I’ve become somewhat obsessed with Pokemon GO since I started playing it, and I’ve been trying to cobble together a mental guide for how to be successful from a hodge-podge of sites, people I’ve met while playing the game, and some of my own experiences. Here’s what I’ve got so far. Items in red are ones I’m less sure of.
The panel at the bottom right tells you what Pokemon are near. 3 feet = far, 2 feet = nearby, 1 foot = close, none = very close
The Pokemon in the panel are arranged by closeness. Watching how they re-arrange as you walk in one direction will tell you if you’re hot or cold. Work together with friends to cover a wider area
Rustling grass patches aren’t necessarily Pokemon. They may be nearby, though
Look for Pokemon GO maps of your city on reddit. You can also use the official Ingress map for a rough guide, but you have to sign up for an account, which I didn’t bother to do.
Spinning your pokeball with your finger (swiping to the side) before throwing it makes you throw a curveball, which gives you a 10XP bonus. It MIGHT make your throw more effective too, but I’m not sure about this
Hitting a Pokemon in the colored circle, when the circle is small, gives you the best chance to capture it. Hit it outside the colored circle, or when the circle is bigger, and it’ll be harder
Waiting to evolve your Pokemon until you’re a higher level will improve the boost in CP your Pokemon gets
Poke Stops regenerate after a few minutes. If you find a comfortable spot, hit one a few times. If you’re surrounded by them, walk in a circuit so that the first one is recharged by the time you return to it
Carry around a battery pack for your phone. Seriously.
Turn on the “battery saver” and turn your phone upside down. It will dim the screen, vibrating when there is a Pokemon nearby
Disabling the AR feature saves some battery, and sanity (you won’t have to turn around constantly trying to find your Pokemon)
If you want to get really hardcore, you could buy a Pokemon GO wearable for ~$200 on eBay so you don’t have to stare at your phone constantly (they supposedly ship in late July). Caveat emptor. Pre-orders sold out, but Nintendo will probably offer them for sale again in the near future given the game’s popularity
Be aware that, on iOS at the moment, you’ll be giving up full access to your Google account if you log in with it. Niantic says they’re working on a fix, but in the meantime, maybe try creating a Trainer account instead
All those people you see huddled around popular Poke stops, pacing around while staring at their phones? Go talk to them – they probably know something that you and I don’t!
Have you ever logged onto Facebook to find “Recommended Friends” that you didn’t expect to see? Maybe someone you briefly met on Tinder, or a co-worker you hate? I think many people are unaware that, by default, the Facebook app on mobile devices automatically imports your contact list, continuously (this includes, so far as I can tell, every piece of information about them that you have stored).
I started noticing this a long time ago, but I sense that there are many who just assume Facebook is omniscient and don’t give it another thought. There are many reasons you may not want to give up this power, and so far as I can tell, the only way to stop importing this information is to delete the Facebook app from your phone. If anyone is aware of a specific privacy setting one can use to disable this behavior, leave a comment on this post!
(About) 425 days ago (at the time of this writing) I started scraping Hacker News via its shiny new API. And then I promptly forgot about it. That is, until I noticed my cronjob had been throwing errors constantly for a few weeks:
Traceback (most recent call last):
File "/home/dummy/projects/hn-cron/hn.py", line 62, in <module>
File "/home/dummy/projects/hn-cron/hn.py", line 53, in main
log_line = str(details['id']) + "\t" + details['title'] + "\t" + details['url'] + "\t" + str(details['score']) + "\n"
Instead of fixing anything, I just commented out the cronjob. But now I feel somewhat obligated to do at least a rudimentary analysis of this data. In keeping with my extreme negligence/laziness throughout this project, I hacked together a few bash commands to do just that.
A few notes about this data, and the (in)accuracy thereof:
The script ran once every 40 minutes, collecting the 30 most popular stories (i.e. those on the front page), and adding them to the list if they were new
I only know I started roughly 425 days ago because the first link in log.txt was this one right here (Who needs timestamps? I have IDs!)
A not-insignificant percent (probably ~10%) of the time, the script would fail because the stupid(, stupid, stupid) Python 2 script I banged out in 10 minutes didn’t know how to handle Unicode characters properly (oops).
I saved everything to a flat file with tab delineation. I probably should’ve used something else, but I didn’t, so here we are.
I only saved the score from the first time a story was found, so theoretically any given post only had an arbitrary 40 minute window to accumulate points, at most. This is probably not strictly true for a number of reasons, but I’m going to pretend it is.
These bash commands grew organically (often with much help from StackOverflow), so they made sense to me at the time, but YMMV
The data is probably inaccurate in a million small ways, but overall, it’s at least worth poking at.
The AddToAny Share Buttons WordPress Plugin was, until recently, vulnerable to a DOM-based cross-site scripting issue. The file in question is hosted on the author’s site, so you’re not vulnerable anymore (you’re welcome). If you just want the vulnerability details, go here. Now for the story of this bug.
At the risk of spoiling a somewhat-well-known XSS game, I want to share an XSS vector I had never thought of before it forced me to. The premise of this level was, essentially, that you couldn’t use any letters whatsoever in the attack vector, and you had to call alert(1).
I recently hacked together a little 300-line bash script to manage my dotfiles called dot-man. Basically, it will let you manage your dotfiles in a git repository, and you can run it every so often to keep your local / remote dotfiles up to date.
Install is as simple as:
git clone firstname.lastname@example.org:cneill/dot-man.git
git clone https://github.com/cneill/dot-man.git
Let me know what you think! You can find me on Twitter @ccneill.
Here is their example (with minor edits so as not to call out the author of that how-to post too explicitly):
The “snippet preview” functionality of the Yoast WordPress SEO plugin was susceptible to cross-site scripting in versions before 2.2 (<= 2.1.1). This vulnerability appears to have been reported 2 years ago by someone named “badconker”, but the plugin author said that it was already patched. Unfortunately, it appears that this is not the case. If you are running this plugin, I recommend updating to the latest version.
I’m happy to announce the latest version of a project that the Security Engineering team at Rackspace has been working on: DefectDojo! DefectDojo is an open source defect tracking system that was created by our team to keep up with security engagements, but it can be useful for tracking any type of application testing. It supports functionality like Finding templates, PDF report generation, metrics graphs, charts, and some self-service tools for doing port scans, for example.