read bio @boots@computerfairi.es
i will no longer be on computerfairi.es
please follow @boots
Joined Apr 2017
so
if i want to make a stand-alone node.js script that doesn't need node modules, is making the node.js script a polyglot that's also a library that exports memory stuff to JS so you can require it from yourself cheating
@quincunx honestly i can do better than that
did you know chrome and firefox can be tricked into executing code with only assignments and no actual function calls
@blackle I have destroyed require
Goodbye
read bio
boosted
Turns out Chrome doesn't hide QUIC requests from extensions, the issue is weirder than that.
Chrome hides internal requests (autofill, sync, extension update pings etc) from extensions and they do this by filtering on clients[0-9]*.google.com
Apparently not just Chrome uses the clients* subdomain but also other Google teams, including GMail for ads too and the Chrome team was fairly unaware of this until it was pointed out.
https://bugs.chromium.org/p/chromium/issues/detail?id=715184#c8
still trying to figure out how to bend nodejs and twist it into full lovecraftian broken code
so far, the interesting things:
- you can expose the debug object with a flag
- (in the version of node im using) you can tell a buffer object to write out of bounds (but not read??)
- if all else fails there's a node-ffi library
joke lewd
@squirrel @masklayer good morning!!
@blackle of storage capacity
joke lewd
@squirrel @masklayer steve job, inventor of the computer, the american job (economic), the american job (sex act),
read bio
boosted
On Twitter I gradually started un-following people I felt were overly negative/hostile - a deliberate filter bubble to keep myself from getting depressed about my industry.
Software development in general, and InfoSec in particular, can be really nasty. A lot of toxic discourse! A lot. It gets me down. 👴
I think the #Fediverse is still too small for that though, I haven't yet found enough interesting happy folks to replace the grumpy negative voices. All in good time...
read bio
boosted
Wow, Google is serving ads using a protocol that Chrome extensions don't have permission to block - so adblockers in Chrome are silently failing to block google ads.
https://blog.brave.com/quic-in-the-wild-for-google-ad-advantage/
Recommended workaround: completely disable 'QUIC' protocol support in Chrome.
(via @bcrypt on twitter)
read bio
boosted
read bio
boosted
it's kind of weird how mastodon doesn't give you notifications when you're followed by people from silenced domains. I can kind of see the reasoning behind it, but I also dislike it.
read bio
boosted
From the FullDisclosure mailing list:
The Samsung SmartTV has the following attributes:
1. It turns on WifiDirect by default on device poweron.
2. It maintains a blacklist/whitelist
3. ...by MAC address
4. ....and whitelisted devices have administrative access with no further credentialing.
So...anyone capable of sniffing traffic can forge the authorized MAC and do whatever to the device.
This is -stupid-
read bio
boosted
telling someone who's never heard of it about the Juicero is fun because you can *open* with "okay, so, the Juicero is a smartphone-connected IoT juicer originally pitched at a $700 price point" and still have a good arc to the story
LB honestly i think this might be an API issue and not *intentional*
read bio
boosted
read bio
boosted
Trees cover up a multitude of sins.
@loam dolphin town
i will no longer be on computerfairi.es
please follow @boots
Joined Apr 2017
