Profile

Cover photo
Austin Seipp
Works at Well-Typed LLP
Attended University of Houston
Lives in Austin, TX
305 followers|2,293 views
AboutPostsPhotosVideos

Stream

Austin Seipp

Shared publicly  - 
 
An interesting paper about a new class of payloads for use in exploit development: jump-oriented programming (JOP,) as contrasted with return-oriented programming (ROP):

http://www.csc.ncsu.edu/faculty/jiang/pubs/ASIACCS11.pdf

This doesn't quite seem to be pivotal new work, and they cite another paper from last year (which I haven't gotten to yet): http://cseweb.ucsd.edu/~scheckow/papers/noret_ccs2010/noret_ccs2010.pdf

For some background on ROP-based payloads, I believe the premier paper on the subject is this one, "The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)":

http://cseweb.ucsd.edu/~hovav/dist/geometry.pdf

The fundamental idea (warning: x86 specific) is that instead of identifying gadgets which use `ret` to end the sequence (or something alternative like `pop; jmp`) and using the stack as a means of chaining gadgets and thus control flow, instead, only gadgets ending in `jmp` are identified (of which there are many like any ROP gadget, due to variable x86 instruction encoding and execution on unaligned addresses.) Rather than using `ret` and `esp` to drive control flow, instead sequences that end with `jmp` fly into an overall 'dispatcher gadget' which will redirect execution through a dispatch table. When a gadget is done and `jmp`s away, it jmp's back to the dispatcher - it being a special type of gadget itself - which then itself does an indirect jump into a dispatch table. Dispatch table pointers in effect point back into other gadgets, and the cycle continues, thus chaining JOP based gadgets in a similar manner to ROP based gadgets - just with another level of indirection.
1
Add a comment...

Austin Seipp

Shared publicly  - 
 
I want +Rebecca Seipp to be reminded that she gets to be the elite, and only member, of my family circle. Also: you were late to the + party it seems (which is unusual!)

And apparently, you can't post something on someone elses' G+ profile it seems, so I have to do this to get the attention of others. Is this something that merely hasn't been implemented yet? Either way I need to think more about how to use G+ and the communication model it brings.

EDIT: I suppose I could have just made this shared only to a 'Family' circle, but that seems to have little direction in who I'm talking to, generally speaking - circles are a one-to-many relationship it seems, and I'm not gonna create one for ever individual I want to directly communicate with.
1
Rebecca Seipp's profile photoMichael Brumlow's profile photo
2 comments
 
+Austin Seipp you are the elite and only member of my family circle as well - love you! Call me Wednesday evening :) As for the being late, I've been busy and if you had sent me an invite I would have gotten on sooner...just sayin...
Add a comment...

Austin Seipp

Shared publicly  - 
 
Randall Munroe originally shared:
 
I know I have strong opinions on this subject, so I'll try (but probably fail) to keep this relatively brief. I promise to go back to frog photos after this.

Google+ forces you to have a public gender in your profile (although it can be 'Other'). I know they have reasons for this, but I don't think they're good enough.

Many women grow up with a sense of physical vulnerability that's hard for men to appreciate. Our culture's relentless treatment of women as objects teaches them that they are defined by the one thing that men around them want from them—men who are usually bigger, stronger, and (like any human) occasionally crazy. This feeling—often confirmed by actual experiences of harassment and assault—can lead, understandably, to a lifetime of low-level wariness and sense of vulnerability that men have trouble appreciating. A male designer building an interface should try to keep in mind that there are reasons a female user might feel uncomfortable being told she has to broadcast her gender. Sure, someone's gender is usually obvious from their name, but there's no need to force people to draw extra attention to it—introducing myself with "Hi, I'm Randall." sends a different message from "Hi, I'm Randall, and I'm a MAN."

I don't think making this option mandatory is a significant cause of the major Google+ early-adopter gender split, but if you're worried about how few female users your project has, marginalizing their potential worries on your introductory screen doesn't seem very bright.

There are reasons Google+ might want your gender. For one thing, the interface may need to use pronouns, and in some languages there's no way to avoid this. We have a chat-bot in the #xkcd IRC channel which serves as a repository of user nonsense. At some point, we decided to program in the ability to use pronouns, and it was surprisingly complicated:

http://wiki.xkcd.com/irc/Bucket_Gender

Now, I went out of my way to support the various options for referral that users asked for (although I drew the line at recently-invented pronouns like "xir"). But even covering the basics in English is tricky, and the situation gets more so in languages like Hebrew. (It looks like Google+ punts on that issue by making all "other" users male in all languages, which is a can of worms in itself.) Yet none of the linguistic issues mean you have to make gender a broadcasted part of the user's profile.

They also (obviously) want to know more about you so they can serve ads; advertisers care about gender. But again, that's no reason to make gender public.

The "other" option is nice, but I don't really feel comfortable setting my gender as "other". There are a huge number of people whose gender is actually best-described as "other", and they come in astonishing variety, even if you set aside the issue of social gender and just ask about biology. This article has a fascinating list of eleven particularly tricky situations that lead to someone having no easy-to-agree-on biological sex:

http://linuxmafia.com/faq/Essays/marriage.html

There are quite a few people who are accurately described by an "other" option, and when they're sometimes struggling for recognition, co-opting their label for anyone who doesn't want to broadcast their gender seems a little off-putting.

The bottom line is that there are a lot of reasons Google+ would want to ask about your gender. But there's no good reason to pointedly make it the only thing in your profile that can't be private—and many reasons not to, starting with basic courtesy. It may be a small issue in the grand scheme of things, but I think it's worth getting right.

(P.S. I know I post a lot about interface quibbles and feature suggestions—and I do use the feedback button heavily—but I don't want to give the impression I'm generally unhappy with Google+. Fundamentally, I really like this system, which makes me want to tweak things in this early-adopter period so it will be as well-designed as possible, so it will survive and be around for me to use for a long time.)
1
Add a comment...

Austin Seipp

Shared publicly  - 
 
SOMETHING SOMETHING GOOGLE PLUS
3
John Price's profile photo
 
+!
Add a comment...
Have him in circles
305 people
Joshua J. Drake's profile photo
Bill Sharar's profile photo
Chris Guevara's profile photo

Austin Seipp

Shared publicly  - 
2
Brian Winebarger's profile photoAndrew Moralez's profile photo
2 comments
 
i dont understand what just happened... sick.
Add a comment...

Austin Seipp

Shared publicly  - 
 
Elephants painting elephants. That's all.

Painting Elephant
2
John Price's profile photo
 
Yo, dog. I heard you like elephants...
Add a comment...
People
Have him in circles
305 people
Joshua J. Drake's profile photo
Bill Sharar's profile photo
Chris Guevara's profile photo
Work
Occupation
Hacker
Skills
Haskell, Compilers, Reverse Engineering, Awesomeness
Employment
  • Well-Typed LLP
    Haskell Consultant, 2013 - present
  • Rapid7
    Security Researcher, 2012 - 2013
  • BBS Technologies, R1Soft Division
    Software Developer, 2009 - 2011
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
Austin, TX
Previously
Houston, TX
Story
Tagline
I'm a programmer who likes Haskell and security.
Introduction
warblegharble
Bragging rights
Meatball eating master
Education
  • University of Houston
    Computer Science, 2008 - 2009
Basic Information
Gender
Male