A big caveat: much of this could be totally wrong. I’ll update it relentlessly when Apple tells us more.

Since this is a security system, the first question you should ask is: who’s the bad guy? The answer in this setting is unfortunate: everyone is potentially a bad guy. That’s what makes this problem so exciting.

source: green

So then I get to tell people, “Well, you get to learn this language to write your document, and then you get to learn that language for actually making your document look like you want it to.” Oh, they’ll love that.

Some nice notes on the complicated nature of unix sockets. And a variety of other kernel details.

And of course, part two, wherein the bugfix is a bug: https://objective-see.com/blog/blog_0x1B.html

source: grugq

It’s like write() but has an offset parameter. Unlike lseek() followed by a write(), multiple threads and processes can, in parallel, safely write to the same file descriptor at different file offsets.

source: HN

Surely the best way to deal with awful people is to complain as loudly and publicly as possible.

Apple’s iOS 12 software update is available today for supported iPhone, iPad, and iPod touch devices, and on the surface, it looks like one of the smallest new iOS releases Apple has pushed out. This isn’t a surprise; Apple said earlier this year that iOS 12 would be more about performance and stability than adding new features.

Airgapped Samsung NC10-14GB 10.2-Inch Blue Netbook (2008), Windows XP SP3, 6 pieces of malware, power cord, restart script, malware

(minimum bid: $1,200,750 - reserve met)

source: MR

Slides from 2014, 2015, 2016 conferences. 2017 this fall.

https://github.com/CppCon

There’s more to it than a ring buffer of packets.

source: HN

This article shows how to construct a non-recursive zip bomb that achieves a high compression ratio by overlapping files inside the zip container. “Non-recursive” means that it does not rely on a decompressor’s recursively unpacking zip files nested within zip files: it expands fully after a single round of decompression. The output size increases quadratically in the input size, reaching a compression ratio of over 28 million (10 MB → 281 TB) at the limits of the zip format. Even greater expansion is possible using 64-bit extensions. The construction uses only the most common compression algorithm, DEFLATE, and is compatible with most zip parsers.

source: HN

Most modern programming languages have a function somewhere in their standard library for splitting strings.

What should it return?

source: L

There’s a convenient punching bag for many of these failures: outdated government technology, and outdated approaches to tech by the bureaucracy. But try to fix that through policy change and you’ll find it’s turtles all the way down. The levers leaders use to fix tech are the same ones they use to steer the economy, improve government-funded healthcare, manage immigration, and even strengthen our national defense. We increase budgets, cut budgets, make new rules, and hold hearings, but the tools we use to fix our tools aren’t working either.

The people on this project knew quite well that using this ESB was a terrible idea. They’d have been relieved to just throw it out, plug in the simple protocol, and move on. But they couldn’t. It was a requirement in their contract. The contracting officers had required it because a policy document called the Air Force Enterprise Architecture had required it. The Air Force Enterprise Architecture required it because the Department of Defense Enterprise Architecture required it. And the DoD Enterprise Architecture required it because the Federal Enterprise Architecture, written by the Chief Information Officers Council, convened by the White House at the request of Congress, had required it. Was it really possible that this project was delayed indefinitely, racking up cost overruns in the billions, because Congress has ordered the executive branch to specify something as small and technical as an ESB?

Jack beat them all, winning the contest and demonstrating not only his enormous skills in securing critical national security systems, but an incredible enthusiasm for serving his country. He was a dream candidate, and the Defense Digital Service (DDS), the team that had sponsored the Hack the Pentagon contest, encouraged Jack to apply for a job. But the resume Jack submitted described his experience developing “mobile applications in IonicJS, mobile applications using Angular, and APIs using Node.js, MongoDB, npm, Express gulp, and Babel”. This would have given a technical manager a good sense of the range of his skills, but no one technical reviewed his resume. DoD’s hiring protocols, like those of most agencies, required that it be reviewed by an HR staffer with a background in government hiring rules, not technology. The staffer saw what looked like a grab bag of gobbledygook and tried to match it to the job description, which required “experience that demonstrated accomplishment of computer-project assignments that required a wide range of knowledge of computer requirements and techniques pertinent to the position to be filled.” The fact that he’d just beat out 600 other security researchers meant nothing. His resume was deemed “not minimally qualified” and didn’t make the first cut.

It built the city. Now, no matter the cost — at least $100 billion — the city must rebuild it to survive.

It was the arrival of the subway that transformed a seedy neighborhood called Longacre Square into Times Square, that helped turn a single square mile surrounding the Wall Street station into the center of global finance, that made Coney Island an amusement park for the masses. It was the subway that fueled the astonishing economic growth that built the city’s iconic skyscrapers. Other cities had subways, but none threaded through nearly as many neighborhoods as New York’s, enabling it to move large numbers of workers between Manhattan and the middle-class boroughs — a cycle that repeated itself every day, generating ever more wealth and drawing in ever more people.

We will run 8,477 one-way trips over the course of a day. We hope to have 8,477 on-time trains. We’re not going to do it today.

Some cool photos, too.

The empirical evidence on shareholder activism and short-termism is, in fact, mixed.

In a paper recently posted on SSRN, Short-Termism and Shareholder Payouts: Getting Corporate Capital Flows Right, we explain that these shareholder-payout figures fail to provide convincing evidence—or indeed any evidence of harmful short-termism—because they are an incomplete and misleading measure of public-firm capital flows.

source: ML

Down the X.509 rabbit hole.

source: R

We introduce the problem of perpetual view generation—long-range generation of novel views corresponding to an arbitrarily long camera trajectory given a single image. This is a challenging problem that goes far beyond the capabilities of current view synthesis methods, which work for a limited range of viewpoints and quickly degenerate when presented with a large camera motion. Methods designed for video generation also have limited ability to produce long video sequences and are often agnostic to scene geometry. We take a hybrid approach that integrates both geometry and image synthesis in an iterative render, refine, and repeat framework, allowing for long-range generation that cover large distances after hundreds of frames. Our approach can be trained from a set of monocular video sequences without any manual annotation. We propose a dataset of aerial footage of natural coastal scenes, and compare our method with recent view synthesis and conditional video generation baselines, showing that it can generate plausible scenes for much longer time horizons over large camera trajectories compared to existing methods.

https://arxiv.org/abs/2012.09855

https://github.com/google-research/google-research/tree/master/infinite_nature

source: HN

the volume of papers has expanded rapidly, but the time I’d normally allocate to reading them has been eroded by other commitments (as evidenced by a pile of printed papers gathering dust on my desk). In the end, I decided to tackle this problem by progressively a) collating papers I could read, then b) reading them one-by-one, but in no particular order, and attempting to summarise their contribution (and so organise the sub-field as a whole in my head). MASCAB is the result: after starting to advise MSc and PhD students on how to navigate the sub-field, it seems likely to be of use to others as well.

The board of the Metropolitan Transportation Authority voted to approve a new $15 toll to drive into Manhattan. The plan still faces challenges from six lawsuits before it can begin in June.

In which scratching the surface of hashCode() leads to a speleology trip through the JVM source reaching object layout, biased locking, and surprising performance implications of relying on the default hashCode().

source: L