Posted on

Fake Time in Docker

What if you need a container to have a different time than its host? Well, LD_PRELOAD has a solution for you. While this solution generally works outside of Docker, I rarely find myself outside of a container these days. I like that it works in one without requiring special privileges.

Dockerfile:

FROM ubuntu:latest

RUN apt-get update --fix-missing
RUN DEBIAN_FRONTEND=noninteractive apt-get install git build-essential -y
RUN git clone https://github.com/wolfcw/libfaketime.git
WORKDIR /libfaketime/src
RUN make install
RUN echo "/usr/local/lib/faketime/libfaketime.so.1" > /etc/ld.so.preload

ENTRYPOINT bash

Build with:

docker build -t faketime .

Run with:

docker run -ti --rm -e FAKETIME="1970-01-01 00:00:00" --name faketime faketime

Of course you can run the “date” command to confirm, but this fake time percolates to all processes in the container. I was reminded of the existence of LD_PRELOAD to hijack system calls recently, and remembered this old trick I had stashed in my notes.

And just in case it goes away, I mirrored the excellent repo this is based on here.

Posted on

Flipper Zero

I finally got my hands on a Flipper Zero and boy oh boy, let me tell you, I should have done this a long time ago. I got it for my own interests because I was curious to understand some protocols better. To my surprise, both kids have been way into it. I’m of course elated to titillate their hacker spirit. I didn’t even think it possible with a 7 year old, but the cross between ease of use, and yes… a Tamagochi is really hitting home. Esther’s mind was blown when she scanned and replayed the IR signals of a toy of hers.

Robin & I are trying to sniff and replay all kinds of signals which always leads to a deeper understanding of technology for the both of us.

I too I’m in love the with the fun packaging and the geek humor. There isn’t anything revolutionary about the capabilities, but they way lowered the bar of entry. Most of all, it’s built with a spirit that strongly appeals to my original love of computers. This little wonder sparks curiosity and discovery everywhere it goes.

Posted on

Focus & Blur: Behavioral Inference & the Tattletale Browser

This web thing’s been bugging me for too long. Have you ever tried to background a tab that is playing insufferable & unskippable content, only to find out that the annoyance has paused itself until your eyeballs are known be aimed back at it? Why do browsers honor requests to let websites know if you’re paying attention or not?

This is achieved by relying on the focus and blur events. But there are many UI Elements that rely on them to trigger useful UI responses. Think of a suggestion box that shows up when you click in a search bar for example. The window element though, is one for which I cannot think of a single instance where the focus and blur events at are used to benefit the user. I think a well intended couple of events were generally implemented to every possible elements, but one of them reveals more than was intended and is abused to that effect. Why would ad-blocker not nuke them either? I’ve gone through this rabbit hole several times over the years trying to find an extension or adblocker customization to dismiss these events. Alas, they never seem to have made it into the crosshair as the true annoyance that they are. How do you like to have your browser report how good you are at consuming content as intended?

These events are responsible for more ills than making sure you’re watching, they are a key metric for inferring behavior. As with much of data mining, what’s scary isn’t really the information you’re giving away, it’s what can be inferred from it. In a way these attention events are perfectly suited for the attention age. Particularly though, they matter when they are attached to the window element. As far as I know, that is the only method I’ve seen in the wild that is abused into this purpose.

In any case, since I never could find anything, here’s what I came up with. The best way I found to run user JS on all websites is using Tampermonkey. Then here’s the script I’m running:

// ==UserScript==
// @name         Attention Event Nuker
// @namespace    http://tampermonkey.net/
// @version      2024-05-01
// @description  nukes focus and blur events when attached to the window element
// ==/UserScript==

(function() {
    var old_add_event_listener = EventTarget.prototype.addEventListener ;

    EventTarget.prototype.addEventListener = function(event_name, event_handler) {
        if( this.toString()==window.toString() &&
           (event_name=="blur" || event_name=="focus") ) {
            console.log( "attention event caught: " + event_name + " on: " + window.location.host ) ;
        } else {
            old_add_event_listener.call( this, event_name, event_handler ) ;
        }
    };
})();

Unfortunately I did run into a couple of sites that somehow rely on the events to even work properly. I don’t think I want to reverse engineer them 1 by 1 so I’m adopting a blacklist of sites which is a bit obnoxious. For a while I did have the script report which sites were asking for the events, the results weren’t surprising and showed that pretty much any big site with a baseline of behavioral data mining wants to know what your eyeballs are in front of.