An interactive study of common retry methods
In this post we’re going to visually explore different methods of retrying requests, demonstrating why some common approaches are dangerous and ultimately ending up at what the best practice is. At the end of this post you will have a solid understanding of what makes safe retry behaviour, and a vivid understanding of what doesn’t.
There are no strings on me
There is a kind of magic to those systems that is worth experiencing. But it’s also worth examining why we prefer to build puppets.
Because I’ve had days where I’ve had to debug my surly emacs boy, and I’ve quickly discovered that his behaviour has very little to do with the code that I’m reading. Methods overridden at runtime, traces that end with a call to a closure that no longer exists, event handlers whose execution order depends on side-effects during module loading, stack-traces which contain multiple different versions of the same function. On the worst days I find myself debugging code that doesn’t even exist on disk but was evaluated in the repl weeks before.
These People Are Responsible for the Cranberry Sauce You Love to Hate
And if we’re talking cranberries, we have to start with Ocean Spray’s canned, jellied cranberry sauce, that jiggly staple of the Thanksgiving table. Somehow this cylindrical blob of sweet, glistening, ruby tartness has become synonymous with America’s most gluttonous day. You know it and love it, unless you hate it, in which case you might use homemade sauce cooked with some of the trillion cranberries that the company’s owners grew. Either way, Ocean Spray wins.
The hidden beauty of Berlin's indoor pools
The German capital is dotted with more than 60 public indoor swimming pools, and many of them are so stunning and tranquil they feel like you’re swimming in an ornate library.
Real-time dreamy Cloudscapes with Volumetric Raymarching
I spent the past few months diving into the realm of Raymarching and studying some of its applications that may come in handy for future 3D projects, and while I managed to build a pretty diverse set of scenes, all of them consisted of rendering surfaces or solid objects. My blog post on Raymarching covered some of the many impressive capabilities of this rendering technique, and as I mentioned at the end of that post, that was only the tip of the iceberg; there is a lot more we can do with it.
One fascinating aspect of Raymarching I quickly encountered in my study was its capacity to be tweaked to render volumes. Instead of stopping the raymarched loop once the ray hits a surface, we push through and continue the process to sample the inside of an object. That is where my obsession with volumetric clouds started, and I think the countless hours I spent exploring the many Sky Islands in Zelda Tears of the Kingdom contributed a lot to my curiosity to learn more about how they work. I thus studied a lot of Shadertoy scenes leveraging many Volumetric Raymarching techniques to render smoke, clouds, and cloudscapes, which I obviously couldn’t resist giving a try rebuilding myself:
Running the “Reflections on Trusting Trust” Compiler
In October 1983, 40 years ago this week, Ken Thompson chose supply chain security as the topic for his Turing award lecture, although the specific term wasn’t used back then. (The field of computer science was still young and small enough that the ACM conference where Ken spoke was the “Annual Conference on Computers.”) Ken’s lecture was later published in Communications of the ACM under the title “Reflections on Trusting Trust.” It is a classic paper, and a short one (3 pages); if you haven’t read it yet, you should. This post will still be here when you get back.
In the lecture, Ken explains in three steps how to modify a C compiler binary to insert a backdoor when compiling the “login” program, leaving no trace in the source code. In this post, we will run the backdoored compiler using Ken’s actual code. But first, a brief summary of the important parts of the lecture.
A tale of /dev/fd
Many versions of Unix provide a /dev/fd directory to work with open file handles as if they were regular files. As usual, the devil is in the details.
Investigating why Steam started picking a random font
And you know what’s special about 2040? It’s after 2038.
Why Is Your NES A TV Station? (That's Weird)
The title doesn’t lie, and the answer is mildly cursed but par for the course. Something I didn’t mention is that this applies to almost all consoles released in the entire decade, and in fact a significant number (like the Colecovision) ONLY had RF out; the NES was one of the first consoles to have composite at all. If I could do it all again I’d mention that. I’d also keep my Casio CZ-1000 instead of throwing it away when I was 25.
"[31m"?! ANSI Terminal security in 2023 and finding 10 CVEs
This paper reflects work done in late 2022 and 2023 to audit for vulnerabilities in terminal emulators, with a focus on open source software. The results of this work were 10 CVEs against terminal emulators that could result in Remote Code Execution (RCE), in addition various other bugs and hardening opportunities were found. The exact context and severity of these vulnerabilities varied, but some form of code execution was found to be possible on several common terminal emulators across the main client platforms of today.
Getting RCE in Chrome with incomplete object initialization in the Maglev compiler
X's two ways to send events to X clients (more or less)
If you hang around people who automate things in their X session, you may have heard of xdotool. If you’ve tried it, you may have noticed that xdotool seems pretty successful in manipulating the windows of X programs, despite the general feelings about SendEvents, and so you might wonder what’s going on here. The answer is that xdotool (and other automation programs) use a second mechanism to inject synthetic events, the XTEST extension (protocol).
Polonius refers to a few things. It is a new formulation of the borrow checker. It is also a specific project that implemented that analysis, based on datalog. Our current plan does not make use of that datalog-based implementation, but uses what we learned implementing it to focus on reimplementing Polonius within rustc.
Arena allocator tips and tricks
Over the past year I’ve refined my approach to arena allocation. With practice, it’s effective, simple, and fast; typically as easy to use as garbage collection but without the costs. Depending on need, an allocator can weigh just 7–25 lines of code — perfect when lacking a runtime. With the core details of my own technique settled, now is a good time to document and share lessons learned. This is certainly not the only way to approach arena allocation, but these are practices I’ve worked out to simplify programs and reduce mistakes.
See also: https://nullprogram.com/blog/2023/09/30/
An easy-to-implement, arena-friendly hash map
Champagne for my real friends
Real pain for my sham friends, real tricks for my meh friends, and finding more like this with NLP
WebGPU Security Technical Report
In this document we outline how WebGPU works through the mind of an attacker, our vulnerability research methodologies, and our thought processes in some of the more difficult research areas. There are many interesting portions of Chrome graphics that we omitted from review to keep scope manageable. While our primary focus was WebGPU, we did explore a few attack surfaces shared by other graphics features. We will interleave background information on WebGPU with descriptions of the important bugs we found. We hope this report will give the security community a deeper understanding of the shape of vulnerabilities we may come to expect with the addition of WebGPU, along with a lens into the vulnerabilities we might encounter in the future.
Getting RCE in Chrome with incorrect side effect in the JIT compiler
In this post, I’ll exploit CVE-2023-3420, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.
Add extra stuff to a "standard" encoding? Sure, why not.
Hold on. protobufs do not work that way! They don’t have their own framing. That’s why recordio was invented, and countless other ways to bundle them up so you know what type they are, how long they are, and all of that other stuff. The actual binary encoding of the protobuf itself is bare bones! So what’s up with this length byte?
The WebP 0day
This means that someone, somewhere, had been caught using an exploit for this vulnerability. But who discovered the vulnerability and how was it being used? How does the vulnerability work? Why wasn’t it discovered earlier? And what sort of impact does an exploit like this have?
There are still a lot of details that are missing, but this post attempts to explain what we know about the unusual circumstances of this bug, and provides a new technical analysis and proof-of-concept trigger for CVE-2023-4863 (“the WebP 0day“).
Apocalypse-Proof - 33 Thomas Street
A windowless telecommunications hub, 33 Thomas Street in New York City embodies an architecture of surveillance and paranoia. That has made it an ideal set for conspiracy thrillers.
When it was completed in Lower Manhattan in 1974, 33 Thomas Street, formerly known as the AT&T Long Lines Building, was intended as the world’s largest facility for connecting long-distance telephone calls. 1 Standing 532 feet — roughly equivalent to a 45-story building — it’s a mugshot for Brutalism, windowless and nearly featureless. Its only apertures are a series of ventilation hoods meant to hide microwave-satellite arrays, which communicate with ground-based relay stations and satellites in space. One of several long lines buildings designed by John Carl Warnecke for the New York Telephone Company, a subsidiary of AT&T, 33 Thomas Street is perhaps the most visually striking project in the architect’s long and influential career. Embodying postwar American economic and military hegemony, the tower broadcasts inscrutability and imperviousness. It was conceived, according to the architect, to be a “skyscraper inhabited by machines.”