Texas likely is removing Helen Keller from the curriculum
http://marginalrevolution.com/marginalrevolution/2018/09/texas-removed-helen-keller-curriculum.html [marginalrevolution.com]
2018-09-20 18:21
tags:
academia
history
policy
The first linked article claims that cutting Keller from the curriculum will save forty minutes. Even if you don’t think Keller is worth exactly forty minutes, surely she is worth more than zero minutes, and besides the teacher simply can talk faster if need be (don’t most teachers talk too slowly?).
source: MR
The SNOW theorem and latency-optimal read-only transactions
https://blog.acolyer.org/2016/12/06/the-snow-theorem-and-latency-optimal-read-only-transactions/ [blog.acolyer.org]
2016-12-06 20:07
tags:
database
paper
systems
Strict Serializability, Non-blocking, One response per read, Write transactions. Pick three, not four.
XScreenSaver 5.38
https://www.jwz.org/xscreensaver/changelog.html [www.jwz.org]
2017-12-24 04:30
tags:
graphics
release
x11
SciPy 1.0 released!
https://mail.python.org/pipermail/scipy-user/2017-October/037357.html [mail.python.org]
2017-10-25 14:49
tags:
library
math
python
release
A version number should reflect the maturity of a project - and SciPy was a mature and stable library that is heavily used in production settings for a long time already. From that perspective, the 1.0 version number is long overdue.
source: HN
Glowing mercury thyratrons: inside a 1940s Teletype switching power supply
http://www.righto.com/2018/09/glowing-mercury-thyratrons-inside-1940s.html [www.righto.com]
2018-09-07 23:32
tags:
hardware
photos
retro
tty
We recently started restoring a Teletype Model 19, a Navy communication system introduced in the 1940s. This Teletype was powered by a bulky DC power supply called the “REC-30 rectifier”. The power supply uses special mercury-vapor thyratron tubes, which give off an eerie blue glow in operation, as you can see below.
Jackson CVE-2019-12384: anatomy of a vulnerability class
https://blog.doyensec.com/2019/07/22/jackson-gadgets.html [blog.doyensec.com]
2019-07-28 01:56
tags:
exploit
java
library
programming
security
During one of our engagements, we analyzed an application which used the Jackson library for deserializing JSONs. In that context, we have identified a deserialization vulnerability where we could control the class to be deserialized. In this article, we want to show how an attacker may leverage this deserialization vulnerability to trigger attacks such as Server-Side Request Forgery (SSRF) and remote code execution.
source: green
Lock-Free Bugs
https://research.swtch.com/lockfree [research.swtch.com]
2017-01-04 08:21
tags:
c
concurrency
development
investigation
programming
systems
To me, the most interesting bugs are the ones that reveal fundamental, subtle misunderstandings about the way a program works.
A very good post looking at the interaction between locks and free(). (Not bugs in lockfree algorithms.)
source: L
Where Tcl and Tk Went Wrong
https://journal.dedasys.com/2010/03/30/where-tcl-and-tk-went-wrong/ [journal.dedasys.com]
2017-08-06 19:16
tags:
compiler
development
programming
retro
ux
However, examining what “went wrong” is quite interesting, if one attempts, as much as possible, a dispassionate, analytical approach that aims to gain knowledge, rather than assign blame or paper over real defects with a rose-colored vision of things. It has made me consider, and learn, about a variety of aspects of the software industry, such as economics and marketing, that I had not previously been interested in.
source: L
B-tree set
https://www.nayuki.io/page/btree-set [www.nayuki.io]
2017-02-02 02:31
tags:
compsci
cxx
java
programming
python
As in a set of b-tree implementations.
The Python version of the code is the clearest and most concise, the Java version was developed and debugged first and has static typing, and the C++ version explicitly shows when nodes get deallocated.
The Folder of God
https://www.excelsiorjet.com/blog/support-stories/the-folder-of-god/ [www.excelsiorjet.com]
2017-10-12 03:30
tags:
bugfix
fs
java
programming
windows
The customer confirmed that they indeed had a God Mode folder on their desktop and that it was never a problem before, but there were no more Java application crashes after deleting it! Things were getting stranger and stranger.
source: L
Random Postgres Things
http://malisper.me/ [malisper.me]
2017-05-26 09:59
tags:
database
series
sql
Learn new things about postgres.
source: danluu
Hardware is the new software
https://blog.acolyer.org/2017/06/19/hardware-is-the-new-software/ [blog.acolyer.org]
2017-06-19 20:44
tags:
cpu
development
paper
turtles
In that it is now becoming unsustainably complicated.
Important: Windows security updates released January 3, 2018, and antivirus software
https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software [support.microsoft.com]
2018-01-09 22:14
tags:
admin
turtles
update
windows
Microsoft is only offering the Windows security updates that were released on January 3, 2018, to devices that are running antivirus software that is from partners who have confirmed that their software is compatible with the January 2018 Windows operating system security update.
In cases where customers can’t install or run antivirus software, Microsoft recommends manually setting the registry key as described below in order to receive the January 2018 security updates.
GBA By Example - Drawing and Moving Rectangles
http://kylehalladay.com/blog/tutorial/2017/03/28/GBA-By-Example-1.html [kylehalladay.com]
2017-03-29 19:12
tags:
c
gaming
graphics
intro-programming
So, it isn’t exactly impressive, but it was a lot of fun, and I definitely want to play around with the GBA some more.
source: L
Rust: Builder pattern by example
http://www.ameyalokare.com/rust/2017/11/02/rust-builder-pattern.html [www.ameyalokare.com]
2017-11-03 18:49
tags:
intro-programming
library
rust
This struct has a large number of fields. As such, forcing the application programmer to populate the entire struct consisting of mostly None values is unergonomic. Rust does not (yet) have default values for struct fields or default function arguments, although they have been proposed 2. A nice way to solve this is to use the builder pattern:
source: L
DROB (Dynamic Rewriter and Optimizer of Binary code)
https://github.com/davidhildenbrand/drob [github.com]
2019-08-17 22:45
tags:
compiler
library
perf
programming
This library implements application-guided rewriting of binary functions at runtime. Binary functions can be optimized and specialized based on runtime information. In contrast to transparent binary optimization, only selected binary functions are rewritten. No metadata (e.g. debug information) is required.
source: E
The Google Squeeze
https://stratechery.com/2019/the-google-squeeze/ [stratechery.com]
2019-11-12 21:50
tags:
business
travel
valley
web
OTAs have always been a special case when it comes to Aggregation Theory; like Aggregators, they serve customers on a zero marginal cost basis, and they have power over supply (hotels, primarily) by virtue of delivering them demand. The hangup for me is how they acquire that demand: first and foremost from Google.
This arrangement between OTAs and Google has long been beneficial to both sides. Google drives traffic to the OTAs, which can monetize that traffic via commissions extracted from suppliers.2 Google, meanwhile, not only receives relevant results it could serve to customers, but also makes billions of dollars from OTAs buying search ads.
source: HN
Tetris heap spraying: spraying the heap on a budget
http://blog.skylined.nl/20161118001.html [blog.skylined.nl]
2016-11-20 00:59
tags:
browser
exploit
programming
security
Utilizing fragmentation to arrange the heap quickly, while using less memory.
Side note: did you know you could make a pretty good estimate of the amount of RAM installed on a system by timing large memory allocations?
Sounds like a pretty good reason to run the browser with resource limits below infinite.
How to Build a Button
http://randsinrepose.com/archives/how-to-build-a-button/ [randsinrepose.com]
2017-03-27 21:09
tags:
hardware
mac
ux
A somewhat more considered (than average) complaint about the touch bar.
When your Memory Allocator hides Security Bugs
https://blog.fuzzing-project.org/65-When-your-Memory-Allocator-hides-Security-Bugs.html [blog.fuzzing-project.org]
2019-01-30 19:58
tags:
c
library
malloc
programming
security
Why would anyone do that? It might bring performance benefits to have memory allocation that‘s optimized for a specific application. It also can make programming more convenient when you can allocate many small buffers in a pool and then not bothering about freeing each one of then and instead just free the whole pool with all allocations within.
There‘s a disadvantage with the pool allocator, and that is that it may hide bugs.
source: L