Infosec consultant @WithSecure - Coding, Research + various other interests
@gabrielesvelto Yeah, information for that vulnerability is non-existent as well. In all the vulnerability management doesn’t seem to be going great here.
Update: The “PeCoffLoader memory overflow issue for security” likely is CVE-2024-38796: https://nvd.nist.gov/vuln/detail/cve-2024-38796
I had actually forgotten I still had Docker installed on this system. I’ve now fixed this issue by uninstalling the malicious app. I’m using #podman elsewhere already, just had this install lingering still. Apple: Thanks for the warning!
@g@irrelephant.co Oof, that’s not good at all.
@Ichinin@infosec.exchange Nah, but there’s another booze bottle in the game that is exact same alcvol as Koskenkorva. They are of course actively avoiding trademark issues by creating their own labels and trademarks for items.
I just noticed that the game location (Mankila) is actually a real place in Finland: https://maps.app.goo.gl/D3dFdmt7ACokCf7d8
The shape of the lake, the buildings around it are different and there are extra islands etc, but it is clearly modelled after the real deal. That’s quite cool, heh.
#FinnishCottageSimulator
@Ichinin@infosec.exchange Currently there is no driving with or working on cars, but I’ve managed to hitch a ride from one of the NPCs. Driving the moped is quite fun until you drive into a ditch. Pulling the moped out of there is as painful as in real life… 😆
Other difference to my summer car: Currently there is no hunger, thirst, stress or similar “pressure”. As it is early access I don’t know if any if this will change later.
The multiplayer is ton of fun with bunch of friends.
@screaminggoat@infosec.exchange Yep, that’s the one.
@jgrg Oops, it’s u-z. Corrected the post now, thanks for pointing that out.
Some random notes after glancing over the G15D programmer’s reference manual:
- Bendix G-15 doesn’t use hex, but sex: The notation is 0-9 u-z (sexadecimal).
- Section 3.2.3 goes into details on how to optimize performance: You need to carefully plan the order of instructions and data on the drums for optimal speed. The most optimal code will overlay computation and memory accesses. This reminds me of “the story of Mel”. The optimization tricks done don’t differ much from handcrafting optimal assembly code on more modern systems where external memory accesses are very expensive vs computation within registers.
- The addressing notation directly addresses line on the drum and offset of the word on that line. There are 20 lines with 108 29-bit words on each. Arithmetic operations operate on a separate short “register” lines that circulate much faster than the actual memory (27x speed vs memory drum).
- Considering how slow it’s to process individual memory loads / stores, it makes perfect sense that the system has block copy instructions.
- Each instruction has offset within the line to the next instructions to execute. That is, there’s always an explicit jump encoded in each instruction. Conditional code execution occurs by suppressing the jump when condition is met, in which case the jump is not taken and next instruction is executed instead. In modern architectures you generally execute next instructions address and there are dedicated branch instructions.
- Code execution can happen from 7 long lines (0, 1, 2, 3, 4, 5, 19) and one short line (23). Some lines have reserved roles and offsets, at least when using the libraries provided by Bendix.
- As there is no built-in stack register or stack a return address for subroutine calls must be handled manually. This is reminiscent to link register on some later platforms (such as PowerPC). It of course is entirely possible to manually maintain a stack on some line, dedicating some fixed address as stack pointer. All code must then agree on this decided calling convention.
- Punched (paper) tape and magnetic tape is available for input, as well as typewriter (console). Output can be (IBM) punch cards, magnetic tape or typewriter (console). The typewriter also has some switches for control.
So what could you do if the microcode signature verification can be bypassed? While not directly applicable, this #defcon presentation “DEF CON 31 - Backdoor in the Core - Altering Intel x86 Instruction Set at Runtime - Krog, Skovsende” gives some ideas: https://www.youtube.com/watch?v=Zda7yMbbW7s