Got hit by insomnia. Damn. Reading "Hitler's Uranium Club", which is fantastic.
“The notion that we are raising a generation of children so technically sophisticated that they can outwit the best efforts of the security specialists of America’s largest corporations and the military is utter nonsense,” Mr. Morris said.
https://sites.google.com/corp/view/appliedmathclassics/home - an acquaintance with good judgement curated a list of classical applied math papers.
Need to be on my feet again sunday morning for surf.
The flu I caught in Miami is weird. I feel mostly fine during the day, then start with a really hacky cough from about 22:00 to about 04:00. Weird.
That last week was pretty relaxing. Motivated to get work done now.
For the record: Maycock's, when a bit of north swell is coming in, is a marvelous (if fast) wave. Not for longboards, as my wife had to find out the hard way, but incredibly scenic. Hip-to-shoulder-high, glassy, peels right over a coral reef in a fast-collapsing section. <3. Would recommend (requires 1.5m or so of north swell that wraps around though).
(White hats need not apply)
I think we’re looking to hire some new pen testing consultants at Immunity Inc if anyone is looking?
That giddy feeling of travelling to a wave, even if it takes 2 days.
If you like to draw pictures of heaps, I put some pre-built binaries for the heap vis tool I use / wrote on https://github.com/thomasdullien/heap_history_viewer/releases/tag/v0.5
My 2c on the LKML discussion about "kernel lockdown": It seems to me the patchset is conceptually misguided: How many examples are there where attackers go from root to kernel, vs. from kernel to root? It appears that the threat model is ill-defined, and it's hard for me to see the point in the patchset.
What real-world attacks in the last 3-4 years would be mitigated by this patchset? Is it really worth the complexity then?
One of the downsides of the information revolution is - I constantly feel like I can't keep up with all the things I should read / understand / work on.
Cross-posting is marketing for the source platform, so you shouldn't be surprised I don't think Twitter to Mastodon cross-posting is beneficial to Mastodon.
Mastodon is a social network, and talking to each other is a big part of it. If someone has setup a cross-poster and left and never checks their notifications, it's pointless for us who are here.
So I found a new goldmine of video interviews: Computer History Museum‘s Oral Histories:
https://youtube.com/playlist?list=PLQsxaNhYv8daKdGi7s85ubzbWdTB36-_q
Especially the interesting interview with Dave Ditzel who talks about computing history, Transmeta, Intel, the „Russian Connection“ and where things may go in the future (chip stacking, etc)
https://youtu.be/etta_NYCVxA
He is the CEO of Esperanto Technologies, who announced they are building high performance RISC-V chips:
https://youtu.be/f-b4QOzMyfU
PSA: I think that CFI without hardware support is a bad idea (if you consider the complexity / performance impact vs. the security gain), and that if hardware support is an option, many other schemes are vastly more effective at much less cost.
In short: I think everybody's fascination with CFI is misguided.
Page de-duplification is the new branch prediction.
We're watching modern computational optimization dissolve.
I found some time today to write a small blog post about a long-standing idea that I have bored a lot of people with already: "A bank statement for app activity" - something I would like my smartphone to provide: http://addxorrol.blogspot.fr/2018/03/a-bank-statement-for-app-activity-and.html
Self-care is not metal, but I seriously think it is punk. Society does not fucking want you to be healthy, it wants you to be at just the edge where you're still productive. Fuck that, live awesome.
A lot of Google's cloud services look really compelling, and then I look at their documentation and ... no C++ support. Insanity.
