Dailydave mailing list archives
The dream of the LISP machine is alive in the 90ies
From: Bas Alberts <bas.alberts () immunityinc com>
Date: Fri, 15 Feb 2019 11:20:30 -0500
I ate some bad chicken last night. Really it all started a few days ago when I saw a chick-fil-a commercial about their heart shaped 30pc nugget Valentines day special. That's where that particular piece of data first entered my system. I didn't think much of it at the time. If you're wondering how I could let delicious chicken trump my ethics I would counter that, if you're reading this, you are probably an information security professional as well. So, as it turns out, heart shaped chicken nugget containers are a super popular token of affection in the greater Miami area, and I ended up with 2 spicy chicken sandwiches instead. Well that and a 12pc nugget combo. And a small vanilla milkshake. Nothing says I love you like small vanilla milkshakes. I don't know if the chicken was bad, per se, or if I'm just too Northern European to deal with spicy things, but here we are. 5am. My wife and dog are both vast asleep and I'm thumbing this on my phone in an email to myself. Waiting for the waves of agony to pass. Ironically this is probably the only way you'll get a DailyDave post out of me these days. Locked in the bathroom, tethered to a phone that I'm not allowed to browse the Internet with. Also, you can only read the back of the wet wipes container so many times, so let's have at it. I like to think I'm as good an armchair philosopher as anyone else that watched that first season of True Detective. So let's talk about data as code or, more generally, input as influence. Halvar has always been great at formalizing the intuitions of a certain generation of exploit developers. His ideas about programming the weird machine harken back to the operating paradigms of the LISP machines of lore, but in a way also formalize a class of thinking that is fundamental to not only exploit development, but input based influence on algorithmic processes in general. I would posit the concept extends far beyond the realm of computing. Team Russia is programming the weirdest machine ever right now and to astounding effect. Treating an entire populace as a programmable entity through orchestrated manipulation of its information sources. Input as influence. I don't know if algorithmic process actually means what I think it does. I got the Knuth boxset, but mostly because Amazon had that pricing glitch on it way back when. In fact I got two. One for me, and one for a friend. He, in fact, did read all of it. We lost touch because he's insane, but I think he's out there in the world somewhere doing things more productive than porting PaX to MIPS these days, or at least I hope he is. I'd like to think I had some small part in that. Or at least that me and Jeff Bezos together, did. Tangent aside, having a novel thought on exploitation is hard. Heck, having a novel thought, period, is hard. Hive mind and all. Halvar would probably be the first to tell you that a lot of what he's saying is a mere representation of a certain zeitgeist. Not in the least because he's German and Germans say things like "zeitgeist". That and "schitzel". But what you perceive as hard is relative. Generally a result of context, experience, repetition, intuition, aptitude, and whether or not someone actually told you something was hard to begin with. It's about having insights that simplify your understanding, and carrying those insights forward into ever more intricate layers of what it actually is you are doing. Abstraction as simplification. Collapsing large ideas down into building blocks. Most of those ideas probably aren't your own. But it's hard to be novel, or so I hear. Sometimes all it takes is a simple context switch. I remember when I first started looking at heap corruption as a kid and, growing up in a small Dutch village in the 90ies, my access to formal computer science resources was pretty limited. I had an old beat up copy of K&R and I knew some assholes on IRC. That's about it. Over and over I'd juggle logical vs physical representations of memory layouts in my head. I remember looking at something as simple as an unlink operation, and all the pointer dereferences would just not stick without me having to look them up constantly. For a while I just committed entire chunks of the allocator algorithms to rote memory. Writing down the parts that were relevant to the primitives I cared about over and over. That worked fine. I was never a Dvorak or a Scrippie, but I was stubborn, angry, and obsessed with problem solving. Enough to get the job done. Unlike the Germans, the Dutch don't say things like "zeitgeist", but we do say things like "schnitzel". Anyways, one day instead of trying to treat my brain as a glorified C compiler, I just started visualizing the ideas behind what it was I wanted to do. Imagining a chunks as just buckets of data that I either fully or partially filled with liquid I controlled, coloring the logical and contiguous memory layouts in my head accordingly. Then it became easy. I mean you still had the implementation details of whichever allocator you're dealing with obviously. Sizes here, pointers there, bitmasks up and down. But that's just typing on the keyboard. That's stuff you SHOULD look up by reference. Concepts and big picture understanding are things you should be able to juggle in your head. And at the risk of fetishizing Halvar quotes to Dave Aitel levels, I remember his original quests to visualize all the things because "humans are designed to recognize the shape of the animals they hunt, and turn them into schnitzel, not stare at numbers". I paraphrase. Our generation of hunters just happens to track game around allocators, kernel surfaces, and logic flows. Of course they teach you that stuff in week 1 of most programming classes. Linked lists operations that is, not German hacker philosophy. But I'm in my teens in a country side village in the east of Holland. The closest thing I have to a computer science curriculum revolves around people messaging me on IRC about how I should really start grepping for syslog(3) calls that don't have quotes in them. The closest thing I have to philosophy classes are Scandinavians preaching about the gospels of non-disclosure. A potent recipe to build weird minds, really. Halvar things aside, I think that is the difference between someone that looks at e.g. the V8 codebase and is like "oh Christ that is entirely too much C++" and someone that, in a fairly pragmatic fashion, just identifies where data is input, how that data is acted upon, and how the algorithms acting upon that data are influenced by said data. The ability to visualize, collapse, and abstract whatever does not matter to the problem you are trying to solve, away. Unless you're a fuzzer of course, in which case I harbor some weird late-90ies resentment towards you that is based on nothing but spending too much time with a generation of hackers that read "fight club" like it was the only thing available after eating some bad chicken. Hard is relative. We dance the same dance over and over again in a hall full of ghosts of exploits past. I am Jack's haunted ball room picture. One of my old friends who is probably one of the best exploit developers I've worked with, never went after "hard" bugs. He just found what he referred to as "simple bugs in hard to reach places". That is a powerful concept. If you're willing to dig deep enough, shovel enough reverse engineering work, go deeper into the coal mines than anyone else before you, chances are you will win. I mean you might have black lung by the time you do, but still. Of course one of my other friends is the exact opposite and he insists on finding ridiculously complicated bugs in simple places. I think it kind of depends on what you're after. These days with the Google borg spinning up trillions of cores and Google bucks to fuzz input into whichever surface they can get their grubby little hands on, I'd tend towards simple bugs in hard to reach places. Having said that, beyond code isolation, rapid advances in branch coverage by modern fuzzing approaches kind of moot both. But, it appears that anno 2019, someone can still comfortably sit on a pile of 0day in the same code bases that everyone else is fuzzing CVE's out of. What is today's CVE if not yesterday's 0day? It's probably some intricate dance between code flux, bug density, surface exposure, and whether or not there's a strategy behind the effort beyond "this is what Tavis felt like auditing this weekend". Most of computer science is this weird struggle to emulate our own biological processes either consciously or subconsciously. It makes sense because it's the only way we know how to solve problems, perceived or otherwise. Our problem solving paradigms are based on our biology. Collectively pushing towards an understanding of the world through the filter of being a part of it. It's hard to stay objective, if objective even exists. Consensus based reality is probably the best you can hope for. But with the right inputs, it would appear you can influence almost anything to the point of control. Programs, people, society ... and, perhaps, maybe even reality itself. It's 7am. Time for work. Love, Bas
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- The dream of the LISP machine is alive in the 90ies Bas Alberts (Feb 15)
- Re: The dream of the LISP machine is alive in the 90ies the grugq (Feb 18)