@retr0id@retr0.id avatar

retr0id

@retr0id@retr0.id

Reverse Engineering, cryptography, exploits, hardware, file formats, and generally giving computers a hard time. Occasional CTF player. he/him

aka @david3141593, previously @retr0id

All my memes are freely re-shareable under the CC0 license.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

retr0id, to random
@retr0id@retr0.id avatar

New image file (sub)format just dropped https://github.com/DavidBuchanan314/unPNG

retr0id, to random
@retr0id@retr0.id avatar

in this article we present a novel algorithm that allows the user to both have their cake, and eat it

retr0id, to random
@retr0id@retr0.id avatar

I'd just like to interject for a moment. What you’re referring to as The World Wide Web, is in fact, Chromium, or as I’ve recently taken to calling it, Google Chrome.

retr0id, to random
@retr0id@retr0.id avatar

I made a new protocol.

The base protocol is so simple it can be specified like so: "" (empty string). So elegant!

The rest of the protocol can be implemented by following an arbitrary subset of a few hundred optional extensions - with more added regularly! Such flexibility is truly unprecedented in protocol design.

bagder, to random
@bagder@mastodon.social avatar

How the first gen ipod was reverse engineered to run #Rockbox:

  1. Someone figured out that when loading a particular HTML page (for viewing on the device), the device would reboot. It crashed. A buffer overflow in the HTML viewer!

  2. The device remembered what it did before the crash, so it would reload the HTML page again after boot. Unless you connected to it over USB and removed the HTML file it would stick in this cycle.

(continues...)

retr0id,
@retr0id@retr0.id avatar

@bagder Was is definitely the first-gen that required this hack? I was under the impression that the first few generations (all those with portalplayer SoCs) had completely unencrypted bootloaders. I think the nano 2nd gen was the first one to put up a fight https://www.rockbox.org/wiki/IPodNano2GPort.html

retr0id, to random
@retr0id@retr0.id avatar

I'm surprised by the number of people still mad at W3C for standardising EME. I'm one of the biggest DRM-haters out there, but I still think a standardized DRM interface is better than a plethora of non-standardized DRM interfaces - it's not like DRM was gonna stop existing if EME didn't become a standard.

retr0id,
@retr0id@retr0.id avatar

@kornel There's the clearkey test implementation, and in terms of commercial impls there's Widevine, Playready, Primetime, and Fairplay. What makes those not real impls?

All the old plugin APIs are indeed dead now, mostly for good reasons, but what does the existence of CDMs has to do with that?

retr0id,
@retr0id@retr0.id avatar

@kornel I'm aware of all this, but it doesn't change my stance. The Interface is specified, and that's useful, in my opinion.

It's not part of the spec (iiuc) but the ABI that Chromium and Firefox (and anyone else who wants) both use to talk to CDM blobs is also documented here: https://chromium.googlesource.com/chromium/cdm/

I disagree that it's equivalent to saying "<object type=flash> is the Flash spec" - but if it was, surely that makes it a nothingburger not worth being bothered about?

retr0id, to random
@retr0id@retr0.id avatar

mysterious old book: if you follow the instructions herein... you must be prepared... to pay a price... a price that may exceed your wildest expectations... a price not of the flesh... but of time and space itself...

me: yeah I know how big-O notation works

retr0id, to random
@retr0id@retr0.id avatar

If you have more than 424 followers then congrats, you're in the top 10K, according to https://most-followed-mastodon-accounts.stefanhayden.com/

retr0id, to random
@retr0id@retr0.id avatar

Behold, a way to deterministically hash JSON without canonicalization https://gist.github.com/DavidBuchanan314/e2d84c50cbd8e7c86eaa25f0c5b29a5c

This is probably broken, I look forward to someone who is good at maths telling me that I'm doing it wrong.

retr0id, to random
@retr0id@retr0.id avatar

Stop signing JSON.

JSON was never meant to be signed.

"I want to preserve map key order within a data model that explicitly disregards it" - canonicalization rules dreamed up by the utterly deranged.

They have played us for absolute fools.

retr0id, to random
@retr0id@retr0.id avatar
retr0id, to random
@retr0id@retr0.id avatar

I wonder, if you put someone in an isolated room with two lighting control sliders representing colour coordinates in some arbitrary colour space (say, CIELAB), with luminance held constant - what colour would people settle on as "neutral white"?

retr0id, to random
@retr0id@retr0.id avatar

them: modern hardware can't do fast framebuffer pixel graphics anymore

me: hold my coffee

retr0id, to random
@retr0id@retr0.id avatar

hmmm what if I UA-blocked chrome users from my blog

retr0id,
@retr0id@retr0.id avatar

@kaia Those firefox users are silly, better solutions are available

retr0id,
@retr0id@retr0.id avatar

@sounddrill @kaia It is/was a partial rollout, I never saw it either

retr0id, to random
@retr0id@retr0.id avatar
retr0id,
@retr0id@retr0.id avatar

@kkarhan @signalapp idk about the others, but iiuc both signal and imessage give you key custody

retr0id,
@retr0id@retr0.id avatar

@kkarhan @saagar @signalapp Signal is FLOSS https://github.com/signalapp/Signal-Desktop https://github.com/signalapp/Signal-Server

Besides, the whole point of E2EE is that you don't need to trust the server.

retr0id, to random
@retr0id@retr0.id avatar

One of these days I'm gonna write a browser extension framework that works more like a cheat engine. No need to worry about "Manifest V3" limitations if you have direct access to the whole address space.

lauren, to random
@lauren@mastodon.laurenweinstein.org avatar

I have this recurring fantasy of what would happen if, say, you dropped a modern smartphone (let's include an SD card and a bunch of installed apps that don't need network connectivity) onto a table in a lab at Bell Labs circa say 1940. Be nice and provide a usb wall power plug too so they can keep it going. I wonder how far they'd get and how badly the timeline would be disrupted (or not).

retr0id,
@retr0id@retr0.id avatar

@saagar @shac @lauren If one of the installed apps is a spreadsheet, you could probably still get "supercomputer" level performance out of cell formulae

retr0id,
@retr0id@retr0.id avatar

@saagar @lauren @shac And, spreadsheet "programming" is perhaps one of the most approachable paradigms, coming from a blank slate

retr0id, to random
@retr0id@retr0.id avatar

close-up of an hpdl1414 led display module

another angle

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • InstantRegret
  • mdbf
  • ethstaker
  • magazineikmin
  • cubers
  • rosin
  • thenastyranch
  • Youngstown
  • osvaldo12
  • slotface
  • khanakhh
  • kavyap
  • DreamBathrooms
  • provamag3
  • Durango
  • everett
  • tacticalgear
  • modclub
  • anitta
  • cisconetworking
  • tester
  • ngwrru68w68
  • GTA5RPClips
  • normalnudes
  • megavids
  • Leos
  • lostlight
  • All magazines
    •