Jay Bosamiya

Got my first high severity bug in Chrome!!! CVE-2019-5755. Fixed in the latest Chrome Stable, that just released. chromereleases.googleblog.com/2019/01/stable…

Dust off your boots, grab your hats, and get ready for a showdown — Plaid CTF is headin’ for the frontier! On April 4, we venture westward. But will you have what it takes to rise to the challenge of The Good, The Plaid, and The Ugly? plaidctf.com

The Rust verification tool Verus aims to make formal verification more widely available to developers, helping them create software that behaves as intended. Learn about the work, an award winner at SOSP ’24, w/ Chris Hawblitzel & Jay Lorch on “Abstracts”: msft.it/6017WXtX1

@ZaneDuffield @pcwalton Thanks, that’s quite helpful. Definitely more hits with “unwrapped lines”. I guess I’m gonna dive into reading the source code soon to see if that design could have eliminated some of the issues we’ve faced in our formatter.

Every longtime Rust dev has a "I wish they had listened to me back then" hobby horse. Mine is that I had advocated for rustfmt to be less tied to the AST so it would be better at formatting syntactically-incorrect code. I should have argued more forcefully.

@pcwalton @ZaneDuffield Our current approach builds an AST (with comments + certain whitespace tracked only in certain positions but ignored elsewhere; eg b/w stmts), and then use a Wadler style pretty printer (via docs.rs/pretty), with some hacky fixes to fix up comment positioning.

@pcwalton @ZaneDuffield Do either of you have any suggested reading for the logical line based design? Or should I just dive into the clang-format source? Context: I’m one of the creators and maintainers of github.com/verus-lang/ver… and was recently fighting some AST-based formatter annoyances. […]

.@CarnegieMellon's hacking team, the Plaid Parliament of Pwning (PPP), won its third consecutive title at the 2024 @DEFCON Capture-the-Flag competition, earning its record eighth victory in 12 years. #DEFCON2024 #DEFCON32 #DC32 cylab.cmu.edu/news/2024/08/1…

@vie_pls Mewseum

Autocorrect has given up and I can’t rely on it to spell musuem anymore

@adithyamuralism Congratulations!!

Defended my PhD thesis on "A Principled Approach towards Unapologetic Security" yesterday! Thanks so much to my advisor (Bryan Parno), committee members (@JAldrichPL, Phil Gibbons, and Chris Hawblitzel), and the many others who've helped along the way to here!

PlaidCTF is officially over!! Congratulations to our top-performing investigation teams! 1. "What's your ETA" (HypeBoy) 2. "Kalmar: Guardians of the Elven Veil - Paranormal Psyduck's Payback" (Kalmarunionen) 3. "Spooky Maltese Ghosts" (Friendly Maltese Citizens)

Prepare your spectral sensors, arm yourselves with arcane knowledge, and rally your team! On April 12, we venture to the eerie confines of Ashwood Hollow. Can you and your team solve the mysteries of The Plaid Phenomenon? plaidctf.com

The "Ship of Theseus" article has been edited 1792 times since it was created in July of 2003. At present, 0% of the phrases in the original article (seen below) remain.

@adamdoupe Same reaction when I first found out about it too :D Relatedly, you might be interested in taking a look at zsh-autosuggestions. More of a personal preference thing but I quite like it

🤯

@cecil @moyix Git blame tells me I’ve been using this for 5+ years, so even if there is a perf penalty, it doesn’t seem to have been significant enough for me to remove it. And I’m generally quite sensitive to latency, so yeah in short: not significant enough to worry about

@jay_f0xtr0t @moyix Have you noticed any performance impacts from this?

Is there a terminal/shell extension that does syntax highlighting for command lines? I confess I sometimes have trouble spotting the missing paren or quote in a command like this

@pr0me @alkalinesec been a while so unclear on details. we had indeed tried simplify in some spots and it hadn’t helped. I don’t recall us trying out too hard applying it, but yeah it was interesting+surprising to see such a stark diff. Def worth investigating. Cool to see radius2 soln tho!

@alkalinesec Yea .simplify sounds reasonable, z3 should definitely be capable of finding a solution at some point. Never worked with boolector myself so I don't have an intuition but the gap seems odd, indeed, might be interesting to investigate

wooo someone who isnt me used radius2 to solve a ctf challenge !!! @u4ZhUMkcR7eawpx0VISi8Q/rJ66Pe2v2#GateCodeGate" target="_blank" rel="nofollow noopener">hackmd.io/@u4ZhUMkcR7eaw… compare this solution to the manual one here github.com/pwning/public-…

We just started the #v8CTF: a new exploit bounty program for v8! * $10,000 * N-day vulnerabilities are in scope, but limited to first submission per deployed v8 version * unlimited for self-found bugs (on top of regular VRP) More info here: github.com/google/securit…

The Google CTF Finals 2023 are coming! Watch the best CTF teams compete in our custom video game tomorrow, Sunday, 1pm JST. #Hackceler8 #GoogleCTF #Gaming

We (@mmm_ctf_team = PPP+TheDuck+MapleBacon) won @defcon CTF again!! Was a fun contest and it was great to play again with MMM friends :) See y’all again next year!

Dear CTF players, Pwndbg/GEF/Peda users: do you prefer `set follow-fork-mode parent` or `child`? GDB defaults to parent and we default to child in Pwndbg. Shall we change it?