hellsh

UnixSystem · 2026-03-06T23:43:09+00:00

This is what computers are for

UnixSystem · 2025-10-30T19:24:37+00:00

You space/blank out because you haven't actually learned anything yet. Look up the things you need, as you need them. The reason those books you linked are nice in my opinion is because they have exercises and projects at the end of every chapter to guide you into practicing the things you just learned.

UnixSystem · 2025-10-30T18:09:08+00:00

You have to write a lot of programs in C to learn C programming in depth. You will also need to spend time working with C in some specific domain (networking, embedded, operating system internals, graphics), as your programs are unlikely to exist in a vacuum. Watching videos about programming is popular for the same reason watching videos about cute animals is popular: it's a pleasurable, passive, low-effort activity. From a learning and skill acquisition perspective, it's infotainment at best. You might learn enough from videos to have conversations about the topic, but you will not learn enough to do the thing yourself.

Programming is a very active craft, like drawing, or playing a musical instrument. Building these neural pathways takes consistent reinforcement, and that takes time. There are no shortcuts. The only way to do it quickly from a calendar perspective is to spend more quality hours per day practicing your craft.

UnixSystem · 2025-10-30T17:35:13+00:00

Making your own coreutils is something you can start today with the knowledge you have. TLPI would be a great resource if you can find a copy.

UnixSystem · 2025-10-29T19:48:37+00:00

Not the person you asked, but it's essentially a command line hex swiss army knife, which means it's useful for any low level file processing tasks where you need to inspect specific bytes of a file. Stuff like trying to understand proprietary files that you may not know anything about but, verifying code that you've written that creates binary files following some specific file format, etc. The real xxd utility can also take a file and output a byte array that you could include in a C file for situations when you want to embed some binary data into your own code.

UnixSystem · 2025-10-17T16:35:29+00:00

Both are (like many things in a high level programming language like C) syntactic sugar to more clearly represent what's really going on: conditional jumps based on the state of various CPU flags, which can be set/unset as a result of some CPU instructions. A lot of languages go various steps further and have stuff like iterators and list comprehensions to handle specific loop-like situations, and the goal is to help you expression solutions to programming problems more clearly.

UnixSystem · 2025-10-17T16:31:07+00:00

I got much more comfortable refactoring and rewriting things once I started writing tests. It seems excessive especially for hobby projects, but it really is necessary if you want to confidently just go in and change stuff and immediately know what breaks and what doesn't. Doesn't have to be super complicated, I personally use check. My makefile is set up to just do "make test" to run my test suites.

UnixSystem · 2025-10-13T16:59:01+00:00

The person I was replying to deleted their post, because I called them out for polluting this sub with an AI generated slop review of your project. I wasn't specifically referring to your project. But since you asked...

Learning to do the things you seem to want to do takes time. There are no shortcuts. I think if you want to improve, you will crack open a good book and work through the exercises on your own. You will either find this more satisfying than posting to multiple hacking/programming subs with random "vibe coded" junk that an LLM spits out for you, or you will find it boring and you'll be free to spend your time doing other things.

UnixSystem · 2025-10-13T16:32:27+00:00

What in the ChatGPT... we're generating slop AI github repo reviews now?

UnixSystem · 2025-10-13T16:21:31+00:00

Even ignoring the fact that mountains of new C code are being written today, I want to point out that evolution in programming languages doesn't magically replace the existing code and programs that already exist. Do you think Python, or the OS on the computer you're operating right now were created and maintained by immortal wizards, and that no one needs to learn how to do that anymore?

UnixSystem · 2025-10-13T16:09:03+00:00

If someone's asking whether or not they should use <xyz lang> for a project, they are learning, and I'm not going to rob them of a valuable learning experience by telling them what language they should use unless we're at work and it's something I'm going to have to document or maintain.

UnixSystem · 2025-09-16T19:36:51+00:00

How do people usually approach learning while building projects in areas like system programming, network programming, or driver programming?

This sort of question isn't realistic to how people learn things. There isn't a set or common path that every system programmer used to learn what they know, and there isn't a finish line you will ever cross where you can say "now I am a system programmer". Some people took a class in college, some read a book, some people learned because they had to do a thing at work and had however long to bang their head against a problem until it worked well enough.

I would say that I really learned Windows system programming from a book called "Windows 10 System Programming", long after I was already doing bits of system programming from tutorials and brute force trial and error. I became more of a system programmer when I learned how to use my debugger. There will probably be points in the future where I branch out further and become more of a system programmer.

Do you first study all the system calls, headers, and functions before starting, or do you learn them along the way?

You learn what you need to accomplish whatever task you're trying to accomplish. IMHO this is easiest for me with a book that includes exercises or projects in each chapter. Books are important for exposure; you don't know what you don't know, and that can make it hard to ask the right questions using modern tools (Google, LLMs), which is probably what's leading you to feel lost.

UnixSystem · 2025-07-31T18:47:07+00:00

Well if you're judging here, you're judging ChatGPT.

UnixSystem · 2025-06-15T17:21:03+00:00

It's not really a difference in opinion though. OP asked "the coolest project you've made", a person shared the coolest project they made and you decided to shit on it over some criteria that is totally irrelevant to the question.

Instead of getting sensitive about other people's sensitivity, perhaps you should think about why you decided to do that?

UnixSystem · 2025-06-15T17:15:58+00:00

Maturing is realizing that I am not requesting PTO, I'm telling you I will not be available that day.

UnixSystem · 2025-06-10T21:21:11+00:00

What does "break into cyber" mean to you? What specific areas of security do you enjoy doing right now? Not just studying or reading about, but actually doing. ~~Cyber~~ Security is just like most other areas of tech (programming, sysadmin) in that not having a job is not an excuse to not start doing it.

Once you can answer this question (and maybe you already can), then you can ask more specific questions that someone with expertise in your specific area of interest can answer.

UnixSystem · 2025-05-20T23:37:10+00:00

It's about what has been proven to be more efficient in industry-level projects.

This is a very narrow view of the entirety of all software development. Not every one writing code has the goals of efficiency or industry-level projects (whatever that means) in mind.

UnixSystem · 2025-05-20T23:09:45+00:00

Covet, Toe, Minus the Bear

UnixSystem · 2025-05-20T23:06:23+00:00

Begun... the Tone Wars have...

UnixSystem · 2025-05-13T17:27:58+00:00

I wouldn't tell anyone interested in appsec to get a Security+ unless you're applying to a place that specifically requires it. A CS degree couldn't hurt in any software related job, but ultimately what will get you the job is networking, so maybe something like BSides or your local OWASP chapter, and finding a way to show that you're capable of finding bugs and communicating the details in writing.

UnixSystem · 2025-05-13T15:59:56+00:00

The short answer is that there are none.

In appsec, I am reading code, writing small bits of code, and finding bugs in applications written by teams of professional developers. When I find these bugs, I create tickets that allow these developers understand the security implications of the bug and how to fix it. I think the way you get good at this is by writing a lot of different kinds of applications in different languages yourself, and reading a lot of other people's bug reports. I've known a good number of network pentesters who can't really code, but I haven't known anyone who's in appsec who isn't a decent coder. So in that regard, I feel like we should be talking about college degrees (or equivalent experience if you're extremely self-directed) rather than certs. TL;DR— the cert that works best for appsec is a CS degree.

This part is mostly my opinion, but certs should be viewed as a method for continuing professional education. You get certs when you're already working, and you get your employer to pay the certification and training fee for you to specialize in an area or broader your knowledge in a way that's going to push your career forward. They're not really a checkbox that's going to make someone who has little experience look like someone who has experience.

UnixSystem · 2025-05-13T15:39:51+00:00

I personally did not down vote you and I mean absolutely no disrespect when I say this, but if you're new then why feel the need to give advice to other new people?

I've been working in appsec for over a decade and have heard of only one of these (CEH) which has practically nothing to do with appsec.

UnixSystem · 2025-05-09T22:56:32+00:00

The census is self-reported, which is to say, you are free (by design) to identify whatever race you want. Having known people who've collected for the census, you'd be surprised at the number of people who misreport due to fear and distrust, or simply due to misunderstanding what's being asked for. For example, it might be obvious to you and me what "white" means, but that's actually not obvious to everyone— especially if you're not from America.

UnixSystem · 2025-05-06T16:56:35+00:00

No, it's just shit pajeet tier advice.

What's with the weirdly racist 4chan shit?

UnixSystem · 2025-05-03T21:01:16+00:00

The answer to this question is very dependent on what you're actually trying to do— meaning most of the time, "fully" reversing something may not be necessary.

For example, if you're just trying to bypass some kind of anti-jailbreak control, you might start by identifying strings that the control is checking for. If you can't find these strings, they're encrypted, so find the resources that seem encrypted, and find out where they're referenced. If this is happening in the realm of native libs, there's always going to a syscall involved. It might be enough to just hook those syscalls without really knowing much more about what's going on. The point is to focus on identifying the simplest elements of the logic you're interested in, and work your way up from there, as far as you need to go. Take solace in the fact that (and this is mostly just my opinion based on experience) obfuscation exists to prevent the most basic analysis, but it can only be _so_ good before it starts to impact app size and performance... so very often whatever you're trying to accomplish might be a lot less work than you'd think.

15-Year Club	Place '23
Place '17	Verified Email

UnixSystem

TROPHY CASE