Contact
- Personal
- michael@orlitzky.com
- Gentoo
- mjo@gentoo.org
- IRC
- mjo on libera.chat
- Twitter
- sike
- GPG public key
-
binary
/
ASCII
About Me
On a scale from Dr. Zoidberg to Dr. Martin Luther King Jr., I'm
Dr. Mario.
- FACT
- mythical zero ilk
- FACT
- am rich like zloty
- Curriculum
- vitae
Papers
-
Jordan and isometric cone automorphisms in Euclidean Jordan algebras.
Preprint, December 19th, 2024.
-
Jordan automorphisms and derivatives of symmetric
cones. Linear Algebra and its Applications (accepted),
2024. Preprint
version.
-
Continuity of the conic hull. Journal of Convex Analysis
31(1):255–264, 2024. Preprint
version.
-
Rank computation in Euclidean Jordan algebras.
Journal of Symbolic Computation, 113:181–192, 2022.
Preprint version.
-
Tight bounds on Lyapunov rank.
Optimization Letters, 16:723–728, 2022.
Preprint version.
-
Proscribed normal decompositions of Euclidean Jordan algebras.
Journal of Convex Analysis, 29(3):755–766, 2022.
Preprint version.
-
On the symmetry of induced norm cones.
Optimization, 71(3):441–447, 2022.
Preprint version.
-
Gaddum's test for symmetric cones.
Journal of Global Optimization, 79(4):927–940, 2021.
Preprint version.
-
When a maximal angle among cones is nonobtuse.
Computational and Applied Mathematics, 39(2), 2020.
Preprint version.
-
Positive and Z-operators on closed
convex cones.
Electronic Journal of Linear Algebra, 34:444–458, 2018.
Preprint version.
-
Lyapunov rank of polyhedral positive operators.
Linear and Multilinear Algebra, 66(5):992–1000, 2018.
Preprint version.
-
Positive
operators, Z-operators, Lyapunov rank, and linear games on closed
convex cones. PhD dissertation, UMBC, 2017.
-
The
Lyapunov rank of an improper cone.
Optimization Methods and Software, 32(1):109–125, 2017.
Preprint version.
-
An
improved bound for the Lyapunov rank of a proper
cone
(with M. Seetharama Gowda).
Optimization Letters, 10:11–17, 2016.
Preprint version.
-
Optimal Recovery of Differentiable Functions by Univariate
Splines
—
Master's thesis
Books
-
Euclidean Jordan algebras for optimization.
Draft, October 20th, 2022.
Unpublished notes
-
A tale of two complete positivities.
March 14th, 2024.
-
Proper cones are manifolds with boundary.
April 27th, 2020.
-
On Z-operators and viability theorems.
February 7th, 2019.
Presentations
-
The uniqueness of Lyapunov rank among symmetric cones.
VAEJA 2024, September 27, 2024.
-
Laundering money.
DEF CON 32, August 10, 2024.
-
The uniqueness of Lyapunov rank among symmetric cones.
ISMP 2024, July 22, 2024.
-
Jordan automorphisms and derivatives of symmetric cones.
ILAS Madrid, June 13, 2023.
-
Lyapunov rank in conic optimization.
Towson University, April 18, 2017.
-
Positive operators, Z-operators, Lyapunov rank, and linear games on closed convex cones.
University of Maryland Baltimore County, April 07, 2017.
-
Solving linear games with cone programs.
UMBC Optimization Seminar, December 08, 2016.
-
Lyapunov rank of polyhedral positive operators.
UMBC Optimization Seminar, September 29, 2016.
-
The S-lemma.
UMBC Optimization Seminar, November 15, 2015.
-
The Lyapunov rank of an improper cone: Lie algebra (Part II).
UMBC Optimization Seminar, September 17, 2015.
-
The Lyapunov rank of an improper cone: Algorithms (Part I).
UMBC Optimization Seminar, September 10, 2015.
-
Topological Groups in Optimization.
UMBC Optimization Seminar, February 03, 2015.
-
Lyapunov Rank and Perfect Cones.
UMBC Optimization Seminar, September 25, 2014.
-
Introduction to Koecher Cones.
UMBC Optimization Seminar, May 01, 2014.
-
Ornstein-Uhlenbeck Processes.
Mathematical Financial Derivatives, May 12, 2012.
-
Optimal Recovery of Differentiable Functions by Univariate Splines.
Towson University, May 09, 2012.
-
Optimization Under Uncertainty and Risk.
14th Annual George Mason University Conference on Atmospheric Transport and Dispersion Modeling, July 15, 2010.
Articles
-
CharmBypass pt. 3: cease and desist
— 2024-02-02
-
CharmBypass pt. 2: analysis
— 2023-11-08
(updated 2024-02-02)
-
CharmBypass pt. 1: introduction
— 2023-11-04
(updated 2024-02-02)
-
CSC ServiceWorks laundry machine coin bypass
— 2023-06-02
(updated 2024-10-19)
-
POSIX hardlink heartache
— 2020-12-05
-
Gentoo GLEP81 user package guidelines
— 2019-11-21
-
Greybeard's tomb: the lost treasure of language design
— 2019-05-14
-
Let's not Encrypt
— 2019-04-24
(updated 2023-11-05)
-
A non-proof of the Lagrange multiplier theorem
— 2019-04-09
-
There was an attempt to save Linux filesystem ACLs
— 2019-03-16
-
Fix busted ACLs faster with libadacl
— 2018-03-06
(updated 2024-04-09)
-
Healthy OpenRC recipes to kick off the new year
— 2018-01-09
-
Advice from the trenches
— 2018-01-04
-
Configuration should be owned and writable only by root
— 2017-12-29
-
End root chowning now (make pkg_postinst great again)
— 2017-09-29
-
End root chowning now (make /etc/init.d great again)
— 2016-12-27
-
Cisco (SenderBase) security products lose email
— 2016-11-22
-
Makeing LaTeX
— 2016-11-18
(updated 2020-05-01)
-
Motherfuckers need package management
— 2015-07-05
-
New Gandi certificates in Apache 2.4
— 2015-03-14
(updated 2016-05-05)
-
Certificate chains in Apache 2.4
— 2015-01-09
-
Overview of email spam and forgery countermeasures
— 2014-06-05
(updated 2022-04-25)
-
So you're blacklisted…
— 2014-01-05
-
Avoid the link “target” attribute
— 2013-10-30
-
Decoupling Rails and Passenger from Bundler
— 2013-09-10
-
Using Haddock markup in a Cabal file
— 2013-07-27
-
Against CA-signed certificates
— 2013-03-23
(updated 2015-04-02)
-
The derivative of a quadratic form
— 2013-03-12
-
In defense of self-signed certificates
— 2013-02-16
-
Fixing POSIX ACLs in common utilities
— 2013-01-30
(updated 2016-10-01)
-
Redundant Postfix main.cf parameters
— 2013-01-02
-
Problems with POSIX ACLs and common utilities
— 2012-08-13
-
Persistent ulimit for daemons in Gentoo
— 2012-08-06
-
Thinkpad X61s ath5k rfkill issues
— 2012-06-02
(updated 2021-08-02)
-
Fixing PDF graphics in LyX
— 2012-05-11
-
Upgrading PostgreSQL 9.x on Gentoo
— 2012-02-13
(updated 2015-06-04)
-
Avoiding RewriteBase with Apache mod_rewrite
— 2012-02-08
-
Backing up Microsoft SQL Server Express
— 2011-07-24
(updated 2023-02-09)
-
OpenSSL commands I would like to remember
— 2010-11-28
-
Server 2008 print spooler dies with error 0x80010057
— 2010-05-28
-
Fixing KVM (QEMU) keymaps
— 2010-04-05
-
Resizing a KVM or QEMU disk image
— 2010-03-21
-
New certificates in IIS without downtime
— 2010-03-16
-
Migrating from Windows DNS to tinydns
— 2010-01-03
(updated 2023-10-31)
Older articles are in no particular order.
CVEs
- CVE-2024-43199
-
NDOUtils root privilege escalation via insecure permissions
- CVE-2024-34490
-
Maxima unsafe /tmp usage
- CVE-2020-36770
-
sys-cluster/slurm root privilege escalation via recursive chown
- CVE-2023-34204
-
imapsync unsafe /tmp usage
- CVE-2023-29465
-
FlintQS unsafe /tmp usage
- CVE-2020-36657
-
app-misc/uptimed root privilege escalation via recursive chown
- CVE-2018-25078
-
sys-apps/man-db root privilege escalation via setuid
- CVE-2017-20148
-
app-admin/logcheck root privilege escalation via recursive chown
- CVE-2017-20147
-
net-analyzer/smokeping privilege escalation via PID file manipulation
- CVE-2016-20015
-
net-analyzer/smokeping root privilege escalation via service “restore”
- CVE-2022-40299
-
Singular interface unsafe /tmp usage
- CVE-2020-35766
-
OpenDKIM unsafe /tmp usage
- CVE-2018-21269
-
OpenRC checkpath root privilege escalation via non-terminal symlinks
- CVE-2017-18925
-
opentmpfiles root privilege escalation by symlink attack
- CVE-2019-20384
-
Portage insecure temporary location
- CVE-2019-17365
-
Nix per-user profile directory hijack
- CVE-2017-18285
-
app-backup/burp root privilege escalation via writable config
- CVE-2018-6954
-
systemd-tmpfiles root privilege escalation via non-terminal symlinks
- CVE-2017-18284
-
app-backup/burp privilege escalation via PID file manipulation
- CVE-2018-2773
-
MySQL/MariaDB privilege escalation via PID file manipulation
- CVE-2018-6536
-
Icinga2 privilege escalation via PID file manipulation
- CVE-2017-18226
-
net-im/jabberd2 privilege escalation via PID file manipulation
- CVE-2017-18225
-
net-im/jabberd2 root privilege escalation via user-owned executables
- CVE-2017-18240
-
app-admin/collectd privilege escalation via PID file manipulation
- CVE-2017-18188
-
opentmpfiles root privilege escalation via recursive chown
- CVE-2017-18078
-
systemd-tmpfiles root privilege escalation sans fs.protected_hardlinks
- CVE-2017-18018
-
GNU chown and chgrp privilege escalation via recursive dereferences
- CVE-2017-16933
-
Icinga2 root privilege escalation via init script and systemd service
- CVE-2017-16882
-
Icinga core root privilege escalation via insecure permissions
- CVE-2017-16834
-
pnp4nagios root privilege escalation via insecure permissions
- CVE-2017-16659
-
mail-filter/assp root privilege escalation by user-owned daemon
- CVE-2017-16638
-
net-misc/vde root privilege escalation via OpenRC service script
- CVE-2017-15945
-
dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera root privilege escalation via chown in ebuild phase functions
- CVE-2017-14730
-
app-admin/logstash-bin root privilege escalation via init script
- CVE-2017-14681
-
P3Scan privilege escalation via PID file manipulation
- CVE-2017-14609
-
Kannel privilege escalation via PID file manipulation
- CVE-2017-14484
-
sci-mathematics/gimps root privilege escalation via init script
- CVE-2017-14483
-
dev-python/flower privilege escalation via PID file manipulation
- CVE-2017-14312
-
Nagios core root privilege escalation via insecure permissions
- CVE-2017-14159
-
OpenLDAP privilege escalation via PID file manipulation
- CVE-2017-14102
-
MIMEDefang privilege escalation via PID file manipulation
- CVE-2017-13649
-
UnrealIRCd privilege escalation via PID file manipulation
- CVE-2017-12847
-
Nagios core privilege escalation via PID file manipulation
- CVE-2017-11747
-
Tinyproxy privilege escalation via PID file manipulation
- CVE-2017-11746
-
Tenshi privilege escalation via PID file manipulation
- CVE-2016-10089
-
Nagios core incomplete fix for CVE-2016-8641
Code
The code has its own page, you
should go to that page.
What I Want