mention of AI/LLM usage in CTF/infosec
Haven't participated in Capture The Flag (#CTF) competitions in a while, and saw a few new (to me) things after this last one:
* People rely on LLMs a lot, and they are reportedly kinda useful in this specific use case? Paid ones at least.
* Due to the above, solving the tasks without assistance seems to fall out of favour as being slower. You're in advantage if you pay for it.
* A lot more solutions are written in #Rust, rather than #Python or #C.
One of the most off-putting things about #Rust is the complete and utter contempt that most of its community has for #semver: A library that is meant to be used by others should explicitly have a version of 1.0.0 or greater.
0.x.y means that it is not ready for actual productive use:
Major version zero (0.y.z) is for initial development. Anything MAY change at any time. The public API SHOULD NOT be considered stable.
If your software is being used in production, it should probably already be 1.0.0. If you have a stable API on which users have come to depend, you should be 1.0.0. If you’re worrying a lot about backward compatibility, you should probably already be 1.0.0.Meanwhile in Rust: “The preferred TLS-library with 186k users, 166 contributers, and 3795 commits is still in version 0.23.26.”
My Easter treat has been to work on my silly hosted-at-home retro website. It now features actual content, animated GIFs, and photos of pineapples!
There's a few dynamic pages under cgi-bin, although they are not actually CGI scripts—they are generated by a Rust program. The dynamic content includes live energy stats, climate info, and memory & uptime info. I still want to fill out the content some more, but I also need to do other things.
https://hoverbear.org/blog/rust-state-machine-pattern/ #cuttingedgeinnovation #Rust #programming #science #HackerNews #ngated
i've just released zizmor v1.6.0!
this release comes with a lot of bugfixes that have accumulated over the last month, plus some big new features:
1. there's a new audit, `forbidden-uses`, which allows users to configure allow/deny policies for third-party actions!
2. the `unpinned-uses` audit has been completely rewritten, and now also supports configuration (e.g. to give your own first-party actions a weaker pinning policy than "must be hashed")
3. there's a new `--format=github` mode, which emits GitHub annotations. these come with quite a few limitations, but may be useful to users who can't use `--format=sarif`!
plus much more; read the full notes here:
`generic_const_exprs` will be monumental when it eventually stabilizes. The amount that this unlocks in `deranged` alone is enormous.
#iden Quick-start verified: Creating and sourcing the #python and #rust virtual environments to compile and install, generating an identity, starting the pad manager, and how to import the library in a #jupyter notebook ready to write and read and poke at the test node.
https://github.com/stevenaleach/iden/blob/main/quickstart.md
Learning #rust with #rustlings is awesome! It has been a long time since I had so much fun while learning something new.
In #VSCode, the code lenses now include an outline around parts of it (such as "🅁un 🅃ests"). I'm not sure if this is from #Rust analyzer or VS Code itself, as I updated everything last night.
Is there a way to get rid of this outline (likely a border in the CSS)? It is distracting to the point that I'm considering turning off code lenses if it can't be disabled.
Optimizing #Python 100x with less than 100 lines of #Rust. Also includes using py-spy to profile native code.
https://ohadravid.github.io/posts/2023-03-rusty-python/
https://github.com/benfred/py-spy
daaaaaaaaaaaaaaamn.
Wrote a small tool in #Rust, to split my caddy logs into bad-visitor/sketchy-agent/unclassified parts, do some filtering and anonymization.
Figured it will run a while. It blew through 6Gb of logs in 33 seconds, and that included decompression too.
It's not even an optimized thing, it does it all on a single thread.
