0xABAD1DEA

it's pronounced "a bad idea"

(also sometimes known as Melissa Elliott)
I break code. Sometimes just by entering my name into registration fields. Sometimes I even file bug reports. Sometimes.

Twitter
Github
α AppDotNet
Work

Journalists! I generally can't do phone interviews. If you want to quote me as a professional researcher it needs to be emailed to me and cleared with the mysterious powers that be. Just linking to something I said on Twitter is fine as long as you don't imply it's representative of my employer. I prefer to be cited as 0xabad1dea (that's a zero and a one) when representing myself. Please note for pronoun purposes that I am not a man!

If you email me, is a very good idea to also hit me up on Twitter or the email might sit there for a while.

I'm currently not available for talks or lectures except in New England.

The Githubber's Downtime Prayer

Our uptime who art in heaven, github be thy name. Thy pingdom come, thy push be done, on remote as it is in local. Give us this day our daily build, and forgive us our breakages, as we forgive those who push broken builds to us. Lead us not into abandonware, but deliver us from bitrot, for thine is the commit, the bisect, and the blame forever, amen.

What's so special about 2,880,249,322? Nothing really, it's just a number all my own. I picked this handle on a whim and it stuck; I'd like to think I actually have a lot of good ideas. I'm a Linux person who somehow became an OSX/iOS person, I do NES programming and chiptunes, I love Dwarf Fortress and Vocaloid, and I do not actually have pink hair. Usually.

I am a computer security researcher playing defense at Veracode, home of the world's finest binary static analysis technology, slayers of literally millions of security bugs. My job is to work on programs that find bugs in other programs, but I'm primarily known for getting comically angry about companies and organizations botching their response to a security breach. My motto is bugs happen, bad responses don't have to. You will see me throwing hissy fits whenever someone chooses to prioritize their PR over the safety of their userbase, or whenever a plaintext or unsalted password dump leaks to pastebin.

IMPORTANT NOTICE: Don't fall for impersonations! I do not post to Full-Disclosure or similar sites and lists. I haven't actually done a lot of the stuff people seem to think I have. For example, I am not on any jailbreak development team, I'm not involved with Comex (at least, last I checked) and I am not hacking into your Flash plugin. Maybe.

Some stuff I've written

Analyzing Binaries With Hopper's Decompiler - introduction to decompiling x86 binaries for aspiring hobbyists.
Is the Vibe messaging app safe for protestors? An evening spent discovering that an "anonymous" app is pretty much anything but.
Our Enemy the Optimizer - understanding highly optimized x86 disassembly and how it relates to what the source code looked like before the compiler got its grubby hands on it.
How Sally Got Owned - An illustrated example of how piracy can endanger your mobile device. Possibly the most cutesy thing ever posted to a real security company's official blog.
Ubuntu Snafu - Privacy Is Hard, Let's Go Shopping Exploring the problem of enabling cloud-aware searching on your desktop.

Some stuff I've made

My hand-drawn ANSI font for NES, including bonus wingdings. You may also grab the image to the left and do whatever you want with it, I don't really care. Edit the CHR file with YY-CHR. Download



Several years ago I had a shell on a real, actual VAX, and discovered a critical shortage of documentation on the internet. I actually resorted to rescuing the user manual from my university library's back room to find the information I needed. What I learned is distilled in this textfile for assembly programming the machine, which I have left totally unedited from its original form: Download

I did a boot sector DOS demo for an IRC channel called #io. It is a trippy melty effect that goes on forever and I am kind of proud of it, as it does not use sine tables or any tricks like that. Binary - Source (includes instructions to build and run) - Video



I swear I will finish Neslyric someday. Someday.

Some other stuff

If you are wondering: the pink girl in my avatar is Kasane Teto, the fictional face of a female voice synthesizer module for the freeware program UTAU. She is an affectionate parody of Hatsune Miku. The original image is from here. Contrary to widespread rumor, my favorite color is actually orange.

If IDA is a little out of your budget you should buy Hopper disassembler/compiler RIGHT NOW (buy it straight from the site, not the App Store, if at all possible) (NOW FOR ALL THREE MAJOR DESKTOP OPERATING SYSTEMS). I can't say enough good things about how responsive the dev is to bug reports and feature requests.

You should play Dwarf Fortress, a completely free game available for Windows, Linux, and OSX. It is a top-down "roguelike" fantasy world simulator with deliberately old-fashioned graphics, where you can either direct a bunch of dwarves in carving out a mountainhome or control a single adventurer out in the world. It is ridiculously complicated and prone to disaster. For example, my most recent fort at time of writing ended early when an unattended litter of puppies starved to death in my dining hall and immediately raised as undead, killing five unsuspecting dwarves within seconds.

You should also read the fantasy adventure webcomic Drowtales, assuming you like lady warriors.

Last update: Dec 23, 2012 © 0xabad1dea 2012
This site don't officially represent nuthin'