Some (not so serious) cryptographic wisdom\nfrom a long time ago\u2026
\n"}, {"id": "http://www.gabriel.urdhr.fr/2025/09/22/reinforcement-learning-formulas/", "title": "Reinforcement Learning formulas cheat sheet", "url": "https://www.gabriel.urdhr.fr/2025/09/22/reinforcement-learning-formulas/", "date_published": "2025-09-22T00:00:00+02:00", "date_modified": "2025-09-22T00:00:00+02:00", "tags": ["computer", "machine-learning", "reinforcement-learning", "neural-networks"], "content_html": "Cheat sheet for (some) reinforcement learning mathematical formulas and algorithms.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2025/08/22/concealing-xss-payload/", "title": "Concealing XSS payloads", "url": "https://www.gabriel.urdhr.fr/2025/08/22/concealing-xss-payload/", "date_published": "2025-08-22T00:09:04+02:00", "date_modified": "2025-08-22T00:09:04+02:00", "tags": ["computer", "security", "xss", "waf"], "content_html": "PortSwigger \u201cConcealing payloads in URL credentials\u201d\ntalks about concealing XSS payloads in URL credentials.\nThe nice thing is that this makes the payload invisible to WAFs and other server-side XSS filters.\nYou can actually conceal the payloads in other places
\n"}, {"id": "http://www.gabriel.urdhr.fr/2025/08/22/codingame-spring-challenge-2025/", "title": "Codingame Spring Challenge 2025", "url": "https://www.gabriel.urdhr.fr/2025/08/22/codingame-spring-challenge-2025/", "date_published": "2025-08-22T00:00:00+02:00", "date_modified": "2025-08-22T00:00:00+02:00", "tags": ["computer", "rust", "optimisation", "profiling", "flamegraph"], "content_html": "My experience from the Codingame Spring Challenge 2025.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2025/08/20/unicode-tag-smuggling/", "title": "Testing Unicode Tag Smuggling in chatbots", "url": "https://www.gabriel.urdhr.fr/2025/08/20/unicode-tag-smuggling/", "date_published": "2025-08-20T00:00:00+02:00", "date_modified": "2026-01-16T01:06:36+01:00", "tags": ["computer", "security", "language-model", "LLM"], "content_html": "Testing ASCII smuggling\nusing Unicode Tags\non LLMs/chatbots.\nNothing new here.\nJust a short summary.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2025/07/08/keycloak-uma-vulnerabilities/", "title": "Keycloak UMA vulnerabilities", "url": "https://www.gabriel.urdhr.fr/2025/07/08/keycloak-uma-vulnerabilities/", "date_published": "2025-07-08T00:00:00+02:00", "date_modified": "2025-07-08T00:00:00+02:00", "tags": ["computer", "protocol", "web", "security", "oauth", "keycloak", "security", "uma", "openid-connect"], "content_html": "Keycloak's UMA implementation seems tricky to me.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2025/05/14/llama.cpp-quickstart/", "title": "llama.cpp quickstart", "url": "https://www.gabriel.urdhr.fr/2025/05/14/llama.cpp-quickstart/", "date_published": "2025-05-14T23:12:16+02:00", "date_modified": "2025-05-14T23:12:16+02:00", "tags": ["computer", "machine-learning", "deep-learning", "language-model", "neural-networks", "LLM"], "content_html": "How to quickly use llama.cpp for LLM inference (no GPU needed).
\n"}, {"id": "http://www.gabriel.urdhr.fr/2025/05/14/vllm-quickstart/", "title": "vLLM quickstart", "url": "https://www.gabriel.urdhr.fr/2025/05/14/vllm-quickstart/", "date_published": "2025-05-14T23:11:38+02:00", "date_modified": "2025-05-14T23:11:38+02:00", "tags": ["computer", "machine-learning", "deep-learning", "language-model", "neural-networks", "LLM"], "content_html": "How to quickly use vLLM for LLM inference using CPU.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2025/03/18/uma-malicious-as/", "title": "Malicious authorization server attack in UMA\u00a02.0", "url": "https://www.gabriel.urdhr.fr/2025/03/18/uma-malicious-as/", "date_published": "2025-03-18T21:23:51+01:00", "date_modified": "2025-03-18T21:23:51+01:00", "tags": ["computer", "protocol", "web", "security", "oauth", "uma"], "content_html": "In a previous post,\nI described a pass-the-permission-ticket vulnerability in UMA\u00a02.0\nin which a malicious UMA resource server\ncould kindly ask a UMA client\nto give it access tokens actually intended for another UMA resource server.\nIn this post,\nI am describing a similar attack when the authorization server is malicious.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2025/03/18/uma-pass-the-permission-token/", "title": "Pass-the-permission-ticket vulnerability in UMA\u00a02.0", "url": "https://www.gabriel.urdhr.fr/2025/03/18/uma-pass-the-permission-token/", "date_published": "2025-03-18T21:23:50+01:00", "date_modified": "2025-03-18T21:23:50+01:00", "tags": ["computer", "protocol", "web", "security", "oauth", "uma"], "content_html": "In the User-Managed Access (UMA) 2.0 protocol,\na malicious resource server (or a malicious server acting as a resource server)\ncan obtain a requesting party (access) token (RPT)\nintended for another UMA resource server\nfrom a UMA client\nby passing a permission ticket obtained from the target resource server to the UMA client.\nThis can compromise the privacy (confidentiality)\nand integrity of UMA protected resources.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2025/01/30/distillation/", "title": "Neural Network Distillation", "url": "https://www.gabriel.urdhr.fr/2025/01/30/distillation/", "date_published": "2025-01-30T00:00:00+01:00", "date_modified": "2025-01-30T00:00:00+01:00", "tags": ["computer", "machine-learning", "deep-learning", "neural-networks"], "content_html": "Overview of neural network distillation\nas done in\n\u201cDistilling the Knowledge in a Neural Network\u201d\n(Hinton et al, 2014).
\n"}, {"id": "http://www.gabriel.urdhr.fr/2025/01/27/exposing-services-podman/", "title": "Exposing services in/out Podman containers", "url": "https://www.gabriel.urdhr.fr/2025/01/27/exposing-services-podman/", "date_published": "2025-01-27T00:00:00+01:00", "date_modified": "2025-01-27T00:00:00+01:00", "tags": ["computer", "linux", "system", "podman", "container", "security"], "content_html": "Some more tips for interacting\nwith the namespaces\nof Podman containers.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2025/01/07/transformer-decoder-language-models/", "title": "Transformer-decoder language models", "url": "https://www.gabriel.urdhr.fr/2025/01/07/transformer-decoder-language-models/", "date_published": "2025-01-07T00:00:00+01:00", "date_modified": "2025-09-23T22:22:00+02:00", "tags": ["computer", "machine-learning", "deep-learning", "language-model", "neural-networks", "reinforcement-learning", "LLM"], "content_html": "Some notes on how transformer-decoder language models work,\ntaking GPT-2 as an example,\nand with lots references in order to dig deeper.\nThis is intended both as a a roadmap for understanding on how LLMs work\n(especially the ones using a transformer-decoder architecture)\nand a a summary/recap on the topic.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2024/12/26/github-copilot-prompt/", "title": "GitHub Copilot instructions", "url": "https://www.gabriel.urdhr.fr/2024/12/26/github-copilot-prompt/", "date_published": "2024-12-26T00:00:00+01:00", "date_modified": "2024-12-26T00:00:00+01:00", "tags": ["computer", "machine-learning", "deep-learning", "language-model", "security", "LLM"], "content_html": "Extracting the system prompt from GitHub CoPilot.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2024/11/20/xss-bypass/", "title": "Bypassing XSS filters", "url": "https://www.gabriel.urdhr.fr/2024/11/20/xss-bypass/", "date_published": "2024-11-20T00:00:00+01:00", "date_modified": "2024-11-20T00:00:00+01:00", "tags": ["computer", "security", "xss", "waf"], "content_html": "In this post, I am describing some payloads which\nI used to bypass two distinct XSS filter implementations\n(such as Web Application Firewalls (WAF))\nas well as the approach to design them.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2024/10/22/websub-sequence-diagram/", "title": "WebSub sequence diagram", "url": "https://www.gabriel.urdhr.fr/2024/10/22/websub-sequence-diagram/", "date_published": "2024-10-22T00:00:00+02:00", "date_modified": "2024-10-22T00:00:00+02:00", "tags": ["computer", "web", "websub"], "content_html": "A sequence diagram for WebSub (formerly PubSubHubbub).
\n"}, {"id": "http://www.gabriel.urdhr.fr/2024/09/08/on-ad-blockers/", "title": "The FBI recommends using ad blockers", "url": "https://www.gabriel.urdhr.fr/2024/09/08/on-ad-blockers/", "date_published": "2024-09-08T00:00:00+02:00", "date_modified": "2024-09-08T00:00:00+02:00", "tags": ["computer", "web", "security", "privacy"], "content_html": "An interesting note from the FBI.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2024/06/17/uma2-diagrams/", "title": "UMA 2.0 diagrams", "url": "https://www.gabriel.urdhr.fr/2024/06/17/uma2-diagrams/", "date_published": "2024-06-17T00:00:00+02:00", "date_modified": "2024-06-17T00:00:00+02:00", "tags": ["computer", "protocol", "web", "security", "oauth", "uma"], "content_html": "Some diagrams (mostly sequence diagrams) about UMA 2.0.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2024/05/09/x3dh/", "title": "Notes on X3DH", "url": "https://www.gabriel.urdhr.fr/2024/05/09/x3dh/", "date_published": "2024-05-09T00:00:00+02:00", "date_modified": "2024-05-09T00:00:00+02:00", "tags": ["computer", "network", "cryptography", "diffie-hellman"], "content_html": "Some notes on X3DH (Extended Triple Diffie-Hellman).
\n"}, {"id": "http://www.gabriel.urdhr.fr/2024/04/13/ssh-tunnels/", "title": "OpenSSH tunneling guide", "url": "https://www.gabriel.urdhr.fr/2024/04/13/ssh-tunnels/", "date_published": "2024-04-13T00:00:00+02:00", "date_modified": "2024-07-20T02:11:29+02:00", "tags": ["computer", "network", "ssh", "unix", "network", "tun", "vpn", "linux", "socks", "foxyproxy"], "content_html": "This post is an overview of the different tunneling options available in OpenSSH.\nThis is inteded as a reference to use when I am explaining\n(every so often) how to use SSH for tunneling.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2023/12/20/protocol-stacks/", "title": "Protocol stack diagrams", "url": "https://www.gabriel.urdhr.fr/2023/12/20/protocol-stacks/", "date_published": "2023-12-20T00:00:00+01:00", "date_modified": "2026-01-07T11:06:02+01:00", "tags": ["computer", "network"], "content_html": "A collection of ASCII-art protocol stack diagrams.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2023/09/23/code-execution-through-kitty-open/", "title": "Arbitrary code execution through kitty-open.desktop file association", "url": "https://www.gabriel.urdhr.fr/2023/09/23/code-execution-through-kitty-open/", "date_published": "2023-09-23T00:00:00+02:00", "date_modified": "2023-09-23T00:00:00+02:00", "tags": ["computer", "security", "terminal", "kitty"], "content_html": "In Debian kitty package, the\nkitty-open.desktop file would associate kitty +open with several MIME types.\nThis could be used to arbitrary trigger code execution by serving a\nfile with such a MIME type.
This has been introduced in kitty in 73a197fcd (2022-02-06)\nreleased as part of v0.24.3.\nThis has been fixed in v0.26.5-5 of the Debian kitty package.\nFixed upstream in\n537cabca7\nreleased in v0.29.0.\nOther distributions\nsuch as Ubuntu Lunar\nare still impacted.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2023/09/17/process-json-log/", "title": "Analysing structured log files with simple tools", "url": "https://www.gabriel.urdhr.fr/2023/09/17/process-json-log/", "date_published": "2023-09-17T00:00:00+02:00", "date_modified": "2023-09-17T00:00:00+02:00", "tags": ["computer", "log", "journald"], "content_html": "Some tools and other notes\nwhen you just want to analyze your structured\nlog files locally using simple tools\nwith a focus for newline-delimited JSON (NDJSON) /\nJSON lines /\nJSON Text Sequences.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2023/08/29/simple-iterm2-image/", "title": "Simple terminal image display using the iTerm2 image protocol", "url": "https://www.gabriel.urdhr.fr/2023/08/29/simple-iterm2-image/", "date_published": "2023-08-29T00:00:00+02:00", "date_modified": "2023-08-29T00:00:00+02:00", "tags": ["computer", "terminal", "image", "python", "matplotlib"], "content_html": "A simple way to display image in a terminal using the iTerm2 image protocol.\nThis is supported by iTerm2,\nWezTerm,\nrecent versions of Konsole.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2023/06/08/emacsclient-mail-shell-elisp-injections/", "title": "Shell command and Emacs Lisp injection in emacsclient-mail.desktop", "url": "https://www.gabriel.urdhr.fr/2023/06/08/emacsclient-mail-shell-elisp-injections/", "date_published": "2023-06-08T23:43:56+02:00", "date_modified": "2023-06-08T23:43:56+02:00", "tags": ["computer", "security", "emacs", "shell", "unix", "freedesktop"], "content_html": "Shell command injection and Emacs Lisp injection vulnerabilities\nin one of the Emacs Desktop Entry (emacsclient-mail.desktop)\nleading to arbitrary code execution\nthrough a crafted mailto: URI.
I found an arbitrary file write vulnerability (through path traversal)\nwhich would be exploited\nfor arbitrary code execution in Stellarium (desktop version).
\n"}, {"id": "http://www.gabriel.urdhr.fr/2023/03/07/mime-type-spoofing/", "title": "MIME-type spoofing in Firefox/Thunderbird and file managers", "url": "https://www.gabriel.urdhr.fr/2023/03/07/mime-type-spoofing/", "date_published": "2023-03-07T00:00:00+01:00", "date_modified": "2023-03-07T00:00:00+01:00", "tags": ["computer", "web", "security", "vulnerability", "firefox", "freedesktop", "thunderbird"], "content_html": "An interesting spoofing attack\nresulting from the interaction\nbetween Firefox (or Thunderbird)\nMIME types handling and file managers.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2023/02/28/rce-file-association-debian-mono/", "title": "Code execution through MIME-type association of Mono interpreter", "url": "https://www.gabriel.urdhr.fr/2023/02/28/rce-file-association-debian-mono/", "date_published": "2023-02-28T00:00:00+01:00", "date_modified": "2023-02-28T00:00:00+01:00", "tags": ["computer", "web", "security", "vulnerability", "debian", "freedesktop", "mono"], "content_html": "A dangerous file type association in Debian\nwhich could be used to trigger arbitrary code execution.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2023/02/19/kapnlink-linux/", "title": "Using a Kap&Link smart card reader with CPS3 smart cards on Linux", "url": "https://www.gabriel.urdhr.fr/2023/02/19/kapnlink-linux/", "date_published": "2023-02-19T00:00:00+01:00", "date_modified": "2023-02-19T00:00:00+01:00", "tags": ["computer", "linux", "device", "smart card"], "content_html": "Tutorial on how to get\nCarte Professionnel de Sant\u00e9 3 (CPS3) smart cards\nwork with Firefox under Linux\nwith a Kap&Link smart card reader.\nIt has some information to understand the related lingo, how the different components interact\nand how you might try to enable support for\na PC/SC (Personal computer/Smart Card) / CCID (Chip/Smart Card Interface Devices)\nsmart card reader\nwhich is not supported by the driver.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2023/02/06/oauth2-diagrams/", "title": "OAuth 2.x and OpenID Connect sequence diagrams", "url": "https://www.gabriel.urdhr.fr/2023/02/06/oauth2-diagrams/", "date_published": "2023-02-06T00:00:00+01:00", "date_modified": "2026-01-09T11:59:47+01:00", "tags": ["computer", "protocol", "web", "security", "oauth", "openid-connect", "keycloak"], "content_html": "Some sequence diagrams about OAuth 2.x and OpenID Connect.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2022/12/03/entering-podman-namespaces/", "title": "Entering in Podman containers", "url": "https://www.gabriel.urdhr.fr/2022/12/03/entering-podman-namespaces/", "date_published": "2022-12-03T00:00:00+01:00", "date_modified": "2022-12-03T00:00:00+01:00", "tags": ["computer", "linux", "system", "podman", "container", "security"], "content_html": "Some commands for interacting with the namespaces\nof Podman containers.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2022/10/13/switching-from-docker-to-podman/", "title": "Switching from Docker to Podman", "url": "https://www.gabriel.urdhr.fr/2022/10/13/switching-from-docker-to-podman/", "date_published": "2022-10-13T00:00:00+02:00", "date_modified": "2022-10-13T00:00:00+02:00", "tags": ["computer", "container", "podman", "docker"], "content_html": "Some notes about using Podman instead of Docker,\non Linux.\nThis has been tested on Podman v3.4.7.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2022/08/28/trying-to-run-stable-diffusion-on-amd-ryzen-5-5600g/", "title": "Stable Diffusion on an AMD Ryzen 5 5600G", "url": "https://www.gabriel.urdhr.fr/2022/08/28/trying-to-run-stable-diffusion-on-amd-ryzen-5-5600g/", "date_published": "2022-08-28T00:00:00+02:00", "date_modified": "2022-08-28T00:00:00+02:00", "tags": ["computer", "machine-learning", "deep-learning", "generative-art", "neural-networks"], "content_html": "Executing\nthe Stable Diffusion\ntext-to-image model on an AMD Ryzen 5 5600G integrated GPU (iGPU).
\n"}, {"id": "http://www.gabriel.urdhr.fr/2022/07/06/extract-schema-from-remote-ldap/", "title": "Extract the schema from a remote LDAP server", "url": "https://www.gabriel.urdhr.fr/2022/07/06/extract-schema-from-remote-ldap/", "date_published": "2022-07-06T00:00:00+02:00", "date_modified": "2022-07-06T00:00:00+02:00", "tags": ["computer", "ldap"], "content_html": "How to extract the schema from a remote LDAP server\nand use it on a OpenLDAP instance.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2022/06/07/impact-of-the-different-wifi-security-modes/", "title": "Impact of the different Wifi security modes", "url": "https://www.gabriel.urdhr.fr/2022/06/07/impact-of-the-different-wifi-security-modes/", "date_published": "2022-06-07T00:00:00+02:00", "date_modified": "2024-01-05T13:47:35+01:00", "tags": ["computer", "network", "wifi", "security"], "content_html": "Comparing the different Wifi/WPA authentication and key distribution methods (PSK, EAP, SEA).
\n"}, {"id": "http://www.gabriel.urdhr.fr/2022/05/05/browser-mediated-attacks-on-webdriver/", "title": "Browser-based attacks on WebDriver implementations", "url": "https://www.gabriel.urdhr.fr/2022/05/05/browser-mediated-attacks-on-webdriver/", "date_published": "2022-05-05T00:00:00+02:00", "date_modified": "2022-05-05T00:00:00+02:00", "tags": ["computer", "security", "web", "vulnerability", "webdriver", "firefox", "dns-rebinding", "csrf"], "content_html": "Some context and analysis about attacks on\nin WebDriver implementations.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2022/03/24/zap-no-certificate-validation/", "title": "Lack of X.509 TLS certificate validation in OWASP ZAP", "url": "https://www.gabriel.urdhr.fr/2022/03/24/zap-no-certificate-validation/", "date_published": "2022-03-24T00:00:00+01:00", "date_modified": "2022-03-24T00:00:00+01:00", "tags": ["computer", "security", "zap", "tls", "vulnerability"], "content_html": "Lack of X.509 TLS certificate validation in OWASP ZAP\n(Zed Attack Proxy)\ncould be used for man-in-the-middle attacks.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2022/03/15/dns-rebinding-readymedia/", "title": "DNS rebinding on ReadyMedia/minidlna v1.3.0 and below", "url": "https://www.gabriel.urdhr.fr/2022/03/15/dns-rebinding-readymedia/", "date_published": "2022-03-15T00:00:00+01:00", "date_modified": "2022-03-15T00:00:00+01:00", "tags": ["computer", "security", "upnp", "dns-rebinding", "vulnerability"], "content_html": "A DNS rebinding vulnerability I found\nin ReadyMedia (formerly MiniDLNA)\nv1.3.0 and below.\nThis is CVE-2022-26505.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2022/02/26/tls1.3-intro/", "title": "Introduction to TLS v1.3", "url": "https://www.gabriel.urdhr.fr/2022/02/26/tls1.3-intro/", "date_published": "2022-02-26T00:00:00+01:00", "date_modified": "2024-11-23T01:15:07+01:00", "tags": ["computer", "web", "network", "tls", "cryptography"], "content_html": "Some notes about how TLS v1.3 works.\nThis is a follow-up of the previous episode\nabout TLS v1.2.\nAs before, the goal is to have a high-level overview\nabout how the protocol works,\nwhat is the role of the different messages\nand be able to understand (and debug) a network traffic dump.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2022/02/07/selenium-standalone-server-csrf-dns-rebinding-rce/", "title": "CSRF and DNS-rebinding to RCE in Selenium Server (Grid)", "url": "https://www.gabriel.urdhr.fr/2022/02/07/selenium-standalone-server-csrf-dns-rebinding-rce/", "date_published": "2022-02-07T22:15:00+01:00", "date_modified": "2022-02-07T22:15:00+01:00", "tags": ["computer", "security", "web", "vulnerability", "webdriver", "csrf", "dns-rebinding"], "content_html": "Vulnerabilities in found on the WebDriver\nendpoints of Selenium Server (Grid).
\n"}, {"id": "http://www.gabriel.urdhr.fr/2022/02/07/geckodriver-dns-rebinding-rce/", "title": "DNS rebinding vulnerability to RCE in GeckoDriver", "url": "https://www.gabriel.urdhr.fr/2022/02/07/geckodriver-dns-rebinding-rce/", "date_published": "2022-02-07T22:10:00+01:00", "date_modified": "2022-02-07T22:10:00+01:00", "tags": ["computer", "security", "web", "vulnerability", "webdriver", "firefox", "dns-rebinding"], "content_html": "A DNS rebinding vulnerability I found in\nGeckoDriver which could be used to execute arbitrary shell commands.\nThis is bug #1652612\nand CVE-2021-4138.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2021/11/30/tls1.2-intro/", "title": "Introduction to TLS v1.2", "url": "https://www.gabriel.urdhr.fr/2021/11/30/tls1.2-intro/", "date_published": "2021-11-30T00:00:00+01:00", "date_modified": "2024-11-23T01:15:07+01:00", "tags": ["computer", "web", "network", "tls", "cryptography"], "content_html": "Some notes\nabout how TLS v1.2\n(Transport Layer Security) works.\nThe goal explain what is going on in a network traffic dump,\nthe role of the different TLS extensions,\nthe impact of the different cipher suites on security, etc.\nIt includes several diagrams and many references.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2021/10/19/diffie-hellman-intro/", "title": "Introduction to the Diffie-Hellman key exchange", "url": "https://www.gabriel.urdhr.fr/2021/10/19/diffie-hellman-intro/", "date_published": "2021-10-19T00:00:00+02:00", "date_modified": "2021-10-19T00:00:00+02:00", "tags": ["computer", "network", "cryptography", "tls", "diffie-hellman"], "content_html": "The Diffie-Hellman (DH) key exchange (and variants thereof) is widely used\nin many protocols\n(such as TLS, SSH, IKE (IPSec), Signal, etc.)\nto bootstrap some symmetric key material\nwhich may then be used to secure communication channel between two parties.\nThis introduction\nfocuses on the different ways the DH key exchange\nis used in practice\nin several protocols (especially TLS)\nand the impact of these different approaches on the security.\nThis is intended as a prelude for the upcoming next episodes\nabout how TLS works.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2021/09/22/whats-in-my-covid-cert/", "title": "What is in my COVID-19 vaccination certificate?", "url": "https://www.gabriel.urdhr.fr/2021/09/22/whats-in-my-covid-cert/", "date_published": "2021-09-22T00:00:00+02:00", "date_modified": "2021-09-22T00:00:00+02:00", "tags": ["computer", "covid-19", "cbor", "cwt", "cose", "hcert", "privacy"], "content_html": "Manually inspecting the content of a French COVID-19 vaccination certificate QR code.\nThe main intent is to show with a concrete example\nwhich data is actually included in the certificate.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2021/08/16/chromedriver-cross-origin-request-forgery-rce/", "title": "Cross-origin/same-site request forgery to RCE in chromedriver", "url": "https://www.gabriel.urdhr.fr/2021/08/16/chromedriver-cross-origin-request-forgery-rce/", "date_published": "2021-08-16T23:22:56+02:00", "date_modified": "2022-02-13T23:19:32+01:00", "tags": ["computer", "security", "web", "vulnerability", "webdriver", "csrf"], "content_html": "I found a cross-origin/same-site request forgery vulnerability\nin chromedriver.\nIt was rejected (won't fix) because it is only\npossible to trigger this from the cross-origin/same-site and not cross-site.\nIn practice, it means it is really only possible to trigger this from another\nlocalhost-bound web application.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2021/08/16/geckodriver-csrf-rce/", "title": "CSRF to RCE in GeckoDriver", "url": "https://www.gabriel.urdhr.fr/2021/08/16/geckodriver-csrf-rce/", "date_published": "2021-08-16T23:00:48+02:00", "date_modified": "2021-08-16T23:00:48+02:00", "tags": ["computer", "security", "web", "vulnerability", "webdriver", "firefox", "csrf"], "content_html": "A Cross-Site Request Forgery (CSRF) vulnerability I found in\nGeckoDriver which could be used to execute arbitrary shell commands.\nCVE-2020-15660\nhas been assigned to this vulnerability.\nThis was fixed by GeckoDriver v0.27.0\nin 2020-07-27.\nThis is bug #1648964.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2021/06/24/gupnp-dns-rebinding/", "title": "DNS rebinding vulnerability in GUPnP", "url": "https://www.gabriel.urdhr.fr/2021/06/24/gupnp-dns-rebinding/", "date_published": "2021-06-24T00:00:00+02:00", "date_modified": "2021-07-05T18:50:55+02:00", "tags": ["computer", "security", "upnp", "dns-rebinding", "vulnerability"], "content_html": "GUPnP, a GNOME library for Universal Plug and Play (UPnP),\nwas vulnerable to DNS rebinding attacks.\nThis is CVE-2021-33516\nand GUPnP issue #24.\nThis was fixed\nin GUPnP 1.0.7 and GUPnP 1.2.5.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2021/06/12/pupnp-dns-rebinding/", "title": "DNS rebinding vulnerability in pupnp and npupnp", "url": "https://www.gabriel.urdhr.fr/2021/06/12/pupnp-dns-rebinding/", "date_published": "2021-06-12T00:00:00+02:00", "date_modified": "2021-06-12T00:00:00+02:00", "tags": ["computer", "security", "upnp", "dns-rebinding", "vulnerability"], "content_html": "I found that pupnp was vulnerable to DNS rebinding attacks.\nnpupnp, a fork a pupnp, was impacted as well.\nThis is demonstrated using Gerbera a UPnP MediaServer.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2021/06/02/dns-rebinding-explained/", "title": "DNS rebinding explained", "url": "https://www.gabriel.urdhr.fr/2021/06/02/dns-rebinding-explained/", "date_published": "2021-06-02T00:00:00+02:00", "date_modified": "2021-06-02T00:00:00+02:00", "tags": ["computer", "security", "dns-rebinding", "dns"], "content_html": "A quick summary about how DNS rebinding attacks work.\nThe main motivation for this post is to have\na diagram to show when explaining DNS-rebinding attacks.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2021/05/08/tuntap/", "title": "TUN/TAP interface (on Linux)", "url": "https://www.gabriel.urdhr.fr/2021/05/08/tuntap/", "date_published": "2021-05-08T00:00:00+02:00", "date_modified": "2021-05-08T00:00:00+02:00", "tags": ["computer", "system", "network", "tun", "tap", "linux", "vpn"], "content_html": "Some notes about using the TUN/TAP interface, especially on Linux.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2021/04/05/firefox-doh-dns-rebinding-protection-bypass/", "title": "Firefox DoH DNS rebinding protection bypass using IPv4-mapped addresses", "url": "https://www.gabriel.urdhr.fr/2021/04/05/firefox-doh-dns-rebinding-protection-bypass/", "date_published": "2021-04-05T00:00:00+02:00", "date_modified": "2021-04-05T00:00:00+02:00", "tags": ["computer", "security", "vulnerability", "web", "dns-rebinding", "firefox"], "content_html": "I found that\nthe filtering of private IPv4 addresses\nin the DNS-over-HTTPS (DoH) implementation of Firefox could by bypassed.\nThis is CVE-2020-26961\nand Mozilla bug 1672528.\nIt has been fixed in Firefox 83,\nFirefox ESR 78.5\nand Thunderbird 78.5.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2021/03/22/introduction-to-upnp/", "title": "Introduction to UPnP", "url": "https://www.gabriel.urdhr.fr/2021/03/22/introduction-to-upnp/", "date_published": "2021-03-22T23:24:42+01:00", "date_modified": "2021-03-22T23:24:42+01:00", "tags": ["computer", "network", "upnp", "security", "csrf", "dns-rebinding"], "content_html": "This post gives simple explanations of how UPnP (Universal Plug-and-Play) works,\nespecially with the goal of testing the security devices\nsuch as routers,\nsmart TVs, etc.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2021/03/22/samsung-tv-dial/", "title": "DNS rebinding and CSRF vulnerabilites on Samsung TV DIAL implementation", "url": "https://www.gabriel.urdhr.fr/2021/03/22/samsung-tv-dial/", "date_published": "2021-03-22T23:17:24+01:00", "date_modified": "2021-03-22T23:17:24+01:00", "tags": ["computer", "security", "vulnerability", "dial", "dns-rebinding", "csrf"], "content_html": "I found\na DNS rebinding vulnerability as well as a Cross Site Request Forgery\n(CSRF) vulnerability\non the DIAL (Discovery And Launch)\nimplementation of the Samsung TV UE40F6320 (v1.0), from 2011.\nThis can be used to open any installed application (eg. Netflix and Youtube)\nand force the vizualisation of a given video in the applications.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2021/03/22/samsung-tv-upnp-dns-rebinding/", "title": "DNS rebinding vulnerability in Samsung SmartTV UPnP", "url": "https://www.gabriel.urdhr.fr/2021/03/22/samsung-tv-upnp-dns-rebinding/", "date_published": "2021-03-22T23:15:29+01:00", "date_modified": "2021-03-22T23:15:29+01:00", "tags": ["computer", "security", "vulnerability", "dns-rebinding", "upnp"], "content_html": "I found\na DNS rebinding vulnerability on the Universal Plug-and-Play (UPnP)\ninterface of the Samsung TV UE40F6320 (v1.0), from 2011.\nThis could be used, for example, to change the channel, to know\nwhich channel is currently used or open the builtin browser to any URI.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2021/03/17/frida-disable-certificate-check-on-android/", "title": "Disable certificate verification on Android with Frida", "url": "https://www.gabriel.urdhr.fr/2021/03/17/frida-disable-certificate-check-on-android/", "date_published": "2021-03-17T00:00:00+01:00", "date_modified": "2021-03-17T00:00:00+01:00", "tags": ["computer", "system", "security", "android", "frida", "tls", "reverse-engineering"], "content_html": "Some notes about how to write a Frida script\nwith the (somewhat classic) example of disabling certificate verification\nfor TLS communications on Android applications.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2020/09/23/dns-rebinding-freebox/", "title": "DNS rebinding vulnerabilities in Freebox", "url": "https://www.gabriel.urdhr.fr/2020/09/23/dns-rebinding-freebox/", "date_published": "2020-09-23T00:00:00+02:00", "date_modified": "2020-09-23T00:00:00+02:00", "tags": ["computer", "security", "vulnerability", "web", "upnp", "dns-rebinding", "csrf", "device"], "content_html": "I found some DNS rebinding vulnerabilities in Freebox devices\n(CVE-2020-24374,\nCVE-2020-24375,\nCVE-2020-24376,\nCVE-2020-24377)\nas well as a Cross Site Request Forgery (CSRF) vulnerability\n(CVE-2020-24373).\nThese vulnerabilities were fixed in 2020-08-05.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2020/04/20/linux-host-name-resolution/", "title": "GNU/Linux host name resolution", "url": "https://www.gabriel.urdhr.fr/2020/04/20/linux-host-name-resolution/", "date_published": "2020-04-20T00:00:00+02:00", "date_modified": "2020-04-20T00:00:00+02:00", "tags": ["computer", "network", "dns", "system"], "content_html": "This post describes different software components\ninvolved in host name resolutions and DNS configuration on GNU/Linux systems.\nIt consists of a diagram and some accompanying explanations.\nThe goal is to give some pointers and references to understand\nhow to troubleshoot host name/DNS resolution problems\nand configuration problems on GNU/Linux systems.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2020/04/11/push-to-talk-in-any-application/", "title": "Push-to-talk in any application", "url": "https://www.gabriel.urdhr.fr/2020/04/11/push-to-talk-in-any-application/", "date_published": "2020-04-11T00:00:00+02:00", "date_modified": "2020-04-11T00:00:00+02:00", "tags": ["computer", "unix", "gui", "pulseaudio", "x11", "covid-19"], "content_html": "Some scripts I wrote to enable system-wide push-to-talk\n(for X11 and PulseAudio).\nSome people might find it useful for the ongoing lockdown.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2020/03/17/systemd-revolved-dns-configuration-for-vpn/", "title": "Systemd-resolved DNS configuration for VPN", "url": "https://www.gabriel.urdhr.fr/2020/03/17/systemd-revolved-dns-configuration-for-vpn/", "date_published": "2020-03-17T00:00:00+01:00", "date_modified": "2020-03-17T00:00:00+01:00", "tags": ["computer", "vpn", "dns", "systemd", "covid-19"], "content_html": "Some guidance about configuring/fixing domain name resolution\nwith a corporate Virtual Private Network (VPN),\nespecially OpenVPN and with systemd-based Linux systems.\nThis configuration uses the internal/private corporate resolvers\nfor resolving internal/private domain names\nwhile using the ISP resolver for general domain names.\nThis might help if your VPN is struggling these days\nbecause of the COVID-19 threat \ud83d\ude37.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2019/11/18/flamegraph-disk-usage/", "title": "Disk usage with FlameGraph", "url": "https://www.gabriel.urdhr.fr/2019/11/18/flamegraph-disk-usage/", "date_published": "2019-11-18T00:00:00+01:00", "date_modified": "2019-11-18T00:00:00+01:00", "tags": ["computer", "flamegraph"], "content_html": "Using FlameGraph\nfor displaying disk usage.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2019/04/02/llmnr-mdns-cli-lookup/", "title": "Using dig as a LLMNR or mDNS CLI lookup utility", "url": "https://www.gabriel.urdhr.fr/2019/04/02/llmnr-mdns-cli-lookup/", "date_published": "2019-04-02T00:00:00+02:00", "date_modified": "2023-09-22T14:20:00+02:00", "tags": ["computer", "network", "dns", "llmnr", "mdns"], "content_html": "I was looking for a LLMNR commandline lookup utility.\nActually, dig can do the job quite fine.
I thought I was understanding pretty well how bash argument processing and\nvarious expansions is supposed to behave. Apparently, there are still\nsubtleties which tricks me, sometimes.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2019/02/12/yunohost-rce-csrf/", "title": "Remote code execution via cross site request forgery in InternetCube and YunoHost", "url": "https://www.gabriel.urdhr.fr/2019/02/12/yunohost-rce-csrf/", "date_published": "2019-02-12T00:00:00+01:00", "date_modified": "2019-02-12T00:00:00+01:00", "tags": ["computer", "web", "security", "yunohost", "csrf", "vulnerability"], "content_html": "How I found remote code execution vulnerabilities\nvia Cross Site Request Forgery (CSRF)\non the administration interfaces\nof InternetCube applications\nand of the YunoHost administration interface\nwhich could have been used to execute arbitrary code as root.\nThese vulnerabilities were fixed in YunoHost 3.3, OpenVPN Client app 1.3.0.\nand YunoHost 3.4.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2018/11/26/document-generation-workflow/", "title": "My document generation workflow with Markdown, YAML, Jinja2 and WeasyPrint", "url": "https://www.gabriel.urdhr.fr/2018/11/26/document-generation-workflow/", "date_published": "2018-11-26T00:00:00+01:00", "date_modified": "2018-11-26T00:00:00+01:00", "tags": ["computer", "python"], "content_html": "Here is the workflow I am using to generate simple text documents\n(resume, cover letters, etc.) from Markdown, YAML and Jinja2 templates.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2018/11/22/south-park-ip-address-spoofing/", "title": "IP address spoofing in order to watch South Park", "url": "https://www.gabriel.urdhr.fr/2018/11/22/south-park-ip-address-spoofing/", "date_published": "2018-11-22T00:00:00+01:00", "date_modified": "2018-11-22T00:00:00+01:00", "tags": ["computer", "web", "hack", "firefox"], "content_html": "Trying to bring back some old IP spoofing Firefox extension\nfor watching South Park episodes.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2018/05/30/more-browser-injections/", "title": "More example of argument and shell command injections in browser invocation", "url": "https://www.gabriel.urdhr.fr/2018/05/30/more-browser-injections/", "date_published": "2018-05-30T00:00:00+02:00", "date_modified": "2018-05-30T00:00:00+02:00", "tags": ["computer", "unix", "debian", "security", "shell", "vulnerability"], "content_html": "In the previous episode, I talked about\nsome argument and shell command injections vulnerabilities\nthrough URIs passed to browsers.\nHere I am evaluating some other CVEs\nwhich were registered at the same time (not by me).
\n"}, {"id": "http://www.gabriel.urdhr.fr/2018/05/28/browser-injections/", "title": "Argument and shell command injections in browser invocation", "url": "https://www.gabriel.urdhr.fr/2018/05/28/browser-injections/", "date_published": "2018-05-28T00:00:00+02:00", "date_modified": "2018-05-28T00:00:00+02:00", "tags": ["computer", "unix", "debian", "security", "shell", "vulnerability", "freedesktop"], "content_html": "I found an argument injection vulnerability\nrelated to the handling of the BROWSER environment variable\nin sensible-browser.\nThis lead me (and others) to a few other arguments and shell command injection\nvulnerabilities in BROWSER processing and browser invocation in general.
In Tail Recursion In Python,\nChris Penner\nimplements (self) tail-call optimization (TCO) in Python using a function decorator.\nHere I am extending the approach for sibling calls.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2017/08/02/foo-over-ssh/", "title": "Foo over SSH", "url": "https://www.gabriel.urdhr.fr/2017/08/02/foo-over-ssh/", "date_published": "2017-08-02T00:00:00+02:00", "date_modified": "2017-08-02T00:00:00+02:00", "tags": ["computer", "network", "ssh", "unix"], "content_html": "A comparison of the different solutions for using SSH2 as a secured\ntransport for protocols/services/applications.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2016/10/18/terminal-sharing/", "title": "Terminal read-only live sharing", "url": "https://www.gabriel.urdhr.fr/2016/10/18/terminal-sharing/", "date_published": "2016-10-18T00:00:00+02:00", "date_modified": "2017-05-06T00:00:00+02:00", "tags": ["computer", "unix", "ssh", "screen"], "content_html": "Live sharing a terminal session to another (shared) host over SSH in\nread-only mode.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2016/08/07/openssh-proxyusefdpass/", "title": "OpenSSH ProxyUseFdPass", "url": "https://www.gabriel.urdhr.fr/2016/08/07/openssh-proxyusefdpass/", "date_published": "2016-08-07T00:00:00+02:00", "date_modified": "2025-03-28T15:37:22+01:00", "tags": ["computer", "network", "system", "ssh", "python", "unix"], "content_html": "While looking at the OpenSSH ssh_config manpage, I found the\nProxyUseFdpass configuration I did not know about.\nIt is apparently not widely known or used.
This is an overview of some recent additions to the SimGrid code\nrelated to actor synchronisation. It might be interesting for people\nusing SimGrid, working on SimGrid or for people interested in generic\nC++ code for synchronisation or asynchronicity.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2016/07/11/intel-amt-discovery/", "title": "Intel AMT discovery", "url": "https://www.gabriel.urdhr.fr/2016/07/11/intel-amt-discovery/", "date_published": "2016-07-11T00:00:00+02:00", "date_modified": "2020-11-19T13:29:26+01:00", "tags": ["computer", "amt", "python", "security"], "content_html": "There has been some articles lately about Intel Active Management Technology (AMT)\nand its impact on\nsecurity,\ntrust,\nprivacy\nand free-software.\nAMT supposed to be widely deployed in newest Intel hardware.\nSo I wanted to see if I could find some AMT devices in the wild.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2016/03/25/cloc-with-flamegraph/", "title": "Number of lines of code with FlameGraph", "url": "https://www.gabriel.urdhr.fr/2016/03/25/cloc-with-flamegraph/", "date_published": "2016-03-25T00:00:00+01:00", "date_modified": "2016-03-25T00:00:00+01:00", "tags": ["computer", "simgrid"], "content_html": "FlameGraph\nis used to display stack trace samples but we can ue it for\nother purposes as well.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2016/01/12/ip-over-udp-with-socat/", "title": "IP over UDP tunnel with socat", "url": "https://www.gabriel.urdhr.fr/2016/01/12/ip-over-udp-with-socat/", "date_published": "2016-01-12T00:00:00+01:00", "date_modified": "2016-01-12T00:00:00+01:00", "tags": ["computer", "network", "vpn", "tun"], "content_html": "A simple way to create IP over\nUDP tunnels using\nsocat.
In a previous\npost, I tried\ndifferent solutions for tunnelling DNS over\nTLS. One of those solutions was\nusing a dedicated DNS-over-UDP fake\nservice replying to all\nqueries with the truncate flag set: this was causing the stub\nresolvers to retry the query using a TCP-based virtual-circuit. This\nsolution is interesting because it is dead simple (it fits in a few\nline of codes) but it is clearly a hack. Here, I am using a dedicated\nDNS forwarder aggregating all\nthe incoming DNS-over-UDP requests over a single persistent TCP\nvirtual-circuit.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2015/11/25/rr-use-after-free/", "title": "Debugging use-after-free with RR reverse execution", "url": "https://www.gabriel.urdhr.fr/2015/11/25/rr-use-after-free/", "date_published": "2015-11-25T00:00:00+01:00", "date_modified": "2015-11-25T00:00:00+01:00", "tags": ["computer", "debug", "gdb", "rr", "simgrid"], "content_html": "RR is a very useful tool for debugging. It\ncan record the execution of a program and then replay the exact same\nexecution at will inside a debugger. One very useful extra power\navailable since 4.0 is the support for efficient reverse\nexecution\nwhich can be used to find the root cause of a bug in your program\nby rewinding time. In this example, we reverse-execute a program from a\ncase of use-after-free in order to find where the block of memory was\nfreed.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2015/10/12/mutt-multiaccount/", "title": "Multiple accounts with mutt", "url": "https://www.gabriel.urdhr.fr/2015/10/12/mutt-multiaccount/", "date_published": "2015-10-12T00:00:00+02:00", "date_modified": "2015-10-12T00:00:00+02:00", "tags": ["computer", "mutt", "email"], "content_html": "If you try to use mutt, you will wonder how you are supposed to handle\nmultiple\naccounts.\nYou will find suggestions to bind some keys to switch to different\naccounts, use hooks.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2015/09/29/private-postgresql/", "title": "Private PostgreSQL instance", "url": "https://www.gabriel.urdhr.fr/2015/09/29/private-postgresql/", "date_published": "2015-09-29T00:00:00+02:00", "date_modified": "2022-12-06T00:47:56+01:00", "tags": ["computer", "sql", "postgres"], "content_html": "How to create a private on-demand PostgreSQL instance accessible only\nfor the local user over UNIX socket.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2015/09/28/elf-file-format/", "title": "The ELF file format", "url": "https://www.gabriel.urdhr.fr/2015/09/28/elf-file-format/", "date_published": "2015-09-28T00:00:00+02:00", "date_modified": "2015-09-28T00:00:00+02:00", "tags": ["computer", "system", "elf", "linker", "dwarf"], "content_html": "Some notes on the ELF \ud83e\udddd file format with references, explanations and\nsome examples.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2015/09/01/simgrid-mc-rewrite/", "title": "SimGridMC: The Big Split (and Cleanup)", "url": "https://www.gabriel.urdhr.fr/2015/09/01/simgrid-mc-rewrite/", "date_published": "2015-09-01T00:00:00+02:00", "date_modified": "2015-09-01T00:00:00+02:00", "tags": ["computer", "simgrid", "system"], "content_html": "In my previous SimGrid post, I\ntalked about different solutions for a better isolation between the\nmodel-checked application and the model-checker. We chose to avoid\nthe (hackery) solution based multiple dynamic-linker namespaces in the\nsame process and use a more conventional process-based isolation.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2015/08/16/ftl-data/", "title": "FTL data file", "url": "https://www.gabriel.urdhr.fr/2015/08/16/ftl-data/", "date_published": "2015-08-16T00:00:00+02:00", "date_modified": "2015-08-16T00:00:00+02:00", "tags": ["computer", "video-game", "ftl", "reverse-engineering"], "content_html": "Faster Than Light (FTL)\nis a very nice (and quite difficult)\nrogue-like-ish game with space battles, teleporters, management of the energy of\nyour ship, asteroid fields, alien species, droids (drones), etc.\nIt is quite cheap, DRM-free\nand available natively on Intel-based GNU/Linux.\nThese are notes taken while trying to find out the format of the .dat files of\nthe game containing the game assets, ships statistics, events, etc.\nwhen I had not access to the internet to find the solution.\nThere is a companion C program, ftldat,\nfor extracting the files within the archives and generating archives.\nUnsurprisingly, similar tools\nwith the same name already exists. However, the description of the process\nof reverse-engineering a (very simple) binary format might be interesting for\nsomeone out there.
In Plasma 5, support for the XEmbed-based\n\u201clegacy\u201d systray protocol\nwas removed:\nonly the new SNI protocol is handled.\nHowever, a lot of applications still do not handle the new protocol:\nQt4 and Qt5 applications can be fixed\nby installing the sni-qt (currently in experimental) and libdbusmenu-qt5 respectively\nbut other applications (such as GTK ones) must be patched/recompiled with SNI support.\nWithout this, windows disappear into oblivion \ud83d\ude3f.\nYou can have a seamless systray-enabled Plasma panel\nwith a single (OK, two) line of shell \ud83d\ude3c.
How to use html-pipeline in\nmiddleman.
The Executable and Linkable Format (ELF) \ud83e\udddd is used for\ncompilation outputs (.o files), executables, shared libraries and core dumps.\nThe first cases are documented in the System V ABI\nspecification\nand the Tools Interface Standard (TIS) ELF\nspecification but there does not\nseem to be much documentation about the usage of the ELF format for core dumps.\nHere are some notes on this.
The official guide for verifying\nthe authenticity of a Debian \ud83c\udf65 CD image is not so clear if you don't\nalready have an idea about what you are doing. Here is a translation in\nterms of shell commands.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2015/04/29/journald-workflow/", "title": "Logging message workflow with journald", "url": "https://www.gabriel.urdhr.fr/2015/04/29/journald-workflow/", "date_published": "2015-04-29T00:00:00+02:00", "date_modified": "2020-07-30T23:00:00+02:00", "tags": ["computer", "system", "log", "syslog", "systemd", "journald"], "content_html": "A short summary of the logging message workflow with\nsystemd-journald\n(and the different formats and sockets involved).
\n"}, {"id": "http://www.gabriel.urdhr.fr/2015/03/29/update-firefox-os/", "title": "Updating Firefox OS", "url": "https://www.gabriel.urdhr.fr/2015/03/29/update-firefox-os/", "date_published": "2015-03-29T00:00:00+01:00", "date_modified": "2015-03-29T00:00:00+01:00", "tags": ["computer", "firefox"], "content_html": "I updated a Geeksphone Peak from\nFirefox OS 1.1 to Firefox OS\n2.1 and it was not that easy.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2015/03/02/bundler-starter-kit/", "title": "Bundler starter kit", "url": "https://www.gabriel.urdhr.fr/2015/03/02/bundler-starter-kit/", "date_published": "2015-03-02T00:00:00+01:00", "date_modified": "2015-03-02T00:00:00+01:00", "tags": ["computer", "ruby"], "content_html": "Bundler is a tool to manage Ruby gem\ndependencies, install them and setup the execution environment. The\nhomepage shows how to use it to install the gems alongside the ruby\ninstallation/systemwide which is not so great. For some reason, I\ninitially didn't find the option to install the gems locally\n(--path) and have been using horrible environment variable\nmodifications to avoid the systemwide installation. In fact, this is\nquite simple\u2026
The Broadband Forum as a lot of technical\nreports about\nthe xDSL architecture but it is not so easy to find a good description\nof the global architecture. Those are ASCII-art protocol stack I\ninferred from those documents. What is in there may be wrong, feel free\nto correct me.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2015/02/14/recursive-dns-over-tls-over-tcp-443/", "title": "Recursive DNS over TLS over TCP 443", "url": "https://www.gabriel.urdhr.fr/2015/02/14/recursive-dns-over-tls-over-tcp-443/", "date_published": "2015-02-14T00:00:00+01:00", "date_modified": "2019-12-13T00:53:18+01:00", "tags": ["computer", "network", "dns", "tls", "privacy"], "content_html": "You might want to use an open recursive DNS servers if your ISP's DNS\nserver is lying. However, if your network/ISP is intercepting all DNS\nrequests, a standard open recursive DNS server won't help. You might\nhave more luck by using an alternative port or by forcing the usage of\nTCP (use-vc option in recent versions of glibc) but it might not\nwork. Alternatively, you could want to talk to a (trusted) remote\nrecursive DNS server over secure channel such as TLS: by using DNS\nover TLS over TCP port 443 (the HTTP/TLS port), you should be able to\navoid most filtering between you and the recursive server.
Some notes on ELF \ud83e\udddd loading and dynamic linking mainly for GNU userland\n(ld.so, libc, libdl) running on top of the Linux kernel. Some\nprior knowlegde on the topic (virtual memory, shared objects,\nsections) might be useful to understand this.
Today, I managed to forget a password but I had a Icedove (Thunderbird) process\nrunning containing the password.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2015/01/11/logstash-vhost-combined/", "title": "nginx, Logstash and vhost-combined log format", "url": "https://www.gabriel.urdhr.fr/2015/01/11/logstash-vhost-combined/", "date_published": "2015-01-11T00:00:00+01:00", "date_modified": "2015-01-11T00:00:00+01:00", "tags": ["computer", "log", "apache", "nginx"], "content_html": "The Apache HTTP server ships with a\nsplit-logfile\nutility which parses Combined Log File entries prefixed with the virtual host:\nsome notes about this and its inclusion in nginx and\nlogstash.
In an attempt to simplify the development around the SimGrid\nmodel-checker, we were thinking about moving the model-checker out in\na different process. Another different approach would be to use a\ndynamic-linker isolation of the different components of the process.\nHere is a summary of the goals, problems and design issues surrounding\nthese topics.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2014/11/03/not-cleaning-the-stack/", "title": "Avoiding to clean the stack", "url": "https://www.gabriel.urdhr.fr/2014/11/03/not-cleaning-the-stack/", "date_published": "2014-11-03T00:00:00+01:00", "date_modified": "2014-11-03T00:00:00+01:00", "tags": ["computer", "simgrid", "compilation", "assembly", "x86_64"], "content_html": "In two previous posts, I looked into cleaning the stack frame of a\nfunction before using it by adding assembly at the beginning of each\nfunction. This was done either by modifying LLVM with a custom\ncodegen pass or by\nrewriting the\nassembly\nbetween the compiler and the assembler. The current implementation\nadds a loop at the beginning of every function. We look at the impact\nof this modification on the performance on the application.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2014/10/06/cleaning-the-stack-by-filtering-the-assembly/", "title": "Cleaning the stack by filtering the assembly", "url": "https://www.gabriel.urdhr.fr/2014/10/06/cleaning-the-stack-by-filtering-the-assembly/", "date_published": "2014-10-06T12:40:02+02:00", "date_modified": "2014-10-06T12:40:02+02:00", "tags": ["computer", "simgrid", "unix", "compilation", "assembly", "x86_64"], "content_html": "In order to help the SimGridMC state comparison code, I wrote a\nproof-of-concept LLVM pass which cleans each stack\nframe before using\nit. However, SimGridMC currently does not work properly when compiled\nwith clang/LLVM. We can do the same thing by pre-processing the\nassembly generated by the compiler before passing it to the linker:\nthis is done by inserting a script between the compiler and the\nassembler. This script will rewrite the generated assembly by\nprepending stack-cleaning code at the beginning of each function.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2014/10/06/cleaning-the-stack-in-a-llvm-pass/", "title": "Cleaning the stack in a LLVM pass", "url": "https://www.gabriel.urdhr.fr/2014/10/06/cleaning-the-stack-in-a-llvm-pass/", "date_published": "2014-10-06T10:00:02+02:00", "date_modified": "2014-10-06T10:00:02+02:00", "tags": ["computer", "simgrid", "llvm", "compilation", "assembly", "x86_64"], "content_html": "In the previous episode, we implemented a LLVM pass which does\nnothing. Now we are trying to modify\nthis to create a (proof-of-concept) LLVM pass which fills the current\nstack frame with zero before using it.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2014/09/26/adding-a-llvm-pass/", "title": "Adding a basic LLVM pass", "url": "https://www.gabriel.urdhr.fr/2014/09/26/adding-a-llvm-pass/", "date_published": "2014-09-26T00:00:00+02:00", "date_modified": "2014-09-26T00:00:00+02:00", "tags": ["computer", "simgrid", "llvm", "compilation", "assembly", "x86_64"], "content_html": "The SimGrid model checker uses memory introspection (of the heap,\nstack and global variables) in order to detect the equality of the\nstate of a distributed application at the different nodes of its\nexecution graph. One difficulty is to deal with uninitialised\nvariables. The uninitialised global variables are usually not a big\nproblem as their initial value is 0. The heap variables are dealt with\nby memseting to 0 the content of the buffers returned by malloc\nand friends. The case of uninitialised stack variables is more\nproblematic as their value is whatever was at this place on the stack\nbefore. In order to evaluate the impact of those uninitialised\nvariables, we would like to clean each stack frame before using\nthem. This could be done with a LLVM plugin. Here is my first attempt\nto write a LLVM pass to modify the code of a function.
I had a few Joomla posts that I wanted to clean up semi-automatically.\nHere are a few scripts, to pass the content of the clipboard (or the\ncurrent selection) through a UNIX filter.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2014/09/19/reading-joomla-content/", "title": "Joomla to Wordpress redirections", "url": "https://www.gabriel.urdhr.fr/2014/09/19/reading-joomla-content/", "date_published": "2014-09-19T00:00:00+02:00", "date_modified": "2014-09-19T00:00:00+02:00", "tags": ["computer", "cms"], "content_html": "There are some good\nplugins to\nexport Joomla content to WordPress. However, the free version does not\nrewrite the URIs. It is quite simple to read the Joomla database and\ngenerates a bunch of Apache Redirect directives.
The Wine \ud83c\udf77 wiki\nhas instructions for building a shared WoW64\nWine\u00a0:\nthis needs two out of source builds. The issue is that some\ndevelopement packages are not multiarch co-installable. Another wiki\npage for Ubuntu recommends setting up a 32-bit\nLXC. Here is how\nI did it without a 32-bit container on Debian \ud83c\udf65 testing.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2014/07/22/same-page-merging/", "title": "Results on same-page-merging snapshots", "url": "https://www.gabriel.urdhr.fr/2014/07/22/same-page-merging/", "date_published": "2014-07-22T00:00:00+02:00", "date_modified": "2014-07-22T00:00:00+02:00", "tags": ["simgrid", "system", "computer", "checkpoint"], "content_html": "In the previous episode, I talked about the\nimplementation of a same-page-merging page store. On top of this, we\ncan build same-page-merging snapshots for the SimGrid model checker.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2014/07/17/sample-watchpoint/", "title": "Sample watchpoints or breakpoints with GDB (and FlameGraph)", "url": "https://www.gabriel.urdhr.fr/2014/07/17/sample-watchpoint/", "date_published": "2014-07-17T00:00:00+02:00", "date_modified": "2014-07-17T00:00:00+02:00", "tags": ["gdb", "debug", "computer", "flamegraph"], "content_html": "GDB can be used to get the stack each time a breakpoint is reached.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2014/06/13/page-store/", "title": "Page store for the Simgrid model checker", "url": "https://www.gabriel.urdhr.fr/2014/06/13/page-store/", "date_published": "2014-06-13T00:00:00+02:00", "date_modified": "2014-06-13T00:00:00+02:00", "tags": ["simgrid", "system", "computer", "checkpoint"], "content_html": "The first (lower) layer of the per-page snapshot mechanism is a page\nstore: its responsibility is to store immutable shareable\nreference-counted memory pages independently of the snapshoting\nlogic. Snapshot management and representation, soft-dirty tracking\nwill be handled in higher layer.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2014/06/11/sdl2-gamepad-calibration/", "title": "SDL2 gamepad calibration", "url": "https://www.gabriel.urdhr.fr/2014/06/11/sdl2-gamepad-calibration/", "date_published": "2014-06-11T00:00:00+02:00", "date_modified": "2014-06-11T00:00:00+02:00", "tags": ["computer", "config", "video-game"], "content_html": "Many recent games do not provide an option to map the keys/axes of the\ngamepad to specific actions. They assume that the gamepad is XBox\ncompatible: if it is not the game is completely unusable. SDL2\nprovides a way to calibrate a gamepad \ud83c\udfae in order to map its\nkeys/axes to the \u201cstandard\u201d XBox ones.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2014/06/06/custom-keyboard/", "title": "Custom (X11/xkb) keyboard layout without being root", "url": "https://www.gabriel.urdhr.fr/2014/06/06/custom-keyboard/", "date_published": "2014-06-06T00:00:00+02:00", "date_modified": "2014-06-06T00:00:00+02:00", "tags": ["computer", "config", "xkb"], "content_html": "Short tutorial about creating a custom keyboard layout without being\nroot.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2014/06/03/non-cow-snapshots/", "title": "Per-page shallow snapshots for the SimGrid model checker", "url": "https://www.gabriel.urdhr.fr/2014/06/03/non-cow-snapshots/", "date_published": "2014-06-03T00:00:00+02:00", "date_modified": "2014-06-03T00:00:00+02:00", "tags": ["simgrid", "system", "computer", "checkpoint"], "content_html": "I looked at my options to achieve efficient/cheap snapshots of the\nsimulated application for the Simgrid model checker using\ncopy-on-write. Here I look at another\nsolution to achieve this without using copy-on-write.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2014/06/02/cow-snapshots/", "title": "Copy-on-write snapshots for the SimGrid model checker", "url": "https://www.gabriel.urdhr.fr/2014/06/02/cow-snapshots/", "date_published": "2014-06-02T00:00:00+02:00", "date_modified": "2014-06-02T00:00:00+02:00", "tags": ["simgrid", "system", "computer", "checkpoint"], "content_html": "The SimGrid model checker\nexplores the graph of possible executions of\na simulated distributed application in order to verify safety and\nliveness properties. The model checker needs to store the state of the\napplication in each node of the execution graph in order to detect\ncycles. However, saving the whole state of the application at each\nnode of the graph leads to huge memory consumption and in some\ncases most of the time is spent copying data in order to take the\nsnapshots of the application. We will see how we could solve this problem,\nusing copy-on-write.
\n"}, {"id": "http://www.gabriel.urdhr.fr/2014/05/23/flamegraph/", "title": "Profiling and optimising with Flamegraph", "url": "https://www.gabriel.urdhr.fr/2014/05/23/flamegraph/", "date_published": "2014-05-23T00:00:00+02:00", "date_modified": "2014-05-23T00:00:00+02:00", "tags": ["simgrid", "optimisation", "profiling", "computer", "flamegraph", "unix", "gdb", "perf"], "content_html": "Flamegraph\nis a software which generates SVG graphics\nto visualise stack-sampling based\nprofiles. It processes data collected with tools such as Linux perf,\nSystemTap, DTrace.
\n"}]}