lenish

Internet EDM Task Force https://t.co/PnenH6Ig5S

Ever curious about HTTP Smuggling? Check out HTB's Sink video, it abuses a bug between HAPROXY and GUNICORN to trick the server into writing someone else's HTTP Headers into your POST Request. Allowing you to steal the cookies! https://t.co/O1hLPJWxvz

It's finally ready: Prodfiler, a continuous profiler that "just works" -- for C/C++/Rust/Go/JVM/Python/Perl/PHP -- no code change required, no symbols on the machine required, no service restart required. Check out: https://t.co/EL2DHpoLkl or the blog post below.

I can't believe it: Intel decided to be open about the debugging capabilities of their chips. Our work definitely bears fruit: https://t.co/hAvhQekkYJ

TIL bash namerefs foo() { local -n array=$1 array+=( a ) } bar() { declare -a arr foo arr # note the lack of a $ echo "${arr[@]}" } Prints: a

Source for those curious: https://t.co/iAed6E9V0l

This is an amazing paper. It implies (with strong statistical evidence) that the design of a major mobile-data encryption algorithm — used in GPRS data — was deliberately backdoored by its designer. https://t.co/kC4DUpceXN

Private chatrooms in Slack are engineering culture cancer. Engineering decisions should be a matter of record all engineers can review.

This is bonkers: At a large enough scale, you will have CPUs that develop silent corrupt execution errors. Manufacturing and burn-in tests miss these: https://t.co/uUyW8RPR8w

The QUIC transport is now RFC9000 https://t.co/jw4aBbqYXP. Amazing work by everyone. Like recent protocols like TLS 1.3 its already deployed to a huge % of the internet traffic even before RFC which is a testament to the success of the IETF process.

Programming is fun. Engineering is work.