stiefel @stiefel@chaos.social

my guess is actually, that the app uses a shared library, which gets downloaded from the backend. And I suspect this library is broken on my system, however if I install the older version of the app an older working version of the shared library is downloaded and the network-error is unrelated. Upon reinstalling (actually updating) to the newer version again, the older shared library is used and so everything is happy....at least I could reproduce my thinking after I cleared the data again :D

I think something is utterly and completely fucked in my taintdroid extension....

Install testapp v2.6.7 --> heap violation ==> crash
uninstall/clear data etc several times ==> still crash
Install testapp v2.4.0 --> no "network" provider ==> crash
Install testapp v2.6.7 (again) --> runs perfectly...

At this point I don't even ask anymore...

Man, this song is great... https://open.spotify.com/track/4RRNgDu0Mas7w3DUZm62Jk?si=LhVvksLwRHusmQrPOGOcaw

(Slap the Ghost by Misanthrop, Synergy)

Android app stores file encrypted with AES with a random pwd. pwd gets stored in shared_prefs which is an unprotected xml which belongs to the app

fuck my life!!! After fucking around with different versions of an app on my test phone, and constantly throwing "IllegalArgumentException: provider doesn't exisit: network" it turns out there is no network provider without a SIM...so I showed in an old long deactivated SIM, which still can't connect to shit, but now the app is happy....

the irony when the news app on my phone sends me a notification about an article how to put down my phone more often...

Einmal mit Profis arbeiten https://motherboard.vice.com/en_us/article/qvy9k7/facebook-hundreds-of-millions-user-passwords-plaintext-data-leak

https://youtu.be/1coEIN7safI

Richtig Gutes Zeug, but what did I just see?!

It took me a fucking hour to fing out why Latex replaced every space in a listing with "␣" between two quotes...damn `showstringspaces` is on by default...why would anybody need this? I basically would use listings for

A) be able to write the code in a sparate fileand actually use it
B) to be able encapsulate it from the normal text
and C) to be able to fucking copy-and-paste it into a file/terminal whatever and run it

but as it seems the my intention is just wrong...at least for C)

this is why you should commit as soon as your are done with the change, otherwise you have to write commit messages like this:

"change dmvCompilerTemplateEnd to dvmCompilerTemplateEnd and some other stuff I did 2 months ago I have no idea about"

> An Intel spokesperson got in touch with us and shared the following statement about Spoiler.
> “Intel received notice of this research, and we expect that software can be protected against such issues by employing side channel safe software development practices. This includes avoiding control flows that are dependent on the data of interest. [...]"

I like how Intel justifies the shit they built by saying stop using "jmp"-instruction, and you're gonna be fine. who needs loops and ifs anyways

A really good security measure against replay attacks is if you don't respect the specs you use. BLE says advertising package size should be less than 31 bytes? No probs just send out 46 and nobody can fake your devices, as their tools actually respect the specs and say take a big step back and go fuck yourself, you are sending to much data...

so I finally found out why I couldn't bring the app to connect. My raspberry only waits for connections, but these new apps look for advertisers. The real band ofc advertises it's presence and also sends metadata about itself. However this fucks with my original idea to just fake the services and see what data is sent there.... WAAAAAAAGH I'm never gonna be done with my thesis....