Bending pause times to your will with Generational ZGC
https://netflixtechblog.com/bending-pause-times-to-your-will-with-generational-zgc-256629c9386b [netflixtechblog.com]
2024-03-16 00:20
tags:
garbage-collection
java
perf
The latest long term support release of the JDK delivers generational support for the Z Garbage Collector. Netflix has switched by default from G1 to Generational ZGC on JDK 21 and later, because of the significant benefits of concurrent garbage collection.
source: HN
Fonts are still a Helvetica of a Problem
https://www.canva.dev/blog/engineering/fonts-are-still-a-helvetica-of-a-problem/ [www.canva.dev]
2024-03-06 19:45
tags:
security
text
turtles
CVEs in three strange places and the unique problem of safely processing and handling fonts.
Although the previous research focused primarily on memory corruption bugs in font processing, we wondered what other kinds of security issues might occur when handling fonts.
source: HN
Supercharge compression efficiency with shared dictionaries
https://developer.chrome.com/blog/shared-dictionary-compression [developer.chrome.com]
2024-03-06 18:50
tags:
browser
compression
development
web
Shared dictionaries can supplement Brotli and ZStandard compression to deliver substantially higher compression ratios for websites that frequently ship updated code, and can—in some cases—deliver 90% or better compression ratios. This post goes into more detail on how shared dictionaries work, and how you can register for the origin trials to use them for Brotli and ZStandard on your website.
source: HN
Bugs I’ve filed on browsers
https://nolanlawson.com/2024/03/03/bugs-ive-filed-on-browsers/ [nolanlawson.com]
2024-03-04 05:28
tags:
browser
bugfix
development
web
As such, I’ve filed a lot of bugs on browsers over the years. For whatever reason – stubbornness, frustration, some highfalutin sense of serving the web at large – I’ve made a habit of nagging browser vendors about whatever roadblock I’m hitting that day. And they often fix it! So I thought it might be interesting to do an analysis of the bugs I’ve filed on the major browser engines – Chromium, Firefox, and WebKit – over my roughly 10-year web development career.
source: HN
How French Artists in 1899 Envisioned What Life Would Look Like in the Year 2000
https://www.openculture.com/2024/02/how-french-artists-in-1899-envisioned-what-life-would-look-like-in-the-year-2000.html [www.openculture.com]
2024-03-04 05:20
tags:
art
future
photos
retro
And yet it’s Asimov who apparently owned the only set of postcards of En L’An 2000, a set of 87 (or so) collectible artist cards that first appeared as inserts in cigar boxes in 1899, right in time for the 1900 World Exhibition in Paris. Translated as “France in the 21st Century,” the cards feature Jean-Marc Côté and other illustrators’ interpretations of the way we’d be living... well, 23 years ago.
https://publicdomainreview.org/collection/a-19th-century-vision-of-the-year-2000/
source: HN
In Nome, Where the Muskoxen Roam … Controversially
https://hakaimagazine.com/features/in-nome-where-the-muskoxen-roam-controversially/ [hakaimagazine.com]
2024-03-04 05:12
tags:
article
biology
history
hoipolloi
policy
In Alaska, residents are negotiating a contentious relationship with muskoxen, which were introduced to the area decades ago without local consent.
One Iñupiaq word for muskox is umiŋmak, a term that refers to the animal’s beard-like coat. The word’s existence speaks to the Iñupiat’s long relationship with muskoxen, which once roamed the Arctic. The decline of muskoxen is often attributed to climatic changes after the last ice age, along with predation and hunting. Around Nome, few, if any, Indigenous stories about the animals survive.
The average visitor to Nome today would never guess that muskoxen were ever ghosts on the landscape. The animals adorn guidebooks and artwork at gift shops and draw wildlife viewers and photographers. With their bulky coats, sloping shoulders, short legs, and upturned horns, it’s not hard to picture them roaming alongside saber-toothed cats, wooly mammoths, and other big-bodied beasts of the Pleistocene. But all the muskoxen around Nome today have ancestors that saw the inside of a train station in New Jersey. Their reintroduction to Alaska was the result of a decades-long campaign by early 20th-century settlers and promoters, one that followed a template used many times over before and since: it was a plan for developing the Arctic, drawn up without the consent of Indigenous people.
source: HN
Identifying Rust's collect::<Vec<_>>() memory leak footgun
https://blog.polybdenum.com/2024/01/17/identifying-the-collect-vec-memory-leak-footgun.html [blog.polybdenum.com]
2024-01-18 17:32
tags:
malloc
programming
rust
turtles
This is the story of how I identified the bug. (TLDR: collect::<Vec<_>>() will sometimes reuse allocations, resulting in Vecs with large excess capacity, even when the length is exactly known in advance, so you need to call shrink_to_fit if you want to free the extra memory.)
Ordinarily, that wouldn’t have been a problem, since the into_iter().map().collect() line used to pack them into (u32, u32)s would allocate a new vector with only the exact amount of space required. However, thanks to the allocation reuse optimization added in Rust 1.76, the new vec shared the backing store of the input vec, and hence had a capacity of 16560, meaning it was using 132480 bytes of memory to store only 16 bytes of data.
source: HN
When Random Isn't
https://orlp.net/blog/when-random-isnt/ [orlp.net]
2024-01-16 05:43
tags:
gaming
programming
random
security
So there were two environments: an insecure one where you can get all information but can’t act on it, and a secure one where you can act but can’t get the information needed for automation.
An evil idea came in my head: random number generators (RNGs) used in computers are almost always pseudorandom number generators with (hidden) internal state. If I can manipulate this state, perhaps I can use that to pass information into the secure environment.
source: HN
Operation Triangulation: What You Get When Attack iPhones of Researchers
https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/ [securelist.com]
2023-12-27 19:52
tags:
best
cpu
exploit
investigation
iphone
security
This presentation was also the first time we had publicly disclosed the details of all exploits and vulnerabilities that were used in the attack. We discover and analyze new exploits and attacks using these on a daily basis, and we have discovered and reported more than thirty in-the-wild zero-days in Adobe, Apple, Google, and Microsoft products, but this is definitely the most sophisticated attack chain we have ever seen.
source: HN
The hidden beauty of Berlin's indoor pools
https://www.bbc.com/travel/article/20231116-the-hidden-beauty-of-berlins-indoor-pools [www.bbc.com]
2023-11-19 05:53
tags:
photos
travel
The German capital is dotted with more than 60 public indoor swimming pools, and many of them are so stunning and tranquil they feel like you’re swimming in an ornate library.
source: HN
Real-time dreamy Cloudscapes with Volumetric Raymarching
https://blog.maximeheckel.com/posts/real-time-cloudscapes-with-volumetric-raymarching/ [blog.maximeheckel.com]
2023-11-01 01:44
tags:
gl
graphics
programming
I spent the past few months diving into the realm of Raymarching and studying some of its applications that may come in handy for future 3D projects, and while I managed to build a pretty diverse set of scenes, all of them consisted of rendering surfaces or solid objects. My blog post on Raymarching covered some of the many impressive capabilities of this rendering technique, and as I mentioned at the end of that post, that was only the tip of the iceberg; there is a lot more we can do with it.
One fascinating aspect of Raymarching I quickly encountered in my study was its capacity to be tweaked to render volumes. Instead of stopping the raymarched loop once the ray hits a surface, we push through and continue the process to sample the inside of an object. That is where my obsession with volumetric clouds started, and I think the countless hours I spent exploring the many Sky Islands in Zelda Tears of the Kingdom contributed a lot to my curiosity to learn more about how they work. I thus studied a lot of Shadertoy scenes leveraging many Volumetric Raymarching techniques to render smoke, clouds, and cloudscapes, which I obviously couldn’t resist giving a try rebuilding myself:
source: HN
"[31m"?! ANSI Terminal security in 2023 and finding 10 CVEs
https://dgl.cx/2023/09/ansi-terminal-security [dgl.cx]
2023-10-20 19:20
tags:
exploit
security
text
tty
turtles
unix
This paper reflects work done in late 2022 and 2023 to audit for vulnerabilities in terminal emulators, with a focus on open source software. The results of this work were 10 CVEs against terminal emulators that could result in Remote Code Execution (RCE), in addition various other bugs and hardening opportunities were found. The exact context and severity of these vulnerabilities varied, but some form of code execution was found to be possible on several common terminal emulators across the main client platforms of today.
source: HN
WebGPU Security Technical Report
https://chromium.googlesource.com/chromium/src/+/main/docs/security/research/graphics/webgpu_technical_report.md [chromium.googlesource.com]
2023-09-29 01:24
tags:
browser
gl
graphics
security
turtles
In this document we outline how WebGPU works through the mind of an attacker, our vulnerability research methodologies, and our thought processes in some of the more difficult research areas. There are many interesting portions of Chrome graphics that we omitted from review to keep scope manageable. While our primary focus was WebGPU, we did explore a few attack surfaces shared by other graphics features. We will interleave background information on WebGPU with descriptions of the important bugs we found. We hope this report will give the security community a deeper understanding of the shape of vulnerabilities we may come to expect with the addition of WebGPU, along with a lens into the vulnerabilities we might encounter in the future.
source: HN
Apocalypse-Proof - 33 Thomas Street
https://placesjournal.org/article/33-thomas-street-and-conspiracy-thrillers/ [placesjournal.org]
2023-09-18 00:10
tags:
architecture
article
history
movies
opsec
urban
A windowless telecommunications hub, 33 Thomas Street in New York City embodies an architecture of surveillance and paranoia. That has made it an ideal set for conspiracy thrillers.
When it was completed in Lower Manhattan in 1974, 33 Thomas Street, formerly known as the AT&T Long Lines Building, was intended as the world’s largest facility for connecting long-distance telephone calls. 1 Standing 532 feet — roughly equivalent to a 45-story building — it’s a mugshot for Brutalism, windowless and nearly featureless. Its only apertures are a series of ventilation hoods meant to hide microwave-satellite arrays, which communicate with ground-based relay stations and satellites in space. One of several long lines buildings designed by John Carl Warnecke for the New York Telephone Company, a subsidiary of AT&T, 33 Thomas Street is perhaps the most visually striking project in the architect’s long and influential career. Embodying postwar American economic and military hegemony, the tower broadcasts inscrutability and imperviousness. It was conceived, according to the architect, to be a “skyscraper inhabited by machines.”
source: HN
Analyzing Starfield’s Performance on Nvidia’s 4090 and AMD’s 7900 XTX
https://chipsandcheese.com/2023/09/14/analyzing-starfields-performance-on-nvidias-4090-and-amds-7900-xtx/ [chipsandcheese.com]
2023-09-15 21:19
tags:
gaming
graphics
investigation
perf
We analyzed this scene using Nvidia’s Nsight Graphics and AMD’s Radeon GPU Profiler to get some insight into why Starfield performs the way it does. On the Nvidia side, we covered the last three generations of cards by testing the RTX 4090, RTX 3090, and Titan RTX. On AMD, we tested the RX 7900 XTX. The i9-13900K was used to collect data for all of these GPUs.
source: HN
Hacking the Book8088 for Better Accuracy
https://martypc.blogspot.com/2023/09/hacking-book8088-for-better-accuracy.html [martypc.blogspot.com]
2023-09-12 04:46
tags:
graphics
hardware
retro
solder
The Book8088 is trying hard to basically be compatible with the original IBM PC, containing some of the same or equivalent chips. It’s natural to want to put it through its paces, and one of the best tests for IBM PC compatibility has to be the 8088MPH demo. If 8088MPH will run we must be operating pretty darn close to the original.
Now, as it turns out, most of the demo does run, albeit in RGBI mode which loses out on all the cool composite artifact color effects. But most notably the famous Kefrens Bars effect does not display - the screen just goes blank. What’s going wrong on the Book8088 vs a real IBM PC 5150?
source: HN
The English vegetable picked by candlelight
https://www.bbc.com/travel/article/20190424-the-english-vegetable-picked-by-candlelight [www.bbc.com]
2023-07-30 18:07
tags:
food
hoipolloi
A notoriously fickle vegetable to harvest, Yorkshire forced rhubarb is anything but easy to grow. It thrives in the county’s cold winters, but if the soil is too wet, it can’t be planted. If the temperature is too hot, it won’t grow; and 10 or more frosts are needed before a farmer can even think about forcing it. Only then can horticulturalists remove the heavy roots from the field, then clean and replant them inside the forcing sheds where photosynthesis is limited, encouraging glucose stored in the roots to stimulate growth. It demands patience, expertise and good fortune, and, ultimately, it is engineered for maximum taste: once deprived of light, the vegetable is forced to use the energy stored in its roots, making it far sweeter than the normal variety.
source: HN
When Good Correlation is Not Enough
https://hakibenita.com/postgresql-correlation-brin-multi-minmax [hakibenita.com]
2023-07-28 02:39
tags:
database
development
perf
sql
Choosing to use a block range index (BRIN) to query a field with high correlation is a no-brainer for the optimizer. The small size of the index and the field’s correlation makes BRIN an ideal choice. However, a recent event taught us that correlation can be misleading. Under some easily reproducible circumstances, a BRIN index can result in significantly slower execution even when the indexed field has very high correlation.
source: HN
Commander Keen's Adaptive Tile Refresh
https://fabiensanglard.net/ega/ [fabiensanglard.net]
2023-07-27 21:53
tags:
gaming
graphics
perf
programming
retro
I have been reading Doom Guy by John Romero. It is an excellent book which I highly recommend. In the ninth chapter, John describes being hit by lightning upon seeing Adaptive Tile Refresh (ATS). That made me realize I never took the time to understand how this crucial piece of tech powers the Commander Keen (CK) series.
At its heart the problem ATS solves is bandwidth. Writing 320x200 nibbles (32 KiB) per frame is too much for the ISA bus. There is no way to maintain a 60Hz framerate while refreshing the whole screen. If we were to run the following code, which simply fills all banks, it would run at 5 frames per seconds.
source: HN
Mind Grenade Fifty Years On
https://www.fourmilab.ch/webtools/MindGrenade/ [www.fourmilab.ch]
2023-07-27 00:28
tags:
design
interactive
music
retro
solder
tech
In 1969, Harry amazed everybody with a little electronic gadget he’d built which, using the primitive digital integrated circuits of the time, generated random music, played it through a speaker, and flashed lights on its front panel. It was precisely what people expected computers to do, based upon portrayals in the movies and on television, and yet it could be held in your hand and was, internally, very simple. He explained how it worked, and I immediately knew I had to have one. Digital electronics was in a great state of flux at the time, with each manufacturer launching their own line of integrated circuits, most incompatible with one another, so there was no point in slavishly reproducing Harry’s design. Starting from the concept, I designed my own gadget from scratch, using Signetics Utilogic diode-transistor small scale integration integrated circuits which were popular at the time but shortly thereafter made obsolete by 7400 series transistor-transistor logic (TTL). The architecture was identical to Harry’s device, but I opted for more with-it and less power-hungry light-emitting diodes (LEDs) for the display instead of the incandescent bulbs he used. I built the electronics assembly on a sheet of perforated board using wire-wrap fabrication (some people look down their noses at wire-wrap today, but it was good enough for the Apollo Guidance Computer and almost every mainframe backplane of the 1960s, and my wire-wrapped electronics works perfectly fifty years later.)
Little did I imagine, when designing and building the Mind Grenade hardware in 1969, that fifty years later I’d be emulating it on a computer which ran more than a thousand times faster than the one I used in my day job at the time and, furthermore, was sitting on my own desk. But here we are. Thanks to HTML5 and JavaScript, it is now possible to emulate the hardware Mind Grenade entirely in software that runs within any modern Web browser. Below is an abstracted version of the Mind Grenade front panel. Press the power button at the bottom to get things going. The slider at the left controls the pitch and the slider at the right sets the rate at which the notes play. The check boxes below the lights select any of the 16 possible tunes that can be played.
source: HN