chrisrohlf's comments

The Murray Hill campus may have been where the bulk of the innovation happened but the former Holmdel site is the architectural gem of the two. Thankfully it was preserved and is now functional and used as ‘Bell Works’.

Sure. I'm just not sure why their existence depends on cheating the remaining tax payers out of tens of millions of dollars every year.

> These are landowners who farm as a tax dodge

This is exactly what it is here in NJ. They’re called ‘fake farmers’ here, and a quick google search will show you they cost the state tens of millions in lost tax revenue per year. Its all the usual suspects too, you know, the kind of celebrities that lecture you on giving and their politics. Those quaint farm stands are just a ruse to keep their tax bills to a minimum on >5 acres if expensive land in wealthy counties.

Most people have no idea this exists or any of the historic events and scientific achievements that happened at these locations or in the near by area such as the Horn Antenna or Radio Astronomy at the old Bell Labs site in Holmdel.

I used to work at this location when it was an active military base. The Army Signal corps made movies there long before Netflix. As a local resident its nice to see some reinvestment in the base a full 12~ years since BRAC was finalized and the gates closed for good. It’s a beautiful campus with proximity to the ocean and NYC. I do wonder what lies beneath that soil though…

https://tworivertimes.com/move-over-netflix-the-army-signal-...

Reducing the likelihood of side channels through transparency is a worthy endeavor. But for RISC-V, adoption of Control Flow Integrity (CFI) and memory tagging capabilities will have far greater security impact for the vast majority of users.

I asked this same question not long ago and the CEO of a well known company in this same research area reached out and recommended Veritas Genomics https://veritasgenetics.com/mygenome/

I’ve yet to finish the order process but I share this here because in my research of companies providing full sequencing services I never came across them and yet they seem far more reputable than others. Current SEO for these services turns up a lot of sketchy companies.

Thank you Tom.

It’s a really exciting area of research.

No it will still catch it if you access the 42nd byte with a read, but not if you write to any other byte first. Thats just a limitation of page faults and the information provided by userfaultfd.

Correct, this technique works on a page by page basis. It's the only way to do it with userfaultfd as the technique relies entirely on the first page fault being a read and not a write. Im working on a feature that returns an allocation that straddles 2 pages to catch reads of structure paddings but it will come at the cost of an additional 4k of memory and/or possibly returning unaligned memory.

I've gotten this feedback before. It's probably time to change it from #414141

IsoAlloc author here. Thanks for reading the post and linking to the security properties. I plan to expand on those in an additional post and how I implemented them.

You're right that Electric Fence takes a different approach and is more geared towards finding bugs and isn't really suitable as a general purpose allocator. The easiest way to describe it is taking some allocations and placing them on their own page of memory, surrounding them with guard pages, and then setting the page PROT_NONE upon free so that any access results in a segfault. For a more modern attempt at this check out GWP ASAN which is doing something very similar but in Chrome across millions of installs https://chromium.googlesource.com/chromium/src.git/+/master/...

As for the allocator in glibc, a lot of its internal data structures either live on the same pages as user chunks or write meta data to free chunks. So using aggressive strategies like page permissions to protect that data is often not an option.

When in doubt just assume Mark Dowd found it first http://taossa.com/index.php/2007/01/03/attacking-delete-and-... (dead link) but see here too http://www.blackhat.com/presentations/bh-usa-07/Dowd_McDonal...

I used to teach a training on the subject (all the course material is now free at https://github.com/struct/mms). I had a section on ‘where to look’ for vulnerabilities. I started this section off with a scenario: “You’ve checked out the Chrome tree. Where do you start? OK you want to find Javascript interpreter bugs. Whats the first piece of code in Chrome that sees untrusted Javascript?”. Its a trick question. The answer of course is the networking code or the TLS decryption code. But you’ve never go looking there for Javascript interpreter vulnerabilities. The pt of the thought exercise is to introduce the concept of manual taint analysis. Basically understanding how to analyze what code paths and data structures your untrusted inputs could influence or control and then go from there.

Sure. First name dot last name at gmail

I built and sold (acquihired) a small successful security consultancy from 2011-2014. My experience is seen through the lens of security consulting. I should really write all this down in a longer form but heres the important take aways in my experience and my answer to some of the questions listed.

1) Your tech skills matter less than you think they do. Customers want good work of course but they also need a reliable partner who will answer the phone and provide guidance beyond just handing over code or a report. Be professional above all else.

2) Don't fool yourself that you're only consulting while you build a product. Its two entirely separate types of businesses. If you try to do both you run the risk of doing them both poorly.

3) Figure out your growth plan before even thinking about a sales person. You probably wont need one for awhile.

4) Yes you want mentors, preferably people who have built something similar to what you're trying to build now. Even better if they failed at it.

5) Don't rush into subcontracting. You will lock yourself out of big contracts that way. Large companies want a varied list of vendors to choose from. Only do this when it makes strategic sense for your longer term plans.

A small consultancy is a great lifestyle business. Be realistic about your goals for it. Scaling up a consultancy is mostly limited by how many experts you can hire. And if you do your job right its only a matter of time before your best people start their own thing.

Yahoo Paranoids are hiring for all sorts of security positions in Sunnyvale, San Francisco, and NYC. Lots of very interesting and challenging work (plus great perks). Lots of room for junior people too. My team is looking for people with vulnerability research, red team, penetration testing, and dev backgrounds.

You can find all of our openings here https://tas-yahoo.taleo.net/careersection/yahoo_us_cs/jobsea...

This was %100 Johns work.

I am the author of this code. If you're interested in getting started with it right away then check out Eucalyptus: https://github.com/yahoo/rtrace/tree/master/Eucalyptus

I wrote Eucalyptus as the primary unit test for rtrace but its a fully functional native code debugger. Here is an example of how you can configure it using Ruby to trace calls to malloc() and print out some information:

https://github.com/yahoo/rtrace/blob/master/Eucalyptus/examp...

If you're interested in contributing, the signal handler in Rtrace could use some cleanup. Helper methods for interacting with procfs and the process memory are always useful too.

Heres Chris Leary's patch for Firefox. A bit dated at this point though https://bugzilla.mozilla.org/show_bug.cgi?id=677272