Title: 2022 in retrospect Date: 2022-12-31 23:59 In 2022, I: - Read some books: - Books from [Mary Roach](https://maryroach.net): - [Grunt](https://maryroach.net/grunt.html), fascinating. - [Fuzz](https://maryroach.net/fuzz.html), mostly a fancy rewrite of an old book on the topic. - [Bonk](https://maryroach.net/bonk.html), the weird mix of "this is Science™, not weird kinky stuff and laughting matters" and lame dirty puns/jokes sent mixed signals and was off-putting. - [Les Culottées](https://en.wikipedia.org/wiki/Les_Culott%C3%A9es), amazing. - A *couple* of [Warhammer 40k](https://en.wikipedia.org/wiki/Warhammer_40,000) ones: - The [Vaults of Terra](https://wh40k.lexicanum.com/wiki/Vaults_of_Terra) trilogy, grimmer that expected. - The [Watchers of the Throne](https://wh40k.lexicanum.com/wiki/Watchers_of_the_Throne_(Novel_Series)) duology, interesting writing style. - Two one-shot novels: [Krieg]( https://wh40k.lexicanum.com/wiki/Krieg_(Novel) ) and [Belisarius Cawl: The Great Work](https://wh40k.lexicanum.com/wiki/Belisarius_Cawl:_The_Great_Work_(Novel)). - The [Ciaphas Cain](https://en.wikipedia.org/wiki/Ciaphas_Cain) decalogy, well written, entertaining and hilariously witty. - Almost finished [the Beast Arises](https://wh40k.lexicanum.com/wiki/The_Beast_Arises_(Novel_Series)) dodecalogy. The mix between political intrigue and *bolter-porn* was a weird rollercoaster. - The [Cadia](https://wh40k.lexicanum.com/wiki/Cadia_(Novel_Series)) trilogy. Kinda meh, albeit entertaining to read stories told from the point of view of minor characters completely oblivious to the grand scheme of things, while being in the known of the aforementioned scheme. - Finally finished the [Horus Heresy](https://en.wikipedia.org/wiki/The_Horus_Heresy). It took 18 months to read the ~70 books and assorted novellas, spanning around a bit less than 30,000 pages. A couple of them where stellar, a good handful were great, a dozen were *nice-ish*, while rest felt like padding. But, nonetheless, it was fascinating to read such a story with so many characters stretching over the course of 9 years, while being only a distant back story in a galaxy whose history spans over 50,000 years. - [Fire work with me](https://www.timelessedition.com/news/97489-news), weird, cocky and refreshing. - [I Could Tell You but Then You Would Have to Be Destroyed by Me](https://openlibrary.org/books/OL12338972M/I_Could_Tell_You_but_Then_You_Would_Have_to_Be_Destroyed_by_Me), surreal. - [Throwing Rocks at the Google Bus](https://rushkoff.com/books/throwing-rocks-at-the-google-bus), leftist economic perspectives in disguise for liberal techbros and growth addicts. - [How to Take over the World: Practical Schemes and Scientific Solutions for the Aspiring Supervillain](https://openlibrary.org/books/OL34134318M/How_to_Take_over_the_World), hilarious and well documented. - [Death Metal and Music Criticism: analysis at the limits](https://openlibrary.org/works/OL16465189W/Death_metal_and_music_criticism), trying to explain why the political motivation angle falls short to analyse "old school" death metal music. - [Our Magnificent Bastard Tongue - The Untold History of English](https://www.penguinrandomhouse.com/books/302945/our-magnificent-bastard-tongue-by-john-mcwhorter/), the "everyone is wrong but me because I say so" tone made me drop the book around 30% in. - [THIS IS VEGAN PROPAGANDA (& Other Lies the Meat Industry Tells You)](https://earthlinged.org/thisisveganpropaganda), made me more serious about veganism vs. vegetarism, and is now one of the books I recommend for people having questions on those topics. - [Rise and Kill First: The Secret History of Israel's Targeted Assassinations](https://en.wikipedia.org/wiki/Rise_and_Kill_First), an interesting history of Israel, and its relationships with its neighbours, in the form of a commentated "speedrun 100%" of the whole stack of warcrimes bingo cards. - Donated some money: - 5000 USD to the [EFF](https://eff.org) - 1000 USD to the [Satanic Temple](https://thesatanictemple.com) - 400 USD to the [International Planned Parenthood Federation](https://en.wikipedia.org/wiki/International_Planned_Parenthood_Federation). - 1000 EUR to [Esther](https://esther.codes) for her work on [Exodus Privacy](https://exodus-privacy.eu.org), [Echap](https://echap.eu.org) and [Pithus](https://beta.pithus.org). - 5000 USD to [NOYB](https://noyb.eu), for their amazing work getting the GDPR enforced. - 10 000 USD to the [Red Cross](https://www.redcross.org), [UNHCR](https://www.unhcr.org) and the [PCPM](https://pcpm.org.pl/en), to help victims of the [Russo-Ukrainian War](https://en.wikipedia.org/wiki/Russo-Ukrainian_War). - 5000 USD to the [Organized crime and corruption reporting project](https://occrp.org), for their [reporting and coordination work](https://en.wikipedia.org/wiki/Organized_Crime_and_Corruption_Reporting_Project#Investigations). - Obtained 20.000 USD of [GCP](https://en.wikipedia.org/wiki/Google_Cloud_Platform) credits for [GrapheneOS](https://grapheneos.org) and some cash for [Daniel Micay](https://opensource.googleblog.com/2022/09/announcing-the-second-group-of-open-source-peer-bonus-winners-in-2022.html). - Published 26 blog posts. - [Listened to a lot of music]( https://listenbrainz.org/user/jvoisin/reports/?range=all_time ). - Played some video games: - [Greedfall](https://en.wikipedia.org/wiki/Greedfall), felt empty. - [Deep Rock Galactic](https://en.wikipedia.org/wiki/Deep_Rock_Galactic), with old friends, great coop game. - [Cult of the Lamb](https://en.wikipedia.org/wiki/Cult_of_the_Lamb), amazing soundtrack. - [Back 4 Blood](https://en.wikipedia.org/wiki/Back_4_Blood), a decent sequel to [Left 4 Dead](https://en.wikipedia.org/wiki/Left_4_Dead). - [Warhammer 40,000: Space Marine](https://en.wikipedia.org/wiki/Warhammer_40,000:_Space_Marine), surprisingly decent. - [Hood: Outlaws & Legends](https://en.wikipedia.org/wiki/Hood:_Outlaws_%26_Legends), fun a couple of hours with friends, grindy and uninteresting afterwards. - [Warhammer 40,000: Darktide](https://en.wikipedia.org/wiki/Warhammer_40,000:_Darktide), after having spent a significant amount of hours playing [Warhammer: Vermintide 2](https://en.wikipedia.org/wiki/Warhammer:_Vermintide_2), it was only natural to try this one. Unsurprisingly, it's a lot like Vermintide, with guns: 4 players hordes in beautiful maps faithful to the lore, … But also unfortunately, a lot of grind, no endgame, no story, way too many bugs and crashes, , promised mechanisms who simply aren't there, weird pseudo-achievement system discouraging teamplay, performance issues, … albeit the microtransaction shop was present since day one, with an indecent amount of expensive real-cash-only items in it. Too bad, it could have been a nice game and not a 40EUR half-baked predatory cash-grab. And don't forget the time it take to actually start playing: loading time to start the game's useless launcher, loading time again to launch the useless cinematics, then mandatory pressing, then loading time again, then pick your character, loading again, then navigate to the mission of your choice, loading again, then you can finally play the game until the next crash. - Wrote and improved fuzzers: - [Enabled MSAN for quickjs]( https://github.com/google/oss-fuzz/pull/7607 ). - [xpdf]( https://github.com/google/oss-fuzz/pull/7241), resulting in [some crashes](https://bugs.chromium.org/p/oss-fuzz/issues/list?q=label%3AProj-xpdf&can=1) - [libraw](https://www.libraw.org/), resulting in [hundreds of crashes](https://github.com/LibRaw/LibRaw/issues?q=is%3Aissue+oss-fuzz). - libarchive, even sending [patches upstream]( https://github.com/libarchive/libarchive/pull/1790 ). - [file/libmagic](https://github.com/ossf/fuzz-introspector/pull/527), bringing to coverage from 30% to 80%. - [json-c](https://github.com/json-c/json-c/pull/765#event-6429512343), because a friend at [GrapheneOS](https://grapheneos.org/) was [worried](https://android.googlesource.com/device/google/redbull/+/refs/tags/android-12.1.0_r4/json-c/) about it. - [pygments](https://github.com/google/oss-fuzz/pull/7382), resulting in a [couple of unhandled exceptions and DoS](https://bugs.chromium.org/p/oss-fuzz/issues/list?q=label%3AProj-pygments&can=1), because [Python sucks]({filename}/rant/python_exceptions.md). - Because I was too lazy to investigate an ~old [zlib](https://www.zlib.net) crash, I nerd-sniped [taviso](https://lock.cmpxchg8b.com/) instead, and it resulted in [CVE-2018-25032](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-25032) and an [interesting thread on oss-sec](https://seclists.org/oss-sec/2022/q1/191); so I [improved the coverage a bit](https://github.com/google/oss-fuzz/pull/7465), just in case. Everyone should move to [zlib-ng](https://github.com/zlib-ng/zlib-ng) anyway. - Deployed [ACME-CAA](https://www.devever.net/~hl/acme-caa-live) on dustri.org - Contributed to open-source software: - [Calibre-web](https://github.com/janeczku/calibre-web/pulls?q=is%3Apr+author%3Ajvoisin) - [mwdb](https://github.com/CERT-Polska/mwdb-core/commits?author=jvoisin), since it's used by [db.stalkerwa.re](https://db.stalkerwa.re) - Kept maintaining [Snuffleupagus](https://github.com/jvoisin/snuffleupagus) and [mat2](https://0xacab.org/jvoisin/mat2). - [mimalloc-bench](https://github.com/daanx/mimalloc-bench/commits?author=jvoisin), I even [gave a talk about it]({filename}/con/BlackAlps2022.md). - [OpenMW](https://openmw), [code](https://gitlab.com/OpenMW/openmw/-/graphs/master) but also system administration. - Did code reviews for [isoalloc](https://github.com/struct/isoalloc) and [metasploit](https://github.com/rapid7/metasploit-framework). - [Made](https://www.openwall.com/lists/musl/2022/04/07/1) it [a teensy bit harder to leak stack-canaries](https://www.openwall.com/lists/musl/2021/12/13/3) on [musl](https://musl.libc.org). - Since I switched from the unmaintained [tilix](https://github.com/gnunn1/tilix) to [foot](https://codeberg.org/dnkl/foot), I sent a [patch](https://codeberg.org/dnkl/foot/issues/950) to make [sixel](https://en.wikipedia.org/wiki/Sixel) support optional, to reduce attack surface. - [Ogre3D](https://www.ogre3d.org), [fixing build on non-x86 architectures](https://github.com/OGRECave/ogre/pull/2444), which was [broken on Debian](https://buildd.debian.org/status/package.php?p=ogre-1.12&suite=sid) [breaking MyGUI](https://buildd.debian.org/status/fetch.php?pkg=mygui&arch=mipsel&ver=3.2.0-1&stamp=1365373881&raw=0), thus [blocking the packaging of the latest version](https://qa.debian.org/excuses.php?package=mygui), making the git version of OpenMW fail to compile. Yay for [yak shaving](https://en.wiktionary.org/wiki/yak_shaving). - Played a small role in [OpenMW's April's Fool](https://openmw.org/2022/openmw-roadmap-update). - Started learning [French Sign Language](https://en.wikipedia.org/wiki/French_Sign_Language), I **love** it. - Got the [COVID-19](https://en.wikipedia.org/wiki/COVID-19) and didn't die: thanks Science! - Installed [Orbot](https://en.wikipedia.org/wiki/Orbot) on my phone, running as a [bridge](https://support.torproject.org/censorship/censorship-7/). - Reached more than 800 possible silly subtitles for this blog. - Was involved in [Hackceler8 2022]( https://twitter.com/GoogleVRP/status/1569254643640811520 ), it was a __lot__ of fun. - Got dustri.org all green on [Hardenize](https://www.hardenize.com/report/dustri.org/1669729665), because I'm vain. - [Thanks to Science](https://en.wikipedia.org/wiki/COVID-19_vaccine), I was able to attended concerts again: - [Obscura]({filename}/music/obscura.md) - [In Flames](https://en.wikipedia.org/wiki/In_flames) - [Persefone](https://en.wikipedia.org/wiki/Persefone) - [Powerwolf](https://en.wikipedia.org/wiki/Powerwolf) - [Lorna Shore](https://en.wikipedia.org/wiki/Lorna_Shore) - [Orbit Culture](https://en.wikipedia.org/wiki/Orbit_Culture) - [Parkway Drive](https://en.wikipedia.org/wiki/Parkway_Drive) - Made it public that I'm working as a security engineer at Google. - Hopefully made the life of [stalkerware](https://en.wikipedia.org/wiki/Stalkerware) users and developers harder, by - Adding a ton of [IoC](https://en.wikipedia.org/wiki/Indicator_of_compromise) to [stalkerware-indicators](https://github.com/AssoEchap/stalkerware-indicators). - Joining [Echap](https://echap.eu.org), and thus the [Coalition Against Stalkerware](https://stopstalkerware.org). - Writing some tooling with [Tek](https://randhome.io/) to automatically monitor, analyse, acquire and share samples with many concerned parties. - Spent some times improving [my vimrc](https://dustri.org/pub/vimrc) with regard to both startup time and size: - [Upstreamed some of my settings](https://github.com/vim/vim/pulls?q=author%3Ajvoisin). - Contributed to [vim-nord](https://github.com/arcticicestudio/nord-vim) to make it execute [less](https://github.com/arcticicestudio/nord-vim/pull/294) [expensive code](https://github.com/arcticicestudio/nord-vim/pull/303), and ended up maintaining [my own fork](https://github.com/jvoisin/nord-vim), since upstream is dead. - Acquired a [FiiO K5 Pro]( https://fiio.com/k5pro ) to properly drive my [AKG K702](https://akg.com/Headphones/Professional%20Headphones/K702.html) granting me the power to be a pedantic snob about audio. - [Spent some time](https://gitlab.com/OpenMW/openmw/-/issues/6073) trying to get [OpenMW](https://openmw.org) into the [Google Summer of Code](https://summerofcode.withgoogle.com/), but unfortunately in the end it wasn't accepted. - Continued to do system administration for [Nos Oignons](https://nos-oignons.net): I still hate, in no particular order: [ikiwiki](https://ikiwiki.info/), perl, fastcgi, ruby, email servers and their associated machinery, and ruby again.