Computer Systems Security 6.566 / Spring 2024

https://css.csail.mit.edu/6.858/2024/

123•barishnamazov•3w ago

Comments

tptacek•3w ago

It's a fun class; worth keeping in mind that several topics with 1-2 units here are whole specializations in the field, including:

* memory safety and exploitation (the "buffer overflow" section is about 20 years out of date, though super appropriate for a first course)

* the WebPKI/certificates thing

* messaging security and messaging cryptosystems,

* microarchitectural security and hardware side channels.

Multiple full courses on each of these subjects would bring you up to "practitioner" levels of expertise.

SoftTalker•2w ago

Considering an undergraduate course is about 3-4 months in duration, there's only so much it can cover in any depth. Even the most rigorous are still pretty shallow compared to what someone with years of work in the field would know.

tptacek•2w ago

Of course! It's a survey course. But you could probably get somewhere significant in a rigorous 3-month course on memory corruption.

chc4•2w ago

RPISEC's Modern Binary Exploitation is somewhat famous for doing exactly that!

tptacek•2w ago

More people interested in security should know about RPI. :)

bikeshaving•2w ago

Seeing this makes me miss the salad days of MOOCs. I learned programming in the 2010s through MIT’s EDX Introduction to Programming course, and then a course on Coursera by Martin Odersky on Functional Programming through EPFL, and I feel like that ladder has been kicked away due to MOOC monetization policies. I wonder if we could return to these days.

Obscurity4340•2w ago

Dont many of them end up as Youtube playlists anyways?

TZubiri•2w ago

Yeah, there were 2 golden ages:

1- When this internet thing came out

2- When this covid thing came out

On the first era, here's a Java lecture from Stanford, if it's too basic for you, it still has historical value, iirc it's something like Java 6. And it also reinforces the basics.

https://www.youtube.com/watch?v=KkMDCCdjyW8&list=PLA70DBE71B...

It's a bit harder to follow along with online materials since you have to use the Internet Archive, and download older compilers or use options to target older versions, but it's all the more fun for it.

g947o•2w ago

I took the EPFL course as well, although did not finish it. As someone who only had experience working with imperative programming and OOP stuff, it blew my mind -- I never knew you could write code like this. The course was great but a bit too fast for me at the time (part of the reason I did not complete it).

jrflowers•2w ago

I like that the MIT CSAIL CSS website (https://css.csail.mit.edu/) has a link to a Russian online gambling site due to what I’m assuming is a typo (click on the Foundations of Cryptography class)

barishnamazov•2w ago

Likely it was an expired domain. I have seen this trend happen quite a bit with semi-popular domains, e.g., International Olympiad in Informatics 2019 official website, ioi2019.az

jrflowers•2w ago

The domain was created two months ago.

https://whois.domaintools.com/mit6875.org

rediguanayum•2w ago

Presumably for SEO tactic of the gambling site?

ethical•2w ago

What they don't tell you. Everyone in the company will hate you, no one will fix the bugs you find, HR will want to sack you for fun, and the execs are all psycho's. Find a better career, like watching paint dry, or become a monk. Its fun, but not worth it. People are twats.

blazex344•2w ago

Sucks being a cost center. I've come to realize that a lot of what makes security fun for me still boils down to engineering problems that isn't only found in security teams.

tgv•2w ago

Cost center... now there's a frame. It's nothing but ignorant or malicious bean counter talk.

markus_zhang•2w ago

Or just go to the dark side if you are good enough /s

I kinda think the dark side is now pretty competitive, though.

Haskell for all: Beyond agentic coding

Dorsey's Block cutting up to 10% of staff

Show HN: Freenet Lives – Real-Time Decentralized Apps at Scale [video]

In the AI age, 'slow and steady' doesn't win

Administration won't let student deported to Honduras return

How were the NIST ECDSA curve parameters generated? (2023)

AI, networks and Mechanical Turks (2025)

Goto Considered Awesome [video]

Show HN: I Built a Free AI LinkedIn Carousel Generator

Implementing Auto Tiling with Just 5 Tiles

Open Challange (Get all Universities involved

Apple Tried to Tamper Proof AirTag 2 Speakers – I Broke It [video]

Show HN: Isolating AI-generated code from human code | Vibe as a Code

Show HN: More beautiful and usable Hacker News

Toledo Derailment Rescue [video]

War Department Cuts Ties with Harvard University

Show HN: LocalGPT – A local-first AI assistant in Rust with persistent memory

A Bid-Based NFT Advertising Grid

AI readability score for your documentation

NASA Study: Non-Biologic Processes Don't Explain Mars Organics

I inhaled traffic fumes to find out where air pollution goes in my body

X said it would give $1M to a user who had previously shared racist posts

155M US land parcel boundaries

Private Inference

Font Rendering from First Principles

Show HN: Seedance 2.0 AI video generator for creators and ecommerce

Wally: A fun, reliable voice assistant in the shape of a penguin

Rewriting Pycparser with the Help of an LLM

Lobsters Vibecoding Challenge

E-Commerce vs. Social Commerce