And by world, mostly tech media: No wireless. Less space than a nomad. Lame.

source: DF

But what about the environment internal to the application’s run-time—say, making sure that a request servicing a user doesn’t try to modify administrative tables? Enter kwebapp’s new API provisioning facility.

source: Dfly

The ace pilot risking his life to fulfill Richard Branson’s billion-dollar quest to make commercial space travel a reality.

Stucky had piloted SpaceShipTwo on two dozen previous test flights, including three of the four times that it had fired its rocket booster, which was necessary to propel it into space. On October 31, 2014, he watched the fourth such flight from mission control; it crashed in the desert, killing his best friend. On this morning, Stucky would be piloting the fifth rocket-powered flight, on a new iteration of the spaceship. A successful test would restore the program’s lustre.

And a little note at the end, unrelated to the crash:

As it turned out, there had been a glitch in the gyros’ software; the manufacturer had issued a patch, but hadn’t indicated that it fixed a major problem, so Virgin Galactic hadn’t installed it.

Couple notes about ZFS with some highlights of differences between FreeBSD and Solaris kernels.

source: bsdnow

In an effort to continue documenting many of the features and functionality that are useful, here’s a list of just a few that you may find handy the next time you’re working with your data.

source: L

Lots of links here to some good observations.

Simple Risk Measurement is written to help you measure complicated risks using a process that’s simple enough to work out on the back of a napkin and powerful enough to organize a rocket launch.

If you are an engineer motivated by the reduction of risk and are frustrated by how to measure your progress, you may find this documentation useful. Simple Risk Measurement can get you started towards a comprehensive and scientific approach to risk. It is designed to enhance subject matter experts who work with risk, especially those who mitigate complex risks on an ongoing basis.

Grid is public. It’s live right now in the latest Firefox release, Firefox 52.

source: L

Weld provides a runtime API that allows libraries to implement parts of their computation as Weld IR fragments.

But as I crossed over to adulthood, I got a sense that requesting ketchup at restaurants suggested something about me beyond my preferred sauce. I understood that, unlike worldlier condiments such as Sriracha, ketchup isn’t sophisticated, and neither are those who love it. Coming from a working-class background, I didn’t want to broadcast my blue-collar roots every time I ordered fries. I mean, frites. I branched out into aioli, flirted with malt vinegar and generally learned to live without my ketchup.

By the 1890s, the New York Tribune declared tomato ketchup the national condiment of the United States. It was described by food writers of the time as an “incomparable condiment,” and “the sauce of sauces,” according to food historian Andrew F. Smith’s book “Pure Ketchup.”

How many other C++ developers on Linux are banging their heads on the table right now as they search in futility for memory leaks that do not exist?

source: L

Science and theories and experiments, but in the end we don’t seem to know anything.

source: SSC

The OAuth 2.0 protocol itself is insecure. The document specifies some security measures that are optional (which boils down to missing for the casual developer). Apart from that, there are additional loopholes as well.

source: solar

Prove it isn’t random...

source: green

Kernel signal code is a complex maze, it’s very difficult to introduce non-trivial changes without regressions. Over the past month I worked on covering missing elementary scenarios involving the ptrace(2) API. Part of the new tests were marked as expected to success, however a number of them are expected to fail.

source: vermaden

The development of Andromeda was turbulent and troubled, marred by a director change, multiple major re-scopes, an understaffed animation team, technological challenges, communication issues, office politics, a compressed timeline, and brutal crunch.

source: L

Loads faster and works better than a lot of blogs do...

source: L

In essence, the U2F spec only contains three functions: Register, Authenticate, and Check. Register creates a new key-pair. Authenticate signs with an existing key-pair, after the user confirms physical presence, and Check confirms whether or not a key-pair is known to a security key.

One of the main advantages of WPA3 is that, thanks to its underlying Dragonfly handshake, it’s near impossible to crack the password of a network. Unfortunately, we found that even with WPA3, an attacker within range of a victim can still recover the password of the network. This allows the adversary to steal sensitive information such as credit cards, password, emails, and so on, when the victim uses no extra layer of protection such as HTTPS. Fortunately, we expect that our work and coordination with the Wi-Fi Alliance will allow vendors to mitigate our attacks before WPA3 becomes widespread.

A little more commentary on the funny TLS extension found in some printers.

Which brings us to the moral of the story: not only are cryptographic backdoors a terrible idea, but they totally screw up the assigned numbering system for future versions of your protocol.

Actually no, that’s a pretty useless moral. Instead, let’s just say that you can deploy a cryptographic backdoor, but it’s awfully hard to control where it will end up.

source: green