inks

rss

best

tags

random

Dismissing Python Garbage Collection at Instagram

https://engineering.instagram.com/dismissing-python-garbage-collection-at-instagram-4dca40b29172 - [engineering.instagram.com]
2017-01-18 07:15:14
tags: garbage-collection perf programming python web

Run faster and use less memory by carefully disabling garbage collection.

source: L

^

Facebook's ImageTragick Remote Code Execution

http://4lemon.ru/2017-01-17_facebook_imagetragick_remote_code_execution.html - [4lemon.ru]
2017-01-18 06:53:23
tags: exploit graphics security web

Somebody forgot to patch...

source: solar

^

Introduction to Adversarial Machine Learning

https://mascherari.press/introduction-to-adversarial-machine-learning/ - [mascherari.press]
2017-01-18 06:48:32
tags: AI links security

> Adversarial machine learning is a research field that lies at the intersection of machine learning and computer security. All machine learning algorithms and methods are vulnerable to many kinds of threat models.

Also tweet thread: https://twitter.com/SarahJamieLewis/status/821434503490977792

source: solar

^

UEFI booting in DragonFly installer

https://www.dragonflydigest.com/2017/01/17/19208.html - [www.dragonflydigest.com]
2017-01-18 06:42:35
tags: dragonfly hardware

> The DragonFly installer now supports UEFI directly.

source: Dfly

^

Configuring the Touch Bar for System Lockdown

https://www.zdziarski.com/blog/?p=6705 - [www.zdziarski.com]
2017-01-18 02:59:23
tags: admin mac opsec security

Plus some useful settings even for people without touch bars.

^

When Constant-Time Source Code May Not Save You

https://research.kudelskisecurity.com/2017/01/16/when-constant-time-source-may-not-save-you/ - [research.kudelskisecurity.com]
2017-01-17 01:32:20
tags: cpu crypto exploit math security

> Once a security design is implemented, whatever effort is put into protecting each part of the code, there still remains a strong possibility of a timing leak. It is virtually impossible to have control over all the parameters at stake. Compiler and processor optimizations, processor specificity, hardware construction, and run-time libraries are all examples of elements that cannot be predicted when implementing at a high level.

source: green

^

11n support for athn(4)

http://marc.info/?l=openbsd-tech&m=148396652007923&w=2 - [marc.info]
2017-01-16 21:03:13
tags: hardware networking openbsd

Initial diff.

Plus commit: http://marc.info/?l=openbsd-cvs&m=148423875529793&w=2

^

Weld: A common runtime for high performance data analytics

https://blog.acolyer.org/2017/01/16/weld-a-common-runtime-for-high-performance-data-analytics/ - [blog.acolyer.org]
2017-01-16 18:33:11
tags: compiler database paper perf

> Weld provides a runtime API that allows libraries to implement parts of their computation as Weld IR fragments.

^

When the Downstairs Neighbor Is a Bar

https://www.nytimes.com/2017/01/13/realestate/people-who-live-above-bars-in-new-york-city.html - [www.nytimes.com]
2017-01-16 18:08:15
tags: food life urban

It's non stop fun, fun or not.

^

Exploring Elliptic Curve Pairings

https://medium.com/@VitalikButerin/exploring-elliptic-curve-pairings-c73c1864e627 - [medium.com]
2017-01-16 17:26:41
tags: article crypto math reference security

> Trigger warning: math.

> You’re not expected to understand everything here the first time you read it, or even the tenth time; this stuff is genuinely hard. But hopefully this article will give you at least a bit of an idea as to what is going on under the hood.

source: green

^

Crafting Interpreters - A handbook for making programming languages

http://www.craftinginterpreters.com/ - [www.craftinginterpreters.com]
2017-01-16 17:16:36
tags: book compiler compsci programming

In progress.

source: L

^

Let’s Stop Ascribing Meaning to Code Points

http://manishearth.github.io/blog/2017/01/14/stop-ascribing-meaning-to-unicode-code-points/ - [manishearth.github.io]
2017-01-16 17:15:03
tags: language programming standard ux

Time to level up your Unicode knowledge. Strings aren't bytes. Now they aren't code points either. A good explanation.

source: L

^

The Greatest Chess Game ever played

https://www.youtube.com/watch?v=GDknn_HWTlc - [www.youtube.com]
2017-01-16 05:44:46
tags: gaming video

> The Greatest Chess Game ever played: Garry Kasparov (2812) - Veselin Topalov (2700)

10 minute narrated reenactment video.

source: JK

^

Comcast Has a Point on Pay Equity Bill

http://www.phillymag.com/business/2017/01/13/pay-equity-bill-comcast/ - [www.phillymag.com]
2017-01-16 04:55:51
tags: business policy

> In early December, City Council unanimously approved a pay equity bill sponsored by Councilman Bill Greenlee that would prevent employers from asking prospective employees what they’ve earned in the past.

> Though the city tried to model the pay equity bill after a similar Massachusetts bill that was widely accepted, Hawkins argues that there’s a big difference between the two bills that may be rubbing the business community the wrong way.

^

The Line of Death

https://textslashplain.com/2017/01/14/the-line-of-death/ - [textslashplain.com]
2017-01-16 04:41:48
tags: browser development security ux

> When building applications that display untrusted content, security designers have a major problem— if an attacker has full control of a block of pixels, he can make those pixels look like anything he wants, including the UI of the application itself. He can then induce the user to undertake an unsafe action, and a user will be none-the-wiser.

source: L

^

Simple but Handy Postgres Features

http://www.craigkerstiens.com/2017/01/08/simple-but-handy-postgresql-features/ - [www.craigkerstiens.com]
2017-01-16 04:39:24
tags: database intro-programming sql

> In an effort to continue documenting many of the features and functionality that are useful, here’s a list of just a few that you may find handy the next time you’re working with your data.

source: L

^

Gates Foundation research can’t be published in top journals

http://www.nature.com/news/gates-foundation-research-can-t-be-published-in-top-journals-1.21299 - [www.nature.com]
2017-01-16 04:31:46
tags: academia media science

> One of the world’s most influential global health charities says that the research it funds cannot currently be published in several leading journals, because the journals do not comply with its open-access policy.

Including Nature itself.

^

Links to stuff arising from or related to the HACS workshop

https://github.com/HACS-workshop/links - [github.com]
2017-01-16 04:28:02
tags: compsci crypto defense development links programming security

> HACS (High Assurance Cryprographic Software) is an invite-only workshop, so far run twice in January 2016 and January 2017.

> This repo is a somewhat organised set of links to projects and resources related to or arising from the workshop.

^

Hardening Windows 10 with zero-day exploit mitigations

https://blogs.technet.microsoft.com/mmpc/2017/01/13/hardening-windows-10-with-zero-day-exploit-mitigations/ - [blogs.technet.microsoft.com]
2017-01-16 04:25:07
tags: cpu defense programming security systems windows

> In this blog, we look at two recent kernel-level zero-day exploits used by multiple activity groups. These kernel-level exploits, based on CVE-2016-7255 and CVE-2016-7256 vulnerabilities, both result in elevation of privileges. Microsoft has promptly fixed the mentioned vulnerabilities in November 2016. However, we are testing the exploits against mitigation techniques delivered in August 2016 with Windows 10 Anniversary Update, hoping to see how these techniques might fare against future zero-day exploits with similar characteristics.

^

Fialka M-125 USSR rotor-based cipher machine

http://www.cryptomuseum.com/crypto/fialka/index.htm - [www.cryptomuseum.com]
2017-01-16 04:10:26
tags: hardware opsec photos retro security

> The M-125, codename Fialka (Russian: ФИАЛКА), was an electromechanical wheel-based cipher machine, developed in the USSR shortly after WWII.

source: grugq

^

page two