Have you setup automatic disk unlocking with TPM2 and systemd-cryptenroll or clevis? Then chances are high that your disk can be decrypted by an attacker who just has brief physical access to your machine - with some preparation, 10 minutes will suffice. In this article we will explore how TPM2 based disk decryption works, and understand why many setups are vulnerable to a kind of filesystem confusion attack. We will follow along by exploiting two different real systems (Fedora + clevis, NixOS + systemd-cryptenroll).

source: HN

Physically Based Rendering describes both the mathematical theory behind a modern photorealistic rendering system and its practical implementation. A method known as literate programming combines human-readable documentation and source code into a single reference that is specifically designed to aid comprehension. The book’s leading-edge algorithms, software, and ideas—including new material on GPU ray tracing—equip the reader to design and employ a full-featured rendering system capable of creating stunning imagery.

source: HN

The “range” of a force is a measure of the distance across which it can easily be effective. Some forces, including electric and magnetic forces and gravity, are long-range, able to cause dramatic effects that can reach across rooms, planets, and even galaxies. Short-range forces tail off sharply, and are able to make a significant impact only at distances shorter than their “range”. The weak nuclear force, for instance, dies off at distances ten million times smaller than an atom! That makes its effects on atoms rather slow and rare, which is why it is called “weak”.

source: HN

Go 1.24 is scheduled for release in February, so it’s a good time to explore what’s new. The official release notes are pretty dry, so I prepared an interactive version with lots of examples showing what has changed and what the new behavior is.

source: L

I was pleasantly surprised by the results in Chromium browsers at medium and large container widths. Hyphenation seems conservative and readable, yet there are no unsightly gaps or “rivers” between words. Safari and Firefox hyphenate a bit more frequently, but not distractingly so.

source: L

That’s really weird! Why would top be using all of my CPU? It says 100% usr in the second line. Sometimes the usage showed up as 50% usr and 50% sys. Other times it would show up as 100% sys. And very rarely, it would show 100% idle. In that rare case, top would actually show up with 0% usage as I would expect. The 2.6.28 kernel did not have this problem, so it was something different about my newer kernel.

source: HN

The cargo cult metaphor is commonly used by programmers. This metaphor was popularized by Richard Feynman’s “cargo cult science” talk with a vivid description of South Seas cargo cults. However, this metaphor has three major problems. First, the pop-culture depiction of cargo cults is inaccurate and fictionalized, as I’ll show. Second, the metaphor is overused and has contradictory meanings making it a lazy insult. Finally, cargo cults are portrayed as an amusing story of native misunderstanding but the background is much darker: cargo cults are a reaction to decades of oppression of Melanesian islanders and the destruction of their culture. For these reasons, the cargo cult metaphor is best avoided.

I doubt anyone is going to avoid anything, but the history is very interesting.

One of the innovations that the V7 Bourne shell introduced was built in shell wildcard globbing, which is to say expanding things like *, ?, and so on. Of course Unix had shell wildcards well before V7, but in V6 and earlier, the shell didn’t implement globbing itself; instead this was delegated to an external program, /etc/glob (this affects things like looking into the history of Unix shell wildcards, because you have to know to look at the glob source, not the shell).

source: HN

The research unveils a new attack surface in Windows by exploiting Best-Fit, an internal charset conversion feature. Through our work, we successfully transformed this feature into several practical attacks, including Path Traversal, Argument Injection, and even RCE, affecting numerous well-known applications!

source: HN

California SB 976, “Protecting Our Kids from Social Media Addiction Act,” is one of the multitudinous laws that pretextually claim to protect kids online. Like many such laws nowadays, it’s a gish-gallop compendium of online censorship ideas: Age authentication! Parental consent! Overrides of publishers’ editorial decisions! Mandatory transparency!

NetChoice made a variation of my argument, saying that age authentication always acts as a speed bump for readers accessing desired content. The court says that’s not so. The court notes that “many companies now collect extensive data about users’ activity throughout the internet that allow them to develop comprehensive profiles of each user for targeted advertising” and, mining that data, age authentication could “run in the background” without requiring any affirmative steps from readers to complete the authentication.

Do you ever feel like we aren’t getting the future we were promised, but we are getting the one we were threatened with.

To render any geometric figure to a GPU (with OpenGL / Direct3D / Vulkan / ...), they must first be triangulated, i.e. decomposed as a series of triangles. Some figures are trivial to transform into triangles: for instance, a segment with thickness is represented by a rectangle, which can be rendered with two triangles. But a segment strip with thickness (aka. polyline) is not trivial.

Ultimately, this exploration has been a rabbit hole, also partly due to some digressions along the path — let’s prototype with a bare implementation of GeoGebra in vanilla JavaScript — let’s do a WebGL + WASM demo to verify the algorithm works correctly ... 😅 At least, it gives some fancy interactive visuals for this blog post. 😁

source: HN

Recently I diagnosed and fixed two frame pointer unwinding crashes in Go. The root causes were two flavors of the same problem: buggy assembly code clobbered a frame pointer. By “clobbered” I mean wrote over the value without saving & restoring it. One bug clobbered the frame pointer register. The other bug clobbered a frame pointer saved on the stack. This post explains the bugs, talks a bit about ABIs and calling conventions, and makes some recommendations for how to avoid the bugs.

source: L

Bro, this intro is high-key gonna slap. Just let me cook.

In the early months of 2023, the astronomer Željko Ivezić found himself taking part in a highly unusual negotiation. Ivezić is the 59-year-old director of the Vera Rubin Observatory, a $1 billion telescope that the United States has been developing in the Chilean high desert for more than 20 years. He was trying to reach an agreement that would keep his telescope from compromising America’s national security when it starts stargazing next year.

This task was odd enough for any scientist, and it was made more so by the fact that Ivezić had no idea with whom he was negotiating. “I didn’t even know which agency I was talking to,” he told me on a recent video call from his field office in Chile. Whoever it was would communicate with him only through intermediaries at the National Science Foundation. Ivezić didn’t even know whether one person or several people were on the other side of the exchange. All he knew was that they were very security-minded. Also, they seemed to know a great deal about astronomy.

source: jwz

So let’s implement our own that does both! As we’ll see, it’s much less straightforward, and thus more interesting, than I thought. It’s a whirlwind tour through Unix deeps. If you’re interested in systems programming, Operating Systems, multiplexed I/O, data races, weird historical APIs, and all the ways you can shoot yourself in the foot with just a few system calls, you’re in the right place!

Very good.

source: trivium

We resolve the moving sofa problem by showing that Gerver’s construction with 18 curve sections attains the maximum area.

source: trivium

In my college Data Structures and Algorithms course, we covered B-Trees, but I didn’t grok why I’d choose to use one. As presented, B-Trees were essentially “better” Binary Search Trees, with some hand-waving done that they had improved performance when used in database applications. I remember needing to memorize a bunch of equations to determine the carrying capacity of a M-degree B-Tree, and a vague understanding of B-Tree lookup/insertion/deletion, but not much else. Which is a shame! They’re interesting structures.

source: HN

Rendering outlines is a technique that is often used in games either for aesthetic reasons or for supporting gameplay by using it for highlights and selections around an object. For example in the game Sable, outlines are used to create a comic-book-like style. In The Last of Us, outlines are used to highlight enemies when the player goes into stealth mode.

source: HN

Based on the sharp decline of the G rating, apparently not. Let’s look at the oddities of the broadest film rating.