If you read the article, the OP points out that static analysis for this platform is not supported in Ghidra.
Also, reading between the lines, I think it's safe to assume the author did dump the flash.
> Using the strings command on the firmware dump reveals a lot of interesting details about the webserver itself, but nothing obvious hints us to the password.
The author is referring to limitations in analysing banking:
> Ghidra supports the 8051 architecture but not code banking.
Usually in these ISAs an I/O port or a register sets the bank number, so any processor module should be able to resolve concrete banked references. But you still need to know what that register holds in various code paths, which are likely dynamically computing those values.
No tooling can give this out-of-the-box, as it relies on knowing the concrete initial state of the system (i.e. memory and register contents), and knowing what to return when hooking into I/O accesses.
Once these are known, we can leverage the built-in pcode emulator and run it with this state. It seems nowadays Ghidra has some built-in support for Z3, but I personally never used it, so I'm not sure how viable it is for symbolic execution. Regardless, with either approach, we would now have concrete banked code references being resolved, and could script some auto annotation of the disassembly with these references. These would be equivalent to what the author gathered from the logic analyzer trace.
A pure static analysis approach seems to suggest one would manually brute-force through all possible bank numbers at any given code path, which I guess is only viable if you have the time for that.
> We shall not search for embryo great artists, painters, musicians. Nor will we cherish even the humbler ambition to raise up from among them lawyers, doctors, preachers, politicians, statesmen, of whom we now have ample supply. We are to follow the admonitions of the good apostle, who said, ''Mind not high things, but condescend to men of low degree." And generally, with respect to these high things, all that we shall try to do is just to create presently about these country homes an atmosphere and conditions such, that, if by chance a child of genius should spring up from the soil, that genius will surely bud and not be blighted.
It's almost like you're using a deliberately malicious selective quote that completely changes what the author is trying to say.
Author is a quack. There is deliberate mis-quoting in the article that completely warps the source material.
From their quoted section:
> We shall not try to make these people or any of their children into philosophers or men of learning or of science. We are not to raise up from among them authors, orators, poets, or men of letters. We shall not search for embr}-o great artists, painters, musicians. Nor will we cherish even the humbler ambition to raise up from among them lawyers, doctors, preachers, politicians, statesmen, of whom we now have ample supply.
And then the removed section, which effectively negates the (facial) point of the previous statement:
> We are to follow the admonitions of the good apostle, who said, ''Mind not high things, but condescend to men of low degree." And generally, with respect to these high things, all that we shall try to do is just to create presently about these country homes an atmosphere and conditions such, that, if by chance a child of genius should spring up from the soil, that genius will surely bud and not be blighted.
This is a really, REALLY common quote (with the latter part deliberately omitted) in lots of places complaining about the way the US education system works, as well as antigovernment movement people.
I certainly will not claim the US education system isn't broken, but using such a deliberate, malicious out-of-context quote casts a pall over anything else the author has to say, particularly given it's long, storied history in antigovernment propaganda.
I would definitely recommend that everyone read it.
They were dealing with some very big problems at the time (such as rampant disease), and were seeking ways to improve America's primitive and ad-hoc education system.
Did it work? It certainly missed the mark in a number of ways, but overall it's a damn sight better than it was!
Here's another quote from the same text:
As for the school house, we cannot now even plan the building, or rather, group of buildings. Quite likely we would not recognize the future group if the plan were put before us to-day, so different will it be from the traditional school house. For of one thing we may be sure : Our schools will no longer resemble, in their methods and their discipline, institutions of penal servitude. They will not be, as now, places of forced confinement, accompanied by physical and mental torture during six hours of the day. Straitjackets, now called educational, will no longer thwart and stifle the physical and mental activities of the child. We shall, on the contrary, take the child from the hand of God, the crown and glory of His creative work, by Him pronounced good, and by Jesus blessed. We shall seize the restless activities of his body and mind and, instead of repressing them, we shall stimulate those activities, as the natural forces of growth in action. We shall seek to learn the instincts of the child and reverently to follow and obey them as guides in his development; for those instincts are the Voice of God within him, teaching us the direction of his unfolding. We will harness the natural activities of the child to his natural aspirations, and guide and help him in their realization. The child naturally wishes to do the things that adults do, and therefore the operations of adult life form the imitative plays of the child. The child lives in a dreamland, full of glowing hopes of the future, and seeks anticipatively to live to-day the life of his manhood.
So we will organize our children into a little community and teach them to do in a perfect way the things their fathers and mothers are doing in an imperfect way, in the home, in the shop, on the farm. We shall train the child for the life before him by methods which reach the perfection of their adaptation only when the child shall not be able to distinguish between the pleasures of his school work and the pleasures of bis play.
Basically anything that consumes solar power incorporates what's called a "MPPT", or maximum power point tracker.
Basically, it's a smart DC-DC converter that continually tracks the voltage/current output of a solar panel and adjusts the load to extract the maximum available power from the panel.
It's not uncommon to have issues with extremely high panel voltages in snowy climates, when they're first illuminated in the morning. If you are close to the maximum voltage your MPPT charger can handle in normal circumstances, extreme cold can even damage things during the initial morning transient. You then have to do oddball things like use a crowbar system to prevent blowing up your MPPT system.
A.K.A. "The UK's stupid legislation is going to prevent anyone from using non-locally-hosted services, let's try to get in on the ground floor and have a position like amazon in the US."
> “Younger kids do not have the same work ethic,” says RM’s Morreau. The immediate satisfaction normalized by cell phones and social media is antithetical to the know-how required for fabricating, say, the burled walnut dashboard of a pre-war Rolls-Royce.
Oooooor, the pay is crap and the work environment is abusive.
Any time someone trots out the "kids don't have the same work ethic" argument, they can immediately be ignored. People have been literally saying that continuously since people have been around to write the complaint down, and it's been exactly as true then as it is now.
I wonder if those same people have ethic to pay their employee well? Then again, I do not think it is easy industry. But passion takes people only so far especially when receiving wages.
I would assume the interviewer messed up and forgot to declare it and if I just not pretend to assume it was "left out for brevity" I would fail the interview as a smart ass.
There are so many layers to interviewing and you kinda need to guess what the intervoewer wants to hear.
In my defence, this is a HN comment thread and not an actual interview. I wrote that on my phone at 6pm on a Sunday.
We have an actual question, a snippet of code that is copied and shared to the candidate, and everyone who asks this question has undertaken this exercise. The interviewer has the list of (known) issues and a handful of stylistic things that can be talked about too. If we actually did share this snippet with someone and they said "should this be declared in the class body", I would say "oops yeah, thanks for catching", and update our template.
>you kinda need to guess what the intervoewer wants to hear
Interviewers are human, and I've done tech screens for probably 250 candidates over the past few years, and I've designed tech screens that have been used for probably 5x that. We have good days and bad days, and it's super tough to give an evaulation of someone in an hour. The main thing I'm looking for (and I tell people this) is someone that I think would be a good fit on the team. To me that means that their own read on their level is roughly equivalent to my read on their level (a senior engineer who says they understand concurrency but doesn't understand what a mutex or atmoic is is a fail, for example), and that they're not a giant pain in the ass. If you've managed to annoy me in an hour by assuming every single thing I do is an attempt to catch you out, we're not going to get along and I'm going to pass on you for that reason.
If ptr is some kind of global, then it makes sense for it not to be deallocated by the destructor? It’s apparently not really managed by this class, so why would its lifetime be tied to it?
I mean it’s psychotic to half-manage it like this but I don’t think the lack of a destructor is suspicious here; in fact I think it’s correct once the global pointer was introduced
IMHO, there are two review branches to discuss in this example:
First, if `ptr` is declared in the translation unit before and outside defining `class foo`, then there is no check for previous initialization and thus is likely a run-time defect.
Second, if `ptr` is not declared in the translation unit before and outside defining `class foo`, then it is likely a missing member definition and is a compile-time defect.
Because shipping the runtime with the software means you can get newer software on older distributions. It's also great for immutable/atomic systems where installing packages at the system level is an anti pattern.
But Flatpak does not do this. It consists of runtimes that usually contain the most of what applications needed, and are updated separately from the application itself.
For all practical purposes they mostly are. Linux famously hasn't broken userspace in over thirty years. Pretty much all commercial software for unix (and Linux) is distributed this way since several decades. Things like ld-linux.so is mostly backwards compatible for this reason. You can still run ancient Firefox builds even if you might have to fetch an old libstc++. But those are still around, for exactly that reason.
Of course, the world changes. Running X11 software might be tricky a few decades from now if nobody speaks the protocol. Something compiled for ALSA or esound might not work forever. Software dependent on a mail transport might not work when email is finally dead and everyone uses Facebook instead. Perhaps one day IPv4 sockets won't be available.
That type of dependencies are the hard ones that will kill your software before any binary incompatibilities will. As long as there is a.out binaries or 32-bit software out there someone will make it work. Software from the past three decades still runs so there's hope for the next three.
Until then, don't let perfect be the enemy of what's simple and works.
Also, reading between the lines, I think it's safe to assume the author did dump the flash.
> Using the strings command on the firmware dump reveals a lot of interesting details about the webserver itself, but nothing obvious hints us to the password.
reply