I think jj’s concept of being a front end for many backends and sharing a common UX over them is a good one, but without a pijul backend for existing tools I have a hard time seeing it catch on.

Take the PS5 for example. It has execute-only memory. Even if you find a bug, how do you exploit it if you can't read the executable text of your ROP/JOP target?

I'm a former Xbox hacker, then former Microsoft employee, and (long after) leaving Microsoft helped with the Collateral Damage post-exploitation payload.

The design of the Xbox One security predates me, but Microsoft has always known that SystemOS would be a weak link that would almost guaranteed to be compromised and shoved most of their attack surface that can be trivially attacked in there. The system shell, 3rd-party apps, guide, etc. all run in SystemOS.

The key things they focused on though were:

1. Extremely strong defense-in-depth

2. Making full or partial exploitation not economical

3rd party apps and the web browser were seen as being obviously untrusted _and_ needed JIT because they'd mostly be based on .NET or the JS VM. But practically speaking there should be nothing interesting in that VM: its compromise shouldn't enable piracy/cheating and ideally shouldn't leak game plaintext.

What some others found though was that for some reason plaintext was actually visible to SystemOS, but didn't enable piracy on console. You can take those games though and run them on PC using XWine1: https://github.com/xwine1

Technically speaking there's no reason why Collateral Damage couldn't have happened waayyyyy earlier in the Xbox One's lifecycle except for motivation. Even still you could probably take some Hyper-V N-day and compromise HostOS through.

Over there years there have been other "exploits" too: some folks have managed to tamper with gamesaves via cloud connected storage and other shenanigans, XSS in the system shell (some of these apps are JS), etc., but most of this was relatively benign and easily patchable. And there has been a very, very small group of people with similar but less capable exploits to Collat.

Collat allowed compromise of plaintext.

Bliss breaks everything :)

https://www.reddit.com/r/ClaudeAI/comments/1s7mkn3/psa_claud...

Working with this is pretty painful, so I convert the Pickled structure to other formats including JSON.

The file has always been prettified around ~500MB but as of recently expands to about 3GB I think because they’ve added extra regional parameters.

The file inflates to a large size because Pickle refcounts objects for deduping, whereas obviously that’s lost in JSON.

I care about speed and tools not choking on the large inputs so I use jaq for querying and instruction LLMs operating on the data to do the same.

I think it was tuxuser, Torus, and Billy(?) who accomplished that. Hopefully not forgetting anyone critical.

I didn't ask but Emma -- who wrote the kernel-mode exploit -- and I would probably agree that Collat is not really what we would consider a proper hack of the console since it didn't compromise HostOS. Neither of us really expected game plaintext to be accessible from SRA mode though.

Sounds like a good opportunity for differential fuzzing!

If you for some reason do need one, it's important to know when you put a modern iPhone in airplane mode it disables cellular but leaves WiFi/Bluetooth enabled. When you disable WiFi/Bluetooth it just disconnects from the devices for a day, but doesn't actually fully disable these fully. You can verify by going into the settings app and seeing that the radios are still toggled on.

And even if you do _that_, I have no idea how the software actually disables the hardware, but it may not physically power off the chip.

When you say the Xbox game bar accounts for it, do you mean video or still images? I've had HDR disabled for some time but I remember win+shift+s on Windows 11 capturing over-exposed screenshots when playing videogames.

AFAIK iOS does not offer anything similar.

I ran tests for a codebase at work through Miri a while ago and found a couple of distinct classes of UB: https://github.com/rust-lang/miri/issues/1807#issuecomment-8...

These can be summarized as:

1. Converting a reference to the first field of a struct to a pointer of its parents struct type

2. Functions with signature (&self) -> &mut self_inner_field_type

3. Having a mut pointer to the data inside of a Box

#1 and #3 were somewhat surprising to me. #2 seems to be common enough that there's even a clippy lint for it.

A lot of C and C++ developers understand that undefined behavior is bad, but in practice observe its impact less. From my own experience, Rust's optimizations are pretty aggressive and tend to surface UB in way more observable ways than in C or C++.

Do you mean by mimicking the noises themselves?

The optical communication for the Miele was pretty interesting too. I'm assuming it's to prevent moisture from corroding a port of some kind. Does anyone know of other devices this is used in or other benefits to this?