#DailyStandup

Yesterday:
- Slept 'til 3pm
- #fuzzer found an issue with the gi-docgen blockparser (hence the #Unicode toots)
- Read Umorpha's mission+values doc
- put the LED in my lightsaber that I drilled the hole for in May
- SIM for #SignalApp testing came, so used it to play w/ my #Librem5

Today
- Donut's bday! 🐱😍🎂
- fixed the blockparser
- meet w/ Umorpha
- put #OpenWrt on router for mom
- put new HDDs in the #Parabola build server (assuming they arrive)
- so many emails

Concerns
- idk

#AST #fuzzer in our #CI learns #lisp https://pastila.nl/?ffffffff/3917a07928a5eba7cb8f81d71420eeb7

I'm super proud of my student @lremes who just defended his Bachelor's Thesis. It's a distributed #fuzzer, Hopper, and he got it running with up to 240 distributed process on #CloudLab. It's been great working with him for the last few years.

We'll get his thesis posted soon, but Hopper is already up on github: https://github.com/Cybergenik/hopper

Awesome #slide deck by @eknoes for his talk at @HIP22 "No #Fuzzer has been there yet: Finding #Bugs in #Linux #Wireless Stacks"

https://pretalx.c3voc.de/hip-berlin-2022/talk/A3ULZV/

Guter und verständlicher Vortrag von Sönke Huster über #Bugs in #Linux #Kernel #WiFi Stacks. Kann man sich später nochmal in den Recordings ansehen.

"Finding Bugs in Linux Wireless Stacks"

#jev22 #hip22 #37c3 #ccc #Wireless #Fuzzing #Fuzzer

https://www.heise.de/news/Schwachstelle-im-Linux-Kernel-ermoeglicht-Codeschmuggel-im-WLAN-7309762.html

Of all the super nuts things I have seen with #ChatGPT, this is the most superly nuts-est, and I am seriously interested in what others think is going on here.

ChatGPT claims to have run my student Luciano's #distributed #fuzzer. It claims to have *found a specific bug* in libpng, which we know is real. And it *suggested stuff to add to his README*.

The crazy thing about the bug it claims to have found is that this is the *same* bug Luciano found by actually running the fuzzer. That bug *is* in a CVE, but there is not anything up on the web indicating that *this* fuzzer can find *this* bug. ChatGPT even produces a nice summary of the bug (probably taken from the CVE).

So what's probably going on here? Did it actually run this fuzzer, interpret the crashes it found, and successfully connect them to a CVE? Seems amazing if true, but highly unlikely. Or did it find some other way to (correctly) guess what bug would be found? More plausible, but still pretty wild.

And it clearly did actually go through the github repo, which has only been online a few weeks, since it suggested expanding the README with stuff that is only in the library.

This is wild.

https://twitter.com/cybergenik/status/1601868158297833473

Fun Fact: in the original draft of FitM, our stateful snapshot fuzzing paper, we constantly claimed our fuzzer would reach deeper states

We didn't know there was another meaning for deep state ...

Naming is hard. (with @Liikt and others)

#fuzzer

https://github.com/fgsect/FitM

Ghostscript released a new PDF parser in summer - written in C, because it is faster and "safer" ... well we fuzzed it for a month and found 25 non-duplicate heap and stack corruptions and reported them (and which were missed by oss-fuzz) ... #fuzzing #fuzzer #afl