Saving up a bunch of changes for a very special treat.

more...

Decided to go full dark side. A few notes about the new Surface Pro and my setup. Until yesterday Amazon was telling me that my order would ship on the 15th to arrive perhaps next week, but then miraculously it shipped and arrived all in the same day. So about a day of playing with it.

more...

Amazing that a music group formed in 2003 already had an album in 1982, no?

Having trouble with your network? The Ubiquiti Cloud Key can reduce casting costs.

The machines are learning. But what?

There may have been a hackathon.

more...

One ROP mitigation is Execute no Read (XnR) or Execute Only (XOM) memory. We can wait for someone to add this to our operating system kernel using paging (You Can Run But You Can’t Read: Preventing Disclosure Exploits in Executable Code PDF) or VT-x and EPT (ExOShim: Preventing Memory Disclosure using Execute-Only Kernel Code PDF). Or we can do it today in userland. This is only a partial implementation, that protects JIT pages only, but demonstrates the technique.

more...

Another way to isolate untrusted media players is to run them in a virtual machine. I was joking with mlarkin that if he’s run out of things to work on, he can add audio emulation to vmd. But of course, this is actually pretty easy to do (playing sounds, not emulating audio), thanks to network support in sndiod.

The setup is fairly easy. To export the audio device on the host side, run sndiod. Or kill and restart, or whatever.

sndiod -L 10.1.0.19

On the guest side, specifying the audio device can vary by program, but the default can be set via environment variable.

env AUDIODEVICE=snd@10.1.0.19/0 mpg123 song31.mp3

And with that...

BSD fight buffer reign
Flowing blood in circuit vein
Quagmire, Hellfire, RAMhead Count
Puffy rip attacker out.

Catching up to current.

more...

MP3 is officially dead, so I figure I should listen to my collection one last time before it vanishes entirely. The provenance of some of these files is a little suspect however, and since I know one shouldn’t open files from strangers, I’d like to take some precautions against malicious malarkey. This would be a good use for pledge, perhaps, if we can get it working.

more...

Documentation is good, so therefore more documentation must be better, right? A few examples where things may have gotten out of control.

more...

More stuff, more fun.

more...