曾经见到某同学手执一本《21天精通HTML+CSS》摇头晃脑，心想这俩玩意儿上手甚至都不需要三天，想必剩下那十八天都是作者在聊人生了。就算你花21天时间把书上代码认认真真敲了一通，也不能大大方方在简历上写上“精通HTML”，何况我学习时间统共都没有超过三天。

这样一来，如果我的简历上大言不惭说自己精通HTML字样，大概就会被当作Erlich老兄一样此地无银三百两了。

说起来惭愧，上大学以来只有两门课能不走神，更惭愧的是，这两门课都不是专业课。一门是令广大同学闻风丧胆的大学物理，另一门则是有为青年们躲避不及的马克思哲学原理概论。
恐怕起初是被传说中高居不下的挂科率吓怕了，加上自己知道脑子是越发地不灵光了，不动手抄抄笔记随时落下个重修的下场，说到底还是分数在作祟。而到了后来，则是真的开始对课上引申出来的问题思考。对，思考，很久不提这词反倒觉得有些别扭。

A very drawback of Ubuntu Linux is that upgrading to a new distribution could be an unexpectedly painful experience. As an old fan who first tried it out at the version 9.04, I have been using Ubuntu for about 7 years, but it seems the crashes will never disappointed me when upgrading to a new distribution, surely including the accident happened yesterday.

I enjoy the UI of Ubuntu as well as many of its easy-to-use features, while the stability could vary among different distributions. Therefore, I carefully chose the 14.04 LTS (Long time support) distribution instead of the latest one when I got my new laptop one year ago. So when I heard about the 16.04 LTS has released several months ago, though the LTS version could be a guarantee of the stability and performance, I really don’t think it necessary for me to do that upgrade at that moment. Later one of my enthusiastic classmate told me that he installed the new version very soon, but unfortunately, it can not function well on his laptop due to some subtle incompatibles issues with drivers. So he had to turned back to 14.04 after a few time-wasting attempts. My pathetic classmate’s story discouraged me from the new distribution and also reminded me of the unsatisfying experience about this.

However, my system kept popping out the upgrade notification since the beginning of this month. In addition, I believe that 3 months is long enough for the team to bring out the real reliable distribution. So I persuaded myself, did some simple backup, forgot about the painful experience and clicked that evil upgrade button with great confidence. After a lunch, I grabbed my laptop to find the heart-breaking yet expected result – a crash, or maybe worse, a fatal error. I rebooted the system and it failed to load the kernal during the booting process. It not use to very over spilled milk, reinstall the whole system seems to be the only solution.

This made me completely believe that the success rate of upgrade Ubuntu to a new distribution is so low that you should never try to do this without any backups. This accident interrupted me from the coding job on computer, and the fatal error brought me some inspiration about my life.

I have been avoiding errors in my life. Because of the influence from some seniors and ambitious peers, I started to care about somethings like cars and girls. The fear of failure and overmuch attention on unrealistic things stop me from a real upgrade. Just like our dear operating system, the desire of new experience came along with the fear of errors, which also hampered myself from the improvement. It is the fatal error, as an unavoidable consequence, as well as a catalyst to an overall upgrade.
Apart from the tedious part about recovering my applications and settings, I felt good with Ubuntu 16.04 LTS. A overall upgrade after fatal error, that is what I called Evolution.

浅谈格式化字符串漏洞

0x00 前言

本来这篇是想投稿到乌云知识库的，但是知识库收录了另一篇更加详尽的writeup三个白帽《来 PWN 我一下好吗 – 第二期》之pwn入门，仔细看过以后发现给出的两种解法的确十分有学习价值。
那就把自己的writeup放到这里，权当积累。

接触PWN有一段时间了，这次总算成功挑战了三个白帽上的题目。总的来说，这道题目不算很难，是很明显的格式化字符串漏洞。鉴于知识库上还没有专门讲解格式化字符串漏洞的文章，我就以此为契机，尝试借着题目把这类漏洞讲清楚。
文章前几部分主要是对格式化字符串漏洞的介绍，还有多走的一些弯路，心急的看官可以直接跳到0x05 Try2看正确题解。

迷迷糊糊的大学生活就像坐上了一列不知道终点站的火车，我呆呆地望着窗外的风景，转瞬间，它就从清晰的轮廓退缩成为一个个点，当我再想极力从延伸的地平线寻找它当初存在的痕迹，却再也无法还原出它应有的样子。
悲伤的日期是会传染的，我相信今天的悲伤就是两年前的今天传染过来的。悲伤得染红了一大片存在或不存在过的点……当然也有一些闪闪发光的点，我现在要把它逐一捡拾起来，以后总有用到的时候。

假如有一天要我写关于大学生活的回忆录，关于这一个月来的记录一定会是这样的：

申请GSoC被拒绝以后，我一蹶不振。不知是不是感应到了夏天的召唤，体内却隐隐有股洪荒之力作动，难以把持之下竟然没日没夜地沉迷网络游戏难以自拔。。。

当初结果出来后，mhils反复强调Don’t let you down by this，千叮万嘱你们年轻人不要因为一次失败就放弃啊，继续投身开源社区呀你不是一个人在战斗云云。话犹在耳边，我却沉迷另一个网络游戏中，实在是愧对各位师长殷切期望。

本着“技多不压身”的观点，我好像是从来都不在乎点错技能树的。前端后端，算法数据库逆向焊电路板，只要有什么点子能搅动混乱的大脑使它沸腾上一段时间，我都义无反顾地投身其中。那天突然想起很久以前在Github上Star的一个项目，就是叫Modern Binary Exploitation 的这么个玩意儿， 是RPI（伦斯勒理工学院）开设课程的相关材料，试着玩了一下，就上瘾了。