Martin Scorsese: I Said Marvel Movies Aren’t Cinema. Let Me Explain.
https://www.nytimes.com/2019/11/04/opinion/martin-scorsese-marvel.html [www.nytimes.com]
2019-11-05 03:54
tags:
essay
hoipolloi
movie
Many franchise films are made by people of considerable talent and artistry. You can see it on the screen. The fact that the films themselves don’t interest me is a matter of personal taste and temperament. I know that if I were younger, if I’d come of age at a later time, I might have been excited by these pictures and maybe even wanted to make one myself. But I grew up when I did and I developed a sense of movies — of what they were and what they could be — that was as far from the Marvel universe as we on Earth are from Alpha Centauri.
Besides a bit of old fashioned hand wringing here and there, a fairly level take, although I’m not sure how much I can bring myself to care.
source: HN
Python bytecode reverse-engineering
https://chriswarrick.com/blog/2017/08/03/gynvaels-mission-11-en-python-bytecode-reverse-engineering/ [chriswarrick.com]
2017-08-14 20:15
tags:
programming
python
Turning bytecodes back into code.
source: grugq
Not your grandad’s .net - Pipes Part 1
https://cetus.io/tim/Part-1-Not-your-grandads-dotnet/ [cetus.io]
2017-01-05 06:20
tags:
csharp
dotnet
library
networking
programming
security
series
Building a networking library.
In the next post, I will try to discuss TLS, the security landscape of the world and where I have got to with TLS in Pipelines.
https://cetus.io/tim/Part-2-pipelines/
And then things get really crazy.
https://cetus.io/tim/Part-3-Pipelines-OpenSsl/
Most of the examples use a Connection directly but in Pipelines this wouldn’t work because the point of the library was to be a layer in an established pipeline. So a memory bio was what we needed. This would allow us to read and write bytes directly into OpenSsl from our own connection.
What do numbers look like?
https://johnhw.github.io/umap_primes/index.md.html [johnhw.github.io]
2018-08-23 18:44
tags:
math
visualization
This is the first million integers, represented as binary vectors indicating their prime factors, and laid out using the UMAP dimensionality reduction algorithm by Leland Mcinnes. Each integer is represented in a high-dimensional space, and gets squished down to 2D so that numbers with similar prime factorisations are closer together than those with dissimilar factorisations.
source: L
Tech debt metaphor maximalism
https://apenwarr.ca/log/20230605 [apenwarr.ca]
2023-06-18 19:57
tags:
business
development
finance
life
I really like the “tech debt” metaphor. A lot of people don’t, but I think that’s because they either don’t extend the metaphor far enough, or because they don’t properly understand financial debt.
Pretty good financial debt explainer, too.
source: trivium
Alejandro Jodorowsky’s “Tron”
https://www.nytimes.com/interactive/2023/01/13/opinion/jodorowsky-dune-ai-tron.html [www.nytimes.com]
2023-01-21 19:35
tags:
ai
graphics
movies
photos
I was recently shown some frames from a film that I had never heard of: Alejandro Jodorowsky’s 1976 version of “Tron.” The sets were incredible. The actors, unfamiliar to me, looked fantastic in their roles. The costumes and lighting worked together perfectly. The images glowed with an extravagant and psychedelic sensibility that felt distinctly Jodorowskian.
The truth is that these weren’t stills from a long-lost movie. They weren’t photos at all. These evocative, well-composed and tonally immaculate images were generated in seconds with the magic of artificial intelligence.
The “interactive” elements are annoying, but some pretty pictures here.
source: DF
ISO Isolation
https://kottke.org/20/07/iso-isolation [kottke.org]
2020-07-14 00:33
tags:
archive
life
photos
Didn't know double frees are back.
https://twitter.com/AmarSaar/status/1049658888654659584 [twitter.com]
2018-10-18 01:23
tags:
c
library
linux
malloc
security
tweet
Turns out new versions of Ubuntu use tcache, which means there’s a fast path for malloc/free without any safety checks. Pretty cool and trivially exploitable in many cases.
source: solar
CPU Adventure – Unknown CPU Reversing
https://www.robertxiao.ca/hacking/dsctf-2019-cpu-adventure-unknown-cpu-reversing/ [www.robertxiao.ca]
2019-09-25 01:38
tags:
cpu
investigation
programming
security
We reverse-engineered a program written for a completely custom, unknown CPU architecture, without any documentation for the CPU (no emulator, no ISA reference, nothing) in the span of ten hours.
source: HN
Beginner Problems With TCP & The socket Module in Python
https://blubberquark.tumblr.com/post/186695350125/beginner-problems-with-tcp-the-socket-module-in [blubberquark.tumblr.com]
2019-08-12 00:15
tags:
intro-programming
networking
python
Your operating system will deceive you and re-assemble the string you sock.recv(n) differently from the ones you sock.send(data). But here is the deceptive part. It will work sometimes, but not always. These bugs will be difficult to chase. If you have two programs communicating over TCP via the loopback device in your operating system (the virtual network device with IP 127.0.0.1), then the data does not leave your RAM, and packets are never fragmented to fit into the maximum size of an Ethernet frame or 802.11 WLAN transmission. The data arrives immediately because it’s already there, and the other side gets to read via sock.recv(n) exactly the bytestring you sent over sock.send(data). If you connect to localhost via IPv6, the maximum packet size is 64 kB, and all the packets are already there to be reassembled into a bytestream immediately! But when you try to run the same code over the real Internet, with lag and packet loss, or when you are unlucky with the multitasking/scheduling of your OS, you will either get more data than you expected, leftover data from the last sock.send(data), or incomplete data.
Not strictly a python problem, either.
source: Dfly
Evolution of the Scrollbar
https://scrollbars.matoseb.com/ [scrollbars.matoseb.com]
2019-11-05 04:24
tags:
design
retro
ux
visualization
And the Verge review: https://www.theverge.com/2019/11/1/20943552/scroll-bar-visual-history-30-years
Sébastien Matos has built a fantastic interactive trip through the history of one of the most important UI elements we encounter every day: the scroll bar. He’s recreated, as faithfully as possible, 30 years of scroll bars from some of the top desktop platforms of their day, from Xerox Star to Windows 10.
Take a minute out of your busy day to enjoy the zen of playing with old UI design. Then come back here and read The Verge’s very serious review of scroll bars through history.
source: K
xargs wtf
https://medium.com/@aarontharris/xargs-wtf-34d2618286b7 [medium.com]
2019-08-04 17:00
tags:
sh
swtools
unix
A one liner to rename files.
ls | grep ‘aaa’ | sed ‘p;s/aaa/bbb/’ | xargs -n2 | xargs -L1 bash -c ‘mv $0 $1’
source: Dfly
My life long dream of working with cvs and ed has come true
https://twitter.com/JobSnijders/status/880149302932275202 [twitter.com]
2017-06-30 19:59
tags:
comic
development
openbsd
tweet
This is what OpenBSD is all about, making dreams come true.
Dozen Amicus Briefs Oppose the Worst Section 230 Ruling of 2016
http://blog.ericgoldman.org/archives/2017/04/dozen-amicus-briefs-oppose-the-worst-section-230-ruling-of-2016-and-one-supports-it-hassell-v-bird.htm [blog.ericgoldman.org]
2017-04-22 16:17
tags:
policy
web
That ruling accomplished a rare trifecta. It screwed up not one, not two, but THREE cherished American legal principles: the First Amendment, Due Process, and Section 230.
Summaries and links to lots of filings for further reading.
Solving the Automotive Bandwidth Problem: Aquantia Partners with NVIDIA for 10GbE
https://www.anandtech.com/show/12368/solving-the-automotive-bandwidth-problem-aquantia-partners-with-nvidia-for-10gbe [www.anandtech.com]
2018-02-02 04:48
tags:
cars
hardware
networking
vapor
One of the lesser known topics around fully autonomous vehicles is one of transporting data around. There are usually two options: transport raw image and sensor data with super low latency but with high bandwidth requirements, or use encoding tools and DSPs to send fewer bits but at a higher latency. As we move into development of the first Level 4 (near autonomous) and Level 5 (fully autonomous) vehicle systems, for safety and response time reasons, low latency has won. This means shifting data around, and a lot of it.
Exploding Git Repositories
https://kate.io/blog/git-bomb/ [kate.io]
2017-10-12 04:44
tags:
format
git
storage
swtools
How do such a tiny repo cause git to run out of memory? The secret is that git de-duplicates “blobs” (which are used to store files) to make repositories smaller and allow using the same blob when a file remains unchanged between commits. Git also allows de-duplication of “tree” objects (which define the directory structure in a repository). git-bomb tries to make a billion files, however it only has 10 references to the file blob and only has 10 tree objects in all.
source: L
'Annoying' anti-cowbell campaigner denied Swiss passport
http://www.thelocal.ch/20170109/annoying-anti-cow-bell-campaigner-denied-swiss-passport [www.thelocal.ch]
2017-01-13 18:54
tags:
hoipolloi
The Like Button Ruined the Internet
https://www.theatlantic.com/technology/archive/2017/03/how-the-like-button-ruined-the-internet/519795/ [www.theatlantic.com]
2017-03-21 18:20
tags:
development
essay
ideas
life
social
ux
web
Google Reader was engaging, but it had few of the features we associate with engagement. It did a bad job of giving you feedback. You could, eventually, Like articles that people shared, but the Likes went into an abyss
The less you know about what others like, the better.
Datasploit: a tool to perform various OSINT techniques
https://github.com/DataSploit/datasploit [github.com]
2017-02-21 23:25
tags:
opsec
security
swtools
Tries to find out credentials, api-keys, tokens, subdomains, domain history, legacy portals, etc. related to the target.
source: grugq
[CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections.
https://marc.info/?l=oss-security&m=157551346420739&w=2 [marc.info]
2019-12-06 20:17
tags:
exploit
networking
security
I am reporting a vulnerability that exists on most Linux distros, and other *nix operating systems which allows a network adjacent attacker to determine if another user is connected to a VPN, the virtual IP address they have been assigned by the VPN server, and whether or not there is an active connection to a given website. Additionally, we are able to determine the exact seq and ack numbers by counting encrypted packets and/or examining their size. This allows us to inject data into the TCP stream and hijack connections.
Some more info in replies, such as https://marc.info/?l=oss-security&m=157554332429760&w=2.