I made a very explicit, pragmatic design decision with afl-fuzz: for performance and reliability reasons, I did not want to get into static analysis or symbolic execution to understand what the program is actually doing with the data we are feeding to it. The basic algorithm for the fuzzer can be just...
Bitcoiners: Surely we can do Buiter than this?
Willem Buiter has a very nice piece critiquing the Swiss Gold Initiative; see here.Unfortunately, Buiter starts talking about Bitcoin, making false analogies between the cryptocurrency and gold. He should have just focused...
afl-fuzz: crash exploration mode
One of the most labor-intensive portions of any fuzzing project is the work needed to determine if a particular crash poses a security risk. A small minority of all fault conditions will have obvious implications; for example, attempts to write or jump to addresses that clearly come from the input file...
Swift UIScrollView with Auto-Layout and Size Classes
UIScrollView with Auto-Layout and Size ClassesA simple tutorial on making scrollable view that can accommodate any screen sizes. Download Link.1.) First, of course we need a scrollview. So, drag a scrollview inside the storyboard...
Japan: Some Perspective
So Japan is in recession. And it's all so unexpected. Ring the alarm bells! Well, hold on for a moment. Take a look at the following diagram, which tracks the Japanese real GDP per capita since 1995 (normalized to...
Roger Farmer on labor market clearing.
While I'm a huge fan of Roger Farmer's work, I think he gets this one a little wrong: Repeat After Me: The Quantity of Labor Demanded is Not Always Equal to the Quantity Supplied. I am, however, sympathetic to the...
Kunsten å velge tall som passer
Det finnes ikke grunnlag for å hevde at Statlige selskaper vil gi bedre avkastning enn oljefondet. Av ukjent grunn hevder likevel arbeiderbevegelsen stadig vekk det motsatte. Siste ute er andre nestleder i LO Hans-Christian Gabrielsen i et innlegg i Klassekampen. Gabrielsen har lett etter eksempler...
Exploitation modelling matters more than we think
Our own Krzysztof Kotowicz put together a pretty neat site called the Bughunter University. The first part of the site deals with some of the most common non-qualifying issues that are reported to our Vulnerability Reward Program. The entries range from mildly humorous to ones that still attract some...
How to get git build id using maven
There are times when git's build number is important for a release. Specially in development mode, when there are frequent releases. So if we want to append the build number on our page, how do we automate it?For us to achieve this we will need 2 maven plugins: org.codehaus.mojo:buildnumber-maven-plugin...
A dirty little secret
Shhh...I told you *nothing!* There's been a lot of talk lately about the so-called "Neo-Fisherite" proposition that higher nominal interest rates beget higher inflation rates (and vice-versa for lower...
Pulling JPEGs out of thin air
This is an interesting demonstration of the capabilities of afl; I was actually pretty surprised that it worked!$ mkdir in_dir$ echo 'hello' >in_dir/hello$ ./afl-fuzz -i in_dir -o out_dir ./jpeg-9a/djpegIn essence, I...
How to run automate undeploy, redeployment in jboss using jenkins
Deploy on the same server where jenkins is deployed. JBOSS_HOME/bin/jboss-cli.sh -c --user="czetsuya" --password="broodcamp.com" --commands="undeploy broodcamp.war,deploy $WORKSPACE/broodcamp/target/broodcamp.war"Deploy on a different server. JBOSS_HOME/bin/jboss-cli.sh controller=127.0.0.3 -c --user="czetsuya"...
REST Testing with Arquillian in JBoss
This article will explain how we can automate REST web service testing using Arquillian and JBoss web server.First, you must create a javaee6 war (non-blank) project from jboss-javaee6 archetype. This should create a project with Member model, service, repository, controller and web service resource....
