inks

dark mode

rss

best

tags

sources

random

The Rendering of Rise of the Tomb Raider

http://www.elopezr.com/the-rendering-of-rise-of-the-tomb-raider/ - [www.elopezr.com]
2019-01-16 06:39:57
tags: gaming gl graphics investigation visualization

> Tomb Raider used the Crystal Engine, developed by Crystal Dynamics also used in Deus Ex: Human Revolution. For the sequel a new engine called Foundation was used, previously developed for Lara Croft and the Temple of Osiris (2014). Its rendering can be broadly classified as a tiled light-prepass engine, and we’ll see what that means as we dive in. The engine offers the choice between a DX11 and DX12 renderer; I chose the latter for reasons we’ll see later. I used Renderdoc 1.2 to capture the frame, on a Geforce 980 Ti, and turned on all the bells and whistles.

source: HN

^

The (Almost) Secret Algorithm Researchers Used to Break Thousands of RSA Keys

https://algorithmsoup.wordpress.com/2019/01/15/breaking-an-unbreakable-code-part-1-the-hack/ - [algorithmsoup.wordpress.com]
2019-01-16 06:36:28
tags: crypto math security

> Armed with this idea, the researchers scanned the web and collected 6.2 million actual public keys. They then computed the largest common divisor between pairs of keys, cracking a key whenever it shared a prime factor with any other key. All in all, they were able to break 12,934 keys. In other words, if used carelessly, RSA encryption provides less than 99.8\% security.

> According to the authors, they were able to run the entire computation in a matter of hours on a single core. But a back-of-the-envelope calculation suggests that it should take years to compute GCD’s between 36 trillion pairs of keys, not hours.

> So there we go. A computation that should have taken years is reduced to a matter of hours. And all it took was a bit of clever recursion.

source: L

^

kitty - the fast, featureful, GPU based terminal emulator

https://sw.kovidgoyal.net/kitty/ - [sw.kovidgoyal.net]
2019-01-16 03:17:01
tags: sh swtools tty ux

> kitty is designed for power keyboard users. To that end all its controls work with the keyboard (although it fully supports mouse interactions as well). Its configuration is a simple, human editable, single file for easy reproducibility (I like to store configuration in source control).

> The code in kitty is designed to be simple, modular and hackable. It is written in a mix of C (for performance sensitive parts) and Python (for easy hackability of the UI). It does not depend on any large and complex UI toolkit, using only OpenGL for rendering everything.

> Finally, kitty is designed from the ground up to support all modern terminal features, such as unicode, true color, bold/italic fonts, text formatting, etc. It even extends existing text formatting escape codes, to add support for features not available elsewhere, such as colored and styled (curly) underlines. One of the design goals of kitty is to be easily extensible so that new features can be added in the future with relatively less effort.

source: L

^

How does Nested-Virtualization works?

https://kelvinhack127.blogspot.com/2018/02/how-does-nested-virtualization-works.html - [kelvinhack127.blogspot.com]
2019-01-15 05:55:33
tags: systems virtualization

> Nowadays, Software Security is becoming more important criteria in the industry, and in recent years, virtualization as a popular topic for protecting / attacking a software, however, most of the virtualization technology framework (bluepill-liked) is not provide an ability that let a guest virtualize one more layer, we called it “Nested Virtualization”, level 2.

A little hard to follow, but I think it covers the basic idea.

source: grugq

^

http://www.maizure.org/projects/evolution_x86_context_switch_linux/index.html

http://www.maizure.org/projects/evolution_x86_context_switch_linux/index.html - [www.maizure.org]
2019-01-15 05:34:13
tags: concurrency cpu linux programming systems

> While researching archaic facts about the 80386 hardware context switch last weekend, I remembered that early versions of the Linux kernel relied on it. I was promptly sidetracked for hours reading code I hadn’t seen in years. This weekend, I’ve decided to write down the journey to consolidate all the nuggets of fun stuff I discovered along the way.

> The exercise: Trace the context switch through the Linux kernel from the earliest (0.01) to the most recent LTS release (4.14.67) -- with special emphasis on the first and last versions.

source: L

^

Introduction to Paging

https://os.phil-opp.com/paging-introduction/ - [os.phil-opp.com]
2019-01-15 05:32:31
tags: cpu malloc programming systems

> This post introduces paging, a very common memory management scheme that we will also use for our operating system. It explains why memory isolation is needed, how segmentation works, what virtual memory is, and how paging solves memory fragmentation issues. It also explores the layout of multilevel page tables on the x86_64 architecture.

source: L

^

Robot Hotel Loses Love for Robots

https://www.wsj.com/articles/robot-hotel-loses-love-for-robots-11547484628 - [www.wsj.com]
2019-01-15 00:48:24
tags: tech travel

> Turns out, robots aren’t the best at hospitality. After opening in a blaze of publicity in 2015, Japan’s Henn na, or “Strange,” Hotel, recognized by the Guinness Book of World Records as the world’s first robot hotel, is now laying off its low-performing droids. So far, the hotel has culled over half of its 243 robots, many because they created work rather than reduced it.

^

scp client multiple vulnerabilities

https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt - [sintonen.fi]
2019-01-15 00:15:43
tags: fs networking security swtools

> Many scp clients fail to verify if the objects returned by the scp server match those it asked for. This issue dates back to 1983 and rcp, on which scp is based. A separate flaw in the client allows the target directory attributes to be changed arbitrarily. Finally, two vulnerabilities in clients may allow server to spoof the client output.

Be careful what you believe.

source: grugq

^

The many return values of read() (plus some other cases)

https://utcc.utoronto.ca/~cks/space/blog/unix/ReadManyReturnValues - [utcc.utoronto.ca]
2019-01-14 07:25:56
tags: c programming systems unix

> This is a good example of the potential complexity of the Unix API in practice, and to illustrate it I’m going to run down as many of the cases that I can remember. In all cases, we’ll start with ‘n = read(fd, buf, bufsize)’.

Sometimes end of file is not the end.

Somewhat related: https://utcc.utoronto.ca/~cks/space/blog/unix/AcceptErrnoProblem

^

The Man in Seat 61

https://www.seat61.com/ - [www.seat61.com]
2019-01-13 22:18:19
tags: life transport travel

> This site explains how to travel comfortably & affordably by train or ferry where you might think air was now the only option.

source: HN

^

Maybe you don't need Rust and WASM to speed up your JS

https://mrale.ph/blog/2018/02/03/maybe-you-dont-need-rust-to-speed-up-your-js.html - [mrale.ph]
2019-01-13 04:06:17
tags: investigation javascript jit perf programming

In reply to https://hacks.mozilla.org/2018/01/oxidizing-source-maps-with-rust-and-webassembly/

> This post piqued my interest, not because I am a huge on either Rust or WASM, but rather because I am always curious about language features and optimizations missing in pure JavaScript to achieve similar performance characteristics.

Further reply: http://fitzgeraldnick.com/2018/02/26/speed-without-wizardry.html

source: L

^

This JPMorgan Health Conference Is So Packed Attendees Are Meeting in the Bathroom

https://www.bloomberg.com/news/articles/2019-01-11/jpmorgan-conference-is-so-packed-attendees-meet-in-the-bathroom - [www.bloomberg.com]
2019-01-12 10:44:46
tags: business valley

> But with every restaurant, lobby, public park and cafe within walking distance of the J.P. Morgan Healthcare Conference’s headquarters packed by thousands of attendees, meeting space was at a premium. One hotel restaurant was charging $300 an hour to sit at a bare wooden table. At the Westin St. Francis hotel, which hosts the investor meeting, the women’s bathroom didn’t have drink service, but it did have several marble vanities and plush leather chairs.

source: ML

^

Preemption Is GC for Memory Reordering

https://www.pvk.ca/Blog/2019/01/09/preemption-is-gc-for-memory-reordering/ - [www.pvk.ca]
2019-01-11 06:03:07
tags: concurrency cpu perf programming systems

> Interrupt processing (returning from an interrupt handler, actually) is fully serialising on x86, and on other platforms, no doubt: any userspace instruction either fully executes before the interrupt, or is (re-)executed from scratch some time after the return back to userspace. That’s something we can abuse to guarantee ordering between memory accesses, without explicit barriers.

And then it gets crazy.

source: HN

^

The iOS Menu

https://codea.io/blog/the-ios-menu/ - [codea.io]
2019-01-11 05:46:51
tags: design graphics iphone programming ux

> So I set out to make the best menus I could make for iOS. For simple apps, menus aren’t necessary, and that’s great. But Codea isn’t a simple app and there’s nothing I can do about that.

source: DF

^

avo - Generate x86 Assembly with Go

https://github.com/mmcloughlin/avo - [github.com]
2019-01-11 02:50:38
tags: cpu go programming swtools

> avo makes high-performance Go assembly easier to write, review and maintain. The avo package presents a familiar assembly-like interface that simplifies development without sacrificing performance:

> Use Go control structures for assembly generation; avo programs are Go programs
> Register allocation: write functions with virtual registers and avo assigns physical registers for you
> Automatically load arguments and store return values: ensure memory offsets are correct for complex structures
> Generation of stub files to interface with your Go package

source: HN

^

System Down: A systemd-journald exploit

https://www.qualys.com/2019/01/09/system-down/system-down.txt - [www.qualys.com]
2019-01-10 03:41:17
tags: exploit linux malloc security

> Despite this initial success, we abandoned the exploitation of CVE-2018-16864: while working on our proof of concept, we discovered two different vulnerabilities (CVE-2018-16865, another attacker-controlled alloca(), and CVE-2018-16866, an information leak) that are reliably exploitable on both i386 and amd64.

source: L

^

I Gave a Bounty Hunter $300. Then He Located Our Phone

https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bounty-hunter-300-dollars-located-phone-microbilt-zumigo-tmobile - [motherboard.vice.com]
2019-01-10 00:50:57
tags: article business hoipolloi networking opsec tech

> T-Mobile, Sprint, and AT&T are selling access to their customers’ location data, and that data is ending up in the hands of bounty hunters and others not authorized to possess it, letting them track most phones in the country.

Senators call for investigation: https://motherboard.vice.com/en_us/article/j5z74d/senators-harris-warner-wyden-fcc-investigate-att-sprint-tmobile-bounty-hunters

AT&T to stop: https://motherboard.vice.com/en_us/article/nepab8/att-stop-selling-location-data-tmobile-sprint-microbilt-zumigo

Further: https://motherboard.vice.com/en_us/article/nepx5x/we-could-easily-stop-location-data-scandals-but-we-cower-to-lobbyists-instead

^

STATUS_STACK_BUFFER_OVERRUN doesn’t mean that there was a stack buffer overrun

https://blogs.msdn.microsoft.com/oldnewthing/20190108-00/?p=100655 - [blogs.msdn.microsoft.com]
2019-01-10 00:42:19
tags: c programming windows

> What this means is that nowadays when you get a STATUS_STACK_BUFFER_OVERRUN, it doesn’t actually mean that there is a stack buffer overrun. It just means that the application decided to terminate itself with great haste.

Sigh.

^

Fast Message Franking: From Invisible Salamanders to Encryptment

https://eprint.iacr.org/2019/016 - [eprint.iacr.org]
2019-01-10 00:12:11
tags: crypto paper pdf security social

> Message franking enables cryptographically verifiable reporting of abusive content in end-to-end encrypted messaging. Grubbs, Lu, and Ristenpart recently formalized the needed underlying primitive, what they call compactly committing authenticated encryption (AE), and analyzed the security of a number of approaches. But all known secure schemes are still slow compared to the fastest standard AE schemes. For this reason Facebook Messenger uses AES-GCM for franking of attachments such as images or videos. We show how to break Facebook’s attachment franking scheme: a malicious user can send an objectionable image to a recipient but that recipient cannot report it as abuse. The core problem stems from use of fast but non-committing AE, and so we build the fastest compactly committing AE schemes to date. To do so we introduce a new primitive, called encryptment, which captures the essential properties needed. We prove that, unfortunately, schemes with performance profile similar to AES-GCM won’t work. Instead, we show how to efficiently transform Merkle-Damgärd-style hash functions into secure encryptments, and how to efficiently build compactly committing AE from encryptment. Ultimately our main construction allows franking using just a single computation of SHA-256 or SHA-3. Encryptment proves useful for a variety of other applications, such as remotely keyed AE and concealments, and our results imply the first single-pass schemes in these settings as well.

source: green

^

Why have humans never found aliens?

https://www.economist.com/science-and-technology/2018/10/11/why-have-humans-never-found-aliens - [www.economist.com]
2019-01-10 00:07:24
tags: life space

> Dr Tarter reckoned that decades of searching had amounted to the equivalent of dipping a drinking glass into Earth’s oceans at random to see if it contained a fish. Dr Wright and his colleagues built on Dr Tarter’s work to come up with a model that tries to estimate the amount of searching that alien-hunters have managed so far. They considered nine variables, including how distant any putative aliens are likely to be, the sensitivity of telescopes, how big a portion of the electromagnetic spectrum they are able to scan and the time spent doing so. Once the numbers had been crunched, the researchers reckoned humanity has done slightly better than Dr Tarter suggested. Rather than dipping a drinking glass into the ocean, they say, astronomers have dunked a bathtub.

source: DF

^

page two