There's definitely a funky curve of what you can and cannot comfortably do on an iPad. If you're pinned to IDEs and need lots of local graphical tools to support development, an iPad is unusable. If you already have to…
Much of transient execution research over the years has been invalidated or was complete bogus to begin with. It was extremely easy to get a paper into a conference for a while (and frankly still is) just by throwing in…
It's not that simple. The problem is not just branches but often the intersection of memory and branches. For example, a really powerful technique for amplification is this: ldr x2, [x2] cbnz x2, skip /* bunch of slow…
This is an idea many have had before but it doesn't quite work. When you do this, you tend to lose all the performance gained from speculative execution. It's essentially data-independent-timing as applied to loads and…
Modeling programs as circuits also makes them significantly easier to formally verify too! These sorts of synthesis tools are really cool, though writing traditional software in them is extremely painful.
It's a joke about people moving to Linux not because it's gotten any better but because Windows has been getting worse
My favorite is when the codebase is so deeply buried in macros and headers that send you on a wild goose chase to find any actual code that it becomes much easier to just dump the binary in ida/binja. The source code…
My sad related factoid to this is that suicide overtook car accidents as the leading cause of death of teenagers in Colorado. This is because although suicide is a worsening problem, crash safety and driver education…
RISC is not about the number of instructions but rather what the instructions do. The famous example of CISC gone to its logical extreme is the VAX's polynomial multiply instruction, which ended up being almost a full…
What sort of wiki are you envisioning here? There is some decent tooling and docs around generating SoCs [1] but, as the article mentions, the most difficult part is not creating a single RISCV core but rather creating…
It is fairly different from a systems programming perspective. The base instructions (I) are essentially everything you'd expect when writing any kind of regular program and it feels very normal and natural for anyone…
For all those learning (or even those who've learned :P), my favorite cheatsheet that I always pull up while writing ARMv8-A assembly is this one [1] from the University of Washington. ARMv8-A has a lot of fairly…
> that argument can be used to stop the inclusion of any new large functionality in the kernel. Sure, it could be, but there are shades of gray. Arguing that adding a full fat SMB server to the kernel is not the same…
The criticism isn't that anyone expects bug free code, rather that introducing new remotely accessible attack surface to the kernel in 2022 when we know it's likely unsafe is silly. Building an SMB server in the kernel…
Have you actually benchmarked a context switch on modern hardware? A full switch (including register spilling and page table swap) can be had in <150 cycles on even cheap, older Arm A-series cores like the Cortex A72.…
Most exploited UAFs don't happen in common execution paths. They're often caused by weird races and error conditions that nobody considered to even happen. It's why things like production ASan is a lot less valuable…
OpenBSD is somewhat controversial in that a variety of its security claims don't make sense or work out in practice. As a whole, however, they do meaningful work so it's still worth donating.
Most cryptographic algorithms worth their salt have a pseudo code implementation on Wikipedia too. Just save the article along with the encrypted payload, bam future proofed :)
> There's a video on YouTube where a hobby scientist takes a cup of water and doses it with an incredibly potent poison Cody'sLab Drinking Cyanide <https://www.youtube.com/watch?v=i6hOVhQQ9h>. Apparently it was removed…
Do you know what they did on holidays? Did they just never close for any reason whatsoever?
It is still mortifying to have a photo of you sitting on the toilet with your shorts down even if your face is blurred out. Yes, the damage has already done and this made the article even more compelling, but I don't…
Do you truly believe someone would see the headline "How did Roomba-recorded photos end up on Facebook?" and not ask themselves "wait...is MY Roomba recording photos that might end up on Facebook???". This is clearly…
It's not as if we've just had a decade of such unthinkable business strategies. Google is still, for the vast majority of people, free (as in $0 per month) service which gives them free email, document editing, and file…
Especially seeing as you can outright have a full, tiny VPS 24/7 for $2.50/mo or $30/yr from Vultr. I suppose there's a value add in terms of not necessarily needing to setup your own install, but if that's something…
Take your choice of other random SBCs off Aliexpress for $30-40. They all run Linux well enough for headless, short cronjobs.
There's definitely a funky curve of what you can and cannot comfortably do on an iPad. If you're pinned to IDEs and need lots of local graphical tools to support development, an iPad is unusable. If you already have to…
Much of transient execution research over the years has been invalidated or was complete bogus to begin with. It was extremely easy to get a paper into a conference for a while (and frankly still is) just by throwing in…
It's not that simple. The problem is not just branches but often the intersection of memory and branches. For example, a really powerful technique for amplification is this: ldr x2, [x2] cbnz x2, skip /* bunch of slow…
This is an idea many have had before but it doesn't quite work. When you do this, you tend to lose all the performance gained from speculative execution. It's essentially data-independent-timing as applied to loads and…
Modeling programs as circuits also makes them significantly easier to formally verify too! These sorts of synthesis tools are really cool, though writing traditional software in them is extremely painful.
It's a joke about people moving to Linux not because it's gotten any better but because Windows has been getting worse
My favorite is when the codebase is so deeply buried in macros and headers that send you on a wild goose chase to find any actual code that it becomes much easier to just dump the binary in ida/binja. The source code…
My sad related factoid to this is that suicide overtook car accidents as the leading cause of death of teenagers in Colorado. This is because although suicide is a worsening problem, crash safety and driver education…
RISC is not about the number of instructions but rather what the instructions do. The famous example of CISC gone to its logical extreme is the VAX's polynomial multiply instruction, which ended up being almost a full…
What sort of wiki are you envisioning here? There is some decent tooling and docs around generating SoCs [1] but, as the article mentions, the most difficult part is not creating a single RISCV core but rather creating…
It is fairly different from a systems programming perspective. The base instructions (I) are essentially everything you'd expect when writing any kind of regular program and it feels very normal and natural for anyone…
For all those learning (or even those who've learned :P), my favorite cheatsheet that I always pull up while writing ARMv8-A assembly is this one [1] from the University of Washington. ARMv8-A has a lot of fairly…
> that argument can be used to stop the inclusion of any new large functionality in the kernel. Sure, it could be, but there are shades of gray. Arguing that adding a full fat SMB server to the kernel is not the same…
The criticism isn't that anyone expects bug free code, rather that introducing new remotely accessible attack surface to the kernel in 2022 when we know it's likely unsafe is silly. Building an SMB server in the kernel…
Have you actually benchmarked a context switch on modern hardware? A full switch (including register spilling and page table swap) can be had in <150 cycles on even cheap, older Arm A-series cores like the Cortex A72.…
Most exploited UAFs don't happen in common execution paths. They're often caused by weird races and error conditions that nobody considered to even happen. It's why things like production ASan is a lot less valuable…
OpenBSD is somewhat controversial in that a variety of its security claims don't make sense or work out in practice. As a whole, however, they do meaningful work so it's still worth donating.
Most cryptographic algorithms worth their salt have a pseudo code implementation on Wikipedia too. Just save the article along with the encrypted payload, bam future proofed :)
> There's a video on YouTube where a hobby scientist takes a cup of water and doses it with an incredibly potent poison Cody'sLab Drinking Cyanide <https://www.youtube.com/watch?v=i6hOVhQQ9h>. Apparently it was removed…
Do you know what they did on holidays? Did they just never close for any reason whatsoever?
It is still mortifying to have a photo of you sitting on the toilet with your shorts down even if your face is blurred out. Yes, the damage has already done and this made the article even more compelling, but I don't…
Do you truly believe someone would see the headline "How did Roomba-recorded photos end up on Facebook?" and not ask themselves "wait...is MY Roomba recording photos that might end up on Facebook???". This is clearly…
It's not as if we've just had a decade of such unthinkable business strategies. Google is still, for the vast majority of people, free (as in $0 per month) service which gives them free email, document editing, and file…
Especially seeing as you can outright have a full, tiny VPS 24/7 for $2.50/mo or $30/yr from Vultr. I suppose there's a value add in terms of not necessarily needing to setup your own install, but if that's something…
Take your choice of other random SBCs off Aliexpress for $30-40. They all run Linux well enough for headless, short cronjobs.