infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

@pojntfx Reminds me of us nerds installing Linux then spending weeks tweaking our WMs, shells and editor configs...
this post | permalink
@UndeadLeech This is the most Linux post I've read in a long time!
this post | permalink
@mumblegrepper Just to be clear by "feedback" I meant "coverage feedback", reflecting on your post. You'll definitely need something to catch unexpected behavior and correlate it with your inputs but that's true for simple enumeration too.

100% agree on fuzzy definitions :)
this post | permalink
@mumblegrepper *tucks sleeve* fine, let's do some taxonomy!

I don't think feedback is relevant, the first fuzzers didn't use that.

I see two techniques often mixed up with "classical" fuzzing:

1) Trying identifiers, e.g. IDOR, URL paths, subdomains, etc. My argument here is since our inputs never trigger "new control-flows" this is not fuzzing. (It's tricky how we define control-flow in this case, but I think you get the point).

2) Vuln scanning with magic strings. Now you are right to point out that magic strings are definitely part of fuzzing (e.g. 0, -1, INT_MAX), and this is where the lines get blurry. My current working definition here is that fuzzing starts somewhere when you are physically limited in trying all reasonable inputs (note that no real filesystem will require a trillion ../'s to detect a path traversal) and systematic algorithms (e.g. adding one more backslash) aren't effective, so you might as well start gambling.

WDYT?
this post | permalink
@mumblegrepper Is it though? I remember that "pipe /dev/random to unix tools" paper as the original sin (which is random + open ended)?
this post | permalink
Worst part is they may be technically right
this post | permalink
[RSS] It rather involved being on the other side of the airtight hatchway: Tricking(?) a program into reading files

https://devblogs.microsoft.com/oldnewthing/20260216-00/?p=112065
this post | permalink
@mattblaze
this post | permalink
Amazingly, it's weekend and I kind of miss coding Rust.

If this is not Stockholm syndrome I don't know what is.

Anyway, I promised to finish my next #REshare exporter in a week two weeks ago so let's get back to Python!
this post | permalink
@amanda @b0rk Cross references, yes! How do I use those? Also, I just looked at `man man` and noticed that there is no ToC ("Is there even something about hotkeys in this thing?").
this post | permalink
Next Page