michael orlitzky


mjo on libera.chat
GPG public key
binary / ASCII

About Me

On a scale from Dr. Zoidberg to Dr. Martin Luther King Jr., I'm Dr. Mario.

mythical zero ilk
am rich like zloty


  1. The uniqueness of Lyapunov rank among symmetric cones (with G. Barbarino). Preprint, March 9th, 2025.
  2. Jordan and isometric cone automorphisms in Euclidean Jordan algebras. Preprint, December 19th, 2024.
  3. Jordan automorphisms and derivatives of symmetric cones. Linear Algebra and its Applications (accepted), 2024. Preprint version.
  4. Continuity of the conic hull. Journal of Convex Analysis 31(1):255–264, 2024. Preprint version.
  5. Rank computation in Euclidean Jordan algebras. Journal of Symbolic Computation, 113:181–192, 2022. Preprint version.
  6. Tight bounds on Lyapunov rank. Optimization Letters, 16:723–728, 2022. Preprint version.
  7. Proscribed normal decompositions of Euclidean Jordan algebras. Journal of Convex Analysis, 29(3):755–766, 2022. Preprint version.
  8. On the symmetry of induced norm cones. Optimization, 71(3):441–447, 2022. Preprint version.
  9. Gaddum's test for symmetric cones. Journal of Global Optimization, 79(4):927–940, 2021. Preprint version.
  10. When a maximal angle among cones is nonobtuse. Computational and Applied Mathematics, 39(2), 2020. Preprint version.
  11. Positive and Z-operators on closed convex cones. Electronic Journal of Linear Algebra, 34:444–458, 2018. Preprint version.
  12. Lyapunov rank of polyhedral positive operators. Linear and Multilinear Algebra, 66(5):992–1000, 2018. Preprint version.
  13. Positive operators, Z-operators, Lyapunov rank, and linear games on closed convex cones. PhD dissertation, UMBC, 2017.
  14. The Lyapunov rank of an improper cone. Optimization Methods and Software, 32(1):109–125, 2017. Preprint version.
  15. An improved bound for the Lyapunov rank of a proper cone (with M. Seetharama Gowda). Optimization Letters, 10:11–17, 2016. Preprint version.
  16. Optimal Recovery of Differentiable Functions by Univariate Splines — Master's thesis


  1. Euclidean Jordan algebras for optimization. Draft, October 20th, 2022.

Unpublished notes

  1. A tale of two complete positivities. March 14th, 2024.
  2. Proper cones are manifolds with boundary. April 27th, 2020.
  3. On Z-operators and viability theorems. February 7th, 2019.


  1. The uniqueness of Lyapunov rank among symmetric cones. VAEJA 2024, September 27, 2024.
  2. Laundering money. DEF CON 32, August 10, 2024.
  3. The uniqueness of Lyapunov rank among symmetric cones. ISMP 2024, July 22, 2024.
  4. Jordan automorphisms and derivatives of symmetric cones. ILAS Madrid, June 13, 2023.
  5. Lyapunov rank in conic optimization. Towson University, April 18, 2017.
  6. Positive operators, Z-operators, Lyapunov rank, and linear games on closed convex cones. University of Maryland Baltimore County, April 07, 2017.
  7. Solving linear games with cone programs. UMBC Optimization Seminar, December 08, 2016.
  8. Lyapunov rank of polyhedral positive operators. UMBC Optimization Seminar, September 29, 2016.
  9. The S-lemma. UMBC Optimization Seminar, November 15, 2015.
  10. The Lyapunov rank of an improper cone: Lie algebra (Part II). UMBC Optimization Seminar, September 17, 2015.
  11. The Lyapunov rank of an improper cone: Algorithms (Part I). UMBC Optimization Seminar, September 10, 2015.
  12. Topological Groups in Optimization. UMBC Optimization Seminar, February 03, 2015.
  13. Lyapunov Rank and Perfect Cones. UMBC Optimization Seminar, September 25, 2014.
  14. Introduction to Koecher Cones. UMBC Optimization Seminar, May 01, 2014.
  15. Ornstein-Uhlenbeck Processes. Mathematical Financial Derivatives, May 12, 2012.
  16. Optimal Recovery of Differentiable Functions by Univariate Splines. Towson University, May 09, 2012.
  17. Optimization Under Uncertainty and Risk. 14th Annual George Mason University Conference on Atmospheric Transport and Dispersion Modeling, July 15, 2010.

(get that RSS feed)


  1. CharmBypass pt. 3: cease and desist — 2024-02-02
  2. CharmBypass pt. 2: analysis — 2023-11-08 (updated 2024-02-02)
  3. CharmBypass pt. 1: introduction — 2023-11-04 (updated 2024-02-02)
  4. CSC ServiceWorks laundry machine coin bypass — 2023-06-02 (updated 2024-10-19)
  5. POSIX hardlink heartache — 2020-12-05
  6. Gentoo GLEP81 user package guidelines — 2019-11-21
  7. Greybeard's tomb: the lost treasure of language design — 2019-05-14
  8. Let's not Encrypt — 2019-04-24 (updated 2023-11-05)
  9. A non-proof of the Lagrange multiplier theorem — 2019-04-09
  10. There was an attempt to save Linux filesystem ACLs — 2019-03-16
  11. Fix busted ACLs faster with libadacl — 2018-03-06 (updated 2025-02-04)
  12. Healthy OpenRC recipes to kick off the new year — 2018-01-09
  13. Advice from the trenches — 2018-01-04
  14. Configuration should be owned and writable only by root — 2017-12-29
  15. End root chowning now (make pkg_postinst great again) — 2017-09-29
  16. End root chowning now (make /etc/init.d great again) — 2016-12-27
  17. Cisco (SenderBase) security products lose email — 2016-11-22
  18. Makeing LaTeX — 2016-11-18 (updated 2020-05-01)
  19. Motherfuckers need package management — 2015-07-05
  20. New Gandi certificates in Apache 2.4 — 2015-03-14 (updated 2016-05-05)
  21. Certificate chains in Apache 2.4 — 2015-01-09
  22. Overview of email spam and forgery countermeasures — 2014-06-05 (updated 2022-04-25)
  23. So you're blacklisted… — 2014-01-05
  24. Avoid the link “target” attribute — 2013-10-30
  25. Decoupling Rails and Passenger from Bundler — 2013-09-10
  26. Using Haddock markup in a Cabal file — 2013-07-27
  27. Against CA-signed certificates — 2013-03-23 (updated 2015-04-02)
  28. The derivative of a quadratic form — 2013-03-12
  29. In defense of self-signed certificates — 2013-02-16
  30. Fixing POSIX ACLs in common utilities — 2013-01-30 (updated 2016-10-01)
  31. Redundant Postfix main.cf parameters — 2013-01-02
  32. Problems with POSIX ACLs and common utilities — 2012-08-13
  33. Persistent ulimit for daemons in Gentoo — 2012-08-06
  34. Thinkpad X61s ath5k rfkill issues — 2012-06-02 (updated 2021-08-02)
  35. Fixing PDF graphics in LyX — 2012-05-11
  36. Upgrading PostgreSQL 9.x on Gentoo — 2012-02-13 (updated 2015-06-04)
  37. Avoiding RewriteBase with Apache mod_rewrite — 2012-02-08
  38. Backing up Microsoft SQL Server Express — 2011-07-24 (updated 2023-02-09)
  39. OpenSSL commands I would like to remember — 2010-11-28
  40. Server 2008 print spooler dies with error 0x80010057 — 2010-05-28
  41. Fixing KVM (QEMU) keymaps — 2010-04-05
  42. Resizing a KVM or QEMU disk image — 2010-03-21
  43. New certificates in IIS without downtime — 2010-03-16
  44. Migrating from Windows DNS to tinydns — 2010-01-03 (updated 2023-10-31)

Older articles are in no particular order.


NDOUtils root privilege escalation via insecure permissions
Maxima unsafe /tmp usage
sys-cluster/slurm root privilege escalation via recursive chown
imapsync unsafe /tmp usage
FlintQS unsafe /tmp usage
app-misc/uptimed root privilege escalation via recursive chown
sys-apps/man-db root privilege escalation via setuid
app-admin/logcheck root privilege escalation via recursive chown
net-analyzer/smokeping privilege escalation via PID file manipulation
net-analyzer/smokeping root privilege escalation via service “restore”
Singular interface unsafe /tmp usage
OpenDKIM unsafe /tmp usage
OpenRC checkpath root privilege escalation via non-terminal symlinks
opentmpfiles root privilege escalation by symlink attack
Portage insecure temporary location
Nix per-user profile directory hijack
app-backup/burp root privilege escalation via writable config
systemd-tmpfiles root privilege escalation via non-terminal symlinks
app-backup/burp privilege escalation via PID file manipulation
MySQL/MariaDB privilege escalation via PID file manipulation
Icinga2 privilege escalation via PID file manipulation
net-im/jabberd2 privilege escalation via PID file manipulation
net-im/jabberd2 root privilege escalation via user-owned executables
app-admin/collectd privilege escalation via PID file manipulation
opentmpfiles root privilege escalation via recursive chown
systemd-tmpfiles root privilege escalation sans fs.protected_hardlinks
GNU chown and chgrp privilege escalation via recursive dereferences
Icinga2 root privilege escalation via init script and systemd service
Icinga core root privilege escalation via insecure permissions
pnp4nagios root privilege escalation via insecure permissions
mail-filter/assp root privilege escalation by user-owned daemon
net-misc/vde root privilege escalation via OpenRC service script
dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera root privilege escalation via chown in ebuild phase functions
app-admin/logstash-bin root privilege escalation via init script
P3Scan privilege escalation via PID file manipulation
Kannel privilege escalation via PID file manipulation
sci-mathematics/gimps root privilege escalation via init script
dev-python/flower privilege escalation via PID file manipulation
Nagios core root privilege escalation via insecure permissions
OpenLDAP privilege escalation via PID file manipulation
MIMEDefang privilege escalation via PID file manipulation
UnrealIRCd privilege escalation via PID file manipulation
Nagios core privilege escalation via PID file manipulation​
Tinyproxy privilege escalation via PID file manipulation​
Tenshi privilege escalation via PID file manipulation
Nagios core incomplete fix for CVE-2016-8641


The code has its own page, you should go to that page.

What I Want