Meta comment on this (excellent) article: I liked the memes and the accessibility-friendly captions thereof.
> As a software engineer, I am lazy, so I always love to reuse existing tools as much as possible… That’s why I decided to take the chance to learn how Elliptic Curve Cryptography works.
Imagine if they weren’t lazy!
Fantastic post, I loved everything about it. Fang-Pen, I'm interested in your book but it's apparently only 16% complete, is that right? In any case nice find, thanks for sharing, and please keep writing! :)
> By reading the source code, I realized that the incoming data was put into a fixed-size static buffer in the stack, and the payload was decrypted into another fixed-size buffer. There’s no boundary or size check.
This is not normal. It's amateurish in the extreme that leads to the only conclusion that whoever wrote this ZeroMQ thing is not a real software engineer. I.e. stay away at all costs.
the most interesting part is the last one -> hire me..
One the bug is in curbezmq not zmq.
Two do not expose zmq to untrusted networks.
edit: lol their website doesn't even have a valid cert http://curvezmq.org/
> Reading code is underrated, and many software engineers don’t understand how and why they should read it. Reading code is much harder than writing code because writing code translates your thoughts into code, and reading code is the opposite.
That's like saying reading Hamlet is harder than writing it. What kind of garbage do you have to be filling your head with all day to hold such a dismal opinion of software?
This was not "pure luck". Reminded me of that quote about chance favoring the prepared:
"Dans les champs de l'observation le hasard ne favorise que les esprits préparés." -Louis Pasteur
In the fields of observation chance
favours only the prepared mind.
Chance favors the prepared mind.
Fortune favors the prepared mind.
In the field of observation, chance favors the prepared mind.
Where observation is concerned, chance favors only the prepared mind.
edit: "Louis Pasteur's quote "Chance favors the prepared mind" means that the better prepared and more knowledgeable you are, the more you'll be able to take advantage of any chance opportunities or observations.
"If you are unaware of things that influence a situation or an event, you are very unlikely to be able to identify any opportunity or learn anything significantly new. By having insight, interest, and aptitude related to the situation, you put yourself in the position to capitalize upon any hidden "nuggets" buried at the moment."
The Elliptic Curve Cryptography article (mentioned in the ZeroMQ article) the author wrote is really good:
https://fangpenlin.com/posts/2019/10/07/elliptic-curve-crypt...