Fixing security bugs
> This article covers some ways I’ve gotten security bugs fixed inside a company.
> Finding bugs is a technical problem, fixing them is a human problem.
> Cupcakes. All else fails try cupcakes. Upon the 1 year birthday of bugs we delivered cupcakes to the desks of 30 or so engineers who had not fixed longstanding bugs assigned to them. About a third of them had their issues fixed within the next two weeks. SUCCESS.
Usability improvements in GCC 9
> I work at Red Hat on GCC, the GNU Compiler Collection, and I spent most of the past year making GCC easier to use. Let’s look at C and C++ improvements that will be in the next major release of GCC, GCC 9.
C++ error messages that are slowly approaching useful...
This year, Joey Chestnut marched on New York with a hot-dog entourage
> Chestnut, a Northern Californian with a placid demeanor, also stars in “The Good, the Bad, the Hungry,” a new ESPN documentary about his surprisingly complex relationship with longtime rival Takeru Kobayashi. And the ESPN marketing machine had gone into overdrive to burnish the hot-dog champion’s image. They arranged to have Chestnut arrive at Citi Field with his sausage posse to throw out the first pitch and later hand out hot dogs — presumably the nonhuman kind.
The Economist on the Cyber Security Industry
> Adding Office support to Bromium was significantly cheaper than it would be for Microsoft to fix all the vulnerabilities in the existing code base.
What Else is Revealed by Order-Revealing Encryption?
> This work shows that more plaintext information can be extracted from ORE ciphertexts than was previously thought.
Never used ORE, and I think I won’t.
Building interactive SSH applications
> Writing interactive SSH applications is actually pretty easy, but it does require some knowledge of the pieces involved and a little bit of general Unix literacy
Speech on Campus
> But the danger is that safeguards put in place to exclude this small minority of pool-pissers will wind up - to extend the metaphor - over-chlorinating the pool.
Jeff Erickson's Algorithms Lecture Notes
Pretty complete undergraduate course. Much more like a textbook than just “notes”.
With a special heart for union find.
Games Look Bad, Part 1: HDR and Tone Mapping
> High dynamic range. First experienced by most consumers in late 2005, with Valve’s Half Life 2: Lost Coast demo. Largely faked at the time due to technical limitations, but it laid the groundwork for something we take for granted in nearly every blockbuster title. The contemporaneous reviews were nothing short of gushing. We’ve been busy making a complete god awful mess of it ever since.
Delay, Deny and Deflect: How Facebook’s Leaders Fought Through Crisis
Bitcoin Futures Manipulation 101: How ‘Banging the Close’ Works
> In a fundamental way, bitcoin futures manipulation would resemble those old-time squeezes: Unscrupulous traders would engage in chicanery in the underlying “physical” market for bitcoin in order to reap profits from the futures.
Seeking the Productive Life: Some Details of My Personal Infrastructure
> I’m a person who’s only satisfied if I feel I’m being productive. I like figuring things out. I like making things. And I want to do as much of that as I can. And part of being able to do that is to have the best personal infrastructure I can. Over the years I’ve been steadily accumulating and implementing “personal infrastructure hacks” for myself. Some of them are, yes, quite nerdy. But they certainly help me be productive. And maybe in time more and more of them will become mainstream, as a few already have.
> But email, of course, has the nice feature that it’s “born digital”. What about things that were, for example, originally on paper? Well, I have been something of an “informational packrat” for most of my life. And in fact I’ve been pretty consistently keeping documents back to when I started elementary school in 1968. They’ve been re-boxed three times since then, and now the main ones are stored like this:
Meanwhile, I have trouble finding an email from last week.
Zeronights 2016 Presentations
Lots of good talks.
Post-Charlottesville Doxxing and Misidentification Creates Legal Risks–Vangheluwe v. GotNews
> Am I reading that right? Did someone actually argue that they were reasonable in presenting something they found on 4Chan as fact? Indeed, the court is not persuaded by reliance on 4Chan. In the context of dealing with the “wire service” privilege, the court says it is “not convinced that 4Chan is a reputable news-gathering agency.” Not surprisingly, plaintiffs are able to present a plethora of evidence on the freewheeling nature of 4Chan.
Headsup: systemd v228 local root exploit
Early Hard Dives
> Fridge-sized machines gave way to hard drives the size of your finger; complex spinning disks kept getting faster and more sophisticated; and we learned how to say the word “defrag.”
Learning to protect communications with adversarial neural cryptography
> If I tell you that the central cast contains Alice, Bob, and Eve, you can probably already guess that we’re going to be talking about cryptography (that or reading the paper title 😉 ). But this isn’t cryptography as you know it, and nor is it cryptography intended to actually be used to protect any information – to criticise the paper on that front would be to miss the point in my view. Instead what we get is a really interesting twist on adversarial network training and a further demonstration of the kinds of things that such networks are able to learn.
Newport, a City That Loves Its Mansions, Shudders at Its Newest One
> “We’re just baffled by why somebody would want to inflict themselves on Newport in such a way as this.”
Noise Protocol Framework
> Noise is a framework for building crypto protocols. Noise protocols support mutual and optional authentication, identity hiding, forward secrecy, zero round-trip encryption, and other advanced features.
I thought development of Noise was paused, but there have been some recent updates.
Prospecting for Hash Functions
> Suppose, for example, I wrote tool to generate a random hash function definition, then JIT compile it to a native function in memory, then execute that function across various inputs to evaluate its properties. My tool could rapidly repeat this process in a loop until it stumbled upon an incredible hash function the world had never seen. That’s what I actually did. I call it the Hash Prospector: