U.S. soldiers are revealing sensitive and dangerous information by jogging
Strava’s Global Heat Map shows where soldiers may be sleeping, exercising, patrolling and eating in some of the most sensitive and secretive military sites in the world.
Brave new I/O - Embedded in Rust
A blog about Rust and embedded stuff
Hasnain says:
A cool way of using the rust borrow checker and type system to prevent misuse of micro controller APIs
Posted on 2018-01-20T02:04:50+0000
Apple rerouting employee shuttles after highway attacks shatter windows on buses during commutes
In the past week, five Apple commuter shuttles carrying employees to and from the company's Cupertino offices have been attacked, several sources tell us...
Making WebAssembly even faster: Firefox’s new streaming and tiering compiler – Mozilla Hacks - the Web developer blog
People call WebAssembly a game changer because it makes it possible to run code on the web faster. Some speedups are already present, and some are yet to come. With ...
Hasnain says:
I love these blog posts because they're always so well written and accessible.
And a 10-15x speedup is no laughing matter.
Posted on 2018-01-18T00:46:26+0000
Okay, Google: why does Chromecast clobber WiFi connections?
Router vendors sling firnware to protect users from packet floods
Hasnain says:
Has anyone else run into this issue?
I guess this explains why my wifi would always get slow/useless every evening for months. I thought it was a load issue, but it might simply have been the fact that I got home at that time...
Posted on 2018-01-17T20:01:33+0000
Kicking Off the New Year with New Droplet Plans
Last week, we shared our 2018 roadmap preview and today, we’re excited to announce the first of many new updates for developers: new Droplet plans. We know that price-to-performance is an important consideration when choosing where to host your application, whether it be a small side project or a
Hasnain says:
Yay, now I can save the few hours I was planning on spending this weekend to save memory
Posted on 2018-01-16T23:18:24+0000
Everyone Is Getting Hilariously Rich and You’re Not
The revolution will be ushered in by young guys who are also cryptocurrency millionaires. Oh wait, they may be broke already.
Sting to star in American folklore game Where the Water Tastes Like Wine
Gordon Matthew Thomas Summer, better known by buzzy stage name Sting, will headline as a voice actor in upcoming and very enticing new game Where the Water…
Hasnain says:
I've already been so excited to play this game since my friend Laura has been working on the writing (and she's great) - this is only increasing the hype
Posted on 2018-01-10T18:42:01+0000
The day I accidentally killed a little boy
Maryann Gray was a 22-year-old graduate when a tragic accident on an everyday car journey changed her life forever.
Classic Tools Retrospective: Tim Sweeney on the first version of the Unreal Editor
Tim Sweeney talks to David Lightbown about UnrealEd, one of the most popular level editors in the games industry, which was used to build levels for Unreal, Deus Ex, Gears of War, BioShock, Rainbow Six, Splinter Cell, and Mass Effect, and many, many more.
Hasnain says:
This was a great read on gaming, and the importance of building software tooling.
"Look at all these internal engines... for example, Frostbite has more advanced rendering features than we have and they're producing prettier pixels than we are in a lot of cases, but Unreal developers can produce content much more productively, maybe 30 to 50 percent more productively, which means that a team half the size can produce a game that's just as good. They can iterate on it more, and polish it more than they could with these less polished toolsets. So, everybody should really make a conscientious decision to either fully invest in producing awesome tools for internal use, or not."
Posted on 2018-01-10T08:59:46+0000
Get ready for a lot more housing near the Expo Line and other California transit stations if new legislation passes
A new bill from state Sen. Scott Wiener (D-San Francisco) would dramatically increase housing density near transit stops across California.
Hasnain says:
"Subject to some limitations, the measure would eliminate restrictions on the number of houses allowed to be built within a half-mile of train, light-rail, major bus routes and other transit stations, and block cities from imposing parking requirements. Sen. Scott Wiener (D-San Francisco), the bill’s author, said the state needs the housing to address affordability problems, maximize recent multi-billion-dollar transit investments and help the state meet its climate change goals."
woot!
Posted on 2018-01-05T00:09:42+0000
[PATCH] D41723: Introduce the "retpoline" x86 mitigation technique for variant #2 of the speculative execution vulnerabilities disclosed today, specifically identified by CVE-2017-5715, "Branch Target Injection", and is one of the two halves to...
lists.llvm.org
Hasnain says:
Compiler fixes for the recent CPU bug. Even more of a performance hit..
"When using these patches on statically linked applications, especially
C++ applications, you should expect to see a much more dramatic
performance hit. For microbenchmarks that are switch, indirect-, or
virtual-call heavy we have seen overheads ranging from 10% to 50%."
Actions Required to Mitigate Speculative Side-Channel Attack Techniques - The Chromium Projects
Home of the Chromium Open Source Project
Hasnain says:
Should we all just hang up our boots and head home? This is just nuts.
"Don’t serve user-specific or sensitive content from URLs that attackers can predict or easily learn. Attackers can load such URLs in their attack pages (e.g. ) to get the sensitive information into the process rendering their page, and can then use out-of-bounds reads to discover the information. Use anti-CSRF tokens or random URLs to break this kind of attack."
Intel was aware of the chip vulnerability when its CEO sold off $24 million in company stock
Intel CEO Brian Krzanich sold off a major stake in the company in November, months after the chip maker learned of a significant security flaw in its chips.
Hasnain says:
This is pretty damning. He sold all his stock, down to only holding what he legally had to hold per his contract.
Intel was made aware of the issue in June and the sale plan was put thru in October.
Someone at the SEC is going to have a field day
Posted on 2018-01-04T05:24:40+0000
Reading privileged memory with a side-channel
Posted by Jann Horn, Project Zero We have discovered that CPU data cache timing can be abused to efficiently leak information out of mi...
Click to view the original at googleprojectzero.blogspot.com
Hasnain says:
A lot of the gory details of the bug that is scaring a lot of people in the tech world
Posted on 2018-01-03T23:56:12+0000
The mysterious case of the Linux Page Table Isolation patches
[Various errors and updates are addressed in Quiet in the peanut gallery] tl;dr: there is presently an embargoed security bug impacting apparently all contemporary CPU architectures that implement...
Hasnain says:
This is fairly scary. The slowdown will be massive... It's also interesting that AMD isn't affected
"tl;dr: there is presently an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve. Urgent development of a software mitigation is being done in the open and recently landed in the Linux kernel, and a similar mitigation began appearing in NT kernels in November. In the worst case the software fix causes huge slowdowns in typical workloads. There are hints the attack impacts common virtualization environments including Amazon EC2 and Google Compute Engine, and additional hints the exact attack may involve a new variant of Rowhammer."
Posted on 2018-01-02T20:35:13+0000
“Oh My God, This Is So F---ed Up”: Inside Silicon Valley’s Dark Side
Not far from Sand Hill Road exists a private world of wild sex parties and “cuddle puddles.” As one male investor put it, “You could say it’s disgusting but not illegal—it just perpetuates a culture that keeps women down.”
Hasnain says:
Don't know how to process my feelings regarding this one.
Posted on 2018-01-02T20:30:47+0000
Unfiltered Fervor: The Rush to Get Off the Water Grid
Driven by misgivings about how tap water is treated, start-ups are turning to springs and the air for purer sources — and drawing an elite audience.
Hasnain says:
I really don't know how to think about this..
"Pure water can be obtained by using a reverse osmosis filter, the gold standard of home water treatment, but for Mr. Singh, the goal is not pristine water, per se. “You’re going to get 99 percent of the bad stuff out,” he said. “But now you have dead water.”
He said “real water” should expire after a few months. His does. “It stays most fresh within one lunar cycle of delivery,” he said. “If it sits around too long, it’ll turn green. People don’t even realize that because all their water’s dead, so they never see it turn green.”
Mr. Singh believes that public water has been poisoned. “Tap water? You’re drinking toilet water with birth control drugs in them,” he said. “Chloramine, and on top of that they’re putting in fluoride. Call me a conspiracy theorist, but it’s a mind-control drug that has no benefit to our dental health.” (There is no scientific evidence that fluoride is a mind-control drug, but plenty to show that it aids dental health.)"
Posted on 2018-01-01T08:35:05+0000
IOHIDeous
IOHIDFamily 0day
Hasnain says:
The level of detail this write up goes into.. whoa.
Also I feel sorry for the apple security engineer who's going to have their new year's ruined.
Posted on 2018-01-01T05:38:34+0000