Orange FTTH and IPv6 - part twoOrange FTTH and IPv6 - part two 01 April 202301 April 2023 Three years ago I published a guide on how to configure a custom Linux router to work with Orange FTTH setup:Three years ago I published a guide on how to configure a custom Linux router to work with Orange FTTH setup: Orange FTTH on a custom routerOrange FTTH on a custom router The most important part was getting IPv6 working, since it wasn't possible with the "Funbox" router...The most important part was getting IPv6 working, since it wasn't possible with the "Funbox" router...
05 September 202205 September 2022
I was able to put my hands on an HTC Vive VR headset. Sadly, my
computers don't have a strong enough GPU for VR.I was able to put my hands on an HTC Vive VR headset. Sadly, my
computers don't have a strong enough GPU for VR.
Since I only have laptops I decided to secure an eGPU (external GPU) -
a box with PCIe bus, connected over thunderbolt, which can house a
proper big graphics card. I got
Since I only have laptops I decided to secure an eGPU (external GPU) -
a box with PCIe bus, connected over thunderbolt, which can house a
proper big graphics card. I got
Razer Core XRazer Core X. Together
with the laptop, the setup looks like this:. Together
with the laptop, the setup looks like this:
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day 06 May 202106 May 2021 I published an article on I published an article on Cloudflare blogCloudflare blog:: Branch predictor: How many "if"s are too many? Including x86 and M1 benchmarks!Branch predictor: How many "if"s are too many? Including x86 and M1 benchmarks! Notable discussions...Notable discussions...
02 August 202002 August 2020 Don't actually throw away FunBox. Not only it belongs to the carrier, but also you're not supposed to throw electrical equipment into mixed trash.Don't actually throw away FunBox. Not only it belongs to the carrier, but also you're not supposed to throw electrical equipment into mixed trash. Here in Poland, Orange has a decent Here in Poland, Orange has a decent FTTHFTTH offer - less than $16 for 300Mbit down, 50Mbit up. People reversed it over the years, most impressively... offer - less than $16 for 300Mbit down, 50Mbit up. People reversed it over the years, most impressively...
18 June 202018 June 2020 This article is also co-published on This article is also co-published on Cloudflare blogCloudflare blog:: Why is there a "V" in SIGSEGV Segmentation Fault?Why is there a "V" in SIGSEGV Segmentation Fault? Another long night. I was working on my...Another long night. I was working on my...
Moral compass: In praise of opennessMoral compass: In praise of openness 29 March 202029 March 2020 On this blog, I usually write about technology. For once, allow me to make an exception and write about something different. In these days of isolation and anxiety, I find myself thinking about the moral compass that guided me in my life.On this blog, I usually write about technology. For once, allow me to make an exception and write about something different. In these days of isolation and anxiety, I find myself thinking about the moral compass that guided me in my life. I believe it's important to talk about it. Many people I encountered in my life lacked a moral framework, lacked...I believe it's important to talk about it. Many people I encountered in my life lacked a moral framework, lacked...
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day 02 March 202002 March 2020 I published an article on I published an article on Cloudflare blogCloudflare blog:: When Bloom filters don't bloomWhen Bloom filters don't bloom
06 December 201906 December 2019 Articles from this series:Articles from this series: Creating socketsCreating sockets on Linux. on Linux. Addressing of AF_INET, AF_INET6 and AF_UNIXAddressing of AF_INET, AF_INET6 and AF_UNIX sockets. sockets. A freshly created socket isn't very useful. We have to tell it to either listen for incoming data, or connect to a remote peer. To achieve anything...A freshly created socket isn't very useful. We have to tell it to either listen for incoming data, or connect to a remote peer. To achieve anything...
06 November 201906 November 2019 Articles from this series:Articles from this series: Creating socketsCreating sockets on Linux. on Linux. Addressing of AF_INET, AF_INET6 and AF_UNIXAddressing of AF_INET, AF_INET6 and AF_UNIX sockets. sockets. Our journey into the Linux networking API starts with the common Our journey into the Linux networking API starts with the common socket()socket() syscall: syscall: intint......
30 September 201930 September 2019 Recently I've been spending more time looking into Linux TCP implementation, trying to better understand some corner cases.Recently I've been spending more time looking into Linux TCP implementation, trying to better understand some corner cases. Here are two TCP puzzles. Using obvious, almost trivial, Python snippets, we can show really important design choices made deep in the networking stack. All we need is a bit of time... and courage to go into the Linux internals!Here are two TCP puzzles. Using obvious, almost trivial, Python snippets, we can show really important design choices made deep in the networking stack. All we need is a bit of time... and courage to go into the Linux internals! 1. Write buffer vs POLLOUT1. Write buffer vs POLLOUT Imagine a TCP server and a...Imagine a TCP server and a...
20 September 201920 September 2019 This article was first published on This article was first published on Cloudflare blogCloudflare blog:: When TCP sockets refuse to dieWhen TCP sockets refuse to die Accompanying scriptsAccompanying scripts While working on our While working on our
10 July 201910 July 2019 This article was first published on This article was first published on Cloudflare blogCloudflare blog:: A gentle introduction to Linux Kernel fuzzingA gentle introduction to Linux Kernel fuzzing Accompanying codeAccompanying code For some time I’ve...For some time I’ve...
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day
18 May 201918 May 2019
On On Cloudflare blogCloudflare blog I published a transcript of my talk: I published a transcript of my talk:
Cloudflare architecture and how BPF eats the worldCloudflare architecture and how BPF eats the world
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day RFC8482 - Saying goodbye to DNS ANYRFC8482 - Saying goodbye to DNS ANY 15 March 201915 March 2019 I've published an article on the Cloudflare blog:I've published an article on the Cloudflare blog: RFC8482 - Saying goodbye to ANYRFC8482 - Saying goodbye to ANY ... ...
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day SOCKMAP - TCP splicing of the futureSOCKMAP - TCP splicing of the future 18 February 201918 February 2019 I've published an article on the Cloudflare blog:I've published an article on the Cloudflare blog: SOCKMAP - TCP splicing of the...SOCKMAP - TCP splicing of the...
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day io_submit - The epoll alternativeio_submit - The epoll alternative 04 January 201904 January 2019 I've published an article on the Cloudflare blog:I've published an article on the Cloudflare blog:
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day 23 November 201823 November 2018 A random experimeriment, where I manage to use FFT! I'm pretty proud of this analysis:A random experimeriment, where I manage to use FFT! I'm pretty proud of this analysis:
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day 12 November 201812 November 2018 Yet another Cloudflare analysis of amplification attacks:Yet another Cloudflare analysis of amplification attacks:
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day 10 September 201810 September 2018 I've published an article on the Cloudflare blog, on why we are changing the IPv6 MTU setting:I've published an article on the Cloudflare blog, on why we are changing the IPv6 MTU setting:
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day 01 June 201801 June 2018 Not a thing to be proud of, but here is a post mortem from an incident caused by the code I was working on:Not a thing to be proud of, but here is a post mortem from an incident caused by the code I was working on:
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day mmproxy - creative linux routing hackmmproxy - creative linux routing hack 17 April 201817 April 2018 I've published an article on how we abused TPROXY iptables module to build I've published an article on how we abused TPROXY iptables module to build mmproxymmproxy, a simple Proxy Protocol v1 proxy that can "preserve" (or locally spoof) client IP addreses. It's pretty useful..., a simple Proxy Protocol v1 proxy that can "preserve" (or locally spoof) client IP addreses. It's pretty useful...
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day 12 April 201812 April 2018 I've published an article on how we used TPROXY iptables module to build Cloudflare Spectrum product:I've published an article on how we used TPROXY iptables module to build Cloudflare Spectrum product:
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day
29 March 201829 March 2018
I've published an article on the Cloudflare blog:I've published an article on the Cloudflare blog:
https://blog.cloudflare.com/epbf_sockets_hop_distance/https://blog.cloudflare.com/epbf_sockets_hop_distance/
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day The real cause of large DDoS - IP SpoofingThe real cause of large DDoS - IP Spoofing 06 March 201806 March 2018 I've published an article on the Cloudflare blog:I've published an article on the Cloudflare blog:
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day
Memcrashed - Amplification attacks from 11211/UDPMemcrashed - Amplification attacks from 11211/UDP
27 February 201827 February 2018
I published an article on the Cloudflare blog:I published an article on the Cloudflare blog:
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day 26 January 201826 January 2018 Back in July 2017 I went to Vegas and gave a short talk at the Back in July 2017 I went to Vegas and gave a short talk at the Packet Hacking VillagePacket Hacking Village. . I was talkingI was talking about my favorite subject - IP... about my favorite subject - IP...
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day 15 January 201815 January 2018 I've published an article on the Cloudflare blog describing SYN Cookies, SYN floods, SYN Queue and Accept Queue:I've published an article on the Cloudflare blog describing SYN Cookies, SYN floods, SYN Queue and Accept Queue:
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day 22 December 201722 December 2017 Over last couple weeks I gave five talks on local meetups in Warsaw. Cloudflare is running a Over last couple weeks I gave five talks on local meetups in Warsaw. Cloudflare is running a pizza programpizza program - for most of the meetups we were able to secure Cloudflare-sponsored pizza! - for most of the meetups we were able to secure Cloudflare-sponsored pizza! Most of the...Most of the...
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day 06 November 201706 November 2017 I've published an article on the Cloudflare blog:I've published an article on the Cloudflare blog:
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day Meet Gatebot - a bot that allows us to sleepMeet Gatebot - a bot that allows us to sleep 25 September 201725 September 2017 I've published an article on the Cloudflare blog:I've published an article on the Cloudflare blog:
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day
18 August 201718 August 2017
I've published an article on the Cloudflare blog:I've published an article on the Cloudflare blog:
https://blog.cloudflare.com/ip-fragmentation-is-broken/https://blog.cloudflare.com/ip-fragmentation-is-broken/
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day 29 June 201729 June 2017 I've published an article on the Cloudflare blog:I've published an article on the Cloudflare blog: https://blog.cloudflare.com/ssdp-100gbps/https://blog.cloudflare.com/ssdp-100gbps/ ... ...
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day
25 May 201725 May 2017
I've published an article on the CloudFlare blog:I've published an article on the CloudFlare blog:
https://blog.cloudflare.com/reflections-on-reflections/https://blog.cloudflare.com/reflections-on-reflections/
28 March 201728 March 2017 Some time ago I started wondering - would it be possible for a CDN to run customer code on the edge servers? I read and asked around, over time I got acquainted to what is and what is not technically possible. But that didn't bring me closer to an useful answer. Fortunately exploring this subject has been enormous fun. In this blog post I'll describe my findings so far.Some time ago I started wondering - would it be possible for a CDN to run customer code on the edge servers? I read and asked around, over time I got acquainted to what is and what is not technically possible. But that didn't bring me closer to an useful answer. Fortunately exploring this subject has been enormous fun. In this blog post I'll describe my findings so far. Generally...Generally...
I/O multiplexing part #4I/O multiplexing part #4 20 March 201720 March 2017 Previous articles in this series:Previous articles in this series: The history of the Select(2) syscallThe history of the Select(2) syscall Select(2) is fundamentally brokenSelect(2) is fundamentally broken
I/O multiplexing, commentaryI/O multiplexing, commentary 23 February 201723 February 2017 Some time ago I wrote about Some time ago I wrote about a history of a history of select()select() syscall syscall. While that piece was a necessary introduction to . While that piece was a necessary introduction to the followupthe followup post, it triggered interesting discussions. post, it triggered interesting discussions. It took me a while but...It took me a while but...
I/O multiplexing part #3I/O multiplexing part #3 20 February 201720 February 2017 In previous articles we talked about:In previous articles we talked about: The history of the Select(2) syscallThe history of the Select(2) syscall Select(2) being fundamentally brokenSelect(2) being fundamentally broken This time we'll focus on Linux's This time we'll focus on Linux's select(2)select(2) successor -... successor -...
I/O multiplexing part #2I/O multiplexing part #2 06 January 201706 January 2017 In a previous blog post we discussed In a previous blog post we discussed a brief history of the a brief history of the select(2)select(2) syscall syscall. The article concludes that some I/O multiplexing was necessary to do console emulation, games and non-trivial TCP/IP applications.. The article concludes that some I/O multiplexing was necessary to do console emulation, games and non-trivial TCP/IP applications. The BSD designers chose the The BSD designers chose the selectselect multiplexing model and other Unixes... multiplexing model and other Unixes...
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day 05 December 201605 December 2016 I've published an article on the CloudFlare blog:I've published an article on the CloudFlare blog:
I/O multiplexing part #1I/O multiplexing part #1 01 November 201601 November 2016 Recently I've been thinking about the multiplexing in Linux, namely the Recently I've been thinking about the multiplexing in Linux, namely the epoll(7)epoll(7) syscall. I was curious if syscall. I was curious if epollepoll is better or worse than the is better or worse than the iocpiocp or or kqueuekqueue. I was wondering if there was . I was wondering if there was a...a...
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day Say Cheese: DDoS from IoT devicesSay Cheese: DDoS from IoT devices 12 October 201612 October 2016 I've published an article on the CloudFlare blog:I've published an article on the CloudFlare blog:
Strange Loop - IP SpoofingStrange Loop - IP Spoofing 20 September 201620 September 2016 I recently gave a talk at the I recently gave a talk at the Strange LoopStrange Loop conference in St Louis. conference in St Louis. The The recordingrecording and and slidesslides are available, but for easier consumption here's a... are available, but for easier consumption here's a...
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day
05 April 201605 April 2016
I've published an article on the CloudFlare blog:I've published an article on the CloudFlare blog:
https://blog.cloudflare.com/revenge-listening-sockets/https://blog.cloudflare.com/revenge-listening-sockets/
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day Web archeology - itblogWeb archeology - itblog 11 March 201611 March 2016 Long time ago I spent some time working at now defunct Polish social network - Long time ago I spent some time working at now defunct Polish social network - Grono.netGrono.net. I published a couple of blog posts.... I published a couple of blog posts...
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day Enigma - Building a DoS mitigation pipelineEnigma - Building a DoS mitigation pipeline 01 February 201601 February 2016 I presented a talk at the I presented a talk at the Enigma 2016Enigma 2016 in San Francisco. in San Francisco. Here are the slides from the...Here are the slides from the...
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day 19 November 201519 November 2015 I've published an article on the CloudFlare blog:I've published an article on the CloudFlare blog:
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day Black Hat EU - Defending the indefensibleBlack Hat EU - Defending the indefensible 16 November 201516 November 2015 I presented a talk at the I presented a talk at the Black Hat EU 2015Black Hat EU 2015 in Amsterdam. in Amsterdam. Here are the slides from the...Here are the slides from the...
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day 25 September 201525 September 2015 I've published an article on the CloudFlare blog:I've published an article on the CloudFlare blog:
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day 07 September 201507 September 2015 I've published an article on the CloudFlare blog:I've published an article on the CloudFlare blog: https://blog.cloudflare.com/kernel-bypass/https://blog.cloudflare.com/kernel-bypass/ ... ...
16 August 201516 August 2015 I've realized that "virtualization" is a major driving force in the computer industry. I know, this sounds pretty obvious, but previously I didn't realize just how strong the virtualization force is.I've realized that "virtualization" is a major driving force in the computer industry. I know, this sounds pretty obvious, but previously I didn't realize just how strong the virtualization force is. By "virtualization" I don't only mean virtual machines. I mean a wider concept of fault isolation, resource isolation, process separation and so on. For the purposes of this article "virtualization" is anything that allows running more than one process...By "virtualization" I don't only mean virtual machines. I mean a wider concept of fault isolation, resource isolation, process separation and so on. For the purposes of this article "virtualization" is anything that allows running more than one process...
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day
30 June 201530 June 2015
I've published an article on the CloudFlare blog:I've published an article on the CloudFlare blog:
https://blog.cloudflare.com/how-to-achieve-low-latency/https://blog.cloudflare.com/how-to-achieve-low-latency/
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day
OARC - Dealing with DNS packet floodsOARC - Dealing with DNS packet floods
11 May 201511 May 2015
I presented a talk at the
I presented a talk at the
OARC 2015 Spring WorkshopOARC 2015 Spring Workshop
in Amsterdam.
in Amsterdam.
Here are the slides from the talk:Here are the slides from the talk:
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day 04 February 201504 February 2015 I've published an article on the CloudFlare blog:I've published an article on the CloudFlare blog:
21 May 201421 May 2014 This article was originally published on the CloudFlare blog:This article was originally published on the CloudFlare blog: http://blog.cloudflare.com/bpf-the-forgotten-bytecodehttp://blog.cloudflare.com/bpf-the-forgotten-bytecode Every once in a while I run into an obscure computer technology that is a hidden gem, which over the years has become mostly forgotten. This...Every once in a while I run into an obscure computer technology that is a hidden gem, which over the years has become mostly forgotten. This...
03 April 201403 April 2014 A TCP/IP connection is identified by a four element tuple: {source IP, source port, destination IP, destination port}. To establish a TCP/IP connection only a destination IP and port number are needed, the operating system automatically selects source IP and port. This article explains how the Linux kernel does the source port allocation.A TCP/IP connection is identified by a four element tuple: {source IP, source port, destination IP, destination port}. To establish a TCP/IP connection only a destination IP and port number are needed, the operating system automatically selects source IP and port. This article explains how the Linux kernel does the source port allocation. Ephemeral port rangeEphemeral port range To establish a connection To establish a connection
28 February 201428 February 2014 Golang ships with a linked listGolang ships with a linked list11 data structure: data structure: container/listcontainer/list.. The implementationThe implementation is great and simple but it suffers an interesting problem: adding a value to a list requires a memory... is great and simple but it suffers an interesting problem: adding a value to a list requires a memory...
31 December 201331 December 2013 Every serious program has some kind of logging infrastructure. Sometimes it's trivial (Every serious program has some kind of logging infrastructure. Sometimes it's trivial (stderrstderr); sometimes it's sophisticated and highly configurable.); sometimes it's sophisticated and highly configurable. Unfortunately, many programs use logging inconsistently. The logging infrastructure is usually grown organically and not thought through. Many programs repeat the same mistakes with regard to logging.Unfortunately, many programs use logging inconsistently. The logging infrastructure is usually grown organically and not thought through. Many programs repeat the same mistakes with regard to logging. Let's take some time to talk about logging in larger systems.Let's take some time to talk about logging in larger systems. Before we...Before we...
28 November 201328 November 2013 Few years ago Few years ago AlexaAlexa started to publish a daily snapshot of top one million domains used on the internet. Using this data I wanted to analyse how the DNS assignments change over time. started to publish a daily snapshot of top one million domains used on the internet. Using this data I wanted to analyse how the DNS assignments change over time. The plan was simple:The plan was simple: Every day download the Alexa list of top domains.Every day download the Alexa list of top domains. Every day resolve all the domains.Every day resolve all the domains. Do something with the gathered data.Do something with the gathered data. Profit!Profit! The...The...
09 October 201309 October 2013 SiphashSiphash is a is a PRFPRF using a "SipRound" primitive as a building block. using a "SipRound" primitive as a building block. The recommended SipHash variant, SipHash-2-4, is running two The recommended SipHash variant, SipHash-2-4, is running two SipRoundsSipRounds after every message block and four rounds at the end to finalise the hash. after every message block and four rounds at the end to finalise the hash. SipRoundSipRound SipRound is a simple construct - it mangles 256 bits...SipRound is a simple construct - it mangles 256 bits...
05 September 201305 September 2013 ... it's about the flow control... it's about the flow control Programmers tend to be very opinionated about programming with Programmers tend to be very opinionated about programming with callbackscallbacks.. It's just a programming style, not a big deal usually, but it becomes an issue when a platform forces you to use It's just a programming style, not a big deal usually, but it becomes an issue when a platform forces you to use onlyonly the callback style. I'm talking about you, JavaScript. the callback style. I'm talking about you, JavaScript. In my opinion people forget an important point in the discussion...In my opinion people forget an important point in the discussion...
15 August 201315 August 2013 In recent years Linux distributions started treating security more seriously. Out of many security features two are directly affecting C programmers: In recent years Linux distributions started treating security more seriously. Out of many security features two are directly affecting C programmers: -fstack-protector-fstack-protector and and -D_FORTIFY_SOURCE=2-D_FORTIFY_SOURCE=2. These GCC options are now enabled by default on . These GCC options are now enabled by default on UbuntuUbuntu and and
24 July 201324 July 2013 In In the LLVMthe LLVM the compilation takes three stages (image from the compilation takes three stages (image from the AOSA bookthe AOSA book):): SchemaSchema The stages are:The stages are: The The frontendfrontend, parsing original language and spiting out LLVM Intermediate Representation..., parsing original language and spiting out LLVM Intermediate Representation...
19 July 201319 July 2013
Let me assure you, the
Let me assure you, the
"fluxcapacitor""fluxcapacitor"
project is very interesting. Unfortunately, I find it very difficult
to describe what it does. For this project I completely fail the
project is very interesting. Unfortunately, I find it very difficult
to describe what it does. For this project I completely fail the
elevator pitchelevator pitch..
I won't attempt to describe it, instead I'll try present it in action.I won't attempt to describe it, instead I'll try present it in action.
16 July 201316 July 2013 It's a bit embarrassing but I never fully understood how the stack in x86 works. Sure, I know the stack grows downwards, the top is saved in It's a bit embarrassing but I never fully understood how the stack in x86 works. Sure, I know the stack grows downwards, the top is saved in %esp%esp and and %ebp%ebp points somewhere. But I didn't know exactly why. During points somewhere. But I didn't know exactly why. During Hacker SchoolHacker School I wrote a bit of assembly that finally gave me a better intuition, maybe it can help you as well. I wrote a bit of assembly that finally gave me a better intuition, maybe it can help you as well. PrerequisitesPrerequisites I'm...I'm...
11 July 201311 July 2013 I was playing with the I was playing with the Tor ProjectTor Project and decided to understand how the Chinese block Tor servers. and decided to understand how the Chinese block Tor servers. Philipp Winter wrote an amazing paperPhilipp Winter wrote an amazing paper on that subject. He noticed on that subject. He noticed The Great Firewall of ChinaThe Great Firewall of China is actively scanning services and if it detects a... is actively scanning services and if it detects a...
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day Hardware entropy: RDRANDHardware entropy: RDRAND 25 March 201325 March 2013 This is the third blog post on machine instructions:This is the third blog post on machine instructions: first I played with AES-NIfirst I played with AES-NI
30 January 201330 January 2013 Few days ago Few days ago I presented a Python and a C implementation of SipHashI presented a Python and a C implementation of SipHash. This time for no reason whatsoever I implemented a bitsliced version of it.. This time for no reason whatsoever I implemented a bitsliced version of it. BitslicingBitslicing a crypto algorithm is usually done to speed it up when doing massively parallel operations. For example when trying to find a collision with... a crypto algorithm is usually done to speed it up when doing massively parallel operations. For example when trying to find a collision with...
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day 29 January 201329 January 2013 Say you want to sniff TCP/IP packets on your network. That's pretty easy, right? Use Say you want to sniff TCP/IP packets on your network. That's pretty easy, right? Use libpcaplibpcap, receive packets from the network interface and we're done. But before you can extract the IP header from a received packet you need to strip , receive packets from the network interface and we're done. But before you can extract the IP header from a received packet you need to strip
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day 28 January 201328 January 2013 In 2010 Intel engineer, Gabriele Paoloni, released a very informative paper on In 2010 Intel engineer, Gabriele Paoloni, released a very informative paper on How To Benchmark Code ExecutionHow To Benchmark Code Execution.. It boils down to the following observations regarding counting CPU cycles:It boils down to the following observations regarding counting CPU cycles: Disable...Disable...
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day 24 January 201324 January 2013 On 29C3 djb, Jean-Philippe Aumasson and Martin Boßlet gave a very interesting On 29C3 djb, Jean-Philippe Aumasson and Martin Boßlet gave a very interesting talk on SipHashtalk on SipHash ( (see the...see the...
Recently I've been experimenting with Linux's Recently I've been experimenting with Linux's ptrace(2)ptrace(2) syscall. Unfortunately, there isn't any kind of "official" documentation for it and the manual page is quite poor. There are some other attempts to document it, for example syscall. Unfortunately, there isn't any kind of "official" documentation for it and the manual page is quite poor. There are some other attempts to document it, for example in the...in the...
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day 09 December 201209 December 2012 SockJS-nodeSockJS-node users noticed that the server seems to be leaking file descriptors when websockets are enabled. The problem resulted in the usual users noticed that the server seems to be leaking file descriptors when websockets are enabled. The problem resulted in the usual EMFILE - Too many open filesEMFILE - Too many open files crash. crash. Additionally, Additionally, lsoflsof was... was...
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day 23 November 201223 November 2012 You know you had enough Erlang once your C code starts looking like this:You know you had enough Erlang once your C code starts looking like this: #define TUPLE_U8U8(a,b) \#define TUPLE_U8U8(a,b) \ (u16) (((u8)(a) << 8) | ((u8)(b) & 0xFF)) (u16) (((u8)(a) << 8) | ((u8)(b) & 0xFF)) ...... switchswitch......
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day or how to use gdb on iTunesor how to use gdb on iTunes 13 November 201213 November 2012 In recent years the In recent years the "Apple is evil""Apple is evil" discussion started recurring more and more often. discussion started recurring more and more often. In last week's editionIn last week's edition on the YCombinator, on the YCombinator,
12 November 201212 November 2012 In JuneIn June I started playing with fingerprinting SSL client requests. For example, an SSL fingerprint of my browser is: I started playing with fingerprinting SSL client requests. For example, an SSL fingerprint of my browser is: 3.2:c00a,c014,3.2:c00a,c014,[[......]],c00d,c003,feff,a:?0,ff01,a,b,23,3374:ver ,c00d,c003,feff,a:?0,ff01,a,b,23,3374:ver Read the docs of fingerprint...Read the docs of fingerprint...
24 September 201224 September 2012 In one of the lectures on the In one of the lectures on the crypto-classcrypto-class professor professor Dan BonehDan Boneh mentioned that the mentioned that the Intel's WestmereIntel's Westmere architecture has native instructions aiding with the AES cipher. architecture has native instructions aiding with the AES cipher. Or formally speaking - newer CPU's support Or formally speaking - newer CPU's support
21 September 201221 September 2012
Few days ago Few days ago Peter BengtssonPeter Bengtsson wrote an
interesting blog post on wrote an
interesting blog post on SockJSSockJS::
Real-timify Django with SockJSReal-timify Django with SockJS
The article is quite brief, let me try to provide step-by-step
instructions on how to start your first Django on SockJS project.The article is quite brief, let me try to provide step-by-step
instructions on how to start your first Django on SockJS project.
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day 12 September 201212 September 2012 In the previous article I was playing with In the previous article I was playing with the implementation of the concurrent Queue in Cthe implementation of the concurrent Queue in C.. During the experiments I tried to outsmart During the experiments I tried to outsmart pthreadpthread library and beat the speed of their spinlock... library and beat the speed of their spinlock...
11 September 201211 September 2012 I needed a queue implementation written in C for one of my ever-experimental projects. The complex part was to make it thread-safe - it was going to be used for exchanging data between threads.I needed a queue implementation written in C for one of my ever-experimental projects. The complex part was to make it thread-safe - it was going to be used for exchanging data between threads. Usually, I'd just take the Usually, I'd just take the doubly linked listdoubly linked list implementation from the implementation from the
28 July 201228 July 2012 Some time ago I've read about a guy that had Some time ago I've read about a guy that had a magnet implanted in the pinky fingera magnet implanted in the pinky finger.. The author seems to have made the implant mostly for fun only later he discovered that it sometimes "ticks" in and gives a "sixth sense":The author seems to have made the implant mostly for fun only later he discovered that it sometimes "ticks" in and gives a "sixth sense": When people discuss...When people discuss...
25 July 201225 July 2012 In the previous post I explainedIn the previous post I explained that a binary tree wasn't the best data structure for my needs - it wastes too much memory. that a binary tree wasn't the best data structure for my needs - it wastes too much memory. I looked for a memory-efficient data structures and I found a gem: I looked for a memory-efficient data structures and I found a gem: Hash Array Mapped Trie (HAMT)Hash Array Mapped Trie (HAMT). The author, Phil Bagwell, wrote two papers related to.... The author, Phil Bagwell, wrote two papers related to...
02 July 201202 July 2012 In In January 2009January 2009 I was wondering whether it is possible to build a full-text search engine that could handle I was wondering whether it is possible to build a full-text search engine that could handle the search for Twitterthe search for Twitter. At that time the search tool they provided was barely working. Later . At that time the search tool they provided was barely working. Later Twitter...Twitter...
17 June 201217 June 2012 In January In January Lcamtuf announcedLcamtuf announced a complete rewrite of his passive fingerprinting tool a complete rewrite of his passive fingerprinting tool p0fp0f. Historically p0f was a low-level tool focused on fingerprinting layer 4, mostly . Historically p0f was a low-level tool focused on fingerprinting layer 4, mostly SYNSYN and and SYN-ACKSYN-ACK TCP/IP packets. TCP/IP packets. The new version of p0f is different: not only it can look at low level packets, but...The new version of p0f is different: not only it can look at low level packets, but...
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day 16 June 201216 June 2012 Not everyone knows that the SSL handshake is not encrypted. When you think about it - there isn't other way, before the keys are exchanged the communication must be unencrypted. But I doubt many people think about it.Not everyone knows that the SSL handshake is not encrypted. When you think about it - there isn't other way, before the keys are exchanged the communication must be unencrypted. But I doubt many people think about it. Not only the SSL handshake is plain-text, but also it contains rather interesting data. I...Not only the SSL handshake is plain-text, but also it contains rather interesting data. I...
Marek's Marek's totally not insanetotally not insane idea of the day idea of the day 01 June 201201 June 2012 Starting from scratch is hard, it's much easier just to continue. With that in mind, allow me to keep on writing, in the same fashion as Starting from scratch is hard, it's much easier just to continue. With that in mind, allow me to keep on writing, in the same fashion as my previous blogmy previous blog.. And what a blog that was.And what a blog that was. My last post on My last post on