It has been around, in obscurity, since 1991. That's true.
It didn't blow up and get splattered everywhere, reducing the performance of our machines faster than the fixes for Intel's architectural mistakes, until recent history.
It's definitely irrelevant in the scope of software engineering.
In the world of internet infrastructure, it's a requirement.
Some guy, somewhere, with perl has to make sure you can run your python scripts. That's an immutable fact.
The compiler doesn't really care if you want to multiply the letter "A" by "5" and then use the result as a pointer to a data structure.
Of course the compiler does- unless you know of a magical flag to disable type checking.
It's the CPU that doesn't care, and the compiler that allows you to tell it to pretend "A" and "5" are of the same type.
It's my experience that large python projects tend to run like large java project- shit. absolutel shit.
Though there must be some merit to the language, because there definitely seems to be a trend toward writing big projects in that shitpile of a language, even at the expense of them running within reasonable time/resource constraints.
Then I take one of the many dozens of offers in my inbox...
I guess in that you're asking if I make money without employment, then no, I don't have a profession.
Also in that instance, I'm not quite sure who really does. Miners?
I'd argue I have a profession... I mean it pays above 90th percentile, it's salaried, with all the fun bonuses and perks... I speak at big conferences...
What is the difference between a profession, and a mere job, anyway?
Other than that... You're right about everything. My sleep is shit. I survive off of stimulants. But it's not abnormal for my profession, even if it does suck.
It didn't call setuid, because it is designed to be a privileged process. This is to facilitate certain features of the program that can not be achieved otherwise.
First off the top of my head, is graceful HUPs. Only a privileged process may bind sockets to listening ports, or read privileged files, meaning absent a privileged master process, you have to completely respawn the process (and incur the downtime of it re-reading its configs, certificates, etc.)
You can either try hard to do it right, or you can take the more pragmatic approach of not doing it at all.
I don't see how punting the secure privilege-crossing processing up a layer (to the kernel) is any more pragmatic. Especially if it requires sacrificing functionality of the program. In fact, I'd argue a more privileged master process is in fact the more pragmatic approach.
Like phones needing breathalyzers before texting an ex, we need something that doesn't let us post until we've had our coffee. Or at least I do. Sometimes the shit that come out of my hands isn't even english.
There is no difference between an x-ray photon, and a (let's call it) red photon, other than the energy of the photon.
They are both photons. They are both particles, and they are both waves.
X-ray photography against a plate, is that not a picture or is it?
An HDR image from your phone camera, is that not a picture, or is it?
Yes.
A "photo" as you are using the term is merely captured, computer processed waves in a chunk of spectrum we call "the visible spectrum".
This is actually a bunch of "photos" of not-visible spectrum waves combined and processed using VLIB to get a synthetic aperture size larger than any single "camera" aperture.
If this is not a picture, then neither is any picture produced by any camera in the world, and beyond that, nor do you see.
If you want to be less pedantic, then if this is not a picture, then neither is any HDR or panoramic picture you've ever looked at.
Right over your head.
I'm not sure the AC has the right to define what a Scotsman, I mean American is.
I can define an American as not including him just as easily, which means it was in fact a No True Scotsman fallacy.
Congratulations on surviving to adulthood with that kind of ignorance.
The Founding Fathers put the electoral college in place, because they foresaw this situation. They knew they had to keep the Republic safe from the concentration of Unamericans.
False. The electoral system was put into place to keep the south in the union.
There were 2 proposed methods of election: Popular vote, and legislative appointment.
Popular vote was a non-starter because the north had more individual voters, on account of slavery in the south, and the fact that only wealthy landowners could vote in the south. James Madison came up with the idea for an elector system where states would be able to vote with the power of their population, not their actual enfranchised population, in essence, applying the 3/5ths compromise to the presidential vote.
But I do love hearing you guys peddle around that fiction, rewriting history to suit your narrative. Ya, you're the real americans alright.
Am I now to understand that you are comparing cetacean intelligence with sloth intelligence?
Sure a cat responds differently. Vocalizations aren't the only place where canine intelligence has measured objectively superior to feline intelligence.
I conceded that a cat is certainly aware of a vocalization that is often used to mean something may happen.
But there is still little evidence to indicate that it considers that word any kind of label for itself.
Dogs don't have names. Yet they easily learn a human name.
A cat requires tons of training, and very careful individual training, or it will think its name is, as the adage goes, the sound of a can opening. Or any other cat's name who's around.
Do you have a cat that likes to fetch?
I do.
Tell me when you can train it to go get its ball from some random location on command.
And when you think, "it must just not want to play," go get that ball and put it in front of it.
It's interested. It's just not that bright.
We as human have a tendency to be... non-objective about the things we love. And we love our cats. I certainly love mine.
But I've spent a lot of time with a lot of cats, and never seen anything out of them to indicate they're that intelligent. They do sometimes adapt some pretty cool behavior, but they lack even the most basic problem solving skills. That's not to say they're incapable of learning.
You don't fucking know, because your service is still using 90s tech. Why would you have any idea what the difference in resources is? That is a ghetto service level, you obviously didn't invest in a modern setup and then find that the old way was better.
LOL. Mmmmk.
Being unable to disclose my employer, all I can say is that you have no idea what the fuck you're talking about.
But I'll throw you a bone. VPS takes less resources because most of the instantiations are not actually in use most of the time.
How irrelevant.
A VPS has higher overhead, period. It's unavoidable.
It requires splitting off the kernel namespace and adding more entries to the scheduler. It is literally twice as expensive to operate 2 apaches, than one. It is again, unavoidable.
Containers not in use get parked, and transparently restored when you connect to them.
Yes, and processes that are waiting on an accept() are also sleeping.
It sounds "literally the stupidest fucking thing [you've] read" simply because it is true, and a technical detail. Of course it sounds stupid to you. You're providing 90s shared hosting, in 2019, and you're not only shameless, you're actually trying to shame others. Others who provide containerized services.
No, it was the stupidest thing I'd read that day because it was not only factually incorrect, but logically incoherent. Everyone who reads your logic train is now stupider for having to try to figure out if there was any possible way you could be right.
My clients
Stop. They're customers, and they want fries with that.
Not at all. That's called an outlier.
I have definitely had some pretty damn stupid dogs, too. My current Pomeranian is dumb as bricks- but dammit, he tries.
My Jack Russel before him would move chairs up to the counter so he could get up on it.
Original Forum Post People posting writeups of how to use it a year later
I actually never did do a write-up of this particular exploit, so this is a first. It was also while I worked fast food, and before I had any idea how professional technical world worked, so I didn't ever make source available either. I was 23 at the time. My later work was much better and more publicly documented.
Well, I didn't break RSA's encryption, of course. I'm no mathematician or cryptanalyst.
But back in 2006, RSA signed firmware images (for phones at least) was in its infancy, and there weren't a lot of people attacking them, so a lot of mistakes were made.
In the case of the RAZR, the ARM7 in it was attached to some NOR flash, and had some mask rom on the CPU.
The mask rom had the exception vectors pointed to the main firmware of the device.
Older versions of the phone had a bootloader that was not protected, and allowed arbitrary reads from memory space, so I was able to get a dump of address space of the device by borrowing a friend's phone.
One could flash the main firmware without signature on the newer bootloader, but it wouldn't execute if it wasn't valid.
The bootloader was simple, and required sending of a binary payload (called a RAM downloader) to initiate the actual flashing process. This payload also needed to be signed for the bootloader to execute it.
The RAM downloader payload had a pointer within it pointing to the signature. The validity of this pointer was not checked.
This means that I have control of the access violation exception vector (since it pointed to flash that I could write, but not execute), and the ability to trigger an access violation (because pointer to the signature for the RAM downloader was not checked), all within unsigned code (even if I can't execute it during the normal boot process)
I then wrote a small program to relocate a modified RAM downloader (just offset long references) to the position in the firmware that would be jumped to when an access violation happened.
With the modified bootloader in place, and able to be executed, I was able to overwrite the main bootloader with one from an earlier firmware load of the phone that did not have signature verification.
This was actually my first time using an ARM processor, and they didn't really have tools widely available for working with them. I did my reverse engineering, as well as my modifications to the unprotected exploit bootloader with the actual ARM docs. It was also my first time dealing with assembly language at all. I'd say deciding I was going to free that phone changed my life. Since then, I have made tons of money breaking security in other phones, been offered to speak at national conferences, and offered jobs as a security researcher. I guess I developed a passion for freeing the hardware I had purchased from shithead companies that tried to lock us out of them.
Slashdot Mirror
Your logic is terminally broken.
A bandwagon can be jumped on long after it leaves its origin. That doesn't make it not a bandwagon.
See: Linux.
Which blows my mind, because they had VB, which is basically Python with more understandable syntax and better performance.
It has been around, in obscurity, since 1991. That's true.
It didn't blow up and get splattered everywhere, reducing the performance of our machines faster than the fixes for Intel's architectural mistakes, until recent history.
It's definitely irrelevant in the scope of software engineering.
In the world of internet infrastructure, it's a requirement.
Some guy, somewhere, with perl has to make sure you can run your python scripts. That's an immutable fact.
Crap. You tried to run tommeke100.web.curlPost on a machine with less than 64GB.
Java can be fast if you just include what you need and don't pull in the entire swing.
But after 20 years, I have yet to see it. Not even once.
The compiler doesn't really care if you want to multiply the letter "A" by "5" and then use the result as a pointer to a data structure.
Of course the compiler does- unless you know of a magical flag to disable type checking.
It's the CPU that doesn't care, and the compiler that allows you to tell it to pretend "A" and "5" are of the same type.
It's my experience that large python projects tend to run like large java project- shit. absolutel shit.
Though there must be some merit to the language, because there definitely seems to be a trend toward writing big projects in that shitpile of a language, even at the expense of them running within reasonable time/resource constraints.
Then I take one of the many dozens of offers in my inbox...
I guess in that you're asking if I make money without employment, then no, I don't have a profession.
Also in that instance, I'm not quite sure who really does. Miners?
I'd argue I have a profession... I mean it pays above 90th percentile, it's salaried, with all the fun bonuses and perks... I speak at big conferences...
What is the difference between a profession, and a mere job, anyway?
Other than that... You're right about everything. My sleep is shit. I survive off of stimulants. But it's not abnormal for my profession, even if it does suck.
First off the top of my head, is graceful HUPs. Only a privileged process may bind sockets to listening ports, or read privileged files, meaning absent a privileged master process, you have to completely respawn the process (and incur the downtime of it re-reading its configs, certificates, etc.)
You can either try hard to do it right, or you can take the more pragmatic approach of not doing it at all.
I don't see how punting the secure privilege-crossing processing up a layer (to the kernel) is any more pragmatic. Especially if it requires sacrificing functionality of the program. In fact, I'd argue a more privileged master process is in fact the more pragmatic approach.
Like phones needing breathalyzers before texting an ex, we need something that doesn't let us post until we've had our coffee. Or at least I do. Sometimes the shit that come out of my hands isn't even english.
You're making distinctions that do not exist.
There is no difference between an x-ray photon, and a (let's call it) red photon, other than the energy of the photon.
They are both photons. They are both particles, and they are both waves.
X-ray photography against a plate, is that not a picture or is it?
An HDR image from your phone camera, is that not a picture, or is it?
Yes.
A "photo" as you are using the term is merely captured, computer processed waves in a chunk of spectrum we call "the visible spectrum".
This is actually a bunch of "photos" of not-visible spectrum waves combined and processed using VLIB to get a synthetic aperture size larger than any single "camera" aperture.
If this is not a picture, then neither is any picture produced by any camera in the world, and beyond that, nor do you see.
If you want to be less pedantic, then if this is not a picture, then neither is any HDR or panoramic picture you've ever looked at.
I believe you just made his point.
and D&D turns teenagers into wizards.
Fuck, were that only true.
Which is problematic, how?
It's often the best way to demonstrate how bad someone's logic is.
Right over your head.
I'm not sure the AC has the right to define what a Scotsman, I mean American is.
I can define an American as not including him just as easily, which means it was in fact a No True Scotsman fallacy.
Congratulations on surviving to adulthood with that kind of ignorance.
Major urban areas?
Who's inventing statistics, now?
The Founding Fathers put the electoral college in place, because they foresaw this situation. They knew they had to keep the Republic safe from the concentration of Unamericans.
False. The electoral system was put into place to keep the south in the union.
There were 2 proposed methods of election: Popular vote, and legislative appointment.
Popular vote was a non-starter because the north had more individual voters, on account of slavery in the south, and the fact that only wealthy landowners could vote in the south. James Madison came up with the idea for an elector system where states would be able to vote with the power of their population, not their actual enfranchised population, in essence, applying the 3/5ths compromise to the presidential vote.
But I do love hearing you guys peddle around that fiction, rewriting history to suit your narrative. Ya, you're the real americans alright.
Am I now to understand that you are comparing cetacean intelligence with sloth intelligence?
Sure a cat responds differently. Vocalizations aren't the only place where canine intelligence has measured objectively superior to feline intelligence.
I conceded that a cat is certainly aware of a vocalization that is often used to mean something may happen.
But there is still little evidence to indicate that it considers that word any kind of label for itself.
Dogs don't have names. Yet they easily learn a human name.
A cat requires tons of training, and very careful individual training, or it will think its name is, as the adage goes, the sound of a can opening. Or any other cat's name who's around.
Do you have a cat that likes to fetch?
I do.
Tell me when you can train it to go get its ball from some random location on command.
And when you think, "it must just not want to play," go get that ball and put it in front of it.
It's interested. It's just not that bright.
We as human have a tendency to be... non-objective about the things we love. And we love our cats. I certainly love mine.
But I've spent a lot of time with a lot of cats, and never seen anything out of them to indicate they're that intelligent. They do sometimes adapt some pretty cool behavior, but they lack even the most basic problem solving skills. That's not to say they're incapable of learning.
Yes, and it could be fluent in 37 languages, but lack the vocal apparatus to articulate it.
That's a silly line of reasoning, I'm sorry.
You don't fucking know, because your service is still using 90s tech. Why would you have any idea what the difference in resources is? That is a ghetto service level, you obviously didn't invest in a modern setup and then find that the old way was better.
LOL. Mmmmk.
Being unable to disclose my employer, all I can say is that you have no idea what the fuck you're talking about.
But I'll throw you a bone. VPS takes less resources because most of the instantiations are not actually in use most of the time.
How irrelevant.
A VPS has higher overhead, period. It's unavoidable.
It requires splitting off the kernel namespace and adding more entries to the scheduler. It is literally twice as expensive to operate 2 apaches, than one. It is again, unavoidable.
Containers not in use get parked, and transparently restored when you connect to them.
Yes, and processes that are waiting on an accept() are also sleeping.
It sounds "literally the stupidest fucking thing [you've] read" simply because it is true, and a technical detail. Of course it sounds stupid to you. You're providing 90s shared hosting, in 2019, and you're not only shameless, you're actually trying to shame others. Others who provide containerized services.
No, it was the stupidest thing I'd read that day because it was not only factually incorrect, but logically incoherent. Everyone who reads your logic train is now stupider for having to try to figure out if there was any possible way you could be right.
My clients
Stop. They're customers, and they want fries with that.
Not at all. That's called an outlier.
I have definitely had some pretty damn stupid dogs, too. My current Pomeranian is dumb as bricks- but dammit, he tries.
My Jack Russel before him would move chairs up to the counter so he could get up on it.
Original Forum Post
People posting writeups of how to use it a year later
I actually never did do a write-up of this particular exploit, so this is a first. It was also while I worked fast food, and before I had any idea how professional technical world worked, so I didn't ever make source available either. I was 23 at the time. My later work was much better and more publicly documented.
Well, I didn't break RSA's encryption, of course. I'm no mathematician or cryptanalyst.
But back in 2006, RSA signed firmware images (for phones at least) was in its infancy, and there weren't a lot of people attacking them, so a lot of mistakes were made.
In the case of the RAZR, the ARM7 in it was attached to some NOR flash, and had some mask rom on the CPU.
The mask rom had the exception vectors pointed to the main firmware of the device.
Older versions of the phone had a bootloader that was not protected, and allowed arbitrary reads from memory space, so I was able to get a dump of address space of the device by borrowing a friend's phone.
One could flash the main firmware without signature on the newer bootloader, but it wouldn't execute if it wasn't valid.
The bootloader was simple, and required sending of a binary payload (called a RAM downloader) to initiate the actual flashing process. This payload also needed to be signed for the bootloader to execute it.
The RAM downloader payload had a pointer within it pointing to the signature. The validity of this pointer was not checked.
This means that I have control of the access violation exception vector (since it pointed to flash that I could write, but not execute), and the ability to trigger an access violation (because pointer to the signature for the RAM downloader was not checked), all within unsigned code (even if I can't execute it during the normal boot process)
I then wrote a small program to relocate a modified RAM downloader (just offset long references) to the position in the firmware that would be jumped to when an access violation happened.
With the modified bootloader in place, and able to be executed, I was able to overwrite the main bootloader with one from an earlier firmware load of the phone that did not have signature verification.
This was actually my first time using an ARM processor, and they didn't really have tools widely available for working with them. I did my reverse engineering, as well as my modifications to the unprotected exploit bootloader with the actual ARM docs. It was also my first time dealing with assembly language at all. I'd say deciding I was going to free that phone changed my life. Since then, I have made tons of money breaking security in other phones, been offered to speak at national conferences, and offered jobs as a security researcher. I guess I developed a passion for freeing the hardware I had purchased from shithead companies that tried to lock us out of them.