Are Apple AirTags Being Used to Track People and Steal Cars?
Privacy groups sounded alarms about the coin-sized location-tracking devices when they were introduced. Now people are concerned those fears are being realized.
Hasnain says:
More reporting on AirTag privacy concerns. This one stood out to me because this anecdote is just tossed in without calling this out as - IMO - a privacy violation:
“Mary Ford, a 17-year-old high school student from Cary, N.C., received a notification in late October that she was being tracked by an unknown AirTag after driving to an appointment. She panicked as she searched her car.
Ms. Ford only realized it wasn’t a threat when her mother revealed she had put the tracker in the vehicle about two weeks earlier to follow her daughter’s whereabouts.”
Posted on 2021-12-31T03:43:24+0000
You can't copy code with memcpy; code is more complicated than that
Back in the day, a customer reported that their program crashed on Itanium. Wait, come back! Itanium is where the customer recognized the problem, but it applies to all other architectures, so stick with me. Their code went roughly like this: struct REMOTE_THREAD_INFO { int data1;
Hasnain says:
Great read. The fact that this was an AV vendor is really scary. I also appreciated the bit about not making bad code easily accessible even as an example.
"This code is such a bad idea, I’ve intentionally introduced errors so it won’t even compile.
...
I pointed out to the customer liaison that what the customer is trying to do is very suspicious and looks like a virus. The customer liaison explained that it’s quite the opposite: The customer is a major anti-virus software vendor! The customer has important functionality in their product that that they have built based on this technique of remote code injection, and they cannot afford to give it up at this point.
Okay, now I’m scared."
Posted on 2021-12-31T01:23:45+0000
A new, low-cost Texas Children’s Hospital vaccine gets approval for use in India | Houston Public Media
The goal is to make the vaccine available in other underserved nations across the globe to help prevent future variants of concern from forming.
Hasnain says:
Feel good story of the day: I hope this one works out. No patent burden is huge.
“Hotez said because the Corbevax vaccine is cheap, has no patents and uses traditional protein-based vaccine technology it will be easier for other countries to mass-produce and distribute it.
"It's a similar technology used to make the Hepatitis B vaccine that's been made locally and all over the world for three or four decades," he said. "It really does check all of the boxes you would want for a global health vaccine."”
Consider SQLite
A significant part of the reason that people discount SQLite as a web database server is that in the past, it probably wasn't a good choice! SQLite has relatively quietly gotten significantly faster over the past decade — on my laptop, a recent version of SQLite completes the speedtest1 suite ~4.1...
Hasnain says:
I continue to be a huge fan of SQLite and use it for all my side projects. Beyond what's discussed in this article, you can also easily implement custom functions in your app directly to implement efficient queries that would be really hard to do otherwise.
"On the whole, I think using SQLite is a good tradeoff for a lot of projects, including webapps that expect to have a potentially large number of users. As long as you don't expect to need tens of thousands of small writes per second, thousands of large writes, or long-lived write transactions, it's highly likely that SQLite will support your usecase. It significantly reduces complexity and operational burden and eases testing, with the primary downside that it's somewhat harder to get levels of availability and uptime that almost no one needs in the first place."
Posted on 2021-12-30T03:56:00+0000
Climate Clues from the Past Prompt a New Look at History
As scientists rapidly improve their ability to decipher past climate upheaval through ice cores and other "proxies,” historians are re-examining previous political and social turmoil and linking it to volcanic eruptions, prolonged droughts, and other disturbances in the natural world.
Hasnain says:
Great read - I learnt a bunch of history from this one.
“What stunned Manning, an Egyptologist, was that the paper recalibrated earlier chronologies by seven to eight years, so that dates of the eruptions neatly coincided with the timing of well-documented political, social, and military upheavals over three centuries of ancient Egyptian history. The paper also correlated volcanic eruptions with major 6th century A.D. pandemics, famines, and socioeconomic turmoil in Europe, Asia, and Central America. The inescapable conclusion, the paper argued, was that volcanic soot — which cools the earth by shielding its surface from sunlight, adversely affecting growing seasons and causing crop failures — helped drive those crises.
Since then, other scholarly papers relying on paleoclimatic data— most of it drawing on state-of-the-art technologies originally designed to understand climate change — have found innumerable instances when shifts in climate helped trigger social and political tumult and, often, collapses.”
Posted on 2021-12-26T22:11:38+0000
Critics of “Don’t Look Up” Are Missing the Entire Point ❧ Current Affairs
It’s not about Americans being dumb sheep, but about how billionaires manipulate us into trusting them, how the reckless pursuit of profit can have catastrophic consequences, and the need to come together to fight those who prevent us from solving our problems.
Hasnain says:
This was such a good movie.
“But more importantly, they get the message of the film backwards. One reason that these reviewers think that message is an obvious one is that they miss all the parts that are not necessarily obvious. Indeed, the film does depict a media that is more concerned with celebrity relationships than with climate (or rather, comet) science. But it does not have a nihilistic view of Americans. Not in the least, and this is critically important to understand. In fact, the film depicts an idealistic, diverse group of Americans who try their best to protect the planet. Their lives are destroyed not because we are idiots but because those with power choose to delay, deny, and mislead, more interested in their own short-term gain than the future of humanity—in part because these people know that the catastrophe they have wrought will not have the same consequences for them personally. “
Posted on 2021-12-26T18:49:29+0000
The clear and present danger of Trump's enduring 'Big Lie'
Fueling the Jan. 6 insurrection was the "Big Lie" that Donald Trump won the election. One year later, many warn that lie has metastasized and now poses an even graver threat to American democracy.
Hasnain says:
“That scenario needs to be confronted immediately, Snyder says: "It's right in front of our eyes. The most interesting and the most distressing thing about American news coverage right now is that we don't treat the end of democracy in America as the story. That is the story."”
Posted on 2021-12-24T23:17:16+0000
The Biden Administration Rejected an October Proposal for “Free Rapid Tests for the Holidays”
With omicron cases spreading like wildfire, the White House is finally taking steps to make free antigen tests available to all. But this fall, Vanity Fair has learned, it dismissed a bold plan to ramp up rapid testing ahead of the holidays. Frustrated experts explain how confusion, distrust, and a....
Hasnain says:
Insightful read on COVID testing and vaccination programs and how it all played out behind the scenes
“The fury with which public-health experts greeted Psaki’s comments reflected their longstanding frustration with an administration that, in their view, has put almost all its focus on vaccinating the American public, at the expense of other critical aspects of the response, from getting shots into arms overseas to making high-quality masks widely available. The rapid-test push, in particular, seems to have bumped up against the peculiar challenges of fighting COVID-19 in the 21st-century United States. Difficulties include a regulatory gauntlet intent on vetting devices for exquisite sensitivity, rather than public-health utility; a medical fiefdom in which doctors tend to view patient test results as theirs alone to convey; and a policy suspicion, however inchoate, that too many rapid tests might somehow signal to wary Americans that they could test their way through the pandemic and skip vaccinations altogether. “It’s undeniable that [the administration] took a vaccine-only approach,” said Dr. Michael Mina, a vocal advocate for rapid testing who attended the October White House meeting. The U.S. government “didn’t support the notion of testing as a proper mitigation tool.””
Posted on 2021-12-24T16:23:09+0000
How Exercise Affects Metabolism and Weight Loss
A new analysis of data from “The Biggest Loser” highlights the complex ways the body compensates when we drop pounds.
Hasnain says:
“So, what could this rethinking of “The Biggest Loser” story mean for the rest of us, if we hope to keep our weight under control? First and most fundamentally, it suggests that abrupt and colossal weight loss generally will backfire, since that strategy seems to send resting metabolic rates plunging more than would be expected, given people’s smaller body sizes. When people drop pounds gradually in weight-loss experiments, he pointed out, their metabolic changes tend to be less drastic.”
Posted on 2021-12-24T01:58:47+0000
'AirTag found moving with you': Apple devices linked to suspected stalking and theft
“AirTag Found Moving With You" has emerged a a warning as the devices are beginning to be associated with crimes such as theft and stalking.
Hasnain says:
“But law enforcement doesn’t always make such a request, and many survivors of crime don’t have the money for a lawyer to investigate separately, said Dodge, the California lawyer. He said for now the best way to counter tracking devices is to be aware they exist and of how they work. “
Posted on 2021-12-23T22:24:51+0000
Disclosing Shamir’s Secret Sharing vulnerabilities and announcing ZKDocs
By Filipe Casal and Jim Miller Trail of Bits is publicly disclosing two bugs that affect Shamir’s Secret Sharing implementation of Binance’s threshold signature scheme library (tss-lib) and most of…
Hasnain says:
Yikes. And great read. I’m glad they went above and beyond to add more documentation here.
“We are disclosing two bugs that affect Feldman’s verifiable secret sharing within different threshold signature scheme implementations. These bugs are not a result of some novel analysis that could not have been foreseen; on the contrary, these bugs stem from one of the few known weaknesses of secret sharing. We highlight them today not only due to the number of affected vendors but also because they are representative of a whole host of critical bugs that stem from the same recurring problem in non-standard cryptography: a lack of documentation and guidance.”
Posted on 2021-12-22T06:23:12+0000
Prioritize Which Data Skills Your Company Needs with This 2×2 Matrix
Focus on data visualization.
Hasnain says:
There are times I read HBR articles and really enjoy the content and nod along; and then I read stuff like this which says ML and AI are extremely useful while mathematics and statistics are not. I mean…
“At Filtered, we found that constructing this matrix helped us to make hard decisions about where to focus: at first sight all the skills in our long-list seemed valuable. But realistically, we can only hope to move the needle on a few, at least in the short term. We concluded that the best return on investment in skills for our company was in data visualization, based on its high utility and low time to learn. We’ve already acted on our analysis and have just started to use Tableau to improve the way we present usage analysis to clients.”
Posted on 2021-12-22T05:43:06+0000
A Vision of Victory - Open The Magazine
How India won the Blind World Cup in cricket Earlier this year, the Indian blind cricket team was in turmoil. With the Blind World Cup in South Africa less than nine months away, a tournament India has never won, the Indian team’s most prolific batsman and captain, Shekhar Naik, who had led the te...
Hasnain says:
This is from 2014, but still worth reading.
“A blind cricket match cannot be described as anything else but a vision of incredible human triumph. Bowlers and batsmen have to feel the stumps to orient themselves towards which side to bat or bowl. Yet a batsman, crouched low to the ground to better hear the rattling sound of the ball, hits a ball he cannot see, basing his stroke completely on the noise the ball makes. Fielders dive full-length to stop balls, and then, instead of throwing the ball, run to the bowlers’ end to feel for the bowler’s hand to pass the ball to.”
Posted on 2021-12-20T22:45:07+0000
How America Broke the Speed Limit
The lifesaving law that nobody wants.
Hasnain says:
This was a great read on transportation, systems thinking, politics, and policing.
“But the 85th percentile rule contains a fundamental truth: Drivers respond to the road they are given. Engineers use this rule to foster a cycle of wider, clearer roads and higher speeds. But the same logic could be employed in the opposite direction, too, in places where drivers and pedestrians interact.
There are three basic changes we could make to America’s roads, cars, and drivers to address speeding at its root. First, we could design roads to keep drivers at safe speeds. In rural areas, that means replacing intersections with roundabouts—a change associated with cutting crash rates by more than 50 percent. In cities, that means narrowing streets and intersections, building out curbs and speed bumps, and changing pavements to materials like paving stones that slow drivers down.”
Posted on 2021-12-20T22:39:08+0000
My Parents Collect Cans for a Living
When people ask about my family now, I tell them not with embarrassment or shame but with pride.
Hasnain says:
This was a motivating read and human interest story.
“Now, I am not ashamed to say that a sticky Heineken can holds enormous value. It is what feeds me every day and pays for my clothes. It unites my family and helps me understand the value of hard work. It represents my family’s strong values and their dreams for me of getting the opportunity to go to college and lead a stable life.
Now, when people ask me what my parents do for a living, I tell them not with embarrassment or shame, but with pride. My parents are can collectors. Because my friend is right; my family is hustling to take care of their loved ones. That is something to be admired.”
Posted on 2021-12-20T22:01:46+0000
Retailers say thefts are at crisis level. The numbers say otherwise
Industry groups and politicians are sounding alarms over the thefts. But in some cases, the statistics they cite are inflated or flat-out wrong.
Hasnain says:
“It’s easy to get attention for sensational claims, however, particularly when they come from official sources. Rachel Michelin, president of the California Retailers Assn., told the San Jose Mercury News that in San Francisco and Oakland alone, businesses lose $3.6 billion to organized retail crime each year.
That would mean retail gangs steal nearly 25% of total sales in San Francisco and Oakland combined, which amounted to around $15.5 billion in 2019, according to the state agency that tracks sales tax.
Can that be right? In a word: no.”
Posted on 2021-12-16T19:02:40+0000
Know Your Customers’ “Jobs to Be Done”
Is innovation inherently a hit-or-miss endeavor? Not if you understand why customers make the choices they do.
Hasnain says:
Someone at work recommended this article to me as I was thinking through a cross-functional problem and this is quite insightful. There’s a number of helpful case studies, and lots of experiences have been distilled down into useful takeaways.
“Many organizations have unwittingly designed innovation processes that produce inconsistent and disappointing outcomes. They spend time and money compiling data-rich models that make them masters of description but failures at prediction. But firms don’t have to continue down that path. Innovation can be far more predictable—and far more profitable—if you start by identifying jobs that customers are struggling to get done. Without that lens, you’re doomed to hit-or-miss innovation. With it, you can leave relying on luck to your competitors.”
Posted on 2021-12-16T05:21:13+0000
A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
Posted by Ian Beer & Samuel Groß of Google Project Zero We want to thank Citizen Lab for sharing a sample of the FORCEDENTRY exploit w...
Click to view the original at googleprojectzero.blogspot.com
Hasnain says:
This is horrifying and amazing at the same time. Honesty would be quite exciting to work on the quoted part for a coding challenge.
On a more serious note though - glad this was caught and patched before more human rights abuses could happen.
“JBIG2 doesn't have scripting capabilities, but when combined with a vulnerability, it does have the ability to emulate circuits of arbitrary logic gates operating on arbitrary memory. So why not just use that to build your own computer architecture and script that!? That's exactly what this exploit does. Using over 70,000 segment commands defining logical bit operations, they define a small computer architecture with features such as registers and a full 64-bit adder and comparator which they use to search memory and perform arithmetic operations. It's not as fast as Javascript, but it's fundamentally computationally equivalent.
The bootstrapping operations for the sandbox escape exploit are written to run on this logic circuit and the whole thing runs in this weird, emulated environment created out of a single decompression pass through a JBIG2 stream. It's pretty incredible, and at the same time, pretty terrifying.”
Posted on 2021-12-16T04:21:41+0000
Factory workers threatened with firing if they left before tornado, employees say
heard the warning sirens and wanted to
Hasnain says:
This is a felony, right?
“Supervisors and team leaders told employees that leaving would probably jeopardize their jobs, the employees said.
“If you leave, you’re more than likely to be fired,” Emery said she overheard managers tell four workers standing near her who wanted to leave. “I heard that with my own ears.””
Posted on 2021-12-14T02:14:09+0000
Opinion | The Supreme Court isn’t well. The only hope for a cure is more justices.
Our service on the Presidential Commission on the Supreme Court changed our minds about the need to counter the dubious legitimacy of recent appointments.
Hasnain says:
From a few of the authors on the recent committee investigating the Supreme Court and providing recommendations to the president.
“Though fellow commissioners and others have voiced concern about the impact that a report implicitly criticizing the Supreme Court might have on judicial independence and thus judicial legitimacy, we do not share that concern. Far worse are the dangers that flow from ignoring the court’s real problems — of pretending conditions have not changed; of insisting improper efforts to manipulate the court’s membership have not taken place; of looking the other way when the court seeks to undo decades of precedent relied on by half the population to shape their lives just because, given the new majority, it has the votes.”
Posted on 2021-12-14T01:22:16+0000
After Deadly Warehouse Collapse, Amazon Workers Say They Receive Virtually No Emergency Training
Amazon employees have been discouraged from taking time off for natural disasters because it would slow down production.
Hasnain says:
The story coming out over the weekend has been so heart breaking. And as more details come out, just infuriating.
““It could just as easily have been us. We would not have been ready,” an employee at the Indiana facility said of the tornado. “They put out an internal memo that says we’re rebuilding, but what are we doing to prevent this in the future? It’s always profit over employees.””
Posted on 2021-12-13T23:26:30+0000
‘The Internet Is on Fire’
The flaw in the logging framework has security teams scrambling to put in a fix.
Hasnain says:
#hugops to all the oncalls responsible for patching things this weekend.
“Minecraft screenshots circulating on forums appear to show players exploiting the vulnerability from the Minecraft chat function. On Friday, some Twitter users began changing their display names to code strings that could trigger the exploit. Another user changed his iPhone name to do the same and submitted the finding to Apple. Researchers told WIRED that the approach could also potentially work using email.”
Posted on 2021-12-11T01:24:56+0000
The Secret History of the U.S. Diplomatic Failure in Afghanistan
A trove of unreleased documents reveals a dispiriting record of misjudgment, hubris, and delusion that led to the fall of the Western-backed government.
Hasnain says:
Learnt a lot about history, politics, and contemporary affairs from this one. This quote though… (Baradar is the Taliban’s deputy PM)
“Two days later, Trump called Baradar. According to an official who listened to the exchange, Trump told him, “You guys are tough fighters.” Then Trump asked, “Do you need something from me?”
“We need to get prisoners released,” Baradar said, adding that he had heard Ghani would not coöperate. Trump said that he would tell Pompeo to press Ghani.”
Posted on 2021-12-10T21:09:28+0000
Bros., Lecce: We Eat at The Worst Michelin Starred Restaurant, Ever
There is something to be said about a truly disastrous meal, a meal forever indelible in your memory because it’s so uniquely bad, it can only be deemed an achievement. The sort of meal where everyone involved was definitely trying to do something; it’s just not entirely clear what. I’m not ta...
Hasnain says:
This was an absolute delight to read, I was grinning throughout. So well written and hilarious, even though I feel quite bad for the author.
“I’m not talking about a meal that’s poorly cooked, or a server who might be planning your murder—that sort of thing happens in the fat lump of the bell curve of bad. Instead, I’m talking about the long tail stuff – the sort of meals that make you feel as though the fabric of reality is unraveling. The ones that cause you to reassess the fundamentals of capitalism, and whether or not you’re living in a simulation in which someone failed to properly program this particular restaurant. The ones where you just know somebody’s going to lift a metal dome off a tray and reveal a single blue or red pill.”
Posted on 2021-12-09T07:00:22+0000
A youth mental health crisis was already brewing. The pandemic made it worse, surgeon general says.
With the pandemic upending lives, the young are grappling with a mental health crisis. Compared with previous years, suicide attempts, depression and anxiety have risen dramatically.
Hasnain says:
“With no timetable on the horizon for the end of a pandemic that has upended lives and killed over 788,000 in the United States, the surgeon general’s advisory calls for rapid action, encouraging more resources and urging a greater acknowledgment of mental health as a vital component in overall well-being.
For Prinstein, the “moment to demand change,” as Murthy’s report implores, necessitates the focus to shift from acknowledging mental health problems at their onset to preventing them in the first place.”
Posted on 2021-12-08T17:33:03+0000
I’m the TikTok Couch Guy. Here’s What It Was Like Being Investigated on the Internet.
The invasive TikTok sleuthing I experienced was not an isolated instance, but rather the latest manifestation of a large-scale sleuthing culture.
Hasnain says:
Very well written human interest story on what it feels like to get famous without your consent and the associated baggage - and avalanche of internet sleuths.
“Certainly, noncelebrities have long unwillingly become public figures, and digital pile-ons have existed in some form since the dawn of the digital age—just ask Monica Lewinsky. But on TikTok, algorithmic feedback loops and the nature of the For You page make it easier than ever for regular people to be thrust against their wishes into the limelight. And the extent of our collective power is less obvious online, where pile-ons are delivered, as journalist Jon Ronson put it, “like remotely administered drone strikes.” On the receiving end of the barrage, however, as one finds their reputation challenged, body language hyperanalyzed, and privacy invaded, the severity of our collective power is made much too clear.”
Posted on 2021-12-08T17:24:40+0000
A brutally effective hash function in Rust
The Rust compiler uses hash tables heavily, and the choice of hash function used for these hash tables makes a big difference to the compiler’s speed.
Hasnain says:
Hash functions are always interesting.
“After all this, my appreciation for FxHasher has grown. It’s like a machete: simple to the point of crudeness, yet unbeatable for certain use cases. Impressive!”
Posted on 2021-12-08T08:12:50+0000
Why e , the Transcendental Math Constant, Is Just the Best
The solution to our puzzle about Euler’s number explains why e pops up in situations that involve optimality.
Hasnain says:
Gotta love math. This was an interesting analysis of some number theoretic puzzles
“I hope you enjoyed the heavy dose of transcendence from this most fascinating and fundamental constant. The Quanta Insights award for this month goes jointly to Michel Nizette, for clarity of exposition, and Lazar Ilic for the usual mathematical mastery. Congratulations to both!”
Posted on 2021-12-07T07:43:08+0000
As covid persists, nurses are leaving staff jobs — and tripling their salaries as travelers
Travel nurses can make a year’s pay in three or four months
Hasnain says:
Looking at the pay disparities highlighted in the article, the numbers are staggering. $9500 a week for some postings, contrasted against $74,000 annual salaries. Yikes.
“The nation’s largest nurse union maintains that hospitals are suffering the consequences of the just-in-time staffing model they created to cut costs by keeping the number of full-time staff nurses as small as possible.
“This current staffing crisis is one of the hospital industry’s making,” Deborah Burger, president of National Nurses United, said in a written statement. “They need to take a long hard look at how their treatment of permanent staff and exploitation of the nursing ethos has inevitably led to this unsustainable model of staffing hospitals.””
Posted on 2021-12-06T23:18:29+0000
Trump’s Next Coup Has Already Begun
January 6 was practice. Donald Trump’s GOP is much better positioned to subvert the next election.
Hasnain says:
Long and scary read.
“Conspicuously missing from Biden’s speech was any mention even of filibuster reform, without which voting-rights legislation is doomed. Nor was there any mention of holding Trump and his minions accountable, legally, for plotting a coup. Patterson, the retired firefighter, was right to say that nobody has been charged with insurrection; the question is, why not? The Justice Department and the FBI are chasing down the foot soldiers of January 6, but there is no public sign that they are building cases against the men and women who sent them. Absent consequences, they will certainly try again. An unpunished plot is practice for the next.”
Posted on 2021-12-06T16:46:56+0000
Pro-Trump counties now have far higher COVID death rates. Misinformation is to blame
An analysis by NPR shows that since the vaccine rollout, counties that voted heavily for Donald Trump have had more than twice the COVID mortality rates of those that voted for Joe Biden.
Hasnain says:
“In October, the reddest tenth of the country saw death rates that were six times higher than the bluest tenth, according to Charles Gaba, an independent health care analyst who's been tracking partisanship trends during the pandemic and helped to review NPR's methodology. Those numbers have dropped slightly in recent weeks, Gaba says: "It's back down to around 5.5 times higher."
The trend was robust, even when controlling for age, which is the primary demographic risk of COVID-19 mortality. The data also reveal a major contributing factor to the death rate difference: The higher the vote share for Trump, the lower the vaccination rate.”
Posted on 2021-12-05T22:37:23+0000
How to Care Less About Work
As we peer around the corner of the pandemic, let’s talk about what we want to do—and not do—with the rest of our lives.
Hasnain says:
This was a great and thought provoking read.
“This maxim holds true for other areas of your life as well. When you get a good night’s sleep, you’re better at basically everything. When you take rest days, you’re a better athlete. The restoration we find in hobbies can make us better partners, better friends, better listeners and collaborators—just overall better people to be around. Hobbies help cultivate essential parts of us that have been suffocated by productivity obsessions and proliferating obligations. The hobby itself ultimately matters far less than what its existence provides: a means of tilting your identity away from “person who is good at doing a lot of work.””
Posted on 2021-12-05T18:32:07+0000
#PLTalk: From PHP to Hack with Julien Verlaguet - jeanqasaur on Twitch
jeanqasaur went live on Twitch. Catch up on their Science & Technology VOD now.
Hasnain says:
I hate self promotion but since I’ve been asked a few times about what I work on - I’m glad to be able to share a bit of it.
I recently got a chance to speak on a podcast about some of my work - in particular, experience building services and rewriting things in Rust. It’s kinda off the cuff and not super polished, but the content comes across fine I’d hope. The other speakers had much better advice / experience in this domain, so it’s worth a listen either way.
Happy to take any questions here!
(excuse the incorrect title, the share scraper seems to be off, the link is right)
Posted on 2021-12-04T04:30:42+0000
100 years of whatever this will be
What if all these weird tech trends actually add up to something? Last time, we explored why various bits of trendy technology are, in my o...
Hasnain says:
Great read on societal trends through a systems lens. I don’t agree with everything but I do agree with a majority of the stuff said here.
“Even the fanciest pantsed distributed databases, with all the Rafts and Paxoses and red/greens and active/passives and Byzantine generals and dining philosophers and CAP theorems, are subject to this. You can do a bunch of math to absolutely prove beyond a shadow of a doubt that your database is completely distributed and has no single points of failure. There are papers that do this. You can do it too. Go ahead. I'll wait.
Okay, great. Now skip paying your AWS bill for a few months.
Whoops, there's a hierarchy after all!
You can stay in denial, or you can get serious.”
Posted on 2021-12-02T21:10:46+0000
This shouldn't have happened: A vulnerability postmortem
Posted by Tavis Ormandy, Project Zero Introduction This is an unusual blog post. I normally write posts to highlight some hidden att...
Click to view the original at googleprojectzero.blogspot.com
Hasnain says:
Terrible bug aside, this was a great postmortem and actionable set of follow-ups.
inb4 rust rewrite though.
"The maximum size signature that this structure can handle is whatever the largest union member is, in this case that’s RSA at 2048 bytes. That’s 16384 bits, large enough to accommodate signatures from even the most ridiculously oversized keys.
Okay, but what happens if you just....make a signature that’s bigger than that?
Well, it turns out the answer is memory corruption. Yes, really.
The untrusted signature is simply copied into this fixed-sized buffer, overwriting adjacent members with arbitrary attacker-controlled data."
Posted on 2021-12-02T02:53:26+0000
Oxide
oxide.computer
Hasnain says:
This is some really cool stuff.
“This is the best of both worlds: it is at once dynamic and general purpose with respect to what the system can run, but also entirely static in terms of the binary payload of a particular application — and broadly static in terms of its execution. Dynamic resource exhaustion is the root of many problems in embedded systems; having the system know a priori all of the tasks that it will ever see liberates it from not just a major source of dynamic allocation, but also from the concomitant failure modes. For example, in Hubris, tasks can always be safely restarted, because we know that the resources associated with a task are available if that task itself has faulted! And this eliminates failure modes in which dynamic task creation in response to load induces resource exhaustion; as Cliff has quipped, it is hard to have a fork bomb when the system lacks fork itself!”
Posted on 2021-12-01T17:06:01+0000
Stamping Bar Codes on Cells to Solve Medical Mysteries
By tracking every cell in an organism, scientists are working out why certain cancer treatments fail, which could lead to improved medicine.
Hasnain says:
Well this is really cool.
“Scientists discovered that the cancer does not always originate in the mature bone marrow cells where it is found and where textbooks say it originates.
…
The results are too new to have led to patient therapies. But they are leading to provocative discoveries that are expected to inspire novel methods for treating diseases.”
Posted on 2021-12-01T06:34:25+0000
Scaling Kafka at Honeycomb - Honeycomb
See how Honeycomb reduced Kafka cost by a total of 87% per megabyte/sec of throughput w/ AWS’s new Amazon EC2 lm4gn instance family and Confluent Tiered Storage.
Hasnain says:
This was a great technical read.
"We hope hearing how we managed our Kafka-based telemetry ingest pipeline is helpful to you in scaling your own Kafka clusters. We’ve grown 10x in two years while TCO1 for Kafka has only gone up 20%—in other words, an 87%2 cumulative reduction in cost per MB of incoming data. We do not have any engineers dedicated full time to the care and feeding of Kafka, and have preserved about the same number of engineers fluent in Kafka debugging as needed through training with incidents. This means our toil has not significantly increased even as the data scope increased."
Posted on 2021-12-01T06:25:51+0000