Vulnerability of the day:
https://www.hertzbleed.com/gpu.zip/
Why I would not be surprised that Meta and others already use similar approach to extract as much data possible from your devices.
If you compare Meta’s bounce back after significant drop of Apple locked privacy settings, they have definitely found new and creative ways to get your data π
Last week (23w30) I stumbled upon such a ‘great’ vulnerability, but also the great explanation (and I’ve read a ‘few’).
Explanation of Zenbleed is here https://lock.cmpxchg8b.com/zenbleed.html.
And I highly recommend it to anyone interested in learning some of the ‘magic’ of modern CPUs on a ever-expanding 40+ year old x86 instruction set.
And a bit of jealous how clean and clear the walk-through is written π
I came across a comprehensive analysis of all the βinovationsβ in full-stack development, which can be found at https://www.bitecode.dev/p/hype-cycles. It brought back some fun memories π
Every few years, I found myself needing or wanting to create a website. This involved trying to use “best” tools and frameworks for the job that everyone was hyping at the time
Yet, each time, I found myself gravitating back to good old WordPress, with a sprinkle of jQuery or a lightweight framework.
Why?
Well, I felt βstupidβ that it took so much time to set up a simple CRUD website using these supposedly “modern” tools.
The rule: simple task needs simple tools, always π
So far I have this blog running for less than a year.
There are couple of things that I’ve expected to see:
Despite this, I have noticed that the spam comments that do get through are surprisingly sophisticated and appear almost human-like. These comments typically promote Binance or other crypto addresses, as on example below:
I presume that it is some form of automated bot trackback spam that assigns random ‘comment’ text to a trackback link.
Purpose could be multiple: SEO backlinking, visit tracking, pure spam, etc.
But still fun to see the ‘praise’ in the comments π
My current take on recent AI development is that it is getting more and more useful.
BUT, in the end, it is still a glorified, but novel statistics [1].
And whenever AI learns from human input, I find funny/insightful/dark quote from George Carlin:
Or in other words, current crop of AI cannot escape law of large numbers [3].
Especially in today’s world, you need very-very-very valid input sources vetted, by of course, error prone humans.
Even reviews for the simplest of stuff you can buy cannot be trusted as they are bought in bulk.
And as misinformation efforts are running loose in the wild, it is hard to keep sources clean.
Even for pure technical domains such as programming, ChatGPT has been banned by StackOverflow [2] due to high percentage of only looking correct answers.
And some fun chat-bot responses from history characters π
https://twitter.com/RealESonneborn/status/1615794316504440839
So until AI can learn different real-life models instead of shoveling data into hundreds of billions of (statistical, black-box) parameters with insane compute power needs, it will just be useful statistics.
But there is a lot of room for research in how even today’s AI works, even on much smaller scale models.
[1] – https://towardsdatascience.com/no-machine-learning-is-not-just-glorified-statistics-26d3952234e3
[2] – https://meta.stackoverflow.com/questions/421831/temporary-policy-chatgpt-is-banned
[3] – https://www.investopedia.com/terms/l/lawoflargenumbers.asp
https://faultlore.com/blah/c-isnt-a-language/
Have you ever had luck/cry/luck to maintain C++ ABI compatibility between different linkable codebases, and found it fun? π
The more I worked with C, the more quirks popped up. Some fun, some not-so-much.
This text is a must read to anyone trying to maintain compatibility between platforms with useful insights from the wild.
And very rare praise to Microsoft as de-facto kings in platform backward compatibility.
https://stackoverflow.com/questions/7825055/what-does-the-operator-do-in-c
While we are still on C language and its quirks, what ??!??! operator does in C? π
I would not be surprised if this popped up as a question on ‘good’ interviews, which I would like to steer clear.
https://github.com/include-what-you-use/include-what-you-use
I came across this tool long time ago and found it quite handy, especially when working in C++ codebase.
Why? It has potential to one-time reduce your compile time insanely, by just removing include lines that have zero references from current code.
This is quite handy in C++ to limit number of translation units to be compiled, especially when small change in one header triggers big-but-unnecessary re-compilation chain.
And there is insane amount of header-only libraries or code-heavy headers that will exponentially fast increase compile time if not being careful what you include.
https://www.theregister.com/2022/10/31/opinion_column_relevance_in_business/
Interesting opinion about staying relevant with FOSS.
https://darknetdiaries.com/episode/115/
Listen to the podcast episode and replace mentions of games with i.e. cars.
It should raise a lot of eyebrows.
It is really not hard to image black market for all kinds of:
All of this already exists, but at the moment, is not the most scalable business.
To ‘pimp-up’ your current generation cars, you would need to go to a ‘guy’ or a shady shop to make changes.
But the cars are becoming ‘smarter’. Over-the-air updates and all new fancy features allows you to make changes remotely from any part of the world.
And there lies huge black-market opportunity for finding bugs and loopholes, as no software and protection is perfect.
Just check yearly Android bug-list and their severity, even if it is owned developed by all-mighty Google.
If there is a sprawling market for cheats for 50$ games, imagine an opportunity for ‘cheats’ in 50000$+ car.
It is not hard to imagine a 100% online subscription service that will allow you to receive all kinds of un-official βimprovementsβ applied automatically to your car.
Thanks goes to Patrik ThunstrΓΆm for sharing this podcast gem and fun discussion π
https://calebhearth.com/fan-out-vs-fan-in
Another way how to look at code complexity and how to prevent it during design or in refactor.
As with everything, it should not be followed blindly, as the original complexity could end up moving into ever-evolving wrapper classes.
Check Law of Demeter for more information.
One more take on how big tech companies have taken over internet from original intent.
If you have ever found legitimate mail ending up in spam folder of your free mail service out of sudden, or not delivered, this is primary reason.
Old but gold: When the product is free, you are the product.
https://github.com/IdreesInc/Minecraft-Font
For the ones with kids or feel like one π
Go-to manifest, more often than not π
https://utcc.utoronto.ca/~cks/space/blog/programming/CAPIsEffectsOfMalloc
Important reminder to anyone writing C APIs and for the ones learning to use it.
It is also major source of security and stability issues when not handled correctly.
As a helpful guide when writing complex C APIs:
https://thephd.dev/c23-is-coming-here-is-what-is-on-the-menu
Finally the C language it getting proper modern ‘face-lift’ that will potentially help and alleviate bunch of manual work and increase quality of written code.
Lets see if it will fizzle-out, or it will gain traction (looking at you, compiler vendors π ).
https://docs.google.com/document/d/16B36r0HksR0LqQAGLA1syYCtZvYaVC0hEF2D00ZAd0o/view#
Highly informative document for anyone switching between C and C++ and pitfalls of using same or similar approaches from one language into another.
https://luckyresistor.me/knowledge/learn-cpp/
To anyone interested in learning C++, with focus on usage in embedded environment.
Good comments especially valid to all related constraints and best practices for embedded implementation.
https://matthewbilyeu.com/blog/2022-09-01/responding-to-recruiter-emails-with-gpt-3
Fun use of GPT-3 to automate ‘handling’ of recruiter messaging π
https://nnethercote.github.io/2022/07/27/twenty-years-of-valgrind.html
For the ones writing low-level and/or in ‘unsafe’ languages, Valgrind is one of the tool suites to use regularly.
Linked text from one of the creators of Valgrind provides brief of its interesting history, and more importantly, links to high quality papers describing how Valgrind actually works under the hood and is able to to what it does.
Note that Valgrind is not the only good tool that Nicholas and Julian have made.
This is expected development since obfuscation-as-a-security method failed spectacularly in hack of Intel Management Engine in the motherboard chip-sets.
One of the first big names in car industry to be ‘eaten’ by software.
As all modern car manufacturers are moving to become software first company, they are also learning hard lessons that:
Current state of software engineering is less engineering and more craftsmanship, with all its implications on quality, planning, timelines and ‘manufacturing’.
The software craftsmanship is a separate topic for another day π
