Posts
4197
Following
734
Followers
1628
"I'm interested in all kinds of astronomy."
[RSS] When Dragons Misplace Elves: Fixing Ghidra's Broken ELF Export

https://binaryru.in/posts/building-functional-elf-exporter-for-ghidra/

#Ghidra
0
1
1
repeated
repeated

HyperDbg v0.21 is released! 🪐💫

This release includes numerous bug fixes, improved stability, and significant progress toward integrating Intel PT (Processor Trace) into HyperDbg.

Check it out:
https://github.com/HyperDbg/HyperDbg/releases/tag/v0.21

0
3
0
repeated

Curiously enough, the only thing that went through the mind of the bowl of petunias as it fell was Oh no, not again. Many people have speculated that if we knew exactly why the bowl of petunias had thought that we would know a lot more about the nature of the Universe than we do now.

0
3
0
repeated

personally i'm ok with AI techniques being less well known but there's a deeper thing going on here which is far more important IMO, because it's also partially why LLMs have taken over

== this thread is in response to this tweet: ==

https://x.com/krismicinski/status/2072303376629444764

1
4
0
repeated

RE: https://kolektiva.social/@beka_valentine/116845902133405690

An excellent thread here. So much of what I see people pointing to as LLM's benefits for coding relates to long-standing problems in software engineering that the field just hasn't addressed. And LLMs don't solve these problems, at best the just paper them over and make dealing with them less tedious -- while reinforcing the problematic dynamics.

So yes it's great that people with no programming skills can create software to solve their prolems. But if we had collectively spent a chunk of the literally billions of dollars that are going to "AI" building on the early approaches to this from 25+ years ago (Hyperscript, Logo) that don't have the same downsides, we'd be in a much better place today.

1
3
0
repeated

And this goes for program analysis as well! Sure, it's impressive that Mythos-class LLMs can be used to identify oodles of problematic constructs in code that's been shipping for years, including tends of thousands of real bugs some of which are security vulnerabilities. It was also very impressive that PREfix and PREfast (the program analysis tools I worked on in back in the day) and the more-powerful tools that followed like Coverity could do it. Where would the program analysis field be today if billions of dollars had been invested in building on these tools instead of "AI"?

But none of these analysis tools change the underlying causes of the bugs -- software engineering processes that value time-to-market over security, unsafe libraries and languages, leaving security as an afterthought, etc etc etc. Don't get me wrong, finding and fixing bugs has value; one net effect this wave of LLM program analysis is likely to be useful hardening of existing software. But all the resources going to that aren't going to addressing the underlying issues -- and also reinforcing all the ethical, sustainability, and power-concentrating consequences of LLM usage.

1
3
0
@Viss Arm for scale is the only proper scale <3
0
0
1
repeated

For decades, the KKK marched and protested wearing masks, and Dem lawmakers said, "It's free speech! We have to let them talk!"

Then for a few summers, some Black kids said, "We need a ceasefire in Palestine." And Dem lawmakers passed laws against masked protest.🤡

Now those Dems are quiet again.🤷🏿‍♂️

1
6
0
repeated
Edited 17 hours ago

This is a hell of a picture

6
10
0
repeated

Blog post: Inspired by the video I just boosted - some honest thoughts on my AI remorse from my experiments earlier in the year.

It was bad, and I have SERIOUS regrets.

https://goodnameforablog.com/posts/very-average-prototypes/

6
8
0
@csepp I would call this a declarative approach actually! Unfortunately I have designed exactly zero good GUIs, so I have no idea how this could be actually implemented.
0
0
1
Edited yesterday
#GUI framework idea: instead of messing around with grids, layers and other demons of Hell, what if the developer just declared things like:

* These things belong together
* This group of things is the most important
* This group of things is only required sometimes
* ...

Edit: Since smart people talk about "visual hierarchy" may the dev would define a graph of elements?

Not saying this would build great GUIs, but there will be *a* GUI composed based on some generally not too bad practices.

#Programming
1
0
2
@gsuberland I can imagine...actually I really can't because I think I've never even seen a similar arrangement, but pretty proud of myself spotting the weirdness :)
0
0
1
repeated

Agentic AI has "guardrails" (e.g. you have to explicitly say "don't delete all the files on my computer" if you don't want it to delete all your files).

One of these guardrails is asking users to confirm whether to do things. Claude Code apparently has now decided that if you take over sixty seconds to answer a question, it'll just go ahead.

Turns out guardrails get in the way of consuming tokens, and you must consume tokens in order for the business model to work.

https://github.com/anthropics/claude-code/issues/73125

0
5
0
@gsuberland Stupid question: is the screen perpendicular to the cathode tube? Is there a mirror in there? o.O
1
0
0
repeated

Arthur C. Clarke: "Any sufficiently advanced technology is indistinguishable from magic."

Me: "Therefore, any sufficiently complicated technical problem is indistinguishable from a curse."

7
27
0
repeated
Edited yesterday

Interesting Git repos of the week:

Strategy:

* https://github.com/mr-r3b00t/ai_usage_mitre_analysis - AI abuse through an ATT&CK lens with @UK_Daniel_Card 🤖

Detection:

* https://github.com/citizenlab/bluecoat-investigations investigating Blue Coat device breaches with @citizenlab
* https://github.com/andreicscs/HoneyWire - F/OSS deception

Bugs:

* https://github.com/sgkdev/ipv6_frag_escape - another Linux LPE

Exploitation:

* https://github.com/x86byte/Obfusk8 - obfuscation library
* https://github.com/bee-san/RustScan - a port scanner in Rust
* https://github.com/t0thkr1s/gpp-decrypt - dumping GPP cpassword
* https://github.com/kernelstub/Nox - attack surface management in Go
* https://github.com/JVBotelho/skewrun - abusing time in AD
* https://github.com/db0109/AI-Red-Team-Scripts-And-Checklist - tips and tricks for red teaming AI 🤖
* https://github.com/jonaslykkegaard9-ops/m - remapping Windows memory

Hard hacks:

* https://github.com/pinkflawd/MIPSReverseEngineeringWorkshop - @pinkflawd's MIPS training

Nerd:

* https://github.com/ripienaar/free-for-dev - free hosting for developers 🤖
* https://github.com/dockur/macos - OS X in Docker

, ,

0
3
0
Show older