This study focuses on the strategies used by the "xz backdoor", an extremely
complex piece of malware that contains its own x64 disassembler inside of it
to find critical locations in your code and hijacks it by swapping out your
code with its own as it runs. Because this a machine-code based attack,
all code written in any program language can be attacked and is vulnerable.
Instead of targeting sshd directly, the xz
backdoor injects itself in the parent systemd process then hijacks the
GNU Dynamic Linker (ld), before sshd is even started or libcrypto.so is
Raimon Grau kidd
christoofar
/ main.md
Last active
April 21, 2024 22:01
Wrapping a C library call in a defensive Go routine
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (defmacro cond+ [& clauses] | |
| (when-some [[test expr & rest] clauses] | |
| (condp = test | |
| :do `(do ~expr (cond+ ~@rest)) | |
| :let `(let ~expr (cond+ ~@rest)) | |
| :some `(or ~expr (cond+ ~@rest)) | |
| `(if ~test ~expr (cond+ ~@rest))))) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ;;; it's a map that hates if you try to get the key `:dataset` from it. NOCOMMIT | |
| (declare ->DatasetHatingMap) | |
| (defn- check-for-dataset-key [k] | |
| (when (= k :dataset) | |
| (throw (ex-info ":dataset is deprecated, use :type instead!" {})))) | |
| (p/def-map-type DatasetHatingMap [m] | |
| (get [_this k default-value] | |
| (check-for-dataset-key k) |
EcZachly
/ groups.sql
Created
November 6, 2023 21:11
How to write an algorithm to group people in optimized groups based on timezone and track
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- first query all the users | |
| WITH offsets AS (SELECT a.*, | |
| EXTRACT(hour FROM ptn.utc_offset) AS utc_offset | |
| FROM bootcamp.attendees a | |
| JOIN pg_timezone_names ptn ON a.timezone = ptn.name | |
| WHERE a.bootcamp_version = 3 | |
| AND a.timezone IS NOT NULL | |
| AND a.content_delivery = 'Live'::text | |
| ), | |
| -- then aggregate the users by track and offset, we want matching timezones to fill up first |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- create_temporal_past_table creates a new table with the same structure | |
| -- as the current table. Adds triggers to copy all changed or deleted rows | |
| -- from the current table to the past table. | |
| CREATE PROCEDURE admin.create_temporal_past_table(curr_tbl regclass, past_tbl text) AS $fn$ | |
| DECLARE | |
| curr_tbl_qual text := simc.quote_regclass(curr_tbl); | |
| past_tbl_schema text := (parse_ident(past_tbl))[1]; | |
| past_tbl_name text := (parse_ident(past_tbl))[2]; | |
| past_tbl_qual text := quote_ident(past_tbl_schema) || '.' || quote_ident(past_tbl_name); |
digikar99
/ why-coalton-is-a-language.org
Last active
November 5, 2023 07:26
An attempt at introducing Coalton to lispers without a background in ML-like languages
Coalton: Why is the interop not easier, and why might it be necessary for Coalton to be an entire language in itself?
If you came here searching for the context in which some reddit comments were written, you might want to check out this previous version of the article.
Several blog posts have been written about Coalton, about how it can be useful and what it brings to the table. However, to me, it hasn’t been clear why Coalton is the way to solve the problems that it does solve. Isn’t a simpler solution possible without making a full embedded language, and giving users the cognitive overhead of thinking about interop between normal lisp and coalton?
I have been thinking about this for a while as one of my pasttimes, and below I’ll summarize the better reasons why coalton might be the way it is. Perhaps, I couldn’t se
mlegls
/ wordle_solver.k
Last active
July 4, 2023 08:32
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| vs:0:"valid_solutions.txt" | |
| vg:0:"valid_guesses.txt" | |
| ch:{e-^(,/(=x@>e)@'<'=y)?<>e:x=y} /check::guess->solution->list (-1 b, 0 y, 1 g) | |
| en:{-+/`ln[d]*'d:f%+/f:#'=x} /entropy::list->number | |
| bg:{x@*>en'x ch/:\:y} /best_guess::guesses->solutions->string | |
| ma:{[g;s;r]s@&r~/:g ch/:s} /matches::guess->solutions->response->string list | |
| pl0:{ /solver that always guesses valid solutions | |
| s:"raise" |
chrispsn
/ default_dicts.md
Last active
February 23, 2024 09:19
Code examples are in ngn/k, a dialect where int null is 0N and a list find miss is 0N, not #list.
It would be nice if a grouped list gave empty int list for an outdex, and outdex of frequency gave zero. (See here for more.)
x:="abracadabra"
NewerOlder