Akaros Papers and Talks
http://akaros.cs.berkeley.edu/akaros-web/papers_and_talks.php [akaros.cs.berkeley.edu]
2016-12-10 17:57
Akaros is an operating system designed for many-core architectures and large-scale SMP systems.
random
Akaros Papers and Talks
http://akaros.cs.berkeley.edu/akaros-web/papers_and_talks.php [akaros.cs.berkeley.edu]
2016-12-10 17:57
Akaros is an operating system designed for many-core architectures and large-scale SMP systems.
Zenbleed
https://lock.cmpxchg8b.com/zenbleed.html [lock.cmpxchg8b.com]
2023-07-25 01:47
What should happen if the processor speculatively executed a vzeroupper, but then discovers that there was a branch misprediction? Well, we will have to revert that operation and put things back the way they were… maybe we can just unset that z-bit?
If we return to the analogy of malloc and free, you can see that it can’t be that simple - that would be like calling free() on a pointer, and then changing your mind!
That would be a use-after-free vulnerability, but there is no such thing as a use-after-free in a CPU… or is there?
source: L
“The Defend Trade Secrets Act Isn’t an ‘Intellectual Property’ Law”
http://blog.ericgoldman.org/archives/2017/03/new-paper-the-defend-trade-secrets-act-isnt-an-intellectual-property-law.htm [blog.ericgoldman.org]
2017-03-10 06:15
This section and the amendments made by this section shall not be construed to be a law pertaining to intellectual property for purposes of any other Act of Congress
What the what?
Introducing Miscreant: a multi-language misuse resistant encryption library
http://tonyarcieri.com/introducing-miscreant-a-multi-language-misuse-resistant-encryption-library [tonyarcieri.com]
2017-10-18 18:37
For the past several months I have been hacking on not just one, but five encryption libraries in five different languages (Go, Python, Ruby, Rust, and TypeScript). Tall order, I know. And worse, these libraries implement what I believe is a novel cryptographic construction. Are you terrified yet? Yes, I’m implementing novel cryptography, in several languages at that, but I’d like to convince you it’s not as scary as it sounds.
Miscreant implements two modes of AES which provide a unique property called “nonce reuse misuse resistance”. But to understand what that is, I first need to describe a nonce.
Certificate pinning is great in stone soup
https://adam.shostack.org/blog/2017/05/certificate-pinning-is-great-in-stone-soup/ [adam.shostack.org]
2017-05-25 06:15
Is it a requirement that the device protect itself from the owner?
Weaponizing PostScript
https://lamehackersguide.blogspot.com/2017/02/weaponizing-postscript.html [lamehackersguide.blogspot.com]
2017-02-23 18:01
The exploiting was simple: I was able to upload the postscript files to the server, which then proceeded to convert the file to PDF or PDF/A. With one of the services I had to just rename the PostScript file so it had .pdf extension. Then the services gave me access to the converted files, which had the loot within them...
source: R
Bad publicity: how not to promote a start-up
https://www.ft.com/content/de4b504a-67db-11e7-9a66-93fb352ba1fe [www.ft.com]
2017-08-02 02:15
What happens when the press anoints you a Facebook killer before your product is ready? You don’t kill Facebook. The Ello story.
source: ML
The “Developer Experience” Bait-and-Switch
https://infrequently.org/2018/09/the-developer-experience-bait-and-switch/ [infrequently.org]
2018-09-12 18:06
The “developer experience” bait-and-switch works by appealing to the listener’s parochial interests as developers or managers, claiming supremacy in one category in order to remove others from the conversation. The swap is executed by implying that by making things better for developers, users will eventually benefit equivalently. The unstated agreement is that developers share all of the same goals with the same intensity as end users and even managers. This is not true.
What’s good for me is good for you. Trust me.
source: L
iOS 12, thoroughly reviewed
https://arstechnica.com/gadgets/2018/09/ios-12-thoroughly-reviewed/ [arstechnica.com]
2018-09-17 18:24
Apple’s iOS 12 software update is available today for supported iPhone, iPad, and iPod touch devices, and on the surface, it looks like one of the smallest new iOS releases Apple has pushed out. This isn’t a surprise; Apple said earlier this year that iOS 12 would be more about performance and stability than adding new features.
Nintendo’s Resurgence Was the Best Tech Story of 2017
https://www.theringer.com/2017/12/7/16746390/nintendo-2017-switch-snes-classic-wii-u [www.theringer.com]
2017-12-12 04:24
After years of annoying gimmicks, the gaming legend offered the simple pleasures we desperately needed
source: HN
os-test
https://sortix.org/os-test/ [sortix.org]
2017-10-30 14:27
os-test is a set of test suites for POSIX operating systems designed to make it easy to compare differences between operating systems and to find operating system bugs. It consists of test suites that focus on different operating system areas. This page visualizes the results for the free software POSIX operating systems that are relevant today.
source: L
JavaScript Zero: real JavaScript, and zero side-channel attacks
https://blog.acolyer.org/2018/03/13/javascript-zero-real-javascript-and-zero-side-channel-attacks/ [blog.acolyer.org]
2018-03-28 19:02
Chrome Zero is a proof of concept implementation that defends against these attacks. It installs as a Chrome extension and protects functions, properties, and objects that can be exploited to construct attacks. The basic idea is very simple, functions are wrapped with replacement versions that allow injection of a policy. This idea of wrapping functions (and properties with accessor properties, and certain objects with proxy objects) goes by the fancy name of virtual machine layering.
Getting to Go
https://blog.golang.org/ismmkeynote [blog.golang.org]
2018-07-18 00:02
This is the transcript from the keynote I gave at the International Symposium on Memory Management (ISMM) on June 18, 2018. For the past 25 years ISMM has been the premier venue for publishing memory management and garbage collection papers and it was an honor to have been invited to give the keynote.
Moiré no more
https://www.getrevue.co/profile/shift-happens/issues/moire-no-more-688319 [www.getrevue.co]
2021-09-26 20:33
I showed the original typewriter car scan, added my blurred-then-sharpened photo as a pathetic comparison, and asked: what is the latest in demoireing? Is there some new tech that could help me?
But this pales in comparison to the typewriter car photo I wanted to reuse, the one with all the dots, where we can see the FFT immediately betraying their repeated presence:
This sounded like a prank. You’re telling me that a problem I’ve witnessed for decades could be solved with a 1960s algorithm, and I don’t even have to be particularly careful? But I tried it out. I started crudely drawing over the peaks, one by one. Things were weird at the beginning, but then I saw something astonishing – the halftone dots started shrinking:
source: HN
Testing out snapshots in Apple’s next-generation APFS file system
https://arstechnica.com/apple/2017/02/testing-out-snapshots-in-apples-next-generation-apfs-file-system/ [arstechnica.com]
2017-02-12 17:02
We brave beta software and do some cautious testing—and it looks like it works.
Taskbar Latency and Kernel Calls
https://randomascii.wordpress.com/2019/09/08/taskbar-latency-and-kernel-calls/ [randomascii.wordpress.com]
2019-09-10 11:25
I work quickly on my computer and I get frustrated when I am forced to wait on an operation that should be fast. A persistent nuisance on my over-powered home laptop is that closing windows on the taskbar is slow. I right-click on an entry, wait for the menu to appear, and then select “Close window”. The mouse movement should be the slow part of this but instead I find that the delay before the menu appears is the longest component.
What this says is that, over the course of two right-mouse clicks, RuntimeBroker.exe, thread 10,252, issued 229,604 ReadFile calls, reading a total of 15,686,586 bytes. That is an average read of 68 bytes each time.
‘Random Acts of Medicine’ Review: Paging Dr. Chance
https://www.wsj.com/articles/random-acts-of-medicine-review-paging-dr-chance-877170ec [www.wsj.com]
2023-08-06 22:14
People who end up in the emergency room complaining of chest pains a few weeks before their 40th birthday are very similar to people who end up in the emergency room with chest pains a few weeks after their 40th birthday. But on a chart, the former are 39 years old and the latter are 40.
The point of these studies isn’t to titter or sigh at the peculiarities of human reasoning but to use these natural experiments to estimate the effect of medical procedures. If the only reason that near-18 and 18-year-olds are prescribed opioids differently is the semantics of “child” and “adult,” then we can use the discontinuity in prescriptions as a natural experiment—it’s as if prescribing around the age of 18 were randomly assigned. The authors find, for example, that compared to the just-under-18s, the just-over-18s were 12.6% more likely to later be diagnosed for an opioid-related adverse event such as an overdose. The greater rate of overdose is valuable information—but imagine the difficulty of trying to convince an Institutional Review Board that it would be ethical to randomly prescribe opioids to young people.
source: MR
Lower VM_MAX_USER_ADDRESS to finalize work-around for Ryzen bug
http://marc.info/?l=dragonfly-commits&m=150234443814532&w=2 [marc.info]
2017-08-12 18:07
A good summary of the bug affecting Ryzen CPUs.
A fashionable lamp for our times
http://lcamtuf.coredump.cx/geiger/ [lcamtuf.coredump.cx]
2017-03-13 05:58
A floor lamp, some LEDs, and a Soviet SBM-20 Geiger-Müller tube walk into a bar...
The design of Poly1305
http://loup-vaillant.fr/tutorials/poly1305-design [loup-vaillant.fr]
2017-01-31 02:34
Poly1305 is a fast, provably secure, and surprisingly simple one time authenticator. Its author, Daniel J. Bernstein explains it well in his paper, if you’re already an expert. The rest of us is kinda left in the dust.
source: R