Making the rav1d Video Decoder 1% Faster
https://ohadravid.github.io/posts/2025-05-rav1d-faster/ [ohadravid.github.io]
2025-05-25 00:24
tags:
c
compiler
perf
programming
rust
rav1d is a port of dav1d, created by (1) running c2rust on dav1d, (2) incorporating dav1d’s asm-optimized functions, and (3) changing the code to be more Rust-y and safer.
Video decoders are notoriously complex pieces of software, but because we are comparing the performance of two similar deterministic binaries we might be able to avoid a lot of that complexity - with the right tooling.
source: HN
That fractal that's been up on my wall for 12 years
https://chriskw.xyz/2025/05/21/Fractal/ [chriskw.xyz]
2025-05-24 23:59
tags:
math
visualization
I spent a lot of time doodling in middle school in lieu of whatever it is middle schoolers are supposed to be doing. Somewhere between the Cool S’s and Penrose triangles I stumbled upon a neat way to fill up graph paper by repeatedly combining and copying squares. I suspected there was more to the doodle but wasn’t quite sure how to analyze it. Deciding to delegate to a future version of me that knows more math, I put it up on the wall behind my desk where it has followed me from high school to college to the present day.
Anyway, after a series of accidents I am now the prophesized future version of me that knows a bit more math. Due to its petal-like blooming structure and timeless presence scotch taped to my wall I’ll be referring to the fractal affectionately as “the wallflower,” although further down we’ll see it’s closely related to some well-known fractals.
source: HN
Go Scheduler
https://nghiant3223.github.io/2025/04/15/go-scheduler.html [nghiant3223.github.io]
2025-05-21 22:40
tags:
article
concurrency
go
programming
systems
Understanding the Go scheduler is crucial for Go programmer to write efficient concurrent programs. It also helps us become better at troubleshooting performance issues or tuning the performance of our Go programs. In this post, we will explore how Go scheduler evolved over time, and how the Go code we write happens under the hood.
source: HN
Evolution of Rust compiler errors
https://kobzol.github.io/rust/rustc/2025/05/16/evolution-of-rustc-errors.html [kobzol.github.io]
2025-05-16 22:13
tags:
compiler
development
rust
ux
I wrote a script that downloaded all stable Rust releases all the way back to 1.0, executed each stable version of the compiler on a set of small programs containing an error and gathered the compiler standard (error) output.
source: HN
I'd rather read the prompt
https://claytonwramsey.com/blog/prompt/ [claytonwramsey.com]
2025-05-04 22:18
tags:
ai
essay
hoipolloi
ideas
language
Don’t let a computer write for you! I say this not for reasons of intellectual honesty, or for the spirit of fairness. I say this because I believe that your original thoughts are far more interesting, meaningful, and valuable than whatever a large language model can transform them into. For the rest of this piece, I’ll briefly examine some guesses as to why people write with large language models so often, and argue that there’s no good reason to use one for creative expression.
source: HN
What went wrong with wireless USB
https://oldvcr.blogspot.com/2025/05/what-went-wrong-with-wireless-usb.html [oldvcr.blogspot.com]
2025-05-04 17:34
tags:
article
hardware
tech
wifi
But what if the USB connection could be made wirelessly? For a few years, real honest-to-goodness wireless USB devices were actually a thing. Competing standards led to market fracture and the technologies fizzled out relatively quickly in the marketplace, but like the parallel universe of FireWire hubs there was another parallel world of wireless USB devices, at least for a few years. As it happens, we now have a couple of them here, so it’s worth exploring what wireless USB was and what happened to it, how the competing standards worked (and how well), and if it would have helped.
Also with a detailed explanation of UWB.
The key basis technology instead was the concept of ultra wide-band, or UWB, which in modern parlance collectively refers to technologies allowing very weak, very wide-spectrum (in excess of 500MHz) signals to become a short range yet high bandwidth communications channel.
source: HN
The Future Of Solar Doesn’t Track The Sun
https://terraformindustries.wordpress.com/2025/04/29/the-future-of-solar-doesnt-track-the-sun/ [terraformindustries.wordpress.com]
2025-05-03 21:41
tags:
article
business
energy
PV modules are cheap enough today that the simple fixed East-West arrays are cheaper and faster to install than the industry’s darling, the single-axis tracked array.
source: HN
A Strange Phrase Keeps Turning Up in Scientific Papers, But Why?
https://www.sciencealert.com/a-strange-phrase-keeps-turning-up-in-scientific-papers-but-why [www.sciencealert.com]
2025-05-02 08:42
tags:
ai
factcheck
science
web
Earlier this year, scientists discovered a peculiar term appearing in published papers: “vegetative electron microscopy”. This phrase, which sounds technical but is actually nonsense, has become a “digital fossil” – an error preserved and reinforced in artificial intelligence (AI) systems that is nearly impossible to remove from our knowledge repositories.
source: HN
How a Single Line Of Code Could Brick Your iPhone
https://rambo.codes/posts/2025-04-24-how-a-single-line-of-code-could-brick-your-iphone [rambo.codes]
2025-04-28 05:20
tags:
exploit
iphone
security
turtles
This is the story of how I found one of my favorite iOS vulnerabilities so far. It’s one of my favorites because of how simple it was to implement an exploit for it. There’s also the fact that it uses a legacy public API that’s still relied upon by many components of Apple’s operating systems, and that many developers have never heard of.
However, just as any process on the system can register to receive Darwin notifications, the same is true for sending them. Considering these properties, I began to wonder if there were places on iOS using Darwin notifications for powerful operations that could potentially be exploited as a denial-of-service attack from within a sandboxed app.
source: HN
Cheating the Reaper in Go
https://mcyoung.xyz/2025/04/21/go-arenas/ [mcyoung.xyz]
2025-04-21 23:49
tags:
garbage-collection
go
malloc
programming
These things mean that despite Go having a GC, it’s possible to do manual memory management in pure Go and in cooperation with the GC (although without any help from the runtime package). To demonstrate this, we will be building an untyped, garbage-collected arena abstraction in Go which relies on several GC implementation details.
source: HN
Marching Events: What does iCalendar have to do with ray marching?
https://pwy.io/posts/marching-events/ [pwy.io]
2025-04-18 05:31
tags:
format
programming
rust
I’ve found a way of describing occurrences through distance functions. This means that instead of implementing logic for all combinations of frequencies and parameters - as that spooky table from before suggests one might do - we can simply compose a couple of distance functions together.
source: HN
How a $2,000 'Made in the USA' Phone Is Manufactured
https://www.404media.co/how-a-2-000-made-in-the-usa-liberty-phone-phone-is-manufactured/ [www.404media.co]
2025-04-11 03:43
tags:
business
hardware
interview
policy
solder
tech
valley
But there is currently one smartphone that qualifies for a “Made in the USA” title from the FTC. It’s the Liberty Phone, which is made by a company called Purism. The phone is a version of Purism’s Librem 5. The Made-in-China Librem 5 costs $800, and the Liberty phone costs $2,000. It has 4 GB of memory, and reviewers say that its specs are pretty outdated. Not every single component in the Liberty Phone is made in the USA, but the company has been trying very hard to make it as American-made as possible.
source: HN
Apache ECharts
https://echarts.apache.org/en/index.html [echarts.apache.org]
2025-04-09 06:38
tags:
graphics
javascript
library
visualization
web
Apache ECharts provides more than 20 chart types available out of the box, along with a dozen components, and each of them can be arbitrarily combined to use.
source: HN
Building the System/360 Mainframe Nearly Destroyed IBM
https://spectrum.ieee.org/building-the-system360-mainframe-nearly-destroyed-ibm [spectrum.ieee.org]
2025-04-09 06:25
tags:
article
business
hardware
history
retro
In the years leading up to its 7 April 1964 launch, however, the 360 was one of the scariest dramas in American business. It took a nearly fanatical commitment at all levels of IBM to bring forth this remarkable collection of machines and software. While the technological innovations that went into the S/360 were important, how they were created and deployed bordered on disaster. The company experienced what science policy expert Keith Pavitt called “tribal warfare”: people clashing and collaborating in a rapidly growing company with unstable, and in some instances unknown, technologies, as uncertainty and ambiguity dogged all the protagonists.
source: HN
Better Shell History Search
https://tratt.net/laurie/blog/2025/better_shell_history_search.html [tratt.net]
2025-03-28 06:12
tags:
admin
sh
swtools
Using Ctrl-r and fzf roughly doubled my efficiency in the shell overnight. Interestingly, it had an even greater long term effect: I became a more ambitious user of shell commands because I knew I could outsource my memory to fzf. For example, since it’s now very easy to recall past commands, I no longer set global environment variables, which had previously caused me grief when I forgot about them. Now I set environment variables on a per-command basis, knowing that I can recall them with Ctrl-r and fzf.
source: HN
Blasting Past Webp - An analysis of the NSO BLASTPASS iMessage exploit
https://googleprojectzero.blogspot.com/2025/03/blasting-past-webp.html [googleprojectzero.blogspot.com]
2025-03-27 16:45
tags:
exploit
iphone
malloc
security
Whilst the Isosceles and Dark Navy posts explained the underlying memory corruption vulnerability in great detail, they were unable to solve another fascinating part of the puzzle: just how exactly do you land an exploit for this vulnerability in a one-shot, zero-click setup? As we’ll soon see, the corruption primitive is very limited. Without access to the samples it was almost impossible to know.
source: HN
CVE-2024-9956 - PassKey Account Takeover in All Mobile Browsers
https://mastersplinter.work/research/passkey/ [mastersplinter.work]
2025-03-20 05:23
tags:
auth
browser
exploit
security
web
An attacker within bluetooth range is able to trigger navigation to a FIDO:/ URI from an attacker controlled page on a mobile browser, allowing them to initiate a legitimate PassKeys authentication intent which will be received on the attacker’s device. This results in the attacker being able to “phish” PassKeys credentials, completely breaking this assumption that PassKeys are impossible to phish.
source: HN
Memory safety for web fonts
https://developer.chrome.com/blog/memory-safety-fonts [developer.chrome.com]
2025-03-19 22:52
tags:
browser
graphics
library
text
The FreeType library is used by Chrome to compute metrics and load hinted outlines from fonts. Overall, use of FreeType has been a huge win for Google. It does a complex job, and does it well, we rely on it extensively and contribute back to it. However, it is written in unsafe code and has its origins in a time when malicious inputs were less likely. Merely keeping up with the stream of issues found by fuzzing costs Google at least 0.25 full time software engineers. Worse, we observably don’t find everything or find things only after the code has shipped to users.
source: HN
The Defer Technical Specification: It Is Time
https://thephd.dev/c2y-the-defer-technical-specification-its-time-go-go-go [thephd.dev]
2025-03-19 22:48
tags:
c
compiler
programming
standard
Time for me to write this blog post and prepare everyone for the implementation blitz that needs to happen to make defer a success for the C programming language.
source: HN
Sign in as anyone: Bypassing SAML SSO authentication with parser differentials
https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/ [github.blog]
2025-03-15 19:37
tags:
auth
format
security
turtles
web
Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0. In this blog post, we’ll shed light on how these vulnerabilities that rely on a parser differential were uncovered.
As shown once again: relying on two different parsers in a security context can be tricky and error-prone.
source: HN