inks

rss

best

tags

sources

random

ECS LIVA Z Fanless Dual-LAN Apollo Lake UCFF PC Review

http://www.anandtech.com/show/11229/ecs-liva-z-duallan-apollo-lake-ucff-pc-review - [www.anandtech.com]
2017-03-30 20:11:44
tags: hardware networking

> This fanless Apollo Lake system targets the low-end market segment, and aims to differentiate itself by supporting two LAN ports.

At $180, could be a decent entry level firewall.

^

How to Write Portable C Without Complicating Your Build

http://nullprogram.com/blog/2017/03/30/ - [nullprogram.com]
2017-03-30 20:00:24
tags: c development programming unix

Generally matches my experience. It’s not terribly difficult if you don’t overthink it. Or cargo cult copy recipes from obsolete sources.

^

For Sale: Baby Shoes. Never Said.

http://www.chronicle.com/blogs/linguafranca/2017/03/29/for-sale-baby-shoes-never-said/ - [www.chronicle.com]
2017-03-30 19:50:52
tags: book factcheck history ideas language

> Now, after reading Garson O’Toole’s new book, Hemingway Didn’t Say That: The Truth Behind Familiar Quotations, I realize that the misattributions were a result of “Host” — one of the 10 mechanisms by which, according to O’Toole, so much false attribution happens nowadays.

^

Central Subway Construction Update - March 24, 2017

http://us5.campaign-archive2.com/?u=c178f3dd9100b6963a6cf2cea&id=0baefa0421 - [us5.campaign-archive2.com]
2017-03-30 19:45:21
tags: photos transport update urban

Pictures of man and machine, working in tandem, to dig big holes.

Not sure if the URL has jwz’s password in it or not...

source: jwz

^

CJAG - cache-based jamming agreement

https://github.com/IAIK/CJAG - [github.com]
2017-03-30 18:32:29
tags: cloud cpu networking paper security sidechannel virtualization

> CJAG is an open-source implementation of our cache-based jamming agreement. The CJAG implementation can be used to establish a cross-VM cache covert channel.

https://www.blackhat.com/asia-17/briefings/schedule/index.html#hello-from-the-other-side-ssh-over-robust-cache-covert-channels-in-the-cloud-5376

Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud

https://cmaurice.fr/pdf/ndss17_maurice.pdf

source: HN

^

A *nix cross-platform (OS agnostic) supervisor

https://immortal.run/ - [immortal.run]
2017-03-30 17:47:37
tags: admin swtools unix

New entrant in a crowded space.

source: HN

^

Black box discovery of memory corruption RCE on box.com

http://scarybeastsecurity.blogspot.com/2017/03/black-box-discovery-of-memory.html - [scarybeastsecurity.blogspot.com]
2017-03-30 17:46:01
tags: c cloud exploit graphics library security

> Very quickly, I found that Box will thumbnail tons of weird and wacky formats.

And then the murders began.

With some additional commentary about how not to confirm a bug report.

^

Android Auto vs Apple CarPlay REAL WORLD TEST

https://www.youtube.com/watch?v=jeESbGPl_Dw - [www.youtube.com]
2017-03-30 03:45:52
tags: android cars iphone tech ux video

Voice recognition that works vs voice recognition that doesn’t.

source: DF

^

Escaping a Python sandbox with a memory corruption bug

https://hackernoon.com/python-sandbox-escape-via-a-memory-corruption-bug-19dde4d5fea5 - [hackernoon.com]
2017-03-30 03:11:51
tags: c exploit malloc programming python security

Letting attackers run arbitrary code in a sandbox gives them a pretty good vantage point to launch attacks. Good writeup, with some discussion of mitigations, present and absent.

source: L

^

Dancing with Go’s Mutexes

https://medium.com/@deckarep/dancing-with-go-s-mutexes-92407ae927bf - [medium.com]
2017-03-30 02:59:38
tags: concurrency go intro-programming

Not terribly surprising conclusion: use what works.

source: L

^

High-Assurance Separation Kernels: A Survey on Formal Methods

https://arxiv.org/abs/1701.01535 - [arxiv.org]
2017-03-30 02:46:26
tags: compsci links paper pdf reference systems

> In this paper, an analytical framework is first proposed to clarify the functionalities, implementations, properties and standards, and formal methods application of separation kernels. Based on the proposed analytical framework, a taxonomy is designed according to formal methods application, functionalities, and properties of separation kernels.

source: L

^

PKC 2017: Kenny Paterson accepting bets on breaking TLS 1.3

http://bristolcrypto.blogspot.com/2017/03/pkc-2017-kenny-paterson-accepting-bets.html - [bristolcrypto.blogspot.com]
2017-03-30 02:30:13
tags: crypto networking security standard

> The core part of TLS is the handshake protocol, which establishes the choice of ciphers and the session key. Kenny highlighted the high complexity stemming from the many choices (e.g., using a dedicated key exchange protocol or not) and the possible interaction with other protocols in TLS. Together with further weaknesses of the specification, this created the space for the many attacks we have seen.

PKC 2017: https://www.iacr.org/workshops/pkc2017/

^

ROP CFI RAP XNR CPI WTF? – Navigating the Exploit Mitigation Jungle

https://bsidesljubljana.si/rop-cfi-rap-xnr-cpi-wtf-navigating-exploit-mitigation-djungle-michael-rodler/ - [bsidesljubljana.si]
2017-03-30 02:11:40
tags: compiler defense links pdf security slides video

> A very promising concept is Control Flow Integrity (CFI). We will look at what CFI is and what the problems are and how it restricts an attacker. Recent academic work has shown some interesting results about the limits of CFI. Furthermore we will look at some examples on how a CFI implementation looks like.

Good set of references at the end as well.

source: solar

^

The Deck’s time has come and we’re shutting it down.

http://decknetwork.net/ - [decknetwork.net]
2017-03-29 21:12:02
tags: business media web

Sigh.

http://daringfireball.net/2017/03/the_deck_adieu

source: DF

^

GBA By Example - Drawing and Moving Rectangles

http://kylehalladay.com/blog/tutorial/2017/03/28/GBA-By-Example-1.html - [kylehalladay.com]
2017-03-29 19:12:55
tags: c gaming graphics intro-programming

> So, it isn’t exactly impressive, but it was a lot of fun, and I definitely want to play around with the GBA some more.

source: L

^

Lawyers, others vie for pieces of NFL concussion settlement

http://www.espn.com/espn/otl/story/_/id/19029607/billion-dollar-nfl-concussion-settlement-turns-nasty-lawyers-others-vie-pieces-payouts-players - [www.espn.com]
2017-03-29 17:38:11
tags: finance football policy sports

After a drawn out legal battle, that’s when the real fighting begins.

^

Once We Listened to the Beatles. Now We Eat Beetles.

https://www.bloomberg.com/view/articles/2017-03-28/once-we-listened-to-the-beatles-now-we-eat-beetles - [www.bloomberg.com]
2017-03-29 16:12:52
tags: essay food life music

> Since the 1960s and ’70s, food has replaced music’s centrality to American culture. These are invariably somewhat subjective impressions, but I’d like to lay out my sense of how the social impact of music has fallen and the social role of food has risen.

source: MR

^

Exploring C# 7

http://davidpine.net/blog/exploring-csharp-seven/ - [davidpine.net]
2017-03-29 05:38:24
tags: csharp dotnet programming type-system

> This post contains examples and details on five of the nine new C# 7 features.

> Pattern matching, out variables, Tuples, Local functions, throw expressions

^

Tabletops for Bug Bounty

https://medium.com/@magoo/tabletops-for-bug-bounty-95fdfbdbe55e - [medium.com]
2017-03-29 01:45:06
tags: business development security web

How does your bug bounty program respond to unexpected inputs?

^

About the security content of iOS 10.3

https://support.apple.com/en-us/HT207617 - [support.apple.com]
2017-03-28 21:55:27
tags: bugfix iphone release security

Lots of fixes, lots and lots of webkit fixes.

source: HN

^

page two