> We develop a novel technique that uses Facebook’s advertiser interface to check whether a given piece of PII can be used to target some Facebook user, and use this technique to study how Facebook’s advertising service obtains users’ PII. We investigate a range of potential sources of PII, finding that phone numbers and email addresses added as profile attributes, those provided for security purposes such as two-factor authentication, those provided to the Facebook Messenger app for the purpose of messaging, and those included in friends’ uploaded contact databases are all used by Facebook to allow advertisers to target users. These findings hold despite all the relevant privacy controls on our test accounts being set to their most private settings.

source: green

> Our investigation uncovered an online service selling the collected browsing activity data to its subscription members in near real-time. In this report, we delineate the sensitive data source types relevant to the security of individuals and businesses across the globe. We observed two extensions employing dilatory tactics — an effective maneuver for eluding detection — to collect the data. We identified the collection of sensitive data from the internal network environments of Fortune 500 companies.

source: white

> Our solar system collectively hosts nearly 200 known moons, some of which are vibrant worlds in their own right. Take a tour of the major moons in our celestial menagerie, including those that are among the most mystifying—or scientifically intriguing—places in our local neighborhood.

Pretty heavy web page.

source: K

> page allocator freelist randomization

And some other things as well.

> A common task in Go API design is returning a byte slice. In this post I will explore some old techniques and a new one.

> We introduce natural adversarial examples -- real-world, unmodified, and naturally occurring examples that cause classifier accuracy to significantly degrade. We curate 7,500 natural adversarial examples and release them in an ImageNet classifier test set that we call ImageNet-A. This dataset serves as a new way to measure classifier robustness. Like l_p adversarial examples, ImageNet-A examples successfully transfer to unseen or black-box classifiers. For example, on ImageNet-A a DenseNet-121 obtains around 2% accuracy, an accuracy drop of approximately 90%. Recovering this accuracy is not simple because ImageNet-A examples exploit deep flaws in current classifiers including their over-reliance on color, texture, and background cues. We observe that popular training techniques for improving robustness have little effect, but we show that some architectural changes can enhance robustness to natural adversarial examples. Future research is required to enable robust generalization to this hard ImageNet test set.

Also: https://github.com/hendrycks/natural-adv-examples

source: green

> Basically as of now the entropy file saved as /var/lib/systemd/random-seed will not - drumroll - add entropy to the random pool when played back during boot. Actually it will. It will just not be accounted for. So Linux doesn’t know. And continues blocking getrandom(). This is obviously different from SysVinit times2 when /var/lib/urandom/random-seed (that you still have lying around on updated systems) made sure the system carried enough entropy over reboot to continue working right after enough of the system was booted.

And then... it just kinda keeps getting worse. The problem is understandable, the inability to resolve it less so.

> The vertical scrolling effect in the original “The Legend of Zelda” relies on manipulating the NES graphics hardware in a manor likely that was unintended by its designers.

source: L

> Also racing sponsorships, credit ratings, ice-water celebrations and Trump on crypto.

This was a good one.

source: ML

Movie plots, visualized.

source: K

> The bicycle, as we know it today, was not invented until the late 1800s. Yet it was a simple mechanical invention. It would seem to require no brilliant inventive insight, and certainly no scientific background.

Well, not exactly.

source: HN

In which xkcd teaches us about cred stuffing.

> What are “the usual arithmetic conversions”?

source: L

> Let’s talk about files! Most developers seem to think that files are easy.

> In this talk, we’re going to look at how file systems differ from each other and other issues we might encounter when writing to files. We’re going to look at the file “stack“, starting at the top with the file API, moving down to the filesystem, and then moving down to disk.

source: danluu

> This is a tempting and natural viewpoint, but unfortunately this can’t be done in practice without breaking things. To understand this, I’ll outline a series of approaches and then explain why they fail or cause problems.

> Yet in a sign of how hard it can be to reverse the tide of globalization, when Red Wing decided to introduce a new line of work boots here, the process took more than two years.

> When the Ohio-based maker of Red Wing’s Taslan shoelaces closed in the early 2000s, two Red Wing design team members spent months teaching other vendors old-school methods for making laces, dissecting vintage laces and testing ways to texture nylon yarns and weave patterns.

> The New York passport office. Wow. Where to begin?

> modeled off usenet news readers & pine, with an emphasis on getting to ‘timeline zero’

source: L

> QuickJS is a small and embeddable Javascript engine. It supports the ES2019 specification including modules, asynchronous generators and proxies.

source: HN

> Suppose you want to be able to detect in C++ whether a type has been defined. For example, maybe you want to use a type if it exists. This can happen if, say, you are a library like React Native for Windows, and you need to be able to run with different versions of the Windows SDK. Or you’re writing a library where the client can customize the behavior by defining another class with a well-known name. Perhaps you’re trying to mimic C# partial classes.

The road to madness.

https://devblogs.microsoft.com/oldnewthing/20190709-00/?p=102671

https://devblogs.microsoft.com/oldnewthing/20190710-00/?p=102678

https://devblogs.microsoft.com/oldnewthing/20190711-00/?p=102682