Notices by lcamtuf :verified: :verified: :verified: (lcamtuf@infosec.exchange), page 2

I've been working in cybersecurity for over 25 years. Here are my key insights.

Look, "never" is relative

The thing about social media is that it's easy to get a lot of followers if you post enough memes, but the engagement is stretched so thin that it no longer means anything.

Here's my Twitter example: 37k followers → 2.5k "views" → 26 clicks (0.07%).

You get more out of mailing a couple of friends.

Your privacy is very important to us. This is why we're sharing your data with our 278 advertising partners, and our partners' 4,728 partners, and their partners' 87,392 partners, UNDER THE FOLLOWING TERMS

Sir, I'm afraid your house is not wired for the latest Nvidia card

I keep coming across all these "pseudocode" examples on Wikipedia and in academic papers, and what I don't understand is why the authors can't just learn a real programming language

@againsthimself To prevent bit rot, we made sure that our code doesn't compile from day 1

OpenAI: how dare others take our... um... copyrighted stuff without asking to make their own LLM

C IS LEGAL AGAIN

One of the most common software engineering mistakes is the desire to build general-purpose platforms. You want to try your hand at game development, so you get sucked into building an engine to accommodate all your future ideas. You imagine the rest of the world using it, too.

In reality, writing the actual game is the hard part. Success is far more likely if you try doing that in the most expedient way and generalize later. As for the rest of the world, they usually look up to winners. A game engine on Github with no successful titles to its name is unlikely to get any views, let alone usage.

If you're determined to build a platform, there are three ways to win. One is to be the first to enter a new domain. Another is to spend *a lot* more time on community-building than on code. The last approach is to get corporate backing, so that you get a big "captive" audience with vested interest in your success.

Back in early 2023, I posted the code & hardware plans for a modernized clone of Sokoban, an obscure but *really* fun logic-puzzle game from the 1980s. Unlike most of the other "retro nostalgia" pieces, the game holds its own today.

https://lcamtuf.coredump.cx/sir-box-a-lot/

I handed it out to a bunch of friends. Few have heard of the game before; just as few could put it down once they started.

Unfortunately, because Sokoban is not exactly Pong, Space Invaders, or Snake, the project never garnered much attention from strangers. And keeping the project alive proved to be a chore because of post-COVID shortages. The MCU I relied on soon went out of stock. I redesigned for another chip... only for the OLED vendor to tell me they're discontinuing the display b/c *they* can't find the chips.

Anyway, I have a revised PCB and code for a new display ready to go, just need to test it IRL. And hey - have you considered a nice game of Sokoban?

Investigating an "evil" RJ45 dongle: https://lcamtuf.substack.com/p/investigating-an-evil-rj45-dongle

Youngsters find it hard to believe, but before Apple introduced the first cell phone, you had to carry one of these bad boys with you if you wanted to stay in touch with friends

Pundits: social media is an existential threat to the youth and to democracy itself

Government: ok we're gonna take away TikTok

Pundits: nooooooo I was using that

C pro trick! Let's say you have code like this, and you want to comment out a block of code - let's say, lines 5 to 7 - with some nested comments. A pain, right?

Well, not anymore -- not with my patented POWER COMMENT technique!

godbolt.org/z/nEqhbhbse

My new C programming book is slowly taking shape. If you want to learn along, let's start with the basics of control flow:

http://godbolt.org/z/3GerY3zEc

1/5

I think this makes sense
https://godbolt.org/z/3GerY3zEc

Customer: I need a canary for my coal mine

Security product vendor: you've come to the right place, we have a wide selection of stuffed birds

One of my favorite things is asking LLMs "what's wrong with <this>" when nothing is wrong with <this>. Works with code, circuit schematics, and so on.

You usually get a wall of *really* convincing text, and I imagine some poor student trying to make sense of this.