cant wait till firefox does the same thing
https://press.opera.com/2024/04/03/ai-feature-drops-local-llms/
https://press.opera.com/2024/04/03/ai-feature-drops-local-llms/
Opera Newsroom
Opera becomes the first major browser with built-in access to local AI models
Opera announces that it’s adding experimental support for 150 local LLM (Large Language Model) variants to its Opera One browser in developer stream.
🔥2👍1
Forwarded from Dark horse (Fearless Soul🤴👨🦽)
How to Be Lucky
You make your own luck. There's a great experiment that I can't cite, but it has stuck in my mind since I was a child. They identified people as lucky and unlucky, and asked them to count the number of photographs in a newspaper. The unlucky people took a long time to count the photographs, while the lucky people took a very short time. The reason is that the unlucky people were so focused on counting the photographs that they missed the giant text that said, "Stop counting, there are 43 photographs in this newspaper."
What I took away from this experiment was the idea that it might not be the case that lucky people and unlucky people have different opportunities, but rather that their field of perception is wider. Lucky people can actually see the opportunities. A lucky person and an unlucky person might meet the same businessman, but they might talk about different things. One could be presented with or ask for an opportunity that the unlucky person doesn't even see as possible.
I often ask myself, "Okay, I'm focused on getting X, but let's not forget to read the headlines."
what do you think?
You make your own luck. There's a great experiment that I can't cite, but it has stuck in my mind since I was a child. They identified people as lucky and unlucky, and asked them to count the number of photographs in a newspaper. The unlucky people took a long time to count the photographs, while the lucky people took a very short time. The reason is that the unlucky people were so focused on counting the photographs that they missed the giant text that said, "Stop counting, there are 43 photographs in this newspaper."
What I took away from this experiment was the idea that it might not be the case that lucky people and unlucky people have different opportunities, but rather that their field of perception is wider. Lucky people can actually see the opportunities. A lucky person and an unlucky person might meet the same businessman, but they might talk about different things. One could be presented with or ask for an opportunity that the unlucky person doesn't even see as possible.
I often ask myself, "Okay, I'm focused on getting X, but let's not forget to read the headlines."
what do you think?
❤2
Dark horse
How to Be Lucky You make your own luck. There's a great experiment that I can't cite, but it has stuck in my mind since I was a child. They identified people as lucky and unlucky, and asked them to count the number of photographs in a newspaper. The unlucky…
the unlucky 305 peeps who didn't read the instruction 😂
😁10
so yeah I'm kinda back from a 4-month break. The only thing rising faster than my anxiety about returning to posting is the dollar exchange rate. 😭 Let's hope my jokes haven't depreciated as much as the money.
tbh, it feels good to be back to posting and am ready to share all the things I've been up to (namely, reading random stuffs and contemplating the meaning of life 🗿 ).
(P.S. If you see me suddenly selling off my laptop and entire wardrobe, it's not a midlife crisis, it's just me trying to stay ahead of inflation 😂)
tbh, it feels good to be back to posting and am ready to share all the things I've been up to (namely, reading random stuffs and contemplating the meaning of life 🗿 ).
(P.S. If you see me suddenly selling off my laptop and entire wardrobe, it's not a midlife crisis, it's just me trying to stay ahead of inflation 😂)
😁15🔥5🎉1
Understanding Stack-Based Buffer Overflows in Programming
let's dive deep into one of the classic yet crucial vulnerabilities in programming – the Stack-Based Buffer Overflow. This bug has a legendary status for causing some of the most catastrophic breaches.
What is a Buffer Overflow?
Imagine you have a sequence of boxes, and each box can hold a single alphabet. What happens if you try to stuff more alphabets than the boxes can hold? Simply, the extra alphabets will overflow onto adjacent spaces. In the realm of computing, these "boxes" are memory locations, and "alphabets" are data bytes.
A buffer is a sequential memory block reserved to contain data. A buffer overflow occurs when the volume of data exceeds its storage capacity, leading to adjacent memory locations being overwritten. This can cause erratic program behavior, including access violations, data corruption, and crashes.
The stack is a special region of the computer's memory that stores temporary variables created by each function (including the main function). It also keeps track of function calls to manage return addressing. The stack is structured in a last-in, first-out (LIFO) manner.
In a stack-based buffer overflow scenario, the buffer is located on the stack. Typically, this kind of overflow is caused by functions like
the code can be exploited if input contains more than 10 characters.
How Does Overflow Work?
Here's a simplified view:
1. Function Call Initiated: When a function is called, it is pushed onto the stack with all its parameters and local variables.
2. Buffer Overwritten: If a local buffer is flooded with more data than it can handle, this excess data spills over adjacent buffer areas. Crucially, if this overflow overwrites the return address stored on the stack, an attacker can potentially control the flow of execution.
3. Control Hijacked: By carefully crafting the overflowing content, an attacker could redirect the program’s execution to malicious code.
Preventing Buffer Overflows
Mitigating buffer overflow vulnerabilities mainly involves careful programming practices:
- Bounds Checking: Always check the size of the input against the buffer's capacity.
- Safe Functions: Use safer versions of functions where possible, such as
- Canaries: Some compilers insert 'canaries'—special guard variables to detect buffer overflows before tampering with function return addresses.
- Address Space Layout Randomization (ASLR): ASLR randomly rearranges the address space positions of key data areas of a process, which reduces the likelihood of a successful buffer overflow attack.
Incidents
Historically, buffer overflows have been responsible for major security incidents, including the infamous Morris Worm of 1988. Despite modern security mechanisms like DEP (Data Execution Prevention) and ASLR, buffer overflows are still found and exploited.
Concluding Thoughts
knowing stack-based buffer overflows is more than just about handling arrays or pointers in programming; it's about having a mindset that questions, 'What can go wrong?'
#TakeAByte #BufferOverflow #StackOverflow #pentest
@Mi_Ra_Ch
let's dive deep into one of the classic yet crucial vulnerabilities in programming – the Stack-Based Buffer Overflow. This bug has a legendary status for causing some of the most catastrophic breaches.
What is a Buffer Overflow?
Imagine you have a sequence of boxes, and each box can hold a single alphabet. What happens if you try to stuff more alphabets than the boxes can hold? Simply, the extra alphabets will overflow onto adjacent spaces. In the realm of computing, these "boxes" are memory locations, and "alphabets" are data bytes.
A buffer is a sequential memory block reserved to contain data. A buffer overflow occurs when the volume of data exceeds its storage capacity, leading to adjacent memory locations being overwritten. This can cause erratic program behavior, including access violations, data corruption, and crashes.
The stack is a special region of the computer's memory that stores temporary variables created by each function (including the main function). It also keeps track of function calls to manage return addressing. The stack is structured in a last-in, first-out (LIFO) manner.
In a stack-based buffer overflow scenario, the buffer is located on the stack. Typically, this kind of overflow is caused by functions like
strcpy() or sprintf(), which do not perform bounds checking when copying data to a buffer. for instance check the following code void my_function(char *input) {
char buffer[10]; // Buffer size is 10 bytes
strcpy(buffer, input); // No bounds checking!
// ... more code ...
}
the code can be exploited if input contains more than 10 characters.
How Does Overflow Work?
Here's a simplified view:
1. Function Call Initiated: When a function is called, it is pushed onto the stack with all its parameters and local variables.
2. Buffer Overwritten: If a local buffer is flooded with more data than it can handle, this excess data spills over adjacent buffer areas. Crucially, if this overflow overwrites the return address stored on the stack, an attacker can potentially control the flow of execution.
3. Control Hijacked: By carefully crafting the overflowing content, an attacker could redirect the program’s execution to malicious code.
Preventing Buffer Overflows
Mitigating buffer overflow vulnerabilities mainly involves careful programming practices:
- Bounds Checking: Always check the size of the input against the buffer's capacity.
- Safe Functions: Use safer versions of functions where possible, such as
strncpy() over strcpy().- Canaries: Some compilers insert 'canaries'—special guard variables to detect buffer overflows before tampering with function return addresses.
- Address Space Layout Randomization (ASLR): ASLR randomly rearranges the address space positions of key data areas of a process, which reduces the likelihood of a successful buffer overflow attack.
Incidents
Historically, buffer overflows have been responsible for major security incidents, including the infamous Morris Worm of 1988. Despite modern security mechanisms like DEP (Data Execution Prevention) and ASLR, buffer overflows are still found and exploited.
Concluding Thoughts
knowing stack-based buffer overflows is more than just about handling arrays or pointers in programming; it's about having a mindset that questions, 'What can go wrong?'
#TakeAByte #BufferOverflow #StackOverflow #pentest
@Mi_Ra_Ch
🔥3
Winlator is an Android application that allows you to run Windows applications using Wine and Box86/Box64
[GitHub link]
#apps #android
@Mi_Ra_Ch
[GitHub link]
#apps #android
@Mi_Ra_Ch
Pointers in Go: A Friendly Guide
Pointers can be one of the more daunting topics for newcomers to the Go programming language—or any language, for that matter. . In the world of Go programming, pointers play a vital role, allowing you to access and modify data stored at various locations in your computer's memory.
so yeah what are pointers anyway ?
Essentially, a pointer references a memory location where data is stored rather than the data itself. Think of it like the address of a house—the address isn't the house itself, but it tells you where the house is located.
why use pointers ?
Pointers are powerful tools in Go because they allow you to:
- Modify data stored elsewhere: Since variables passed into functions are passed by value (i.e., a copy is created), without pointers, any modifications you make inside the function won’t affect the original variable. Pointers address this by allowing functions to modify the original variable directly.
- Optimize performance: Using pointers can be more efficient in terms of both memory usage and execution time. By passing around a memory address instead of large structs or objects, you cut down on the overhead required by copying large amounts of data.
basics of pointer syntax
In Go, a pointer is defined by placing a
Here's an example:
In this example,
Dereferencing Pointers
Dereferencing is the act of accessing the value at the memory address the pointer is pointing to. You dereference a pointer by placing an
Using the earlier example:
By prefixing
working with pointers in functions
One common use of pointers is to modify a variable inside a function:
This function changes the value of
pointer gotchas
While powerful, pointers need to be used with care to avoid common mistakes such as:
- Null pointer dereferencing: Accessing a pointer that hasn't been initialized can cause runtime errors because there’s no valid memory address to access.
- Memory leaks: This occurs when memory is allocated but not properly released, a more typical issue with languages that require manual memory management. Go's garbage collector significantly mitigates this risk, but it's good practice to keep track of your memory allocations.
best practices with pointers
- Use pointers when you need to modify the data being passed to a function.
- Consider the overhead of copying large structs vs. using pointer semantics.
- Avoid relying too much on pointers, as it might make your code harder to understand and maintain.
concluding thoughts
Pointers are a fundamental concept that can be powerful tools for efficient programming in Go. Think of them as arrows pointing to data locations. Understanding this simple analogy can make using pointers less daunting.
#TakeAByte #golang #pointers
@Mi_Ra_Ch
Pointers can be one of the more daunting topics for newcomers to the Go programming language—or any language, for that matter. . In the world of Go programming, pointers play a vital role, allowing you to access and modify data stored at various locations in your computer's memory.
so yeah what are pointers anyway ?
Essentially, a pointer references a memory location where data is stored rather than the data itself. Think of it like the address of a house—the address isn't the house itself, but it tells you where the house is located.
why use pointers ?
Pointers are powerful tools in Go because they allow you to:
- Modify data stored elsewhere: Since variables passed into functions are passed by value (i.e., a copy is created), without pointers, any modifications you make inside the function won’t affect the original variable. Pointers address this by allowing functions to modify the original variable directly.
- Optimize performance: Using pointers can be more efficient in terms of both memory usage and execution time. By passing around a memory address instead of large structs or objects, you cut down on the overhead required by copying large amounts of data.
basics of pointer syntax
In Go, a pointer is defined by placing a
* before a type. Let’s say you are dealing with an int. A pointer to an int is declared as *int.Here's an example:
var a int = 58
var p *int = &a
In this example,
a is a regular integer, and p is a pointer to an integer. The &a expression fetches the address of a, hence, p holds the address where the integer value 58 is stored, not the number 58 itself.Dereferencing Pointers
Dereferencing is the act of accessing the value at the memory address the pointer is pointing to. You dereference a pointer by placing an
* before it. Using the earlier example:
fmt.Println(*p) // This will print 58
By prefixing
p with an *, you fetch the value stored at the address p points to—the content of the house rather than its address.working with pointers in functions
One common use of pointers is to modify a variable inside a function:
func modifyValue(num *int) {
*num = 10
}
func main() {
a := 5
modifyValue(&a)
fmt.Println(a) // Prints 10
}This function changes the value of
a in the main function by passing the address of a to modifyValue.pointer gotchas
While powerful, pointers need to be used with care to avoid common mistakes such as:
- Null pointer dereferencing: Accessing a pointer that hasn't been initialized can cause runtime errors because there’s no valid memory address to access.
- Memory leaks: This occurs when memory is allocated but not properly released, a more typical issue with languages that require manual memory management. Go's garbage collector significantly mitigates this risk, but it's good practice to keep track of your memory allocations.
best practices with pointers
- Use pointers when you need to modify the data being passed to a function.
- Consider the overhead of copying large structs vs. using pointer semantics.
- Avoid relying too much on pointers, as it might make your code harder to understand and maintain.
concluding thoughts
Pointers are a fundamental concept that can be powerful tools for efficient programming in Go. Think of them as arrows pointing to data locations. Understanding this simple analogy can make using pointers less daunting.
#TakeAByte #golang #pointers
@Mi_Ra_Ch
⚡4
from "I want to be a doctor in the future" to "I just wanna be able to pay my bills" gotta be the most dramatic transition of my life 🥲
😢6😁4💔2
just wrote a package in Go. it's a link preview library and extracts the components needed for previewing links from a provided URL. It also has a caching feature and customizable user agent.
It's been indexed on official GoDocs site too.
[GitHub Repo] [GoDocs index]
#MyProjects #linkpreview #golang
@Mi_Ra_Ch
go get github.com/AmanuelCh/linkpreview
It's been indexed on official GoDocs site too.
[GitHub Repo] [GoDocs index]
#MyProjects #linkpreview #golang
@Mi_Ra_Ch
🔥5
Mira
just wrote a package in Go. it's a link preview library and extracts the components needed for previewing links from a provided URL. It also has a caching feature and customizable user agent. go get github.com/AmanuelCh/linkpreview It's been indexed on official…
feels great watching your packages making it to the GoDocs 🤗
for my fellow gophers, you can import the package and start using it in your projects when you need it. The README file on the GitHub repo shows you how to use it.
for my fellow gophers, you can import the package and start using it in your projects when you need it. The README file on the GitHub repo shows you how to use it.
🔥10
Fuzzing: The ultimate stress test for your software
What is Fuzzing?
Fuzzing, or fuzz testing, is an automated software testing technique that involves providing a program with invalid, unexpected, or random data as inputs. The goal? To uncover bugs, security vulnerabilities, and other issues that could lead to system crashes or exploits. Imagine throwing a bunch of weird inputs at your software and seeing what breaks—that’s fuzzing in a nutshell!
Why Fuzzing Matter
In today’s digital landscape, security is everything. With cyber threats lurking around every corner, developers need effective ways to identify vulnerabilities before they can be exploited. Fuzzing helps in:
Finding Bugs: It can reveal issues that traditional testing methods might miss, especially edge cases that occur under unusual conditions.
Enhancing Security: By identifying vulnerabilities, fuzzing helps developers patch holes before they can be exploited by malicious actors.
Automating Testing:
Fuzzing can run continuously, making it easier to integrate into CI/CD pipelines, allowing for rapid feedback and quicker fixes.
How Fuzzing Works
Fuzzing can be broken down into a few key steps:
Input Generation: The fuzzer generates a large number of inputs, which can be random or
based on predefined templates. Some fuzzers use smart algorithms to create inputs that are more likely to trigger bugs.
Execution: The generated inputs are fed into the target program. This is where the magic happens—if the program crashes or behaves unexpectedly, that’s a
potential bug!
Monitoring: The fuzzer monitors the program’s behavior during execution. If it detects a crash, it logs this information for further analysis.
Reporting: Finally, the fuzzer compiles a report detailing the inputs that caused
issues, allowing developers to investigate and fix the bugs.
Types of Fuzzing
Black-Box Fuzzing: This approach treats the software as a black box, focusing solely on inputs and outputs without any knowledge of the internal workings. It’s
like throwing spaghetti at the wall to see what sticks.
White-Box Fuzzing: Here, the fuzzer has access to the source code and can generate inputs based on code paths. This method is more efficient but requires more setup.
Grey-Box Fuzzing: A hybrid approach that combines elements of both black-box and white-box fuzzing. It uses some knowledge of the code while still testing the software as a black box.
Popular Fuzzing Tools
There are several fuzzing tools available, each designed for different scenarios. Here are a few heavy hitters in the fuzzing arena:
American Fuzzy Lop (AFL): This is a popular grey-box fuzzer that uses genetic algorithms to
discover new test cases. It’s particularly good at finding memory corruption bugs and is widely used in the security community.
LibFuzzer: Part of the LLVM project, LibFuzzer is a white box fuzzer that performs coverage-guided fuzzing. It’s super effective for testing libraries and can be integrated into existing projects easily.
OSS-Fuzz: A continuous fuzzing service provided by Google for open-source projects. It integrates with other fuzzing tools to continuously test software and
report bugs, helping maintainers keep their projects secure.
Peach Fuzzer: This tool is great for fuzzing network protocols and file formats. It allows testers to define custom data models for generating test inputs, making it highly customizable.
Boofuzz: A fork of the Sulley Fuzzing Framework, Boofuzz is designed for network protocol fuzzing. It’s user-friendly and allows for easy customization
of network protocol specifications.
Real-World Applications of Fuzzing
Fuzzing isn’t just a theoretical exercise; it’s been used in
real-world scenarios to uncover critical vulnerabilities. Here are a couple of notable examples:
Because sometimes, the best way to break things is to break them randomly. -- Me lol
What is Fuzzing?
Fuzzing, or fuzz testing, is an automated software testing technique that involves providing a program with invalid, unexpected, or random data as inputs. The goal? To uncover bugs, security vulnerabilities, and other issues that could lead to system crashes or exploits. Imagine throwing a bunch of weird inputs at your software and seeing what breaks—that’s fuzzing in a nutshell!
Why Fuzzing Matter
In today’s digital landscape, security is everything. With cyber threats lurking around every corner, developers need effective ways to identify vulnerabilities before they can be exploited. Fuzzing helps in:
Finding Bugs: It can reveal issues that traditional testing methods might miss, especially edge cases that occur under unusual conditions.
Enhancing Security: By identifying vulnerabilities, fuzzing helps developers patch holes before they can be exploited by malicious actors.
Automating Testing:
Fuzzing can run continuously, making it easier to integrate into CI/CD pipelines, allowing for rapid feedback and quicker fixes.
How Fuzzing Works
Fuzzing can be broken down into a few key steps:
Input Generation: The fuzzer generates a large number of inputs, which can be random or
based on predefined templates. Some fuzzers use smart algorithms to create inputs that are more likely to trigger bugs.
Execution: The generated inputs are fed into the target program. This is where the magic happens—if the program crashes or behaves unexpectedly, that’s a
potential bug!
Monitoring: The fuzzer monitors the program’s behavior during execution. If it detects a crash, it logs this information for further analysis.
Reporting: Finally, the fuzzer compiles a report detailing the inputs that caused
issues, allowing developers to investigate and fix the bugs.
Types of Fuzzing
Black-Box Fuzzing: This approach treats the software as a black box, focusing solely on inputs and outputs without any knowledge of the internal workings. It’s
like throwing spaghetti at the wall to see what sticks.
White-Box Fuzzing: Here, the fuzzer has access to the source code and can generate inputs based on code paths. This method is more efficient but requires more setup.
Grey-Box Fuzzing: A hybrid approach that combines elements of both black-box and white-box fuzzing. It uses some knowledge of the code while still testing the software as a black box.
Popular Fuzzing Tools
There are several fuzzing tools available, each designed for different scenarios. Here are a few heavy hitters in the fuzzing arena:
American Fuzzy Lop (AFL): This is a popular grey-box fuzzer that uses genetic algorithms to
discover new test cases. It’s particularly good at finding memory corruption bugs and is widely used in the security community.
LibFuzzer: Part of the LLVM project, LibFuzzer is a white box fuzzer that performs coverage-guided fuzzing. It’s super effective for testing libraries and can be integrated into existing projects easily.
OSS-Fuzz: A continuous fuzzing service provided by Google for open-source projects. It integrates with other fuzzing tools to continuously test software and
report bugs, helping maintainers keep their projects secure.
Peach Fuzzer: This tool is great for fuzzing network protocols and file formats. It allows testers to define custom data models for generating test inputs, making it highly customizable.
Boofuzz: A fork of the Sulley Fuzzing Framework, Boofuzz is designed for network protocol fuzzing. It’s user-friendly and allows for easy customization
of network protocol specifications.
Real-World Applications of Fuzzing
Fuzzing isn’t just a theoretical exercise; it’s been used in
real-world scenarios to uncover critical vulnerabilities. Here are a couple of notable examples:
👍1
Google’s OSS-Fuzz Initiative:
Since its launch, Google’s OSS-Fuzz has helped identify over 8,800 vulnerabilities across various open-source projects. By continuously fuzzing these projects, Google has significantly improved the security
posture of many widely-used software applications.
The Month of Kernel Bugs:
This initiative revealed numerous vulnerabilities in the Linux kernel through targeted fuzzing efforts. By focusing on kernel-level code, researchers were able to discover and patch critical flaws that could have been exploited by attackers.
Best Practices for Fuzzing
To get the most out of fuzzing, here are some best practices to keep in mind:
Integrate with CI/CD: Incorporate fuzzing into your continuous integration and delivery pipelines to catch bugs early.
Use Feedback-Based Fuzzing: Leverage tools that provide feedback on code coverage to improve the efficiency of your fuzzing efforts.
Automate Bug Triage: Use automated tools to categorize and prioritize bugs based on their severity, making it easier to manage and address issues.
Document Findings: Keep detailed records of the inputs that caused crashes or unexpected behavior. This will help developers understand and fix the underlying issues.
Concluding Thoughts
Fuzzing is an essential technique in the software testing toolkit, especially in today’s security-conscious environment. By throwing unexpected inputs at your software, you can uncover hidden vulnerabilities and bugs that might otherwise go unnoticed.
#TakeAByte #fuzzing #pentest
@Mi_Ra_Ch
Since its launch, Google’s OSS-Fuzz has helped identify over 8,800 vulnerabilities across various open-source projects. By continuously fuzzing these projects, Google has significantly improved the security
posture of many widely-used software applications.
The Month of Kernel Bugs:
This initiative revealed numerous vulnerabilities in the Linux kernel through targeted fuzzing efforts. By focusing on kernel-level code, researchers were able to discover and patch critical flaws that could have been exploited by attackers.
Best Practices for Fuzzing
To get the most out of fuzzing, here are some best practices to keep in mind:
Integrate with CI/CD: Incorporate fuzzing into your continuous integration and delivery pipelines to catch bugs early.
Use Feedback-Based Fuzzing: Leverage tools that provide feedback on code coverage to improve the efficiency of your fuzzing efforts.
Automate Bug Triage: Use automated tools to categorize and prioritize bugs based on their severity, making it easier to manage and address issues.
Document Findings: Keep detailed records of the inputs that caused crashes or unexpected behavior. This will help developers understand and fix the underlying issues.
Concluding Thoughts
Fuzzing is an essential technique in the software testing toolkit, especially in today’s security-conscious environment. By throwing unexpected inputs at your software, you can uncover hidden vulnerabilities and bugs that might otherwise go unnoticed.
#TakeAByte #fuzzing #pentest
@Mi_Ra_Ch
⚡1