If you find these types of 'disappeared in the wilderness' stories interesting, there's a really interesting one about a group of skiers in the Ural Mountains:
The math books that made the list are ones that always rate highly on these lists, but I think they are uniformly bad choices for people with a more passive or recreational interest in math. A lot of textbook publishers have series for undergraduates which are a better choice. For example, here’s Springer’s: https://www.springer.com/series/3423. For someone who has a college level education in science or engineering, but not a math degree, I think they would have more fun looking through a series and picking a title that seems cool and interesting to them. I honestly just have to wonder how many programmers have unread copies of Principles of Mathematical Analysis sitting on their shelves unread.
Where one can learn more about this (using books)? For instance, if I would like to learn more about processes and TLBs and context switching, I know I can learn about it from the Tanenbaum's book, from the OSTEP book, from the "dinosour book", etc. But I have no idea which book provides the fundamentals about Linux interfaces for virtual networking.
I wanted to document a regular person's experience building a business while working full time, it wasn't until the end of my third year before I made my first dollar from a stranger on the internet:
In the end, my business has been described as an "internet laundromat", it's definitely not a unique idea, it was a pain in the ass to get here, but I don't regret it.
We started with a simple web scraping solution for real estate market that was up and running in just a couple of days. We used it to track prices of apartments in our area aggregated across multiple websites.
Then, as we saw value in this, we expanded data scraping to other cities and types of properties and released the product to external users. We had a few paying customers after a couple of months.
As we wanted to include more websites to collect data from, we run into significant problems of being blocked. In result, we started investigating how to overcome different mechanisms that websites use to prevent automated traffic from web scrapers.
It turns out that one of the the most important factors is to use good quality proxy which provides IP addresses shared with other real users and change them frequently. So, we started building our own proxy infrastructure powered by 4G proxies and implemented an API on top of it. And this is how we created Scraping Fish API for web scraping.
Now, we can offer a reliable solution for scraping even the most demanding websites like Instagram or Facebook.
The author of this article is a public defender in the pacific northwest. He sometimes writes for Jesse Singal, but he also has his own substack.[1] Many of his posts provide a unique window into the criminal justice system. If that sounds interesting to you, I strongly recommend reading more of his writing. In my opinion, his greatest hits are Eleven Magic Words[2] and Death of a Client[3].
Having grokked the abstract, I feel like can speculate a bit as to what is going on. Take this with a grain of salt; I have no clue what has actually been discovered.
I believe that the researchers have found a way to remove PAC as a barrier to exploitation by disclosing PAC verification results via speculative execution. This is only useful to attackers going after a target that uses PAC, and those attackers will need to have another vulnerability that enables them to hijack control-flow through modifying pointers to code that are located in memory.
The attackers can use this new Pacman vulnerability as a crash-free oracle that says whether their forged pointer worked, and once they find a working one, they can use that to hijack control flow.
PAC (or Pointer Authentication) is a security feature found in recent iPhones, the Apple Silicon Macs, and the Graviton3. It is intended as a defense against control-flow hijacks. It works by signing pointers found in memory with one of five keys that are known only to the processor. Before the pointer is used, the processor should be instructed to "authenticate" the pointer by checking the pointer's signature using its private keys. To prevent simple reuse of one authenticated pointer used in one place to a pointer used in another place in the program, code can provide a "context" value to be used during the authentication.
A great resource for learning about PAC and its usage in the Apple platforms is at [1] (it links to other resources) and if you want to play with a PAC enabled binary, check out [2]
1) Place your guess such that it is used as the pointer input to an authentication instruction
2) Causing a branch misprediction. On the not-taken side of the branch, code needs to perform a pointer authentication and usage of the pointer. On the taken side of the branch, code should not crash.
3) CPU speculatively executes down the not-taken side of the branch (misprediction) and speculatively executes the authentication instruction.
4) If your guess is correct, the authentication instruction will return a valid pointer. If your guess is incorrect, the authentication instruction returns a pointer that, if dereferenced, will cause an exception.
5) CPU speculatively executes a load (in the case of a data pointer) or an instruction fetch (in the case of a code pointer) on the pointer value.
6) If the pointer is valid, the address translation for that pointer will appear in the TLB. If the pointer is not valid, it will not (because of the exception).
7) All of the effects from this mispredicted branch get squashed when the CPU realizes that the branch is not taken. No exception is actually thrown!
8) Measure the TLB entries to determine whether the speculative address translation made it in. If it is present, you know that the guess is correct.
For those who are smaller and don't have the money to pay for Splunk enterprise, and don't have the headcount to build your own logging infrastructure, I built a a service called GraphJSON that makes it super easy to log and process any type of data. You can read more about how and why I built it here https://www.graphjson.com/guides/about
Dave also has his own YT channel full of "hidden" stories about old microsoft tech he worked on. Be sure to check him out, he's got quite a few good ones :)
I heavily recommend reading “This is How They Tell Me The World Ends” written by one of the guests he had in episode 98, Nicole Perlroth (which also touched a little on the NSO in that episode). She’s The NY Times cybersecurity reporter. A lot of the book focused on the NSO, among others.
I took a Unix half credit course randomly where you basically did bash scripting, a huge bunch of command line tools and then eventually use all that to build your own linux distribution. I swear I learned more in the half credit class, and way more if you try to count it as useful information, than 90% of my other CS courses.
Edit: And since this got some traction, here is the current version of the class: https://www.cis.upenn.edu/~cis191/ it looks pretty similar to what I took but they added a little bit of Python.
It's written by someone who became a paraplegic. You may have seen it on HN recently, but maybe not.
It's not something that you can consume in a few minutes. But it's worth reading in its entirety. It really, truly helps you appreciate just how much most of us have in life.
I apologize if this is tangential. But it was such an incredible experience to read it that I wanted to share it with someone. I haven't felt my perspective about life change that much by a single work before.
It's a longform essay on life, happiness, morals, philosophy, ethics, and someone's personal journey through the pits of hell. It's also an extended suicide note that might make you rethink certain aspects of society. But it also has a certain flavor of humor:
I have not been an author for long (and won’t be one for long!) ...
Speaking about Knuth audiofiles/podcasts, I recently created a RSS feed for the Knuth's "Things a Computer Scientist Rarely Talks About" audio files (https://j11g.com/knuth.xml).
This way you can listen to it in your favorite podcast player.
Looks good, thanks for sharing! I've had a hard time finding podcasts that have a conversational style that I enjoy; so far I like only https://softwareengineeringdaily.com/, but this one looks really promising.
Self promotion, but as this is my first year doing advent of code I'm solving all of the problems using awk[1], the solutions will be published here[2]
I was at Semicon Japan last year in December and I learn about the coolest semiconductor company (non profit research organization) ever - MinimalFab [1]. There isn't much information their website but this [2] video explains what MinimalFab is about. Essentially, it is a cleanroom-free, modularized fab where each process step in a fab is like a little ATM machine. Miniaturization of complex fab processes is mind blowing and everything is contained inside the machine including a Class 100 environment. Load a tiny quarter sized wafer in a cassette to process and move material from one machine to another. This kind of a fab setup would be incredibly useful to R&D fabs in universities and small scale fabrication for military, space, defense and perhaps even hobby use.
I'm not sure how far and wide the show Nathan For You reaches, but there's a fantastic episode where he proposes a local electronics store mark TVs down to $1 in order to buy up new inventory from Best Buy for his own store using their price match policy.
Rather than trying to explain it poorly, I highly recommend everyone watch this clip from the show:
Learning Unix tools is pretty good place to start. There are a lot of commands that can do a lot of processing. It’s been a while since I learned but the book “Unix power tools” from oreily is pretty good. It’s old, but honestly these commands haven’t changed much.
Python is slower compared to some of it’s compiled cousins, but it’s quick to write and a great skill to have when bash scripting can’t handle some of the complexity or you need dB access. We use it sometimes to call c programs to do DNA sequence alignments and process the returns.
HackerRank | Bangalore, India | Fulltime | ONSITE | www.hackerrank.com
HackerRank is a Y Combinator alumnus backed by tier one Silicon Valley VCs. We are a skills-based hiring platform that helps companies evaluate technical skills, better. We’re driving a new paradigm shift by eliminating resumes and creating opportunities for hundreds of thousands of programmers worldwide. We have a community of 5M+ developers and 1,000+ customers across industries, and the best part is we are just getting started. Our customers - including VMware, Twitter, Capital One and many other Fortune 100 companies - rely on HackerRank to build strong engineering teams.
We're hiring across engineering for the following roles:
- Senior Back-end engineers & Front-end Engineers
- Engineering Manager
Good pay with following benefits:
- Insurance to all Employees (term life, personal accident, medical, gratuity) along with insurance to their dependents(medical).
- Employee stock options, flexible work hours and time off.
- Tech talks every week.
- Onsite gym, telephone, internet etc. Our pantry is stocked with healthy snacks, fruits, Coffee and free catered lunch every day.
- Ping pong, hoverboard, foosball, PS4 and many office celebrations like Mafia games, outings, movie evenings to name a few!
Please send an email to anil@hackerrank.com with "WHOISHIRING" in the subject line, with your resume/CV, and a little bit about yourself and relevant experience.
https://www.newyorker.com/magazine/2021/05/17/has-an-old-sov...