Email or username:

Password:

Forgot your password?
12 posts total
Show previous comments
івась тарасик

@lcamtuf yes, this cryptoanalizer is ready for some social engineering and passwords guessing, it's very good for those longer passwords until we have quantum 'puters.

Thomas

@lcamtuf

In Germany we call this 'Hartloeten', means hardsoldering, brazing. Soldering with an alloy of copper and zinc at high temperature.

lcamtuf :verified: :verified: :verified:

The BASIC feature of the C language standard permits the use of familiar line numbering:

godbolt.org/z/dfsKGqYGz

You can use an if () statement to see if the feature is supported by your compiler.

Show previous comments
RevK :verified_r:

@lcamtuf that is some proper cursed C there. And can you really guarantee the side effects of an array initialisation will be in order?

Show previous comments
shimst3r

@lcamtuf "Category theory for the seasoned category theorist who lost all interest in communicating with non-category theorists but has to pretend like they are to get at least one grant per year to pay for heating and food"

Shane Celis

@lcamtuf @xameer AUTHOR: I will prove to others that _I_ know the thing!

lcamtuf :verified: :verified: :verified:

OK, so here's my slightly more eloquent take on the xz thing, complete with a zinger closing paragraph:

lcamtuf.substack.com/p/technol

Show previous comments
Wyre

@lcamtuf@infosec.exchange I hear you and I think what you're saying is the real villain is systemd.

Force of Habit

@lcamtuf @jerry If only someone would have a sleeping defensive security podcast and could reactivate it. Why not, with a guest this time.

Åki 🐐

@lcamtuf
„You probably can’t build a career on being very familiar with some boring, old dependency that’s just taken for granted by everyone else.“
That’s the point and the failure of the whole business. Throw money on diligent people who constantly creates new stuff, but disregard the solid, „boring“ infrastructure.

There‘s a crucial difference between being lazy and acting responsible - even if both end up in doing nothing for long time.

@lcamtuf
„You probably can’t build a career on being very familiar with some boring, old dependency that’s just taken for granted by everyone else.“
That’s the point and the failure of the whole business. Throw money on diligent people who constantly creates new stuff, but disregard the solid, „boring“ infrastructure.

lcamtuf :verified: :verified: :verified:

The unsung heroes of today are all the backdoor authors who do proper benchmarking and profiling, so that they don't get caught because SSH logins are too slow.

Maybe(oz)

@lcamtuf let's add that to the debrief^W retrospective under "what we learned".

lcamtuf :verified: :verified: :verified:

Did you ever wake up in the middle of the night wondering what would happen if you applied JPEG-style lossy compression to text?

Well, here's the tool you've been waiting for - The Text Lossifizer: lcamtuf.coredump.cx/lossifizer

Show previous comments
Joby (chaotic good)

@lcamtuf it would be fun to try a keymap that puts letters close to their common typing error neighbors. Lossy compression that can be further improved by applying automatic spellchecking.

Lucent Maven Katanova

@lcamtuf
Compression implies something else.

I would say this is a kind of lossy data transmission.

Compression would suggest a restricted character set intended to convey the same message.

RealGene ☣️

@lcamtuf
Excuse me, but I don't see it getting any smaller…

lcamtuf :verified: :verified: :verified:

This is a pretty good quote from Matt Levine:

"I used to write a lot about crypto. The reason I liked writing about crypto is that it seemed to be rediscovering all of regular finance from first principles, quickly, in public. It was a fabulous laboratory for understanding financial structures. If you wanted a public demonstration of why, I don’t know, infinitely leveraged shadow banks were bad, you could wait 20 minutes and crypto would give you one."

I made the same point before: the most interesting part of the phenomenon wasn't that it's necessarily good or bad, that it's energy-hungry or not - but that you're getting an empirical validation of many of the crusty old principles of "classical" finance. Funnily, delivered to you by the folks who rejected all that dogma in the first place.

This is a pretty good quote from Matt Levine:

"I used to write a lot about crypto. The reason I liked writing about crypto is that it seemed to be rediscovering all of regular finance from first principles, quickly, in public. It was a fabulous laboratory for understanding financial structures. If you wanted a public demonstration of why, I don’t know, infinitely leveraged shadow banks were bad, you could wait 20 minutes and crypto would give you one."

Show previous comments
rateexportpilot

@lcamtuf the man is a national treasure. Money Stuff is the only newsletter I have ever signed up for that I legitimately read every day.

Claudius Link

@lcamtuf
Would you share the source of this quote?
I would like to read more 😀

abadidea

@lcamtuf my husband is a financial lawyer and he did his master’s thesis on this stuff. he’s both a traditional finance expert and a cryptocoin expert and owns zero coins, that should be a hint…

lcamtuf :verified: :verified: :verified:

I hate Elf on the Shelf. I think it teaches children that it's OK to live under constant surveillance. Why not come up with a more benign explanation, such as that Santa is just one of many parties buying behavioral information from an online data broker?

Show previous comments
Liam Reimers

@dan Yeah, rules-as-written, the Elf is a fascist. He plays a different role at our house - a bringer of snacks, a player of tricks, and eventual confidant. :)

Steve Lord

@lcamtuf Santa outsourced his list making to Palantir

Jhooper

@lcamtuf

"Dad, why does Santa only deliver presents on Christmas Eve?"

"It's because he spends the rest of the year in prison for breaking and entering."

lcamtuf :verified: :verified: :verified:

You know that horror film staple where the victim is trying to get away from an axe murderer and they turn the key but the car won't start?

Well, it's time to upgrade that trope, so to speak

Show previous comments
Karl Williams

@lcamtuf I'm a software person and I haven't had a car for over a decade but, if I ever have one again, it will have a electromechanical switch to start it, no software involved.

gelim

@lcamtuf holly cow that looks like a 2019 something update. What's your take on not updating it?

Sean Eric Fagan

@lcamtuf Another one with Teslas (maybe other EVs, I don't know?) is that they can go into a deep sleep, and can take multiple minutes to wake up enough to be driven.

Every time that happens to me, I think about axe murderers.

Go Up