Billy O'Neal
@malwareminigun@infosec.exchange
mastodon
4.6.0-alpha.7+glitch
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
0
Followers
0
Following
Joined December 18, 2022
GitHub:
Discord:
BillyONeal#4301
Posts
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
@malwareminigun@infosec.exchange
·
3d ago
1
0
0
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
@malwareminigun@infosec.exchange
·
5d ago
@dascandy In COM land this is normally done with code rather than data; IUnknown::QueryInterface gets passed the GUID of the desired type, and the implementer of the CoClass has a switch for the GUIDs they know about, and a static_cast. (Because it is code there are some funny edge cases like tear-offs that are kind of irrelevant now) There is COM impact in the vtbl layout but not in the RTTI data because COM doesn't use RTTI.
2
0
0
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
@malwareminigun@infosec.exchange
·
5d ago
@dascandy No, there is nothing COM related. I think our layout exists because it just happened to be convenient for the compiler to emit it that way.
As for Itanium, I believe (1) they heavily rely on the traditional ".so" model to avoid strcmps which does not work on Windows where each DLL is its own island, and (2) I believe but am not certain that our layout is just older.
As for Itanium, I believe (1) they heavily rely on the traditional ".so" model to avoid strcmps which does not work on Windows where each DLL is its own island, and (2) I believe but am not certain that our layout is just older.
1
2
0
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
@malwareminigun@infosec.exchange
·
5d ago
@david_chisnall @whitequark If I recall correctly that "is this class equal" is a pointer chase per base in the Itanium ABI, so 2 (T* -> vtbl[-1] -> ) +number of bases chases. And if you aren't on a system that dedupes .so symbols each of those might be an extra chase/strcmp of mangled names.
For MSVC if I recall correctly, it's 3 pointer chases (T* -> vtbl[-1] -> complete-object-locator -> base-class-array) to the base class array and a similar chase/strcmp.
Both strategies take like 3-4 times the time of something like llvm::dyn_cast<>. It is very possible to make a dynamic_cast implementation that does not suck for the common cases (by, for example, putting the list of types a thing is in the vtbl itself for the single inheritance cases to remove any extra pointer chases) but neither major ABI does that.
For MSVC if I recall correctly, it's 3 pointer chases (T* -> vtbl[-1] -> complete-object-locator -> base-class-array) to the base class array and a similar chase/strcmp.
Both strategies take like 3-4 times the time of something like llvm::dyn_cast<>. It is very possible to make a dynamic_cast implementation that does not suck for the common cases (by, for example, putting the list of types a thing is in the vtbl itself for the single inheritance cases to remove any extra pointer chases) but neither major ABI does that.
2
2
0
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
@malwareminigun@infosec.exchange
·
5d ago
@whitequark As someone who has seen the perf data.... I get it. Because dynamic cast can do cross casts and all kinds of other similar junk, instead of a simple "Are you an X? (and maybe offset)" both major implementations need to do graph algorithms and a bunch of pointer chasing.
1
4
1
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
@malwareminigun@infosec.exchange
·
5d ago
@davidrevoy This reminds me of https://www.youtube.com/watch?v=53T3V3veeoU
0
0
0
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
@malwareminigun@infosec.exchange
·
Apr 11, 2026
0
0
0
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
@malwareminigun@infosec.exchange
·
Apr 10, 2026
@Migueldeicaza .... I don't want to be a head catcher
3
0
0
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
@malwareminigun@infosec.exchange
·
Apr 09, 2026
@tayfonay On one of those boat tours the guide was like "That tower is spelled doubleyou eye ell ell eye ess, and it's pronounced Sears"
4
0
1
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
@malwareminigun@infosec.exchange
·
Apr 03, 2026
0
0
0
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
@malwareminigun@infosec.exchange
·
Mar 30, 2026
@phillmv "I can never find any book ever again but boy is it pretty" :D
0
0
1
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
@malwareminigun@infosec.exchange
·
Mar 24, 2026
@chansecodina @hyc @coderanger I see no technical solutions to defend against (1). The only solution to (1) is for users of a project to somehow pay for at least 2 people to be maintainers of the thing.
At the end of the day we are delegating trust to the project maintainers, and that one person delegated control of their system to someone else.
At the end of the day we are delegating trust to the project maintainers, and that one person delegated control of their system to someone else.
0
0
0
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
@malwareminigun@infosec.exchange
·
Mar 24, 2026
@chansecodina @hyc @coderanger I guess my problem with this direction is that I don't think it really addresses the problem. It's taking the real problem, the JiaTan situation, and saying "well we can't solve that problem, but we can solve this appears to be related problem over here" but IMO that apparently unrelated problem isn't one that actually matters.
At the end of the day the 'root of trust' for a particular project or component is functionally their website, and TLS shuts down the easy/practical ways to insert oneself into that. Most certificate exchange or hashing mechanisms would also be delivered via the same website so compromise of that is compromise of everything. And things like BOMs tend to give a false sense of 'security' being offered by what is morally an attestation.
At the end of the day the 'root of trust' for a particular project or component is functionally their website, and TLS shuts down the easy/practical ways to insert oneself into that. Most certificate exchange or hashing mechanisms would also be delivered via the same website so compromise of that is compromise of everything. And things like BOMs tend to give a false sense of 'security' being offered by what is morally an attestation.
0
2
0
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
@malwareminigun@infosec.exchange
·
Mar 23, 2026
@coderanger In this case the xz maintainer 'organization' was one person, and that one person is also who gave JiaTan access.
0
0
0
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
@malwareminigun@infosec.exchange
·
Mar 23, 2026
@chansecodina That would require having people outside the project paying attention to the sock puppet campaign, which was clearly not the case.
You can't show that the sock puppets are related with cryptography.
I agree that you can't solve social problems with technical tools. But that's kind of @coderanger 's point as I understand it.
There has been absolutely nothing proposed that would have stopped JiaTan.
You can't show that the sock puppets are related with cryptography.
I agree that you can't solve social problems with technical tools. But that's kind of @coderanger 's point as I understand it.
There has been absolutely nothing proposed that would have stopped JiaTan.
0
2
0
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
@malwareminigun@infosec.exchange
·
Mar 23, 2026
@coderanger It doesn't matter if they were "bullied", the fact is that they did it. JiaTan being able to push a release was not a surprise to the original maintainers.
0
2
0
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
@malwareminigun@infosec.exchange
·
Mar 23, 2026
@coderanger They *did*. That's how JiaTan got maintainer status on the xz project's repo.
0
2
0
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
@malwareminigun@infosec.exchange
·
Mar 23, 2026
@chansecodina @coderanger The problem is that web of trust would have done nothing against JiaTan. They were the upstream maintainer and had permission at a project level to mint the release they minted so they would have had the right keys.
0
4
0
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
@malwareminigun@infosec.exchange
·
Mar 18, 2026
@niconiconi @whitequark you_had_one_job.jpg
2
0
0
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
@malwareminigun@infosec.exchange
·
Feb 24, 2026
@rebane2001 we need to put movfuscator in the middle
We need a special index for you, @xoreaxeaxeax , et al.
We need a special index for you, @xoreaxeaxeax , et al.
0
0
0
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
@malwareminigun@infosec.exchange
·
Feb 24, 2026
@rebane2001 That is impressively cursed, well done!
7
2
0
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
@malwareminigun@infosec.exchange
·
Feb 09, 2026
@malwaretech Your picture says :| but if I were discovering this it would be more like :D
0
0
0
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
@malwareminigun@infosec.exchange
·
Feb 03, 2026
@azonenberg so no civ6 for dies, got it
0
2
0
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
@malwareminigun@infosec.exchange
·
Feb 03, 2026
@CursedFootprint @whitequark @azonenberg do you think that would have gotten better utilization of a wafer?
0
2
0
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
@malwareminigun@infosec.exchange
·
Jan 15, 2026
@whitequark@social.treehouse.systems It's a shame Ian is pretty mask off fascist these days :(
0
0
0
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
@malwareminigun@infosec.exchange
·
Apr 16, 2025
@fivetonsflax They need to talk to Psychostick https://youtu.be/u8ccGjar4Es
0
0
0
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
Billy O'Neal
@malwareminigun@infosec.exchange
Dev at Microsoft on the vcpkg team. Former @VisualC STL maintainer. He/Him (Although I don’t care much)
infosec.exchange
@malwareminigun@infosec.exchange
·
Oct 27, 2023
3
0
1