One Man’s Quest to Change the Way We Die
> How B.J. Miller, a doctor and triple amputee, used his own experience to pioneer a new model of palliative care at a small, quirky hospice in San Francisco.
CPU Performance Counters on Windows
Secrets of the masters revealed.
You can’t “turn off the borrow checker” in Rust
> Every once in a while, someone will talk about unsafe in Rust, and how it “turns off the borrow checker.” I think this framing leads to misconceptions about unsafe and how it interacts with safe code.
> So what does unsafe actually do? Unsafe Rust is a superset of Safe Rust. Unsafe never changes the semantics of Rust code. It instead adds new features that you can only use inside an unsafe block.
Undefined Behavior != Unsafe Programming
> Undefined behavior (UB) in C and C++ is a clear and present danger to developers, especially when they are writing code that will execute near a trust boundary. A less well-known kind of undefined behavior exists in the intermediate representation (IR) for most optimizing, ahead-of-time compilers.
> ‘There is an extraordinary textbook written by Ross Anderson, professor of computer security at University of Cambridge. It’s called Security Engineering, and despite being more than 1,000 pages long, it’s one of the most readable pop-science slogs of the decade.’
> When I wrote the first edition, we put the chapters online free after four years and found that this boosted sales of the paper edition. People would find a useful chapter online and then buy the book to have it as a reference. Wiley and I agreed to do the same with the second edition, and now, four years after publication, I am putting all the chapters online for free. Enjoy them – and I hope you’ll buy the paper version to sit on your shelf and impress the boss (as well as warding off the evil eye):
The links page is also of note: http://www.cl.cam.ac.uk/~rja14/book/notes.html
Automatic Heap Layout Manipulation for Exploitation
> Heap layout manipulation is integral to exploiting heap-based memory corruption vulnerabilities. In this paper we present the first automatic approach to the problem, based on pseudo-random black-box search. Our approach searches for the inputs required to place the source of a heap-based buffer overflow or underflow next to heap-allocated objects that an exploit developer, or automatic exploit generation system, wishes to read or corrupt. We present a framework for benchmarking heap layout manipulation algorithms, and use it to evaluate our approach on several real-world allocators, showing that pseudo-random black-box search can be highly effective. We then present SHRIKE, a novel system that can perform automatic heap layout manipulation on the PHP interpreter and can be used in the construction of control-flow hijacking exploits. Starting from PHP’s regression tests, SHRIKE discovers fragments of PHP code that interact with the interpreter’s heap in useful ways, such as making allocations and deallocations of particular sizes, or allocating objects containing sensitive data, such as pointers.
The Making of Lemmings
> How DMA Design created a classic, and what happened next
Many pet rabbits will die in Second Life on Saturday
> Virtual rabbits across Second Life [official site] will fall asleep on Saturday then never wake up, now that the their digital food supply has been shut down by a legal battle.
At least nobody will ever make real food depend on the cloud, right?
RCE vulns in memcached
memcached shouldn’t normally be privileged or talking to the bad people, but this may help a rogue web app to pivot deeper. Includes links to some more detailed analysis of the bug.
How to Print Integers Really Fast
> Human readable formats wasting CPU cycles to print integers is a common problem, and we quickly found a few promising approaches and libraries.
Web development as a hack of hacks
It’s hacks all the way down.
> ‘Still File’ is a series of 4 photographs recreating computer renderings as physical scenes. The photos’ artifacts, surroundings, camera settings and lighting has been shaped intending to resemble 3d graphics of different types.
Readers of popular websites targeted by stealthy Stegano exploit kit hiding in pixels of malicious ads
Kind of a strange way to do things, but if it avoids detection, I guess it’s worth it to the attacker.
Vigorous Public Debates in Academic Computer Science
> Computer science does not have a culture of retraction, and in any case many of these debates are not about the kinds of mistakes that lead to retractions. The useful debates, the ones we can learn from, are those where both sides are publicly available in writing. These are a valuable instructional resource, and I sometimes assign them as reading to my students. They show an important part of science that often gets swept under the rug—students enjoy seeing that things are not as cut-and-dried as teachers often try to make them sound.
A Funny Thing Happened on the Way to a CLO Rule Rollback
> This is a prime example of just how malleable and creative markets can be and how regulatory roadblocks have given rise to new ways of doing business that may end up remaining standard practice long after the rules are lifted.
Matt Levine has some good commentary: https://www.bloomberg.com/view/articles/2017-09-14/insider-trading-and-risk-retention
> So the risk-retention rules, which were meant to cut down on the abuses of structured finance, created more structured finance.
Corner of Peachtree and Peachtree
Have been to Atlanta, can confirm.
The Unoriginality of Orwell's Critique of Language
Use small words. They mean more.
Doing It For Erma
> An 1956 book about the early history of automation finally hits digital shelves, thanks to a friend of mine. And its appearance is deliciously ironic.
> Perhaps that was a little annoying, but David O. Woodbury’s 1956 work Let Erma Do It, which is titled after one of the first automated check-sorting systems ever produced, was a worthy book at the front end of the era of automation that has brought us so many things since. It’s the rare early view on a trend that, retrospectively, changed everything.
> Here’s a book about the value of automation, which had to be painstakingly added, page by page, to a PDF for internet consumption.
SHA-1 GPU near-collision attacks
> Find your own shattered 2nd near-collision block pair
> Expected GPU runtime: 102 years on a single GTX-970
The Roots of Boeing’s 737 Max Crisis: A Regulator Relaxes Its Oversight
> In the days after the first crash of Boeing’s 737 Max, engineers at the Federal Aviation Administration came to a troubling realization: They didn’t fully understand the automated system that helped send the plane into a nose-dive, killing everyone on board.
> Engineers at the agency scoured their files for information about the system designed to help avoid stalls. They didn’t find much. Regulators had never independently assessed the risks of the dangerous software known as MCAS when they approved the plane in 2017.