Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Brendan Dolan-Gavitt Profile picture
@moyix
Nov 5, 2021 15 tweets 6 min read Read on X
Scrolly
Frank Herbert (yes that one), forgotten PL researcher (via @gwern's essay on genetics and Dune) To help you learn how to use your own computer, we have deve
I'm skimming quickly and so far like 70 pages in it's just a LOT of Frank Herbert dissing computers It cannot judge. Computers do not choose between *opinions*.
133 pages in and we are just about ready to turn the computer on. I feel like ol' Frank might have been getting paid by the word here
Frank Herbert's Dune? You better believe that's a LISP dialect (with apologies to @wilbowma)
OK finally on page 185 we're getting our first look at PROGMAP. The symbols:
Programming advice that has aged like a fine milk: "Use subroutines sparingly."
Ah the symbols are defined. I particularly like "FIN" – alternative end of a program.
I'm pretty sure this is all just to describe "FOR L = 1 TO N"
Despite his earlier harsh words toward computing machines, he does think they would have been pretty handy for, say, writing Dune
Oh come on, you can't wait until page 204 to admit this Did we write this book on a computer? No.
"The biomachine is coming"
Picking up on a theme here
Appendix F has a worked example of a car maintenance program in PROGMAP; some excerpts
Appendices H–I provide a mortgage calculator but I don't have the stamina for that tonight
The full text (of which I have surely skipped over the best parts, in my haste) can be found on Gwern's site: gwern.net/docs/fiction/1…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Brendan Dolan-Gavitt

Brendan Dolan-Gavitt Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @moyix

Brendan Dolan-Gavitt Profile picture
Sep 5, 2024
OpenAI: pip install openai and set OPENAI_API_KEY
Anthropic: yea same but s/openai/anthropic/g
Google: oh boy. ok so you have a GCP account? no? ok go set that up. and a payment method. now make a "project". SURVEY POPUP! k now gcloud auth. wait you have the gcloud CLI right–
I haven't even mentioned the odd step of "enable the Vertex API in your project", or that when you finally get to "install the Python library" it kicks off another sidequest of installing something called the Vertex Python SDK and writing extra code to initialize it??
The gcloud CLI installer is now trying to con me into letting it install its own Python version. NICE TRY BUDDY
Read 7 tweets
Brendan Dolan-Gavitt Profile picture
Jul 15, 2024
Here's a quick tour through one of my favorites, where @XBOW not only solved the benchmark (a Jenkins RCE) but then went for style points by debugging a slightly broken benchmark setup to get the flag!
(Here's the full trace if you want to skip ahead: )xbow.com/#debugging--te…
It starts off with searchsploit since it's a known CVE, but then switches to writing its own exploit(!)
Image
Image
Read 9 tweets
Brendan Dolan-Gavitt Profile picture
Mar 8, 2024
I gave Claude 3 the entire source of a small C GIF decoding library I found on GitHub, and asked it to write me a Python function to generate random GIFs that exercised the parser. Its GIF generator got 92% line coverage in the decoder and found 4 memory safety bugs and one hang.
Here's the fuzzer Claude wrote, along with the program it analyzed, its explanation, and a Makefile: gist.github.com/moyix/02029770…
And here's the coverage report, courtesy of lcov+genhtml: moyix.net/~moyix/gifread/
Read 31 tweets
Brendan Dolan-Gavitt Profile picture
Nov 11, 2023
Some things I wish I had done differently (though overall I'm very pleased with how it came out):
1. Rent a bigger EC2 server. I was using a T2.micro which seemed like more than enough while I was testing. But with a bunch of teams hammering at it, the fact that it has only one CPU started to make things slow.
2. Kill the child procs (one is started for each new connection on the main port) after some idle time. As it was if there was a dangling connection it could sit there indefinitely; during the competition the load on the server went above 20 and I had to manually kill some procs.
Read 5 tweets
Brendan Dolan-Gavitt Profile picture
Nov 11, 2023
Will still try to do a blog post on my @CSAW_NYUTandon CTF challenge, NERV Center, but for now here's a thread explaining the key mechanics. I put a lot of work into the aesthetics, like this easter egg credit sequence (all ANSI colors+unicode text) that contains key hints:
@CSAW_NYUTandon (Note the karaoke subtitles timed to the credits at the bottom 😁)
@CSAW_NYUTandon First, the vulnerability. If you read the man page for select(), you'll see this warning: select() is limited to monitoring file descriptors numbered less than 1024. But modern systems can have many more open files, and importantly the kernel select() interface is NOT limited. DESCRIPTION WARNING: select() can monitor only file descriptors numbers that are less than FD_SETSIZE (1024)—an unreasonably low limit for many modern applications—and this limitation will not change. All modern applications should instead use poll(2) or epoll(7), which do not suffer this limitation.
Read 34 tweets
Brendan Dolan-Gavitt Profile picture
Nov 30, 2022
ChatGPT exploits a buffer overflow 😳

Image
Image
Image
One slight mistake here– it should be 36 A's, not 32. So we're still safe from AI hacking the planet.
I told it that wasn't quite right and it got it correct the next time, explaining that it had thought I wanted it to ignore EBP.
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(