yifanlu's comments

I mean having a good UI is great but without the features to back it up, you can’t do anything serious. I tried cutter again a few months ago and went back to ida after an hour of frustration. When handed a binary dump with no executable format or symbols, cutter just chokes while IDA was able to quickly find 90% of functions in memory as well as data xrefs and strings and so on.

I’m sure everything performs well on ELFs built with -O0 -g but in most real world usage, Ida is queen.

Since everything is open source, if ghidra is as good as people say it is, I’m sure people will make better guis for it (and tui) in no time.

From someone who does binary reverse engineering full time, in my experience, BinaryNinja, Hopper, radare2, etc are toys compared to IDA Pro + Hex Rays Decompiler. The quality of the results and the features supported are unmatched... until now. I haven’t spent too much time with ghidra yet but it’s the real deal. The output of the decompiler looks alright (not complete garbage like I’ve seen with other tools). Even if everything else sucks, the decompiler by itself makes it outrank every other tool aside from IDA. And it costs $10k less! The fact that it’ll be open source is just icing on the cake.

Talk to your lawyer. I’m not sure what the point of this post is. If it’s a PSA/warning, then you need to provide more proof. If you’re really seeking legal advice from an internet link aggregator, then the best advice you’ll get here is to talk to an actual lawyer.

Assuming everything he says is 100% true. Why can’t some people just work on things that interest them because they interest them? Why does everything need to be “useful” (as in useful right here right now)? Okay resource is finite and has to be allocated. But so what? What’s the point of science and technology if not to enable others to have a more meaningful life? For some, that meaning is in exploring “useless” problems. Let the people who want to make better classical computers do so. Let people who want to study quantum computers do so. I can assure you that the number of people who study/work on quantum computers is so low that convincing all of them to drop their work and do something more “practical” will not make the world a better place.

I haven’t used amazon for a while (and haven’t had prime in years) and a couple months ago, after reading some posts about amazon I decided to see what my life would have been like if I had used amazon exclusively for all my non-grocery shopping.

Rules: I only buy it if it’s Prime eligible, otherwise it’s skipped. If I bought something because it’s on sale, I take the lowest price amazon ever offered for that item (with prime). Otherwise, I take the price of the item on the same day.

Results: https://i.imgur.com/kDeM2pM.jpg I saved about $330 by not having a prime membership and buying stuff only from prime eligible stores. However I spent at most 27 more days waiting for items (in reality a lot of these shipping times overlapped).

So the takeaway is that amazon made things easier and faster but not cheaper. I know a lot of people still think amazon is the cheapest place to get things but that hasn’t been true for a while.

Air travel isn’t always a luxury expense. Some people can’t afford anything except the cheapest ticket. It’s rather dismissive to blame them instead of the large airline companies who want to make a profit. Just because you can buy a more expensive ticket for better seating doesn’t mean everyone can.

A Raspberry Pi Zero is $5, runs ARM, has tonnes of community support, and is available to ship outside of china. If you look at taobao/aliexpress/ebay, there are also hundreds of RPI clones and ARM development boards and even FPGA boards < $10. What makes this interesting?

Apple seemed to be very reasonable here—they reached out to the developer sensing their frustration with advice on getting their app approved. Seems to me that apple wants to help this to get approved by investing the effort of calling the developer. Remember all the complaints about how apple doesn’t communicate with developers? Seems like they’re trying to do better and I never saw any angry app updates. I mean maybe the policy is silly but there’s better ways to protest than passive aggressive release notes that would confuse the users. I mean there’s a lot of disagreeable things Apple does but is this really the hill you chose to die on?

Supply chain security is a known problem with mitigations. Don’t think all these billion dollar companies haven’t thought about the issue of having a third party implement their designs. Just like with software security, there’s no perfect solution but it’s highly unlikely China can easily bug devices sold in America without being detected. With software, you have cryptography to protect you. With hardware, you can buy chips not designed in China (which afaik is most chips). Even if the chip is manufactured in China, it’s not trivial to add in backdoor logic and have the design still work and not detectable by the designers (fabs are handed the equalivant of object code, not the source code).

All that aside I find issue with the thesis of your question. Assuming the Taiwan, South Korea, Japan are the same as China is naive at best and racist at worst. So asking about “phones not made in Asia” is meaningless (not to mention Asia also includes India, etc). Even if read by the spirit of the question and not the word of it, it feels very anti-globalist and protectionalistic which itself is not an issue but instead of repeating arguments against it, I’ll just refer you to the body of literature about the whole debate.

Because AT&T is DSL, Comcast is cable, and Verizon is Fiber. If you want the fastest internet, you really don’t have a choice. And telling people “you have a choice, just switch to something slower” is not the same as “you have a choice, download the podcast elsewhere” because in the second case you get the same quality (lol I said quality when referring to infowars but I digress) podcast.

No, because ISPs are natural monopolies (https://en.wikipedia.org/wiki/Natural_monopoly). The government allows them to have a regional monopoly in exchange for investing in the infrastructure. As such, there’s no easy way for competition to happen. (You would have to invest in a new infrastructure. Notice how you never have two cable companies or two DSL companies unless it’s one company selling under two names). The reason net neutrality is a big deal is because ISPs want their cake and eat it too. They like the protections of a natural monopoly but they don’t like the regulations that comes with it.

So ISPs dictating what content is acceptable would be like your garbage collection company refusing to collect political flyers for an opposing party or something. Even though it’s not technically the government, I would see it as a government sponsored entity.

Now if you want something compariable, consider the bakery refusing to serve a gay couple. Even though I support gay rights, I agree there with the Supreme Court that a private entity should not be forced to endorse speech they do not agree with. And that would be what Apple is doing here.

Let’s stop pretending that we, as a society, care about fairness here. Rich people always get away with more shit. Let’s just enjoy one rich asshole getting part of what he deserved instead of lamenting about how a second rich asshole didn’t. And yes, I said to enjoy it because don’t pretend these stories means anything more to you than the entertainment value. Either you ignore them or you acknowledge it is tabloid drama that you enjoy (I am in the latter group). Dude was a rich asshole who took internet trolling from a middle school hobby to a lifestyle. The deck was stacked in his favor and he still blew it. That’s what we care about and why we like this story.

The post was from 16 days ago right? Did Apple fix it?

Just a half minute skim shows the author claims it passes the natural proof barrier but makes no claim about it being non-relativizing or non-algebraizing.

> Broadpwn is a fully remote attack against Broadcom’s BCM43xx family of WiFi chipsets, which allows for code execution on the main application processor in both Android and iOS.

This implies they have code execution on the application processor just from broadpwn (and not additional safari/ios exploits). Hijacking internet traffic is indeed serious but tech blog sites are already picking up on this and blowing it up. Example: https://9to5mac.com/2017/07/20/broadpwn-wifi-vulnerability-i...

> PSA: Update to iOS 10.3.3 to fix serious wifi vulnerability allowing attacker complete control

Right, I'm guessing they just patched the actual wifi chip vulnerability. That's why I would like someone (preferably the author) to disclose if there is indeed a privilege escalation or not and to provide more details if there is.

> Most modern systems have a MMU to prevent the peripheral from DMAing to memory areas not specifically reserved for it, but given (certainly Android) systems run oldschool kernels hacked together by the last kind of crowd you want working on them it's probably not enabled or setup correctly.

I'm not sure it's fair to assume iOS IOMMU isn't set up properly just because that's the case on many (most?) android phones. According to the author, most android phones don't even have KASLR which iOS had since iOS6. I would assume IOMMU exists and is working properly unless someone has evidence otherwise (quick google shows very little information on iOS + IOMMU). If a DMA attack is indeed successful on iOS devices, I think that would be substantial enough to write about.

> The other more obvious privilege escalation is that there is still a kernel driver on the application processor talking to the chipset.

I would consider that a separate exploit--but even then you still need a KASLR bypass (another exploit?) at the very least to gain control.

> so these often aren't written as defensive as they should be

On the contrary, the market rate for a iOS jailbreak chain is upwards $1 million USD so I'd be surprised if a single exploit gives you full system control.

The article mentions

> Broadpwn is a fully remote attack against Broadcom’s BCM43xx family of WiFi chipsets, which allows for code execution on the main application processor in both Android and iOS.

But it doesn't go into any details on this privilege escalation actually works for iOS and more specifically that it doesn't require additional exploits. Can anyone explain this in more detail? If this actually allows code execution on iOS application processor, that means we have a jailbreak right?

> Hickey created a malicious, macro-based Word document on his own computer that when opened would allow him to carry out a reflective DLL injection attack, allowing him to bypass the app store restrictions by injecting code into an existing, authorized process.

That's enough to show that you could have run ransomware. Unsigned code execution under Word privileges (which presumably has write permissions to user documents) is enough to encrypt user documents.

I think the point is that it's dishonest/irresponsible for Microsoft to advertise 10 S in this way. Even though technically they're not saying you can't get hacked by ransomware--anyone without technical knowledge can reasonably assume that's the case. The article showed that MS didn't really put too much work into adding extra security/mitigation. Just shutting down side loading isn't work proportional to what they advertise.

Contracts have many terms that haven't been legally tested. The idea is that you put in words that will protect you in court if it ever comes to it. It gives them more options to pursue a legal argument--chances are though if their best argument involves this clause, the case is their's to lose.