Profile cover photo
Profile photo
Austin Seipp
I'm a programmer who likes Haskell and security.
I'm a programmer who likes Haskell and security.

Austin's posts

Post has attachment
An interesting paper about a new class of payloads for use in exploit development: jump-oriented programming (JOP,) as contrasted with return-oriented programming (ROP):

This doesn't quite seem to be pivotal new work, and they cite another paper from last year (which I haven't gotten to yet):

For some background on ROP-based payloads, I believe the premier paper on the subject is this one, "The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)":

The fundamental idea (warning: x86 specific) is that instead of identifying gadgets which use `ret` to end the sequence (or something alternative like `pop; jmp`) and using the stack as a means of chaining gadgets and thus control flow, instead, only gadgets ending in `jmp` are identified (of which there are many like any ROP gadget, due to variable x86 instruction encoding and execution on unaligned addresses.) Rather than using `ret` and `esp` to drive control flow, instead sequences that end with `jmp` fly into an overall 'dispatcher gadget' which will redirect execution through a dispatch table. When a gadget is done and `jmp`s away, it jmp's back to the dispatcher - it being a special type of gadget itself - which then itself does an indirect jump into a dispatch table. Dispatch table pointers in effect point back into other gadgets, and the cycle continues, thus chaining JOP based gadgets in a similar manner to ROP based gadgets - just with another level of indirection.

Post has attachment

I want +Rebecca Seipp to be reminded that she gets to be the elite, and only member, of my family circle. Also: you were late to the + party it seems (which is unusual!)

And apparently, you can't post something on someone elses' G+ profile it seems, so I have to do this to get the attention of others. Is this something that merely hasn't been implemented yet? Either way I need to think more about how to use G+ and the communication model it brings.

EDIT: I suppose I could have just made this shared only to a 'Family' circle, but that seems to have little direction in who I'm talking to, generally speaking - circles are a one-to-many relationship it seems, and I'm not gonna create one for ever individual I want to directly communicate with.

Post has attachment
Elephants painting elephants. That's all.

Painting Elephant

Post has shared content
I know I have strong opinions on this subject, so I'll try (but probably fail) to keep this relatively brief. I promise to go back to frog photos after this.

Google+ forces you to have a public gender in your profile (although it can be 'Other'). I know they have reasons for this, but I don't think they're good enough.

Many women grow up with a sense of physical vulnerability that's hard for men to appreciate. Our culture's relentless treatment of women as objects teaches them that they are defined by the one thing that men around them want from them—men who are usually bigger, stronger, and (like any human) occasionally crazy. This feeling—often confirmed by actual experiences of harassment and assault—can lead, understandably, to a lifetime of low-level wariness and sense of vulnerability that men have trouble appreciating. A male designer building an interface should try to keep in mind that there are reasons a female user might feel uncomfortable being told she has to broadcast her gender. Sure, someone's gender is usually obvious from their name, but there's no need to force people to draw extra attention to it—introducing myself with "Hi, I'm Randall." sends a different message from "Hi, I'm Randall, and I'm a MAN."

I don't think making this option mandatory is a significant cause of the major Google+ early-adopter gender split, but if you're worried about how few female users your project has, marginalizing their potential worries on your introductory screen doesn't seem very bright.

There are reasons Google+ might want your gender. For one thing, the interface may need to use pronouns, and in some languages there's no way to avoid this. We have a chat-bot in the #xkcd IRC channel which serves as a repository of user nonsense. At some point, we decided to program in the ability to use pronouns, and it was surprisingly complicated:

Now, I went out of my way to support the various options for referral that users asked for (although I drew the line at recently-invented pronouns like "xir"). But even covering the basics in English is tricky, and the situation gets more so in languages like Hebrew. (It looks like Google+ punts on that issue by making all "other" users male in all languages, which is a can of worms in itself.) Yet none of the linguistic issues mean you have to make gender a broadcasted part of the user's profile.

They also (obviously) want to know more about you so they can serve ads; advertisers care about gender. But again, that's no reason to make gender public.

The "other" option is nice, but I don't really feel comfortable setting my gender as "other". There are a huge number of people whose gender is actually best-described as "other", and they come in astonishing variety, even if you set aside the issue of social gender and just ask about biology. This article has a fascinating list of eleven particularly tricky situations that lead to someone having no easy-to-agree-on biological sex:

There are quite a few people who are accurately described by an "other" option, and when they're sometimes struggling for recognition, co-opting their label for anyone who doesn't want to broadcast their gender seems a little off-putting.

The bottom line is that there are a lot of reasons Google+ would want to ask about your gender. But there's no good reason to pointedly make it the only thing in your profile that can't be private—and many reasons not to, starting with basic courtesy. It may be a small issue in the grand scheme of things, but I think it's worth getting right.

(P.S. I know I post a lot about interface quibbles and feature suggestions—and I do use the feedback button heavily—but I don't want to give the impression I'm generally unhappy with Google+. Fundamentally, I really like this system, which makes me want to tweak things in this early-adopter period so it will be as well-designed as possible, so it will survive and be around for me to use for a long time.)

Wait while more posts are being loaded