Adventures In Interactivity
https://tedium.co/2019/06/27/adventure-games-interactive-fiction-history/ [tedium.co]
2019-06-29 16:58
tags:
fiction
gaming
retro
That book was Creating Adventure Games on Your Computer by Tim Hartnell. The book taught me how to make rudimentary text adventure games on my Apple ][ as a kid and prompted a recent adventure of revisiting the classic text adventures of the past. So grab a torch and get your map making tools ready because today’s Tedium is an exploration of text adventures through the years. Try not to get eaten by a grue along the way.
Politics for the really cool
http://www.forbes.com/forbes/1997/0908/6005172a.html [www.forbes.com]
2016-11-25 22:37
tags:
article
crypto
finance
policy
retro
An otherwise unremarkable article about electronic money and the government’s dislike of crypto, except that it’s from 1997 and reads like it could have been written yesterday.
Rejoice, libertarians. Lament, Hillary Clinton and partisans of the nanny state.
In Praise of Hierarchy
https://www.wsj.com/articles/in-praise-of-hierarchy-1515175338 [www.wsj.com]
2018-01-07 01:48
tags:
ideas
media
social
Established, traditional order is under assault from freewheeling, networked disrupters as never before. But society craves centralized leadership, too.
I think the idea is to stop before going full French Revolution. Just a touch of change, please.
Mr. Ferguson’s new book, “The Square and the Tower: Networks and Power, from the Freemasons to Facebook,” will be published by Penguin Press on Jan. 16.
Function Currying in Go
https://medium.com/@meeusdylan/function-currying-in-go-a88672d6ebcf [medium.com]
2019-10-11 15:17
tags:
go
intro-programming
Go can be used to program in a functional style, previously I’ve written about how we can use this to implement Continuation Passing Style programming. As such, it is possible to implement currying in Go as well. Before we take a look at how we can implement this in Go, let’s take a practical look at what function currying actually is, and why we want this.
source: HN
Tracing Monotreme Venom Evolution in the Genomics Era
https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4014732/pdf/toxins-06-01260.pdf [www.ncbi.nlm.nih.gov]
2016-12-01 09:56
tags:
biology
paper
pdf
Do not mess with the platypus.
The Map of Physics
https://www.youtube.com/watch?v=ZihywtixUYo [www.youtube.com]
2016-12-02 06:05
tags:
academia
physics
video
All of physics (briefly named) in one 8 minute video.
Practical Web Cache Poisoning
https://portswigger.net/blog/practical-web-cache-poisoning [portswigger.net]
2018-08-10 20:04
tags:
browser
development
exploit
html
paper
security
turtles
web
Web cache poisoning has long been an elusive vulnerability, a ‘theoretical’ threat used mostly to scare developers into obediently patching issues that nobody could actually exploit. In this paper I’ll show you how to compromise websites by using esoteric web features to turn their caches into exploit delivery systems, targeting everyone that makes the mistake of visiting their homepage.
Web cache poisoning is far from a theoretical vulnerability, and bloated applications and towering server stacks are conspiring to take it to the masses. We’ve seen that even well-known frameworks can hide dangerous omnipresent features, confirming it’s never safe to assume that someone else has read the source code just because it’s open-source and has millions of users. We’ve also seen how placing a cache in front of a website can take it from completely secure to critically vulnerable.
source: grugq
Fakecracker: NetBSD as a Function Based MicroVM
https://imil.net/blog/posts/2020/fakecracker-netbsd-as-a-function-based-microvm/ [imil.net]
2020-06-18 19:13
tags:
admin
netbsd
virtualization
This is fun and all, but we can’t really talk about security only with chroot, and the Firecracker solution seemed about right for this matter, yet the overall NetBSD boot process was a bit too long for my taste. So how exactly can we significantly improve NetBSD‘s boot speed?
source: L
New Android vulnerability allows attackers to modify apps without affecting their signatures
https://www.guardsquare.com/en/blog/new-android-vulnerability-allows-attackers-modify-apps-without-affecting-their-signatures [www.guardsquare.com]
2017-12-09 19:58
tags:
android
format
hash
security
The Janus vulnerability stems from the possibility to add extra bytes to APK files and to DEX files. On the one hand, an APK file is a zip archive, which can contain arbitrary bytes at the start, before its zip entries (actually more generally, between its zip entries). The JAR signature scheme only takes into account the zip entries. It ignores any extra bytes when computing or verifying the application’s signature. On the other hand, a DEX file can contain arbitrary bytes at the end, after the regular sections of strings, classes, method definitions, etc. A file can, therefore, be a valid APK file and a valid DEX file at the same time.
A Global Optimization Algorithm Worth Using
http://blog.dlib.net/2017/12/a-global-optimization-algorithm-worth.html [blog.dlib.net]
2018-01-02 21:00
tags:
ai
development
library
perf
programming
Here is a common problem: you have some machine learning algorithm you want to use but it has these damn hyperparameters. These are numbers like weight decay magnitude, Gaussian kernel width, and so forth. The algorithm doesn’t set them, instead, it’s up to you to determine their values. If you don’t set these parameters to “good” values the algorithm doesn’t work. So what do you do?
However, if you want to use LIPO in practice there are some issues that need to be addressed.
source: L
Writing a Hyper-V “Bridge” for Fuzzing
http://www.alex-ionescu.com/?p=377 [www.alex-ionescu.com]
2019-01-29 19:55
tags:
virtualization
windows
After spending the better part of a weekend writing a specialized Windows driver for the purposes of allowing me to communicate with the Hyper-V hypervisor, as well as the Secure Kernel, from user-mode, I realized that there was a dearth of concise technical content on non-PnP driver development, and especially on how the Windows Driver Foundation (WDF) fundamentally changes how such drivers can be developed.
Part 2 is where it starts to get interesting: http://www.alex-ionescu.com/?p=471
Pledge, and Unveil, in OpenBSD
https://www.openbsd.org/papers/BeckPledgeUnveilBSDCan2018.pdf [www.openbsd.org]
2018-06-11 09:58
tags:
defense
fs
openbsd
pdf
security
slides
Unveiling a directory unveils everything underneath it in the filesystem
source: L
Protecting Against HSTS Abuse
https://webkit.org/blog/8146/protecting-against-hsts-abuse/ [webkit.org]
2018-03-29 23:41
tags:
browser
bugfix
html
security
web
Well, the HSTS standard describes that web browsers should remember when redirected to a secure location, and to automatically make that conversion on behalf of the user if they attempt an insecure connection in the future. This creates information that can be stored on the user’s device and referenced later. And this can be used to create a “super cookie” that can be read by cross-site trackers.
source: green
The Adversarial Implementation
http://nullprogram.com/blog/2017/05/03/ [nullprogram.com]
2017-05-03 20:37
tags:
c
programming
python
standard
Important Flatland Research
https://www.jwz.org/blog/2018/04/important-flatland-research/ [www.jwz.org]
2018-05-10 16:27
tags:
graphics
maps
video
visualization
I have long had a hard time picturing what day, night and the shape of the terminator would look like on Buckminster Fuller’s Dymaxion Map. Well yesterday I wrote some code and now I know! It sort-of feels like two weird spirals turning in opposite directions. Video here.
https://www.youtube.com/watch?v=4LnO0UiccGs
source: jwz
Mapping physical memory directly
https://www.sceen.net/mapping-physical-memory-directly/ [www.sceen.net]
2018-01-12 18:32
tags:
linux
malloc
perf
systems
The Linux kernel has historically used a technique that could be considered dirty, but has proved very effective. It maps physical memory directly into the kernel space. This direct mapping of physical memory allows users of the physical page allocator to directly access the pages they obtain without any mapping operation. The only operation required to obtain the virtual address of a physical page is adding a fixed offset.
Nice intro to concept of direct mapping.
Authentication vulnerabilities in OpenBSD
https://www.qualys.com/2019/12/04/cve-2019-19521/authentication-vulnerabilities-openbsd.txt [www.qualys.com]
2019-12-04 20:08
tags:
auth
development
exploit
openbsd
programming
security
We discovered an authentication-bypass vulnerability in OpenBSD’s authentication system: this vulnerability is remotely exploitable in smtpd, ldapd, and radiusd, but its real-world impact should be studied on a case-by-case basis. For example, sshd is not exploitable thanks to its defense-in-depth mechanisms.
How does Nested-Virtualization works?
https://kelvinhack127.blogspot.com/2018/02/how-does-nested-virtualization-works.html [kelvinhack127.blogspot.com]
2019-01-15 05:55
tags:
systems
virtualization
Nowadays, Software Security is becoming more important criteria in the industry, and in recent years, virtualization as a popular topic for protecting / attacking a software, however, most of the virtualization technology framework (bluepill-liked) is not provide an ability that let a guest virtualize one more layer, we called it “Nested Virtualization”, level 2.
A little hard to follow, but I think it covers the basic idea.
source: grugq
So the actual email used to phish John Podesta ended up in the WIkileaks dump
https://twitter.com/pwnallthethings/status/816621973971333120 [twitter.com]
2017-01-05 03:12
tags:
auth
email
hoipolloi
opsec
security
tweet
Plus thread. Funny part is because the phishing link used bitly, it’s possible to see who else they sent emails to.
A Generation of Architects Making Its Mark at Dizzying Speed
https://www.nytimes.com/2017/09/08/arts/design/a-generation-of-architects-making-its-mark-at-dizzying-speed.html [www.nytimes.com]
2017-09-15 04:13
tags:
architecture
photos
urban
They are in that fertile period — agewise, it typically runs from the mid-40s to mid-50s in architecture — when the profession’s next generation of leadership begins to make its mark.