@wirepair@mastodon.social
@wirepair@mastodon.social avatar

wirepair

@wirepair@mastodon.social

Principal Vulnerability Research Engineer - Vulnerability Research @ GitLab. Does GameDev at Night some times. In Japan for the foreseeable future.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

wirepair, to random
@wirepair@mastodon.social avatar

TIL: You can do scripting in CSharp with Microsoft.CodeAnalysis.CSharp.Scripting:

https://github.com/dotnet/roslyn/blob/main/docs/wiki/Scripting-API-Samples.md#expr

wirepair, to random
@wirepair@mastodon.social avatar

yep, memory management is hurrd https://github.com/jrouwe/JoltPhysics/issues/1088

wirepair, to random
@wirepair@mastodon.social avatar

blarg https://github.com/jrouwe/JoltPhysics/issues/1088 this is a strange bug, i bet I am doing something wrong

wirepair, to random
@wirepair@mastodon.social avatar

https://arxiv.org/abs/2404.15596
gasp someone finally realized that intra-procedural detection of vulns using ML is actually not all that helpful!?

wirepair,
@wirepair@mastodon.social avatar

no dataset, BOO.

Also not very clear what their call graph or "vuln related dependency prediction" task is all about, it almost looks like they are just pulling out symbols then 'guessing' if the symbols are calling functions? Like why are they using Jaccard similarity at all??

wirepair,
@wirepair@mastodon.social avatar

finally, when they fine tune they don't seem to consider multi-inter dependencies, it looks like just func code,caller,callee = vuln yes/no?

What if the vulnerability is multiple calls deep?

wirepair,
@wirepair@mastodon.social avatar

oh and they compare against semgrep but don't actually show the rules they used.

Basically good fuckin' luck reproducing this work. (In true arxiv fashion)

wirepair, to random
@wirepair@mastodon.social avatar

Whatever happened to that bug bed scare that was sweeping the world, did we win?

Starship Troopers GIF

wirepair, to random
@wirepair@mastodon.social avatar

Aww yah bringing back Takeshi castle https://youtu.be/hBEzf_BPSs4?si=v7ct48uMqNw9KyH2

wirepair, to random
@wirepair@mastodon.social avatar

Maybe I’ll try red wine only booze consumption for a while… https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9535674/

> For example, greater beer and spirit consumptions have been correlated with a higher waist‐to‐hip ratio. Conversely, wine has largely shown null or inverse associations with waist‐to‐hip ratio.

wirepair, to random
@wirepair@mastodon.social avatar

Yep, I’m in Texas

wirepair, to random
@wirepair@mastodon.social avatar

My wife just gifted me aggretsuko line stamps and they are wonderful

wirepair, to random
@wirepair@mastodon.social avatar

is... a project really necessary for this? https://github.com/migtissera/Sensei isn't that literally these models jobs?

wirepair, to random
@wirepair@mastodon.social avatar

https://arxiv.org/pdf/2402.18189.pdf now THIS is kinda more what i was thinking, but not images... gotta read this paper now

wirepair,
@wirepair@mastodon.social avatar

> Experimental results demonstrate that
VulMCI outperforms seven state-of-the-art vulnerability detectors
(namely Checkmarx, FlawFinder, RATS, VulDeePecker, SySeVR,
VulCNN, and Devign).

well... not sure i'd say state of the art, flawfinder is old as dirt and pretty rubbish

tef, to random
@tef@mastodon.social avatar

got told i’m “weird” for not using syntax highlightin, but really i’m just old and too lazy to configure software

wirepair,
@wirepair@mastodon.social avatar

@tef this, i am amazed at people who spend weeks configuring vim or their editor to do these things.

wirepair, to random
@wirepair@mastodon.social avatar

oh my fucking god https://www.youtube.com/watch?v=nOp57ck-1Rs dude...

@gsuberland you'll like this one.

wirepair, to gamedev
@wirepair@mastodon.social avatar

Latest post on how I got movement working for server/clients using some trigonometry which I definitely had never used before!

https://wirepair.org/2024/02/10/understanding-basic-trigonometry-to-calculate-movement-for-server-clients/

wirepair,
@wirepair@mastodon.social avatar

@C8H10N4O2 oh it is, but when you're building an MMORPG server you basically have to build the engine yourself (minus the rendering!)

wirepair, to random
@wirepair@mastodon.social avatar

mmm adding lerp into the mix makes my character bounce suddenly which is.. Weird. heh

gsuberland, to random
@gsuberland@chaos.social avatar

valheim is so pretty

wirepair,
@wirepair@mastodon.social avatar

@gsuberland such a great game they really nailed that one.

wirepair, to random
@wirepair@mastodon.social avatar

YAML is the new XML.

wirepair,
@wirepair@mastodon.social avatar

@wrw oh my dear god.

wirepair,
@wirepair@mastodon.social avatar

@C8H10N4O2 how is it we keep reproducing the age old problem of mixing code and data? Like this is LITERALLY THE BARE MINIMUM of trying to build secure systems is separating the two. Yet we keep coming back to mixing them together it's so bizarre!

wirepair,
@wirepair@mastodon.social avatar

@C8H10N4O2 :KEKW:

  • All
  • Subscribed
  • Moderated
  • Favorites
  • megavids
  • cubers
  • magazineikmin
  • GTA5RPClips
  • khanakhh
  • InstantRegret
  • Youngstown
  • mdbf
  • slotface
  • thenastyranch
  • everett
  • osvaldo12
  • kavyap
  • rosin
  • anitta
  • DreamBathrooms
  • Durango
  • modclub
  • ngwrru68w68
  • vwfavf
  • ethstaker
  • tester
  • cisconetworking
  • tacticalgear
  • Leos
  • provamag3
  • normalnudes
  • JUstTest
  • All magazines
    •