Stealing the Socket for Policy and Profit
https://cybersecpolitics.blogspot.com/2018/04/stealing-socket-for-policy-and-profit.html [cybersecpolitics.blogspot.com]
2018-04-28 20:58
tags:
cpu
exploit
networking
retro
security
windows
Generic shellcode platforms are often derided for not being worth the effort by penetration testers, but I hope by reading this article you have now gained the foresight to see that for real work, by skilled but small teams who cannot afford a room of Raytheon engineers to architect bespoke solutions to every exploit and operation’s microclimate, this became a necessary investment.
A High Line Plan Emerges in Newark, N.J.
https://www.wsj.com/articles/a-high-line-plan-emerges-in-newark-n-j-1486343847 [www.wsj.com]
2017-02-06 14:12
tags:
architecture
life
urban
A raised pedestrian bridge is one of the signature features of a 22-acre public-private redevelopment project called Mulberry Commons, unveiled by the city of Newark and developers last month.
The Synchronization of Periodic Routing Messages
https://www.icir.org/floyd/papers/sync_94.pdf [www.icir.org]
2019-09-06 22:05
tags:
compsci
networking
paper
pdf
perf
random
systems
The paper considers a network with many apparently-independent periodic processes and discusses one method by which these processes can inadvertently become synchronized. In particular, we study the synchronization of periodic routing messages, and offer guidelines on how to avoid inadvertent synchronization. Using simulations and analysis, we study the process of synchronization and show that the transition from unsynchronized to synchronized traffic is not one of gradual degradation but is instead a very abrupt ‘phase transition’: in general, the addition of a single router will convert a completely unsynchronized traffic stream into a completely synchronized one. We show that synchronization can be avoided by the addition of randomization to the traffic sources and quantify how much randomization is necessary. In addition, we argue that the inadvertent synchronization of periodic processes is likely to become an increasing problem in computer networks.
Hidden Voice Commands
http://www.hiddenvoicecommands.com/ [www.hiddenvoicecommands.com]
2017-01-08 21:39
tags:
ai
defense
exploit
ioshit
paper
security
Creating abusive sounds that computers recognize but humans don’t.
How David Fincher Hijacks Your Eyes
https://www.youtube.com/watch?v=GfqD5WqChUY [www.youtube.com]
2017-10-18 21:09
tags:
movie
video
Careful camera tracking.
source: K
Nouns, verbs, and ontological metaphors
http://languagelog.ldc.upenn.edu/nll/?p=30222 [languagelog.ldc.upenn.edu]
2017-01-05 18:33
tags:
factcheck
ideas
language
Does the ratio of nouns to verbs reveal anything about our thought process?
(Spoiler: measurement error.)
Investigating sources of PII used in Facebook’s targeted advertising
https://mislove.org/publications/PII-PETS.pdf [mislove.org]
2019-07-19 02:43
tags:
investigation
opsec
paper
pdf
social
valley
web
We develop a novel technique that uses Facebook’s advertiser interface to check whether a given piece of PII can be used to target some Facebook user, and use this technique to study how Facebook’s advertising service obtains users’ PII. We investigate a range of potential sources of PII, finding that phone numbers and email addresses added as profile attributes, those provided for security purposes such as two-factor authentication, those provided to the Facebook Messenger app for the purpose of messaging, and those included in friends’ uploaded contact databases are all used by Facebook to allow advertisers to target users. These findings hold despite all the relevant privacy controls on our test accounts being set to their most private settings.
source: green
A better way to calculate pitch range
http://languagelog.ldc.upenn.edu/nll/?p=40788 [languagelog.ldc.upenn.edu]
2018-11-27 20:25
tags:
biology
language
life
math
physics
Today’s topic is a simple solution to a complicated problem. The complicated problem is how to estimate “pitch range” in recordings of human speakers. As for the simple solution — wait and see.
You might think that the many differences between the perceptual variable of pitch and the physical variable of fundamental frequency (“f0“) arise because perception is complicated and physics is simple. But if so, you’d be mostly wrong. The biggest problem is that physical f0 is a complex and often fundamentally incoherent concept. And even in the areas where f0 is well defined, f0 estimation (usually called “pitch tracking“) is prone to errors.
SensorID Sensor Calibration Fingerprinting for Smartphones
https://sensorid.cl.cam.ac.uk/ [sensorid.cl.cam.ac.uk]
2019-05-21 22:21
tags:
android
browser
iphone
opsec
paper
security
tech
turtles
We have developed a new type of fingerprinting attack, the calibration fingerprinting attack. Our attack uses data gathered from the accelerometer, gyroscope and magnetometer sensors found in smartphones to construct a globally unique fingerprint.
The Odyssey of a Turkish Trader Now Spilling His Secrets in U.S.
https://www.bloomberg.com/news/articles/2017-11-29/the-odyssey-of-a-turkish-trader-now-spilling-his-secrets-in-u-s [www.bloomberg.com]
2017-11-30 21:21
tags:
finance
hoipolloi
policy
Gold guns and submarines are cool, but maybe a little high profile if your occupation is smuggler?
RISCVEMU
http://bellard.org/riscvemu/ [bellard.org]
2016-12-21 00:55
tags:
cpu
hardware
linux
virtualization
RISCVEMU is a system emulator for the RISC-V architecture. Its purpose is to be small and simple while being complete. Among its features the support of 128 bit addressing and 128 bit floating point makes it ready for the future!
The CPU of the future... today!
WikiLeaks says it has obtained trove of CIA hacking tools
https://www.washingtonpost.com/world/national-security/wikileaks-says-it-has-obtained-trove-of-cia-hacking-tools/2017/03/07/c8c50c5c-0345-11e7-b1e9-a05d3c21f7cf_story.html [www.washingtonpost.com]
2017-03-07 18:29
tags:
android
article
hoipolloi
ioshit
iphone
opsec
policy
release
security
social
Beyond the Remake of 'Shadow of the Colossus': A Technical Perspective
https://www.youtube.com/watch?v=fcBZEZWGYek [www.youtube.com]
2022-02-23 06:20
tags:
concurrency
development
gaming
malloc
programming
video
Intro to porting games between platforms, then also a deep walkthrough of a custom allocator libary.
The Deprecated *nix API
https://www.bitquabit.com/post/deprecated-nix-api/ [www.bitquabit.com]
2020-05-21 16:40
tags:
development
swtools
unix
But for “*nix”, without any clarifying context, I for one think in terms of shell scripts and their utilities. And the problem is that my own naïve scripts, despite being written on a legit *nix variant, simply will not run on a vanilla Linux, macOS, or *BSD installation. They certainly can—I can install fish, and sd, and ripgrep, and whatever else I’m using, very easily—but those tools aren’t available out-of-the-box, any more than, I dunno, the PowerShell 6 for Linux is.
source: L
Supo (Finnish intelligence) annual teport
http://www.supo.fi/instancedata/prime_product_julkaisu/intermin/embeds/supowwwstructure/72829_SUPO_2016_ENG.pdf?304cc2d77276d488 [www.supo.fi]
2017-04-01 03:16
tags:
networking
opsec
paper
pdf
policy
security
update
Not sure how to classify or summarize. Interesting reading.
source: grugq
The State of Wordpress Security
https://blog.ripstech.com/2016/the-state-of-wordpress-security/ [blog.ripstech.com]
2016-12-14 21:09
tags:
php
security
web
While many plugins do not contain vulnerabilities at all because of its small size, the ones that do have issues, have a lot of them.
Plus pretty graphs.
Warren Buffett’s Stocks Went Down
https://www.bloomberg.com/opinion/articles/2019-02-25/warren-buffett-s-stocks-went-down [www.bloomberg.com]
2019-02-27 06:00
tags:
business
finance
Also a poison pill, BlackRock private equity, Windstream and a decacorn.
Last year Sinovac Biotech Ltd., a U.S.-listed Chinese biopharmaceutical company incorporated in Antigua and Barbuda (why not), held an annual general meeting of shareholders to re-elect its board of directors. Some shareholders showed up at the meeting (in Beijing) and took the board by surprise by demanding to vote for different directors. This is generally viewed as somewhere between “extremely impolite” and “totally illegal,” because: Who goes to shareholder meetings? In most of the world, most of the time, the answer is almost nobody; all of the business of the meetings is conducted by proxies. If you want to nominate directors, you send in a notice months in advance, and navigate a bunch of tricky procedural formalities, and if all goes well you get to send a proxy card to all the shareholders asking them to vote for your directors, and if more shareholders send back proxies for your slate than for the management slate then your directors get elected. You don’t just show up at the meeting, nominate your directors and ask for a show of hands. The company’s managers will quite properly tell you that you are out of order, and you will respond “the whole system is out of order,” and there will be a lot of shouting and confusion.
And then it gets really weird.
We have talked a lot recently about the question of who controls a corporation, and I have consistently pushed back on the naive view that shareholders “own” the corporation and get to choose its managers and directors and control how it operates. Here some shareholders wanted to vote out the old directors and vote in some new ones, and their new directors got more votes than the old ones did, and not only did this not have the effect of replacing the old directors with the new ones, but the old directors have decided to punish the shareholders who voted against them by taking away some of their shares. Whatever is happening here, it is hard to see it as the shareholders owning the corporation.
source: ML
Mistakes, we’ve drawn a few
https://medium.economist.com/mistakes-weve-drawn-a-few-8cdd8a42d368 [medium.economist.com]
2019-03-30 02:25
tags:
design
media
visualization
At The Economist, we take data visualisation seriously. Every week we publish around 40 charts across print, the website and our apps. With every single one, we try our best to visualise the numbers accurately and in a way that best supports the story. But sometimes we get it wrong. We can do better in future if we learn from our mistakes — and other people may be able to learn from them, too.
A great gallery of good and bad graphs.
source: MR
How Discount Brokerages Make Money
https://www.kalzumeus.com/2019/6/26/how-brokerages-make-money/ [www.kalzumeus.com]
2019-06-26 03:32
tags:
article
business
finance
life
This is outside of my usual software-oriented beat, but sometimes people are wrong on the Internet. Most recently, people have been wrong about payment for order flow, an esoteric topic in the investing industry which seems vaguely unsavory to Hacker News commenters, Michael Lewis [0], etc.
Explaining why payment for order flow isn’t a big deal requires a more in-depth discussion of discount brokerages. All stats below are as of 2018; citations for the annual reports are at the bottom.
source: HN
Signed distance fields
https://jasmcole.com/2019/10/03/signed-distance-fields/ [jasmcole.com]
2019-11-04 04:39
tags:
gl
graphics
math
programming
visualization
It would be fun, I thought, to be able to specify the desired cross-sections, and have something generate the required 3D shape (if it existed) in real-time.
Dealing with all of the details of creating a mesh with the right vertices etc. sounded painful though. Fortunately, I had been reading recently about a different kind of 3D rendering technique which makes these kind of boolean operations trivial – signed distance fields.
source: L