1. 1

    Why would someone choose IDA today over radare or something like vivisect? It seems like there are lots of free, popular, scriptable debuggers these days. Why is IDA’s price tag worth it?

    1. 1

      radare is incredibly slow compared to IDA (try reversing a decently sized binary and saving the assembly out.) There’s also a great plugin ecosystem built around IDA.

      1. 1

        ahh that’s a bummer. thanks for the info. did much of that plugin system just break with the 64 bit change? are there many useful-yet-unmaintained plugins that just got erased?

    1. 2

      An Spanish article about encryption tagged as scala?

      1. 3

        Scala is from the Latin word scāla, which means stairs or in some romance languages, steps.

        I can see why a Spanish speaker not familiar with English would pick that tag for a tutorial.

        1. 2

          As a native Spanish speaker I can’t see the relationship

      1. 4

        Fascinating, although I wish the author had mentioned which country they are in.

        1. 5

          From the map image, they’re in Dhaka, Bangladesh.

          1. 5

            Wow, I’m impressed that you managed to figure that out! How did you do it?

            1. 1

              Ah, that would explain why they needed a “nationwide ISP license”. I was reading this from a US perspective and had no idea what the author was talking about.

          1. 9

            I was trying to look for resources on “real time file parsing”, but I don’t know the true terminology (I suspect there’s one! “incremental parsing” seems to be it, although i can’t find more formal stuff).

            I wanted to know of the techniques that can be used to parse a file, hold the AST, and update the AST as the file is updated as well (content can be added, or removed, or inserted at the middle of the file). A poor man’s implementation could involve some filediff library (can libgit handle this?).

            1. 7

              Are you familiar with the concept of a zipper?

              1. 4

                any other explanation of what a zipper is. My understand of it is quite fuzzy

                1. 4

                  Yeah, that explanation isn’t great. At its core, a zipper is a data structure for looking into and moving around another data structure. It essentially works by separating the “focus” (the part of the original data structure at which you are currently looking), and the “context” (the rest of the data structure).

                  As a simple example, if you have a list like [1, 2, 3, 4, 5, 6], the zipper of this list would look like [[2, 1], 3, [4, 5, 6]]. The single element (‘3’) is the “focus,” and the two lists (the first one reversed, for efficiency) are the “context.” You can then define functions to move this zipper to the left ([[1], 2 [3, 4, 5, 6]]) or the right ([3, 2, 1], 4, [5, 6]).

                  This notion of the zipper can be generalized to other data structure (a tree is a common example). In every case, the idea is how to efficiently walk through and view the innards of a particular data structure, particularly across repeated operations. If you want to operate on a segment of a tree, it’s easier to get a zipper of that tree with the focus on the desirable section, and then operate on that focus, than it is to repeatedly find the important part. In a functional context, the zipper facilitates this.

                  Huet’s original paper on this is quite good, I think.

                  1. 4

                    Superb explanation, thank you for making this so crystal clear.

                    1. 3

                      Thanks! I’m glad it helped! I had similar issues understanding zippers when I first learned about them. I really think introducing them with lists is easier than introducing them with trees, which is what most tutorials I’ve found do.

                    2. 1

                      That’s super and thanks a lot for the link to the orginal paper. When you say to move around another data structure, I suppose you mean without modifying the original one ? An I suppose it include create a copy modified of the data structure without modifying the original one

                2. 4

                  “incremental parsing” generally refers to the idea of your parser being able to wait for input and/or be given more input.

                  Say if you are writing a parser for c and your input so far has been

                  struct foo {
                      int a;

                  your parser can ‘halt’ and ‘wait for more input’ as it can clearly see this struct isn’t finished, this isn’t a complete program specification yet.

                  However, to the best of my knowledge, “incremental parsing” doesn’t include the ability to modify previously parsed things - that is it is only additive and doesn’t allow for removal or modification.

                  If you find a solution on this or a term to encapsulate it, please share, I would be very interested!

                1. 10

                  It actually likely cost much more than $336k - possibly more than a million. There are a few parts at play here.

                  There is a minimum obligation of $336,413.59 (box 26), likely to cover the base period of the contract. But, that’s just the first six months of a two year contract. The contract actually includes three more six-month option periods and has a total cost ceiling of a whopping $1,176,280.72 (see the supply the schedule.)

                  There isn’t enough material to decide if the 18-months of option periods were actually funded. However, contractors almost always get these. Also, and this is a time and materials contract, so the TSA may have spent much less than $336k (you would need to look at invoices to see how much IBM actually billed.)

                  Is $1.2M outrageous? The GSA contract vehicle (GS-35F-4984H) given is for general IT hardware, software, and services. The randomize contract is written for “mobile application development,” which means it was a services contract and mostly went to developers, engineers, project managers, etc.

                  IBM has public rates available for this contract for 2016. Who knows what labor categories they used for billing the government, but going with a rate of $200/hr we get a maximum of about 5881 hours or about 3 person-years of effort.

                  1. 2

                    Yeah, and if you’re looking for the hourly rates from the government, https://news.slashdot.org/story/15/10/22/2336220/government-team-experiments-with-paying-for-small-open-source-tasks indicates that an average winning rate for a “Senior Consultant” w/ a BS degree and 5 to 10 years of experience is 171 USD/hour, which has to cover business expenses, overhead, supervision, contract searching, bench time etc. Compare that with the averaged salaried employee only making 50 USD/hour.

                    1. 1

                      According to this article[1] the app itself cost $47K and was only part of the entire contract.

                      The total development cost for the randomizer app was $47,400, a TSA spokesperson told Mashable, which was part of the $336,413.59 contract. The spokesperson declined to elaborate on what else the contract entailed.

                      [1] http://mashable.com/2016/04/04/tsa-ibm-randomizer-app/#1x4kszSOHPqo

                      1. 1

                        Thanks for clarifying; I’ve updated the post to include a lot of the info here, and linked to this comment.

                      1. 11

                        Looks like they were turning off parts of the NOx adsorber. Here’s the detailed EPA write-up in VW’s case: http://www3.epa.gov/otaq/cert/documents/vw-nov-caa-09-18-15.pdf

                        There’s some detail on the detection algorithm:

                        based on various inputs including the position of the steering wheel, vehicle speed, duration of the engine’s operation, and barometric pressure. These inputs precisely track the parameters of the federal test procedure used for emission testing