ROP methods have become increasingly sophisticated
But we can identify system behaviours which only ROP code requires
We can contrast this to what Regular Control Flow code needs
And then, find behaviours to block

source: HN

The received wisdom suggests that Unix’s unusual combination of fork() and exec() for process creation was an inspired design. In this paper, we argue that fork was a clever hack for machines and programs of the 1970s that has long outlived its usefulness and is now a liability. We catalog the ways in which fork is a terrible abstraction for the modern programmer to use, describe how it compromises OS implementations, and propose alternatives.

source: L

Determining the airspeed and altitude of a fighter plane is harder than you’d expect. At slower speeds, pressure measurements can give the altitude, air speed, and other “air data”. But as planes approach the speed of sound, complicated equations are needed to accurately compute these values. The Bendix Central Air Data Computer (CADC) solved this problem for military planes such as the F-101 and the F-111 fighters, and the B-58 bomber. This electromechanical marvel was crammed full of 1955 technology: gears, cams, synchros, and magnetic amplifiers. In this blog post I look inside the CADC, describe the calculations it performed, and explain how it performed these calculations mechanically.

As it turns out, there is a reason that there is no good Scheme implementation on WebAssembly: the initial version of WebAssembly is a terrible target if your language relies on the presence of a garbage collector. There have been some advances but this observation still applies to the current standardized and deployed versions of WebAssembly. To better understand this issue, let’s dig into the guts of the system to see what the limitations are.

source: HN

In every modern OS, GPU drivers are split into two parts: a userspace part, and a kernel part. The kernel part is in charge of managing GPU resources and how they are shared between apps, and the userspace part is in charge of converting commands from a graphics API (such as OpenGL or Vulkan) into the hardware commands that the GPU needs to execute.

Between those two parts, there is something called the Userspace API or “UAPI”. This is the interface that they use to communicate between them, and it is specific to each class of GPUs! Since the exact split between userspace and the kernel can vary depending on how each GPU is designed, and since different GPU designs require different bits of data and parameters to be passed between userspace and the kernel, each new GPU driver requires its own UAPI to go along with it.

source: HN

The world’s strongest magnet is a million times stronger than Earth’s magnetic field.

A tour of the National High Magnetic Field Laboratory and its 45 Tesla magnet.

so basically the pixel 7 pro, when you crop and save a screenshot, overwrites the image with the new version, but leaves the rest of the original file in its place

https://twitter.com/ItsSimonTime/status/1636857478263750656

source: L

It’s Art Deco where America seemed to achieve something truly unique.

Original: https://twitter.com/culturaltutor/status/1636566301081579521

This is not the first time my blog has been subject to right-to-be-forgotten (RTBF) takedowns. See, e.g., this post (scroll down for the updates). But every time the RTBF is applied to my blog, it’s probably a wrongful application of a misguided policy and worth relaying here.

essentially the text of the label will be colored white if perceived-lightness<0.453 and black otherwise. However, when the perceived-lightness is very close to the threshold, we don’t trigger the min or max and actually get some sort of grey color for the label.

source: HN

Elevator control panels have long featured two buttons labeled “door open” and “door close.” One of these buttons does pretty much what it says on the label (although I understand that European elevators sometimes have a separate “door hold” button for the most common use of “door open“). The other usually doesn’t seem to, and that has lead to a minor internet phenomenon. Here’s the problem: the internet is wrong, and I am here to set it right.

source: HN

Scientists are increasingly realizing that animals, like people, are individuals. They have distinct tendencies, habits and life experiences that may affect how they perform in an experiment. That means, some researchers argue, that much published research on animal behavior may be biased. Studies claiming to show something about a species as a whole—that green sea turtles migrate a certain distance, say, or how chaffinches respond to the song of a rival—may say more about individual animals that were captured or housed in a certain way, or that share certain genetic features. That’s a problem for researchers who seek to understand how animals sense their environments, gain new knowledge and live their lives.

source: ars

The p-adic numbers are bizarre alternative number systems that are extremely useful in number theory. They arise by changing our notion of what it means for a number to be large. As a real number, 1 billion is huge. But as a 10-adic number, it is tiny!

https://en.wikipedia.org/wiki/P-adic_number

Still, the debugging process we went through here to discover the cause of the problems in the first place is worth sharing from the beginning, as the code in question was particularly bad with plenty of textbook mistakes. Who knows what you might find in your own investigations elsewhere.

Email: https://marc.info/?l=openbsd-tech&m=167734639712745&w=2

source: L

Thus begins the “do not violate the DMCA challenge 2023”. The goal of this challenge is to figure out how to watch Netflix on Asahi Linux without bypassing or otherwise breaking DRM. You may notice that this article is significantly longer than my 280-character publication on doing the latter, from 2019.

We’re on the home stretch now, right? Right??? Not quite, there is one last showstopper for Asahi users, and it’s a big one: Asahi Linux is built to use 16K page sizes. The Widevine blobs available to us only support 4K pages.

source: HN

‘Prompt engineers’ are being hired for their skill in getting AI systems to produce exactly what they want.

An injectable gel tested in living zebrafish can use the animals’ internal chemistry to transform into a conductive polymer.

When the gel is mixed with the recipient’s own metabolites — chemicals generated by the body’s processes — a chain reaction turns it into a solid but flexible material.

source: HN

The futex_waitv syscall is a new syscall through which the process can wait for multiple futexes. The task wakes up when any futex in the list is awakened. This can be used to implement wait on multiple locks and wait lists, etc, without the limitations imposed by using eventfd.

source: L

Exploiting this vulnerability will not be easy: modern memory allocators provide protections against double frees, and the impacted sshd process is unprivileged and heavily sandboxed.

Quick update: we were able to gain arbitrary control of the “rip” register through this bug (i.e., we can jump wherever we want in sshd’s address space) on an unpatched installation of OpenBSD 7.2 (which runs OpenSSH 9.1 by default). This is by no means the end of the story: this was only step 1, bypass the malloc and double-free protections.

source: L

We think of them with revulsion, but a new book wants us to appreciate their redeeming qualities.

Even when the victims aren’t people, there is something about parasites that arouses appalled fascination. The authors of “Parasite” mention the monster in the film “Alien” as a kind of archetype of the gross-outs in which the field abounds. There’s Cymothoa exigua, a louse that destroys fishes’ tongues and then lives in their mouths, performing a tongue’s functions while gorging itself. The fungus Ophiocordyceps unilateralis, which propagates itself by taking over ants’ bodies, has sufficient notoriety that it appears in the video game The Last of Us, where it zombifies people rather than ants.

By and large, Gardner, Diamond, and Racz resist filling their book with nightmarish creatures. As researchers at the University of Nebraska and its affiliated state museum, which has a large parasitological collection, they want to give us a new understanding of parasites, to counter our unalloyed horror and instill a more scientifically nuanced view. They do this by widening our focus, encouraging us to think in terms of ecosystems and evolutionary history. They write about how parasites may keep populations of species in balance, the ways in which they are imperilled by climate change, and what we owe them in terms of our understanding of genetics, organism development, and ancient human migrations.