> But there are still consequences for making mistakes. First of all, print editions aren’t dead yet, and the appearance of minor factual errors and boo-boos such as the buy-a-vowel caption below (in The Philadelphia Inquirer) is not only embarrassing but has the effect of subtly eroding the confidence readers have in the publication’s coverage of important things.

> We have computed the very first chosen-prefix collision for SHA-1. In a nutshell, this means a complete and practical break of the SHA-1 hash function, with dangerous practical implications if you are still using this hash function. To put it in another way: all attacks that are practical on MD5 are now also practical on SHA-1.

source: L

> This is about some dead ends when trying to fix the problem of Rust’s async networking fragmentation. I haven’t been successful, but I can at least share what I tried and discovered, maybe someone else is having the same bugging feeling so they don’t have to repeat them. Or just maybe some of the approaches would work for some other problems. And because we have a bunch of success stories out there, having some failure stories to balance it doesn’t hurt.

> Every line of code written comes at a price: maintenance. To avoid paying for a lot of code, we build reusable software. The problem with code re-use is that it gets in the way of changing your mind later on.

source: L

> This leads to a question I am frequently asked: Which way should FreeBSD users launch their instances? The answer, as usual, is “it depends”. Here are some of the advantages of each option, to help you decide which to use.

> The so-called “legacy” add-on technology which NoScript has been built with is going to be banned very soon; therefore, like too often in real life, it’s either migrate or die.

source: L

> I’ll list some of them here and some of the thinking behind them. Just about everything here has happened at some point in time, and probably has happened more than once... way more than once.

I like a lot of this. Very much.

> On the other hand, if you only need 53 bits of your 64 bit numbers, and enjoy blowing CPU on ridiculously inefficient marshaling and unmarshaling steps, hey, it’s your funeral.

> When stated in terms of lifetime dollar wealth creation, the entire net gain in the U.S. stock market since 1926 is attributable to the best-performing four percent of listed stocks, as the other ninety six percent collectively matched one-month Treasury bills. These results highlight the important role of positive skewness in the cross-sectional distribution of stock returns.

Lots of little interesting facts about stocks over time.

> The anomalies literature is infested with widespread p-hacking.

News article: https://www.bloomberg.com/news/articles/2017-05-08/forget-factors-paper-says-most-market-anomalies-are-imaginary

source: MR

> Over the last three weeks I’ve been working on a new randomization

feature which will protect the kernel.

I guess this is kind of interesting (if you click on enough twitter t.co links, somebody can deduce the set of users who have seen those tweets), but real world exploitation seems like it would be more likely the watchers already know who you are.

Paper: http://randomwalker.info/publications/browsing-history-deanonymization.pdf

source: grugq

Nicely organized by topic. All the tags...

source: HN

A better CRAM-MD5. Interesting to consider, probably would not use in production.

source: solar

> This is an online edition of the classic technical reference Five Hundred and Seven Mechanical Movements by Henry T. Brown.

> This site contains the original illustrations and text from the 21st edition of the book, published in 1908. It also includes animated versions of the illustrations, and occasional notes by the webmaster.

source: K

Sophisticated and interesting and more.

Also: https://pwnies.com/archive/2017/nominations/

source: solar

> Over the last few years, I’ve come across more and more research papers based, in some way, on the ‘Common Language Runtime’ (CLR). So armed with Google Scholar and ably assisted by Semantic Scholar, I put together the list below.

> This release brings stability improvements, hundreds of bug fixes, and many new features.

> We support older releases, but due to the mass of recent urgent fixes and a lot of work having been done to harden NetBSD in general, we are not backporting the CPU errata related workarounds and mitigations to older release branches!

source: L

Hand drawn animation.

source: K

> Based on the items identified through the comprehensive security review, an attacker could gain unauthorized access to platform, Intel® ME feature, and 3rd party secrets protected by the Intel® Management Engine (ME), Intel® Server Platform Service (SPS), or Intel® Trusted Execution Engine (TXE).

Plenty of bugs to go around.

source: L

> I think it’s perfectly obvious that I am skulking!