Since my first post about angel investing, I have made the following investments. These all happen to be YC W18 companies. Vena Medical This company makes a camera that is small enough to fit inside blood vessels, providing a unique perspective to physicians. Playbook This company makes an app to find other people to do things with. For example, you can find someone in the area who is also interested in playing basketball and do that together.Read More
I started angel investing. I have two investments so far. Sickweather This company has an app you can download to see what kind of sicknesses are going around in your area. You can also report what you have when you get sick. Anyplace This company lets you live in a hotel on a month-to-month contract as an alternative to a traditional apartment lease. Also you don’t have to deal with furniture and utilities as you would with an apartment.Read More
Background These are some results of my recent efforts of fuzzing IRC-related software. CVE-2017-14727 in Weechat From the Weechat security page: Date/time conversion specifiers are expanded after replacing buffer local variables in name of log files. In some cases, this can lead to an error in function strftime and a crash caused by the use of an uninitialized buffer. Workaround: Unload the logger plugin: /plugin unload logger Mitre CVE PageRead More
While fuzzing osquery using afl, I encountered a bug in SQLite.
The bug was reproducible using
printf "select * from routes where destination ;VACUUM '::1';\n" | osqueryi. Using osquery binaries compiled with ASan, I got a heap-use-after-free report when running the osqueryi program as demonstrated in the previous sentence.
While fuzzing irssi’s config file parser using afl, I encountered a bug that I reported and became issue #563 for irssi on GitHub. I am going to perform an analysis of the bug and my solution to the bug.
All I had to do to build irssi with afl was add
CC=/path/to/afl/afl-gcc to the configure script invocation. After building irssi, I started running
irssi --config file.cfg with afl, allowing afl to pass in the configuration file it generates in place of file.cfg. All that can be done by following a guide that covers how to use afl.
I got a new laptop. It is the HP Pavilion 15t. The model number is 15t-ab100 and the SKU is L8V46AV.
I got the i5 processor with 8 GB RAM and 1 TB HDD. It was a big upgrade over my old laptop, because I had a first gen i3 in the old one and this has a Skylake processor.Read More
This article assumes familiarity with the Bitcoin block format.
Namecoin blocks starting with block 19200 may have some extra data in them. These blocks with extra data are called AuxPOW blocks for Auxiliary Proof of Work. The extra data appears between the nonce and txn_count. This extra data appears when a block has been merged-mined for both the Bitcoin and Namecoin networks.Read More
I recently installed the program nmcontrol. Doing so was non-trivial, so I am documenting the process I took here.
For those that don’t know, nmcontrol is a daemon that communicates with namecoind and provides services. In particular, I wanted to use the DNS service it provides for accessing .bit domain names. The .bit TLD is used by Namecoin. Namecoin is a decentalized key-value store and among its uses is decentalized DNS.Read More