Jann Horn

human borrow checker (but logic bugs are best bugs).
works at Google Project Zero.

The density of logic bugs (compared to memory corruption bugs) goes down as the privilege differential between attacker context and target context goes up.

Jann Horn boosted:
lcamtuf :verified: :verified: :verified:lcamtuf@infosec.exchange
2025-07-03

A slightly unhinged calculator fact: in the golden era of electronic calculators, some Japanese shopkeepers were reluctant to trust the newfangled tool, so Sharp made a line of combination calculator / abacus devices.

Here's a photo, next to some other stuff I own.

2025-07-03

@emz bei einer zeitung hab ich mal gesehen, dass man einen 24-stunden-einmalzugang kaufen kann... aber der bestellflow dafür war glaub ich der gleiche wie für abokunden, mit anschrift angeben und auf manuelle aktivierung warten die Tage später passierte...

2025-07-03

"ich würde gerne diese nachrichtenseite lesen... oh, ein entweder-werbung-oder-abo-oder-bezahlen-per-contentpass banner, ja, dann melde ich mich mal endlich für contentpass an... ok, jetzt zurück zur seite mit contentpass... nachrichtenseite sagt 'ah, aber jetzt brauchst du für diesen artikel auch noch unser eigenes monatsabo'"

2025-07-02

@whitequark @dysfun I probably don't understand the concept very well, I thought it was mostly about avoiding going through the scheduler and a little bit also about avoiding having to think that much about locking for all global state

2025-07-02

@whitequark @dysfun @LunaDragofelis fibers combined with split stacks and something that tells the compiler / build system when you're transitioning from possibly-fiber-switching code to never-fiber-switching code might be kinda neat, so that you can use per-fiber stacks for stack frames that might be live during a fiber switch, and per-OS-thread stacks for stack frames that are guaranteed to disappear before the next fiber switch.
but obviously how well that'd work would depend on how far down the stack I/O is happening.

kinda inspired by how Xen only has one hypervisor stack per host CPU, and preemption of hypercalls is implemented as "bail out of the hypercall as soon as possible, set the guest register state such that the hypercall will immediately run again, and increment the hypercall arguments or something like that to make the next iteration resume at the right point".

2025-07-02

@dysfun @whitequark why is this a problem? as long as you have virtual memory, you pay something like up to 4093 bytes of data memory more than you need, plus some inefficiency of TLBs and page tables?

2025-07-02

@whitequark compiler function attribute that teaches the compiler to lazily copy the stack after setjmp() has been called, so you basically have one active stack pointer and one stack pointer for saving old stack contents, and every callee of such a function, immediately after the call returns, backs up the current state of the now-active frame into memory referenced by the setjmp buffer

2025-07-02

@alwayscurious yes that would be the boring way

Jann Horn boosted:
Samuel Großsaelo@chaos.social
2025-07-02

V8 Security is hiring in Munich, Germany: google.com/about/careers/appli

Great opportunity to work on some really hard and interesting problems in the security space!

2025-07-02

protip: make sure that dangerous logic bugs in your codebase also lead to UAF so that fuzzers can detect them easily

2025-07-01

@ljs @alberand or maybe there needs to be an official repo similar to linux-next-history for this

2025-07-01

@elly looking forward to the ifixit guide to repairing a phone with minimal tools that includes "and now run this cpu stress test app for half an hour to make sure the screen is easy to take apart"

2025-07-01

@ljs @alberand range-diff doesn't require that the two versions have the same base, so as long as you're able to import patches from the list into your local tree at all, there should be no issues... and if you can't import patches from the list due to missing base commit info or such, I think that's a much bigger issue because then you almost can't review them?

2025-07-01

@ljs @alberand what do you mean by "problem is getting both versions in the same tree"?

2025-06-30

@alberand @ljs yeah, this. or if you want it without b4, ensure you have both versions in your git repo and use "git range-diff"

Jann Horn boosted:
karolherbst 🐧 🦀karolherbst@chaos.social
2025-06-30

The S in LTS stands for suffering

2025-06-29

@ljs but also, uh, please don't burn yourself out

2025-06-29

@ljs the TLB thanks you for your sacrifice, I guess...

I guess the latest and most in-progress part of THP is mTHP, especially given how now on AMD Zen 4/5 CPUs there is automagic hardware stuff that'll use the TLB more efficiently if you use order-2 mTHP?

Jann Horn boosted:
Thorsten Leemhuis (acct. 2/4)knurd42@social.linux.pizza
2025-06-25

PNG is back!

programmax.net/articles/png-is (by Chris Blume)

A new PNG spec was just released! […]

[…] After 20 years of stagnation, PNG is back with renewed vigor!

What's new?

* Proper HDR support (future‐proof, too!)

* Finally recognizes APNGs (animations!)

* Officially supports Exif data

* General tidying up—fixing errata, clarifications, etc.

#png

2025-06-24

@siguza just spawn an entire VM running Linux and proxy your file system access through that VM

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst