Recently joined a company with legit soda machines(the fancy ones with exotic stuff like cream sodas), slim jims, ice cream, cookies, cakes and which buys lunch for the engineers every weekend. It's amazing. I came from…
There's definitely competitors opening up and realizing the space is worth the investment. C# Maui for example, especially with Blazor, is extremely cross platform as well(including web), but it has full party support…
It was pretty heavily used in enterprise on applications from around 2006-2012. I still have nightmares of it, as since it's enterprises the code bases got massive and GWT in my experience had a trend of getting a ton…
Apple is by far the most secure, which is why you rarely see kernel exploits and the market for IOS security researchers are in high demand. While the market for android researchers are hot, it's luke warm in…
Just like with any government agency, you bid on something called "Small Business Set Asides" and get or say you are a minority woman. This will give you bonus points and contracts that are reserved for these groups.…
This is really the big reason. IOS blocks applications from running dynamic code. The kernel is immutable and replaced on every update, and safeguarding the JS engine is a huge benefit of controlling the OS. Antivirus's…
There's a big difference between moderation on HN and sites like Reddit. Reddit completely shadowbans, filters, or bans anyone who doesn't post with the hivemind. This makes it so you can't have a fair contrarian view…
There's plenty of other companies that have the other side of the coin in values though that would admire people who stand up. It's very nice to be a good culture fit at a company. I have a Blue Lives Matter flag in the…
In regards to memory alignment, it's even worse. Most instructions work on unaligned data. But some instructions require 8 byte, 16 byte, 32 byte, 64 byte and I think there's even some 128 and 256 byte alignment. One of…
Government pension is actually very bad. You pay 4 % of your salary per year, and get 1 % * years worked * avg(3 top highest salaries). You get far more money if you put that 4 % into a 401k or other investment vehicle.…
There's actually alot of research in this topic. You should look into "Genetic Programming" on scholar.google.com and you'll find some good presentations. For example…
This is one of the biggest issues people don't realize. A react dev doing fully frontend stuff is usually paid more than a security guy. Management views this as the developer making a product and giving money. But with…
Are you trying to run your own business? Me, my friends, and all of my coworkers have to live in the shadows because recruiters hunt us. Like, my buddy posted on Indeed and not has 5 unsolicited phone calls and 12…
I was recently looking for positions and it seems like most of these companies are hiring you as a filler until they get someone just as good. So you're 100 % right. Without sounding controversial. Most promotions and…
If you're trying to enter the field I would highly suggest ARM. Mobile malware is the wild west and they really need analysts and hire a bunch of people with no experience out of college. X86/64 is alot harder to enter…
This is really good. But make sure that you read the NASM documentation(It's really good) https://www.nasm.us/xdoc/2.15.05/html/nasmdoc0.html . Specifically my main gripe with this is the fact that X64 code changes alot…
Had this issue with a coworker who uses a decade old version of Linux and refuses to install anything other than base packages cus it's "Stable". Well I made an in house tool, and it's not stable, since his glibc had a…
You want to use C anyhow as you want to make sure you have control over the code that is output. For example the following code you know what the assembly is going to be. strcmp(char* a, char* b); strcmp(str1,str2); If…
You do end with modules having the same address in every process if untampered though. This is due to Copy on Write windows implements internally with DLL's to save space. So while not guaranteed. On X64 you can be…
Here's the really simple explanations. Emulations is pretty much literally just mapping instructions between processors. So there may be an instruction in my custom chipset called "Add4", which adds 4 inputs. I would…
This is actually literally a problem call SSTI, which is REALLY common. It's better to use the correct term instead of SQL injection.
It depends, but most consumer AV's upload. And alot of EDR's are implimenting cloud based detections, with the option for companies with IP risks to run an on prem version of their cloud server. A good example is this…
It's not. Binary protection is easy and you won't be able to stop high level attackers. It's similar to the EDR field where it's monitoring heuristics and trying to correlate those to attacks. And it's also similar in…
One thing to remember, is just like AV's, it's the norm for them to literally upload random archives, documents and whatever else to "Scan". There's a reason pretty much every Anglo country doesn't recommend Kaspersky…
So firstly, the people asking you to open source so they can "Audit" are dumb. Your app is android, android is EXTREMELY easy to audit and decompile. Especially with no obfuscation during compiletime. Things like…
Recently joined a company with legit soda machines(the fancy ones with exotic stuff like cream sodas), slim jims, ice cream, cookies, cakes and which buys lunch for the engineers every weekend. It's amazing. I came from…
There's definitely competitors opening up and realizing the space is worth the investment. C# Maui for example, especially with Blazor, is extremely cross platform as well(including web), but it has full party support…
It was pretty heavily used in enterprise on applications from around 2006-2012. I still have nightmares of it, as since it's enterprises the code bases got massive and GWT in my experience had a trend of getting a ton…
Apple is by far the most secure, which is why you rarely see kernel exploits and the market for IOS security researchers are in high demand. While the market for android researchers are hot, it's luke warm in…
Just like with any government agency, you bid on something called "Small Business Set Asides" and get or say you are a minority woman. This will give you bonus points and contracts that are reserved for these groups.…
This is really the big reason. IOS blocks applications from running dynamic code. The kernel is immutable and replaced on every update, and safeguarding the JS engine is a huge benefit of controlling the OS. Antivirus's…
There's a big difference between moderation on HN and sites like Reddit. Reddit completely shadowbans, filters, or bans anyone who doesn't post with the hivemind. This makes it so you can't have a fair contrarian view…
There's plenty of other companies that have the other side of the coin in values though that would admire people who stand up. It's very nice to be a good culture fit at a company. I have a Blue Lives Matter flag in the…
In regards to memory alignment, it's even worse. Most instructions work on unaligned data. But some instructions require 8 byte, 16 byte, 32 byte, 64 byte and I think there's even some 128 and 256 byte alignment. One of…
Government pension is actually very bad. You pay 4 % of your salary per year, and get 1 % * years worked * avg(3 top highest salaries). You get far more money if you put that 4 % into a 401k or other investment vehicle.…
There's actually alot of research in this topic. You should look into "Genetic Programming" on scholar.google.com and you'll find some good presentations. For example…
This is one of the biggest issues people don't realize. A react dev doing fully frontend stuff is usually paid more than a security guy. Management views this as the developer making a product and giving money. But with…
Are you trying to run your own business? Me, my friends, and all of my coworkers have to live in the shadows because recruiters hunt us. Like, my buddy posted on Indeed and not has 5 unsolicited phone calls and 12…
I was recently looking for positions and it seems like most of these companies are hiring you as a filler until they get someone just as good. So you're 100 % right. Without sounding controversial. Most promotions and…
If you're trying to enter the field I would highly suggest ARM. Mobile malware is the wild west and they really need analysts and hire a bunch of people with no experience out of college. X86/64 is alot harder to enter…
This is really good. But make sure that you read the NASM documentation(It's really good) https://www.nasm.us/xdoc/2.15.05/html/nasmdoc0.html . Specifically my main gripe with this is the fact that X64 code changes alot…
Had this issue with a coworker who uses a decade old version of Linux and refuses to install anything other than base packages cus it's "Stable". Well I made an in house tool, and it's not stable, since his glibc had a…
You want to use C anyhow as you want to make sure you have control over the code that is output. For example the following code you know what the assembly is going to be. strcmp(char* a, char* b); strcmp(str1,str2); If…
You do end with modules having the same address in every process if untampered though. This is due to Copy on Write windows implements internally with DLL's to save space. So while not guaranteed. On X64 you can be…
Here's the really simple explanations. Emulations is pretty much literally just mapping instructions between processors. So there may be an instruction in my custom chipset called "Add4", which adds 4 inputs. I would…
This is actually literally a problem call SSTI, which is REALLY common. It's better to use the correct term instead of SQL injection.
It depends, but most consumer AV's upload. And alot of EDR's are implimenting cloud based detections, with the option for companies with IP risks to run an on prem version of their cloud server. A good example is this…
It's not. Binary protection is easy and you won't be able to stop high level attackers. It's similar to the EDR field where it's monitoring heuristics and trying to correlate those to attacks. And it's also similar in…
One thing to remember, is just like AV's, it's the norm for them to literally upload random archives, documents and whatever else to "Scan". There's a reason pretty much every Anglo country doesn't recommend Kaspersky…
So firstly, the people asking you to open source so they can "Audit" are dumb. Your app is android, android is EXTREMELY easy to audit and decompile. Especially with no obfuscation during compiletime. Things like…