A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain

Why Functional Programming Should Be the Future of Software Development

Rewriting The Modern Web In Rust

Issue #289

11/9/2022

{{PreviewText}} 

Yo yo yo
No issue yesterday because I got bogged down with some other stuff.
Here's an article on the current state of front-end development. Data is from a survey of a bunch of engineers.
These are docs for a cool project my friend is working on for shared AR sessions on mobile. The sessions can be shared between devices by scanning a QR code. A coordinate system is then shared between the devices based on the angle at which the QR code is scanned from each device. Pretty nifty.
Also this comment on Monday's issue "Flatpak sucks and kubernetes is overrated" made me actually lol, so thanks to whoever posted it.
Anyway, here's the issue.

====================================================================

Today's Sponsor: Could be you!

Are you or your company interested in sponsoring the newsletter? Feel free to reach out to me by replying to this email or clicking the link above.

====================================================================

A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain

Published: 4 November 2022
Tags: android, infosec


Maddie Stone presents an "in-the-wild" exploit sample which uses three vulnerabilities specific to Samsung phones.
Some highlights:

  • First bug is due to a lack of access control in a custom Samsung clipboard provider that runs as the system user, allowing for an arbitrary file read and write
  • Second bug is an information leak to leak the address of the task_struct and sys_call_table
  • Third bug was a use-after-free of a file struct in the Display and Enhancement Controller (DECON) Samsung driver for the Display Processing Unit (DPU), which allows for arbitrary kernel read and write access


====================================================================

Why Functional Programming Should Be the Future of Software Development

Published: 23 October 2022
Tags: functional, philosophy


Charles Scalfani discusses the difficulties that arise during the maintenance phase of software development, when shortcuts taken during development come back to bite programmers.
Some highlights:

  • The software industry's trajectory is towards increasing complexity, longer development times, and greater fragility of production systems
  • Functional programming could be part of the solution to these issues
  • Like any programming paradigm, it's ultimately just another tool in your toolkit and not the best fit for every job


====================================================================

Rewriting The Modern Web In Rust

Published: 1 October 2022
Tags: rust, web


Kevin King walks through rewriting a personal website using Next.js, React, tsx, and mdx, to a full-stack Rust alternative.
Some highlights:

  • Yew and Axum to build a single-page application with server-side rendering, Hooks, Markdown, and code syntax highlighting
  • Tailwind can be used in Rust files
  • Overall the Rust full-stack ecosystem has come a long way, but it's still not close to being ideal


How did I do?

5 4 3 2 1
Amazing


Bad

Want to help?

Thank you for reading! If you enjoy the newsletter, I would really appreciate you helping me spread the word by forwarding this to your friends and colleagues or sharing it on social media! Get cool stuff for your referrals using your link https://abyteofcoding.com.

Your referrals:


If you want to discuss or comment on this issue, head on over to this page at A Byte of Coding. You can also subscribe there if you're new!

Have comments or feedback? Just reply to this email or hit me up on Twitter @AByteOfCoding.

Email landed in your promotions tab? Please move it over to primary so you don't miss the latest issues in the future.
Thanks for your Support! 

Big thanks to all of the Patreon supports and company sponsors. If you want to support the newsletter you can checkout the Patreon page. It's not necessary, but it lets me know that I'm doing a good job and that you're finding value in the content.


Stats (updated daily)

Sent: 3002

Opens: 1440

Clicks: 428

Link Clicks Clicks % Unique Clicks Unique Clicks %
A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain 35 10.90% 42 12.35
Why Functional Programming Should Be the Future of Software Development 155 48.29% 162 47.65
Rewriting The Modern Web In Rust 131 40.81% 136 40.00

Previous

Back to Issues

Next