lebr0nli

from pwn import *
import dis


def gen_varname() -> str:
    d = {}

    class Checker:
        def __getattribute__(self, __name: str) -> bool:
            if d.get(__name, False):

djspiewak

What follows are some of my (very) rough thoughts on what we can and should do with respect to CPS transformation in Scala at the language level. I'll try to start with some motivation behind my thinking, as well as some rambling observations on the nature of the problem space, but don't expect too much coherence here. :-)

The Problem

Async programming is hard.

Okay let's actually be more specific than that. High-performance I/O is hard. Signal multiplexing is a powerful technique for achieving high(er) performance I/O, particularly network I/O, but the tradeoff is that, in order to utilize it, the user-space programming model must allow for suspension and resumption of sequential continuations (often called "fibers" or "coroutines"). Achieving this type of programming model without significant tradeoffs in usability is what is exceptionally hard.

If that wasn't bad enough though, these problems are inextricably conflated with another set of problem spaces which are, themselves, very difficult. In

loknop

Solving "includer's revenge" from hxp ctf 2021 without controlling any files

The challenge

The challenge was to achieve RCE with this file:

<?php ($_GET['action'] ?? 'read' ) === 'read' ? readfile($_GET['file'] ?? 'index.php') : include_once($_GET['file'] ?? 'index.php');

Some additional hardening was applied to the php installation to make sure that previously known solutions wouldn't work (for further information read this writeup from the challenge author).

I didn't solve the challenge during the competition - here is a writeup from someone who did - but since the idea I had differed from the techniques used in the published writeups I read (and I thought it was cool :D), here is my approach.

strellic

let fn = function() {
   async function x() {
        let r = await fetch(`/api/admin/pz/ex`, { method: `POST` });
        let prob = (await r.json()).ex.split(' ');
        let a = parseInt(prob[0]), op = prob[1], b = parseInt(prob[2]);
        let ans = 0;
        if(op === '+') ans = a+b;
        if(op === '*') ans = a*b;
        if(op === '-') ans = a-b;
        if(op === '/') ans = a/b;

hwayne

nrinaudo

Introduction

I was recently asked to explain why I felt disappointed by Haskell, as a language. And, well. Crucified for crucified, I might as well criticise Haskell publicly.

First though, I need to make it explicit that I claim no particular skill with the language - I will in fact vehemently (and convincingly!) argue that I'm a terrible Haskell programmer. And what I'm about to explain is not meant as The Truth, but my current understanding, potentially flawed, incomplete, or flat out incorrect. I welcome any attempt at proving me wrong, because when I dislike something that so many clever people worship, it's usually because I missed an important detail.

Another important point is that this is not meant to convey the idea that Haskell is a bad language. I do feel, however, that the vocal, and sometimes aggressive, reverence in which it's held might lead people to have unreasonable expectations. It certainly was my case, and the reason I'm writing this.

Type classes

I love the concept of type class

soronpo

Taken from https://gitter.im/scala/contributors?at=5c0981af80986419d54dd08d

Stefan Zeiger @szeiger:

I'll try to give a high-level explanation (with imprecise types): In order to build something (like the result of 1.to(10).map(identity)) you use a Builder[E, To] to which you add elements of type E and eventually get a result To. That way a single implementation of map can build different result types. In order to get such a Builder you need a factory, i.e. a () => Builder[E, To]. We call this type CanBuild and pass an implicit instance of it to map. You usually don't care who's doing the building (Range in this case) but for the sake of finding an implicit CanBuild you want the source collection to determine the result type To (e.g. calling map on a List should build another List).

geek-at

#include <ESP8266WiFi.h>
#include <WiFiUdp.h>

WiFiUDP Udp;
const char* ssid = "yourwifiSSID";
const char* password = "yourwifipassword";
const int threshold = 400;        //this is the threshold how high the value has to be to be registered as a flash.
                                  //400 works great for me since flashes are usually ~600

IPAddress remoteIP(192,168,1,117); // the IP address of your Influxdb server

milessabin

import scala.language.higherKinds

// Whitebox ...
trait Schema[T, R] {
  def conv(t: T): R
}

object Schema {
  // Whitebox macro: R is computed from T
  implicit def mkSchema[T, R]: Schema[T, R] = ??? // macro ...

lihaoyi

Provisional benchmarks of AST-free serialization puts my WIP branch of uPickle about ~40% faster than circe on my current set of ad-hoc benchmarks, if the encoders/decoders are cached (bigger numbers is better)

playJson Read 2761067
playJson Write 3412630
circe Read 6005895
circe Write 5205007
upickleDefault Read 4543628
upickleDefault Write 3814459
upickleLegacy Read 8393416