Show newer

So now, filled up the cavities in that piece with a putty, and then glued a sheet of plastic on top over all of the surface. Seems stable for now, and the lamp is back to hanging from the ceiling... Only now I'm left with two washers - no idea where those were in that construction before...

Show thread

Finally found my childhood computer book at The Complete PC Upgrade and Maintenance Guide by Mark Minasi, 4th ed, 1995. 1300 pages cover absolutely everything there is to know about the IBM PC and compatibles.

I know I'm a Fedi user when the first thing I've ever read at school library back in 2nd grade was the difference between polling and interrupt from a long obsolete book for an ancient machine... #retrocomputing

ROFL. Just now deleted a toot after I noticed I had written almost the same text about the same piece of software three years ago, after looking at MP3 files from the same album as back then (was

Mastodon search is not always useless 😉

This came out for a bunch of computers, but alas, archive only has the Commode-odor version, so imagine this is for a good computer instead.

Also, ever notice that power switches are harder and harder to reach on computers? That's because *they* don't want you in control.

Hrm. When did pasting Android clipboard content into SubwayTooter with ctrl-v from Hacker's Keyboard break?

(I can paste with a long tap into the edit field and selecting "paste", but ctrl-v just does nothing. It's still usable it in other Android apps though.)

I wasn't aware of WineVDM yet ("16-bit Windows (Windows 1.x, 2.x, 3.0, 3.1, etc.) on 64-bit Windows"):

(via virtuallyfun)

Since #FreeBSD hasn't enabled WX, its (already ineffective) ASLR implementation is entirely useless.

I started this thread with a story on an old, 1990s-era underground hacking group.

It's almost 2022, and the situation hasn't changed for FreeBSD, even with the project's recent work on exploit mitigations.

Until these core issues are addressed, exploitation of applications on FreeBSD systems will always be much easier than on other OSes with battle-tested implementations.

Exploiting FreeBSD systems today really doesn't look much different than it did in 1998.

But wait, there's now stack cookies! Unfortunately, stack cookies are incredibly easy to bypass. I've popped shells before bypassing the stack cookie on a simple integer overflow vulnerability. It took me a couple hours to write the exploit. I then set up a lab with a few dozen FreeBSD systems and ensured that I could reuse my exploit on all the systems without modification of the exploit payload.

Both base and ports do not enable PIE by default. Applications MUST be compiled as PIEs, otherwise the application is loaded at a deterministic address.


Suggestions I would make to FreeBSD:

Apply randomization to both the stack top address and a gap.
Randomize the shared page
To avoid AS fragmentation and perf hits, use deltas calculated at image activation time.
Implement and enable by default a WX implementation that differentiates between mmap and mprotect. Pages shouldn't be created WX (mmap) and shouldn't transition between W and X (mprotect).
Simplify the sysctl knobs. There's so many sysctl knobs that sysadmins will likely have a hard time understanding what's going on.
Remove the unneeded complexity of the ASR implementation.
Research history on old hacking groups and how they operated. Since FreeBSD's late to the game, they have the opportunity to innovate. FreeBSD's literally starting from a single (now considered ineffective) 2001-era exploit mitigation (stack cookies).

Show thread

I kinda wonder if the recent spam that looks like it could come from compromised accounts on hosted Jira instances is actually from that source, or just an elaborate forgery...

Some of the headers certainly look wrong, but it does seem to have valid ARC and DKIM headers, or at least rspamd assigns them a negative score?

Google Cloud Status dashboard has updated

"Summary: Global: Experiencing Issue with Cloud networking

Description: We are experiencing an issue with Cloud Networking beginning at Tuesday, 2021-11-16 09:53 US/Pacific.

Our engineering team continues to investigate the issue.

We will provide an update by Tuesday, 2021-11-16 10:40 US/Pacific with current details.

We apologize to all who are affected by the disruption."

Show thread

Every time Tor browser on the PC gets updated, I'm so glad I ditched Firefox. I would rage to no end if I had to work with that broken UI.

Good that I don't work in infosec anymore, otherwise I might be tempted to buy a new phone...

Hey #hackers of the #fediverse, anyone working at @Tutanota ?

How do you feel about being branded as those who "steal personal data"?

Webapps are applications that you don't get to keep.

Talking of NNTP... Ugh. Has it really been ... 15 years since I rebuilt the cnews binaries from the last avalable source package for whatever the latest Debian release was back then?

# ls -al /usr/lib/news/nntp/nntpd
-rwxr-xr-x 1 root root 69888 Oct 7 2006 /usr/lib/news/nntp/nntpd

These same binaries still work today on Devuan beowulf (Debian 10), and I'll see if upgrading to the next release breaks anything...

Maybe I should really switch to inn...

Boosting this again since I've had the track on repeat for half an hour now after it came up in my rotation. Still don't have the vocabulary to explain why I'm so fond of it, though.

Show thread
Show older
INFRa Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!