luzer: A coverage-guided, native Lua fuzzing engine https://github.com/ligurio/luzer | https://lobste.rs/s/pc8zx8 #lua #programming #security #testing
Superseded by account @sergeyb
luzer: A coverage-guided, native Lua fuzzing engine https://github.com/ligurio/luzer | https://lobste.rs/s/pc8zx8 #lua #programming #security #testing
Another one fuzzing engine for Lua is afl-lua. It is an integration of AFL (American Fuzzy Lop) with Lua programming language.
https://github.com/ligurio/afl-lua
It is not feature-rich and effective as luzer (libfuzzer-based), but it is only initial version and I plan to make it sweet too.
Finally published a coverage-guided, native Lua fuzzing engine. I'll do some polishing before a first release, but it's ready for use now.
Some highlights: usage is quite similar to libfuzzer - define a fuzzing target and pass it to a function Fuzz, custom mutator can be defined as a Lua function, structure-aware inputs can be constructed using Fuzzing Data Provider (the same way as in libFuzzer). Moreover, added a code for building custom mutators in Lua for libFuzzer-based targets. Enjoy!
Would be nice to hear feedback!
A huge list with applications that uses telemetry with instructions how to opt it out.
Anyone can help cppcheck by donating CPU (1 core or as many as you like). It is simple:
Download Cppcheck source code and run script.
The script will analyse debian source code and upload the results to a cppcheck server. This is needed both to improve Cppcheck and to detect regressions.
Might make a couple final tweaks, but I'm pretty happy with this.
I present you: "This is fine", a diorama built from a single piece of paper.
"In the context of auditing Pornhub we have identified two critical flaws in PHP’s garbage collection algorithm (c.f. How we broke PHP, hacked Pornhub and earned $20,000)."
https://www.evonide.com/breaking-phps-garbage-collection-and-unserialize/
@mfowler @grrrck yet another way for digging into twitter archive with datasette - https://til.simonwillison.net/twitter/birdwatch-sqlite
@VishnyaSweet I would recommend Orgzly (Android)
Specification of TAP version 14 has been published http://testanything.org/tap-version-14-specification.html It's a popular format of software testing results.
@florian Ah, got it.
@jpmens there is also https://manpages.bsd.lv/history.html
@florian seems you forgot about mandatory offsite backup :-/
@qbit I'm using Orgzly on mobile phone, sync notes to laptop with Syncthing and occasionally edit notes on laptop using Vim without plugins for OrgMode support.
If you cannot install the software you want on your own device – you don’t own it. 38 organizations demand the right to access and to reuse hardware https://fsfe.org/news/2022/news-20220427-01.html, full letter to EU Legislators here https://fsfe.org/activities/upcyclingandroid/openletter.html #ecodesign #RightToRepair #freesoftware #nuug
@philvuchetich all points looks reasonable, thanks!
"You can also join our chat channel using IRC (#briar on libera.chat or OFTC) or Matrix. " https://briarproject.org/get-involved/
I'm a bit confused: developers of @briarapp uses Matrix and IRC for communication, not a Briar application itself. Could someone explain why? Is it due to some limitations of Briar or developers don't want dogfooding?
TLA+ on OpenBSD
https://bronevichok.ru/blog/2020/05/14/tla-plus.html
@js @openbsdnow @kristapsdz I use Fossil SCM for my own small projects, because its self-contained infrastructure. Regarding tickets and wiki: functionality is enough for my own needs. Fossil SCM has CLI for tickets management, so you easily import and export tickets from/to Fossil SCM.