Optimality of Gerver's Sofa
https://arxiv.org/abs/2411.19826 [arxiv.org]
2025-01-04 17:52
We resolve the moving sofa problem by showing that Gerver’s construction with 18 curve sections attains the maximum area.
source: trivium
tag: paper
Optimality of Gerver's Sofa
https://arxiv.org/abs/2411.19826 [arxiv.org]
2025-01-04 17:52
We resolve the moving sofa problem by showing that Gerver’s construction with 18 curve sections attains the maximum area.
source: trivium
A remarkable new species of Paraparatrechina Donisthorpe
https://zookeys.pensoft.net/article/114168/ [zookeys.pensoft.net]
2024-06-03 19:30
A new ant species, Paraparatrechina neela sp. nov., with a captivating metallic-blue color is described based on the worker caste from the East Siang district of Arunachal Pradesh, northeastern India. This discovery signifies the first new species of Paraparatrechina in 121 years, since the description of the sole previously known species, P. aseta (Forel, 1902), in the Indian subcontinent.
source: HN
GWP-ASan: Sampling-Based Detection of Memory-Safety Bugs in Production
https://arxiv.org/abs/2311.09394v2 [arxiv.org]
2024-04-19 20:11
Despite the recent advances in pre-production bug detection, heap-use-after-free and heap-buffer-overflow bugs remain the primary problem for security, reliability, and developer productivity for applications written in C or C++, across all major software ecosystems. Memory-safe languages solve this problem when they are used, but the existing code bases consisting of billions of lines of C and C++ continue to grow, and we need additional bug detection mechanisms.
Flipping Pages: An analysis of a new Linux vulnerability in nf_tables and hardened exploitation techniques
https://pwning.tech/nftables/ [pwning.tech]
2024-03-26 23:33
In this blogpost I present several novel techniques I used to exploit a 0-day double-free bug in hardened Linux kernels (i.e. KernelCTF mitigation instances) with 93%-99% success rate. The underlying bug is input sanitization failure of netfilter verdicts. Hence, the requirements for the exploit are that nf_tables is enabled and unprivileged user namespaces are enabled. The exploit is data-only and performs an kernel-space mirroring attack (KSMA) from userland with the novel Dirty Pagedirectory technique (pagetable confusion), where it is able to link any physical address (and its permissions) to virtual memory addresses by performing just read/writes to userland addresses.
Also: https://github.com/Notselwyn/CVE-2024-1086
source: HN
Lend Me Your Ear: Passive Remote Physical Side Channels on PCs
https://www.usenix.org/conference/usenixsecurity22/presentation/genkin [www.usenix.org]
2024-01-18 17:35
We show that built-in sensors in commodity PCs, such as microphones, inadvertently capture electromagnetic side-channel leakage from ongoing computation. Moreover, this information is often conveyed by supposedly-benign channels such as audio recordings and common Voice-over-IP applications, even after lossy compression.
Thus, we show, it is possible to conduct physical side-channel attacks on computation by remote and purely passive analysis of commonly-shared channels. These attacks require neither physical proximity (which could be mitigated by distance and shielding), nor the ability to run code on the target or configure its hardware. Consequently, we argue, physical side channels on PCs can no longer be excluded from remote-attack threat models.
We analyze the computation-dependent leakage captured by internal microphones, and empirically demonstrate its efficacy for attacks. In one scenario, an attacker steals the secret ECDSA signing keys of the counterparty in a voice call. In another, the attacker detects what web page their counterparty is loading. In the third scenario, a player in the Counter-Strike online multiplayer game can detect a hidden opponent waiting in ambush, by analyzing how the 3D rendering done by the opponent’s computer induces faint but detectable signals into the opponent’s audio feed.
paper: https://faculty.cc.gatech.edu/~genkin/papers/lendear.pdf
Turnover of mammal sex chromosomes in the Sry-deficient Amami spiny rat is due to male-specific upregulation of Sox9
https://www.pnas.org/doi/10.1073/pnas.2211574119 [www.pnas.org]
2023-09-03 23:56
We here report our discovery of a male-specific duplication of an enhancer of Sox9 in the Amami spiny rat Tokudaia osimensis, in which males and females have only a single X chromosome (XO/XO) and the Y chromosome and Sry are completely lost. We performed a comprehensive survey to detect sex-specific genomic regions in the spiny rat. Sex-related genomic differences were limited to a male-specific duplication of a 17-kb unit located 430 kb upstream of Sox9 on an autosome.
The Internet Worm Program: An Analysis
https://spaf.cerias.purdue.edu/tech-reps/823.pdf [spaf.cerias.purdue.edu]
2023-08-25 16:24
This report gives a detailed description of the components of the worm program—data and functions. It is based on study of two completely independent reverse-compilations of the worm and a version disassembled to VAX assembly language. Almost no source code is given in the paper because of current concerns about the state of the ‘‘immune system’’ of Internet hosts, but the description should be detailed enough to allow the reader to understand the behavior of the program.
And some modern commentary: https://infosec.exchange/@hovav/110950949212380779
The Most Dangerous Codec in the World: Finding and Exploiting Vulnerabilities in H.264 Decoders
https://wrv.github.io/h26forge.pdf [wrv.github.io]
2023-03-28 18:51
Modern video encoding standards such as H.264 are a marvel of hidden complexity. But with hidden complexity comes hidden security risk. Decoding video in practice means interacting with dedicated hardware accelerators and the proprietary, privileged software components used to drive them. The video decoder ecosystem is obscure, opaque, diverse, highly privileged, largely untested, and highly exposed—a dangerous combination.
We introduce and evaluate H26FORGE, domain-specific infrastructure for analyzing, generating, and manipulating syntactically correct but semantically spec-non-compliant video files. Using H26FORGE, we uncover insecurity in depth across the video decoder ecosystem, including kernel memory corruption bugs in iOS, memory corruption bugs in Firefox and VLC for Windows, and video accelerator and application processor kernel memory bugs in multiple Android devices.
A fork() in the road
https://www.microsoft.com/en-us/research/uploads/prod/2019/04/fork-hotos19.pdf [www.microsoft.com]
2023-03-25 04:02
The received wisdom suggests that Unix’s unusual combination of fork() and exec() for process creation was an inspired design. In this paper, we argue that fork was a clever hack for machines and programs of the 1970s that has long outlived its usefulness and is now a liability. We catalog the ways in which fork is a terrible abstraction for the modern programmer to use, describe how it compromises OS implementations, and propose alternatives.
source: L
Animal personalities can trip up science, but there’s a solution
https://arstechnica.com/science/2023/03/animal-personalities-can-trip-up-science-but-theres-a-solution/ [arstechnica.com]
2023-03-13 04:03
Scientists are increasingly realizing that animals, like people, are individuals. They have distinct tendencies, habits and life experiences that may affect how they perform in an experiment. That means, some researchers argue, that much published research on animal behavior may be biased. Studies claiming to show something about a species as a whole—that green sea turtles migrate a certain distance, say, or how chaffinches respond to the song of a rival—may say more about individual animals that were captured or housed in a certain way, or that share certain genetic features. That’s a problem for researchers who seek to understand how animals sense their environments, gain new knowledge and live their lives.
source: ars
Why Did the Bee Eat the Chicken? Symbiont Gain, Loss, and Retention in the Vulture Bee Microbiome
https://journals.asm.org/doi/10.1128/mBio.02317-21 [journals.asm.org]
2023-01-20 22:19
Bees are wasps that switched to a vegetarian lifestyle, and the vast majority of bees feed on pollen and nectar. Some stingless bee species, however, also collect carrion, and a few have fully reverted to a necrophagous lifestyle, relying on carrion for protein and forgoing flower visitation altogether. These “vulture” bees belong to the corbiculate apid clade, which is known for its ancient association with a small group of core microbiome phylotypes. Here, we investigate the vulture bee microbiome, along with closely related facultatively necrophagous and obligately pollinivorous species, to understand how these diets interact with microbiome structure.
Recap: https://news.ucr.edu/articles/2021/11/23/when-bees-get-taste-dead-things
source: jwz
Hertzbleed Attack
https://www.hertzbleed.com/ [www.hertzbleed.com]
2022-06-16 18:36
Hertzbleed is a new family of side-channel attacks: frequency side channels. In the worst case, these attacks can allow an attacker to extract cryptographic keys from remote servers that were previously believed to be secure.
Hertzbleed takes advantage of our experiments showing that, under certain circumstances, the dynamic frequency scaling of modern x86 processors depends on the data being processed. This means that, on modern processors, the same program can run at a different CPU frequency (and therefore take a different wall time) when computing, for example, 2022 + 23823 compared to 2022 + 24436.
source: HN
Lend Me Your Ear: Passive Remote Physical Side Channels on PCs
https://www.usenix.org/system/files/sec22summer_genkin.pdf [www.usenix.org]
2022-05-06 00:55
We show that built-in sensors in commodity PCs, such as microphones, inadvertently capture electromagnetic side-channel leakage from ongoing computation. Moreover, this information is often conveyed by supposedly-benign channels such as audio recordings and common Voice-over-IP applications, even after lossy compression.
We analyze the computation-dependent leakage captured by internal microphones, and empirically demonstrate its efficacy for attacks. In one scenario, an attacker steals the secret ECDSA signing keys of the counterparty in a voice call. In another, the attacker detects what web page their counterparty is loading. In the third scenario, a player in the Counter-Strike online multiplayer game can detect a hidden opponent waiting in ambush, by analyzing how the 3D rendering done by the opponent’s computer induces faint but detectable signals into the opponent’s audio feed.
High Fidelity Image Generation Using Diffusion Models
https://ai.googleblog.com/2021/07/high-fidelity-image-generation-using.html [ai.googleblog.com]
2021-09-13 20:31
Alternatively, diffusion models, originally proposed in 2015, have seen a recent revival in interest due to their training stability and their promising sample quality results on image and audio generation. Thus, they offer potentially favorable trade-offs compared to other types of deep generative models. Diffusion models work by corrupting the training data by progressively adding Gaussian noise, slowly wiping out details in the data until it becomes pure noise, and then training a neural network to reverse this corruption process. Running this reversed corruption process synthesizes data from pure noise by gradually denoising it until a clean sample is produced. This synthesis procedure can be interpreted as an optimization algorithm that follows the gradient of the data density to produce likely samples.
Cells Form Into ‘Xenobots’ on Their Own
https://www.quantamagazine.org/cells-form-into-xenobots-on-their-own-20210331/ [www.quantamagazine.org]
2021-04-02 18:58
Embryonic cells can self-assemble into new living forms that don’t resemble the bodies they usually generate, challenging old ideas of what defines an organism.
source: HN
Infinite Nature: Perpetual View Generation of Natural Scenes from a Single Image
https://infinite-nature.github.io/ [infinite-nature.github.io]
2021-03-20 18:13
We introduce the problem of perpetual view generation—long-range generation of novel views corresponding to an arbitrarily long camera trajectory given a single image. This is a challenging problem that goes far beyond the capabilities of current view synthesis methods, which work for a limited range of viewpoints and quickly degenerate when presented with a large camera motion. Methods designed for video generation also have limited ability to produce long video sequences and are often agnostic to scene geometry. We take a hybrid approach that integrates both geometry and image synthesis in an iterative render, refine, and repeat framework, allowing for long-range generation that cover large distances after hundreds of frames. Our approach can be trained from a set of monocular video sequences without any manual annotation. We propose a dataset of aerial footage of natural coastal scenes, and compare our method with recent view synthesis and conditional video generation baselines, showing that it can generate plausible scenes for much longer time horizons over large camera trajectories compared to existing methods.
https://arxiv.org/abs/2012.09855
https://github.com/google-research/google-research/tree/master/infinite_nature
source: HN
What are the most important statistical ideas of the past 50 years?
http://www.stat.columbia.edu/~gelman/research/unpublished/stat50.pdf [www.stat.columbia.edu]
2021-03-12 03:30
We argue that the most important statistical ideas of the past half century are: counterfactual causal inference, bootstrapping and simulation-based inference, overparameterized models and regularization, multilevel models, generic computation algorithms, adaptive decision analysis, robust inference, and exploratory data analysis. We discuss common features of these ideas, how they relate to modern computing and big data, and how they might be developed and extended in future decades. The goal of this article is to provoke thought and discussion regarding the larger themes of research in statistics and data science.
source: danluu
Multimodal Neurons in Artificial Neural Networks
https://openai.com/blog/multimodal-neurons/ [openai.com]
2021-03-10 03:07
We’ve discovered neurons in CLIP that respond to the same concept whether presented literally, symbolically, or conceptually. This may explain CLIP’s accuracy in classifying surprising visual renditions of concepts, and is also an important step toward understanding the associations and biases that CLIP and similar models learn.
The good, and the bad...
By exploiting the model’s ability to read text robustly, we find that even photographs of hand-written text can often fool the model.
Lord of the Ring(s): Side Channel Attacks on the CPU On-Chip Ring Interconnect Are Practical
https://arxiv.org/abs/2103.03443 [arxiv.org]
2021-03-08 18:36
We introduce the first microarchitectural side channel attacks that leverage contention on the CPU ring interconnect. There are two challenges that make it uniquely difficult to exploit this channel. First, little is known about the ring interconnect’s functioning and architecture. Second, information that can be learned by an attacker through ring contention is noisy by nature and has coarse spatial granularity. To address the first challenge, we perform a thorough reverse engineering of the sophisticated protocols that handle communication on the ring interconnect. With this knowledge, we build a cross-core covert channel over the ring interconnect with a capacity of over 4 Mbps from a single thread, the largest to date for a cross-core channel not relying on shared memory. To address the second challenge, we leverage the fine-grained temporal patterns of ring contention to infer a victim program’s secrets. We demonstrate our attack by extracting key bits from vulnerable EdDSA and RSA implementations, as well as inferring the precise timing of keystrokes typed by a victim user.
source: HN
Decades-Long Quest Reveals Details of the Proton’s Inner Antimatter
https://www.quantamagazine.org/protons-antimatter-revealed-by-decades-old-experiment-20210224/ [www.quantamagazine.org]
2021-02-25 01:36
Twenty years ago, physicists set out to investigate a mysterious asymmetry in the proton’s interior. Their results, published today, show how antimatter helps stabilize every atom’s core.
We learn in school that a proton is a bundle of three elementary particles called quarks — two “up” quarks and a “down” quark, whose electric charges (+2/3 and −1/3, respectively) combine to give the proton its charge of +1. But that simplistic picture glosses over a far stranger, as-yet-unresolved story.
In reality, the proton’s interior swirls with a fluctuating number of six kinds of quarks, their oppositely charged antimatter counterparts (antiquarks), and “gluon” particles that bind the others together, morph into them and readily multiply. Somehow, the roiling maelstrom winds up perfectly stable and superficially simple — mimicking, in certain respects, a trio of quarks.
paper: https://www.nature.com/articles/s41586-021-03282-z
source: HN