Mike Belopuhov @mike@x0r.be

If you're interested in early boot-time security research or want to speed up your firmware development cycle, come to my talk on spispy, the open source flash emulator at #CCCamp19 Wednesday at 18:00 in Curie: https://fahrplan.events.ccc.de/camp/2019/Fahrplan/events/10186.html

Why yes, I *am* indexing this in #sudomastery. Why wouldn't I?

blood sacrifices..........161

📆 If you still don't know @OCamlLang or just are interested in #FunctionalProgramming it's time to register for next 🐫 #OCaml #MOOC session which will start the 22th September with @yurug @rdicosmo 👨‍💻 https://t.co/EPaEnzTINu

6.6-beta has been tagged https://undeadly.org/cgi?action=article;sid=20190810123243

Game of Trees https://undeadly.org/cgi?action=article;sid=20190810123007

#Ghidra might be one of the coolest things I've played with lately, kind of bizarre seeing it running on #OpenBSD. The decompiler tool is.. something else. Also, notice RETGUARD prologue/epilogue?

On -current:
$ pkg_add ghidra
$ ghidraRun

Running NSA reverse engineering tool on the Huawei matebook, of course. 😏

I really wish I could figure out what keeps causing this kernel panic on my laptop with #OpenBSD. 🧐

Seems to happen when I'm listening to streaming music (be it Pandora via pianobar or the Argentine radio streams) and running Firefox 68.0.1. I only have two tabs open as well.

Remember?

https://marc.info/?l=openbsd-ports-cvs&m=156535487221501&w=2

"Game of Trees (Got) is a version control system which prioritizes ease of use and simplicity over flexibility.

Got is still under development; it is being developed exclusively on OpenBSD and its target audience are OpenBSD developers. Got is ISC-licensed and was designed with pledge(2) and unveil(2) in mind."

​

this is an extremely good #Rust resource

https://cheats.rs/

When #programming in a #typesafe language, every other language feels like a "80% is good enough"-solution!

#rust #haskell #programminglanguages

Good counterpoint to the million eyeballs theory. It's the persistent gaze of a few eyeballs which finds many security issues because they are buried deep in inaccessible code. To add to that, consider the motivation of persistent eyeballs vs CADT eyeballs. Only shallow systems have shallow bugs.

hoot: https://twitter.com/halvarflake/status/1156186033253490689

@halvarflake: There is a lesson from the iDevice remotes that @natashenka and @5aelo found: Identifying and unlocking attack surface is often the time-consuming part of attacker research, and unnecessarily so. Attackers that focus on a single target again and again are at an advantage, ...

@halvarflake: defenders that need to achieve breadth are disadvantaged. This could be fixed by device vendors (providing easier APIs and better documentation for these attack surfaces). Closed systems give advantages to the real for-profit meanies.

HAMMER2 now default

This slipped in just before the 5.6 release, and I thought I had already noted it: DragonFly now defaults to HAMMER2 for disks during install, instead of HAMMER1.

https://www.dragonflydigest.com/2019/07/30/23259.html

That's a big cookie!

Hüüübsch: https://www.reddit.com/r/MapPorn/comments/chidtc/watersheds_of_germany/

@mwlucas as long as you are not preparing for future ones...

My day-to-day life is but a series of workarounds for my past mistakes.

Before helvetica was THE VOID

🤣 today's Reality Check!