No OpenBSD, not secure.

source: grugq

These tutorials aim to guide you through Urn, a Lisp dialect which compiles to Lua. We’ll assume you have some prior programming knowledge. A little Lua knowledge is useful in places, though not required.

Indeed, over the past year, Mr. Sietsema, the senior critic at Eater NY, has watched with mild schadenfreude but greater alarm as his neighborhood has undergone yet another transformation from a famed retail corridor whose commercial rents and exclusivity rivaled Rodeo Drive in Beverly Hills, Calif., to a street that “looks like a Rust Belt city,” with all these empty storefronts

source: HN

The photo below of a “woman wiring an early IBM computer” has appeared on Twitter a bunch of times, and it stoked my curiosity: what was the machine in the photo? Was it really an early IBM computer? I was a bit skeptical since the machine in the photo is much smaller than IBM’s first room-filling computers, and there aren’t any vacuum tubes visible. I investigated this machine and it turned out to be not a computer, but an IBM 405 “Alphabetic Accounting Machine” from 1934, back in the almost forgotten pre-computer age of tabulating machines.

Life support continues for one more release.

source: L

“Memory leaks are impossible in a garbage collected language!” is one of my favorite lies. It feels true, but it isn’t. Sure, it’s much harder to make them, and they’re usually much easier to track down, but you can still create a memory leak. Most times, it’s when you create objects, dump them into a data structure, and never empty that data structure. Usually, it’s just a matter of finding out what object references are still being held. Usually.

A few months ago, I discovered a new variation on that theme. I was working on a C# application that was leaking memory faster than bad waterway engineering in the Imperial Valley.

The mystery surrounding MH370 has been a focus of continued investigation and a source of sometimes feverish public speculation.

TL;DR: This post proposes to deprecate the std facade, instead having a unified std that uses target- and capability-based cfgs to control API availability.

source: L

Each pin represents the approximate location of one of 142 homicides cases in late medieval London.

Anyway, I was kind of annoyed of rebooting every time it happens, so I decided to reboot a few more dozen times instead while patching the driver. This has indeed worked, and left me with something similar to a functional hot-unplug, mildly crippled by the fact that nvidia-modeset is a completely opaque blob that keeps some internal state and tries to act on it, getting stuck when it tries to do something to the now-missing eGPU.

source: L

Documentation change, to reflect reality.

malloc() preallocates large chunks of memory, per thread. This is meant as a performance optimization, to reduce memory contention in highly threaded applications. On a typical physical server, dual Xeon CPU with a terabyte of RAM. The core count is easily 40 or above. 10 cores * 2 CPU * 2 for hyper threading. This means a preallocation of up to 20 GB of RAM in the process.

source: L

From Research to Standard and Back

Strong authentication of TPM with privacy

source: grugq

Mostly about buying college admissions through donations, but also how he runs his house.

The 68-year-old Shaw made his estimated $7.3 billion fortune by bringing the computing revolution to finance. D.E. Shaw & Co., the legendary hedge fund that bears his name, pairs proprietary trading algorithms with obsessive risk management. Less well publicized, however, are the various ways in which Shaw has applied his fund’s risk-averse, quantitative approach to nearly every aspect of his life. Employees tell stories about Shaw wanting Chinese food or a comfortable mattress, and Shaw staff exhaustively researching and testing the options in advance. It was company lore that before Shaw traveled, an assistant would take the exact same trip — same car service, same airport, same seat on the plane — to eliminate any inefficiencies. Shaw has been said to purchase tickets for several different flights on the same day in case his plans change.

source: ML

Covers a lot of topics.

source: HN

The idea behind fileless malware is simple: If tools already exist on a device (for example PowerShell.exe or wmic.exe) to fulfill an attacker’s objectives, then why drop custom tools that could be flagged as malware? If an attacker can take over a process, run code in its memory space, and then use that code to call tools that are already on a device, the attack becomes more difficult to detect.

One answer is certainly ‘because the ANSI C standard says that global variables behave that way’, and in some ways this is the right answer (but we’ll get to that). Another answer is ‘because C was documented to behave that way in “The C Programming Language” and so ANSI C had no choice but to adopt that behavior’. But the real answer is that C behaves this way because it was the most straightforward way for it to behave in Unix on PDP-11s, which was its original home.

I just completed a series of changes that shrunk the Chrome browser’s on-disk size on Windows by over a megabyte, moved about 500 KB of data from its read/write data segments to its read-only data segments, and reduced its private working set by about 200 KB per-process.

Which also means custom URL scheme handlers:
■ are registered automatically by macOS as soon as application (that “advertises” support for such handlers) hits the file-system
■ will trigger the execution of the (automatically registered) handler application, when the custom url scheme is invoked

Kind of obvious in hindsight, making things too easy leads to runaway.

source: L

We describe SCONE, a secure container mechanism for Docker that uses the SGX trusted execution support of Intel CPUs to protect container processes from out- side attacks. The design of SCONE leads to (i) a small trusted computing base (TCB) and (ii) a low performance overhead

source: solar