Badge-rific

| Comments (2) | Software
Spent the last three days at a coding party for a P2PSIP/RELOAD implementation. (Long hours coding → no blogging) hosted at Google. I'll have more on the project itself later, but for now, check out my badges for the first and last day:

The first badge is on the top. As others were checking in, we noticed that the last letter of our host's name (Butcher, not Butche), was being cut off. I assumed the problem was that they hadn't left enough space for the field, so I dropped the middle letter to see if it would work.1 As you can see, it didn't. Same error, even though the field is shorter. David Butcher suggested adding a space afterwards, and though I don't have a picture, that works. This suggests that the problem is that the name field is being right aligned to a position that is outside the bounding box of the badge printing area. Hard to tell if this is in the rendering software or the printer itself.

As an experiment, yesterday I added a whole lot of spaces after my name. As you can see, it shifted it way to the left, confirming the justification/bounding box theory, but notice that I was able to shift it so far to the left that it overwrote the date field. I suspect with enough spaces I could push it all the way off the page. It would be an interesting experiment to see if you could do the same thing with the other fields. They appear to be centered, but does the centering take into account spaces? Anyone try it yet?

1. In retrospect, I should have realized this was wrong, since I've seen single-letter truncation on Google badges before with names that were longer than David's. If this theory were right, those names would be truncated further. Interesting that this bug has been there so long, though.

2 Comments

Perhaps it's not a bug, but a security feature? Though in that case there's a bug in that it's not removing leading/trailing whitespace. I wonder if you could overflow the buffer if you stuck a long enough name in. Bruce Schneier of course, could use this hole to type in a name which encodes an exploit to remove the "NDA declined" label.

What happens if you insert EPL2 code in the name field?

I did think about this a little bit. It's not clear
there's a lot of security value in controlling the contents of your badge, since these are standard labels and you could just print at home and swap
for whatever badge they print you.

Much more interesting is if you could take over the terminal. I wonder what else they're connected to.

Leave a comment