Computer Systems Security 6.566 / Spring 2024

https://css.csail.mit.edu/6.858/2024/

123•barishnamazov•2w ago

Comments

tptacek•2w ago

It's a fun class; worth keeping in mind that several topics with 1-2 units here are whole specializations in the field, including:

* memory safety and exploitation (the "buffer overflow" section is about 20 years out of date, though super appropriate for a first course)

* the WebPKI/certificates thing

* messaging security and messaging cryptosystems,

* microarchitectural security and hardware side channels.

Multiple full courses on each of these subjects would bring you up to "practitioner" levels of expertise.

SoftTalker•2w ago

Considering an undergraduate course is about 3-4 months in duration, there's only so much it can cover in any depth. Even the most rigorous are still pretty shallow compared to what someone with years of work in the field would know.

tptacek•2w ago

Of course! It's a survey course. But you could probably get somewhere significant in a rigorous 3-month course on memory corruption.

chc4•2w ago

RPISEC's Modern Binary Exploitation is somewhat famous for doing exactly that!

tptacek•2w ago

More people interested in security should know about RPI. :)

bikeshaving•2w ago

Seeing this makes me miss the salad days of MOOCs. I learned programming in the 2010s through MIT’s EDX Introduction to Programming course, and then a course on Coursera by Martin Odersky on Functional Programming through EPFL, and I feel like that ladder has been kicked away due to MOOC monetization policies. I wonder if we could return to these days.

Obscurity4340•2w ago

Dont many of them end up as Youtube playlists anyways?

TZubiri•2w ago

Yeah, there were 2 golden ages:

1- When this internet thing came out

2- When this covid thing came out

On the first era, here's a Java lecture from Stanford, if it's too basic for you, it still has historical value, iirc it's something like Java 6. And it also reinforces the basics.

https://www.youtube.com/watch?v=KkMDCCdjyW8&list=PLA70DBE71B...

It's a bit harder to follow along with online materials since you have to use the Internet Archive, and download older compilers or use options to target older versions, but it's all the more fun for it.

g947o•2w ago

I took the EPFL course as well, although did not finish it. As someone who only had experience working with imperative programming and OOP stuff, it blew my mind -- I never knew you could write code like this. The course was great but a bit too fast for me at the time (part of the reason I did not complete it).

jrflowers•2w ago

I like that the MIT CSAIL CSS website (https://css.csail.mit.edu/) has a link to a Russian online gambling site due to what I’m assuming is a typo (click on the Foundations of Cryptography class)

barishnamazov•2w ago

Likely it was an expired domain. I have seen this trend happen quite a bit with semi-popular domains, e.g., International Olympiad in Informatics 2019 official website, ioi2019.az

jrflowers•2w ago

The domain was created two months ago.

https://whois.domaintools.com/mit6875.org

rediguanayum•2w ago

Presumably for SEO tactic of the gambling site?

ethical•2w ago

What they don't tell you. Everyone in the company will hate you, no one will fix the bugs you find, HR will want to sack you for fun, and the execs are all psycho's. Find a better career, like watching paint dry, or become a monk. Its fun, but not worth it. People are twats.

blazex344•2w ago

Sucks being a cost center. I've come to realize that a lot of what makes security fun for me still boils down to engineering problems that isn't only found in security teams.

tgv•2w ago

Cost center... now there's a frame. It's nothing but ignorant or malicious bean counter talk.

markus_zhang•2w ago

Or just go to the dark side if you are good enough /s

I kinda think the dark side is now pretty competitive, though.

EchoJEPA: Latent Predictive Foundation Model for Echocardiography

Disablling Go Telemetry

Effective Nihilism

The UK government didn't want you to see this report on ecosystem collapse

No 10 blocks report on impact of rainforest collapse on food prices

Seedance 2.0 Is Coming

Show HN: Fitspire – a simple 5-minute workout app for busy people (iOS)

Dexterous robotic hands: 2009 – 2014 – 2025

Interop 2025: A Year of Convergence

JobArena – Human Intuition vs. Artificial Intelligence

Concept Artists Say Generative AI References Only Make Their Jobs Harder

Show HN: PaySentry – Open-source control plane for AI agent payments

Show HN: Moli P2P – An ephemeral, serverless image gallery (Rust and WebRTC)

The Crumbling Workflow Moat: Aggregation Theory's Final Chapter

Pax Historia – User and AI powered gaming platform

Show HN: I built a RAG engine to search Singaporean laws

Scams, Fraud, and Fake Apps: How to Protect Your Money in a Mobile-First Economy

Porting Doom to My WebAssembly VM

Cognitive Style and Visual Attention in Multimodal Museum Exhibitions

Full-Blown Cross-Assembler in a Bash Script

Logic Puzzles: Why the Liar Is the Helpful One

Optical Combs Help Radio Telescopes Work Together

Show HN: Myanon – fast, deterministic MySQL dump anonymizer

The Tao of Programming

Forcing Rust: How Big Tech Lobbied the Government into a Language Mandate

PanelBench: We evaluated Cursor's Visual Editor on 89 test cases. 43 fail

Can You Draw Every Flag in PowerPoint? (Part 2) [video]

Show HN: MCP-baepsae – MCP server for iOS Simulator automation

Make Trust Irrelevant: A Gamer's Take on Agentic AI Safety

Show HN: Sem – Semantic diffs and patches for Git

EchoJEPA: Latent Predictive Foundation Model for Echocardiography

Disablling Go Telemetry

Effective Nihilism

The UK government didn't want you to see this report on ecosystem collapse

No 10 blocks report on impact of rainforest collapse on food prices

Seedance 2.0 Is Coming

Show HN: Fitspire – a simple 5-minute workout app for busy people (iOS)

Dexterous robotic hands: 2009 – 2014 – 2025

Interop 2025: A Year of Convergence

JobArena – Human Intuition vs. Artificial Intelligence

Concept Artists Say Generative AI References Only Make Their Jobs Harder

Show HN: PaySentry – Open-source control plane for AI agent payments

Show HN: Moli P2P – An ephemeral, serverless image gallery (Rust and WebRTC)

The Crumbling Workflow Moat: Aggregation Theory's Final Chapter

Pax Historia – User and AI powered gaming platform

Show HN: I built a RAG engine to search Singaporean laws

Scams, Fraud, and Fake Apps: How to Protect Your Money in a Mobile-First Economy

Porting Doom to My WebAssembly VM

Cognitive Style and Visual Attention in Multimodal Museum Exhibitions

Full-Blown Cross-Assembler in a Bash Script

Logic Puzzles: Why the Liar Is the Helpful One

Optical Combs Help Radio Telescopes Work Together

Show HN: Myanon – fast, deterministic MySQL dump anonymizer

The Tao of Programming

Forcing Rust: How Big Tech Lobbied the Government into a Language Mandate

PanelBench: We evaluated Cursor's Visual Editor on 89 test cases. 43 fail

Can You Draw Every Flag in PowerPoint? (Part 2) [video]

Show HN: MCP-baepsae – MCP server for iOS Simulator automation

Make Trust Irrelevant: A Gamer's Take on Agentic AI Safety

Show HN: Sem – Semantic diffs and patches for Git

Computer Systems Security 6.566 / Spring 2024

Comments