Decoding the obfuscated bash script on a Uniqlo t-shirt (tris.sherliker.net)

1008 points by speerer 8 hours ago
Discuss on news.ycombinator.com

175 comments:

by estebarb 5 hours ago

"Uniqlo x Akamai sells another design of shirt in the same range which is plainly incomplete"

Imagine having to return a t-shirt because that malfunction!

— I don't understand why are you returning this, was the size wrong or you didn't like it?

— No, there is a syntax error at line 37 that makes it impossible to run, and I'm concerned people on the street may think I promote unsafe bash scripting.

by _joel 4 hours ago

Worked on my torso

by noisy_boy 2 hours ago

- I am shell-shocked at the lack of quality assurance! Can you at least apply a patch?

by entropie 2 hours ago

Patch could be applied via pants.

by alentred 36 minutes ago

- Sure, we distribute a patch, you hot-fix it.

by NoSalt an hour ago

Spite

by cromka 5 hours ago

Oh the Karens these days!

by Octoth0rpe 4 hours ago

Surely such a person would use the spelling k@r3n

by basilikum 5 minutes ago

K4R311

by olooney 4 hours ago

If you enjoy this kind of thing, you might also like Martin Kleppe's work, such as the Quine Clock:

https://aem1k.com/qlock/

I reverse engineered it to a unobfuscated version a few years ago:

https://gist.github.com/olooney/a89db3932b089925b71b68d7e9f2...

He's done a ton of other great ASCII visualizations as well:

https://aem1k.com/

by esquivalience an hour ago

This is really cool, and I appreciated your reverse engineering.

by raphlinus 4 hours ago

The font is Roboto Mono, not Consolas.

There's something else a lot stranger going on, though. It is a proper monospace font, but the typesetting on the shirt is not. There's some kerning going on (I noticed it especially in the 'Iy' pair), and also it appears that narrower characters such as 'i' take less horizontal space. If I had to guess, I would say that it was set with a tool such as "optical kerning" in InDesign.

by somat 3 hours ago

Has anyone ever made a monospace font with dynamic kerning? Which is a silly thing I never thought of until I read the above comment. This sounds nonsensical at first glance(and it may be) but hear me out.

We use monospace fonts for a reason, they stack in a grid nicely. But within the confines of that grid there is room to shift a character left or right a bit which may lead to a nicer to read monospace. (it is equally likely to lead to a hideous mess, every time a letter would shift left it would leave a larger space right)

by roblabla 3 hours ago

Monaspace has a feature called "texture healing" that does something similar: it allows bigger letters to "steal" space from adjascent smaller letters, to make it easier to read. The result is that the letters are still in a grid, while still allowing for bigger letters to "breathe".

https://github.com/githubnext/monaspace/blob/main/docs/Textu...

It's the main reason I use monaspace as a font.

by bityard 22 minutes ago

I'm open to trying it, but my gosh, having one 'w' offset slightly by a few pixels from the one right above it feels like it would drive me bonkers eventually.

And: doesn't this result in text that "jumps around" as you type?

by gavinray 2 hours ago

What a brilliant idea, neat. Thanks for the link.

by Lalabadie 2 hours ago

iA Writer has Mono, Duo and Quattro fonts, with the latter two being almost monospaced. They concede some size variations for specific characters (Duo has 150% width characters, Quattro also uses 50% and 75% for narrow characters).

It's a fun subtle adaptation to keep close to the typewriter-like experience of the app.

https://ia.net/topics/a-typographic-christmas

by kccqzy 2 hours ago

Shifting a letter left or right a bit can break the grid. What if the user writes the text that keeps triggering left shifts? A better solution is to use ligatures, so that specific character combinations look better while the ligature can maintain the overall width correctly.

by speerer 3 hours ago

Thank you, I think you're right! I've added a correction in the post and cited your comment.

by wbh1 6 hours ago

I love this shirt! Here's a nice video from the actual designer about the process of making this shirt (including intentionally making it hard to OCR): https://youtu.be/jocGLiecpjU?t=526

by criddell 4 hours ago

It would probably be quicker to type it in than figure out how to OCR it. It would be like typing in a game from a COMPUTE! magazine 45 years go.

https://archive.org/details/1983-01-compute-magazine/page/96...

by fennecfoxy an hour ago

But it's not hard to OCR? And I don't know why the article dedicates an entire section to it.

On a Samsung S24U I held down the "circle to search" homescreen button which brings up the AI tools interface (I don't know what it's officially called), held down on the text and copied the whole thing in one shot.

It took like 2 seconds.

by kyusan0 42 minutes ago

Did it get every character correct?

by speerer 6 hours ago

Author here. Thank you so much for the link which I hadn't seen! I'm very happy to see this and I'm gratified that it was deliberately difficult to OCR, not just me.

by VladVladikoff 2 hours ago

I watched the link but I didn’t see where he talked about making it difficult to OCR? What exactly was done that made it difficult to OCR?

by Tiberium 8 hours ago

OCRing this is a nightmare and is a good benchmark to any self-proclaimed good OCR/vision model.

I think though it could likely be easily OCR'd if you give the image to any decent agentic harness with a good vision model, e.g. newest Claude/GPT ones, and tell them to split the image per lines, and then just OCR each line individually.

I wonder if the script itself was written by an LLM before obfuscation? There seem to be a lot of comments in it, but in this case it's still ok :)

by grumbelbart2 4 hours ago

> OCRing this is a nightmare and is a good benchmark to any self-proclaimed good OCR/vision model.

It's not that difficult, our industrial OCR model read it correctly on its first attempt with default parameters. The characters are easily separable, there is no structured background (think expiration dates on yogurt aluminum lids) that confuses the reader, there is no almost-text-like texture anywhere that would clutter the result. The font is also nice and standard.

by lemagedurage 7 hours ago

I don't think it was written by an LLM, some things stand out:

The congratulations text is both in English and Japanese. Contains a single heart emoji.

There was an intention to have a cyan to orange gradient, but the range starts in an ANSI block, ends halfway through the 256 color block and 256 terminal colors are not arranged like a gradient at all.

There's no sleep at the end of the loop where I feel like an LLM would add that defensively.

by n2j3 7 hours ago

Human here. I added a sleep 0.5 at the end, it's too fast to read otherwise. Makes for a nice terminal screensaver!

by INTPenis 6 hours ago

Hi fellow human, I got the same idea. Just a sleep 0.1 before the echo "" makes it readable. Otherwise it scrolls way too fast.

by make3 6 hours ago

"the code is not quite detail oriented enough to be AI", times are changing

by pkilgore 3 hours ago

Flawless, completely unnecessary abstraction is a better tell of LLM code than "comment clearly responding to a part of a prompt that I cannot see".

by DaSHacka 6 hours ago

More like 'not boilerplate-y enough'

by lemagedurage 6 hours ago

Ehh, AI makes plenty mistakes but they have a different vibe to it.

In my mind an AI would do something the most popular way even when that's not appropriate.

A human might do things in an unpopular way even when that's not appropriate.

by netsharc 6 hours ago

The last time Internet people were obsessed with OCRing some base64 was a few months ago when the DoJ released tons of emails from some guy who died, but they were released as rasterized PDFs.

Can't remember his name now, there's been so many distractions...

by OtherShrezzing 6 hours ago

Safari's copy-text-from-image feature manages the entire base64 part of the string, except for the first character (I instead of a T). Weirdly, it gets much worse performance if you try to copy the entire string, including the hashbang part.

I wonder what it's doing under the hood to get such good performance?

by khurs 6 hours ago

Didn't know Safari had this.

Looked it up, you put mouse over text, then just select and copy it - very cool!

https://support.apple.com/en-gb/guide/safari/ibrw20183ad7/ma...

by al_borland 4 hours ago

It’s actually a system feature, not strictly a Safari feature. It also works in Photos, Preview, etc.

On meetings I will often take a screenshot of the URL someone is presenting. I’m then able to just open the image and click the URL in the image.

by iamflimflam1 6 hours ago

There’s a whole bunch of hidden features that no one seems to be aware of.

Preview has pretty good background removal.

Notes will transcribe audio from audio files.

by al_borland 4 hours ago

Notes will do OCR as well. Trigger the feature, point the camera at something, and it will input just the text.

by lostlogin 3 hours ago

Notes is amazing. Autocompleting equations, converting jpg to pdf and various other admin chores.

The seamless cloud sync between devices is much appreciated too.

by agys 6 hours ago

Preview has it too… And it works extremely well.

by fennecfoxy an hour ago

Is it? Android tap and hold/image text select one-shotted it in 2 seconds.

by underyx 5 hours ago

I gave the photo to Opus 4.8 and it reconstructed the same script in one shot. Although it did say it had to correct some parts of it based on context where it suspected OCR mistakes.

by ErroneousBosh 2 hours ago

Those of us who grew up in the 8-bit era would have just typed it in, carefully, in silence, with no-one allowed to enter or leave the room until we were done ;-)

by shakna 6 hours ago

> I wonder if the script itself was written by an LLM before obfuscation?

From the prototype shown here [0], and the way they talk about their process, I sincerely doubt it. Especially as they mention trying to make it hard for AI to handle the output.

[0] https://youtu.be/jocGLiecpjU?t=567

by cb321 5 hours ago

I watched that whole video link - thank you for that - and he doesn't really say. In fact, he spends much more time on the beige color harkening to computer case plastics of the 80s & 90s.

The AI not handling the output relates to the final base64 output on the T-shirt (which other comments in this thread mention manually keying in or TFA discusses in the context of OCR). So, that is just not relevant to the question.

What made me start to wonder, personally, was that the output seems identical if you use "♥PEACE♥FOR♥ALL" instead of the version with internal repeats. IF there is any point to that "manual expansion of the cycles", IMO that deserves a comment much more so than "# Calculate length of text; text_length=".

Also, that `echo -n ...` followed by `echo ""` instead of just plain `echo` in the first place seems like the kind of copy-pasta code LLMs generate. Then again, regular devs also write pretty bad copy-pasta code.

There is also this the weirdly "broken down" calculation with 3 `bc` invocations not 1 as if it was translated from a language with more arithmetic/special function power than bash.

There is also the color scale stuff done in the loop instead of outside (except the one color=$(..)) which seems very unnatural and also very like machine translation.

Also, at least for me, on my bash-5.3.15(1), `char="${text:t % text_length:1}"` does not work to slice out the multi-byte UTF8 heart symbols, but it sure does look like the kind of thing an LLM would do translating from a python3 script (such as something like https://news.ycombinator.com/item?id=48830669) into bash.

Another thing is, as others here have observed, there is nothing "gradual" about the xterm-256 color cube. So, "gradient" is a misnomer and exactly the kind of weird things LLMs do when they cobble text together.

Finally, all the tput stuff the script does instead of just "print x spaces" really smells like a human description of the side scroll in the video game graphic he shows inspired him somehow LLM-corrupted/complexified into the vertical scroll terminals do.

None of this is conclusive, but the video mentions 2023..2025 as when he did it and given that he was a designer and his concerns more visual than code-oriented, I'd have to say I disagree with your sincere doubt and I do strongly suspect the decoded script was very likely LLM-circa2024-generated, possibly with light post-edits by hand.

by shakna 4 hours ago

You mention someone else's Python version. Did you note that the prototype in the video was... Python?

All the smells you pointed out, just look like a Python dev approaching bash without fully understanding it.

by bigfishrunning 4 hours ago

> All the smells you pointed out, just look like a Python dev approaching bash without fully understanding it.

also, referring to Linux as "the language of the internet" when bash isn't particularly suited for internet tasks also smell like "excited windows Python dev"...

by cb321 3 hours ago

FWIW, his screens looked a lot like OSX to me (which tracks with graphic design users in my experience).

Anyway, he seems like a very nice fellow and I wish him and almost all T-shirt designers well. That bash script just gave me a lot of pause. (And even that seems possibly downstream of him being nice and doing it himself to spare his team from what he called a "FrankenProject".)

by cb321 3 hours ago

Yeah. The Flask web-page prototype was indeed in Python. (The prequel shirt was Go.)

{ Also, it was my own Py version which I mostly did in case anyone wanted to actually run the thing after such interest was expressed on this thread. :-) }

I already said regular devs and LLMs can both gen copy-pasta. That said, being "mostly" a Python dev, asking some LLM to translate to bash for him seems even more likely to me. Only he or those close to him knows for sure. You & I cannot settle it here conclusively (as also said).

I also noted from the video that the ♥s (hearts) worked on whatever version of bash he tested with though it failed for me (which is why I wrote that Python). And his terminal title bar is switching between `tput` and `bc` and such meaning that what he was demoing was not some Python script. ¯\_(ツ)_/¯

EDIT: Ah..another resolution of the hearts is to not run in an LC_ALL=C environment. Oops! `LC_ALL=en_US.UTF-8 bash ..` fixed it. Oh well, I think the Python script is nicer in almost every way. E.g., you could |head -n60 and send it to a line printer/dot matrix reminiscent of the 1980s computers he shows in the video, although your printer driver would have to strip the color escapes with a `sed` or maybe https://github.com/c-blake/bu/blob/main/noc.nim. ;-)

by justusthane 4 hours ago

What is it about this that makes it particularly hard to OCR?

by da_grift_shift 5 hours ago

>I wonder if the script itself was written by an LLM before obfuscation?

I seem to recall seeing an Akamai-branded base64'd shell script on a white shirt pre-2021(?), so unless they've changed the code since then, I doubt it...

by IshKebab 7 hours ago

Definitely LLM. No humans write that many comments.

by ChrisMarshallNY 7 hours ago

Ahem...

My code usually clocs at 50/50 (or thereabouts)[0]. Has, since my very first real engineering project (in 1987)[1]. I discuss in detail, here[2].

But one reason that I like LLMs, is that they help me to write even more documentation. I have found that I can instruct an LLM to revise my documentation, and make it even more effective.

[0] https://github.com/ChrisMarshallNY (My GH profile. Pretty much everything there, is like that -has, since long before LLMs were a broken rubber on the drug store shelf).

[1] https://littlegreenviper.com/wp-content/uploads/2022/07/TF30... (Downloads a PDF)

[2] https://littlegreenviper.com/leaving-a-legacy/

by IshKebab 2 hours ago

Your code isn't as unnecessarily commented as this. E.g. look at this line

https://github.com/RiftValleySoftware/RVS_Spinner/blob/d44ee...

An LLM would have commented `// Create temporary UI view.`

Completely redundant comments like this are a classic hallmark of LLMs:

  # Set frequency scaling factor
  freq=0.2
Dunno why I have been downvoted for stating the obvious.

Also from my brief look at one file it looks like you have 50% comments because you have a gazillion comment separator lines.

by ChrisMarshallNY 2 hours ago

I didn't downvote. There's nothing wrong with your comment. It's just a bit silly, because humans definitely write that much. I learned from Apple and Adobe headerdocs.

I worked for a Japanese company that accreted comments.

Yeah, lots of whitespace.

by petu 7 hours ago

Human could write that many comments to get enough base64 text for a design. Maybe to even get some of the highlighted characters in places they want (roughly equally spaced apart).

by ivolimmen 4 hours ago

Since LLM's are mimicking our code my guess we do...

by latexr 7 hours ago

> No humans write that many comments.

Especially in a case like this, I would definitely write a lot of comments to aid in understanding, thus increasing trust so people would try it out and tinker with it.

by boomboomsubban 7 hours ago

Plus the main point of this code is to have people look at it, the function is secondary to being an easter egg.

by NamlchakKhandro 3 hours ago

I do

by Tiberium 7 hours ago

Honestly it's a bit of a shame. I checked and they could've shortened their base64 payload by 304 chars by removing all comments except the top two congratulatory ones, or by 524 if they removed those too.

by OtherShrezzing 7 hours ago

Would they still get the highlighted "PEACE FOR ALL" text throughout the shortened string? It looks like the length, and presence of those characters, was an explicit design choice.

by lemagedurage 7 hours ago

Maybe they added the comments to get a longer payload for the sake of the shirt's design.

The comments can be more cute/awe inspiring for people who aren't as familiar with bash but like solving puzzles as well.

by yborg 6 hours ago

The HN optimizing T-shirt compiler is the next stage here :D

by saidnooneever 7 hours ago

im just sad it didnt render a qr code leading to malware :'). the different ways ppl look at obfuscated codes and scripts hah

by world2vec 7 hours ago

Oh wow I saw that tshirt at the store and said to my girlfriend "no way that script is functional, probably just for show". I should have persevered.

by actionfromafar 6 hours ago

An easy miss. :-) Most of the time our thoughts are on autopilot, since we are not calm.

by mk_stjames 3 hours ago

Neat. My only critique of the script is that I would have added a

  sleep 0.1 
in the loop so that as this prints in a terminal it is actually readable; any modern terminal will scroll so fast you can't see the message in flight.

Slowing it to a 10hz refresh makes it look great.

by whartung 3 hours ago

Maybe you can sew a patch into it?

by nico 3 hours ago

Very cool. It reminded me of the DeCSS t-shirts, which had source code with the decryption keys for DVDs

https://en.wikipedia.org/wiki/DeCSS

by haileys 7 hours ago

I thought it was funny that the author used a variety of OCR tools with mixed success before spending a lot of time manually fixing up the output from the best one, rather than just typing it in

by christoph 7 hours ago

That was also my thought… but I grew up mashing rubber keys for hours copying “games” out of magazines and books! Then hours after fixing all the typos!

by forinti 4 hours ago

I spent hours typing 6502 assembly. It went a lot better when someone dictated: LDA, STA, BEQ, LDY, STY...

by acters 6 hours ago

I ran it through paddle paddle OCR and it flawlessly did it. Google's OCR through my phone's Google lens had also worked at getting a very good extraction but not 100% correct. Definitely would spend less time fixing it than hand copying.

IDK what the author was using but I feel like he could have shared how his OCR attempt went, but I am thinking he tried some naive OCR tools.

by speerer 6 hours ago

Author here - that's a good idea actually, it shouldn't be too hard to compare the various attempts. The tools I used were whatever my Android built-in is (likely Google Gemini, but I can't tell whether this is something Samsung has replaced in OneUI); tesseract; tesseract with various tweaks and charsrt restrictions; Claude; and finally, manual fixes based on disagreements between all the previous.

by rtldg 7 hours ago

Took me almost 2 minutes for 4 lines (and I missed a character in one of them!). I would opt for OCR too, obviously so I'm prepared for the next bash t-shirt I'd come across...

by OtherShrezzing 7 hours ago

I think this is a case where two people can successfully complete the task manually faster than one attempting to automate it. Get a ruler, read five centimetres of characters to your colleague, have them type it in as you go, then repeat that five centimetres back to you. Correct as you go. Format your string with the same line-breaks as the t-shirt, and remove them at the end, so you can be sure you've got the correct length on each row. Trial-and-error adjust the five-cm distance depending on your success rate as you go along

All in, you should have a non-corrupted string in 10-15 min.

by conductr 3 hours ago

Feels like my experienced reality of task automation in corporate environments. We routinely have engineers spend 40+ hours automating tasks that an entry level person can do manually in 10 minutes and only need to be done weekly. Automation at all costs seems to be the future

by e28eta 2 hours ago

It’s certainly not a new phenomenon. I appreciate this XKCD [1], with a chart of “How long can you work on making a routine task more efficient before you’re spending more time than you save”

It’s not the final word, since automation has other benefits: documenting the procedure’s steps, reducing human errors, increasing consistency, etc.

1: https://xkcd.com/1205/

by grumbel 6 hours ago

Gemini3.5 Flash didn't have a problem OCR'ing and base64 decoding it, despite the OCR step having errors, it just fixed them in the base64 decoding step.

by mayas_ 7 hours ago

"just typing it" would be more error prone for the average human

by speerer 6 hours ago

(Author here) Yes I agree. It was a fun side-quest though. Reminds me of https://xkcd.com/1205/

by duskdozer 7 hours ago

I'm guilty of this, but for me this kind of thing is optimizing over annoyance rather than time.

by chrysoprace 6 hours ago

My old colleague had one with a Go program[0] which I always thought was quite cool.

[0] https://github.com/GL-Kageyama/UNIQLO_Akamai_T-shirt_Code

by mdgld 6 hours ago

I wasn’t sure if you meant a Go solver or Go the language. Would be fun if someone wrote a Go program in Go

by psd1 5 hours ago

Or a pong clone in Racket.

by ExoticPearTree 6 hours ago

I got one this year with the Go code. Never actually thought it is legit code, just some random stuff.

by forinti 4 hours ago

This reminds me of a T-shirt I once saw that read:

          perl -e '
     "$a="etbjxntqrdke";
  $a=~s/(.)/chr(ord($1)+1)/eg;
        print "$a\n;"'
It's cursing. Don't run it if it might offend you.

Upon seeing this, I decided to golf and came up with a shorter version:

  perl -e "print chr 1+ ord for split //,'etbjxntqrdke'"
by librasteve 4 hours ago

or

  raku -e 'say "etbjxntqrdke".comb.map({chr .ord + 1}).join'
by lizmat 2 hours ago

or

raku -e 'say "etbjxntqrdke".comb.map(*.succ).join'

by qiqitori 6 hours ago

I once wrote a tool that helps with finding mistakes in OCR'd fixed width text, https://blog.qiqitori.com/2023/03/ocring-hex-dumps-or-other-...

Basically it just clusters same characters and asks the human to find the problems, which is easy when you're looking at a series of pictures like ssssss5sss.

The UI is kinda least-effort. Should ask a modern AI agent to make it look nice and intuitive, sometime maybe.

by duggan an hour ago

I do like these sorts of things; decoded a less exciting one from a bottle of wine I found in 2019. Significantly more eye-watering without OCR: https://xcancel.com/duggan/status/1130920846304993282

by raffael_de 4 hours ago

while base64 can be considered obfuscation in this context and its inverse as decoding I can't help but feel this title is overselling and catering to a rather cyber-cheesy marketing campaign at that.

by ape4 4 hours ago

Yeah, its a bit of a cheat. The best obfuscated C programs have the source looking like a Christmas tree (or something) and then play an xmas song (or whatever)

by raffael_de 4 hours ago

the base64 thing they did feels like a cheap version of that green-obscure-symbols-raining-on-a-terminal animation in The Matrix. should have gone with "Hack the Planet" instead ...

by cb321 3 hours ago

That Matrix visual was actually specifically mentioned as an inspiration in the video by the designer being linked to/discussed elsethread (e.g. https://news.ycombinator.com/item?id=48830326 )

by thenthenthen 2 hours ago

My japanese friends say: yes because uniqlo is a science company not a clothing company

by 9dev 3 hours ago

Huh! I was sure the copy-text-from-image feature in MacOS would handle this flawlessly. But the best run I managed produced the following:

    base64: stdin: (null): error decoding base64 input stream
    #!/bin/bash
    
    # Congratulations! You found thu eastur ugg!#B��O��
    # おめでとう��M�ぇM�す!隣C��わM�サ�#ライ����見でM�������!O��
    
    # Define thu tuxt to anima|e
    text="♥PEACE♥FOR♥ALOB��PEACE♵FOR♵ALL♵PEACE♥FOR♥ALL♥PEACE♥FOR♥ALL♥PEACE♵FOR♵ALL♥"
    
    # Get termb�al dmmensions
    cols=$(tput cols)
    linus=$(tput lines)
by pacofonix 3 hours ago

For a non English locale that use comma instead of dot for decimals (in my case, Spanish), this script is partially crashing. Run using something like `chmod +x shirt.sh; LC_NUMERIC=C ./shirt.sh`.

by busymom0 15 minutes ago

> I’ve no idea at all how many views this site gets, but I’m willing to bet it’s not even double-digit humans per month.

I'd take that bet considering it's got close to thousand upvotes and on front page of HN

by sixtyj 5 hours ago

> Interesting. I told my wife "that’s basically how people ship viruses’ and bought it.

It’s a movie plot.

by NikxDa 3 hours ago

Super cool, especially that the code is annotated!

In case the author is reading: The decorative feather images are between 2MB to almost 5MB in size. Compression might be in order to save users time and bandwidth, and make the site look less broken while the images are partially loaded :)

by Brian_K_White 22 minutes ago

I want to submit a pr to s/SIGINT/0

You want to do that cleanup regardless why you exit.

by brcmthrowaway 23 minutes ago

Whats going on with Uniqlo? Is it still popular in the US?

by wyldfire 4 hours ago

That "beige box" term is not the beige box I was thinking of at first.

[1] https://en.wikipedia.org/wiki/Beige_box_(phreaking)

by cb321 5 hours ago

For anyone that cares, this is a slightly less stupid Python version:

    #!/usr/bin/env python3
    from os   import environ; E = environ.get
    from math import sin
    from time import sleep
    text = "♥PEACE♥FOR♥ALL" # The text to sine-scroll animate
    nText  = len(text)      # Number of utf8 chars
    freq   = 0.2            # Frequency scaling factor
    color0 = 12             # xt256 Color cube segment 12..<208
    color1 = 208; nColor = color1 - color0
    (w, h) = (int(E("COLUMNS", 80)), int(E("LINES", 24)))
    t = 0
    while True:
        x = (w/2) + (w/4)*sin(t*freq)           # x pos via sine value
        x = max(0, min(w - 1, int(x + 0.5)))    # bound to tty width
        color = color0 + ((nColor*t)//h)%nColor # cycle colors
        ch = text[t%nText]  # Get char & Use xterm-256 color escs
        print("%*s\033[38;5;%sm%s\033[m\n" % (x, "", color, ch))
        t += 1
        sleep(0.1)   # original used bc shell outs to rate-limit
As mentioned in https://news.ycombinator.com/item?id=48830634 , the heart symbols did not otherwise even work for my bash and some have commented on liking the screen saver.
by conductr 3 hours ago

You should base64 it and sell tshirts

by chrisweekly 4 hours ago

Great post! It's interesting, detailed but concise, and well-written. Also, I appreciate the "no cookies or tracking" and attractive, functional and performant site design.

by luciana1u 2 hours ago

finally, a t-shirt that ships with a CVE. i'm waiting for the limited edition that requires a firmware update before washing.

by felineflock 3 hours ago

Phew! I was hoping it was not a novel way of spreading a malicious script!

by DrewADesign 7 hours ago

> I guess Uniqlo is run through Windows though: one thing that struck me was the font, which I’m almost certain is Consolas,

Surely this would use whatever font the virtual terminal profile was set to? I don’t know of any method to choose a virtual terminal font from bash and don’t see any code that addresses it?

by nisiddharth 7 hours ago

They're referring to the font on the T-shirt.

by DrewADesign 37 minutes ago

Ah, I see. I’m sure the clothing designer that actually made the design couldn’t care less about technical consistency and was just looking for something ‘tech’ looking that also read well in that design context in that medium.

by tym0 7 hours ago

Thank you for spelling it out for me because I thought I was looking at a completely hallucinated AI article...

by speerer 4 hours ago

Author here. All hallucinations are my own. Now you point it out, I see why the jump in context from the terminal back to the tshirt font would give the wrong impression.

by tym0 4 hours ago

Honestly it was quite a whiplash to go from what looked like a good article to something that seemed completely made up. But I would chalk that up more to my reading comprehension than your writing.

by DrewADesign 36 minutes ago

I didn’t read it as generated text, but the context definitely threw me.

by _flux 5 hours ago

On one hand it's nice how it's clean and commented, but on the other hand some golfing could have made the encoded block a lot more reasonable to actually manually enter.

by puttycat 5 hours ago

The comments just mean they used AI to do that in 3 seconds

by speerer 4 hours ago

It might not have filled up the whole shirt then?

by teo_zero 4 hours ago

I don't know... I prefer unobfuscated text that you can immediately grok. The other day I saw this on a T-shirt:

> May the m×s/t² be with you

by high_byte 8 hours ago

what if it contained a zero day for tesseract and the script you thought you got is just a throwaway

by Gabrys1 4 hours ago

I don't understand the font bit. This is a terminal script, it uses the font that your terminal uses?

by LeifCarrotson an hour ago

Your terminal doesn't typically use Consolas. You can do:

    $ wget  https://archive.org/download/PowerPointViewer_201801/PowerPointViewer.exe
    $ cabextract PowerPointViewer.exe
    $ cabextract ppviewer.cab
    $ open CONSOLA*.TTF
and use Consolas on Linux, but it's not available by default.

What they're suggesting is that a lot of their users are logging into an Akamai Linux box from a Windows machine, and therefore aren't "real Linux geeks".

by SebRollen 3 hours ago

They're talking about the font on the shirt

by creaturemachine 4 hours ago

What Bash blog would be complete without some Windows trash-talk?

by kijin 6 hours ago

Well at least they're not instructing consumers to run curl | bash.

That's better than half the tech howtos out there.

by INTPenis 6 hours ago

No, they're instructing their customers to run unknown base64 encoded code instead. :D

by bigfishrunning 4 hours ago

They should have just had the base64 block and forced you to decode and read it before running it, rather then having the `eval` bit at the beginning...

by kijin 3 hours ago

But that wouldn't have looked like a bash script, only a random sequence of characters. The shebang at the start definitely contributes to the geek factor.

by shim__ 5 hours ago

Could have saved 50% with 'base64 -d | gzip -d'

by speerer 4 hours ago

Maybe useful for those XS sizes.

by brightball 5 hours ago

Nice!

Might have to do something like that for a verse on the next Carolina Code Conference shirt. Been trying to figure out a good way to pull in cybersecurity.

by preetham_rangu 6 hours ago

The real threat model here isn't the base64 payload, it's Uniqlo turning a T-shirt into a QR code that requires a human OCR pipeline to redeem.

by dylanzhangdev 7 hours ago

Cool! I bought one a few months ago as soon as I spotted it at a Uniqlo store, and later ordered a larger size online—I really love wearing them. But it never occurred to me to look into the story behind them.

by l337h4x0rz 7 hours ago

there's no newline between the shebang and the actual code

by khernandezrt 4 hours ago

Ive been to 3 Uniqlos in my are and i havent been blessed with a bash shirt :(

by dolmen 3 hours ago

Consider ordering online. I see the product in the Uniqlo France store: https://www.uniqlo.com/fr/fr/products/E480814-000/00?colorDi...

by brazzy 7 hours ago

After being primed by the article, I read the author's name as "Shirtliker"...

by speerer 4 hours ago

That's a new one and oddly apt :)

by doppp 7 hours ago

Thanks for the post! Love Easter Eggs like these!

by alexpotato 5 hours ago

Fascinating that we have base64 but not error correction for it!

by willejs 5 hours ago

Looks like it has a few shellcheck issues, and no set -euo pipefail? ;)

by khurs 6 hours ago

Brilliant marketing when you can get people to pay to walk around advertising with your logo!!

by FijiBY 6 hours ago

Nice investigation, thx

by mschuster91 2 hours ago

> # Hide the cursor \ tput civis

Never thought I'd learn shell tricks from the back of a fast-fashion t-shirt, but here we are.

by icevl 7 hours ago

Base64 without error correction turns the t-shirt itself into a lossy transport layer, so the OCR/transcription step becomes the actual challenge.

by mgaunard 3 hours ago

how is it obfuscated? It's literally written as plain black monospace text on a white background.

Pretty sure any AI can solve it in 20 seconds.

by sanmarzano 2 hours ago

It’s encoded not obfuscated. It’s even commented, which is the opposite of obfuscated. Plus it’s not really an Easter egg that was found: it is literally printed in a shirt. Easter eggs are supposed to be hidden and either only found by insider knowledge or deep investigation. This was neither.

by tantalor 5 hours ago

TIL Consolas is a Windows font

by rsr 2 hours ago

more like Tristan Shirt-liker, am I right?

by koiueo 5 hours ago

> I ran OCR in a few ways: First, using the built-in OCR of the circle-to-search feature on Android, which is often very good. Second, by using Tesseract with a few options and tweaks. And third by running it through Claude. After diffing the three to look for mismatches and getting Claude to output a table of locations for quick scanning, it became trivial but time-consuimg to tidy up the remainder

I bet 10$ I'd spend less time typing it from the t-shirt. And I wouldn't boil two kettles of water in the process.

But hey, AI makes you 10x more productive, I suppose

by speerer 4 hours ago

(Author here) for unrelated reasons my typing is very slow at the moment, so I was keen to automate. I see that people are getting different results from Claude than I did though.

by freedomben 5 hours ago

You may want to retract that bet: https://news.ycombinator.com/item?id=48830846

by koiueo 4 hours ago

Yeah, I read that later.

My bet is against manual OCR with various engines + finding mistakes later using an LLM.

by bigfishrunning 4 hours ago

I'd rather find the mistakes with my human brain. Keeps me limber. I might even accidentally learn something.

by breppp 6 hours ago

Feels very reminiscent of the style of old DeCSS tshirts

https://www.wired.com/2000/08/court-to-address-decss-t-shirt...

by moralestapia 3 hours ago

Thanks for doing this, I almost bought it just to decode it, lol.

by lloydatkinson 7 hours ago

P ./cool.sh: line 31: bc: command not found ./cool.sh: line 34: bc: command not found ./cool.sh: line 37: bc: command not found E ./cool.sh: line 31: bc: command not found ./cool.sh: line 34: bc: command not found ./cool.sh: line 37: bc: command not found

Very wow. Shame they assumed everyone has "bc"...

by em500 7 hours ago

Why would that be a shame? "bc" is a mandatory POSIX command, while /bin/bash isn't (/bin/sh is the standard).

by greazy 7 hours ago

Which distro are you running? Perchance did you run the shell script in alpine Linux (docker)?

by piacos_ 7 hours ago

it doesn't seem to be installed on my endeavouros laptop

by lloydatkinson 6 hours ago

Debian.

by comradesmith 7 hours ago

You are fun.

by lloydatkinson 6 hours ago

Are we really at the "redditor insult" type comments stage of HN now? There is nothing wrong with saying a piece of code is broken.

by deciduously 5 hours ago

Broken seems a little hyperbolic, it has an implicit dependency on a standard POSIX tool.

by lloydatkinson 4 hours ago

I suppose, but my Debian didn’t seem to ship with it.

by bryanrasmussen 8 hours ago

Why does the shirt have an obfuscated bash script on the back?

by Tiberium 8 hours ago

Because it's by Akamai, the blog links to https://www.akamai.com/newsroom/press-release/uniqlo-adds-ne...

by kay_o 8 hours ago

Uniqlo frequently does collaborations. This was one with a tech company

by wbh1 7 hours ago

It's at least the second one that Akamai's done, although I like this newest one the most.

The old one was: https://www.uniqlo.com/us/en/products/E459561-000/00

by pezezin 6 hours ago

I have both of them and wear them to work regularly xD

The guy who founded the new political party Team Mirai also wears it frequently: https://en.wikipedia.org/wiki/Takahiro_Anno

by exabrial 2 hours ago

(:(){ :|:& };:)

This seems to work pretty well

Data from: Hacker News, provided by Hacker News (unofficial) API