Crash course in async and await
https://blogs.msdn.microsoft.com/oldnewthing/20170720-00/?p=96655 [blogs.msdn.microsoft.com]
2017-07-21 20:58
tags:
concurrency
csharp
intro-programming
PHPMailer < 5.2.20 Remote Code Execution (0day Patch Bypass/exploit)
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html [legalhackers.com]
2016-12-29 07:13
tags:
bugfix
exploit
php
security
web
Introduction to Video Coding
https://people.xiph.org/~tterribe/pubs/lca2012/auckland/intro_to_video1.pdf [people.xiph.org]
2017-03-13 17:24
tags:
compression
compsci
graphics
math
pdf
slides
It says introduction, but it’s 170 text heavy slides.
source: L
Unsubscribe: The $0-budget movie that ‘topped the US box office’
https://www.bbc.co.uk/news/world-us-canada-53099283 [www.bbc.co.uk]
2020-06-19 18:58
tags:
business
movie
social
But on 10 June, one box office-topping movie was watched by just two people, in one cinema. Unsubscribe, a 29-minute horror movie shot entirely on video-conferencing app Zoom, generated $25,488 (£20,510) in ticket sales on that day. Nationwide, the movie hit the top of the charts, according to reputable revenue tacker Box Office Mojo. The budget of the movie: a flat $0. How was that possible?
source: HN
Dumping a PS4 Kernel in "Only" 6 Days
https://fail0verflow.com/blog/2017/ps4-crashdump-dump/ [fail0verflow.com]
2017-12-30 00:31
tags:
freebsd
investigation
security
What if a secure device had an attacker-viewable crashdump format? What if that same device allowed putting arbitrary memory into the crashdump? Amazingly, the ps4 tempted fate by supporting both of these features! Let’s see how that turned out…
source: L
Distill — Latest articles about machine learning
http://distill.pub/ [distill.pub]
2017-03-20 19:30
tags:
academia
ai
compsci
links
series
OpenBSD hackathon reports
http://undeadly.org/cgi?action=article&sid=20161109030623 [undeadly.org]
2016-11-18 21:46
tags:
openbsd
Things To Keep In Mind When Designing A Transportation Map
https://www.smashingmagazine.com/2017/07/transportation-map-design/ [www.smashingmagazine.com]
2017-08-21 00:10
tags:
design
maps
urban
ux
visualization
Comparison of subway maps.
The case of the missing DNS packets
https://cloud.google.com/blog/topics/inside-google-cloud/google-cloud-support-engineer-solves-a-tough-dns-case [cloud.google.com]
2020-05-19 20:18
tags:
investigation
linux
networking
Troubleshooting is both a science and an art. The first step is to make a hypothesis about why something is behaving in an unexpected way, and then prove whether or not the hypothesis is correct. But before you can formulate a hypothesis, you first need to clearly identify the problem, and express it with precision. If the issue is too vague, then you need to brainstorm in order to narrow down the problem—this is where the “artistic” part of the process comes in.
source: HN
I Wanted to Type a Number
https://www.filamentgroup.com/lab/type-number.html [www.filamentgroup.com]
2019-03-26 23:26
tags:
html
ux
web
This browser variability is particularly true with touch devices, especially in relation to the primary innovation of the touchscreen keyboard: its malleability, or adaptation its mode of input to best suit the context. For example, when a site specifies that the user should type a number, the browser can show a number-pad like keyboard (0 through 9) with extra large buttons for easier, faster, and more accurate numeric input. The usability difference between the small button and large button keyboards for numeric input is stark:
source: HN
Capture the Flag
http://www.newyorker.com/magazine/2017/04/03/trolls-protest-shia-labeoufs-anti-trump-protest-art [www.newyorker.com]
2017-04-06 15:08
tags:
hoipolloi
opsec
social
On the difficulty of keeping a live streamed location secret from the internet.
Solving b-64-b-tuff: writing base64 and alphanumeric shellcode
https://blog.skullsecurity.org/2017/solving-b-64-b-tuff-writing-base64-and-alphanumeric-shellcode [blog.skullsecurity.org]
2017-06-15 18:54
tags:
cpu
programming
This is a fun exercise, though it gets a bit involved.
Byrne’s Euclid
https://www.c82.net/euclid/ [www.c82.net]
2020-04-27 04:08
tags:
book
math
If one of the lines paſs through the centre, it is evident that it cannot be biſected by the other, which does not paſs through the centre.
I probably could have done without ye olde spelling, but nice web conversion otherwise.
A tip for a better media diet: delay reading the news
https://kottke.org/18/04/a-tip-for-a-better-media-diet-delay-reading-the-news [kottke.org]
2018-04-16 21:16
tags:
ideas
life
media
A new car loses about 10% of its value as soon as you drive it off the lot; most news depreciates a lot faster than that. Humans are curious, hard-wired to seek out new information on a continuous basis. But not everything we haven’t seen before is worth our attention.
I’ve been running about two weeks behind in my RSS feed for a while now, and keep plugging away, but I’m not sure I really want to catch up. It’s not all bad being a bit behind.
source: K
Preemption Is GC for Memory Reordering
https://www.pvk.ca/Blog/2019/01/09/preemption-is-gc-for-memory-reordering/ [www.pvk.ca]
2019-01-11 06:03
tags:
concurrency
cpu
perf
programming
systems
Interrupt processing (returning from an interrupt handler, actually) is fully serialising on x86, and on other platforms, no doubt: any userspace instruction either fully executes before the interrupt, or is (re-)executed from scratch some time after the return back to userspace. That’s something we can abuse to guarantee ordering between memory accesses, without explicit barriers.
And then it gets crazy.
source: HN
Rendered Insecure: GPU Side Channel Attacks are Practical
http://www.cs.ucr.edu/~zhiyunq/pub/ccs18_gpu_side_channel.pdf [www.cs.ucr.edu]
2018-11-14 22:15
tags:
cloud
exploit
gl
paper
pdf
security
sidechannel
Under a number of scenarios the GPU can be shared between multiple applications at a fine granularity allowing a spy application to monitor side channels and attempt to infer the behavior of the victim. For example, OpenGL and WebGL send workloads to the GPU at the granularity of a frame, allowing an attacker to interleave the use of the GPU to measure the side-effects of the victim computation through performance counters or other resource tracking APIs. We demonstrate the vulnerability using two applications. First, we show that an OpenGL based spy can fingerprint websites accurately, track user activities within the website, and even infer the keystroke timings for a password text box with high accuracy. The second application demonstrates how a CUDA spy application can derive the internal parameters of a neural network model being used by another CUDA application, illustrating these threats on the cloud.
source: L
Manual Control Flow Guard in C
http://nullprogram.com/blog/2017/01/21/ [nullprogram.com]
2017-01-22 04:12
tags:
c
defense
programming
security
The NSA's regional Cryptologic Centers
https://electrospaces.blogspot.com/2019/06/the-nsas-regional-cryptologic-centers.html [electrospaces.blogspot.com]
2019-08-26 04:08
tags:
opsec
photos
policy
security
For many years, the US National Security Agency (NSA) was identified with its almost iconic dark-glass cube-shaped headquarters building at Fort Meade in Maryland. Only when Edward Snowden stepped forward in 2013, the public learned that there’s also a large NSA facility in Hawaii - which is actually one of four regional centers spread across the United States.
source: grugq
Syntactic tunneling
http://languagelog.ldc.upenn.edu/nll/?p=29583 [languagelog.ldc.upenn.edu]
2016-12-02 19:00
tags:
language
Example of extreme syntaxis: a prayer to the patron saint of explosives.
CVE-2018-9411: New critical vulnerability in multiple high-privileged Android services
https://blog.zimperium.com/cve-2018-9411-new-critical-vulnerability-multiple-high-privileged-android-services/ [blog.zimperium.com]
2018-11-01 19:41
tags:
android
exploit
security
As part of our platform research in Zimperium zLabs, I have recently disclosed a critical vulnerability affecting multiple high-privileged Android services to Google. Google designated it as CVE-2018-9411 and patched it in the July security update (2018-07-01 patch level), including additional patches in the September security update (2018-09-01 patch level).
In this blog post, I will cover the technical details of the vulnerability and the exploit. I will start by explaining some background information related to the vulnerability, followed by the details of the vulnerability itself. I will then describe why I chose a particular service as the target for the exploit over other services that are affected by the vulnerability. I will also analyze the service itself in relation to the vulnerability. Lastly, I will cover the details of the exploit I wrote.
Too many moving parts.
source: L