Foxwren Optimisation

Foxwren Optimisation
Just shy of a month ago I started work on a WebAssembly interpreter written in Zig. With this commit I have all but a few baseline spec testsuite tests passing. Part of the reason was purely to learn how WebAssembly works, and in that respect the peformance of the interpreter was a secondary concern. However, I would like to see if I can at least take care of some low-hanging optimisations.
Read more →

Dev diary #2

Today I managed to fix 3 issues. Issues: weston-subsurfaces was leaking regions. This was apparent from rapidly resizing the window. cheese was leaking…something. Apparent from the object IDs always increasing. gedit would display a subsurface and when the subsurface was dismissed the window would stop responding. I had realised there was an in issue with weston-subsurfaces. Namely, one of the subsurfaces would, briefly, not be in the correct set_position.
Read more →

devDiary.init()

This is the first installment of my Wayland compositor dev diary. How I got here? Back in late 2016 I started work on a Wayland compositor written in Common Lisp. I got to the point where I had SDL and DRM backends, but I ran into a performance issue that I struggled to deal with and, in early 2017, with starting a new job in software development my motivation to work on the compositor waned.
Read more →

Micro-CMS v2 CTF revisited

I was curious about other solutions to Micro-CMS v2 and realised I can speed up extracting the information from the database because we don’t actually need to use SLEEP. The (obvious) insight is that we can get rid of the trailing ' by ending our injected string with #. That means we can reuse the logic from the previous flag where we UNION a password we supply and also include that password as the password parameter.
Read more →

Micro-CMS v2 CTF

Update: I’ve realised I don’t necessarily need SLEEP I have been trying my hand at the Hacker101 CTF challenges. On Micro-CMS v2 I had successfully extracted Flag 1 using SQL injection but was struggling with Flag 2 with the hints not really helping me out. In search of further hints I came across this write up. Important to note on this problem is that the server is returning the error messages back to the client and so makes the SQL injection for Flag 1 relatively easy to work out.
Read more →