Ellen Emilia Anna Zscheile fogti

This document explains how I would implement an SSA-based compiler if I was writing one today.

This document is intentionally opinionated. It just tells you how I would do it. This document is intended for anyone who has read about SSA and understands the concept, but is confused about how exactly to put it into practice. If you're that person, then I'm here to show you a way to do it that works well for me. If you're looking for a review of other ways to do it, I recommend this post.

My approach works well when implementing the compiler in any language that easily permits cyclic mutable data structures. I know from experience that it'll work great in C++, C#, or Java. The memory management of this approach is simple (and I'll explain it), so you won't have to stress about use after frees.

I like my approach because it leads to an ergonomic API by minimizing the amount of special cases you have to worry about. Most of the compiler is analyses and transformations ov

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Update: I've disabled comments as of 2025-01-26 to avoid everyone having notifications for something a year on if someone wants to suggest a correction. Folks are free to email to suggest corrections still, of course.

Background

I've commented a few times about some issues I see with the scalability of ActivityPub - the protocol behind the Fediverse and its best-known implementation Mastodon. A couple of folks have asked for more elaboration, so ... here it is.

First, let me add some disclaimers and warnings. I haven't devoted a lot of time to looking at ActivityPub, so there might be some things I've misunderstood about it. On the other hand, I've brought bigger systems - similar node counts and orders of magnitude more activity per node - from broken to working well based on less study of the protocols involved. So if you want to correct particular misconceptions, that's great. Thank you in advance. If you want to turn this into an appeal to authority and say that I'm wrong only because I haven't developed a full ActivityPub implementation or worked on it for X years ... GTFO.

What

What is ActivityPub? It's an HTTP- and JSON-based protocol for exchanging information about "activities". An activity could be many things.

	data Simplex : List a -> List a -> List a -> Type where
	Z : Simplex [] ys ys
	S : Simplex xs ys zs -> Simplex (x :: xs) ys (x :: zs)

	data Ty : Type where
	Unit : Ty
	Prod : Ty -> Ty -> Ty
	Sum : Ty -> Ty -> Ty
	Hom : Ty -> Ty -> Ty

	(* This module, [S], defines a very minimal syntax tree that we are going to try to
	convert into A-normal form (ANF). ANF is an intermediate form that makes control flow
	explicit and lifts intermediate values into named variables. We are going to start with
	a very basic lowering algorithm and gradually refine it until it is robust. *)

	module S = struct
	type name = string [@@deriving show]
	type t =
	\| Var of name
	\| Int of int

	"""
	31-round sha256 collision.

	Not my research, just a PoC script I put together with numbers plugged in from the slide at
	https://twitter.com/jedisct1/status/1772647350554464448 from FSE2024

	SHA256 impl follows FIPS 180-4
	https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
	"""

	from mastodon import Mastodon

	# Create an application, and fill in these parameters with that.
	# You should at least have the following permissions;
	# - read
	# - admin:read
	# - admin:read:accounts
	# - admin:write
	# - admin:write:accounts
	mastodon = Mastodon(

	#/!/bin/bash

	# Dependency: jq & curl
	# env vars:
	# GITHUB_USER
	# FORGEJO_USER
	# FORGEJO_TOKEN (password or api token)
	# FORGEGO_URL

	curl https://api.github.com/users/$GITHUB_USER/starred\?per_page\=100\&page\=1 \

	// a very minimal instruction set.
	// it has just enough operations to implement a recursive
	// fibonacci function - what a coincidence :D
	// NOTE: in my VM, i don't use an `enum`.
	// this is just for simplicity.
	#[derive(Clone, Copy, Debug)]
	enum Instruction {
	LoadInt { dst: u8, value: i16 },
	Copy { dst: u8, src: u8 },
	Add { dst: u8, src1: u8, src2: u8 },