour*delta)Never use your own application in real shit
Aynakeya aynakeya.official@gmail.com
This is a walkthrough of one vulnerability I found in PrairieLearn Java autograder.
The default Java autograder exists vulnerabilities that allow user to leak information and write files to the container.
These vulnerabilities allow the user to modify the result of autograder score and get 100% without writing any actual code.
Vulnerability has been fixed in commit 7871ce5
Since the vulnerability hasn't been fixed yet. Anyone who read this document should not disclose the content of the vulnerability
to public in any form until the vulnerability is fixed and deployed to production.
上周,为了整点乐子,我打算寻找一个简单的软件来进行破解。正好某群友有一个需要破解的应用,于是这个应用就不幸的成为了我的目标。
开始之前先来介绍一下这个程序,MagicEXIF一个非常强大的图片元数据编辑器。 分为免费版,专业版,旗舰版。
安装完程序后,先来看看程序的基本信息
Linux piping in summary
| Symbol | Purpose |
|---|---|
| |
pipe standard out from one program to standard input of another |
< |
redirect standard in from a file |
> |
redirect standard out to a file, deleting its current contents |
&> |
redirect both standard out and standard error to a file, deleting its current contents |
>> |
redirect standard out to a file, adding to the end of tis current contents |
&>> |
redirect both standard out and standard error to a file, adding to the end of its current contents |
I have solve several seccomp related challenges in past few ctfs. To further enhance my understanding on seccomp, I decide to take a some time and learn how seccomm works.
All the codes used in this post can be download from here seccomp.zip
So whats is seccomp? "Seccomp is a computer secuirty facility in Linux kernel.[1]"
Basically, seccomp create a sandbox which limit user's ability to use syscalls. Using seccomp, we can create a environment that allow/disallow specific syscall being used.
The first version seccomp released at 2005. At that time, seccomp only have one node: strict mode. In this mode, users are only allowed to use four type of syscall read, write, exit and sigreturn. In strict mode, if user use any of syscall other than those four, the program will terminate immediately. (This is not very useful because there are too many limits!)
Then, in 2012, the second version of seccomp was introduced. Now seccomp have a new mode called filter mode. In this mode, user can specify syscalls that are allowed to run using BPF (Berkeley Packet Filter) virtual machine.
七月,本来计划着在暑假里多看点动漫的我,挑挑选选,最后还是只看了两部原创动漫,《Lycoris Recoil》和《Engage Kiss》。