I use qemu-user to run applications. For programming and RE, qiling is more suitable.
Readit Newslqqq commented on Using QEMU-user emulation to reverse engineer binaries ariadne.space/2021/05/05/... · Posted by u/todsacerdoti
I am waiting for (YC22) BloodySell: Auction Your Blood Online
lqqq commented on A Simplified E-graph Implementation philipzucker.com/a-simpli... · Posted by u/philzook
Here's my honest feedback: I stopped reading after the author started driving into implementation details without explaining what the purpose of an e-graph is. We got the what, but not the why.
I find the tutorial quite approachable
https://docs.rs/egg/0.6.0/egg/tutorials/_01_background/index...
lqqq commented on NFTs unbundle ownership from enjoyment interjectedfuture.com/nft... · Posted by u/iamwil
> The artist, or a company, could easily just maintain a database showing who 'owns' which artwork NFT
What if hackers hack into it and scramble all the data. What if the artist happens to alter the data him/herself?
I think a decentralized database is a small benefit (when we're not discussing the environmental externalities).
> What if hackers hack into it and scramble all the data. What if the artist happens to alter the data him/herself?
The same questions also apply to blockchains. But if a blockchain is compromised, then who will I sue?
lqqq commented on Prince Harry joins $1bn Silicon Valley startup as senior executive theguardian.com/uk-news/2... · Posted by u/noir-york
I saw a lot life coach cults in recent years on Facebook/Twitter. They promise about improving mental health, career progression, dating life, ect. I believe they are mostly multi level marketing scams.
This is even beyond bs. What is he gonna do? Coach people how to born rich, how to cut ribbon? I hope there will be Kardashian life coach teaching me how to twerk. (Serious note: I know having him is good for business)
lqqq commented on Navigate your code like it's 2021 web.eecs.utk.edu/~azh/blo... · Posted by u/azhenley
The scrollable tiled window concept is really nice! I hope more softwares / desktop environment adopt this.
This alone does not beat search / recent buffer like features for me. Besides goto def feature, I usually use search in project, go to last changes and avy/kjump to navigate codebases.
The HN title is so confusing. If you don't get it at first like me: 4 means "for" here. That makes a lot more sense.
The state space is too large for these algorithms to be effective on Firefox as a whole, and there are many libraries we just don't care about when browser fuzzing.
eg. if AFL/libFuzzer manages to hit a path that makes an input appear as gz encoded, the "novel" zlib coverage is very attractive to the algorithm, but that's a very inefficient way to fuzz zlib.
Most of these libraries are targeted specifically by OSS-Fuzz [0] and their integration into Firefox is fuzzed with libFuzzer using the fuzzing interface andrei mentioned.
AFL is not that smart. If you only do bit flippings on the inputs, then fuzzing a JavaScript engine/dom engine will take forever. The "domino" (Mozilla internal tool) looks quite powerful as it generates semantically correct dom. Sadly, it is not open source. Google has a tool designed specifically to fuzz JavaScript engines, Fuzzilli[1], which hackers have been using for bug hunting.
lqqq commented on SymQEMU: Compilation-based symbolic execution for binaries s3.eurecom.fr/tools/symbo... · Posted by u/Rochus
I just discovered SymCC and wanted to play with it this weekend. Any tips from hackers using symbolic execution + fuzzing technique to hunt security bugs?
> on some benchmarks, it even achieves better performance than the source-based SymCC
This is cool.