CDN cache probing as a side channel that's roughly tied to physical location is a pretty neat trick: https://mstdn.social/@rysiek/113868633791655142
=> More informations about this toot | View the thread
Irgendwie weird zu sehen wie wenig dieser Song auf Spotify/Soundcloud abgespielt wird obwohl so viele Leute in Norddeutschland den regelmäßig hören:
https://soundcloud.com/aesyme/stories-from-the-street
=> More informations about this toot | View the thread
youtube: "ah, I see, your primary account language is set to english, surely when you watch videos in german (which we know you speak, it's listed in the account preferences) you would like them to be auto-dubbed"
=> More informations about this toot | View the thread
alternate history where humanity discovered electricity once they had rubber soles together with metal door handles. or the right kinda hair combs
=> More informations about this toot | View the thread
So now I often pause the podcast at the ads with the headphone button (because the headphones can pause but not skip forward) and then only resume listening an hour later when I remember that I was listening to it and have my hands free and phone in reach
=> More informations about this toot | View the thread
one ad in the podcast episodes I currently listen to (which to be fair is about pretty terrible history) is for some true crime podcast and features a woman calling 911 while crying for her baby. one minute you're listening to friendly banter about horrible history and the next this happens...
=> More informations about this toot | View the thread
I wish iHeart had proper ad monetization turned on where I am instead of splicing in the same disconcerting ad for some other podcast over and over again. Do I have to use a VPN to get sold products and services instead? (And they also don't offer paid subscriptions here.)
[detail with CW in thread]
=> More informations about this toot | View the thread
I have some headphones which are very clearly designed for outdoor activities (they are IP67) but the accompanying documentation says "Keep the product away from [...] direct sunlight, [...]"
vampire headphones, clearly
=> More informations about this toot | View the thread
This was kind of a fun bug (though by luck it is hard to reach): https://project-zero.issues.chromium.org/373391951
A tree structure containing pointers needs to be deep-copied (the objects pointed to by the tree need to be duplicated too), but as an optimization, the tree is first shallow-copied, and then, in the copied tree, the pointers to the original objects are replaced with pointers to copied objects. But the copying of objects can fail midway through, and in that case, there is special cleanup code that can properly tear down the not-fully-set-up copied tree... but between failure and cleanup, a lock is dropped, and some other codepath can do a lookup in the copied tree, causing UAF if the lookup happens in a shallow-copied part of the tree and the corresponding element in the original tree has been freed since.
=> More informations about this toot | View the thread
oh neat, I hadn't heard that NCC Group recently did an audit of the Linux eBPF subsystem:
https://www.linuxfoundation.org/hubfs/eBPF/eBPF%20Verifier%20Security%20Audit.pdf
They found a verifier bug, made a nice table of all the security bugs that people found in the history of eBPF, and a bunch of other stuff.
See also https://hachyderm.io/@pchaigno/113120541957093776
=> More informations about this toot | View the thread
@ljs btw, have you seen this hacky weekend hobby project thing I built a while ago yet?
https://mehlbrei.thejh.net/thread?msgid=20241108135708.48567-1-lorenzo.stoakes%40oracle.com#topic-0
You can put in some messageid of a patch series that exists on lore and it'll show you all the review comments from that series inline in the original patches.
=> More informations about this toot | View the thread
so what will be the next Linux LTS? 6.12 or 6.13? I guess there might be just barely enough time left for a 6.13 release this year?
=> More informations about this toot | View the thread
tfw someone sends a short patch that eradicates the last remains of some horrible hack from a codebase and it gets 4 enthusiastic LGTMs
=> More informations about this toot | View the thread
This Zendesk bug bounty report story is pretty funny: https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52
It says the bug report to Zendesk was triaged as out of scope, so this researcher went ahead and demonstrated using it to get access to Slack instances of a bunch of Zendesk customers, who then complained to Zendesk about it...
Also kinda funny is the part where Zendesk says they're fixing a security bug, in part, by tweaking their spam filters:
=> More informations about this toot | View the thread
back in 2013, @sima published a i915/GEM Crashcourse explaining the Linux kernel i915 GPU driver; I read that earlier this year, and it was really helpful for understanding what is going on in the i915 code and understanding the context of CVE-2024-42259.
I think without that explainer, it would have taken me a long time to understand what GTT MMIO mappings are. The idea that some physical address region owned by the GPU proxies physical memory accesses based on GPU page tables is pretty mindblowing...
=> More informations about this toot | View the thread
question to people who know C standards stuff:
where in the standard does it say clang is allowed to do this to this code under C23 rules? or is clang just breaking the rules here?
https://godbolt.org/z/j87asaaP8
C code:
struct s2 { int a; long b; };
union u { struct s1 s1; struct s2 s2; };
static int f1(struct s1 *s1, struct s2 *s2) {
s1->a = 1;
int val = s2->a;
s1->a = 2;
return val;
}
int f2(union u *u) { return f1(&u->s1, &u->s2); }
compiler output:
mov eax, dword ptr [rdi]
mov dword ptr [rdi], 2
ret
Note that the member a is part of the "common initial sequence" of s1 and s2, and I think "a declaration of the completed type of the union is visible".
=> More informations about this toot | View the thread
I added code to Linux to help KASAN detect specific types of UAFs more reliably (https://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slab.git/commit/?h=slab/for-6.12/rcu_barriers&id=b8c8ba73c68bb3c3e9dad22f488b86c540c839f9), it's been in the linux-next integration tree for, I don't know, a month or so maybe (though it's not in the mainline tree yet), and still there are zero hits on LKML of bugs caught where the stack trace involves my detection...
It's nice that there apparently aren't a lot of easy-to-find bugs of this type around but it's also a little disappointing to not immediately get some nice results from my work...
=> More informations about this toot | View the thread
I built a (super hacky prototype) alternate frontend that you can use to view threads from the https://lore.kernel.org/ Linux kernel mailing list archives!
This weekend I figured I'd try to hack up some idea I had for a long time for showing email threads in a different way, so that it works better for getting an overview of code review comments; you can try it out here (this link goes to an example thread but you can put another Message-ID in the text box at the top):
https://mehlbrei.thejh.net/thread?msgid=20230720013249.199981-1-jannh%40google.com#topic-0
Basically it tries to give a proper inline-threaded view of a mail thread, where replies are actually shown inline in the mail that's being replied to.
It falls over on a lot of examples, and it doesn't understand reflowed quotes, and it should probably learn how to detect and remove "[snip]" lines and such, and it makes no attempt to authenticate anything (beyond that it exists in the lore archive), and when you say "hello" at the top of your mail before the quote it gets piled up in the top-quote section at the top, and so on... it's a very hacky weekend project prototype. But still, it kinda sorta works!
The super hacky code for it is at https://git.thejh.net/?p=mehlbrei.git;a=blob;f=main.py;hb=refs/heads/main - somehow it's just ~500 lines of code using only the python standard library...
If I added some functionality for expanding context lines and actually writing+sending reply comments, you could almost use it as a Gerrit-style patch review tool. 😆
cc @monsieuricon in case you're wondering what this traffic to the mbox endpoint on lore is about
=> More informations about this toot | View the thread
I know there are a lot of reasons (and probably a bunch more I don't know) why this is totally impractical but it would be kinda funny if at some point in the future humanity wants to get a robot presence in some other star system ASAP and is like "oh, speeding up an autonomous craft to near-light-speed is too hard, let's instead find some kinda planet or asteroid or so near our target that has the right kinda materials on it and blast it with enough light ('light' in the sense of something on the EM spectrum) in the right places to create the thing we need"
conversely it would also kinda suck if earth got wiped out because some aliens wanted to have a computer around this area and their remote litography tools were a bit too coarse to be survivable
=> More informations about this toot | View the thread
does waffle iron product testing involve pouring way too much dough in and then baking a waffle and then seeing how long it takes you to clean the waffle iron again?
=> More informations about this toot | View the thread
=> This profile with reblog | Go to jann@infosec.exchange account This content has been proxied by September (ba2dc).Proxy Information
text/gemini