Artificial truth

In 2024, I did, amongst other things:

• Left Google
• Donated blood
• Donated some money:
  • $5000 to NOYB
  • 1337€ to Nos Oignons
  • $5000 to Médecins du Monde
  • $5000 to Médecins sans Frontières
  • $5000 to Planned Parenthood Federation of America
  • $200 each, as a Open Source Peer Bonus, courtesy of Google, to
    • andrewrk for his work on Zig
    • q66 for his work on Chimera Linux
    • Sam James for his work on Gentoo Hardened
  • all the "premium points" from my Swiss credit card to the UNHCR
• Read a couple of books:
  • Alpinisme & anarchisme
  • Some Warhammer 40,000:
    • Fall of Cadia: really nice
    • Siege of Vraks, Verdun in space.
    • The Lords of Silence, amazingly well written
    • Fire Warrior: refreshing to read about the T'au
    • Genefather: Belisarius Cawl and Fabius Bile are always hilarious.
    • The Wicked and the Damned: 3 nice novellas properly tied together
    • Cypher: Lord of the Fallen, excellent: I love such a bullshit-rich character as main protagonist.
    • Dante: 25% generic science-fiction, 50% Blood Angel recruiting documentary, 25% emo introspection.
    • Cult of the Spiral Dawn and The Reverie: a bit too all over the place for my taste, but objectively great.
    • More of the Dawn of Fire series, felt like a chore except the last book, Sea of Souls, which was a real treat.
    • Deathwatch: Shadowbreaker, great start, devolving into bolter porn, ending on an lame reveal paired with heavy sequel-baiting in the span of the few last pages.
    • The Horus Heresy: Siege of Terra: The End and the Death Vol. 3, felt like an exercise of style in writing applied to a Dragon Ball fight spanning 512 pages. Still pretty good.
    • Path of the Dark Eldar, Drukhari aren't my favourite faction, but the omnibus is pleasantly written, witty and honestly quite refreshing amongst the sea of Imperium bolter-porn.
  • The Faith Healers, so much rightful salt.
  • Amusing ourselves to death: sick sad world.
  • Tried some mangas, on the advices from friends:
    • Hunter x Hunter
    • Dragon Ball, classic.
    • Monster, refreshing.
    • Liar Game: amazing.
    • Fullmetal Alchemist, a tad too long
    • Tokyo Ghoul, could have been interesting, but isn't.
    • Sakamoto Days, had a neat Hunter x Hunter vibe, including an obnoxious yet boring antagonist.
    • Death Note, a classic, should have stopped after the first arc with L, and could have been better with less sexualised schoogirls in it.
    • Gunnm, first book was alright, the rest is trash, too bad as the themes could have been interesting. And of course: sexism.
    • Assassination Classroom: amazing premise, the last third felt like unnecessary padding, and of course, a dispensable amount of sexism
  • e: The Story of a Number, full of tidbits about anything related to e.
  • Blackwater: The Rise of the World's Most Powerful Mercenary Army urgh.
  • Dark Wire: The Incredible True Story of the Largest Sting Operation Ever: use Signal.
  • Space Rogue: How the Hackers Known As L0pht Changed the World, felt like reading the script of Hackers (1995)
  • The Book of Melee, not a great book, and as tl;dr: various people "completely changed the metagame" and the top-players along with the community are a herd of despicable people.
  • Grammaire descriptive de la langue des signes française: Dynamiques iconiques et linguistique générale, really nice if you're into linguistics, especially since the LSF has some really atypical constructs that don't map well unto the French language.
  • A City on Mars: Can We Settle Space, Should We Settle Space, and Have We Really Thought This Through?, witty, insightful, realistic and well-written, but with too many puns on the complete tool that is Elon Musk. It would be weird to have lame puns on Thatcher in a book on Labor, or Bush in one about Middle East.
• Played some video games:
  • On a computer:
    • Space Marines 2!!!
    • Helldivers 2, great with friends
    • Finished Hitman 3's Freelancer mode in hardcore difficulty, because I'm this petty.
    • Prey, felt like a modern System Shock, with some touches of art-deco à la Bioshock but with a tedious late-game.
  • On a (glorious) Steam Deck:
    • Alan wake: not my jam
    • Cassette Beasts: Pokemon done right
    • Hogwarts Legacy, finished it 100%, because why not.
    • Red Dead Redemption 2, Rockstar Games is really not my jam.
    • The Invincible: could have been a visual novel instead. Gave up before finishing it.
    • Warhammer 40,000: Inquisitor - Martyr/Prophecy: Diablo-like in Warhammer 40.000, what's not to like.
    • Hades. I usually hate rogue-lite, but this one is as engaging as it is beautiful. Until you finish the main quest, then it becomes ludicrously grindy to get to the end of the game.
    • The Saboteur, the last game by Pandemic Studios, a mix between Grand Theft Auto, Assassin's Creed and Splinter Cell. Truly a hidden gem, with a ton of neat small details and great ideas.
    • Marvel's Spider-Man Remastered: gorgeous, although it made me question the representation of violence in video games, especially about the dehumanisation of the antagonists.
    • Still Wakes the Deep: beautiful, amazing sound design, too bad it sometimes felt a bit artificial objective-wise. I wouldn't recommend playing it on the Steam Deck, since it's a tad underpowered to run it properly.
    • Nier Automata: 'was told it was an amazing game playing an android fighting in a war, with topics like cycles, empathy, rejecting gods, conflicts, humanity as a concept, …, but I gave up after 1h. Playing a teenage-looking mini-skirt-showing-the-panties blindfolded high-heeled-boots-wearing battle android is fucking ruining everything. The reason for her appearance isn't even justified via a bullshit reason like Metal Gear Solid V's Quiet, it's simply because the creator of the game "just really like girls." Medium is the message for fuck's fake.
• Listened to some music.
• Got rid of plugins in my vimrc
• Kept volunteering at a library.
• Did a couple of job interviews:
  • Rapid7, for a lead security researcher position : great process/experience, but the team/I wasn't a good fit; it's ok, it happens.
  • Randorisec, for a senior security engineer position, which they offered me, but I declined as a got a way better offer somewhere else.
  • Cloudflare, for a Linux engineer position, with a focus on secure-boot. They picked another candidate, but got really positive feedback.
  • Canonical, for an "ubuntu security technology manager position"; I should have trusted the internet, the experience was unbelievably terrible.
  • Hex-Rays suggested that I apply there, but my C/C++-fu was unsurprisingly way too weak and got rejected early, albeit to be honest, the interview process was so bleak and dry that I might not have been super-motivated.
  • ■■■■■■, for an amazing principal security engineer position, doing things at the intersection of hardware and software security. Unfortunately, towards the end of the process, the team realised that they couldn't hire in France, because of the communist labor laws reigning there.
  • Back Market, for a Staff Security Engineer position, but was rejected as "while your application and technical skills are impressive and relevant for the position, the team felt there was a lack of alignment in terms of motivation to join Back Market and make an impact as a Staff Engineer in our organization.", which I found odd, but oh well.
  • The Tor Project, for a Network Health Engineer position. They went for "another candidate whose skill set and experience more closely matches what we are looking for in this position.", which is understandable as I didn't really fit the profile. But, I've been told that "people were really excited about your interview and some of the ideas you brought up there... I hope there will be another position you will apply for because you are an obvious fit :D"
• Contributed to a couple of projects:
  • OSS-Fuzz
  • improved a bit isoalloc's testsuite
  • helped to translate navidrome in French
  • recog, if only to improve runZero's accuracy.
  • fortify-headers, trying to get it updated in Alpine Linux
  • snuffleupagus, mostly bugfixes and merge-request reviews.
  • Alpine Linux, by sending patches, but also being a package maintainer.
  • fuzzilli, by upstreaming support for Ladybird's LibJS, as I might use this browser one day.
  • Alexander Popov's kernel-hardening-checker, resulting in the following requests in Fedora:
    • Missing MTE-accelerated KASAN: CONFIG_KASAN_HW_TAGS: accepted
    • Missing IOMMU hardening: enable CONFIG_IOMMU_DEFAULT_DMA_STRICT=1: rejected
    • Missing randomized slab caches for normal kmalloc: enable CONFIG_RANDOM_KMALLOC_CACHES=y: accepted
    • Missing automatic memory initialization: enable CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y : accepted, and prevented at least this issue.
    • gcc: CONFIG_ARM64_BTI_KERNEL is disabled due to BTI instruction not being inserted for cross-section direct calls, due to BTI instruction are not inserted for cross-section direct calls in gcc.
  • OpenMW, by being the main sysadmin of the project, as well as interviewing a lot of its contributors.
  • metasploit, adding encoders for php payloads and various php-related improvements, as well as minor bugfixes/refactoring/enhancements.
  • PHP by helping detect heap freelist corruption land, and landing add two checks for zend_mm_heap's integrity, since I told in 2022 to real that I'll look into making it harder to exploit php's heap. I got a mention during an OffensiveCon talk about this.
  • miniflux, with more than 100 commits, since it became my RSS reader: made it significantly faster, profiled it to death via Google Cloud Profiler, removed as many dependencies as possible, reduced database usage/queries, improved OPML import from Thunderbird, significantly reduced memory consumption, reduced the binary's size, reduced webpage sizes, reduced the time/resources taken by the continuous integration, added fuzzers to improve/prove robustness, added some rewrite rules, added trusted-types support, as well as various improvements/simplifications/refactoring/…
• Started to write a (technical) book.
• Made some new friends, and lost some.
• Helped a friend with his slides for KazHackStan
• Gave a small talk with lila about Stalkerware for Echap
• Kept contributing a bit to Wikipedia, in English and in French
• Attended a single concert, Fear Factory with Bad Situation as first part.
• Finally got a permanent OP status on smashthestack/overthewire's #social!
• Got an advertisement for Snuffleupagus in PagedOut #4, as well as an article
• Added more possible subtitles to this blog, bringing the number above 1300.
• Gave a talk at Blackhat about Modern Anti-Abuse Mechanisms in Competitive Video Games
• Learned to disengage, so that I could spend my meagre free time in better ways. This includes:
  • not engaging anymore in one-way-conversations, especially about topics that I hold dear
  • reporting bugs to software without a bug tracker, and sending patches/fixes/… to software without a forge: email-based development can go die in a fire. This includes musl and Linux.
• Took part in the Global Encryption Day: Distribute(d) trust -- The key to global encryption access round table.
• Bought an electric bike, as a nice middle-ground between a regular one and something more powerful, like a car.
• Kept being on the board and maintaining Nos Oignons's infrastructure with corl3ss, still handling a bit more than 2% of the total exit traffic of the tor network.
• Caved in and bought myself an Apple M2 as a personal computer, after more than 15 years using ThinkPads; but as I find OSX insufferable, I put AsahiLinux on it.