Fixing memory leaks in web applications
> Part of the bargain we struck when we switched from building server-rendered websites to client-rendered SPAs is that we suddenly had to take a lot more care with the resources on the user’s device. Don’t block the UI thread, don’t make the laptop’s fan spin, don’t drain the phone’s battery, etc. We traded better interactivity and “app-like” behavior for a new class of problems that don’t really exist in the server-rendered world.
> One of these problems is memory leaks. A poorly-coded SPA can easily eat up megabytes or even gigabytes of memory, continuing to gobble up more and more resources, even as it’s sitting innocently in a background tab. At this point, the page might start to slow to a crawl, or the browser may just terminate the tab and you’ll see Chrome’s familiar “Aw, snap!” page.
danger + opportunity ≠ crisis
> There is a widespread public misperception, particularly among the New Age sector, that the Chinese word for “crisis” is composed of elements that signify “danger” and “opportunity.” I first encountered this curious specimen of alleged oriental wisdom about ten years ago at an altitude of 35,000 feet sitting next to an American executive. He was intently studying a bound volume that had adopted this notorious formulation as the basic premise of its method for making increased profits even when the market is falling. At that moment, I didn’t have the heart to disappoint my gullible neighbor who was blissfully imbibing what he assumed were the gems of Far Eastern sagacity enshrined within the pages of his workbook. Now, however, the damage from this kind of pseudo-profundity has reached such gross proportions that I feel obliged, as a responsible Sinologist, to take counteraction.
Desperate for High-Paying Wall Street Jobs, Penn Students Try Buying Their Way Into the Right Classes
> Five years ago, sophomores like Current might not have been so desperate. Back then, finance companies hired for their all-important junior-year summer internships just a few months ahead of time. But recently, in an attempt to scoop up the best students before anyone else, companies have moved up the timeline. It’s now standard practice for finance firms to recruit sophomores like Current — who has only completed three semesters of college and hasn’t even declared a major — for those same junior-year summer internships a full 18 months in advance.
Elixir and Postgres: A Rarely Mentioned Problem
> Last time, we talked about the magic trick to make your full text searches go fast. This time, I’ll tell you about another performance issue I encountered that probably also affects your performance, at least if you are using Ecto and PostgreSQL.
Top 10 web hacking techniques of 2019
Despite the title, this isn’t so much a roundup of generic techniques but links to write ups of specific exploits. Good coverage.
SoftBank’s $375 Million Bet on Pizza Went Really Bad Really Fast
> By the time Garden headed back down the driveway, he was well on his way to a SoftBank investment of $375 million, with double that money on the table if his business gained traction. But that’s not what happened. Instead, Zume marks one of the biggest recent disappointments in SoftBank’s portfolio. As of this year it no longer makes or delivers pizzas. In January, Zume cut 360 jobs, leaving a little over 300 employees, and said it would focus on packaging and efficiency gains for other food delivery companies.
Levine commentary: https://www.bloomberg.com/opinion/articles/2020-02-14/robot-pizza-trucks-hit-some-bumps
> Just, what a closed loop it is. You run a pizza delivery business. You craft a pitch calculated to convince Masayoshi Son that your pizza delivery business will change the world. You meet with Masayoshi Son. He convinces you that you will change the world. Now you are all believers, all in it together. He hands you piles of money. You go home and weep to your friends, “I am going to change the world.” The friends are like “wait what with the pizzas?” But it is too late for skepticism, you have the money, the robots are in the trucks, they are fanning out across town, the cheese is everywhere, they cannot turn back.
> C++ “move” semantics are simple, but they are still widely misunderstood. This post is an attempt to shed light on that situation.
I like that the appendix is 3 times the article’s length.
Don't touch my clipboard
> You can (but shouldn’t) change how people copy text from your website.
Aperture: Senior QA (2004-2005)
> This project is tricky to write about as there was so much positive and negative emotion involved — a real roller coaster.
A good retrospective on a project that starts going sideways and then really jumps the rails.
What is a 'Weenus' ('Wenis,' 'Weenis')?
> The loose skin at the joint of one’s elbow
The Fairey Rotodyne, the vertical takeoff and landing airliner time forgot
> The phrase “Urban Air Mobility” (UAM) seems like it’s been with us for quite a while, but really it’s only been in widespread use for two or three years. NASA officially recognized UAM in 2017, calling for a market study of remotely piloted or unmanned air passenger and cargo transportation around an urban area. Most people would probably call this the “air taxi” idea—a vision of hundreds of small, unmanned electric multi-copters shuttling two or three passengers from nearby suburbs or city spaces to vertiports at about 100 mph (roughly 161 km/h).
> But if things had worked out differently in the late 1950s and early 1960s, we might have a very different understanding of UAM—something more like mass-transit. We might have had a city-center to city-center 55-passenger vertical take-off and landing (VTOL) airliner shuttling between urban heliports at 180 mph (289 km/h).
> Actually, we did have that, it’s just few people remember. It was called the Fairey Rotodyne.
Announcing NetBSD 9.0
> This release brings significant improvements in terms of hardware support, quality assurance, security, along with new features and hundreds of bug fixes.
Escaping the Chrome Sandbox with RIDL
> Vulnerabilities that leak cross process memory can be exploited to escape the Chrome sandbox. An attacker is still required to compromise the renderer prior to mounting this attack. To protect against attacks on affected CPUs make sure your microcode is up to date and disable hyper-threading (HT).
This is a pretty clear write-up and comes with a nice footnote:
> When I started working on this I was surprised that it’s still exploitable even though the vulnerabilities have been public for a while. If you read guidance on the topic, they will usually talk about how these vulnerabilities have been mitigated if your OS is up to date with a note that you should disable hyper threading to protect yourself fully. The focus on mitigations certainly gave me a false sense that the vulnerabilities have been addressed and I think these articles could be more clear on the impact of leaving hyper threading enabled.
I Add 3-25 Seconds of Latency to Every Page I Visit
> So if you can inject latency into sites artificially, you can reduce the actual impact of the addiction in a controllable way while not denying the enjoyment of the Internet to yourself.
> Hacker News with 100ms latency feels like liquor: Hacker News with 9000ms latency feels like small beer.
> In this blog post I’d like to look at these simple machines up close. I’ll explain how gears affect the properties of rotational motion and how the shape of their teeth is way more sophisticated than it may initially seem.
> Movement is important in this article so most of the visualizations are animated – you can play and pause them by tapping on the button in their bottom left corner. By default the animations are enabled, but if you find them distracting, or you want to save power, you can globally pause all animations, just make sure to unpause them as needed.
This is very neat.
OldNYC: Mapping Historical Photographs
Paved for the people
> “They paved paradise and put up a parking lot,” sings Joni Mitchell. But at Prahran Square, almost the reverse took place. Lyons Architecture and Aspect Studios have transformed a carpark into an urban sanctuary of sorts, an island of open space and amenity in Melbourne’s rapidly densifying suburbs.
George III's collection of military maps
> George III’s collection of military maps comprises some 3,000 maps, views and prints ranging from the disposition of Charles V’s armies at Vienna in 1532 to the Battle of Waterloo (1815).
> Most notable among these are the military maps, prints and drawings collected by his uncle, William Augustus, Duke of Cumberland (1721–65), particularly during his period as Captain General of the British army during the War of the Austrian Succession (1743–8) and the Seven Years War (1756–63).
> The second major collection, bought by George III in 1763, was that of the military prints collected by the Italian art patron, Cassiano dal Pozzo (1588–1657). In addition to these, George III acquired hundreds of maps of contemporary conflicts, such as the American War of Independence (1775–83), and the French and Napoleonic Wars (1792–1815).
Avoiding gaps in IOMMU protection at boot
> But setting things up in the OS isn’t sufficient. If an attacker is able to trigger arbitrary DMA before the OS has started then they can tamper with the system firmware or your bootloader and modify the kernel before it even starts running. So ideally you want your firmware to set up the IOMMU before it even enables any external devices, and newer firmware should actually do this automatically. It sounds like the problem is solved.
95%-ile isn't that good
> Reaching 95%-ile isn’t very impressive because it’s not that hard to do. I think this is one of my most ridiculable ideas. It doesn’t help that, when stated nakedly, that sounds elitist. But I think it’s just the opposite: most people can become (relatively) good at most things.
There are several sections here. Every time I thought I was nearing the end, more content showed up.