HackerTrans
TopNewTrendsCommentsPastAskShowJobs

loves_mangoes

no profile record

comments

loves_mangoes
·hace 10 meses·discuss
The visuals you get from psychedelics and the visuals from imagination are different. Psychedelics seem to affect your real visual field. You're not imagining textures melting with colors and walls turning into liquid, it becomes what you see.

I normally have aphantasia, at about 2/5 on one those pop scales that show various versions of an apple. I can sort of rotate geometric shapes without the notion of color or texture.

But rarely, while lying in bed I get these full vivid pictures. It feels like a whole another visual field. I can't really control it, but these are fully detailed like a painting.

It's dizzying how fast I can imagine these when my mind decides to switch into this mode, and how it can switch from one painting to the next fully detailed picture in a fraction of a second. I normally have to strain hard to hold just a few outlines of simple shapes in my mind, evaporating the moment my focus wavers.
loves_mangoes
·el año pasado·discuss
That checks out. Years ago I noticed a vulnerability through the photography board. You'd upload your pictures, and 4chan would display all the EXIF info next to the post.

4chan's PHP code would offload that task to a well-know, but old and not very actively maintained EXIF library. Of course the thing with EXIF is that each camera vendor has their own proprietary extensions that need to be supported to make users happy. And as you'd expect from a library that parses a bunch of horrible undocumented formats in C, it's a huge insecure mess.

Several heap overflows and arbitrary writes all over the place. Heap spray primitives. Lots of user controlled input since you provide your own JPEG. Everything you could want.

So I wrote a little PoC out of curiosity. Crafted a little 20kB JPG that would try to allocate several GBs worth of heap spray. I submit my post, and the server dutifully times out.

And that's where I'd like to say I finished my PoC and reported the vulnerability, but in fact I got stuck on a reliable ASLR bypass and lost interest (I did send an email about the library, but I don't think it was actively maintained and there was no followup)

My impression from this little adventure is that 4chan never really had the maintenance and code quality it needed. Everything still seemed to be the same very old PHP code that leaked years ago (which included this same call to the vulnerable EXIF library). Just with a bunch of extra features hastily grafted and grown organically, but never dealing with the insane amount of technical debt.
loves_mangoes
·hace 4 años·discuss
That's where it started, but they're entirely separate banners now.

It is actually not allowed to organize raids or other Anonymous-style hacktivities that are against US law on 4chan. So, calling for cyber war may just net you a warning from moderators. The board is not the bastion of absolute unregulated free speech people think it is!

More broadly, outside of the current geopolitical context, trying to pick a target and rally anons against it is in bad taste. If you try, you may be told that "4chan is Not Your Personal Army" (NYPA).

As a result, the various "Anonymous" groups really don't have a home there.