inks

rss

best

tags

sources

random

A Year of Google Maps & Apple Maps

https://www.justinobeirne.com/a-year-of-google-maps-and-apple-maps/ - [www.justinobeirne.com]
2017-05-27 17:52:48
tags: android development iphone maps ux web

> And it made me wonder what else would change, if we kept watching. Would Google keep adding detail? And would Apple, like Google, also start making changes? So I wrote a script that takes monthly screenshots of Google and Apple Maps. And thirteen months later, we now have a year’s worth of images:

source: L

^

For a Good Strftime

http://www.foragoodstrftime.com/ - [www.foragoodstrftime.com]
2017-05-27 05:53:13
tags: c development intro-programming library swtools

> Easy Skeezy Date/Time Formatting

^

Writing a Really, Really Fast JSON Parser

https://chadaustin.me/2017/05/writing-a-really-really-fast-json-parser/ - [chadaustin.me]
2017-05-27 05:43:59
tags: c cpu perf programming

And/or string scanner.

source: L

^

Go and a not tiny amount of memory

https://hackernoon.com/go-and-a-not-tiny-amount-of-memory-a7a9430d4d22 - [hackernoon.com]
2017-05-27 05:41:53
tags: garbage-collection go malloc perf programming

> With judicious use of the “unsafe” and “syscall” packages I could replace some of my very large slices with slices backed by memory maps.

source: L

^

Dirty COW and why lying is bad even if you are the Linux kernel

https://chao-tic.github.io/blog/2017/05/24/dirty-cow - [chao-tic.github.io]
2017-05-26 19:54:23
tags: concurrency exploit linux malloc security systems

> There have been plenty of articles and blog posts about the exploit, but none of them give a satisfactory explanation on exactly how Dirty COW works under the hood from the kernel’s perspective.

Good deep dive.

source: L

^

Random Postgres Things

http://malisper.me/ - [malisper.me]
2017-05-26 09:59:08
tags: database series sql

Learn new things about postgres.

source: danluu

^

Remote code execution from a writable share

https://www.samba.org/samba/security/CVE-2017-7494.html - [www.samba.org]
2017-05-26 03:26:32
tags: bugfix networking security

> All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.

^

May 19, 2017: OCSP and Issuance Outage Postmortem

https://community.letsencrypt.org/t/may-19-2017-ocsp-and-issuance-outage-postmortem/34922 - [community.letsencrypt.org]
2017-05-25 19:46:40
tags: admin development investigation networking standard turtles web

> Merging repeated slashes is such a common behavior that we had to disable it in three separate places.

> We got their customer service on the phone, at which point we learned about the DDoS scrubbing and requested they turn it off. They did, but our connectivity problem continued. After more phone calls and escalations, we learned that there was actually a second DDoS mitigation in place, at their upstream ISP.

Too many slashes, too many mitigations, too many turtles.

source: L

^

A Couple Of Papers About Commodity Multicore Record And Replay, And A Possible Way Forward

http://robert.ocallahan.org/2017/05/a-couple-of-papers-about-commodity.html - [robert.ocallahan.org]
2017-05-25 08:07:37
tags: compsci concurrency development paper

> To be clear: I don’t want to work on this. I’m a lot more interested in the applications of record-and-replay than the machinery that does it. I want someone else to do it for us

^

Exploiting a V8 OOB write

https://halbecaf.com/2017/05/24/exploiting-a-v8-oob-write/ - [halbecaf.com]
2017-05-25 07:56:12
tags: cpp exploit javascript jit security

> This bug turned out to be extremely easy to exploit because of a number of factors:

source: solar

^

Manipulation in the VIX?

https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2972979 - [papers.ssrn.com]
2017-05-25 07:34:33
tags: finance paper

> At the settlement time of the VIX Volatility Index, volume spikes on S&P 500 Index (SPX) options, but only in out-of-the-money options that are used to calculate the VIX, and more so for options with a higher and discontinuous influence on VIX.

source: ML

^

NVMe 1.3 Specification Published With New Features For Client And Enterprise SSDs

http://www.anandtech.com/show/11436/nvme-13-specification-published-new-features - [www.anandtech.com]
2017-05-25 07:09:06
tags: hardware standard storage update

Boot partitions, virtualization, stuff.

^

Dracula, Strunk, and Correct English Usage

http://www.chronicle.com/blogs/linguafranca/2017/05/23/dracula-strunk-and-correct-english-usage/ - [www.chronicle.com]
2017-05-25 07:03:59
tags: factcheck language

> Do not place your trust in either of these men.

> I could go on, but you can see where I’m headed. Strunk’s rules appear to be as fictional as Count Dracula.

^

Cloak & Dagger

http://cloak-and-dagger.org/ - [cloak-and-dagger.org]
2017-05-25 06:48:24
tags: android auth exploit malware security ux

> Cloak & Dagger is a new class of potential attacks affecting Android devices.

Tapjacking for fun and profit.

source: L

^

NeXT: Steve Jobs’ dot.com IPO that Never Happened

http://www.computerhistory.org/atchm/next-steve-jobs-dot-com-ipo-that-never-happened/ - [www.computerhistory.org]
2017-05-25 06:45:45
tags: business mac retro valley web

Betting big on WebObjects.

source: L

^

Tracking down a segfault in grep

http://blog.loadzero.com/blog/tracking-down-a-segfault-in-grep/ - [blog.loadzero.com]
2017-05-25 06:44:16
tags: c freebsd investigation mac swtools

From mac to freebsd to linux and back again.

source: L

^

Porting Windows Dynamic Link Libraries to Linux

https://github.com/taviso/loadlibrary - [github.com]
2017-05-25 06:42:34
tags: linux release swtools virtualization windows

> This repository contains a library that allows native Linux programs to load and call functions from a Windows DLL.

source: L

^

Determining application-specific peak power and energy requirements for ultra-low power processors

https://blog.acolyer.org/2017/05/23/determining-application-specific-peak-power-and-energy-requirements-for-ultra-low-power-processors/ - [blog.acolyer.org]
2017-05-25 06:35:46
tags: compsci cpu energy hardware paper

> The core idea is to run a symbolic simulation of an application binary on ‘the gate-level netlist of a processor.’

^

AES-GCM-SIV

http://www.imperialviolet.org/2017/05/14/aesgcmsiv.html - [www.imperialviolet.org]
2017-05-25 06:19:47
tags: crypto networking paper security standard

> AES-GCM with some forgiveness. It uses the same primitives as AES-GCM, and thus enjoys the same hardware support, but it doesn’t fail catastrophically if you repeat a nonce. Thus you can use random, 96-bit nonces with a far larger number of messages, or withstand a glitch in your nonce distribution scheme.

> So it’s important to emphasise that AES-GCM-SIV (and nonce-misuse resistant modes in general) are not a magic invulnerability shield.

^

Extending the Airplane Laptop Ban

https://www.schneier.com/blog/archives/2017/05/extending_the_a.html - [www.schneier.com]
2017-05-25 06:17:39
tags: flying policy

> Dividing security checks into haves and have-nots is bad social policy

Probably a dead on arrival policy, but nevertheless.

source: SOS

^

page two