GPS is perhaps one of the most audacious geo-engineering feats ever undertaken, and its traces can be felt with just an antenna and a motive.

All that said, it’s not as though there’s a cacophony of navigation data swarming around you, deafening if you could just hear it. In reality, the GPS signals surrounding you are astoundingly weak. To take an analogy: imagine a normal light bulb, like the one that might be above you now. Pull it twenty thousand kilometers away from the room you’re in, and have it flash, on, off, on, off, a million times a second. Imagine straining your eye to watch the shimmer of the bulb, two Earths away, and listen to what it’s telling you.

source: trivium

Intel introduced the 8086 microprocessor in 1978, and its influence still remains through the popular x86 architecture. The 8086 was a fairly complex microprocessor for its time, implementing instructions in microcode with pipelining to improve performance. This blog post explains the microcode operations for a particular instruction, “ADD immediate”. As the 8086 documentation will tell you, this instruction takes four clock cycles to execute. But looking internally shows seven clock cycles of activity. How does the 8086 fit seven cycles of computation into four cycles? As I will show, the trick is pipelining.

One in a series looking at 8086.

http://www.righto.com/2023/02/silicon-reverse-engineering-intel-8086.html

http://www.righto.com/2023/01/reverse-engineering-conditional-jump.html

http://www.righto.com/2023/01/counting-transistors-in-8086-processor.html

http://www.righto.com/2023/01/inside-8086-processors-instruction.html

http://www.righto.com/2022/11/how-8086-processors-microcode-engine.html

http://www.righto.com/2022/11/a-bug-fix-in-8086-microprocessor.html

http://www.righto.com/2022/11/the-unusual-bootstrap-drivers-inside.html

http://www.righto.com/2023/01/reverse-engineering-intel-8086.html

http://www.righto.com/2023/03/8086-register-codes.html

http://www.righto.com/2023/02/how-8086-processor-determines-length-of.html

http://www.righto.com/2023/02/8086-modrm-addressing.html

http://www.righto.com/2023/02/8086-interrupt.html

http://www.righto.com/2023/03/8086-multiplication-microcode.html

Apple’s latest line of Macs includes their in-house “M1” system-on-chip, featuring a custom GPU. This poses a problem for those of us in the Asahi Linux project who wish to run Linux on our devices, as this custom Apple GPU has neither public documentation nor open source drivers. Some speculate it might descend from PowerVR GPUs, as used in older iPhones, while others believe the GPU to be completely custom. But rumours and speculations are no fun when we can peek under the hood ourselves!

And part II where it really takes off: https://rosenzweig.io/blog/asahi-gpu-part-2.html

source: HN

This is part 1 of a 6-part series detailing a set of vulnerabilities found by Project Zero being exploited in the wild.

At Project Zero we often refer to our goal simply as “make 0-day hard”. Members of the team approach this challenge mainly through the lens of offensive security research. And while we experiment a lot with new targets and methodologies in order to remain at the forefront of the field, it is important that the team doesn’t stray too far from the current state of the art. One of our efforts in this regard is the tracking of publicly known cases of zero-day vulnerabilities. We use this information to guide the research. Unfortunately, public 0-day reports rarely include captured exploits, which could provide invaluable insight into exploitation techniques and design decisions made by real-world attackers. In addition, we believe there to be a gap in the security community’s ability to detect 0-day exploits.

Chrome: Infinity Bug - https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-infinity-bug.html

Chrome Exploits - https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-exploits.html

Android Exploits - https://googleprojectzero.blogspot.com/2021/01/in-wild-series-android-exploits.html

Android Post-Exploitation - https://googleprojectzero.blogspot.com/2021/01/in-wild-series-android-post-exploitation.html

Windows Exploits - https://googleprojectzero.blogspot.com/2021/01/in-wild-series-windows-exploits.html

That is, if you add a small number to a large number then if the small number is “too small” then the large number may (in the default/sane round-to-nearest mode) stay at the same value.

Because of this the loop spins endlessly and the push command runs until the array hits the size limits. If there were no size limits then the push command would keep running until the entire machine ran out of memory, so, yay?

The C++ standard library tuple is quite versatile. It’s a handy way of grabbing a bunch of types or values into a single unit, and the C++ standard library also provides a number of helpers to manipulate them.

Selecting via an index sequence: https://devblogs.microsoft.com/oldnewthing/20200623-00/?p=103883

Selecting via an index sequence, part 2: https://devblogs.microsoft.com/oldnewthing/20200624-00/?p=103886

Creating interesting index sequences: https://devblogs.microsoft.com/oldnewthing/20200625-00/?p=103890

Creating more interesting index sequences: https://devblogs.microsoft.com/oldnewthing/20200626-00/?p=103896

Finding a type in a tuple: https://devblogs.microsoft.com/oldnewthing/20200629-00/?p=103910

>November 2019 is, as best I can recall, the 40th anniversary of the conception of Usenet. (What’s Usenet? The Wikipedia article is ok but not perfect.) I should have written a proper paper; instead, there will (probably) be an irregular series of blog posts.

I didn’t notice the series concluded a while back, so if you were waiting to read the whole thing, it’s done.

Let’s get in the ring and show what AVX/AVX2 intrinsics can really do for a non-trivial problem, and even discuss potential improvements that future CoreCLR versions could bring to the table.

Everyone needs to sort arrays, once in a while, and many algorithms we take for granted rely on doing so. We think of it as a solved problem and that nothing can be further done about it in 2020, except for waiting for newer, marginally faster machines to pop-up. However, that is not the case, and while I’m not the first to have thoughts about it; or the best at implementing it, if you join me in this rather long journey, we’ll end up with a replacement function for Array.Sort, written in pure C# that outperforms CoreCLR’s C++2 code by a factor north of 10x on most modern Intel CPUs, and north of 11x on my laptop. Sounds interesting? If so, down the rabbit hole we go…

Very well done.

An other choice would be Eric Chahi’s 1991 critically acclaimed[1]” title “Another World”, better known in North America as “Out Of This World” which also happens to be ubiquitous. I would argue it is in fact more interesting to study than DOOM because of its polygon based graphics which are suitable to wild optimizations. In some cases, clever tricks allowed Another World to run on hardware built up to five years prior to the game release.

This series is a journey through the video-games hardware of the early 90s. From the Amiga 500, Atari ST, IBM PC, Super Nintendo, up to the Sega Genesis. For each machine, I attempted to discover how Another World was implemented. I found an environment made rich by its diversity where the now ubiquitous CPU/GPU did not exist yet. In the process, I discovered the untold stories of seemingly impossible problems heroically solved by lone programmers.

source: HN

Earlier this year Google’s Threat Analysis Group (TAG) discovered a small collection of hacked websites. The hacked sites were being used in indiscriminate watering hole attacks against their visitors, using iPhone 0-day.

There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week.

TAG was able to collect five separate, complete and unique iPhone exploit chains, covering almost every version from iOS 10 through to the latest version of iOS 12. This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years.

I’ll investigate what I assess to be the root causes of the vulnerabilities and discuss some insights we can gain into Apple’s software development lifecycle. The root causes I highlight here are not novel and are often overlooked: we’ll see cases of code which seems to have never worked, code that likely skipped QA or likely had little testing or review before being shipped to users.

Last post in series, toc at the top.

0x00: New Series: Getting Into Browser Exploitation

0x01: Setup and Debug JavaScriptCore / WebKit

0x02: The Butterfly of JSObject

0x03: Just-in-time Compiler in JavaScriptCore

0x04: WebKit RegExp Exploit addrof() walk-through

0x05: The fakeobj() Primitive: Turning an Address Leak into a Memory Corruption

0x06: Revisiting JavaScriptCore Internals: boxed vs. unboxed

0x07: Preparing for Stage 2 of a WebKit exploit

0x08: Arbitrary Read and Write in WebKit Exploit

source: grugq

I’ll be starting to publish a series that is written to aid new and interested readers with building, testing, and understanding type-2 hypervisor development. This hypervisor will be written for use on Intel processors with virtualization support. If you’re operating on an AMD chip, you may find some parts helpful, but overall it may not be what you need to understand the nuances. All concepts for each article, their importance, the references to more detailed information, and otherwise will be linked through just like any other of my blog posts followed by a recommended reading section at the end should your thirst for details and knowledge not be satisfied. I will also put recommended reading for those of you with interest in developing an AMD SVM.

There’s a lot here.

https://revers.engineering/day-0-virtual-environment-setup-scripts-and-windbg/

https://revers.engineering/day-1-introduction-to-virtualization/

https://revers.engineering/day-2-entering-vmx-operation/

https://revers.engineering/day-3-multiprocessor-initialization-error-handling-the-vmcs/

https://revers.engineering/day-4-vmcs-segmentation-ops/

https://revers.engineering/day-5-vmexits-interrupts-cpuid-emulation/

source: grugq

Suppose you want to be able to detect in C++ whether a type has been defined. For example, maybe you want to use a type if it exists. This can happen if, say, you are a library like React Native for Windows, and you need to be able to run with different versions of the Windows SDK. Or you’re writing a library where the client can customize the behavior by defining another class with a well-known name. Perhaps you’re trying to mimic C# partial classes.

The road to madness.

https://devblogs.microsoft.com/oldnewthing/20190709-00/?p=102671

https://devblogs.microsoft.com/oldnewthing/20190710-00/?p=102678

https://devblogs.microsoft.com/oldnewthing/20190711-00/?p=102682

I round out the bat-and-ball sports in my “minimum you need to know about a sport in order to watch a match and not be completely confused” mini-series by covering pesäpallo, also known as Finnish baseball.

Also: https://devblogs.microsoft.com/oldnewthing/20190718-01/?p=102695

Brännboll is a Swedish bat-and-ball game. The name is pronounced “brennboll” and literally means “burn-ball” because the term for being “out” in Nordic countries literally translates as “burnt”.

https://devblogs.microsoft.com/oldnewthing/20191009-01/?p=102976

The “minimum you need to know about a sport in order to watch a match and not be completely confused” mini-series continues with kabaddi, an ancient sport popular on the Indian subcontinent and surrounding areas, but not well known outside it.

And rugby: https://devblogs.microsoft.com/oldnewthing/20191014-01/?p=102994

Just going to link to the whole blog.

source: L

In this series I answer various .NET questions. Some of them are asked during interviews, some of them I see on the internet, some of them are completely made up. The goal is to provide short answer with links to references if needed. This is by no means a .NET tutorial or experts reference, this is just a bunch of useful answers to refresh your knowledge.

Some of this gets pretty deep actually.

source: L

Using SVG can be very simple, but if you start digging in, there is a lot to know about SVG. In this series you’re going to learn why SVG is such an important part of building websites. From why SVG is useful and how to get your hands on it all the way to implementing it as a system and fancy stuff like animating it.

source: HN

How to say this delicately?

I really, really dislike System.Random. Like, with a passion. It is so… awful.

But the really fundamental problem here is that we’re working at too low a level. It is not the 1970s anymore, when rand() was good enough. We have sophisticated problems in statistical modeling and the attendant probabilistic reasoning to solve in modern programming languages. We need to up our game.

And then the series continues on at some length.

https://ericlippert.com/2019/02/04/fixing-random-part-2/

https://ericlippert.com/2019/02/07/fixing-random-part-3/

https://ericlippert.com/2019/02/11/fixing-random-part-4/

https://ericlippert.com/2019/02/14/fixing-random-part-5/

https://ericlippert.com/2019/02/19/fixing-random-part-6/

https://ericlippert.com/2019/02/21/fixing-random-part-7/

https://ericlippert.com/2019/02/26/fixing-random-part-8/

https://ericlippert.com/2019/02/28/fixing-random-part-9/

https://ericlippert.com/2019/03/04/fixing-random-part-10/

https://ericlippert.com/2019/03/07/fixing-random-part-11/

https://ericlippert.com/2019/03/11/fixing-random-part-12/

https://ericlippert.com/2019/03/14/fixing-random-part-13/

https://ericlippert.com/2019/03/18/fixing-random-part-14/

The Apollo Guidance Computer (AGC) provided guidance, navigation and control onboard the Apollo flights to the Moon. This historic computer was one of the first to use integrated circuits, containing just two types of ICs: a 3-input NOR gate for the logic circuitry and a sense amplifier IC for the memory. It also used numerous analog circuits built from discrete components using unusual cordwood construction.

Also core rope: http://www.righto.com/2019/07/software-woven-into-wire-core-rope-and.html

Erasable core memory and core rope both used magnetic cores, small magnetizable rings. But while erasable core memory used one core for each bit, core rope stored an incredible 192 bits per core, achieving much higher density.2 The trick was to put many wires through each core (as shown above), hardwiring the data: a 1 bit was stored by threading a wire through a core, while the wire bypassed the core for a 0 bit. Thus, once a core rope was carefully manufactured, using a half-mile of wire, data was permanently stored in the core rope.

Also, Bitcoin: http://www.righto.com/2019/07/bitcoin-mining-on-apollo-guidance.html

Also, NOR gates: http://www.righto.com/2019/09/a-computer-built-from-nor-gates-inside.html

This historic computer was one of the first to use integrated circuits and its CPU was built entirely from NOR gates. In this blog post, I describe the architecture and circuitry of the CPU.

Also: https://www.wsj.com/articles/an-apollo-spacecraft-computer-is-brought-back-to-life-11563152761

As with all the processor retrospective series, I’m going to focus on how Windows NT used the Intel 80386 in user mode because the original audience for all of these discussions was user-mode developers trying to get up to speed debugging their programs. Normally, this means that I omit instructions that you are unlikely to see in compiler-generated code. However, I’ll set aside a day to cover some of the legacy instructions that are functional but not used in practice.

2: Memory addressing modes https://blogs.msdn.microsoft.com/oldnewthing/20190122-00/?p=100755

3: Flags and condition codes https://blogs.msdn.microsoft.com/oldnewthing/20190123-00/?p=100765

4: Arithmetic https://blogs.msdn.microsoft.com/oldnewthing/20190124-00/?p=100785

5: Logical operations https://blogs.msdn.microsoft.com/oldnewthing/20190125-00/?p=100795

6: Data transfer instructions https://blogs.msdn.microsoft.com/oldnewthing/20190128-00/?p=100805

7: Conditional instructions and control transfer https://blogs.msdn.microsoft.com/oldnewthing/20190129-00/?p=100815

8: Block operations https://blogs.msdn.microsoft.com/oldnewthing/20190130-00/?p=100825

9: Stack frame instructions https://blogs.msdn.microsoft.com/oldnewthing/20190131-00/?p=100835

10: Atomic operations and memory alignment https://blogs.msdn.microsoft.com/oldnewthing/20190201-00/?p=100845

11: The Thread Environment Block https://blogs.msdn.microsoft.com/oldnewthing/20190204-00/?p=100855

12: The stuff you don’t need to know https://blogs.msdn.microsoft.com/oldnewthing/20190205-00/?p=100865

13: Calling conventions https://blogs.msdn.microsoft.com/oldnewthing/20190206-00/?p=100875

14: Rescuing a stack trace after the debugger gave up when it reached an FPO function https://blogs.msdn.microsoft.com/oldnewthing/20190207-00/?p=100885

15: Common compiler-generated code sequences https://blogs.msdn.microsoft.com/oldnewthing/20190208-00/?p=100895

16: Code walkthrough https://blogs.msdn.microsoft.com/oldnewthing/20190211-00/?p=100905

17: Future developments https://blogs.msdn.microsoft.com/oldnewthing/20190212-00/?p=100915