inks

dark mode

rss

best

tags

sources

random

Running Custom Containers Under Chrome OS

https://chromium.googlesource.com/chromiumos/docs/+/master/containers_and_vms.md - [chromium.googlesource.com]
2018-11-19 02:03:55
tags: admin linux turtles virtualization

> There are many codenames and technologies involved in this project, so hopefully we can demystify things here.

Many is something of an understatement. For instance:

> Seneschal is a daemon that runs in Chrome OS that handles lifecycle management of 9P servers. When Concierge starts a VM, it sends a message to Seneschal to also start a 9s instance for that VM. Then, while configuring the VM, Concierge sends a message to Maitred instructing it to connect to the 9s instance and mount it inside the VM.

^

We’re Terribly Sorry, but You Sound a Bit Too British for Britain

https://www.wsj.com/articles/were-terribly-sorry-but-you-sound-a-bit-too-british-for-britain-1542565454 - [www.wsj.com]
2018-11-18 22:54:38
tags: business hoipolloi language

> In a nation that linguists say has more accents than any other English-speaking country, Mr. Briggs’ voice is out of vogue. Many of the U.K.’s biggest brands are ditching commanding, elite-sounding voices. Instead, companies including financial-services firm Barclays PLC and retailer Marks & Spencer are going for voice-overs from people with less froufrou regional lilts.

^

‘Nothing on this page is real’: How lies become truth in online America

https://www.washingtonpost.com/national/nothing-on-this-page-is-real-how-lies-become-truth-in-online-america/2018/11/17/edd44cc8-e85a-11e8-bbdb-72fdbf9d4fed_story.html - [www.washingtonpost.com]
2018-11-18 22:53:46
tags: hoipolloi social

> The only light in the house came from the glow of three computer monitors, and Christopher Blair, 46, sat down at a keyboard and started to type. His wife had left for work and his children were on their way to school, but waiting online was his other community, an unreality where nothing was exactly as it seemed. He logged onto his website and began to invent his first news story of the day.

> Chapian looked at the photo and nothing about it surprised her. Of course Trump had invited Clinton and Obama to the White House in a generous act of patriotism. Of course the Democrats — or “Demonrats,” as Chapian sometimes called them — had acted badly and disrespected America. It was the exact same narrative she saw playing out on her screen hundreds of times each day, and this time she decided to click ‘like’ and leave a comment.

^

GoAWK, an AWK interpreter written in Go

https://benhoyt.com/writings/goawk/ - [benhoyt.com]
2018-11-18 04:36:53
tags: go perf programming swtools text unix

> This article gives an overview of AWK, describes how GoAWK works, how I approached testing, and how I measured and improved its performance.

source: HN

^

On the Expressiveness of Return-into-libc Attacks

https://pdfs.semanticscholar.org/3a34/baf9434f8d785bfe34f69c0a5e2f0b13f6c7.pdf - [pdfs.semanticscholar.org]
2018-11-18 03:07:56
tags: compsci exploit paper pdf security

> Consequently, to address this limitation, researchers have developed other code-reuse techniques, such as return-oriented programming (ROP). In this paper, we make the counterargument and demonstrate that the orig- inal RILC technique is indeed Turing complete. Specifically, we present a generalized RILC attack called Turing complete RILC (TC-RILC) that allows for arbitrary computations. We demonstrate that TC-RILC sat- isfies formal requirements of Turing-completeness. In addition, because it depends on the well-defined semantics of libc functions, we also show that a TC-RILC attack can be portable between different versions (or even different families) of operating systems and naturally has negative implications for some existing anti-ROP defenses.

> To validate the correctness of our implementation, we configured the ex- ploit to simulate a busy beaver—a special Turing machine that performs the greatest number of steps possible before halting [18]. Specifically, we simulate a 4-state 2-symbol busy beaver.

source: L

^

Capsicum

https://oshogbo.vexillium.org/blog/57/ - [oshogbo.vexillium.org]
2018-11-18 01:08:03
tags: defense freebsd fs security unix

> I spent a couple of years evangelizing about Capsicum. I wrote many articles about it. So, it is very natural that I would also like to update you on this blog about the progress of the Capsicum project in FreeBSD, because this is what I’m doing in my free time. That said I feel that this blog wouldn’t be completed without some introduction to what Capsicum is. This post should fill this gap. Over the next weeks and months we will extend this topic and discuss different parts of Capsicum.

source: Dfly

^

Alignment requirements for memory management functions

https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2018/november/alignment-requirements-for-memory-management-functions/ - [www.nccgroup.trust]
2018-11-17 18:57:18
tags: c malloc standard

> The alignment requirements are ambiguous in how they affect small allocations (sizes less than _Alignof(max_align_t)). Some implementations interpret this sentence to require _Alignof(max_align_t)-alignment even for allocation sizes that could not hold an object with that alignment. This is referred to as the strong-alignment reading. Other implementations interpret this sentence as requiring the returned memory to be aligned only enough to accommodate those types that could inhabit the returned memory. In particular, because sizeof(T) >= _Alignof(T) for all portably defined types T, allocations with sizes smaller than _Alignof(max_align_t) need only be aligned to the largest power of two less than or equal to the requested size. This is referred to as the weak-alignment reading.

^

The Curse of Winning “America’s Best Burger”

https://kottke.org/18/11/the-curse-of-winning-best-burger - [kottke.org]
2018-11-16 20:43:01
tags: business food hoipolloi social

> A surprising number of lottery winners will later tell you that winning the lottery was the worst thing that ever happened to them. It can be the same for many restaurants who win awards and suddenly get more attention than they bargained for, driving away loyal customers in favor of food tourists.

> This isn’t just about restaurants. This is a parable.

source: K

^

Delay, Deny and Deflect: How Facebook’s Leaders Fought Through Crisis

https://www.nytimes.com/2018/11/14/technology/facebook-data-russia-election-racism.html - [www.nytimes.com]
2018-11-16 04:33:50
tags: business policy social valley

> But as evidence accumulated that Facebook’s power could also be exploited to disrupt elections, broadcast viral propaganda and inspire deadly campaigns of hate around the globe, Mr. Zuckerberg and Ms. Sandberg stumbled. Bent on growth, the pair ignored warning signs and then sought to conceal them from public view. At critical moments over the last three years, they were distracted by personal projects, and passed off security and policy decisions to subordinates, according to current and former executives.

Also: https://www.washingtonpost.com/opinions/yes-facebook-made-mistakes-in-2016-but-we-werent-the-only-ones/2018/11/17/3b62b422-ea9d-11e8-a939-9469f1166f9d_story.html

source: K

^

C Portability Lessons from Weird Machines

https://begriffs.com/posts/2018-11-15-c-portability.html - [begriffs.com]
2018-11-16 03:17:52
tags: c hardware photos retro

> In this article we’ll go on a journey from 4-bit microcontrollers to room-sized mainframes and learn how porting C to each of them helped people separate the essence of the language from the environment of its birth. I’ve found technical manuals and videos for this article to help bring each computer to life.

source: L

^

Return of the Hidden Number Problem

https://tches.iacr.org/index.php/TCHES/article/view/7337 - [tches.iacr.org]
2018-11-16 02:49:53
tags: crypto math paper pdf security sidechannel

> Despite these mitigations, this work presents a novel side-channel attack against ECDSA and DSA. The attack targets a common implementation pattern that is found in many cryptographic libraries. In fact, about half of the libraries that were tested exhibited the vulnerable pattern. This pattern is exploited in a full proof of concept attack against OpenSSL, demonstrating that it is possible to extract a 256-bit ECDSA private key using a simple cache attack after observing only a few thousand signatures. The target of this attack is a previously unexplored part of (EC)DSA signature generation, which explains why mitigations are lacking and the issue is so widespread.

source: green

^

The day Volkswagen briefly conquered the world

https://ftalphaville.ft.com/2018/10/31/1540962002000/The-day-Volkswagen-briefly-conquered-the-world/ - [ftalphaville.ft.com]
2018-11-15 21:16:33
tags: business finance

> In midst of the great financial crisis, something odd happened. Volkswagen, the German carmaker, became the biggest company in the world. For one, brief day. Looking back a decade, as many have recently, you’d be forgiven for thinking the worst asset to own was a US investment bank or mortgage originator. But it was nothing compared to being short the Wolfsburg-based business. Exactly 10 years (and 48 hours) later, here’s how it happened.

source: ML

^

SoK: Make JIT-Spray Great Again

https://www.usenix.org/system/files/conference/woot18/woot18-paper-gawlik.pdf - [www.usenix.org]
2018-11-15 21:01:20
tags: browser defense exploit javascript jit paper pdf security

> In this paper, we survey and systematize the jungle of JIT compilers of major (client-side) programs, and provide a categorization of offensive techniques for abusing JIT compilation. Thereby, we present techniques used in academic as well as in non-academic works which try to break various defenses against memory-corruption vulnerabilities. Additionally, we discuss what mitigations arouse to harden JIT compilers to impede exploitation by skilled attackers wanting to abuse Just-In-Time compilers.

^

Eric Schmidt on the Life-Changing Magic of Systematizing, Scaling, and Saying “Thanks”

https://medium.com/conversations-with-tyler/eric-schmidt-tyler-cowen-google-ec33aa3e6dae - [medium.com]
2018-11-15 19:46:00
tags: business finance interview social valley

> Tyler questioned Schmidt about underused management strategies, what Google learned after interviewing one job candidate sixteen times, his opinion on early vs. late Picasso, the best reform in corporate governance, why we might see a bifurcation of the Internet, what technology will explode in the the next 10 years, the most underrated media source, and more.

> Well, turns out there were a few extra credit cards in the company floating around, and random things were showing up. This is how I ran things. But it’s important not to go to the person who bought the telephone booth and say, “You’re fired.” The important thing to do is take their credit card away.

> As a general rule, I try to blame the Internet for everything because everyone else does, and I think some of this is true and some of it’s false. That was a joke by the way. And you can’t joke anymore in the age of Twitter.

source: MR

^

Building Windows Offline

https://duo.com/blog/building-windows-offline - [duo.com]
2018-11-15 17:57:03
tags: auth windows

As in duo auth for an offline Windows system.

> When our customers came to us with a desire to support offline multi-factor authentication for Windows, we started off by focusing on the fundamental technical problem to be solved. How can we trust enrollment and continued authentication from a device that is offline?

^

Running from the past

http://blog.sigfpe.com/2018/10/running-from-past.html - [blog.sigfpe.com]
2018-11-15 17:36:56
tags: compsci functional haskell math random

> Functional programming encourages us to program without mutable state. Instead we compose functions that can be viewed as state transformers. It’s a change of perspective that can have a big impact on how we reason about our code. But it’s also a change of perspective that can be useful in mathematics and I’d like to give an example: a really beautiful technique that alows you to sample from the infinite limit of a probability distribution without needing an infinite number of operations.

source: trivium

^

Counting All Cars

https://tedium.co/2018/11/08/electronic-toll-collection-history/ - [tedium.co]
2018-11-15 17:33:39
tags: article cars history policy transport wifi

> Pondering the evolution of electronic tolling, the system that doesn’t slow you down even as it charges you to use it. It has roots in the theremin—sorta.

RFID from the great seal bug to your windshield.

^

sr.ht, the hacker's forge, now open for public alpha

https://drewdevault.com/2018/11/15/sr.ht-general-availability.html - [drewdevault.com]
2018-11-15 17:20:11
tags: beta cloud development git release swtools

> For those who are new, let me explain what makes sr.ht special. It provides many of the trimmings you’re used to from sites like GitHub, Gitlab, BitBucket, and so on, including git repository hosting, bug tracking software, CI, wikis, and so on. However, the sr.ht model is different from these projects - where many forges attempt to replicate GitHub’s success with a thinly veiled clone of the GitHub UI and workflow, sr.ht is fundamentally different in its approach.

source: L

^

go-consistent

https://github.com/Quasilyte/go-consistent - [github.com]
2018-11-15 17:11:28
tags: go release swtools

> Source code analyzer that helps you to make your Go programs more consistent.

> There are many similar cases where you have 2 or more options of expressing the same thing in Go, go-consistent tries to handle as much patterns as possible.

source: L

^

30% faster Windows builds with clang-cl and the new /Zc:dllexportInlines- flag

http://blog.llvm.org/2018/11/30-faster-windows-builds-with-clang-cl_14.html - [blog.llvm.org]
2018-11-15 04:23:57
tags: compiler cpp perf update

> This is very similar to the -fvisibility-inlines-hidden Clang and GCC flag used on non-Windows. For C++ projects with many inline functions, it can significantly reduce the set of exported functions, and thereby the symbol table and file size of the shared object or dynamic library, as well as program load time.

^

page two