Paul Harvey is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse.
0cf01e753557f775

Paul Harvey @csirac2

Populating Zotero with metadata on "files" from phrack & friends. And all the stuff that I can only attribute to hacker handles or twitter usernames. Pretty sure actual hackers don't have this problem. What am I even doing

@spacerog That sucks - but congrats. I've usually avoided mentioning where I work - datapoints like this only reinforce that ¯\_(ツ)_/¯

Paul Harvey boosted

Found this great package: hackage.haskell.org/package/ex

Fills a lot of gaps.

The Data.Either.Extra module is particularly useful. It provides more or less the same interface Data.Maybe does.

work Show more

work Show more

work Show more

work Show more

work Show more

Paul Harvey boosted

Very creepy @WhatsApp, someone was apparently typing in an URL and WhatsApp was fetching it off my server char-by-char mastodon.social/media/96lwJ5Iy

@galaxis @cynicalsecurity @folti I don't know who I heard question whether Android would switch away from Linux eventually, but the more I think about it, the less crazy it sounds.

@folti @cynicalsecurity @galaxis IIRC Kernel 3.18 averaged ~8 patches per hour, 24/7. Competently shipping a custom kernel & staying on top of maintenance/hardening is a massive undertaking. Being all things to all people carries a cost we're starting to question: basic systemic security improvements (RODATA, KASLR, etc) seem to take years and a pile of burnt-out souls to navigate into mainline. There is definitely room for focused alternatives, I think.

Recommend me a security paper. My own langsec/exploit-mitigation/kernel-hardening queue seem boring.

0xax.gitbooks.io/linux-insides - A book-in-progress about the linux kernel and its insides.

I only just got around to reading openwall.com/lists/kernel-hard - pax team message aimed at KSPP. I'm now pondering how far we've come, and what we've lost, in the last 15+ years. Corporate opensource adds a problematic dimension to community and collaboration.

Paul Harvey boosted

History time!

Are you into complex systems? You think you cut code like nobody's business?

Well, read up on the Safeguard DPS (Data Processing System), designed by Bell Labs, Univac & friends to acquire radar information and fire off the Spartan and Sprint anti-ballistic missiles (ABM).

Your task, should you wish to accept it, is to take 1970s computing and make sure that you can intercept incoming ICBMs either exoatmospheric (preferred) or "last ditch".

Researching PaX/grsecurity and Linux kernel hardening history, there's a lot of references to pageexec.virtualave.net/docs/ (even in the academic literature), so I'm grateful for what appears to be a mirror: github.com/opntr/pax-docs-mirr - archive.org seems busted :(

@galaxis What's the difference between this and jessie running sysvinit?

Paul Harvey boosted

@rootkovska ... my impression a few years ago was that this stuff is inevitably horribly proprietary, incomplete/doesn't fit your business, hideously painful to use, or over-complicated/brittle consultant-ware. Or any combination thereof. I hope things are different now, and someone else chimes in with more useful/positive suggestions :)