Write a Digital Clock on macOS

昨天打着打着电话,突然玲就问我,macOS 能不能同时显示两个数字时钟,于是我就找了一圈,DashBoard 上虽然可以显示两个,但是都是模拟时钟,而且玲也没买触摸板,在桌面和 DashBoard 之间切换不那么方便。

就计划帮她写一个,于是“产品经理玲”就发给我了一个 prototype (゚o゚;;


CCTV Systems Everywhere: You Are Known to Everyone

With the rapid development of machine learning in computer vision field, face recognition technology is deployed in most CCTV systems that run by government. On the one hand, some people are concerning that this technology will infringe on their privacy. On the other hand, it's believed by some people that the wide installation of CCTV can significantly reduce the crime rate and help police to solve cases.

The technology itself is neutral. It is who decides whether you are a criminal or not that matters.

Play the game that sets you free!

As many of macOS users have already enabled TouchID for sudo by adding the line below to /etc/pam.d/sudo.

auth       sufficient

That's convenient, however, not interesting at all. Let's do something amusing! What about granting root privilege by winning the floppy bird game! Play the game that sets you free \(≧▽≦)/ Σ(・□・;)

This post will roughly be divided into 3 parts,

  1. Get the original sudo project compiled successfully
  2. Add the floppy bird game to sudo
  3. Test and replace the sudo which ships with macOS to sudo-floppy

1. Get the original sudo project compiled successfully

The very first thing is to fetch the latest source code of sudo on At the time of writing, the latest release is Open the sudo.xcodeproj in Xcode after downloading and unzipping the tarball and we can start!

CVE-2019-14287: Local Privilege Escalation

Yesterday, a local privilege escalation vulnerability of sudo was reported by a security researcher, Joe Vennix. The proof of concept is simple but the exploitation of that can be powerful.

$ sudo -u#-1 whoami

-u#-1 means that, sudo is required to run the command as the user with id equals to -1.

With merely 5 more characters (the highlighted ones) you can do a local privilege escalation for all sudo version prior to 1.8.28. Isn't that amazing (and maybe dangerous as well)? Let's dive into it and see what happens inside. sudo version 1.8.27 will be used for demonstration in this post. (It can be downloaded at

Given that the vulnerability is related to the command line argument, it would be a great idea to the src/parse_args.c file firstly.

A Trip to Blenheim Palace in Oxford

Last weekend, I went from Cambridge to Blenheim Palace and the city centre of Oxford. The 2-hour bus ride was quite a long time, thus I fall asleep several times. The bus arrived Blenheim Palace at half past 10, which was right on the opening time.

Blenheim Palace was pretty gorgeous when I stepped inside. But it was not only the Palace that attracted me, but also the garden inside it! Though the weather was cloudy for most of the time, the garden of Blenheim Palace was fabulous still! Perhaps this is one of the reasons that it is said to be the finest view in England.

The swan swam on the lake, the small house sat besides the river and the path lay in the forest. Just standing there and looking at the stunning landscape they made up was absolutely breath-taking. If the weather had been better, the landscape would have been tremendous. ☆〜(ゝ。∂)

(Notice - if you're using cellar network, please be aware that this post contains many photos)

Using C/C++ for Python Extension

In general, C/C++ can be used to extend the functionality of Python with almost the highest performance you demand. To write a Python extension in C/C++ is relatively easy.

I'll show a simplified extension which is used in real life. This extension is made to extract records in a special file format, .pcap, and .pcap file is used to store the captured network packets so that the network activities can be analysed later.

Although there are many alternatives, they cannot achieve the goal in reasonable time. One of these alternatives is scapy, please don't get me wrong, scapy is a fabulous networking package. It can automatically parse all the records in .pcap file, which is an amazing feature. However, the parsing work will also take significant amount of time, especially for a large .pcap file with hundreds of thousands records inside.

At that time, my goal was quite straightforward. The time when captured the packet, from which source IP the packet was sent, and the destination IP of the packet. Given these demanding, there is no need to parse any record as deep as scapy would do. I can just check whether it contains IP layer or not, and if yes, extract the source IP and destination IP. Otherwise I'll skip to next record. And that's all.

I decided to name the extension as streampcap. And the class name would be StreamPcap so that I can write my Python code as below.

from streampcap import StreamPcap

pcap = StreamPcap("sample.pcap")
packet =
while packet is not None:
    print("{} {} {}".format(packet["time"], packet["ip_src"], packet["ip_dst"]))
    packet =

In order to implement this functionality, python-dev should be installed if the OS is Ubuntu/Debian/CentOS and etc Linux based operating systems. As for macOS, personally I use miniconda to manage the Python environment, and I think that miniconda will automatically get the same thing done. And miniconda is also available for Linux based OS. Life is easier!

