Synthetic Memory Protections - An update on ROP mitigations
https://www.openbsd.org/papers/csw2023.pdf [www.openbsd.org]
2023-03-25 19:35
tags:
cpu
defense
malloc
openbsd
pdf
security
slides
systems
ROP methods have become increasingly sophisticated
But we can identify system behaviours which only ROP code requires
We can contrast this to what Regular Control Flow code needs
And then, find behaviours to block
source: HN
A fork() in the road
https://www.microsoft.com/en-us/research/uploads/prod/2019/04/fork-hotos19.pdf [www.microsoft.com]
2023-03-25 04:02
tags:
malloc
paper
pdf
programming
systems
unix
The received wisdom suggests that Unix’s unusual combination of fork() and exec() for process creation was an inspired design. In this paper, we argue that fork was a clever hack for machines and programs of the 1970s that has long outlived its usefulness and is now a liability. We catalog the ways in which fork is a terrible abstraction for the modern programmer to use, describe how it compromises OS implementations, and propose alternatives.
source: L
Inside the amazingly mechanical Bendix Central Air Data Computer
http://www.righto.com/2023/02/bendix-central-air-data-computer-cadc.html [www.righto.com]
2023-03-25 00:33
tags:
flying
hardware
photos
physics
retro
Determining the airspeed and altitude of a fighter plane is harder than you’d expect. At slower speeds, pressure measurements can give the altitude, air speed, and other “air data”. But as planes approach the speed of sound, complicated equations are needed to accurately compute these values. The Bendix Central Air Data Computer (CADC) solved this problem for military planes such as the F-101 and the F-111 fighters, and the B-58 bomber. This electromechanical marvel was crammed full of 1955 technology: gears, cams, synchros, and magnetic amplifiers. In this blog post I look inside the CADC, describe the calculations it performed, and explain how it performed these calculations mechanically.
A world to win - WebAssembly for the rest of us
https://www.wingolog.org/archives/2023/03/20/a-world-to-win-webassembly-for-the-rest-of-us [www.wingolog.org]
2023-03-20 22:09
tags:
functional
garbage-collection
lisp
programming
transcript
wasm
As it turns out, there is a reason that there is no good Scheme implementation on WebAssembly: the initial version of WebAssembly is a terrible target if your language relies on the presence of a garbage collector. There have been some advances but this observation still applies to the current standardized and deployed versions of WebAssembly. To better understand this issue, let’s dig into the guts of the system to see what the limitations are.
source: HN
Paving the Road to Vulkan on Asahi Linux
https://asahilinux.org/2023/03/road-to-vulkan/ [asahilinux.org]
2023-03-20 18:25
tags:
concurrency
gl
graphics
linux
programming
systems
In every modern OS, GPU drivers are split into two parts: a userspace part, and a kernel part. The kernel part is in charge of managing GPU resources and how they are shared between apps, and the userspace part is in charge of converting commands from a graphics API (such as OpenGL or Vulkan) into the hardware commands that the GPU needs to execute.
Between those two parts, there is something called the Userspace API or “UAPI”. This is the interface that they use to communicate between them, and it is specific to each class of GPUs! Since the exact split between userspace and the kernel can vary depending on how each GPU is designed, and since different GPU designs require different bits of data and parameters to be passed between userspace and the kernel, each new GPU driver requires its own UAPI to go along with it.
source: HN
World's Strongest Magnet!
https://www.youtube.com/watch?v=g0amdIcZt5I [www.youtube.com]
2023-03-20 06:39
tags:
physics
science
tech
video
The world’s strongest magnet is a million times stronger than Earth’s magnetic field.
A tour of the National High Magnetic Field Laboratory and its 45 Tesla magnet.
Exploiting aCropalypse: Recovering Truncated PNGs
https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html [www.da.vidbuchanan.co.uk]
2023-03-18 19:40
tags:
android
compression
exploit
format
graphics
opsec
security
Art Deco skyscrapers were America's greatest contribution to the world of architecture
https://honk.tedunangst.com/u/tedu/h/26rL8N1X4RZgdRhzY3 [honk.tedunangst.com]
2023-03-18 01:12
tags:
architecture
photos
urban
Venkat’s Blog Post Unjustly Removed from Google Search Results Due to EU RTBF Takedown
https://blog.ericgoldman.org/archives/2023/03/venkats-blog-post-unjustly-removed-from-google-search-results-due-to-eu-rtbf-takedown.htm [blog.ericgoldman.org]
2023-03-17 22:55
tags:
policy
web
This is not the first time my blog has been subject to right-to-be-forgotten (RTBF) takedowns. See, e.g., this post (scroll down for the updates). But every time the RTBF is applied to my blog, it’s probably a wrongful application of a misguided policy and worth relaying here.
Why some GitHub labels are illegible
https://firsching.ch/github_labels.html [firsching.ch]
2023-03-14 22:48
tags:
design
graphics
html
ux
web
essentially the text of the label will be colored white if perceived-lightness<0.453 and black otherwise. However, when the perceived-lightness is very close to the threshold, we don’t trigger the min or max and actually get some sort of grey color for the label.
source: HN
the door close button
https://computer.rip/2023-03-13-the-door-close-button.html [computer.rip]
2023-03-14 18:19
tags:
article
factcheck
hoipolloi
life
media
ux
Elevator control panels have long featured two buttons labeled “door open” and “door close.” One of these buttons does pretty much what it says on the label (although I understand that European elevators sometimes have a separate “door hold” button for the most common use of “door open“). The other usually doesn’t seem to, and that has lead to a minor internet phenomenon. Here’s the problem: the internet is wrong, and I am here to set it right.
source: HN
Animal personalities can trip up science, but there’s a solution
https://arstechnica.com/science/2023/03/animal-personalities-can-trip-up-science-but-theres-a-solution/ [arstechnica.com]
2023-03-13 04:03
tags:
ideas
paper
science
Scientists are increasingly realizing that animals, like people, are individuals. They have distinct tendencies, habits and life experiences that may affect how they perform in an experiment. That means, some researchers argue, that much published research on animal behavior may be biased. Studies claiming to show something about a species as a whole—that green sea turtles migrate a certain distance, say, or how chaffinches respond to the song of a rival—may say more about individual animals that were captured or housed in a certain way, or that share certain genetic features. That’s a problem for researchers who seek to understand how animals sense their environments, gain new knowledge and live their lives.
source: ars
1 Billion is Tiny in an Alternate Universe: Introduction to p-adic Numbers
https://www.youtube.com/watch?v=3gyHKCDq1YA [www.youtube.com]
2023-03-11 08:22
tags:
math
video
The p-adic numbers are bizarre alternative number systems that are extremely useful in number theory. They arise by changing our notion of what it means for a number to be large. As a real number, 1 billion is huge. But as a 10-adic number, it is tiny!
https://en.wikipedia.org/wiki/P-adic_number
Discovering one bug after another in the UTF-8 decoding logic in OpenBSD, then going on to fix other aspects of related code.
https://research.exoticsilicon.com/articles/unbreaking_utf8_on_the_console [research.exoticsilicon.com]
2023-03-10 20:32
tags:
bugfix
investigation
openbsd
programming
text
tty
Still, the debugging process we went through here to discover the cause of the problems in the first place is worth sharing from the beginning, as the code in question was particularly bad with plenty of textbook mistakes. Who knows what you might find in your own investigations elsewhere.
Email: https://marc.info/?l=openbsd-tech&m=167734639712745&w=2
source: L
The Quest for Netflix on Asahi Linux
https://www.da.vidbuchanan.co.uk/blog/netflix-on-asahi.html [www.da.vidbuchanan.co.uk]
2023-03-09 21:59
tags:
browser
cloud
development
investigation
library
linux
turtles
Thus begins the “do not violate the DMCA challenge 2023”. The goal of this challenge is to figure out how to watch Netflix on Asahi Linux without bypassing or otherwise breaking DRM. You may notice that this article is significantly longer than my 280-character publication on doing the latter, from 2019.
We’re on the home stretch now, right? Right??? Not quite, there is one last showstopper for Asahi users, and it’s a big one: Asahi Linux is built to use 16K page sizes. The Widevine blobs available to us only support 4K pages.
source: HN
Tech’s hottest new job: Prompt Engineer
https://www.washingtonpost.com/technology/2023/02/25/prompt-engineers-techs-next-big-job/ [www.washingtonpost.com]
2023-02-26 22:22
tags:
ai
business
development
valley
‘Prompt engineers’ are being hired for their skill in getting AI systems to produce exactly what they want.
Electrodes build themselves inside the bodies of live fish
https://www.nature.com/articles/d41586-023-00544-w [www.nature.com]
2023-02-26 21:54
tags:
biology
chemistry
An injectable gel tested in living zebrafish can use the animals’ internal chemistry to transform into a conductive polymer.
When the gel is mixed with the recipient’s own metabolites — chemicals generated by the body’s processes — a chain reaction turns it into a solid but flexible material.
source: HN
The futex_waitv() syscall and gaming on Linux
https://www.collabora.com/news-and-blog/blog/2023/02/17/the-futex-waitv-syscall-gaming-on-linux/ [www.collabora.com]
2023-02-17 23:48
tags:
concurrency
gaming
linux
perf
programming
systems
The futex_waitv syscall is a new syscall through which the process can wait for multiple futexes. The task wakes up when any futex in the list is awakened. This can be used to implement wait on multiple locks and wait lists, etc, without the limitations imposed by using eventfd.
source: L
double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)
https://marc.info/?l=oss-security&m=167628974320957&w=2 [marc.info]
2023-02-16 20:18
tags:
exploit
malloc
openbsd
programming
security
Exploiting this vulnerability will not be easy: modern memory allocators provide protections against double frees, and the impacted sshd process is unprivileged and heavily sandboxed.
Quick update: we were able to gain arbitrary control of the “rip” register through this bug (i.e., we can jump wherever we want in sshd’s address space) on an unpatched installation of OpenBSD 7.2 (which runs OpenSSH 9.1 by default). This is by no means the end of the story: this was only step 1, bypass the malloc and double-free protections.
source: L
In Praise of Parasites?
https://www.newyorker.com/magazine/2022/12/12/in-praise-of-parasites [www.newyorker.com]
2023-02-16 03:05
tags:
biology
We think of them with revulsion, but a new book wants us to appreciate their redeeming qualities.
Even when the victims aren’t people, there is something about parasites that arouses appalled fascination. The authors of “Parasite” mention the monster in the film “Alien” as a kind of archetype of the gross-outs in which the field abounds. There’s Cymothoa exigua, a louse that destroys fishes’ tongues and then lives in their mouths, performing a tongue’s functions while gorging itself. The fungus Ophiocordyceps unilateralis, which propagates itself by taking over ants’ bodies, has sufficient notoriety that it appears in the video game The Last of Us, where it zombifies people rather than ants.
By and large, Gardner, Diamond, and Racz resist filling their book with nightmarish creatures. As researchers at the University of Nebraska and its affiliated state museum, which has a large parasitological collection, they want to give us a new understanding of parasites, to counter our unalloyed horror and instill a more scientifically nuanced view. They do this by widening our focus, encouraging us to think in terms of ecosystems and evolutionary history. They write about how parasites may keep populations of species in balance, the ways in which they are imperilled by climate change, and what we owe them in terms of our understanding of genetics, organism development, and ancient human migrations.