Skip to content

Instantly share code, notes, and snippets.

@christoofar
christoofar / reader_angst.md
Last active April 21, 2024 23:44
I seriously dislike `io.Reader`, `io.ReadCloser`, `io.Writer`...

TLDR version: People who were obsessed* about simplifying things created a coding pattern that is overtly complex to do a chore that is brain-dead simple.

* Developers drowning in object taxonomies, mainly.

So, anyway...

One thing that really grinds my gears while writing safexz is the ByteReader antipattern. Consider this: image

IIRC this pattern first appeared in Smalltalk or Objective-C then found its way over to Java into (what I call) a Nastypattern™:

package main
import (
"fmt"
)
type content struct {
children []content
id int
}
@christoofar
christoofar / main.md
Last active April 21, 2024 22:01
Wrapping a C library call in a defensive Go routine
This study focuses on the strategies used by the "xz backdoor", an extremely
complex piece of malware that contains its own x64 disassembler inside of it 
to find critical locations in your code and hijacks it by swapping out your 
code with its own as it runs.  Because this a machine-code based attack,
all code written in any program language can be attacked and is vulnerable.

Instead of targeting sshd directly, the xz 
backdoor injects itself in the parent systemd process then hijacks the 
GNU Dynamic Linker (ld), before sshd is even started or libcrypto.so is