1. 4

    Working on a really fun project that I hope to present at a conference this summer (I’ll post something here if that comes to pass). The project is for work, but we’ll be open-sourcing it.

    Without giving too much away, it involves efficient evaluation of potentially enormous sets of boolean functions with predicates of different costs, where predicates can be shared among functions. The goal is to find all of the functions that match a given set of predicates while minimizing the cost function.

    (All of this is to massively speed up the primary product that I work on, which ends up solving a lot of decision problems in a soft-real-time environment.)

    On the personal side of the house, I’m thinking about removing the ncurses dependency in mtm by creating a lighter-weight terminal abstraction library that assumes it’s running on a fairly recent terminal. I’ve been tinkering more with sam as well, though it’s getting to the point that 30 year old code just isn’t cutting it…I think the terminal part is going to have to be completely rewritten.

    1. 1

      (All of this is to massively speed up the primary product that I work on, which ends up solving a lot of decision problems in a soft-real-time environment.

      I was going to say that a NIDS could use that but I figured you were ahead of me there. Fascinating project. :)

      1. 2

        Given what I’ve seen you post here (and your username), I have a feeling you and I do a lot of similar work. Actually, given how small the industry is, I wouldn’t be surprised if we know each other or are at most like one degree of separation away.

        1. 2

          I appreciate it. I’m not currently in the industry, though. Most of the jobs I was offered in industry were about doing security on paper in companies that don’t really care. That’s just not me. I do this stuff on the side of my main job that’s more business and service oriented. I work with people all day, do deep programming and security R&D at night. Or vice versa depending on scheduling. It did buy me a chance to survey, study, and do activist work with thousands of people over time. Learned and experienced a lot the security jobs wouldn’t have taught me.

          I’m thinking of switching into paid R&D soon, though. I want to try to build my Brute-Force Assurance concept in case it’s useful to people in your position. Plus cuz someone needs to build something like it. Maybe also try injecting high-security into commercial and FOSS products in way that maintains competitiveness and minimizes cost. If things go well, you’ll probably run into me in person at a conference eventually. :)

      2. 1

        I need this. I thought about making something like that for a long time to optimize some code if have.