Mastodawn

Lee Yingtong Li Mar 31, 2024

Mar 30, 2024

I have managed to extract a list of encoded strings within the liblzma/xz backdoor payload (5.6.1):

https://gist.github.com/q3k/af3d93b6a1f399de28fe194add452d01

The code has a dictionary of strings that are encoded as a prefix trie, which helps to keep things stealthy. This is eg. then used to look up symbols, eg. bd_elf_lookup_hash(..., 0x2b0, ...) means bd_elf_lookup_hash(..., "__libc_stack_end", ...). This is also why it's slow :).

This should bring us one step closer to knowing what the binary payload does.

liblzma backdoor strings extracted from 5.6.1 (from a built-in trie)

liblzma backdoor strings extracted from 5.6.1 (from a built-in trie) - hashes.txt

Gist

Lee Yingtong Li Dec 30, 2023

This is only 6% slower than the optimized version by @RunasSudo, but way more readable, IMHO (benchmark done with criterion).

The trick is to _reuse_ the parsed record. This here:

while reader.read_record(&mut record)?

The record changes every iteration, while it's memory gets reused.

Don't get me wrong, we should definitely explore optimizations and sometimes "off-the-shelf" solutions are not enough, but in this case csv crate is already fast enough.

2/3

Lee Yingtong Li Sep 23, 2023

Lup Yuen Lee 李立源 Sep 23, 2023

#RISCV Micro #Linux Distro (#QEMU)

https://popovicu.com/posts/making-a-micro-linux-distro/

Making a micro Linux distro

A guide on building a simple Linux distribution from scratch. Detailed guide on building the kernel and the init process. Finally, a little distribution is built with u-root that is capable of connecting to the Internet.

Lee Yingtong Li Sep 14, 2023

Ominous...

Lee Yingtong Li Jul 17, 2023

what is happening in the indie games community 😳 #gaming #grimace

Lee Yingtong Li Jul 15, 2023

Dot Maetrix Jul 13, 2023

"Your gender is immutable. You cannot edit it, citizen!" the cop growls. I tear off a small tab of sellotape and tape it over my gender's write protect notch. The cop screams.

Lee Yingtong Li Jul 11, 2023

kasdeya Jul 10, 2023

I think about this every time I SSH

Lee Yingtong Li Jul 10, 2023

gabriel Jul 9, 2023

uh were any of you people who signed up to #threads actually paying attention to the onboarding flow?

Lee Yingtong Li Jul 10, 2023

e(Ag)le Jul 10, 2023

A new study shows a whopping 87% of games released prior to 2010 are no longer available for sale or download by any means other than the second-hand market and archival/"piracy": http://gamehistory.org/87percent/

Proof if you ever needed it that the community is doing the work that corporate interests won't do to preserve gaming history and the slice of culture it represents.

We are living in an age when it is so astonishingly cheap to keep copies of things around and yet the perverse incentives exist for companies to memory-hole anything that doesn't perform well or that might compete with newer offerings.

IMO, in the big picture this is what legislation is for, correcting a horrible tendency that the market will have if left to its own devices, and there should absolutely be legislation protecting archivists of content that's no longer available for sale, or even requiring that content creation companies keep content available in SOME form. Until then, we depend on each other to do this.

87% Missing: the Disappearance of Classic Video Games | Video Game History Foundation

New study reveals most classic video games are completely unavailable

Video Game History Foundation

Lee Yingtong Li Jul 9, 2023

Dutch Barracuda🏳️‍🌈🛠☢️🌎♻️Jul 8, 2023

Something that bugs me so much when people complain about the complexity of Mastodon or decentralized services, is that they've done it already.

Email. It's just like fucking email.
You choose a provider, you get an address, and then you share that address with others.

That's it. That's all there's too it.
You change email providers? You share your new address.

#rant #FOSS #decentralization #opensource