Mark Reid

@mdreid
1,070 Followers
711 Following
1.4K Posts

Work: Machine Learning Engineer at Apple, previously a Research Fellow in learning theory at the Australian National University.

Play: #trailrunning, #marathon, #eurorack, #jazz, #guitar, #piano, #bass, #snowboarding, #gogame, #photography

Based in Canberra, Australia 🇦🇺.

Webhttps://mark.reid.name
Bandcamphttps://markreid.bandcamp.com
PixelFedhttps://pixelfed.social/mdreid/
Stravahttps://strava.com/athletes/5613084
Mark Reid7h ago

Some recent reading.

#jazz #books

Show threadMark Reid2d ago
I had been aware of the original DeCSS “illegal prime” from the late 90s / early 2000s, as well as the textbook I used for my undergrad cryptography course – Schneier’s “Applied Crypotgraphy” – being classified by the NSA as a non-exportable munition but somehow missed this later development and flag.
Mark Reid2d ago

TIL about the “Free Speech Flag”: https://en.wikipedia.org/wiki/Free_Speech_Flag

It’s an encoding of a secret key – 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 – that was used to copy protect HD DVDs and Blue Ray discs in the mid-2000s. This key was considered a so called “illegal number” since publishing it was tantamount to breaking a legally protected encryption scheme.

The flag consists of five colours whose RGB hex values are the first 15 bytes of the secret key and the C0 is printed in the lower right.

Mark Reid3d ago

RE: https://mastodon.social/@mdreid/116292374264941891

Correction: It’s just cache invalidation, naming things, and serving Doom:

https://blog.rice.is/post/doom-over-dns/

(I was off-by-one)

Mark Reid3d ago
k3ym𖺀3d ago

In today's episode of "Can It Run Doom": DNS fucking TXT records.

Some absolute madlad (cough Adam Rice cough) compressed the entire shareware DOOM WAD, split it into around 1,964 chunks, shoved them into Cloudflare TXT records, and wrote a PowerShell script that reassembles and runs the whole goddamn game from DNS queries alone. Nothing touches disk. The DLLs are in DNS. THE FUCKING DLLS ARE IN DNS.

RFC 1035 was written in 1987. Those engineers are spinning in their graves fast enough to generate municipal power.

Bonus: this is a fully functional globally-distributed covert data exfil channel that your NGFW will never fucking see if you're not doing deep DNS inspection. Sleep well.

blog: https://blog.rice.is/post/doom-over-dns/

repo: https://github.com/resumex/doom-over-dns

Also lmao @ every blue team that has never once looked at their DNS query volume. How's that DLP policy working out for you.

It was always DNS.

#infosec #dns #doom #itisalwaysdns

Mark Reid3d ago
vera grey 3d ago

RE: https://mastodon.social/@mdreid/116292374264941891

the reason so many trans people are in software is because they are predisposed for success: in the most vulnerable time of their lives they have to put up with naming things and cache invalidation

Show threadMark Reid4d ago
For the non-computer-science folks confused by this: these, along with off-by-one errors, are commonly described as the “two hardest problems in computer science”.
Mark Reid4d ago
OH: “What is it about DNS that people find so difficult? It’s just cache invalidation and naming things.”
Show threadMark ReidMar 22
This is all very timely as my eldest daughter has just started doing functions of complex variables in her final year of high school. It’s been fun to brush up on this stuff so I can help her with her homework questions.
Show threadMark ReidMar 22

Apart from Ahlfors “Complex Analysis”, this was about as good as it got for images of complex functions.

Sadly, Tristan Needham’s “Visual Complex Analysis” didn’t come out until several years after I finished my degree.