profile
viewpoint

guyhughes/scsprof 2

freenode#hack.carleton

hack-carleton/hack-carleton.github.io 1

hack.carleton website. NOTE: This repository will likely be renamed!

hallewhittaker/git2csv 1

Config files for my GitHub profile.

Manouchehri/7-Zip-zstd 0

7-Zip with support for Brotli, Lizard, LZ4, LZ5 and Zstandard

Manouchehri/8021Xpy 0

Script for doing 802.1X authentication

Manouchehri/8051dis 0

Small, simple, non-processor-tied 8051 disassembler

Manouchehri/activity_klog 0

Ccollection of Linux loadable kernel modules aimed to logs any user action

Manouchehri/aesrandom 0

(Incomplete project, currently in development.) /dev/aesrandom is a fast PRNG

issue commentjpleasu/ghidraal

Native Image?

Thank you! I had a feeling you had already thought about it, figured it'd save time to ask you first.

Manouchehri

comment created time in 8 days

issue openedjpleasu/ghidraal

Native Image?

I see that you're installing native-image, but I don't see it being used in the build itself. Have you done any experimenting with native-image Ghidra builds yet? =)

https://github.com/jpleasu/ghidraal/blob/6e9a206f4018a8134ba45ba686b37c4f7f7d72b7/env.sh#L79

Have you attempted to use this plugin? https://graalvm.github.io/native-build-tools/latest/gradle-plugin.html

Thanks!

created time in 9 days

startedresidentsummer/watoi

started time in 10 days

startedmozilla/DeepSpeech

started time in 11 days

startedjpleasu/ghidraal

started time in 11 days

startedjpleasu/ghidraal

started time in 11 days

startedjaegertracing/jaeger

started time in 12 days

startedSteeBono/airplayreceiver

started time in 12 days

startedmikebrady/shairport-sync

started time in 12 days

startedopenairplay/airplay2-receiver

started time in 12 days

startedopenairplay/goplay2

started time in 12 days

startedFD-/RPiPlay

started time in 12 days

startedxorhex/mlget

started time in 13 days

issue commentgithub/codeql-cli-binaries

Apple Silicon M1 / Linux aarch64 releases?

This could certainly be an option to resolve our CI issue, thanks for bringing it to our attention.

In theory you can also run Linux natively on the M1, but it's an uphill battle. I would just use Docker on the M1, since they already have a ton of developers focusing on supporting that workflow.

The other issue is that as I understand things, in most Linux ARM64 systems there is no Rosetta-style emulator, so all the code has to be aarch64.

binfmt_misc / qemu-user-binfmt is basically the Linux version of Rosetta 2. That said, using binfmt_misc in containers might not be ideal depending on your CI/CD setup (binfmt_misc is a "host" kernel feature, not something that unprivileged containers can adjust afaik), so I'd guess that manually using qemu-x86_64 in your scripts would be the preferable solution.

The nice thing is if you go with QEMU user mode and eventually start to ship more aarch64 native binaries, you/CodeQL developers can also run qemu-aarch64 on your x86_64 laptops for quick local tests.

https://ownyourbits.com/2018/06/13/transparently-running-binaries-from-any-architecture-in-linux-with-qemu-and-binfmt_misc/ https://azeria-labs.com/arm-on-x86-qemu-user/

It's certainly on our radar, but not currently something we can commit to any release date for as we have not yet decided when we will be able to dedicate resources to this.

No problem, I'm not in a rush.

Still, thank you for expressing an interest in this part of our work! Knowing there's users out there who would benefit from this is definitely helpful in deciding how to prioritise it.

Heck, I find the work interesting enough that I applied for a position at Semmle a couple years ago. =P

Manouchehri

comment created time in 13 days

startedutmapp/UTM

started time in 13 days

issue openedNVISOsecurity/MagiskTrustUserCerts

Patching libssl.so?

Thanks for open sourcing this! Quite handy to have this module.

Have you considered patching libssl.so as well, to allow any certificate to be accepted? I currently do this with Frida (per app), but something system-wide would be more convenient.

created time in 13 days

issue commentgithub/codeql-cli-binaries

Apple Silicon M1 / Linux aarch64 releases?

Thank you for the information!

Rosetta will still be required as some parts of the CodeQL engine that run outside Java will still not be natively-compiled. However, query compilation and evaluation (which are the two performance-critical parts of our code), will now be running natively which should give a reasonable performance boost.

I haven't done any in-depth profiling, but it appears that for my build targets, the most time in spent in the JDK. So this should help a ton. =)

We do not currently have plans to ship a native JDK for Linux aarch64. The problem here is that we do not have any CI infrastructure with this architecture, so we cannot adequately test things as we would need to in order to officially support this.

Could you use Docker for Apple Silicon? That's my plan. https://docs.docker.com/desktop/mac/apple-silicon/

If you do go ahead with the second option, I note that while we do not officially support that setup I'd be very interested to hear how you get along and may be able to offer some debugging advice if anything doesn't work.

I'll let you know if I do try it out. Figured it made more sense to ask first before I end up redoing some of the (better) work that the CodeQL team has planned.

Manouchehri

comment created time in 13 days

startedNVISOsecurity/MagiskTrustUserCerts

started time in 13 days

issue commentMagisk-Modules-Repo/movecert

Installation failed

Same issue here. =(

aking186

comment created time in 14 days

pull request commentmicrosoft/codeql-container

Clone the repo that matches the cli tools.

No problem. I think my main issue was fixed in 7de62934385e6598cbe4e837bf8d79c3242d34e4. (Doesn't matter, just leaving this as a note for myself.)

Manouchehri

comment created time in 14 days

issue commentongov/OpenVerify

Could you *not* crush Git history?

@spncrd If you're willing to try to use it, I can add that feature for you if it doesn't exist (the docs aren't 100% clear). =)

Manouchehri

comment created time in 15 days

issue openedgithub/codeql-cli-binaries

Apple Silicon M1 / Linux aarch64 releases?

Is there any internal work going on to support native Apple Silicon binaries, instead of running Java under Rosetta 2? (Given that some stages of CodeQL are single threaded bound, the M1 Max will probably be the "best" CPU for many of us, especially when a new Mac Mini and/or Mac Pro comes out.)

Linux aarch64 binaries would be very useful too (for my use-case, actually more useful than native Apple Silicon).

Related #89.

created time in 15 days

startedwkeeling/selenium-wire

started time in 15 days

issue commentthe-commons-project/vci-directory

Ontario's server blocking other VCI members

I can confirm 100% that https://prd.pkey.dhdp.ontariohealth.ca/.well-known/jwks.json is being blocked from the Cayman Islands. I attempted to connect over ASN36549 (WestTel Ltd.) and ASN30689 (Flow), both are denied access.

image

image

Manouchehri

comment created time in 15 days

issue commentthe-commons-project/vci-directory

VCI directory missing issuers allowed by Commons project verifier android app

@modest Thanks for doing all the initial research. Have you done any further reverse engineering of the closed source app? Would be interesting to know the findings. =)

laurencebgood

comment created time in 15 days

issue commentongov/OpenVerify

Adding new health authority public keys to OpenVerify?

In light of https://github.com/the-commons-project/vci-directory/issues/30, I think this would resolve a lot of issues. =)

Manouchehri

comment created time in 15 days

issue commentongov/OpenVerify

Is Ontario joining the CommonTrust Network?

@edwardjcruz @spncrd Could you please address https://github.com/the-commons-project/vci-directory/issues/365? You appear to be violating VCI directory agreement already..

Manouchehri

comment created time in 15 days

pull request commentthe-commons-project/vci-directory

add Government of Ontario

@edwardjcruz @spncrd Could you please address https://github.com/the-commons-project/vci-directory/issues/365? Thanks.

edwardjcruz

comment created time in 15 days

issue openedthe-commons-project/vci-directory

Ontario's server blocking other VCI members

After https://github.com/the-commons-project/vci-directory/pull/358 was merged, I realized that they are blocking the entire Cayman Islands (which is even a CommonTrust member). This is in direct violation of rule 7 in the VCI directory agreement. https://github.com/the-commons-project/vci-directory/blob/main/VCI%20Directory%20Agreement.pdf

@edwardjcruz @spncrd Could you please remove all the country blocks you have on Amazon CloudFront immediately? Both https://prd.pkey.dhdp.ontariohealth.ca/ and https://covid19.ontariohealth.ca/ being blocked.

image

403 ERROR
The request could not be satisfied.
The Amazon CloudFront distribution is configured to block access from your country. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
Generated by cloudfront (CloudFront)
Request ID: ibRurI4C4vMndE9-SGIBXrQ-spVQ34C-HbS-zmFsxb_gk89AXBnEBg==

created time in 15 days

more