Archive for the ‘Development’ Category
Posted by jpluimers on 2025/11/25
The libc C standard library memcpy function is very fast, but because of that also very dumb and with a list of circumstances where its behaviour is undefined (a great opportunity to introduce vulnerabilities in your code). The specs of those are in [Wayback/Archive] memcpy, memcpy_s – cppreference.com, including:
The behavior is undefined if either dest or src is an invalid or null pointer.
With C compilers becoming smarter and smarter, their optimisations can hide the fact that you call memcpy with parameters causing undefined behaviour.
This is a nice example of that: [Wayback/Archive] Fix a crash trying to save an empty AudioStream by hpvb · Pull Request #100422 · godotengine/godot · GitHub
The change is relatively simple, but hardly shows why the change is there. Only one line got changed in [Wayback/Archive] Fix a crash trying to save an empty AudioStream by hpvb · Pull Request #100422 · godotengine/godot · GitHub
Read the rest of this entry »
Posted in C, Development, Software Development | Tagged: 100422, 97720, 97790 | Leave a Comment »
Posted by jpluimers on 2025/11/20
A longer while I ago, I could not find a URL that would bring up the BKSY post pop-up.
A while ago, I found out there is a compose intent URL: you can even add a text parameter with URL-encoded content!
[Wayback/Archive] Cory LaViska: “ooh you can create intent links for Bluesky” — Bluesky
[Wayback/Archive] bafkreig4tmnf44akrfnqvuvinsj6pkg4zsosu5uivwpgqypkpgree247xq@jpeg (1000×425)
The below queries revealed various other posts indicating the same:
Read the rest of this entry »
Posted in Development, Encoding, HTML, Software Development, URL Encoding, Web Development | Leave a Comment »
Posted by jpluimers on 2025/11/19
[Wayback/Archive] Thread by @cyb3rops on Thread Reader App – Thread Reader App
If your agent gets flooded – detect the flooding.
If code gets obfuscated – detect the obfuscation.
If ETW gets silenced – detect the silence.
If the EDR gets killed – detect the killing.
If logs get cleared – detect the clearing.
The act of hiding is often more suspicious than what’s being hidden.
It’s like a surveillance camera going black or freezing.
That is the signal.
I’ve been doing this successfully for years.
I detect obfuscated crap all the time.
People ask, “What is it?”
I say, “No fucking clue. Could be:
– a Themida-packed sample with a Microsoft copyright,
– a UPX-packed ELF with a 1-char filename,
– a PowerShell script that looks like static noise, or
– a fake svchost.exe with no Microsoft copyright.”
I don’t need to know what it is.
It’s obviously shady.
That’s enough to detect it – and deal with it.
There’s a Chinese saying that fits perfectly: 欲蓋彌彰
The more you try to hide it, the more obvious it becomes.
--jeroen
Posted in Blue team, Development, DevOps, LifeHacker, Power User, Red team, Security, Software Development | Leave a Comment »
Posted by jpluimers on 2025/11/14
The plan was to run a Postfix secondary MX inside a docker container.
Below are many links that might help me to get that going.
For now, I think this is the shortlist of solutions to try:
- Docker Mailserver
- Mailcow
- Mailu
Read the rest of this entry »
Posted in *nix, *nix-tools, Cloud, Communications Development, Containers, Development, Docker, Infrastructure, Internet protocol suite, Kubernetes (k8n), postfix, Power User, SMTP | Tagged: 254, 29, 52, 787, DMARC, domains, set | Leave a Comment »
Posted by jpluimers on 2025/11/13
While doing some ASCII art blog-post drafts cleanup, I bumped into the (now deleted) [Wayback/Archive] Best 404 page ever? : r/ProgrammerHumor which pointed to the (also now deleted).
I got there via my (not deleted!) blog post Why I like PlantUML.
So I dug up the old archived copy of that PlantUML 404-page and made gist out of it.
I soon realised this was all encoded stuff, seemingly a mix of a ROT13 variation and some other shifting around.
Luckily the original page mentioned in the Reddit post was way easier, so I put that in a gist too.
Bot are below the blog-signature. Enjoy!
Oh, and the full text of course above the signature:
Read the rest of this entry »
Posted in ASCII, ASCII art / AsciiArt, CSS, Development, Encoding, Fun, HTML, HTML5, JavaScript/ECMAScript, Scripting, Software Development, Web Development | Leave a Comment »
From a while ago, but this 2023 PDF magazine about building GUI applications with Python using guizero is still very fun to read:
The Wiert Corner - irregular stream of stuff 