[langsec-discuss] Brainoverflow and basic understanding

Daniel Bilar daniel.bilar at siegetechnologies.com
Fri Jun 1 16:09:42 UTC 2012

Hallo Fabian

I would recommend you taking the free online coursera course https://www.coursera.org/course/automata  based on a very popular Stanford "Language and Automata" course . Have  alook ar a preview of the material https://class.coursera.org/automata/lecture/preview

Ich kann auch Deutsch: Die Universitaet Basel hat einen Einfuehrungskurs Sprachen und Automaten http://informatik.unibas.ch/lehre/fs12/cs206/folien.html . Die Skripts und Uebungen sind oeffentlich zugaenglich, aber anders als beim experimentellen Lehrmodel von Coursera werden Uebungen nicht korrigiert usw - dafuer ist es auf Deutsch http://informatik.unibas.ch/lehre/fs12/cs206/

Hoffe, das hilft .. einfach nur nachfragen, falls es Probleme gibt :D

On Jun 1, 2012, at 9:46 AM, Fabian Faessler wrote:

Hey @all,

my name is fabian. For those who visited berlinsides, I'm the guy who did the Pokemon TD Game Hack lightningtalk. Meredith, you probably can remember me. Just to have a face and a connection in mind ;) Also I'm german, so I'm very sorry for some weird grammar fails :P

28c3 was my first conference and I saw Merediths talk about "science of insecurity". I didn't expect such a "theoretical" talk at this conference. I'm very interested in mathematics and theoretic computer science - unfortunately my brain is too bad. But I give not up! :D I want to understand as much as I can. So after the talk at 28c3 It was for me like "Ok... I think I got it, but... mhmhm... no not really" but I had the feeling I understood it. Time passed and we had some more formal language and compiler construction at university. Then came berlinsides 0x03 and I heard a lot of "parser" jokes in some presentations. And at one point it made "click!". OH WTF I THINK I GOT IT NOW!... So when I came home from berlinsides I rewatched the talk very carefully and It started to make sense. This was a really great feeling. The awareness, that an exploit is just a not wanted accepted word for a grammatic. and the programmer who tried to implement the grammatic created some weird connections/states in his parser.

Well I assume this is a very basic view, but I think I can now move forward with this.

I also tried to access the langsec mail archive ( https://lists.langsec.org/pipermail/langsec-discuss/), to read and learn more, but either nobody wrote on this list ever, or the mails are not archived.

I search for more material I can learn from. For the beginning some simple stuff - Im not very confident with my brain when I try to understand crazy formulas :(
I also want to learn a functional programming languages likr Haskell or Ada, because I hope/think this also can improve the way of thinking. Is there an easy or cool introduction in this functional thinking?

@sergey, in your lightning talk you talked about "pidgeon holes" - that it is sad that we loose the good idea behind ASLR, because we think it's an anti exploit technique.
Did I understand this right? Unfortunately I didn't understand it. Probably because there is my english language barrier and I only have an very abstract view to ASLR - as an anti exploit technique xD
So would you mind to give me a source/paper/... or just an abstract about what you tried to say?
-> does this also belongs to language theoretic security?

I hope I'm not too much off road, if so, I'm very happy with any correction and leads to the right direction :)

Thank you very much,

-- smrrd.de // yellowh.at --
langsec-discuss mailing list
langsec-discuss at lists.langsec.org

Daniel Bilar
Director of Research, Siege Technologies
daniel.bilar at siegetechnologies.com

More information about the langsec-discuss mailing list