I'm not a super fan a WISWYG text editors. They never really do what I want them to and often often do what I don't whan them to. Here's the workflow I'm using to generate simple text documents (resume, cover letters, etc.) from Markdown, YAML and Jinja2 templates.

Trying to bring back some old IP spoofing Firefox extension for watching South Park episodes.

In the previous episode, I talked about some argument and shell command injections vulnerabilities through URIs passed to browsers. Here I'm checkig some other CVEs which were registered at the same time.

While reading the source of sensible-browser in order to understand how it was choosing which browser to call (and how I could tweak this choice), I found an argument injection vulnerability when handling the BROWSER environment variable. This lead me (and others) to a a few other argument and shell command injection vulnerabilities in BROWSER processing and browser invocation in general.

In Tail Recursion In Python, Chris Penner implements (self) tail-call optimization (TCO) in Python using a function decorator. Here I'm extending the apprach for sibling calls.

A comparison of the different solutions for using SSH2 as a secured transport for protocols/services/applications.

Live sharing a terminal session to another (shared) host over SSH in read-only mode.

While looking at the OpenSSH ssh_config manpage, I found the ProxyUseFdpass configuration I did not know about. It's apparently not widely known or used.

This is an overview of some recent additions to the SimGrid code related to actor synchronisation. It might be interesting for people using SimGrid, working on SimGrid or for people interested in generic C++ code for synchronisation or asynchronicity.

There's been some articles lately about Intel AMT and its impact on security, trust, privacy and free-software. AMT supposed to be widely deployed in newest Intel hardware. So I wanted to see if I could find some AMT devices in the wild.