Tux 🐧🐧🐧

Linux nerd. I use arch btw.

Joined October 2020
Owner of @BookCovers
Moderates @mathematics
Administers @bsd @linux

Ever since my teenage years, I felt as if there were a filmy curtain separating me from other people my age. I understood the words of their conversations, but I could not grasp why they said what they did. Much later I realized that I didn’t understand the subtle cues that other people were responding to.

Later in life, I discovered that some people had negative reactions to my behavior, which I did not even know about. Tending to be direct and honest with my thoughts, I sometimes made others uncomfortable or even offended them – especially women. This was not a choice: I didn’t understand the problem enough to know which choices there were.

Sometimes I lost my temper because I didn’t have the social skills to avoid it. Some people could cope with this; others were hurt. I apologize to each of them. Please direct your criticism at me, not at the Free Software Foundation.

Read More

Imagine you’re in a picturesque Mexican village, nestled high in the mountains of the Sierra Madre.

In your hand, you’re gripping a cellphone. You’re staring at your device’s signal bars, hoping to see them come alive for the first time.

Suddenly, the bars glow brightly. Success!

You continue testing the network, winding up steep cobblestone paths between sunbaked, stucco houses. Gleeful cheers begin erupting everywhere. Stunned villagers stagger outside, holding cellphones.

“I’m connected!” cries a woman, raising her device.

“I just called Mexico City!” bellows another.

¡Madre Santísima … tenemos servicio! We have service!”

It’s the jubilant celebration of underdogs who have—for the moment—outwitted corporate elites.

Read More

NASA has announced that the Ingenuity helicopter has left the warm comfort of the Perseverance rover, and has successfully survived the cold Martian nights by itself with just solar panels and a rechargeable battery. This means that the next test for the little four-pound helicopter is to try for flight in an alien atmosphere. If the demonstration is successful, it will be a huge win for space research, and the possibilities for traveling around Mars will open up.

The general method of browser render process exploit is: after exploiting the vulnerability to obtain user mode arbitrary memory read/write primitive, the vtable of DOM/js object is tampered to hijack the code execution flow. Then VirtualProtect is called by ROP chain to modify the shellcode memory to PAGE_EXECUTE_READWRITE, and the code execution flow is jumped to shellcode by ROP chain finally. After Windows 8.1, Microsoft introduced CFG (Control Flow Guard)[1] mitigation to verify the indirect function call, which mitigates the exploitation of tampering with vtable to get code execution.

However, the confrontation is not end. Some new methods to bypass CFG mitigation have emerged. For example, in chakra/jscript9, the code execution flow is hijacked by tampering with the function return address on the stack; in v8, WebAssembly with executable memory property is used to execute shellcode. In December 2020, Microsoft introduced CET(Control-flow Enforcement Technology)[2] mitigation technology based on Intel Tiger Lake CPU in Windows 10 20H1, which protects the exploitation of tampering with the function return address on the stack. Therefore, how to bypass CFG in a CET mitigation environment has become a new problem for vulnerability exploitation.

Read More

The European Parliament is considering a draft resolution that requires online services to take pirated sports streams offline within 30 minutes. This includes a proposal to allow copyright holders to act as trusted flaggers. According to Pirate Party MEP Patrick Breyer, the plan is dangerous as it can cause massive collateral damage.

Kitten is a statically typed, stack-based functional programming language designed to be simple and fast. It is a concatenative language, combining aspects of imperative and pure functional programming. There is an introduction available and a tutorial in progress.

WHETHER WRITTEN INVISIBLY WITH LEMON JUICE or encrypted with complex math, secret messages are passed on through a myriad of bizarre and convoluted ways.

A team of engineers from China is introducing a new way to secretly transmit our most secret data or access secure locations using a tool that can be found on your person at any time: the human hand.

Today’s long-anticipated announcement by Fermilab’s Muon g-2 team appears to solidify a tantalizing conflict between nature and theory. But a separate calculation, published at the same time, has clouded the picture.

As you’re surely aware, Signal has officially jumped the shark with the introduction of cryptocurrency to their chat app. Back in 2018, I wrote about my concerns with Signal, and those concerns were unfortunately validated by this week’s announcement. Moxie’s insistence on centralized ownership, governance, and servers for Signal puts him in a position of power which is easily, and inevitably, abused. In that 2018 article, and in articles since, I have spoken about the important of federation to address these problems. In addition to federation, what else does a chat app need?

Read More