David Buchanan
@retr0.id
reverse engineering, cryptography, exploits, hardware, file formats, and generally giving computers a hard time
Fedi: @[email protected]
Macroblog: https://www.da.vidbuchanan.co.uk/blog/
Fedi: @[email protected]
Macroblog: https://www.da.vidbuchanan.co.uk/blog/
Pinned
David Buchanan
@retr0.id
ยท Sep 11
what a lovely day, I sure hope nothing bad happens
hm what does it do differently to ssh via bash
February 13, 2026 at 11:30 PM
hm what does it do differently to ssh via bash
This looks extremely cool!
Have you considered supporting backfill via tap or similar?
Have you considered supporting backfill via tap or similar?
February 13, 2026 at 11:24 PM
This looks extremely cool!
Have you considered supporting backfill via tap or similar?
Have you considered supporting backfill via tap or similar?
Reposted by David Buchanan
adding stochastic in front of random words to sound stochastically smart
December 19, 2023 at 12:54 PM
adding stochastic in front of random words to sound stochastically smart
this is a groundbreaking innovation in the field pelican svgs
February 13, 2026 at 7:32 PM
this is a groundbreaking innovation in the field pelican svgs
who up TODOing they context
February 13, 2026 at 5:52 PM
who up TODOing they context
tired: "I'm afraid to publish my code because people might think it's bad"
wired: "I'm afraid to publish my code because AIs might train on it"
inspired: "I'm afraid to publish my code because AIs might train on it and get dumber"
wired: "I'm afraid to publish my code because AIs might train on it"
inspired: "I'm afraid to publish my code because AIs might train on it and get dumber"
February 13, 2026 at 1:46 PM
tired: "I'm afraid to publish my code because people might think it's bad"
wired: "I'm afraid to publish my code because AIs might train on it"
inspired: "I'm afraid to publish my code because AIs might train on it and get dumber"
wired: "I'm afraid to publish my code because AIs might train on it"
inspired: "I'm afraid to publish my code because AIs might train on it and get dumber"
do atlantic fishermen use claude cod
February 13, 2026 at 2:09 AM
do atlantic fishermen use claude cod
probably 0 profitable ones, I don't think an "agentic" harness is what you'd want here
February 13, 2026 at 12:43 AM
probably 0 profitable ones, I don't think an "agentic" harness is what you'd want here
no? it'd return 0 because uVar3 == 0
February 13, 2026 at 12:36 AM
no? it'd return 0 because uVar3 == 0
this is decompiler output, not source code
February 13, 2026 at 12:16 AM
this is decompiler output, not source code
Yeah usually you'd call it on some fixed-length buffer (e.g. a hash of something)
February 12, 2026 at 11:38 PM
Yeah usually you'd call it on some fixed-length buffer (e.g. a hash of something)
they should let me pick the words
โ Frobulating...
February 12, 2026 at 11:37 PM
they should let me pick the words
for the constant-time-ness, usually or-ing the xor of each pair of bytes, and checking the accumulated value at the end. for FI resistance, it's more of an art than a science but it usually involves multiple redundant checks
February 12, 2026 at 11:32 PM
for the constant-time-ness, usually or-ing the xor of each pair of bytes, and checking the accumulated value at the end. for FI resistance, it's more of an art than a science but it usually involves multiple redundant checks
I found this post again and it took me a while to re-figure-out what was wrong with it, so for the record:
There are two things you might expect from a "secure memcmp" implementation:
- constant-time
- fault-injection resistance
This impl does neither, it's just a textbook non-vectorized memcpy.
There are two things you might expect from a "secure memcmp" implementation:
- constant-time
- fault-injection resistance
This impl does neither, it's just a textbook non-vectorized memcpy.
February 12, 2026 at 11:22 PM
I found this post again and it took me a while to re-figure-out what was wrong with it, so for the record:
There are two things you might expect from a "secure memcmp" implementation:
- constant-time
- fault-injection resistance
This impl does neither, it's just a textbook non-vectorized memcpy.
There are two things you might expect from a "secure memcmp" implementation:
- constant-time
- fault-injection resistance
This impl does neither, it's just a textbook non-vectorized memcpy.
it always annoyed me when REing stuff so I'm glad the forwards engineers are suffering too
February 12, 2026 at 11:07 PM
it always annoyed me when REing stuff so I'm glad the forwards engineers are suffering too
I've tried claude a fair bit, but not yet codex - could you give some examples of tasks codex can do, but claude can't?
February 12, 2026 at 10:29 PM
I've tried claude a fair bit, but not yet codex - could you give some examples of tasks codex can do, but claude can't?
I only use organic software that hasn't been developed using computers
February 12, 2026 at 2:25 PM
I only use organic software that hasn't been developed using computers
When scrolling the backlog, everything jumps around while it loads in
February 12, 2026 at 1:21 AM
When scrolling the backlog, everything jumps around while it loads in
Clicking on a reply to jump to the parent message almost always jumps to the wrong place
February 12, 2026 at 1:20 AM
Clicking on a reply to jump to the parent message almost always jumps to the wrong place
Searching message history just stays loading forever
February 12, 2026 at 1:19 AM
Searching message history just stays loading forever
Most of my DM history says `Unable to decrypt message`
February 12, 2026 at 1:11 AM
Most of my DM history says `Unable to decrypt message`
When I hear a notification sound I'm clicking around randomly for a few minutes to find where it came from.
February 12, 2026 at 1:11 AM
When I hear a notification sound I'm clicking around randomly for a few minutes to find where it came from.