Hacker News: bkallus

How cross-thread double free detection could work in glibc malloc

bkallus — Sun, 22 Mar 2026 17:29:34 +0000

Article URL: https://kallus.org/blog_tcache_key.html

Comments URL: https://news.ycombinator.com/item?id=47479898

Points: 3

# Comments: 0

New comment by bkallus in "Advent of Compiler Optimisations 2025"

bkallus — Tue, 02 Dec 2025 16:22:28 +0000

I hope he ends up covering integer division by constants. The chapter on this in Hacker's Delight is really good but a little dense for casual readers.

New comment by bkallus in "Ask HN: What Are You Working On? (Nov 2025)"

bkallus — Mon, 10 Nov 2025 04:37:58 +0000

ABISan. Think of it like UBSan, but for assembly.

It's a custom assembler built on top of the LLVM assembler (llvm-mc) that emits instrumentation code to catch ABI violations at runtime. Stuff like clobbering nonvolatile registers, misaligning the stack pointer, misusing the redzone, assuming volatile registers don't change across a function call, etc.

Hoping to finish up basic x86_64 support within the next few days. I can now reliably assemble and run unoptimized gcc output without hitting false positives, but I still have to iron out some false positives triggered by OpenSSL's handwritten assembly routines.

TODO items for the near future include porting the runtime support library into a kernel module so I can instrument Linux, and beginning ports other architectures (ideally something semi-obscure like POWER or RISC-V). I also need to figure out how to support dynamic linking, because the tool currently needs static linking to access its thread-local variables.

https://github.com/kenballus/llvm-project/tree/abisan/llvm/t...

Bash Username $PS1 Command Injection

bkallus — Mon, 01 Sep 2025 18:10:51 +0000

Article URL: https://kallus.org/blog_bash_username_ps1_command_injection.html

Comments URL: https://news.ycombinator.com/item?id=45095134

Points: 2

# Comments: 1

x86_64 Syscall Numbers Go Where?

bkallus — Mon, 01 Sep 2025 17:12:09 +0000

Article URL: https://kallus.org/blog_x86_64_syscall_numbers.html

Comments URL: https://news.ycombinator.com/item?id=45094562

Points: 3

# Comments: 0

New comment by bkallus in "One Third of the Web Will Stop Working in 4 Days"

bkallus — Sun, 03 Aug 2025 14:47:18 +0000

Cache poisoning is also possible.

See https://youtu.be/aKPAX00ft5s?feature=shared&t=8730 for a relevant demo.

You can also (in principle) steal responses intended for other clients, and control responses that get delivered to other clients.

New comment by bkallus in "One Third of the Web Will Stop Working in 4 Days"

bkallus — Sun, 03 Aug 2025 14:37:37 +0000

I have been working on this :)

https://github.com/narfindustries/http-garden

New comment by bkallus in "VSCode’s SSH agent is bananas"

bkallus — Sun, 09 Feb 2025 14:05:19 +0000

We encourage students to use their own machines. We even loan out old ThinkPads and MacBooks for students to run Linux on. Very few (3-5 per term) take us up on this offer. Most of our students would rather we do the sysadmin stuff for them.

The only requirement is that the code needs to run on our server, which they can easily check before submission.

New comment by bkallus in "VSCode’s SSH agent is bananas"

bkallus — Sat, 08 Feb 2025 20:47:25 +0000

Learning to use a real SSH client is part of the curriculum. If they graduate without this knowledge, we have failed as teachers.

New comment by bkallus in "VSCode’s SSH agent is bananas"

bkallus — Sat, 08 Feb 2025 14:05:36 +0000

I too have these fond memories, and I enjoy passing it on to the next generation :)

New comment by bkallus in "VSCode’s SSH agent is bananas"

bkallus — Sat, 08 Feb 2025 14:04:10 +0000

SSH is a fundamental protocol. If students can get through our program without learning what SSH is and how to use it, that's a problem.

New comment by bkallus in "VSCode’s SSH agent is bananas"

bkallus — Sat, 08 Feb 2025 03:57:27 +0000

I ran the servers for our networks, binary exploitation, and intro systems programming classes, and this thing is a major annoyance. It is because of this stupid RAT that students do not understand how to use the OpenSSH client.

I've tried a few things to fix this: 1., I set a motd on our class servers asking the students not to use the VSCode remote server plugin. 2. I ran `ncdu /home` in front of the class and demonstrated how, without exception, everyone with >100MB of disk usage on the class server was a VSCode user. 3. I set a user process limit of 45, because the VSCode RAT (somehow) uses ~50 Node processes. When students inevitably ignored the motd and the in-class warning, they hit the process cap and had to ask us to kill their processes in order to get back onto the system. 4. I replaced the process limit with a script that kills all the .vscode-server RATs every 10 seconds.

New comment by bkallus in "Show HN: Heap Explorer"

bkallus — Thu, 06 Feb 2025 22:26:20 +0000

I went with SIGINT because it's more fun to press ctrl-c than to pgrep and kill. If you'd rather use SIGUSR1, just change SIGINT to SIGUSR1 line 654.

Show HN: Heap Explorer

bkallus — Thu, 06 Feb 2025 04:54:18 +0000

I wrote a little LD_PRELOAD library that makes it easy to inspect and interact with a running program's glibc heap.

It's fun to pause processes, free a bunch of their allocations, then resume them. Most of the time, the processes continue as though nothing happened, but sometimes they do interesting things :)

Comments URL: https://news.ycombinator.com/item?id=42959226

Points: 73

# Comments: 5

New comment by bkallus in "Increasing Google and Alphabet VRP rewards"

bkallus — Sat, 13 Jul 2024 18:56:21 +0000

My experience participating in Google's program has been pretty good. The reward money is a nice supplement to my grad student stipend. I got a free trip to DEFCON out of it, too.

New comment by bkallus in "Ask HN: Where to sell vintage computers?"

bkallus — Thu, 04 Jul 2024 14:38:44 +0000

Search for local tech-oriented flea markets. If you're in the Boston area, this is a good one: https://w1mx.mit.edu/flea-at-mit/

New comment by bkallus in "Hello World"

bkallus — Mon, 08 Apr 2024 20:21:32 +0000

This almost entirely skips the role of the dynamic linker, which is arguably the true entry point of the program.

If you are interested in that argument, see https://gist.github.com/kenballus/c7eff5db56aa8e4810d39021b2....

New comment by bkallus in "Nintendo is suing the creators of Switch emulator Yuzu"

bkallus — Wed, 28 Feb 2024 03:36:24 +0000

Yuzu is free software, so its source code is already available: https://github.com/yuzu-emu/yuzu

New comment by bkallus in "Freenginx: Core Nginx developer announces fork"

bkallus — Wed, 14 Feb 2024 20:38:31 +0000

I'm pretty sure that AVI just wraps Nginx, even though they claim otherwise.

I think this because Nginx has a bunch of parsing quirks that are shared with AVI and nothing else.

Freenginx: Core Nginx developer announces fork

bkallus — Wed, 14 Feb 2024 18:29:40 +0000

Article URL: https://mailman.nginx.org/pipermail/nginx-devel/2024-February/K5IC6VYO2PB7N4HRP2FUQIBIBCGP4WAU.html

Comments URL: https://news.ycombinator.com/item?id=39373327

Points: 1131

# Comments: 475