It's the one year anniversary of The Crossover Project! Spanning two years of research, I investigate how software engineering compares to other branches of engineering... based on 17 interviews with people who've professionally done both kinds. hillelwayne.com/post/are-we-re…

When I've been on 3-day school roadtrip, on 2nd day classmates tried to prank me saying I've slept over whole day I didn't believe, but later that day I've got sick and parents have taken me home Later at class: "When we said you was going home that day you didn't believe"

TIL: VirtualBox automatically save-states running virtual machines when you shut down host

- I was told how to exit Vim at university - I had to Google how to exit Emacs I'm probably outlier, though these two facts make "how to exit Vim" jokes somewhat funnier to me

ask me something about C

Published writeup and PoC for CVE-2021-39749, allowing starting arbitrary Activity on Android 12L Beta (I've been asked about this so posting answer publicly) github.com/michalbednarsk…

It's here, I did it. I rewrote the entirety of Rust's std::collections::LinkedList to the standard of quality I expect from std, doing all the Covariance and Send garbage you're "supposed to" do Learn Rust With Entirely Too Many Linked Lists is Done. rust-unofficial.github.io/too-many-lists…

“Is this the simplest (and most surprising) sorting algorithm ever?” arxiv.org/abs/2110.01111 Abstract: We present an extremely simple sorting algorithm. It may look like it is obviously wrong, but we prove that it is in fact correct.

The important thing here isn't to poo-poo new tools, it's to share. I just learned about "ss -plant" a year or two ago and it makes "netstat -na | grep LISTEN" or lsof unnecessary.

Bypassing ContentProvider.openFile() internal security checks in Android [1/3] I've discovered an interesting trick that you may use to access private information using a content provider

Sergey Toshin Long time ago there was ThreadLocal in ActivityManagerService that overridden ALL permission checks done under IActivityManager.openFile, later after my report this was restricted and it only affected ContentProvider.openFile: android.googlesource.com/platform/frame…

[Old bug, CVE-2018-9492] On Android 8 and 9 apps could grant themselves access to any ContentProvider through use of FLAG_GRANT_PERSISTABLE_URI_PERMISSION, which made system skip checking if caller itself has permission which is being granted. Fix commit: android.googlesource.com/platform/frame…

TIL about C++ chrono default constructors: This defaults to zero (epoch): std::chrono::steady_clock::time_point a; This defaults to whatever memory was there: std::chrono::steady_clock::duration b; godbolt.org/z/h6h37o5ax

Trying out Mastodon: infosec.exchange/@BednarTildeOne (No idea where I'll be active, I'm rarely active anywhere, although I'll probably have some cool writeup in about month, will post announcement to both if nothing collapses)

Published writeup and exploit for CVE-2022-20452, privilege escalation on Android 13 via Parcel use-after-recycle() github.com/michalbednarsk…

Published new writeup, in which I show bypass for Intent validation inside AccountManagerService on Android 13 despite "Lazy Bundle" mitigation github.com/michalbednarsk…