Blessed Are teh Copy Editors
> But there are still consequences for making mistakes. First of all, print editions aren’t dead yet, and the appearance of minor factual errors and boo-boos such as the buy-a-vowel caption below (in The Philadelphia Inquirer) is not only embarrassing but has the effect of subtly eroding the confidence readers have in the publication’s coverage of important things.
SHA-1 is a Shambles
> We have computed the very first chosen-prefix collision for SHA-1. In a nutshell, this means a complete and practical break of the SHA-1 hash function, with dangerous practical implications if you are still using this hash function. To put it in another way: all attacks that are practical on MD5 are now also practical on SHA-1.
Fighting the Async fragmentation
> This is about some dead ends when trying to fix the problem of Rust’s async networking fragmentation. I haven’t been successful, but I can at least share what I tried and discovered, maybe someone else is having the same bugging feeling so they don’t have to repeat them. Or just maybe some of the approaches would work for some other problems. And because we have a bunch of success stories out there, having some failure stories to balance it doesn’t hurt.
Write code that is easy to delete, not easy to extend.
> Every line of code written comes at a price: maintenance. To avoid paying for a lot of code, we build reusable software. The problem with code re-use is that it gets in the way of changing your mind later on.
FreeBSD/EC2: Community vs. Marketplace AMIs
> This leads to a question I am frequently asked: Which way should FreeBSD users launch their instances? The answer, as usual, is “it depends”. Here are some of the advantages of each option, to help you decide which to use.
NoScript’s Migration to WebExtensions APIs
> The so-called “legacy” add-on technology which NoScript has been built with is going to be banned very soon; therefore, like too often in real life, it’s either migrate or die.
Some items from my "reliability list"
> I’ll list some of them here and some of the thinking behind them. Just about everything here has happened at some point in time, and probably has happened more than once... way more than once.
I like a lot of this. Very much.
> On the other hand, if you only need 53 bits of your 64 bit numbers, and enjoy blowing CPU on ridiculously inefficient marshaling and unmarshaling steps, hey, it’s your funeral.
Do Stocks Outperform Treasury Bills?
> When stated in terms of lifetime dollar wealth creation, the entire net gain in the U.S. stock market since 1926 is attributable to the best-performing four percent of listed stocks, as the other ninety six percent collectively matched one-month Treasury bills. These results highlight the important role of positive skewness in the cross-sectional distribution of stock returns.
Lots of little interesting facts about stocks over time.
KARL - kernel address randomized link
> Over the last three weeks I’ve been working on a new randomization
feature which will protect the kernel.
Your Browsing History Alone Can Give Away Your Identity
Great Talks and Presentations at 33C3
Nicely organized by topic. All the tags...
The SCRAM Authentication Protocol
A better CRAM-MD5. Interesting to consider, probably would not use in production.
507 Mechanical Movements
> This is an online edition of the classic technical reference Five Hundred and Seven Mechanical Movements by Henry T. Brown.
> This site contains the original illustrations and text from the 21st edition of the book, published in 1908. It also includes animated versions of the illustrations, and occasional notes by the webmaster.
Pwnie Winners 2017
Research based on the .NET Runtime
> Over the last few years, I’ve come across more and more research papers based, in some way, on the ‘Common Language Runtime’ (CLR). So armed with Google Scholar and ably assisted by Semantic Scholar, I put together the list below.
Announcing NetBSD 8.0
> This release brings stability improvements, hundreds of bug fixes, and many new features.
> We support older releases, but due to the mass of recent urgent fixes and a lot of work having been done to harden NetBSD in general, we are not backporting the CPU errata related workarounds and mitigations to older release branches!
Remaking Iconic Cuts From Spider-Verse Trailer
Hand drawn animation.
Intel Q3’17 ME 11.x, SPS 4.0, and TXE 3.0 Security Review Cumulative Update
> Based on the items identified through the comprehensive security review, an attacker could gain unauthorized access to platform, Intel® ME feature, and 3rd party secrets protected by the Intel® Management Engine (ME), Intel® Server Platform Service (SPS), or Intel® Trusted Execution Engine (TXE).
Plenty of bugs to go around.
How to Maintain a Low Profile
> I think it’s perfectly obvious that I am skulking!