That book was Creating Adventure Games on Your Computer by Tim Hartnell. The book taught me how to make rudimentary text adventure games on my Apple ][ as a kid and prompted a recent adventure of revisiting the classic text adventures of the past. So grab a torch and get your map making tools ready because today’s Tedium is an exploration of text adventures through the years. Try not to get eaten by a grue along the way.

An otherwise unremarkable article about electronic money and the government’s dislike of crypto, except that it’s from 1997 and reads like it could have been written yesterday.

Rejoice, libertarians. Lament, Hillary Clinton and partisans of the nanny state.

Established, traditional order is under assault from freewheeling, networked disrupters as never before. But society craves centralized leadership, too.

I think the idea is to stop before going full French Revolution. Just a touch of change, please.

Mr. Ferguson’s new book, “The Square and the Tower: Networks and Power, from the Freemasons to Facebook,” will be published by Penguin Press on Jan. 16.

Go can be used to program in a functional style, previously I’ve written about how we can use this to implement Continuation Passing Style programming. As such, it is possible to implement currying in Go as well. Before we take a look at how we can implement this in Go, let’s take a practical look at what function currying actually is, and why we want this.

source: HN

Do not mess with the platypus.

All of physics (briefly named) in one 8 minute video.

Web cache poisoning has long been an elusive vulnerability, a ‘theoretical’ threat used mostly to scare developers into obediently patching issues that nobody could actually exploit. In this paper I’ll show you how to compromise websites by using esoteric web features to turn their caches into exploit delivery systems, targeting everyone that makes the mistake of visiting their homepage.

Web cache poisoning is far from a theoretical vulnerability, and bloated applications and towering server stacks are conspiring to take it to the masses. We’ve seen that even well-known frameworks can hide dangerous omnipresent features, confirming it’s never safe to assume that someone else has read the source code just because it’s open-source and has millions of users. We’ve also seen how placing a cache in front of a website can take it from completely secure to critically vulnerable.

source: grugq

This is fun and all, but we can’t really talk about security only with chroot, and the Firecracker solution seemed about right for this matter, yet the overall NetBSD boot process was a bit too long for my taste. So how exactly can we significantly improve NetBSD‘s boot speed?

source: L

The Janus vulnerability stems from the possibility to add extra bytes to APK files and to DEX files. On the one hand, an APK file is a zip archive, which can contain arbitrary bytes at the start, before its zip entries (actually more generally, between its zip entries). The JAR signature scheme only takes into account the zip entries. It ignores any extra bytes when computing or verifying the application’s signature. On the other hand, a DEX file can contain arbitrary bytes at the end, after the regular sections of strings, classes, method definitions, etc. A file can, therefore, be a valid APK file and a valid DEX file at the same time.

Here is a common problem: you have some machine learning algorithm you want to use but it has these damn hyperparameters. These are numbers like weight decay magnitude, Gaussian kernel width, and so forth. The algorithm doesn’t set them, instead, it’s up to you to determine their values. If you don’t set these parameters to “good” values the algorithm doesn’t work. So what do you do?

However, if you want to use LIPO in practice there are some issues that need to be addressed.

source: L

After spending the better part of a weekend writing a specialized Windows driver for the purposes of allowing me to communicate with the Hyper-V hypervisor, as well as the Secure Kernel, from user-mode, I realized that there was a dearth of concise technical content on non-PnP driver development, and especially on how the Windows Driver Foundation (WDF) fundamentally changes how such drivers can be developed.

Part 2 is where it starts to get interesting: http://www.alex-ionescu.com/?p=471

Unveiling a directory unveils everything underneath it in the filesystem

source: L

Well, the HSTS standard describes that web browsers should remember when redirected to a secure location, and to automatically make that conversion on behalf of the user if they attempt an insecure connection in the future. This creates information that can be stored on the user’s device and referenced later. And this can be used to create a “super cookie” that can be read by cross-site trackers.

source: green

What could go wrong?

I have long had a hard time picturing what day, night and the shape of the terminator would look like on Buckminster Fuller’s Dymaxion Map. Well yesterday I wrote some code and now I know! It sort-of feels like two weird spirals turning in opposite directions. Video here.

https://www.youtube.com/watch?v=4LnO0UiccGs

source: jwz

The Linux kernel has historically used a technique that could be considered dirty, but has proved very effective. It maps physical memory directly into the kernel space. This direct mapping of physical memory allows users of the physical page allocator to directly access the pages they obtain without any mapping operation. The only operation required to obtain the virtual address of a physical page is adding a fixed offset.

Nice intro to concept of direct mapping.

We discovered an authentication-bypass vulnerability in OpenBSD’s authentication system: this vulnerability is remotely exploitable in smtpd, ldapd, and radiusd, but its real-world impact should be studied on a case-by-case basis. For example, sshd is not exploitable thanks to its defense-in-depth mechanisms.

Nowadays, Software Security is becoming more important criteria in the industry, and in recent years, virtualization as a popular topic for protecting / attacking a software, however, most of the virtualization technology framework (bluepill-liked) is not provide an ability that let a guest virtualize one more layer, we called it “Nested Virtualization”, level 2.

A little hard to follow, but I think it covers the basic idea.

source: grugq

Plus thread. Funny part is because the phishing link used bitly, it’s possible to see who else they sent emails to.

They are in that fertile period — agewise, it typically runs from the mid-40s to mid-50s in architecture — when the profession’s next generation of leadership begins to make its mark.