Floating Point Visually Explained
http://fabiensanglard.net/floating_point_visually_explained/ [fabiensanglard.net]
2017-10-01 23:57
tags:
math
visualization
I am not claiming this is my invention but I have never seen floating points explained this way so far. I hope it will helps a few people like me who are a bit allergic to mathematic notations.
source: L
An analysis of the Warbird virtual-machine protection for the CI!g_pStore
https://github.com/airbus-seclab/warbirdvm [github.com]
2017-12-07 19:26
tags:
investigation
security
swtools
systems
virtualization
windows
The Warbird framework has gone relatively unnoticed for a long time, until Alex Ionescu released “The “Bird” That Killed Arbitrary Code Guard”, presented on September 27th 2017 at ekoparty conference in Buenos Aires. At this occasion, it is deeply enlightening to discover how the Warbird framework has evolved into a scary beast protecting from arbitrary code execution.
source: grugq
On colonialism, imperialism, and ignoring medieval history
https://going-medieval.com/2019/07/26/on-colonialism-imperialism-and-ignoring-medieval-history/ [going-medieval.com]
2019-07-28 01:24
tags:
article
factcheck
history
hoipolloi
We have a lot of fun, don’t we, when we talk about how people argue that the medieval period was the Dark Ages based on the fact that the feel some type of way about it? Now, can I call people who think this ridiculously incredulous and basic? Yes. And I do. Thanks for asking. Having said that, the general ignorance of the medieval period is not from nothing.
I feel like every mention of the dark ages comes with the disclaimer that they weren’t that dark so I’m not sure how widespread the misperception still is. But there’s also some neat historical facts here.
This ended up completely changing fashion in England. Anne is the girl who introduced those sweet horned headdresses you think of when you think of medieval ladies, riding side-saddle, and the word “coach” to England, (from the Hungairan Kocs, where the cart she arrived at court the first time came from). Sweetening her transition to English life was the fact that she didn’t have to pay a dowry to get married. Instead, the English were allowed to trade freely with Bohemia and the Holy Roman Empire and allowed to be around a Czech lady. That was reward enough as far as the Empire was concerned. That’s how much England was not a thing.
source: grugq
GNOME has no thumbnails in the file picker (and my toilets are blocked)
https://jayfax.neocities.org/mediocrity/gnome-has-no-thumbnails-in-the-file-picker.html [jayfax.neocities.org]
2021-01-11 02:48
tags:
development
linux
ux
The file picker is the pop-up box thingy that appears when you’re opening a file, usually when uploading something online. The GNOME desktop environment uses the file picker package GtkFileChooser. This file picker does not have a thumbnail view. It is broken software. Thumbnails are not a cute little extra, they are essential. This is as bad as a file picker that doesn’t list the name of the files, only their creation date, or inode serial number. It is broken software.
Personally, not a big deal, but fair point.
source: HN
Zebra finch self-tutoring
http://languagelog.ldc.upenn.edu/nll/?p=35929 [languagelog.ldc.upenn.edu]
2017-12-25 04:15
tags:
biology
language
The background is the experimental literature on zebra finch song learning. If one of these birds is raised in acoustic and social isolation, it never learns to sing a species-typical song, but rather continues to produce “proto-song”, which is a sort of songbird equivalent of grunts and groans. In contrast, with a relatively brief exposure to an example of adult song during a “critical period” early in life, a bird will (later on) learn to sing properly, in fact imitating the tutor’s song quite closely.
The punch line: a zebra finch raised in acoustic and social isolation, with “tutoring” by playback of its own vocalizations from a few moments before, acquires species-typical song in just about the same way as a bird raised with exposure to a “wild type” adult model.
It’s not just go playing computers that can learn from themselves.
Monterey Car Week is like Comic Con and the Oscars but with wheels
https://arstechnica.com/cars/2017/08/monterey-car-week-is-like-comic-con-and-the-oscars-but-with-wheels/ [arstechnica.com]
2017-08-24 22:25
tags:
cars
photos
Supercars, hypercars, concept cars, racing cars, and more Ferraris than you can count.
Patrolling The Cyber-Physical Security Border
https://protectioncircle.org/2017/08/31/patrolling-the-cyber-physical-security-border/ [protectioncircle.org]
2019-06-19 21:23
tags:
hoipolloi
opsec
security
ux
Are there any overlaps between the physical and cyber security fields? Are there certain corners of cyber security that can best be reached by physical security experts, and vice versa? Can the two fields benefit from more cross-pollination and professional cooperation?
Plus some more comments: https://medium.com/@thegrugq/security-turns-out-its-hard-e678c5350bc7
source: grugq
The grandmaster diet: How to lose weight while barely moving
https://www.espn.com/espn/story/_/id/27593253/why-grandmasters-magnus-carlsen-fabiano-caruana-lose-weight-playing-chess [www.espn.com]
2019-09-14 13:45
tags:
life
sports
Robert Sapolsky, who studies stress in primates at Stanford University, says a chess player can burn up to 6,000 calories a day while playing in a tournament, three times what an average person consumes in a day. Based on breathing rates (which triple during competition), blood pressure (which elevates) and muscle contractions before, during and after major tournaments, Sapolsky suggests that grandmasters’ stress responses to chess are on par with what elite athletes experience.
source: MR
VB2019 paper: 2,000 reactions to a malware attack – accidental study
https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-2000-reactions-malware-attack-accidental-study/ [www.virusbulletin.com]
2020-03-25 19:08
tags:
email
hoipolloi
malware
security
In this paper I present an analysis of 1,976 unsolicited answers received from the targets of a malicious email campaign, who were mostly unaware that they were not contacting the real sender of the malicious messages. I received the messages because the spammers, whom I had described previously on my blog, decided to take revenge by putting my email address in the ‘reply-to’ field of a malicious email campaign. Many of the victims were unaware that the message they had received was fake and contained malware. Some even asked me to resend the malware as it had been blocked by their anti-virus product. I have read those 1,976 messages, analysed and classified victims’ answers, and present them here. The key takeaway is that we need to train users, but at the same time we should not count on them to react properly to Internet threats. Despite dealing with cybercrime victims daily for the last seven years I was surprised by most of the reactions and realized how little we, as the security industry, know about the average Internet user’s ability (or rather inability) to identify threats online. We need to build solutions that will protect users, without their knowledge, sometimes against their will, from their ability to harm themselves.
The fifth group is actually the most worrying. I call this group ‘MY ANTI-VIRUS WORKED, PLEASE SEND AGAIN’, as these are recipients who mention that their security product (mostly anti-virus) warned them against an infected file, but they wanted the file to be resent because they could not open it. The group consisted of 44 individuals (2.35%).
source: grugq
Why Nasa’s next Moon mission can’t be an Apollo retread
https://www.ft.com/content/5adc069a-9d27-11e9-b8ce-8b459ed04726 [www.ft.com]
2019-07-11 01:10
tags:
article
history
policy
space
tech
There is a familiar question asked of politicians, entrepreneurs and innovators: if you were to do it all again, what would you do differently?
At Nasa headquarters, they’re fielding almost the opposite inquiry. Why don’t you just do it the same? If you managed to put Neil Armstrong and Buzz Aldrin on the Moon five decades ago, why is it so hard to do it now?
source: MR
Micro-op fusion in x86
https://dendibakh.github.io/blog/2018/02/04/Micro-ops-fusion [dendibakh.github.io]
2018-02-04 20:13
tags:
benchmark
cpu
perf
programming
Before I present the benchmark I want to say a few words about MicroFusion feature that exists in Intel Architecture Front End starting from “Sandy Bridge”. Execution engine (back-end) inside the cpu can only execute so-called “micro-ops” (uops), that were provided by the front-end. So, back-end can’t execute fused instruction but only a simple ones.
source: HN
HTTP/3 explained
https://daniel.haxx.se/http3-explained/ [daniel.haxx.se]
2019-02-05 17:37
tags:
networking
reference
standard
web
HTTP/3 is the to-become next generation of the HTTP protocol family. This version is similar to HTTP/2 in features, and is most different than its predecessor primarily by the fact that HTTP/3 will only be done over QUIC.
QUIC is a new reliable transport protocol that could be viewed as a sort of next generation TCP.
HTTP/3 explained is a free and open booklet describing the HTTP/3 and QUIC protocols.
Web version: https://http3-explained.haxx.se/en/
source: HN
An Alarm Designer on How to Annoy People in the Most Effective Ways
http://www.atlasobscura.com/articles/an-alarm-designer-on-how-to-annoy-people-in-the-most-effective-ways [www.atlasobscura.com]
2016-12-23 19:52
tags:
biology
hoipolloi
physics
ux
Not too much, not too little, the Goldilocks of alarms.
Generate C interface from C++ source code using Clang libtooling
http://samanbarghi.com/blog/2016/12/06/generate-c-interface-from-c-source-code-using-clang-libtooling/ [samanbarghi.com]
2016-12-10 18:39
tags:
c
compiler
cxx
library
programming
swtools
Goes into a great deal of depth explaining how it works, not just a simple tutorial.
Hands-on with the PocketBeagle: a $25 Linux computer with lots of I/O pins
http://www.righto.com/2017/12/hands-on-with-pocketbeagle-tiny-25.html [www.righto.com]
2017-12-04 01:44
tags:
hardware
linux
The PocketBeagle is a tiny but powerful key-fob-sized open source Linux computer for $25. It has 44 digital I/O pins, 8 analog inputs, and supports multiple serial I/O protocols, making it very useful as a controller. In addition, its processor includes two 200-MHz microcontrollers that allow you to implement low-latency, real-time functions while still having the capabilities of a Linux system. This article discusses my experience trying out the PocketBeagle, with details of how to use its different features.
No networking though, neither ethernet nor wifi.
0day "In the Wild"
https://googleprojectzero.blogspot.com/p/0day.html [googleprojectzero.blogspot.com]
2019-05-17 00:04
tags:
malware
security
Project Zero’s team mission is to “make zero-day hard”, i.e. to make it more costly to discover and exploit security vulnerabilities. We primarily achieve this by performing our own security research, but at times we also study external instances of zero-day exploits that were discovered “in the wild”. These cases provide an interesting glimpse into real-world attacker behavior and capabilities, in a way that nicely augments the insights we gain from our own research.
Today, we’re sharing our tracking spreadsheet for publicly known cases of detected zero-day exploits, in the hope that this can be a useful community resource:
source: green
Now you see me: Exposing fileless malware
https://cloudblogs.microsoft.com/microsoftsecure/2018/01/24/now-you-see-me-exposing-fileless-malware/ [cloudblogs.microsoft.com]
2018-02-01 09:26
tags:
malware
windows
The idea behind fileless malware is simple: If tools already exist on a device (for example PowerShell.exe or wmic.exe) to fulfill an attacker’s objectives, then why drop custom tools that could be flagged as malware? If an attacker can take over a process, run code in its memory space, and then use that code to call tools that are already on a device, the attack becomes more difficult to detect.
Prime and Prejudice: Primality Testing Under Adversarial Conditions
https://eprint.iacr.org/2018/749 [eprint.iacr.org]
2018-08-20 01:12
tags:
crypto
library
math
paper
pdf
security
This work provides a systematic analysis of primality testing under adversarial conditions, where the numbers being tested for primality are not generated randomly, but instead provided by a possibly malicious party. Such a situation can arise in secure messaging protocols where a server supplies Diffie-Hellman parameters to the peers, or in a secure communications protocol like TLS where a developer can insert such a number to be able to later passively spy on client-server data. We study a broad range of cryptographic libraries and assess their performance in this adversarial setting. As examples of our findings, we are able to construct 2048-bit composites that are declared prime with probability 1/16 by OpenSSL’s primality testing in its default configuration; the advertised performance is 2−80. We can also construct 1024-bit composites that always pass the primality testing routine in GNU GMP when configured with the recommended minimum number of rounds. And, for a number of libraries (Cryptlib, LibTomCrypt, JavaScript Big Number, WolfSSL), we can construct composites that always pass the supplied primality tests. We explore the implications of these security failures in applications, focusing on the construction of malicious Diffie-Hellman parameters. We show that, unless careful primality testing is performed, an adversary can supply parameters (p,q,g) which on the surface look secure, but where the discrete logarithm problem in the subgroup of order q generated by g is easy. We close by making recommendations for users and developers. In particular, we promote the Baillie-PSW primality test which is both efficient and conjectured to be robust even in the adversarial setting for numbers up to a few thousand bits.
source: solar
Understanding CSS Layout And The Block Formatting Context
https://www.smashingmagazine.com/2017/12/understanding-css-layout-block-formatting-context/ [www.smashingmagazine.com]
2017-12-13 00:57
tags:
design
html
programming
web
You might never have heard the phrase ‘Block Formatting Context’, but if you have used CSS for layout you probably already know what it does. In this article I’ll explain the existing ways to create a Block Formatting Context, why it is important in CSS layout, and show you a new method of creating one.
Why doesn’t it ever float when I want it to float?
source: L
the door close button
https://computer.rip/2023-03-13-the-door-close-button.html [computer.rip]
2023-03-14 18:19
tags:
article
factcheck
hoipolloi
life
media
ux
Elevator control panels have long featured two buttons labeled “door open” and “door close.” One of these buttons does pretty much what it says on the label (although I understand that European elevators sometimes have a separate “door hold” button for the most common use of “door open“). The other usually doesn’t seem to, and that has lead to a minor internet phenomenon. Here’s the problem: the internet is wrong, and I am here to set it right.
source: HN