2010-10-28:

Random #4

press
When I came up with the idea of the 'Random' series, I've also created a separate "notepad" (in electronic form ofc), where I would note down things that I found interesting (a very subjective criteria as you see). The amount of noted became quite large, hence it's time to publish another Random-series post.

-=*) Hacking
As you probably already know, Tavis has found two very interesting vulnerabilities in the DSO loader of glibc (both related to LD_AUDIT). A must read!
http://seclists.org/fulldisclosure/2010/Oct/257
http://seclists.org/fulldisclosure/2010/Oct/344

-=*) Hacking
Marcin "Icewall" Noga (with whom I had the pleasure of working with at Hispasec) has published a very interesting research about long paths on Windows (it seems that the path limit is much larger than 255 characters). Icewall has also tested how various antivirus software (and similar) react to using long paths, and the results are quite bloody ;p. A must read for Windows researchers.
http://www.icewall.pl/2010/10/15/ - blog post with some additional screen shots
http://www.icewall.pl/download/longpaths.pdf - the published research paper

-=*) Hacking
Lcamtuf has published a very interesting post about the possibility of "stealing" the content of webpages using a very cleaver and cunning extended version of clickjacking. A must read for web researchers!
http://lcamtuf.blogspot.com/2010/10/attack-of-monster-frames-mini.html

-=*) Code
I've got a very interesting info from furio: Marc Kerbiquet has created an XML library in... assembly :). Respect for diligence, and for making the code so fast (I'm afraid to think how fast the code would be if Marc would additionally use the PSTRxCMPy instruction from SSE 4.2).
http://tibleiz.net/asm-xml/benchmark.html

-=*) Electronics
Home made MP3WAV-player:
http://hackaday.com/2010/10/17/homemade-music-player/

-=*) Hacking
Your daily source for publications, slides, video recordings etc, everything hacking/security related. It's beautiful :)
http://secdocs.lonerunners.net/

-=*) Other
Some time ago I've written a post on the Polish side of the blog, saying that an (IT-related) employer is more interested in your actually skills than in what University you have finished. Recently I found a job offer which is a perfect example of my theory:
Please do not send typical resumes: don't write about schools you finished, certificates you obtained, driving license, scuba trainings, etc. We are only interested in a short bio (keep it below 100 words please), and links to your past or current projects.

-=*) Assembly
Up-to-date lists of execution time of different x86 instructions on various CPUs (I've got this link afair from someone on ##asm on freenode, however I can't recall from who exactly ;<).
http://www.agner.org/optimize/instruction_tables.pdf

-=*) Assembly
Speaking of which, there also is a published version of a paper I use quite often, about calling conventions (cdecl, fastcall, etc). I recommend looking at it, especially if you have never seen this paper before.
www.agner.org/optimize/calling_conventions.pdf

-=*) Low-level
Peter Ferrie on his blog has written about a simple VM found in a very very old game.
http://blogs.technet.com/b/mmpc/archive/2010/10/08/prehistoric-virtual-machines.aspx

-=*) Other
I've stumbled on a list of ANSI escape codes supported by xterm. Hmm, it seems that my ansi hack needs a little upgrade :)
http://home.comcast.net/~urbanjost/CLONE/UNIX_SCRIPTS/scripts_xterm/html/escape.txt

-=*) Science
Programmable magnets... interesting :)
http://science.slashdot.org/story/10/10/22/1220230/Programmable-Magnets?from=hell

-=*) Other
An article about publishing a book by authors themselves, in an e-book form at first (with printed version following). I've found the answer for the question I had for some time now - why are the e-books so expensive (sometimes even more expensive than normal paper edition), even though the publisher doesn't pay for printing, paper, ink, etc... (spoiler: it's so expensive because of the publisher ;p).
http://www.huffingtonpost.com/ja-konrath/ebooks-and-self-publishing_b_764516.html

-=*) Hacking, Code
An awesome quite ending the post (j00ru found it someplace):
There are only two hard problems in Computer Science: cache invalidation, naming things, and off-by-one errors.

Done.

Comments:

2012-01-23 20:02:04 = Quiq
{
Interesting stuff on the website! Keep it this way!
}

Add a comment:

Nick:
URL (optional):
Math captcha: 10 ∗ 4 + 5 =