PoC||GTFO 0x08

International Journal of Proof-of-Concept or Get The Fuck Out (PoC||GTFO or PoC or GTFO) posted issue 0x08 this month

What an interesting piece of work. I found 0x08 brought me a little bit of joyful glee when I read this technical note: 

This issue is a polyglot that can be meaningfully interpreted as a ZIP, a PDF and a Shell script featuring the weird cryptosystem described in 8:12. We are the technical debt collectors!

... and it actually worked. 

Other fantastic pieces in this issue:

  • An article written by Scott Bauer, Pascal Cuoq, and John Regehr wherein they show how a backdoor can be constructed (proof of concept provided for sudo) out of a known mis-compilation.

  • A rant on the nature of academia which I am incredibly sympathetic to:

    The scientific community has a structural problem. In computer science, we do not require researchers to build real systems that can be scrutinized. We do not have a mechanism for thorough review, so we generally do not bother publishing work that breaks another paper. Our field just doesn’t consider a broken paper to be particularly notable.

    Academics in computer science are too often doomed to talk nonsense unless we fix these issues. Further, researchers in our field are continuing to verge towards irrelevance if they simply follow the system of incentives that makes it a better career move to drop a paper and file a patent than do the work of building real systems and determining real truths about our machines.

Given how much I've enjoyed the percentage of this issue of PoC||GTFO, it looks like I really ought to dig into the back-catalogue.

Somehow, I've become very interested in computer security writing. Though I'm not sure what working in computer security would be like, I have to say, I enjoy reading about it quite a bit. I've noticed that my Twitter feed is at least a quarter people from info-sec.


What Is Code?

Paul Ford has written an absolute epic, called What Is Code?

Lots and lots of good stuff in it.

Java was supposed to supplant C and run on smart jewelry. Now it runs application servers, hosts Lisplike languages, and is the core language of the Android operating system. It runs on billions of things. It won. C and C++, which it was designed to supplant, also won. A lot of things keep winning because computers keep getting more plentiful. It’s weird.

Also:

Compilation is one of the denser subjects in computer science, because the lower down you go, the more opportunities there are to do deep, weird things that can speed up code significantly—and faster is cheaper and better. You can write elegant, high-level code like F. Scott Fitzgerald, and the computer will compile you into Ernest Hemingway. But compilers often do several passes, turning code into simpler code, then simpler code still, from Fitzgerald, to Hemingway, to Stephen King, to Stephenie Meyer, all the way down to Dan Brown, each phase getting less readable and more repetitive as you go.

A great read. Takes a long time though. 30,000 words!

Alberta Election 2015

As the polls started to roll in last night, I went from hopeful to excited, excited to disbelief, and disbelief to wonderment. 

After a week of talking with friends about how it was so unlikely for an  NDP majority, and accustoming myself to the idea that it would be an NDP official opposition, seeing them take government was an incredible ride. 

Alberta is going to be a place to watch. Interesting times to be sure. 

Sunrise

This morning, I got up with the sun. I really missed this over the winter — there's something lovely about having the sun pouring into your bedroom as you wake up. 

We'll see how I feel about it when the sun is getting up an hour or more before I want to 😁.

Rouge Park

Good Friday was the warmest day in recent memory. It was fortunate then that we had chosen to go on a little adventure that day, an adventure to Rouge Park. 

It was lots of fun, here's a few pictures.