Western Digital’s ​Microwave Assisted Magnetic Recording (MAMR) drives use platters very similar to those in the current-generation PMR drives*. This means that the innovation to enable MAMR is mainly to do with the heads that perform read and write operations.

Production-level HDDs based on MAMR technology are expected to start shipping in 2019.

What make things worse is that many clients will automatically reload and reparse the image on open, triggering the vulnerability again and again, lead to infinite loop and eliminating the need for attacker to persistent.

Sigh.

An attacker can craft an image of negative height and weight, thus bypassing the check comparing to file size, lead to following out-of-bound.

Sigh.

However they do not have check on PNG extension, allowing me to upload the malformed GIF image in PNG extension, bypassing the check and crashes whoever receives it.

Sigh. Sigh. Sigh.

Dick Hamming once told me ruefully that if he’d only had the sense not to be limited by the hardware available to him at the time, the Fast Fourier Transform might have been named after him.

In this post, we provide details of the mechanisms of how we will establish a hardware root of trust using our custom chip, Titan.

The difference in behavior between my system and the OpenBSD project’s package build machines resulted from that plague of ports developers, hidden dependencies.

source: L

In this post, we will explore how Unix pipes are implemented in Linux by iteratively optimizing a test program that writes and reads data through a pipe.

We will proceed as follows:
A first slow version of our pipe test bench;
How pipes are implemented internally, and why writing and reading from them is slow;
How the vmsplice and splice syscalls let us get around some (but not all!) of the slowness;
A description of Linux paging, leading up to a faster version using huge pages;
The final optimization, replacing polling with busy looping;
Some closing thoughts.

source: L

By the time opponents know what’s hit them, it’s already too late. This is how the Warriors crush -- and how the NBA fails to fight back.

No actual answer of course, just some interesting stats. The team that scores more points usually wins.

When I say “these devices don’t use strong authentication” I’m not joking. The core defense is 24-bit RSA. No, that’s not a typo.

it does seem like there is a nontrivial failure rate

source: green

I was drawn to this paper to try and find out what’s behind the stunning rate of progress. The large-scale GANs (can I say LS-GAN?) trained here set a new state-of-the-art in class-conditional image synthesis.

So what’s the secret to LS-GANs success? Partly of course it’s just a result of scaling up the models – but interestingly by going wide rather than deep. However, GANs were already notoriously difficult to train (‘unstable’), and scaling things up magnifies the training issues too. So the other part of the innovation here is figuring out how to maintain stability at scale. It’s less one big silver bullet, and more a clever aggregation of techniques from the deep learning parts bin. All in all, it has the feel to me of reaching the upper slopes of an ‘s’-curve such that we might need something new to get us onto the next curve. But hey, with the amazing rates of progress we’ve been seeing I could well be wrong about that.

In this blogpost I present several novel techniques I used to exploit a 0-day double-free bug in hardened Linux kernels (i.e. KernelCTF mitigation instances) with 93%-99% success rate. The underlying bug is input sanitization failure of netfilter verdicts. Hence, the requirements for the exploit are that nf_tables is enabled and unprivileged user namespaces are enabled. The exploit is data-only and performs an kernel-space mirroring attack (KSMA) from userland with the novel Dirty Pagedirectory technique (pagetable confusion), where it is able to link any physical address (and its permissions) to virtual memory addresses by performing just read/writes to userland addresses.

Also: https://github.com/Notselwyn/CVE-2024-1086

source: HN

Fifty years ago, 5 unmanned lunar orbiters circled the moon, taking extremely high resolution photos of the surface. They were trying to find the perfect landing site for the Apollo missions. They would be good enough to blow up to 40 x 54ft images that the astronauts would walk across looking for the great spot. After their use, the images were locked away from the public, as at the time they would have revealed the superior technology of the USA’s spy satellite cameras, which the orbiters cameras were designed from. Instead the images from that time were grainy and low resolution, made to be so by NASA.

source: HN

While working on sodium_compat, our pure-PHP implementation of libsodium, it has come to our attention that a lot of the engineering decisions we’ve made to minimize the risk of side-channels aren’t well-known outside of our development team.

source: HN

I wish there was better zoom support. You can open the images directly to see them at full size, but then the labels disappear.

Ultimately, we recommend that projects either migrate entirely to the Hack language, or entirely to PHP7 and the PHP runtime.

source: L

Not actually sorting, but not shuffling, which may have been a hint, but an interesting investigation.

The third party doctrine is obsolete. 88 pages of legal commentary and citations.

The alignment requirements are ambiguous in how they affect small allocations (sizes less than _Alignof(max_align_t)). Some implementations interpret this sentence to require _Alignof(max_align_t)-alignment even for allocation sizes that could not hold an object with that alignment. This is referred to as the strong-alignment reading. Other implementations interpret this sentence as requiring the returned memory to be aligned only enough to accommodate those types that could inhabit the returned memory. In particular, because sizeof(T) >= _Alignof(T) for all portably defined types T, allocations with sizes smaller than _Alignof(max_align_t) need only be aligned to the largest power of two less than or equal to the requested size. This is referred to as the weak-alignment reading.

The central irony (‘combination of circumstances, the result of which is the direct opposite of what might be expected’) referred to in this paper is that the more we automate, and the more sophisticated we make that automation, the more we become dependent on a highly skilled human operator.

This is a very good commentary and history, but I really enjoyed his thoughts on principles of impotence.

There is therefore a strong temptation, after one has failed in a particular experiment or line of development, to believe that one is up against a principle of impotence, and with a little ingenuity such a principle can usually be postulated to explain one’s failure.

Failure is not indicative of impossibility!

Another article with more details of particular operations: https://www.cia.gov/library/center-for-the-study-of-intelligence/kent-csi/vol6no3/html/v06i3a05p_0001.htm

A third with a slightly different take: https://www.cia.gov/library/center-for-the-study-of-intelligence/kent-csi/vol38no5/html/v38i5a05p.htm

source: grugq