How to Redesign a Tech Logo
In just four words, he summarizes the pervasive tendency towards a visual uniformity that seems to draw in nearly every major tech brand operating today.
EVERYBODY FALL IN LINE!
I wasn’t sure this was real at first. The new Pinterest logo looked like a spoof, but it’s real.
How I’ve found vulnerability in a popular Rust crate (and you can too)
I have recently discovered a zero-day vulnerability in a fairly popular and well-designed Rust crate. In this article I’m going to discuss how I did it and why it wasn’t discovered earlier, and introduce a new tool, libdiffuzz, that I’ve created for the job. A recently discovered vulnerability in Rust standard library makes a cameo appearance.
Dissecting Lemire’s nearly divisionless random
The idea was simple, I’ve always felt that code readability is undervalued so I figured I’d put cold hard cash up. I announced a $1,000 pot, divided into $500, $300, and $200 prizes for the most readable implementations of Daniel Lemire’s nearly divisionless algorithm for selecting a random number from an interval. I now have winners to announce and congratulate, and they’re in this blog post, but there’s more to this story.
Electronic Safe Lock Analysis
The best measure for consumers is to avoid wireless electronic locks.
Lawyers should learn linguistics, part infinity
More evidence that judges either should or should not be replaced by python scripts.
Universal adversarial perturbations
I’m fascinated by the existence of adversarial perturbations – imperceptible changes to the inputs to deep network classifiers that cause them to mis-predict labels. We took a good look at some of the research into adversarial images earlier this year, where we learned that all deep networks with sufficient parameters appear to be vulnerable, and that there are no currently known defences. While that research focused on generating a perturbation that would cause a particular input image to be misclassified, in today’s paper Moosavi-Dezfooli et al., show us how to create a single perturbation that causes the vast majority of input images to be misclassified.
New Crypto in Go 1.14
Go 1.14 is out and with it come a few nice updates to crypto/tls!
malloc.conf replaced with a sysctl
This will allow unveiled and chrooted processes to access the malloc options without having to do anything special in the code or chroot dir.
The Deep Sea
Takes a lot of scrolling to get to the bottom.
Electric scooters might revolutionize urban transport — if it wasn’t for stupid humans
Closing the Loop: The Importance of External Engagement in Computer Science Research
On leaky abstractions from engineering to academia.
An ode to pack: gzip’s forgotten decompressor
Another even more obscure tool it could replace was compress‘s own predecessor, pack. This rather loosely defined collection of only partially compatible formats is why compress had to use a capital Z in its extension. pack came first, and offered straight Huffman coding with a .z extension.
A long two months
That afternoon, work chat started talking about a Tumblr post by pythonsweetness about an Intel hardware security bug. At the time I definitely did not suspect that this was going to occupy most of my working life for the next (almost) two months.
A fantastic dive into systems and kernels and page tables.
Notes on concurrency bugs
Lots of links here to some good observations.
Units of Measure
F# numbers can have units attached. So who wants to rewrite the units utility?
Achieving 100k connections per second with Elixir
By analyzing the initial test results, proposing a theory, and confirming it by measuring against modified software, we were able to find two bottlenecks on the way to getting to 100k connections per second with Elixir and Ranch. The combination of multiple connection supervisors in Ranch and multiple listener sockets in the Linux kernel is necessary to achieve full utilization of the 36-core machine under the target workload.
Betting on lawsuits has growing appeal - and noteworthy backers
What emerged is an asset class with unique characteristics. True to the maxim that lawyers make money in good times and bad, litigation funding is impervious to recessions and other economic shocks. Managed well, litigation funds can offer returns that are hard to find anywhere else.
Automating data-only attacks through Block Oriented Programming (BOP)
With the rise of strong control-flow defenses such as Control-Flow Integrity (CFI), attackers will increasingly resort to data-only attacks that can be equally powerful. Earlier research demonstrated that data-only attacks can be as devastating as control-flow hijacking attacks. So far, constructing data-only attacks was cumbersome and required deep manual analysis. We introduce the idea of Block-Oriented Programming (BOP) where, based on a C-like programming language and the help of constraint solving, we automatically synthesize data-only exploits that run arbitrary payloads on host programs.
This syscall would only performs additional sanitary checks if we are removing a directory entry which corresponds to the inode stored which refers to the file descriptor.
Verizon, in a Reversal, Brings Back Unlimited Data Plans
Like other unlimited plans in the industry, Verizon says it might slow data speeds for some users on congested cell towers if they have consumed more than 22 gigabytes of data in a single month.
That competition has pushed carriers to offer larger and larger data allowances to compete—culminating with the return of unlimited plans. Such plans disrupt the industry’s preferred business model, which was to treat data just like voice minutes—the more you use, the more you pay.
Exciting times... Now to see what you actually get.