Posts
2508
Following
574
Followers
1284
A drunken debugger

Heretek of Silent Signal
repeated

Cat's out of the bag: I am pursuing a native FIPS 140-3 validation for the Go standard library.

Trying to do it right, making it seamless and without compromising on security.

First time a Go module is validated. Wish me well. And consider sponsoring!

https://go.dev/issue/69536

2
2
0
repeated

Want to move to Real World Binary Exploitation? Grab this last opportunity of the year and register to my Windows Exploit Engineering Foundation training at https://www.hexacon.fr/trainer/halbronn/

0
2
0
repeated

https://2024.issta.org/details/issta-2024-papers/89/Better-Not-Together-Staged-Solving-for-Context-Free-Language-Reachability

This is a super interesting approach to figuring out how to nagivate paths through parsers written to accept context free languages, when the grammar of the parser is known: break up the grammar into parts and do different complimentary stages of CFG exploration based on those parts of the original grammar

1
2
0
repeated

Our latest blog post 📜 shows application developers effective steps they can take to 🛑prevent attacks in a world of rich media client interactions. 👀 Check it out now to learn how to protect your apps!

https://blog.doyensec.com/2024/09/19/phishing-case-study.html

0
1
0
repeated
Edited 3 months ago

I jokingly said on the Discord that my IDE setting for tabs is "sin(time)*4-4 spaces", and of course spytheman instantly implemented it in ved

2
5
1
"These outsiders saw the giant lie [...] And they saw it by doing something the rest of the suckers never thought to do: they looked."

#hacking
0
0
2
repeated

"The selling point of generative A.I. is that these programs generate vastly more than you put into them, and that is precisely what prevents them from being effective tools for artists."

0
1
0
repeated

With Kagi, not only can you see how many ads/trackers a website has before clicking, but you can also personalize your search by ranking domains to tailor the experience to your specific needs👇

0
1
0
repeated
repeated

✧✦✶✷Catherine✷✶✦✧

good news: I can now publish my work on "RTL debugger", an interactive tool that lets you single-step your hardware design and observe its state, currently integrated into VS Code as an extension but using an open protocol https://github.com/amaranth-lang/rtl-debugger

right now it's in a very early state and not all that useful, but this should change in the coming days

2
2
0
repeated

This looks amazing: THE JUNKYARD: An End-Of-Life Pwnathon (February 21-22, 2025) DistrictCon: https://www.districtcon.org/junkyard

0
4
0
repeated

new blogpost time!!

this one's a fun writeup on a vulnerability chain i found across multiple google services that earned me a $4133.70 bounty

lots of fun css as usual! i had to recreate a bunch of drive/docs/gmail/youtube UIs c:

have fun!

https://lyra.horse/blog/2024/09/using-youtube-to-steal-your-files/

2
6
0
Edited 3 months ago
It's amazing some "experts" manage to bring up "AI" even in the context of the latest incidents in Lebanon, citing tech from 2010...
0
0
2
repeated

Thanks to gcc 14's stricter errors, today I learned that the getpwent_r/getspent_r/etc. interfaces on Linux & Solaris have basically opposite return values - on Solaris they return a non-NULL pointer on success, a NULL pointer on failure - while on Linux they return ints - 0 for success, -1 for failure - so checking for == 0 is inverted between the two. Hopefully not a lot of code uses these APIs, but I still wonder how much is broken. For instance, accountsservice gets this wrong on Solaris.

3
4
0
repeated
repeated
repeated

Lately my days of exploiting have been:

36 hours spent troubleshooting how broadcast/multicast traffic works on various operating systems

4 hours spent writing the actual exploit and pwning the thing

1
1
1
repeated

Terence Eden’s Blog

Edited 4 months ago

The unreasonable effectiveness of simple HTML
https://shkspr.mobi/blog/2021/01/the-unreasonable-effectiveness-of-simple-html/

I've told this story at conferences - but due to the general situation I thought I'd retell it here.

A few years ago I was doing policy research in a housing benefits office in London. They are singularly unlovely places. The walls are brightened up with posters offering helpful services for people fleeing domestic violence. The security guards on the door are cautiously indifferent to anyone walking in. The air is filled with tense conversations between partners - drowned out by the noise of screaming kids.

In the middle, a young woman sits on a hard plastic chair. She is surrounded by canvas-bags containing her worldly possessions. She doesn't look like she is in a great emotional place right now. Clutched in her hands is a games console - a PlayStation Portable. She stares at it intensely; blocking out the world with Candy Crush.

Or, at least, that's what I thought.

Walking behind her, I glance at her console and recognise the screen she's on. She's connected to the complementary WiFi and is browsing the GOV.UK pages on Housing Benefit. She's not slicing fruit; she's arming herself with knowledge.

The PSP's web browser is - charitably - pathetic. It is slow, frequently runs out of memory, and can only open 3 tabs at a time.

But the GOV.UK pages are written in simple HTML. They are designed to be lightweight and will work even on rubbish browsers. They have to. This is for everyone.

Not everyone has a big monitor, or a multi-core CPU burning through the teraflops, or a broadband connection.

The photographer Chase Jarvis coined the phrase "the best camera is the one that’s with you". He meant that having a crappy instamatic with you at an important moment is better than having the best camera in the world locked up in your car.

The same is true of web browsers. If you have a smart TV, it probably has a crappy browser.

Twitter's guest mode displayed on a TV.

My old car had a built-in crappy web browser.

The dashboard of a BMW i3 - there is a web browser on the central display.

Both are painful to use - but they work!

If your laptop and phone both got stolen - how easily could you conduct online life through the worst browser you have? If you have to file an insurance claim online - will you get sent a simple HTML form to fill in, or a DOCX which won't render?

What vital information or services are forbidden to you due to being trapped in PDFs or horrendously complicated web sites?

Are you developing public services? Or a system that people might access when they're in desperate need of help? Plain HTML works. A small bit of simple CSS will make look decent. JavaScript is probably unnecessary - but can be used to progressively enhance stuff. Add alt text to images so people paying per MB can understand what the images are for (and, you know, accessibility).

Go sit in an uncomfortable chair, in an uncomfortable location, and stare at an uncomfortably small screen with an uncomfortably outdated web browser. How easy is it to use the websites you've created?

I chatted briefly to the young woman afterwards. She'd been kicked out by her parents and her friends had given her the bus fare to the housing benefits office. She had nothing but praise for how helpful the staff had been. I asked about the PSP - a hand-me-down from an older brother - and the web browser. Her reply was "It's shit. But it worked."

I think that's all we can strive for.


Here are some stats on games consoles visiting GOV.UK

Matt Hobbs (@TheRealNooshu@hachyderm.io)

@TheRealNooshu

Replying to @TheRealNooshuInterestingly we have 3,574 users visiting GOV.UK on games consoles:
• Xbox - 2,062
• Playstation 4 - 1,457
• Playstation Vita - 25
• Nintendo WiiU - 14
• Nintendo 3DS - 16

20/22


❤️ 29💬 1♻️ 010:45 - Mon 01 February 2021

https://shkspr.mobi/blog/2021/01/the-unreasonable-effectiveness-of-simple-html/

2
26
0
Show older