Posts

Aim Finding 'Heartbleed' class of bugs with taint analysis. Background reading: https://heartbleed.com/ Motivation While Coverity is now able to detect this bug, we wanted to evaluate the state of open-source security tooling in 2024. Have we been able to reduce the cost of finding such bugs after all these years? The Idea Can we find an execution path from the tainted data in the n2s function to sensitive functions? Since n2s typically operates on network received bytes, it can serve as a taint source. ...

This notebook (aka 'blog') is powered by free solar energy! I was (and am) inspired to start writing again by reading this excellent article by 'LOW←TECH MAGAZINE'. Imitation is the sincerest form of flattery… Tech stack: Navitas 100W Solar Panel, Exide solar charge controller (10A), Exide Solar Blitz 40AH battery, 200W 20A DC-DC CC CV Buck module (Robu), Cuzor Mini Pro RouterUPS (12V), LM2596S DC-DC 24V/12V to 5V 5A Step Down USB module, Raspberry Pi Zero 2W ...