Be Careful About What You Dislike
http://lucumr.pocoo.org/2016/11/5/be-careful-about-what-you-dislike/ [lucumr.pocoo.org]
2016-11-05 19:30
In theory opinions can change faster than reality. In practice, not so much.
Be Careful About What You Dislike
http://lucumr.pocoo.org/2016/11/5/be-careful-about-what-you-dislike/ [lucumr.pocoo.org]
2016-11-05 19:30
In theory opinions can change faster than reality. In practice, not so much.
Migrating From Cloudflare
https://ashfurrow.com/blog/migrating-from-cloudflare/ [ashfurrow.com]
2019-09-29 18:58
> Okay so here’s the thing: Cloudflare isn’t just the CDN provider for the instance, it is also the domain’s nameserver. That means that it holds all the DNS records that point mastodon.technology to the various IP addresses used for HTTP requests, email, and even public DKIM keys for mail server verification. These DNS settings are really, really important. If they get messed up, everything about the instance can break.
> So I split up the migration from Cloudflare to BunnyCDN into two phases: first migrate the CDN provider, and then migrate the DNS provider. Getting this right is really important, and I mostly did okay, but hopefully you can learn from my experiences.
source: L
Undefined Behavior Is Really Undefined
https://cryptoservices.github.io/fde/2018/11/30/undefined-behavior.html [cryptoservices.github.io]
2018-12-03 17:09
> This is in a nutshell what UB means: the compiler can assume that UB does not happen, and produce code under that assumption. In the code producing routines used by the compiler, each instruction has dependencies that restrict the opcode scheduling algorithm: an instruction cannot be issued before the instructions that it depends upon, or after the instructions that depend on it. In the example above, UB removes the dependencies between the writes to d[], and the “subsequent” reads from s[]. In a similar way, UB can allow the compiler to simply remove code that cannot happen without going through an UB condition.
source: L
How Do They Do It: Timers in Go
https://blog.gopheracademy.com/advent-2016/go-timers/ [blog.gopheracademy.com]
2016-12-05 05:25
> This article covers the internal implementation of timers in Go.
Fewer mallocs in curl
https://daniel.haxx.se/blog/2017/04/22/fewer-mallocs-in-curl/ [daniel.haxx.se]
2017-04-23 16:42
> The old curl did 263 times the number of allocations the current does for this example. Or the other way around: the new one does 0.37% the number of allocations the old one did…
Simple changes, big improvement.
source: HN
How to make compressed file quines, step by step
https://blog.matthewbarber.io//2019/07/22/how-to-make-compressed-file-quines.html [blog.matthewbarber.io]
2019-07-27 16:22
> Much of the credit goes to folks much smarter than myself (they will be introduced); this tutorial is meant to curate previous work and literature as much as it is for myself to educate you. The goal here is to allow for any curious, technically-minded newcomer to make sense of all the concepts involved in creating compression quines.
source: L
15 local cheeses
http://www.philly.com/philly/food/20161103_Craig_LaBan_favorite_cheeses.html [www.philly.com]
2016-11-03 17:39
Also, cheese balls, but the spherical kind:
More also, why people serve cheese platter: http://www.smbc-comics.com/comic/on-cheese-platters
Heap Exploitation Part 1: Understanding the Glibc Heap Implementation
https://azeria-labs.com/heap-exploitation-part-1-understanding-the-glibc-heap-implementation/ [azeria-labs.com]
2019-03-19 01:12
> or this reason, before I write about exploiting heap-based vulnerabilities, I will use the first two parts of this series to talk about how the heap works. This first post will be an introduction into some high-level concepts, and a discussion about how new heap chunks are created. In the next post I will do a deeper dive into the technical implementation of how chunks are freed and recycled.
source: green
Studio Ghibli in Real Life
https://vimeo.com/188237476 [vimeo.com]
2017-09-13 05:27
> The animation work of Japan’s Studio Ghibli was combined with the actual background.
Making of: https://vimeo.com/189964745
source: K
Abusing Linux's firewall: the hack that allowed us to build Spectrum
https://blog.cloudflare.com/how-we-built-spectrum/ [blog.cloudflare.com]
2018-04-30 01:39
> Soon after we started building Spectrum, we hit a major technical obstacle: Spectrum requires us to accept connections on any valid TCP port, from 1 to 65535. On our Linux edge servers it’s impossible to “accept inbound connections on any port number”. This is not a Linux-specific limitation: it’s a characteristic of the BSD sockets API, the basis for network applications on most operating systems.
What I want out of my window manager
https://utcc.utoronto.ca/~cks/space/blog/unix/WindowManagerWants [utcc.utoronto.ca]
2019-07-28 13:03
> One answer to what I want out of my window manager is ‘fvwm’. It’s my current window manager and I’m not likely to switch to anything else because I’m perfectly satisfied with it. But that’s not a good answer, because fvwm has a lot of features and I’m not using them all. As with everyone who uses a highly customizable thing, my important subset of fvwm is probably not quite the same as anyone else’s important subset of it.
The 80/20 rule rears its ugly head.
Dwayne Johnson for President!
http://www.gq.com/story/dwayne-johnson-for-president-cover [www.gq.com]
2017-05-11 19:23
> No one gets up earlier than Dwayne Johnson. Or goes to bed later. Or is more awake during the hours in between.
> Before long, his popularity as a charismatic showman earned him the sort of opportunity every large man dreams of: the chance to play a slickly baby-oiled Akkadian Scorpion King opposite Brendan Fraser.
source: ML
China Tightens Controls on Overseas Use of Its Currency
http://www.nytimes.com/2016/11/29/business/economy/china-tightens-controls-on-overseas-use-of-its-currency.html [www.nytimes.com]
2016-12-01 20:50
The door’s been left open for a while, but now more restrictions on withdrawals.
A story of if_get
http://www.grenadille.net/post/2017/01/13/A-story-of-if_get%289%29 [www.grenadille.net]
2017-01-14 18:10
> During the l2k15 hackathon, we enjoyed putting a lot of if_get(9) all over the network stack. Then more recently we started removing them. I even briefly explained why we should try to avoid using this API. All of this can be confusing, so let me tell you a story. A story of garbage collection inside the kernel.
Standards state a contract or implication
https://marc.info/?l=openbsd-tech&m=151233832624797&w=2 [marc.info]
2017-12-04 22:05
In reference to the inquiry, gettimeofday(2) does not conform to POSIX.1-2008?
> Standards state a contract or implication: *if* you, the developer follow _these_ rules, *then* the standardized item will follow _these_other_ rules (if compliant). If you violate the implication, then the standard no longer applies and you have lost the guarantees of the standard.
Nice summary of the standards situation. If you color inside the lines, you get a pretty picture. If you don’t, you don’t.
What are covariance and contravariance?
https://www.stephanboyer.com/post/132/what-are-covariance-and-contravariance [www.stephanboyer.com]
2017-07-23 00:05
> The trickiness comes from a pair of frequently misunderstood phenomena called covariance and contravariance. This article will explain what these terms mean.
source: L
Chrome OS exploit: one byte overflow and symlinks
https://googleprojectzero.blogspot.ch/2016/12/chrome-os-exploit-one-byte-overflow-and.html [googleprojectzero.blogspot.ch]
2016-12-14 21:03
No wonder there was a vulnerability, just look at that brace style!
Two vulns. Overflow in DNS library for initial exploit, then design flaw regarding symlinks to allow persistence in Chrome OS, which should otherwise not be possible.
How does inflation work anyway?
http://johnhcochrane.blogspot.com/2017/10/how-does-inflation-work-anyway.html [johnhcochrane.blogspot.com]
2017-10-29 16:32
> Inflation is hard.
> Maybe yes, maybe no, but even this much is not certain.
Also: http://econlog.econlib.org/archives/2017/10/a_breath_of_fre.html
source: MR
Snap Barred from S&P 500 Under New Rules
https://blogs.wsj.com/moneybeat/2017/08/01/snap-barred-from-sp-500-under-new-rules/ [blogs.wsj.com]
2017-08-01 19:08
> Index giant S&P Dow Jones Indices announced late Monday that companies with multiple share class structures, such as Snap, are not eligible to join the flagship S&P 500 index.
No voting, no indexing.
NES/Famicom: a visual compendium
https://www.bitmapbooks.co.uk/collections/all/products/nes-famicom-a-visual-compendium [www.bitmapbooks.co.uk]
2019-01-04 18:02
> NES/Famicom: a visual compendium aims to showcase the very best pixel art, box art and product design on each system. Spread over 536 pages, it features more than 170 classic games, with articles on the leading developers, interviews with key figures in the industry and mini-features on subjects such as packaging, fan art and unreleased games.
source: vermaden