Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Branch: master
Fetching contributors…

Cannot retrieve contributors at this time

175 lines (168 sloc) 12.6 KB
<!DOCTYPE html>
<html lang="en">
<title>Alok Menghrajani's stuff</title>
<meta property="fb:admins" content="536181839"/>
<meta name="author" content="Alok Menghrajani"/>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="p:domain_verify" content="c8d7b1dec1e48b1046efe5f183a5cc4a"/>
<link href="bootstrap-responsive.min.css" rel="stylesheet">
<link href="bootstrap.min.css" rel="stylesheet"/>
<link href="alok.css" rel="stylesheet"/>
<link rel="shortcut icon" href="favicon.ico">
<script type="text/javascript" src="jquery-1.7.1.min.js"></script>
<div class="container-narrow">
<div class="menu visible-desktop">
<div class="profile">
<img class="img-polaroid" src="">
<div>&#8594;&nbsp;<a href="">open source</a></div>
<div>&#8594;&nbsp;<a href="">facebook</a></div>
<div>&#8594;&nbsp;<a href="">twitter</a></div>
<div class="jumbotron">
<div class="page-header"><h1>Hello</h1></div>
This site is about various interesting and random hacks I have worked on
over the years. If you notice any mistakes on this site,
you can <a href="">fix them by sending me a pull
request</a>, or you can contact me by <a href="">opening a github issue</a>.
My main interests are web security and programming language design. My
favorite programming languages include javascript, ocaml and a bunch
of other languages/frameworks.
I live in San Francisco and worked at Facebook as a security engineer. I
co-designed <a href="" class="external">Hacklang</a>.
I now work at <a href="" class="external">Square</a>
(<a href="" class="external">we are hiring!</a>).
I truly believe in the benefits of open source. I use many open source
tools and have contributed to numerous projects.
If you have never contributed to a project, but you would like to get
involved, you might want to
read this note I wrote in 2012: <a href="">getting your first commit in an open source project</a>.
<div class="page-header"><h3>web log <small>(Random things I have been doing since 1999)</small></h3></div>
<ul class="smart_list">
<li><span>Sep 25, 2015 &raquo; </span> <a href="%c2%b5_mod_player_from_scratch/">&#xb5; mod player from scratch</a></li>
<li><span>Sep 18, 2015 &raquo; </span> <a href="some_math_puzzles/">Some math puzzles</a></li>
<li><span>Aug 13, 2015 &raquo; </span> <a href="" class="external">Reporting "authenticity_token is not random across page loads" to a bunch of companies</a></li>
<li><span>Aug 2, 2015 &raquo; </span> <a href="go-chess/">A chess engine to improve my Golang-fu</a></li>
<li><span>Jul 20, 2015 &raquo; </span> <a href="savatan/">My experience serving in the Swiss army</a></li>
<li><span>Jul 17, 2015 &raquo; </span> <a href="git_rebase_conflicts_with_deleted_files/">git rebase + conflicts with deleted files</a></li>
<li><span>Jul 1, 2015 &raquo; </span> <a href="bootloader_retro_game_tweet/">Bootloader + retro game in a tweet</a></li>
<li><span>Jun 1, 2015 &raquo; </span> <a href="simple_auditable_anonymous_voting_scheme/">A simple auditable and anonymous voting scheme</a></li>
<li><span>May 21, 2015 &raquo; </span> <a href="hackerone_for_opensource_projects/">Hackerone for opensource projects</a></li>
<li><span>Apr 20, 2015 &raquo; </span> <a href="keywhiz/">Open sourcing Keywhiz: Protecting infrastructure secrets</a></li>
<li><span>Jan 19, 2015 &raquo; </span> <a href="" class="external">I made a PGP quine: a key with the user == the key's fingerprint</a></li>
<li><span>Jan 8, 2015 &raquo; </span> <a href="" class="external">WebRTC leaks internal IP addresses</a></li>
<li><span>Jan 6, 2015 &raquo; </span> <a href="message_board_over_pgp_key_servers.html">Message Board over PGP Key Servers</a></li>
<li><span>Jan 6, 2015 &raquo; </span> <a href="" class="external">Detecting incognito mode in Chrome</a></li>
<ul class="smart_list">
<li><span>Sep 25, 2014 &raquo; </span> <a href="salted_hmac/">A less error prone HMAC-based hash construction</a></li>
<li><span>Sep 14, 2014 &raquo; </span> <a href="forth_haiku/">Forth Haiku: mixing math, art and Forth</a></li>
<li><span>Aug 10, 2014 &raquo; </span> <a href="" class="external">Working at Square</a></li>
<li><span>Jul 21, 2014 &raquo; </span> <a href="ajsone/">Ajsone: Abusing JSON Esolang</a></li>
<li><span>Jul 11, 2014 &raquo; </span> <a href="dodecahedron/">Dodecahedron Folding</a></li>
<li><span>Jul 5, 2014 &raquo; </span> <a href="login_systems/">Rough thoughts on Login Systems</a></li>
<li><span>Mar 28, 2014 &raquo; </span> <a href="wtf/openssl_wtf.html">(minor) WTF Openssl</a></li>
<li><span>Mar 18, 2014 &raquo; </span> <a href="2048/">2048-undo: a modification to 2048 which lets you undo as many moves as you wish</a></li>
<li><span>Jan 20, 2014 &raquo; </span> <a href="invert_three_signals/">Prolog program to solve "inverting three signals" puzzle</a></li>
<ul class="smart_list">
<li><span>Dec 9, 2013 &raquo; </span> <a href="csrf_state_mutation_on_read_requests/">CSRF &amp; state mutation on read requests</a></li>
<li><span>Nov 20, 2013 &raquo; </span> <a href="universal_logic_gates/">Universal logic gates</a></li>
<li><span>Nov 7, 2013 &raquo; </span> <a href="" class="external">Various wood (and non-wood) projects using lathes, laser cutters &amp; 3d printers</a>
<li><span>Oct 22, 2013 &raquo; </span> <a href="jsonp_handcrafted_flash_files/">JSONP &amp; handcrafted Flash files</a></li>
<li><span>Sep 27, 2013 &raquo; </span> <a href="qrquine/">qrquine: a QR code based quine</a></li>
<li><span>Sep 13, 2013 &raquo; </span> <a href="react_tictactoe/">Combining React and Firebase: sample TicTacToe game &amp; chat widget</a></li>
<li><span>Jul 24, 2013 &raquo; </span> <a href="piet/">Piet: a language where the programs are works of modern art</a></li>
<li><span>Jul 23, 2013 &raquo; </span> <a href="wtf/python.html">WTF Python</a></li>
<li><span>Jul 21, 2013 &raquo; </span> <a href="ten_technology_ideas/">Ten Technology Ideas</a></li>
<li><span>Jul 14, 2013 &raquo; </span> <a href="obfuscated_coding_contest/">Obfuscated coding contest</a></li>
<li><span>Jul 5, 2013 &raquo; </span> <a class="external" href="">
Some dark corners of C (Rob Kendrick)</a></li>
<li><span>Jul 1, 2013 &raquo; </span> <a href="know_your_bits/">Know your bits: bit manipulation puzzle</a></li>
<li><span>Jun 19, 2013 &raquo; </span> <a href="gif_encoder_from_scratch/">GIF encoder from scratch</a></li>
<li><span>Jun 16, 2013 &raquo; </span> <a href="arduino_gps/">GPS on Arduino</a></li>
<li><span>Jun 4, 2013 &raquo; </span> <a href="sum_of_first_n/">Sum of first n natural numbers</a></li>
<li><span>May 7, 2013 &raquo; </span> <a href="perpetual_calendar/">A perpetual calendar in JavaScript</a></li>
<li><span>Apr 29, 2013 &raquo; </span> <a href=""></a>: a linter and visualizer for regular expressions.</li>
<li><span>Apr 18, 2013 &raquo; </span> <a href="bgp/">Mapping an IP address to an ASN</a></li>
<li><span>Apr 15, 2013 &raquo; </span> <a href="web_history/">Random list of extinct web or software technology</a></li>
<li><span>Mar 31, 2013 &raquo; </span> <a href="steering/">Javscript model of Ackermann steering</a></li>
<li><span>Mar 27, 2013 &raquo; </span> <a href="triple/">Regular expression to match multiples of 3</a></li>
<li><span>Mar 5, 2013 &raquo; </span> <a href="wtf/jquery.html">WTF jQuery</a></li>
<li><span>Feb 20, 2013 &raquo; </span> <a href="fat12js/index.htm">FAT12 file system "driver" in javascript</a></li>
<li><span>Feb 7, 2013 &raquo; </span> WTF Adobe! <a href="wtf/flash.html">Adobe Flash</a>: a quirk in TextFields.</li>
<ul class="smart_list">
<li><span>Jun 7, 2012 &raquo; </span> <a href="">fun with HP-15C</a></li>
<li><span>Mar 20, 2012 &raquo; </span> <a href="tron/">219 bytes tron</a>: javascript size optimization fun</li>
<h4>2011 and older</h4>
<ul class="smart_list">
<li><span>Aug 25, 2011 &raquo; </span> <a href="taint_support_for_php/">Taint support
for PHP</a></li>
<li><span>Jul 25, 2011 &raquo; </span> WTF PHP! <a href="wtf/php.html">PHP turtles</a>: a list of things you might not know about PHP.</li>
<li><span>Apr 8, 2011 &raquo; </span> <a href="raytracer/">A simple ray tracer in PHP</a></li>
<li><span>Jan 4, 2011 &raquo; </span> <a href="" class="external">LinearML: write safe, fast, parallel program without any garbage collector</a></li>
<li><span>Jun 2010 &raquo; </span> <a href="hacking_pedram/">(legally) Hacking my manager's Facebook account</a></li>
<li><span>May 2010 &raquo; </span> <a href="tab_nabbing/">Tab nabbing attack</a></li>
<li><span>May 18, 2008 &raquo; </span> <a href="pastebin/">Pastebin: easy way to share text</a></li>
<li><span>Feb 13, 2008 &raquo; </span> <a href="synergy/">Synergy: a software keyboard &amp; mouse switch</a></li>
<li><span>Feb 12, 2008 &raquo; </span> <a href="slax/">Slax 6.0 released</a></li>
<li><span>Feb 11, 2008 &raquo; </span> <a href="tiger_team/">TigerTeam TV Show</a></li>
<li><span>Feb 11, 2008 &raquo; </span> <a href="keepass/">Managing passwords with Keepass</a></li>
<li><span>Sep 10, 2007 &raquo; </span> <a href="covert_communications_subverting_windows_applications.pdf">Covert communications: subverting Windows applications (pdf)</a></li>
<li><span>Jun 2004 &raquo; </span> <a href="mars_rover/">Mars Rover: a computer graphics project in OpenGL</a></li>
<li><span>Jun 2004 &raquo; </span> <a href="vga_controller/">A VGA controller in VHDL</a></li>
<li><span>May 2004 &raquo; </span> <a href="adaptive_machines/">Adaptive Machines</a></li>
<li><span>2002 &raquo; </span> <a href="bvw/">Building Virtual Worlds</a></li>
<li><span>1999 &raquo; </span> <a href="binary_adder/">Binary Adder (transistor-less)</a></li>
<footer class="footer">
<div style="float: left" class="fb-like" data-send="false" data-width="450" data-show-faces="false"></div>
<p class="pull-right visible-desktop">
<a href="">fork</a>
<span class="vbar"></span>
<a href="">contact me</a>
<span class="vbar"></span>
<a href="#">back to top &uarr;</a>
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
ga('create', 'UA-2373559-12', '');
ga('send', 'pageview');
<div id="fb-root"></div>
<script>(function(d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); = id;
js.src = "//";
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));</script>
Jump to Line
Something went wrong with that request. Please try again.