some good news on a bad news night
have to wonder what my NRA loving neighbors think about packages arriving from Finland wth "candy" on the customs declaration and being dropped off at their porch because UPS has decided I live there, and me hurrying down to collect
(any reasonable person would assume it's just drugs bought with crypro)
http://capec.mitre.org/data/definitions/52.html but covers it in general, but vague terms
wondering if there's a class of security holes affecting languages that use a data structure for filenames that allows a NUL.
Since NUL is not allowed in unix filenames, making syscalls with such a filename will typically truncate it before the NUL.
So, an attacker can provide a string containing a NUL, the program writes out a different file than it thought it did, and that confusion results in explotable behavior.
Anyone know of any exploits like this? #security
Scuttlebutt Considered Harmful
blobs are not the same as the chain of json messages associated with your account (the feed)
It would be possible to stop publishing some earlier messages in a feed and only publish later ones (leaving the oldest message referring to a dangling hash), but I don't know how existing clients would react to that.
“Scalpel!” may be scary to hear while lying on the table, but “screwdriver!” yields its own little existential shiver.
@dredmorbius nah, spent most of it just keeping warm on the upside of the wok
@Greg same kind of expert that I was in computer programming by the time I graduated high school
(which might be the appeal of the 10k hours meme)