[langsec-discuss] Brainoverflow and basic understanding

Fabian Faessler fabi at fabif.de
Fri Jun 1 13:46:41 UTC 2012

Hey @all,

my name is fabian. For those who visited berlinsides, I'm the guy who 
did the Pokemon TD Game Hack lightningtalk. Meredith, you probably can 
remember me. Just to have a face and a connection in mind ;) Also I'm 
german, so I'm very sorry for some weird grammar fails :P

28c3 was my first conference and I saw Merediths talk about "science of 
insecurity". I didn't expect such a "theoretical" talk at this 
conference. I'm very interested in mathematics and theoretic computer 
science - unfortunately my brain is too bad. But I give not up! :D I 
want to understand as much as I can. So after the talk at 28c3 It was 
for me like "Ok... I think I got it, but... mhmhm... no not really" but 
I had the feeling I understood it. Time passed and we had some more 
formal language and compiler construction at university. Then came 
berlinsides 0x03 and I heard a lot of "parser" jokes in some 
presentations. And at one point it made "click!". OH WTF I THINK I GOT 
IT NOW!... So when I came home from berlinsides I rewatched the talk 
very carefully and It started to make sense. This was a really great 
feeling. The awareness, that an exploit is just a not wanted accepted 
word for a grammatic. and the programmer who tried to implement the 
grammatic created some weird connections/states in his parser.

Well I assume this is a very basic view, but I think I can now move 
forward with this.

I also tried to access the langsec mail archive ( 
https://lists.langsec.org/pipermail/langsec-discuss/), to read and learn 
more, but either nobody wrote on this list ever, or the mails are not 

I search for more material I can learn from. For the beginning some 
simple stuff - Im not very confident with my brain when I try to 
understand crazy formulas :(
I also want to learn a functional programming languages likr Haskell or 
Ada, because I hope/think this also can improve the way of thinking. Is 
there an easy or cool introduction in this functional thinking?

@sergey, in your lightning talk you talked about "pidgeon holes" - that 
it is sad that we loose the good idea behind ASLR, because we think it's 
an anti exploit technique.
Did I understand this right? Unfortunately I didn't understand it. 
Probably because there is my english language barrier and I only have an 
very abstract view to ASLR - as an anti exploit technique xD
So would you mind to give me a source/paper/... or just an abstract 
about what you tried to say?
-> does this also belongs to language theoretic security?

I hope I'm not too much off road, if so, I'm very happy with any 
correction and leads to the right direction :)

Thank you very much,

-- smrrd.de // yellowh.at --
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.langsec.org/pipermail/langsec-discuss/attachments/20120601/f5a33044/attachment-0002.html>

More information about the langsec-discuss mailing list