NinjaTrappeur is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

NinjaTrappeur @ninjatrappeur@mastodon.social

@ninjatrappeur If the kernel is older than last August, a simple UDP packet will get you root rights... Now combine that with the ability to forge WPA packets...

@pierre The basic idea is that vendors hold fixes back, and cooperate to release their fixes concurrently.

On the surface, this looks reasonable.

But end-user security falls apart when information leaks, or when government agencies get involved which happens if someone requests a CVE. So in this WPA case, US gov agencies knew about the bug for at least as of the second embargo.

Does such an embargo serve your interests? Not really. As an end user, you are interested in getting a patch ASAP.

As 's de-facto wifi maintainer, I first learned about this WPA problem in June. A simple patch was provided which I could commit with slight modifications.

The original embargo was already 2 months long, and then extended again for 2 months.

The generall public (you) were left in the dark about this for at least 4 months.

This is a very sad state of affairs. It takes the industry much too long to apply a simple patch.

I think now is a good moment to think about android security updates.

How can we get out of this fork madness?

Severe flaw on WPA2.

krackattacks.com/#demo

TLDR;

1. Your WPA2 traffic can be decoded without the pres-hared key because of the use of a zeroed key as ephemeral key.
2. We just need to patch the clients to prevent that.
3. Most android devices are vulnerable and are not patched anymore.

I've been playing with Haskell and a physics engine to build a fun twitch overlay this week :)

github.com/NinjaTrappeur/KeyWa

This russian guy is travelling the US by sneaking onto freight trains. Those videos are amazing. There are some english subtitles.

youtube.com/watch?v=sWKuCBZBPI

Amazing! Cannot help to think to London's book "The road" while watching this.

I have been trying to learn #categorytheory for a while and I got lost in all books I had tried so far.

I can now say that I found the one that has been clearing things up for me. 11/10 worth.

Category Theory for Programmers

(Available as a PDF)

bartoszmilewski.com/2014/10/28

Are the blockchain proponents aware of the energy costs that are needed to keep the whole monster running?

Eightfold Path to Monad Satori:

1- Don't read the monad tutorials.
2- No really, don't read the monad tutorials.
3- Learn about Haskell types.
4- Learn what a typeclass is.
5- Read the Typeclassopedia.
6- Read the monad definitions.
7- Use monads in real code.
8- Don't write monad-analogy tutorials.

From dev.stephendiehl.com/hask/#eig

I think point 8 is the key here folks.

Aaaaand, it landed. Wow, the re-entry process was just crazy!

Not related to computer science at all, but I just finished a short fiction video with @CozyLlama :)

youtube.com/watch?v=RNJSAUWnwq

Huuuuugh, yet another Haskell codebase that does not handle any kind of UTF-8 input. I start to hate Data.ByteString for that...

Please, think about your Europeans/Asians friends when you handle user strings, just consider them encoded UTF-8!

If you're a Haskell developer, just use Data.Text when dealing with the end user.

Hey mastodon, how do you keep track of the stuff you are currently doing?