1. 3

    Working on Israel’s Indie Hackers Chapter - indietlv.com (pretty much basic right now) and a DNS over TLS library and client for Node.js:

    1. 2

      Working on a Node.js dns-over-tls library - https://github.com/sagi/node-dns-over-tls and a command line client that uses it.

      1. 1

        In StrangeLoop 2016, Dan Luu had an awesome talk about BitFunnel and search performance:

        Talk: https://www.youtube.com/watch?v=80LKF2qph6I

        Transcripts: http://bitfunnel.org/strangeloop/

        1. 3

          Nice write-up, especially the fix analysis at the end.

          How did you find the bug to begin with?

          1. 3

            I’m sorry for the late response. I only noticed your comment now.

            Not much of a war lore. I simply searched for problematic copy_from_user() cases :)

            1. 2

              Thanks! Too bad I can’t edit.

              1. 1

                Ask a mod to change it - @kyle @Irene or @jcs

                1. 3


            1. 2

              Julia Evans is awesome! Definitely one for the RSS feed.

              1. 6

                Sounds like they’re trying to burn as many exploits used in expensive surveillance suites as possible. Good for them for having the budget to host this :)

                1. 4

                  Yup! I’m thrilled to see the exploit-chains that are submitted.

                  Their requirements are high:

                  1. attack vectors: email rendered by gmail app, SMS opened by messenger app.
                  2. remote code execution should elevate privileges to (at least) system security context.
                  3. exploit-chain should work on both nexus 6p and nexus 5x (an attempt to eliminate vendor-specific threats).

                  I recon that we’re about to see an exploit-chain that starts with the baseband-modem (i.e. messing with GSM / CDMA stuff).

                  Exciting times :)