QEMU VM Escape

This post will describe how I exploited CVE-2019-14378, which is a pointer miscalculation in network backend of QEMU. The bug is triggered when large IPv4 fragmented packets are reassembled for processing. It was found by code auditing.

Things I Learnt from a Senior Software Engineer

https://neilkakkar.com/assets/images/github.png
A year ago, I started working full-time at Bloomberg. That ’s when I imagined writing this post. I imagined myself to be full of ideas that I could spit out on paper when the time comes. Just one month in, I realised it won ’t be that easy: I was already ...

Spacebook: AGI's near Real-Time satellite viewer

Zen 2 Missives – AMD now delivering efficiencies that are double that of Intel

After languishing through the CPU dark-ages (read: Intel trying real hard to keep people on 4 cores so they could charge an arm and a leg for more), the last two years has seen a vertible tsunami of advances in CPU technologies. AMD's introduction ...

Show HN: YouTube Decade – The most-viewed videos posted 10 years ago

I promise our only ad isn't annoying. Consider whitelisting this page. Thank you for visiting either way. Come back in to see a new list of most viewed videos from ten years ago.

I love my paper dictionary (2017)

https://austinkleon.com/wp-content/uploads/2017/08/DG-EijmU0AAYRQt-1-600x600.jpg
Free tip for young writers: Go to Goodwill and buy a gigantic used paper dictionary for $5 and keep it on your desk. Here’s mine: All sorts of interesting, serendipitous things happen when you use a paper dictionary, because when you look for a specific ...

Rabbit Holes: The Secret to Technical Expertise

http://img.bityard.net/blog/rabbit-holes/image1.png
Sometimes, the simplest questions take you on exciting journies. This was, in fact, the most powerful and motivating force that got me into doing computery things from a very young age. I would ask a question, how do I X? And after some poking around ...

How the Great Truth Dawned

https://www.newcriterion.com/storage/app/uploads/public/4d5/65a/1b3/thumb__0_0_0_0_auto.png
A leksandr Solzhenitsyn’s three-volume opus, The Gulag Archipelago, which some have called the most important masterpiece of the twentieth century, is subtitled: “An Experiment in Literary Investigation. ”Consider how odd that is. No Westerner would call ...

Rodney Brooks

https://cdn.technologyreview.com/i/images/brooks1.jpg?sw=959&cx=0&cy=0&cw=2000&ch=2667
The professor who got robots zipping through the world—and cleaning house—by challenging conventional wisdom in AI. R odney Brooks was hot, bored, and isolated at his in-laws ’home in Thailand when he had an inspiration that would redirect the field of ...

The A-Z of Programming Languages: Interviews with programming language creators [pdf]

Ada: S. Tucker Taft . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Arduino: Tom Igoe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ...

The Path to Dijkstra’s Handwriting (2013)

https://joshldavis.com/img/handwriting/bad1.png
It's called Recompiled and it's where I'll be writing more about technology, software, and history. Follow it on Twitter @recompiledco to know when new articles are published.

How Facebook Tracks You on Android (2018) [video]

Cowrie: a medium-interaction SSH and Telnet honeypot

https://avatars2.githubusercontent.com/u/13053933?s=400&v=4
Cowrie is a medium interaction SSH and Telnet honeypot designed to log brute force attacks and the shell interaction performed by the attacker. Cowrie also functions as an SSH and telnet proxy to observe attacker behavior to another system.

Freshermeat – Open-Source Security Software

Freshermeat - Open Source Security Software

How four packets broke CenturyLink's network

https://regmedia.co.uk/2019/08/20/shutterstock_broken_cable.jpg?x=442&y=293&crop=1
A handful of bad network packets triggered a massive chain reaction that crippled the entire network of US telco CenturyLink for roughly a day and a half. This is according to the FCC's official probe [PDF] into the December 2018 super-outage, ...

Webmin 1.890 Exploit – What Happened?

http://www.webmin.com/images/virtualmin-ad2.png
Webmin version 1.890 was released with a backdoor that could allow anyone with knowledge of it to execute commands as root. Versions 1.900 to 1.920 also contained a backdoor using similar code, but it was not exploitable in a default Webmin install. ...

Min Chiu Li

https://upload.wikimedia.org/wikipedia/commons/thumb/d/da/Li%2C_min_Chiu.jpg/220px-Li%2C_min_Chiu.jpg
Jump to navigation Jump to search Min Chiu Li ( Chinese: 李敏求; pinyin: Lǐ Mǐnqiú; 1919–1980) was a Chinese-American oncologist and cancer researcher. Li was the first scientist to use chemotherapy to cure widely metastatic, malignant cancer. [3] ...

Salsify – A New Architecture for Real-time Internet Video

https://snr.stanford.edu/salsify/images/testbed.jpeg
It's just the HTML template! They all look like this. We promise, this is an academic research project at a university. The code is open-source, and the paper and raw data are open-access. The hope is that these ideas will influence the industry ...

Chicken Hypnotism

https://upload.wikimedia.org/wikipedia/commons/thumb/1/1e/Chicken_Hypnosis.webm/220px--Chicken_Hypnosis.webm.jpg
Jump to navigation Jump to search A chicken can be hypnotized, or put into a trance, by holding its head down against the ground, and drawing a line along the ground with a stick or a finger, starting at the beak and extending straight outward ...

Banned C standard library functions in Git source code

Git Source Code Mirror - This is a publish-only repository and all pull requests are ignored. Please follow Documentation/SubmittingPatches procedure for any of your improvements. - git/git

iPaaS – Integration Platform as a Service

https://altkomsoftware.pl/en/wp-content/uploads/sites/6/2019/08/iPaaS.png
As a Software House, we observe that more and more customers are starting to use cloud computing. This is no longer a forbidden fruit, but it is becoming one of the key elements of modern IT infrastructure. Most companies have some combination of cloud ...

Artist: Unknown – Identifying the artist behind an artwork (2018)

https://66.media.tumblr.com/2413a2ea5d3a41efc625aa27fbe64b83/tumblr_inline_pia8b22tHZ1w169t0_500.jpg
You are in museum. All around you are presented works from different times and places, some famous, others less so. During your visit, you hear here and there people praise their aesthetic qualities, while noticing that their talk often run out of steam ...

Woman Finds Yellow Diamond While Watching YouTube Video on How to Find Diamonds

https://i.kinja-img.com/gawker-media/image/upload/s--VcD7XMEV--/c_scale,f_auto,fl_progressive,q_80,w_800/qwj3fs8nuotszms1l5a5.jpg
A Texas woman on a first-time visit to Arkansas’ Crater of Diamonds State Park says she discovered a nearly 4-carat yellow diamond—while watching a YouTube video about how to find the precious gemstones. According to a report on the discovery from the ...

A Look at the Evolution of the Dial Telephone (2004)

http://www.arctos.com/dial/dialface-1.gif
Most of the telephones shown here were manufactured by Western Electric for the American Telephone & Telegraph Company and the Bell System. Model A1 The A1 was built upon the base of the 51AL candlestick. The post was shortened ...

Dyson Tree

https://upload.wikimedia.org/wikipedia/commons/thumb/3/3d/Freeman_Dyson.jpg/220px-Freeman_Dyson.jpg
Jump to navigation Jump to search A Dyson tree is a hypothetical genetically-engineered plant (perhaps resembling a tree) capable of growing in a comet, suggested by the physicist Freeman Dyson. [1]Plants could produce a breathable atmosphere ...

How do black holes destroy information and why is that a problem?

https://lh5.googleusercontent.com/proxy/ivnti9vRFG28mjmTyIsiTBIRAI099LqAZYAalqcxbQD1j5spQirzLoX_8ubDwwFr1j7O7KzyOe4RsngiLfgcPNdPGKs=w1200-h630-n-k-no-nu
Today I want to pick up a question that many of you asked, which is how do black holes destroy information and why is that a problem? I will not explain here what a black hole is or how we that know black holes exist, for this you can watch ...

Taking History Personally

https://www.the-tls.co.uk/wp-content/themes/tls/images/logo.jpg
On the summer’s day in 1881 that President James A. Garfield met his assassin, he sang Gilbert and Sullivan songs over breakfast. He teased his sons, then he rode with his wife to the train station. There, Charles Guiteau, who had been hiding in a ladies’ toilet, emerged with an ivory-handled...

Roof algae: The prehistoric organism that streaks your shingles (2013)

You don't have permission to access "http://www.washingtonpost.com/wp-srv/special/metro/urban-jungle/pages/130618.html" on this server.

The Cherokee want a representative in Congress, taking up a 200-year-old promise

https://cdn.cnn.com/cnnnext/dam/assets/180602201610-native-american-van-in-van-sot-van-jones-00001304-large-169.jpg
(CNN)The Cherokee Nation announced Thursday that it intends to appoint a delegate to the US House of Representatives, asserting for the first time a right promised to the tribe in a nearly 200-year-old treaty with the federal government.

Facebook emails show internal concerns being raised about Cambridge Analytica

https://techcrunch.com/wp-content/uploads/2018/04/gettyimages-944208346.jpeg?w=616
Oh hey, y’all, it’s Friday! It’s August! Which means it’s a great day for Facebook to drop a little news it would prefer you don’t notice. News that you won’t find a link to on the homepage of Facebook’s Newsroom — which is replete with colorfully illustrated items it does want you to read (like […]