The wacky, grueling bike race that captivates a Midwest college town
https://www.washingtonpost.com/sports/interactive/2024/little-500-bike-race-indiana/ [www.washingtonpost.com]
2024-05-14 17:21
tags:
hoipolloi
sports
The Little 500 has been a mainstay at Indiana University for decades, inspiring a movie and the entire campus. Here’s how this year’s dramatic race unfolded.
Opening windows in linux with sockets, bare hands and 200 lines of C
https://hereket.com/posts/from-scratch-x11-windowing/ [hereket.com]
2024-05-09 18:57
tags:
c
format
networking
programming
x11
In this post I want to create a single file C file program to open a windows inside Linux without using xlib or any similar libraries. The idea is to explore X11 protocol and see how it is used to interact with X server to create windows.
source: HN
Development notes from xkcd's "Machine"
https://chromakode.com/post/xkcd-machine/ [chromakode.com]
2024-05-09 08:11
tags:
browser
development
gaming
programming
social
web
It’s a game we’d been dreaming of for years: a giant rube goldberg machine builder in the style of the classic Incredible Machine games, made of a patchwork of machines created by individual xkcd readers. For more details, check out Explain xkcd’s wonderful writeup.
source: HN
Secure Randomness in Go 1.22
https://go.dev/blog/chacha8rand [go.dev]
2024-05-07 06:15
tags:
development
go
programming
random
security
update
Computers aren’t random. On the contrary, hardware designers work very hard to make sure computers run every program the same way every time. So when a program does need random numbers, that requires extra effort. Traditionally, computer scientists and programming languages have distinguished between two different kinds of random numbers: statistical and cryptographic randomness. In Go, those are provided by math/rand and crypto/rand, respectively. This post is about how Go 1.22 brings the two closer together, by using a cryptographic random number source in math/rand (as well as math/rand/v2, as mentioned in our previous post). The result is better randomness and far less damage when developers accidentally use math/rand instead of crypto/rand.
source: HN
Section 230 Applies to Claims Over Hijacked Accounts (Except Maybe Verified Accounts)–Wozniak v. YouTube
https://blog.ericgoldman.org/archives/2024/03/section-230-applies-to-claims-over-hijacked-accounts-except-maybe-verified-accounts-wozniak-v-youtube.htm [blog.ericgoldman.org]
2024-04-30 04:42
tags:
business
opsec
policy
social
The plaintiffs are Silicon Valley legend Steve Wozniak, who had his YouTube account hijacked, and 17 scammed individuals. The plaintiffs sued YouTube. YouTube defended on Section 230 grounds. The lower court dismissed the entire complaint due to 230. On appeal, the appellate court doesn’t analyze the multitudinous causes of action individually. Instead, the appeals court analyzes six different theories the plaintiffs advanced to explain why Section 230 shouldn’t apply. The court finds that Section 230 applies to all six theories and upholds the dismissal, though with one theory, the plaintiffs get another chance to try again.
https://www.courts.ca.gov/opinions/documents/H050042.PDF
Building a GPS Receiver
https://axleos.com/building-a-gps-receiver-part-1-hearing-whispers/ [axleos.com]
2024-04-30 04:33
tags:
article
maps
physics
series
space
tech
visualization
GPS is perhaps one of the most audacious geo-engineering feats ever undertaken, and its traces can be felt with just an antenna and a motive.
All that said, it’s not as though there’s a cacophony of navigation data swarming around you, deafening if you could just hear it. In reality, the GPS signals surrounding you are astoundingly weak. To take an analogy: imagine a normal light bulb, like the one that might be above you now. Pull it twenty thousand kilometers away from the room you’re in, and have it flash, on, off, on, off, a million times a second. Imagine straining your eye to watch the shimmer of the bulb, two Earths away, and listen to what it’s telling you.
source: trivium
Computing Adler32 Checksums at 41 GB/s
https://wooo.sh/adler32.html [wooo.sh]
2024-04-30 04:32
tags:
c
perf
programming
While looking through the fpng source code, I noticed that its vectorized adler32 implementation seemed somewhat complicated, especially given how simple the scalar version of adler32 is. I was curious to see if I could come up with a simpler method, and in doing so, I came up with an algorithm that can be up to 7x faster than fpng’s version, and 109x faster than the simple scalar version.
source: trivium
State of the Terminal
https://gpanders.com/blog/state-of-the-terminal/ [gpanders.com]
2024-04-30 04:31
tags:
development
systems
text
tty
unix
It’s only been in the last couple of years that I’ve begun to dig deep into the inner workings of how terminal emulators, and the applications that run inside of them, really work. I’ve learned that there is a lot of innovation and creative problem solving happening in this space, even though the underlying technology is over half a century old1.
I’ve also found that many people who use terminal based tools (including shells like Bash and editors like Vim) know very little about terminals themselves, or some of the modern features and capabilities they can support.
In this article, we’ll discuss some of the problems that terminal based applications have historically had to deal with (and what the modern solutions are) as well as some features that modern terminal emulators support that you may not be aware of.
source: Dfly
Byte-sized Swift: Building Tiny Games for the Playdate
https://www.swift.org/blog/byte-sized-swift-tiny-games-playdate/ [www.swift.org]
2024-04-30 01:40
tags:
c
development
gaming
programming
swift
I’m excited to share swift-playdate-examples, a technical demonstration of using Swift to build games for Playdate, a handheld game system by Panic.
500 Byte Images: The Haiku Vector Icon Format
http://blog.leahhanson.us/post/recursecenter2016/haiku_icons.html [blog.leahhanson.us]
2024-04-29 20:15
tags:
format
graphics
investigation
This blog post examines the details of the HVIF format using a hex editor and the canonical parser’s source code. In the process of dissecting an example icon, I’ll also show you an optimization bug in the icon image editor.
source: HN
Leaving Rust gamedev after 3 years
https://loglog.games/blog/leaving-rust-gamedev/ [loglog.games]
2024-04-28 02:32
tags:
development
gaming
programming
rust
This post isn’t a scientific evaluation or an A/B study. It’s my personal opinion after trying to make Rust gamedev work for us, a small indie developer (2 people), trying to make enough money to fund our development with it.
source: L
How Not To Release Historic Source Code
https://www.os2museum.com/wp/how-not-to-release-historic-source-code/ [www.os2museum.com]
2024-04-28 02:30
tags:
development
format
retro
text
windows
For practical purposes, old source files are not text files. They are binary files, and must be preserved without modification. It is not OK to take an old source file and convert it to UTF-8. For one thing, UTF-8 didn’t even exist in the times of MASM 5.10 and Microsoft C 5.1, of course old tools can’t deal with it!
source: L
GWP-ASan: Sampling-Based Detection of Memory-Safety Bugs in Production
https://arxiv.org/abs/2311.09394v2 [arxiv.org]
2024-04-19 20:11
tags:
c
development
fuzzing
malloc
paper
pdf
programming
systems
Despite the recent advances in pre-production bug detection, heap-use-after-free and heap-buffer-overflow bugs remain the primary problem for security, reliability, and developer productivity for applications written in C or C++, across all major software ecosystems. Memory-safe languages solve this problem when they are used, but the existing code bases consisting of billions of lines of C and C++ continue to grow, and we need additional bug detection mechanisms.
This paper describes a family of tools that detect these two classes of memory-safety bugs, while running in production, at near-zero overhead. These tools combine page-granular guarded allocation and low-rate sampling. In other words, we added an “if” statement to a 36-year-old idea and made it work at scale.
Randar: A Minecraft exploit that uses LLL lattice reduction to crack server RNG
https://github.com/spawnmason/randar-explanation/blob/master/README.md [github.com]
2024-04-19 01:22
tags:
gaming
java
math
opsec
programming
random
Every time a block is broken in Minecraft versions Beta 1.8 through 1.12.2, the precise coordinates of the dropped item can reveal another player’s location. “Randar” is an exploit for Minecraft which uses LLL lattice reduction to crack the internal state of an incorrectly reused java.util.Random in the Minecraft server, then works backwards from that to locate other players currently loaded into the world.
source: HN
A Curious Phenomenon Called ‘Etak’
https://maphappenings.com/2024/04/11/story-of-etak/ [maphappenings.com]
2024-04-16 19:52
tags:
article
best
cars
hardware
maps
retro
tech
valley
Today, I’d like to tell you about the Etak Navigator, a truly revolutionary product and the world’s first practical vehicle navigation system.
Back in 1985 you used paper maps to navigate, like this one from a Thomas Brother’s map of Los Angeles: A Thomas Brother’s Map. As you can see, the maps weren’t always pretty. By today’s standards it was also supremely difficult and tedious to find locations and even more difficult to work out how to get there. So, when the Etak Navigator launched, it was like something from the future.
source: HN
PuTTY vulnerability vuln-p521-bias
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html [www.chiark.greenend.org.uk]
2024-04-15 20:42
tags:
crypto
hash
networking
security
In all of those cases except P521, the bias introduced by reducing a 512-bit number mod q is negligible. But in the case of P521, where q has 521 bits (i.e. more than 512), reducing a 512-bit number mod q has no effect at all – you get a value of k whose top 9 bits are always zero.
CVE-2024-31497
https://marc.info/?l=oss-security&m=171321011524021&w=2
Law
https://www.smbc-comics.com/comic/law-4 [www.smbc-comics.com]
2024-04-13 00:40
tags:
comic
hoipolloi
policy
If aliens come, [laws] are the first thing we should hide.
OpenBSD 7.5 released
https://marc.info/?l=openbsd-announce&m=171228270018970&w=2 [marc.info]
2024-04-12 22:42
tags:
openbsd
release
The history of computing, as told by the hallways of Microsoft Building 41
https://devblogs.microsoft.com/oldnewthing/20240402-00/?p=109604 [devblogs.microsoft.com]
2024-04-09 23:52
tags:
architecture
design
tech
valley
Each of the six floors of Building 41 is themed after a stage in the development of computing.
The V8 Sandbox
https://v8.dev/blog/sandbox [v8.dev]
2024-04-04 23:37
tags:
browser
javascript
jit
programming
security
After almost three years since the initial design document and hundreds of CLs in the meantime, the V8 Sandbox — a lightweight, in-process sandbox for V8 — has now progressed to the point where it is no longer considered an experimental security feature. Starting today, the V8 Sandbox is included in Chrome’s Vulnerability Reward Program (VRP). While there are still a number of issues to resolve before it becomes a strong security boundary, the VRP inclusion is an important step in that direction. Chrome 123 could therefore be considered to be a sort of “beta” release for the sandbox. This blog post uses this opportunity to discuss the motivation behind the sandbox, show how it prevents memory corruption in V8 from spreading within the host process, and ultimately explain why it is a necessary step towards memory safety.
source: HN