HackerTrans
TopNewTrendsCommentsPastAskShowJobs

landr0id

1,202 karmajoined 14 năm trước
[ my public key: https://keybase.io/lander; my proof: https://keybase.io/lander/sigs/EH5ZD_-bXVwuHyJBpOud37S7telhzEEkGtmhbeIL0rQ ]

comments

landr0id
·3 ngày trước·discuss
Big fan of nextest and this is my first time seeing this site. I'll be real I feel a bit ridiculous commenting this but you might want to consider rephrasing this:

>Treat tests as cattle, not pets. Detect and terminate slow tests.

Not sure saying, "hey, treat your tests as an animal you can kill at will" paints the right image.
landr0id
·6 ngày trước·discuss
Yeah my bad for not defining it. "Extra-Sensory Perception", basically as you said I believe is the most common feature -- but in general I think encompasses cheats that generally boost your "senses". So it could use audio to visually draw on your screen/radar where the sound came from.

The screenshot in this repo is kind of similar to wallhacks, but you could imagine this could easily be extended to show dropped items and the 3D audio location: https://github.com/ryanjpwatts/esp-analysis
landr0id
·6 ngày trước·discuss
I wonder how often wall hacks are actually used in high-level competitive play by cheaters vs ESP. ESP seems like the better route to avoid manual review flagging suspicious activity. Audible cues (which this currently does not mitigate, and I'm not sure it can) are things that can genuinely separate players by skill and you'd think someone running such a cheat just has very good hearing.

>CS2FOW uses static baked map geometry. Dynamic occluders such as doors, breakables, props, smokes, particles, and projectiles are intentionally out of scope for now.

Market window on Mirage just became more powerful on these servers :)

Very cool project nonetheless.
landr0id
·23 ngày trước·discuss
I suppose they did make their work public after all :)

Thank you for pulling up the references.
landr0id
·23 ngày trước·discuss
Not to take away from the authors' work, but this was actually the approach taken by some engineers while Spectre / Meltdown were still under embargo. Not sure if they ever mentioned their work publicly so I will avoid naming them, but some talented folks from Microsoft who basically came to the same conclusion that a specialized environment free of noise was necessary both to test mitigations and find variants.
landr0id
·2 tháng trước·discuss
I didn't really mind the fn keys being there. I rarely use function keys unless I'm RDP'd to a Windows machine.

What drove me crazy though was the escape key. They later added the physical escape key back but I think at that point it was a bit too late.
landr0id
·2 tháng trước·discuss
GPU memory/shaders/etc. isn't protected by MTE or PAC. They said "data-only", so I guess GPU commands could fit into this description.
landr0id
·2 tháng trước·discuss
Static analysis tools + MCP server + a debugger with an MCP server makes reverse engineering incredibly easy and low-cost.

I wrote a blog post about this recently: https://landaire.net/reverse-engineering-with-ai/

Just yesterday I completely reverse engineered several proprietary audio codecs from a game without even having to touch the static analysis tool myself.
landr0id
·2 tháng trước·discuss
They exploited a linear stack buffer overflow. Not a write-what-where or arb write. A linear stack buffer overflow in 2026! There are at least two distinct failures there:

1. No strong stack protectors.

2. No kASLR.

That's 20-year-old exploit methodology.
landr0id
·2 tháng trước·discuss
Ask yourself why Mythos was so easily able to develop a remote STACK buffer overflow vulnerability.
landr0id
·2 tháng trước·discuss
>Last I read, ASLR is a good thing to have, but overall is usually not difficult to defeat.

For local attackers there may be easier avenues to leak the ASLR slide, but for remote attackers it's almost universally agreed it significantly raises the bar.

>I don't think it's reasonable to say that an OS that lacks it isn't "serious" about security.

When they implemented it in 2019 it had been an 18-year-old mitigation. If you are serious about security, you implement everything that raises the bar. The term "defense-in-depth" exists for a reason, and ASLR is probably one of the easiest and most effective defense-in-depth measures you can implement that doesn't necessarily require changes from existing code other than compiling with -pie.
landr0id
·2 tháng trước·discuss
FreeBSD didn’t have user land ASLR until 2019 and, amongst other mitigations, still doesn’t have kASLR. It’s not a serious operating system for people who care about security. If you want FreeBSD and security take Shawn Webb’s HardenedBSD.
landr0id
·2 tháng trước·discuss
Mythos hacked the site, wrote, and published the article
landr0id
·2 tháng trước·discuss
Their GUI system (GPUI) is not very mature for use outside of Zed. GPUI is basically a UI framework in the truest sense: a framework for building UI... frameworks/components. It has core functionality for async execution, an ECS for grabbing shared resources, and a div.

It's basically like building a website with div and basic CSS.

gpui-component exists: https://github.com/longbridge/gpui-component

Up until sometime late 2025 GPUI wasn't even on crates.io, and it seems like the GPUI-component ecosystem still promotes using git deps. It was also in "read the code for docs" state for a very long time

It's been a while since I've used it, but there were weird things missing too like the Scollbar was located in Zed's UI component crates instead of core GPUI. Arbitrary text selection also is not possible, which is something I really value about egui.
landr0id
·2 tháng trước·discuss
https://www.iroh.computer/sendme

Iroh's protocol can figure out if the devices are on the same LAN and avoid going over the internet. It can work without a discovery server too -- i.e. completely LAN.
landr0id
·3 tháng trước·discuss
They wrote something that allowed them to virtualize Git -- can't remember the name of that. But it basically hydrated files on-demand when accessed in the filesystem.

The problem was I think something to do with like the number of git objects that it was scaling to causing crazy server load or something. I don't remember the technical details, but definitely something involving the scale of git objects.
landr0id
·3 tháng trước·discuss
>At the same time, the larger tech companies (Meta and Google, specifically) ended up building off of hg and not git because (at the time, especially) git cannot scale up to their use cases.

Fun story: I don't really know what Microsoft's server-side infra looked like when they migrated the OS repo to git (which, contrary to the name, contains more than just stuff related to the Windows OS), but after a few years they started to hit some object scaling limitations where the easiest solution was to just freeze the "os" repo and roll everyone over to "os2".
landr0id
·3 tháng trước·discuss
Part of the idea behind stacked PRs is to keep your commits focused and with isolated changes that are meaningful.

A stacked PR allows you to construct a sequence of PRs in a way that allows you to iterate on and merge the isolated commits, but blocks merging items higher in the stack until the foundational changes are merged.
landr0id
·3 tháng trước·discuss
I think Pijul has some good ideas, but I’m afraid the network effect of git at this point is too strong.

I think jj’s concept of being a front end for many backends and sharing a common UX over them is a good one, but without a pijul backend for existing tools I have a hard time seeing it catch on.
landr0id
·3 tháng trước·discuss
It's not something to over-index on, but it's not a strong protection measure. It simply raises the overall cost to attack and analyze a system.

Take the PS5 for example. It has execute-only memory. Even if you find a bug, how do you exploit it if you can't read the executable text of your ROP/JOP target?