Programming Leftovers
-
How I gave ManticoreUI a makeover
During my internship at Trail of Bits, I explored the effectiveness of symbolic execution for finding vulnerabilities in native applications ranging from CTF challenges to popular open source libraries like image parsers, focusing on finding ways to enhance ManticoreUI. It is a powerful tool that improves accessibility to symbolic execution and vulnerability discovery, but its usability and efficiency leave much room for improvement. By the end, I implemented new ManticoreUI features that reduce analysis time through emulation, improved shared library support, and enabled symbolic state bootstrapping from GDB to side-step complex program initialization. With these new features, I found and reported a vulnerability in the DICOM Toolkit (DCTMK), which is a widely deployed set of libraries used in medical imaging!
-
Manticore GUIs made easy
Trail of Bits maintains Manticore, a symbolic execution engine that can analyze smart contracts and native binaries. While symbolic execution is a powerful technique that can augment the vulnerability discovery process, it requires some base domain knowledge and thus has its own learning curve. Given the plethora of ways in which a user can interact with such an engine and the need for frequent context switching between a disassembler and one’s terminal or script editor, integrating symbolic execution into one’s workflow can be daunting for a beginner.
-
Using Emacs for R
To start using R, or almost anything else in Emacs you basically need to know 3 things: 1) How to move in Emacs, meaning understanding what is what and learning a few key commands; 2) What is the configuration file and how to use it and 3) How to use packages to extend Emacs. In the first half of this post I will try to show how easy it is to cover these 3 points even for people who are inexperienced in programming. If you don’t believe me I invite you to read just the first paragraph of the next section to give you an idea of how easy it really is. During the second half I will show how I’m using R in Emacs to give you a starting point of a fully functional environment for R, and will conclude with some topics that can be further explored.
-
How to Use Git merge
Git was designed to make branching simple and fast. In contrast to other version control systems, branching on Git is a trivial matter. On multi-developer projects especially, branching is one of Git’s core organizational tools.
Branches sandbox new development efforts so that code can be modified or added without affecting the code in other branches, especially the main or master branch. This usually contains the stable version of your code base.
Isolating these changes from your stable code version makes perfect sense. But sooner or later the new code will be tested, reviewed, and rubber-stamped to be rolled into the master branch. At that point, you need to merge your branch into the master branch.
Actually, branches can have sub-branches so you might be merging your branch into some other branch instead of the master branch. Just remember that merges always take one branch and merge it into a target branch, whatever that branch may be. If you want to merge your master branch into another branch, you can even do that too.
Like most actions in Git, you perform merges in your local repository and push them to your remote repository.
-
Marketing Committee Achievements in 2022 | tprfmarketing [blogs.perl.org]
Looking back over 2022 the Marketing Committee presents our accomplishments to the Board and the Communities we serve.
[...]
We are excited for the opportunities that the new year presents and express our continuing commitment to growing the Perl and Raku communities.
The committee exists to coordinate and facilitate volunteer efforts to promote the Perl and Raku ecosystems, create and distribute quality content, promote Perl and Raku related events, and assist with getting people involved.