Investigating sources of PII used in Facebook’s targeted advertising
> We develop a novel technique that uses Facebook’s advertiser interface to check whether a given piece of PII can be used to target some Facebook user, and use this technique to study how Facebook’s advertising service obtains users’ PII. We investigate a range of potential sources of PII, finding that phone numbers and email addresses added as profile attributes, those provided for security purposes such as two-factor authentication, those provided to the Facebook Messenger app for the purpose of messaging, and those included in friends’ uploaded contact databases are all used by Facebook to allow advertisers to target users. These findings hold despite all the relevant privacy controls on our test accounts being set to their most private settings.
DataSpii: The catastrophic data leak via browser extensions
> Our investigation uncovered an online service selling the collected browsing activity data to its subscription members in near real-time. In this report, we delineate the sensitive data source types relevant to the security of individuals and businesses across the globe. We observed two extensions employing dilatory tactics — an effective maneuver for eluding detection — to collect the data. We identified the collection of sensitive data from the internal network environments of Fortune 500 companies.
The Atlas of Moons
> Our solar system collectively hosts nearly 200 known moons, some of which are vibrant worlds in their own right. Take a tour of the major moons in our celestial menagerie, including those that are among the most mystifying—or scientifically intriguing—places in our local neighborhood.
Pretty heavy web page.
security things in Linux v5.2
> page allocator freelist randomization
And some other things as well.
Efficient Go APIs with the mid-stack inliner
> A common task in Go API design is returning a byte slice. In this post I will explore some old techniques and a new one.
Natural Adversarial Examples
> We introduce natural adversarial examples -- real-world, unmodified, and naturally occurring examples that cause classifier accuracy to significantly degrade. We curate 7,500 natural adversarial examples and release them in an ImageNet classifier test set that we call ImageNet-A. This dataset serves as a new way to measure classifier robustness. Like l_p adversarial examples, ImageNet-A examples successfully transfer to unseen or black-box classifiers. For example, on ImageNet-A a DenseNet-121 obtains around 2% accuracy, an accuracy drop of approximately 90%. Recovering this accuracy is not simple because ImageNet-A examples exploit deep flaws in current classifiers including their over-reliance on color, texture, and background cues. We observe that popular training techniques for improving robustness have little effect, but we show that some architectural changes can enhance robustness to natural adversarial examples. Future research is required to enable robust generalization to this hard ImageNet test set.
OpenSSH Taking Minutes To Become Available, Booting Takes Half An Hour ... Because Your Server Waits For A Few Bytes Of Randomness
> Basically as of now the entropy file saved as /var/lib/systemd/random-seed will not - drumroll - add entropy to the random pool when played back during boot. Actually it will. It will just not be accounted for. So Linux doesn’t know. And continues blocking getrandom(). This is obviously different from SysVinit times2 when /var/lib/urandom/random-seed (that you still have lying around on updated systems) made sure the system carried enough entropy over reboot to continue working right after enough of the system was booted.
And then... it just kinda keeps getting worse. The problem is understandable, the inability to resolve it less so.
Zelda Screen Transitions are Undefined Behaviour
> The vertical scrolling effect in the original “The Legend of Zelda” relies on manipulating the NES graphics hardware in a manor likely that was unintended by its designers.
Who Can Pay Venezuela’s Debts?
> Also racing sponsorships, credit ratings, ice-water celebrations and Trump on crypto.
This was a good one.
Movie plots, visualized.
Why did we wait so long for the bicycle?
> The bicycle, as we know it today, was not invented until the late 1800s. Yet it was a simple mechanical invention. It would seem to require no brilliant inventive insight, and certainly no scientific background.
Well, not exactly.
How Hacking Works
In which xkcd teaches us about cred stuffing.
No-one knows the type of char + char
> What are “the usual arithmetic conversions”?
> Let’s talk about files! Most developers seem to think that files are easy.
> In this talk, we’re going to look at how file systems differ from each other and other issues we might encounter when writing to files. We’re going to look at the file “stack“, starting at the top with the file API, moving down to the filesystem, and then moving down to disk.
Browers can't feasibly stop web pages from talking to private (local) IP addresses
> This is a tempting and natural viewpoint, but unfortunately this can’t be done in practice without breaking things. To understand this, I’ll outline a series of approaches and then explain why they fail or cause problems.
Red Wing, Iconic U.S. Shoe Maker, Labors Mightily to Bring Production Home
> Yet in a sign of how hard it can be to reverse the tide of globalization, when Red Wing decided to introduce a new line of work boots here, the process took more than two years.
> When the Ohio-based maker of Red Wing’s Taslan shoelaces closed in the early 2000s, two Red Wing design team members spent months teaching other vendors old-school methods for making laces, dissecting vintage laces and testing ways to texture nylon yarns and weave patterns.
The New York City passport office
> The New York passport office. Wow. Where to begin?
fern: a curses-based mastodon client
> modeled off usenet news readers & pine, with an emphasis on getting to ‘timeline zero’
Detecting in C++ whether a type is defined