The community is divided about your name change. Here's my proposal for a compromise: Low Level Lear

Are range checks allways on in Rust plus they also exist for all kind of buffers?

It's neat that you went to Twitchcon with the CEO of Jurassic Park. 🥰

I think in the future businesses will run Linux servers and not Windows servers.

Just out of interest. You provide good curses, but sadly, the only payment options are im gonna call them the American payment systems (cash app, visa, American bank). So to the question: will there ever be any other payment options ? (Seap, direct transfer, PayPal, etc) Anyways, nice video, always great content, and all of you have a great day.

HA

This comment wins

@@amadzarak7746 you win

>still haven't learned how not to index an array out of bounds Some people should only program in BASIC, it won't let you write out of bounds, you have to fight and sabotage BASIC to do so.

Yeah... I think we should just collectively stick to bound-checked languages at this point...

it's true i am immortal

🤨🤨🤨

Calling your level lowest possible is a huge compliment who understands it. :D

they say you can't fall lower than binaries

I wonder if he's gonna correct the "I was right." video, where he was wrong.

ikr, double L *is* double L-ed indeed

bruh, should have been a battle rapper with them bars.

At least the name didn't go out of bounds. From 3 L-words to 2 L-words is not overflowing.

2 L's make a W

The only L I see here is the underscore before JohnHammond 😂

This. I've been clenching for a while because I thought I would need to patch my router before visiting the office. Turns out this is a complete non-story. Openwrt has nothing to do with this vuln. I will go and release my babies now.

It's pretty surprising how low level the fact checking is on this channel.

@@vprwave I notice this especially in security issues. Clickbait is not discouraged, because it usually "well, they know more about security, right? Better prepared, right?" We need to stop pushing theoretical security vulnerabilities because making people paranoid is good for business

Good. I just finished reinstalling 2 routers some days ago.

90% of tech youtube is dumb misinformation for clicks

Nah I was his classmate in school, everyone called him low level Even the teacher calls him low level

Low level media has a nice spin to it, bonus "fundraising round" initials

​Low level classmate​@@agastyasanyal4026

shorty got low

LPL: This is Lockpicking, and today... FW: Thanks for turning in for Forgotten, I'm iMac... And of course SteveMRE1988 becoming just Steve

she hit the flo

Low level Shillong amiright?!

Low. I am the Low.

Yea, just low level content 😂 Nahh it‘s a fine name, the old one was good already tho.

Brain is no longer braining.

a new low

It's only downhill to a lower level from here

bro's gonna make a surprise video showing a modern CPU through microscopes and find hardware vulnerabilities

Hi, his name is edthisislowlevellearning, he teaches us about computer security

This is really important information, and should have been called out in the video. I'm running OpenWrt at home on a Linksys E8450, which has a MediaTek MT7622BV SoC and an MT7915E Wi-Fi chipset, both of which are called out as "affected chipsets." Judging by the video (and the blog post it refers to), I might very well have been affected. It took a trip to the OpenWrt forums for me to figure out that wasn't the case.

M i affected? Should i do something? Hostname OpenWrt Model Xiaomi Redmi Router AX6S Architecture ARMv8 Processor rev 4 Target Platform mediatek/mt7622 Firmware Version OpenWrt 23.05.0 r23497-6637af95aa / LuCI openwrt-23.05 branch git-23.236.53405-fc638c8 Kernel Version 5.15.134

Okay, I checked it. You're right: even if the processor is affected, the PoC is using wapp, so we’re safe for now. However, to be sure, I upgraded to the latest version of my OpenWRT. The strange part is that it is exploited via UDP, so it’s affected globally. Even if someone was affected and got a reverse shell, they could be backdoored after an update. Good thing that vanilla OpenWRT doesn’t use wapp.

is it good practice to update device firmware when something like this triggers your worst fears? I have a mediatek openwrt router serving multiple virtual ssids so am a little worried I'll break the complex setup in an update

Indeed, some updates can introduce their own vulnerabilities... I'd say a _related_ update is a must-get; otherwise, minimize exposure & apply patches only after confirming stability.

I, for one, just like alliteration

Ten minutes later, the devs will disable those warnings at the project level, because obviously they are smart enough that their code does not have such bugs.

@@angrydachshund That's what I do 👍

@@angrydachshund -Wno-warning-i-know-better

IDE alerts the FBI when you make such mistakes and you get swatted.

Sounds simple, until you recognize that offsets and lengths are often passed as variables that are the sum or product of other variables that may all have been individually verified as in-bounds, but when combined, are not. The reason buffer overflows still exist is not because people don't ever sanitize inputs or enforce limits. Okay, sometimes it is, and that's just sad. But sometimes it's just a series of unforeseen circumstances. I once considered what it would take, in C, to ensure that no arithmetic ever overflowed the target variable. It was a genuine exercise of "what would it take for a single function to be literally bug-free?" Some hardware actually has an overflow status flag in the ALU, but you can't assume that if you're going to write portable code. You could use a data type that is guaranteed to be big enough to hold any possible input, and then cast down to whatever the target type is -- but only if a larger type existed. Otherwise you would need to roll your own int128 or whatever. Or, you could measure all the inputs and determine if there's a possibility of overflow based on their values, but then you're really better off using a language that already does this (slow) or overloading the basic arithmetic operators to do it yourself (AFAIK, not possible in C), or using library functions instead of operators. None of those are really attractive options, and the vast majority of code out there doesn't do any of this. It all just assumes that the inputs are sane. Ergo, most code out there has inherent flaws that could be considered "bugs." It's a sobering exercise.

Its monitored, by like 2 people, dev and the gvmt agent on his way to make name with new fancy backdoor 😂

​@@avarise5607So 2 eyes now!

Most people confuse "it is monitored" with "it can be monitored"

@@tablettablete186 better than 5 eyes

For me, it's not about someone done audit on the code - it's about that you can torn thing out and replace it with something else, including your own binary.

I am too, but thats life :)

Same, i have force awakening poster in my room, i haven't watch the movie (maybe snipptets on TV) i don't plan to since (from what i've heard) it's rather shitty movie, but i have it since middle school (or rather polish equivalent of there of) and i'm 22 in December so now removing it triggers my sentimentality

It's just a nice change it's a rebrand without the word A.I or Cloud afterwards. 😅

You have replaced about 330 billion cells in your body over the last 24 hours. You are not even the same person you were 30 minutes ago 😅

@@moveonvillain1080 you are really only a story you tell to yourself, or rather your new self. Ponder. Time for beer!

You do if your priest assigned it as penance.

Was thinking the same thing. Who would want to go on holiday anywhere in the USA (Montana being a notable exception!)... I'd rather spend a week in a septic tank 😅

​@@NotMarkKnopfler Upper Michigan, New Hampshire and Pacific Northwest are quite beautiful too.

@@Lutz64 I'll deal with the state if I get to see the ship.

When I went with my dad we partied with guidos all night long and got spray tans shot up steroids.

you got this dude

Time to download ghidra and qemu, no?

Low Level Learning is both easy to remember and has a better ring to it, I really can't see any pros to dropping it, like, at all.

Bro have you been hacked? What are you talking about? You starting a new "Tay SEO Tips" channel or something, and you're testing the waters in the KZbin comments?

​@@9hoot789 he is referring to discovery by search engines and recommendation algorithms, as opposed to traditional branding/word of mouth

Keep bringing us that chocolate rain the comments bro.

Common Tay Zonday W as per usual

Blame is on you for getting baited, not the author on using it. You got free will, use it

​@@avarise5607trash take. You can like a video and still hate the thumbnail. Boycotting a video that you think you might like just because of the thumbnail is a bit extreme, don't you think?

clickbait works

@@marcogenovesi8570 I've stumbled on this channel in the recommended section, and liked some videos, but these clickbait titles with no substance deter me from subscribing. I want the title to be on point, so I wouldn't waste time watching half a video on something that I am not interested in just to figure out what it's about. Basically, this makes me watch fewer videos, not more. But if his goal is to attract an audience of people with too much free time and no filter, I guess that works.

Good old wait as you pay.

Despite its limitations, Wireless Application Protocol was great in its day. I used it mainly for viewing real-time train info, which was really useful when the service was disrupted and I was stuck at a small station with no staff and no screens.

thats too hard to say. Next Next rebrand: L

After that, "L".

Dunkin donuts was too hard to say as well. They rebranded to Dunkin. But I heard that too is much too difficult for the average person. Hopefully the Dunk rerebrand will be enough.

Having a good day LL releases a new vid Misery resumes

Actually 🤓☝️ it’s LL now Edit: Nooo someone beat me to it

@@GREG_WHEREISTHEMAYO hahaha no worries

@@すどにむ 🤣🤣🤣🤣

There are a surprising amount of companies who have shortened their names or simplified their logo. Every company has the same generic basic font and logo style now. Lame

Behold the Underminerrrrrrrr

and that is why we should push for FOSS firmware

Implying that FOSS equates to quality production code is just a fundamental misunderstanding of FOSS.

@@sujimayne It's very common for the board support package code to be extremely low quality, quickly slapped together "just to make Android work". That's in contrast to upstream code within major FOSS projects like the Linux kernel or Mesa. FOSS firmware is a different aspect (I wrote the top-level comment before I knew the vulnerability is specifically in the wlan firmware and not the main OS of these routers). It would still help a lot because then it could be audited much more easily _and_ it could be patched for good in all open projects using that firmware. It's much harder to find all blobs sharing the vulnerability than to just patch it in one codebase.

@@sujimayne But yes, you're right that "just make it FOSS" likely wouldn't solve this issue. (but sharing code between more of such chips, coreboot-style, probably would)

@@sujimayne SDKs provided by embedded hardware vendors are often low quality code, and more often than not the FOSS version is better (if they released enough hardware information about it). This hardware is not as complex as GPUs so it's still within the abilities of a few community members to develop

Except he is a positive impact on society unlike most other tech bros

same

the guy who used to set next to me at work regularly complained about working with mediatek as a customer - gave impossible to understand instructions and information.

@@krazyolie Even as a consumer of its products, its bad. Custom roms on android aren't made that easily on their firmware because they don't release their kernel (modified Linux kernel) for each phone to the public, meaning if you have a phone with Snapdragon, you can atleast expect a custom rom or build one yourself but its much harder on MTK.

There is no chip bug - this is just a bug in a proprietary daemon they ship to their customers by default. Despite what's said in the video OpenWrt isn't vulnerable (only the hacked-about fork of OpenWrt which MediaTek shipped to their customers). On the whole, the wifi chipset MediaTek open source support is very good, and they employ one of the OpenWrt contributors to develop their open source wireless drivers (the same guy that did the ath9k driver before Qualcomm took most functionality into their proprietary firmware with ath10k and later chips).

@@Tim_Small Comment edited accordingly. :D

Imagine how many new holes they will introduce

@JimAllen-Persona if you've been to Jersey Shore... And then been to any other beach on the east coast... Jersey Shore is pretty much a last resort...

OpenWRT is not even affected.

@@falsemcnuggethope OpenWRT 19.07 and 21.02 are affected

It had a nice ring to it for sure

the vendor drivers are not sample/test code, it's what you are supposed to use because they don't provide documentation about the hardware so you can't develop your own anyway

@@samsupertaco same