Top Posts for January 4, 2018

Full article on twitter.com | 797 Points and 212 Comments

iMac Pro’s T2 chip

Summary: Before the iMac Pro was released, there was a lot of speculation that it was part of a trend toward creating a “hybrid Mac” that is driven by both an Intel processor and an Apple-designed ARM chip like those found in other Apple devices.

Keywords: imac, pro, mac, apple, security

Full article on macworld.com | 522 Points and 270 Comments

Texttop – An interactive X Linux desktop rendered in TTY and streamable over SSH

Summary: But I’ve removed the dependencies on ffmpeg , Xorg (for Firefox at least - Chrome strangely doesn’t support webextensions in headless mode), docker AND it will work on all webextension-compatible browsers.

Keywords: ssh, docker, mosh, mouse, texttop

Full article on github.com | 519 Points and 77 Comments

Intel Issues Updates to Protect Systems from Security Exploits

Summary: Intel continues to believe that the performance impact of these updates is highly workload-dependent and, for the average computer user, should not be significant and will be mitigated over time.

Keywords: intel, updates, systems, computer, software

Full article on newsroom.intel.com | 491 Points and 377 Comments

LLVM patch to fix half of Spectre attack

Full article on reviews.llvm.org | 424 Points and 234 Comments

Show HN: PAST, a secure alternative to JWT

Summary: Unlike JSON Web Tokens (JWT), which gives developers more than enough rope with which to hang themselves, PAST only allows secure operations.

Keywords: past, jwt, authentication, tokens, purpose

Full article on github.com | 340 Points and 134 Comments

Meltdown and Spectre

Summary: We would like to thank Intel for awarding us with a bug bounty for the responsible disclosure process, and their professional handling of this issue through communicating a clear timeline and connecting all involved researchers.

Keywords: meltdown, spectre, system, intel, memory

Full article on spectreattack.com | 335 Points and 140 Comments

More details about mitigations for the CPU Speculative Execution issue

Full article on security.googleblog.com | 319 Points and 90 Comments

“Intel Core 2 bugs will assuredly be exploitable from userland code” (2007)

Summary: org [ Download message RAW ] Various developers are busy implimenting workarounds for serious bugs in Intel’s Core 2 cpu.

Keywords: intel, bugs, operating, list, systems

Full article on marc.info | 304 Points and 110 Comments

Announcing the OpenWrt/LEDE merge

Full article on forum.lede-project.org | 299 Points and 96 Comments

Productivity in 2017: analyzing 225 million hours of work time

Summary: With American Thanksgiving the next week and the mad holiday rush shortly after, mid-November is a great time for people to cram in a few extra work hours and get caught up before gorging on Turkey dinner.

Keywords: time, productive, day, work, spent

Full article on blog.rescuetime.com | 254 Points and 143 Comments

Announcing Rust 1.23

Summary: Docs team member Guillaume Gomez has written a blog post showing some common differences and how to solve them.

Keywords: rust, year, ve, documentation, commonmark

Full article on blog.rust-lang.org | 244 Points and 81 Comments

XPS 13 developer edition 7th generation available

Summary: UK, Ireland, Germany, Austria, France, Italy, Spain, Switzerland (French and German), Belgium, Netherlands, Sweden, Norway, Denmark.

Keywords: developer, project, xps, edition, generation

Full article on bartongeorge.io | 234 Points and 383 Comments

Introducing Preemptible GPUs

Full article on cloudplatform.googleblog.com | 234 Points and 75 Comments

Xerox Alto zero-day: cracking disk password protection on a 45 year old system

Summary: After storage for decades, these disks have some grime, dust, and the occasional bug (of the dead insect variety), so we need to clean them to reduce the chance of a head crash.

Keywords: password, disk, alto, passwords, file

Full article on righto.com | 225 Points and 64 Comments

About speculative execution vulnerabilities in ARM-based and Intel CPUs

Summary: The Meltdown and Spectre exploitation techniques abuse speculative execution to access privileged memory—including that of the kernel—from a less-privileged user process such as a malicious app running on a device.

Keywords: meltdown, spectre, apple, ios, execution

Full article on support.apple.com | 224 Points and 74 Comments

Update on Meltdown and Spectre

Summary: The impact of these vulnerabilities is an attacker who can run code on a computer can potentially gain access to memory space outside the bounds of it’s normal authorization.

Keywords: update, coinbase, systems, browser, access

Full article on engineering.coinbase.com | 203 Points and 99 Comments

How an A.I. ‘Cat-And-Mouse Game’ Generates Believable Fake Photos

Summary: In recent years, thanks to a breed of algorithm that can learn tasks by analyzing vast amounts of data, companies like Google and Facebook have built systems that can recognize faces and common objects with an accuracy that rivals the human eye.

Keywords: images, nvidia, system, generate, researchers

Full article on nytimes.com | 192 Points and 80 Comments

TeaVM – Ahead-of-time transpiler of Java bytecode to JavaScript or WebAssembly

Summary: TeaVM is an ahead-of-time translating compiler (transpiler) of Java bytecode, that’s capable of emitting JavaScript and WebAssembly.

Keywords: teavm, java, code, framework, javascript

Full article on teavm.org | 185 Points and 120 Comments

You’re Descended from Royalty and So Is Everybody Else

Summary: Our findings suggest a remarkable proposition: No matter the languages we speak or the color of our skin, we share ancestors who planted rice on the banks of the Yangtze, who first domesticated horses on the steppes of the Ukraine, who hunted giant sloths in the forests of North and South America, and who laboured to build the Great Pyramid of Khufu.

Keywords: dna, people, ancestry, charlemagne, family

Full article on nautil.us | 180 Points and 102 Comments

How a researcher hacked his own computer and found ‘worst’ chip flaw

Summary: FRANKFURT (Reuters) - Daniel Gruss didn’t sleep much the night he hacked his own computer and exposed a flaw in most of the chips made in the past two decades by hardware giant Intel Corp ( INTC.O ).

Keywords: gruss, spectre, team, intel, meltdown

Full article on reuters.com | 176 Points and 78 Comments

Uber Co-Founder Travis Kalanick Said to Plan Sale of 29% of Stake

Summary: Terms of the deal bar sellers from parting with more than 58 percent of shares initially offered, requiring Kalanick to sell a smaller portion of his stake.

Keywords: uber, kalanick, company, percent, stake

Full article on bloomberg.com | 175 Points and 248 Comments

Hacking WiFi to inject cryptocurrency miner to HTML requests (CoffeeMiner)

Summary: Some weeks ago I read about this Starbucks case where hackers hijacked laptops on the WiFi network to use the devices computing power to mine cryptocurrency, and I thought it might be interesting perform the attack in a different way.

Keywords: attack, miner, wifi, html, network

Full article on arnaucode.com | 171 Points and 52 Comments

Substrate VM – A framework that allows AOT compilation of Java applications

Summary: If you pull a changeset which adds or removes checkstyle XML files, you may get inappropriate style warnings/errors in Eclipse until you ‘mx eclipseinit’ and then Clean the affected projects.

Keywords: eclipse, mx, checkstyle, image, projects

Full article on github.com | 159 Points and 53 Comments

Where Pot Entrepreneurs Go When the Banks Say No

Summary: As the state Marijuana Enforcement Division granted licenses to about 220 additional companies last year through November, Safe Harbor’s waiting list swelled to 96 businesses, or two-and-a-half-years’ worth of new clients, before the credit union stopped adding names to it.

Keywords: marijuana, behzadzadeh, safe, colorado, money

Full article on nytimes.com | 157 Points and 172 Comments

GitHub acquires AppCanary

Summary: From when we cofounded Rubysec , to building (the now defunct) Gemcanary , to starting Appcanary , our goal from the beginning was to improve the world’s security by preventing the use of vulnerable software.

Keywords: github, appcanary, security, customers, alerts

Full article on blog.appcanary.com | 156 Points and 27 Comments

How and why we teach non-engineers to use GitHub at Thread

Summary: At Thread we now regularly teach those outside of the engineering team how to contribute to our codebase via the GitHub web interface, so that they are in control of updating data they need to work effectively.

Keywords: data, files, github, team, work

Full article on thread.engineering | 155 Points and 76 Comments

Frontmacs

Summary: Any customizations you make are made to files under version control and so upgrading and keeping up with the community is a constant battle of merges, rebases, throw-aways and ultimately do overs.

Keywords: frontmacs, emacs, configuration, file, make

Full article on github.com | 149 Points and 95 Comments

Ink/stitch: an Inkscape extension for machine embroidery design

Summary: Remember that machine embroidery is fairly imprecise and your final product will not have the incredibly fine details that you see on your screen, so simplifying can often be acceptable even if it changes the path.

Keywords: inkscape, stitch, satin, stitching, objects

Full article on inkstitch.org | 148 Points and 20 Comments

Docker for data scientists: Introduction and use cases

Summary: The first section at the top says it gives you, jupyter notebook, conda python 3, pandas, matplotlib, scipy, seaborn, scikit-learn, scikit-image, sympy, cython, patsy, statsmodel, cloudpickle, dill, numba, bokeh pre-installed .

Keywords: docker, container, image, run, ll

Full article on unsupervisedpandas.com | 144 Points and 55 Comments

CPU hardware vulnerable to side-channel attacks

Summary: SpectreMeltdownCPU mechanism for triggering Speculative execution from branch predictionOut-of-order execution Affected platforms CPUs that perform speculative execution from branch predictionCPUs that allow memory reads in out-of-order instructions Difficulty of successful attack High - Requires tailoring to the software environment of the victim processLow - Kernel memory access exploit code is mostly universal Impact Cross- and intra-process memory disclosureKernel memory disclosure to userspace Software mitigations Indirect Branch Restricted Speculation ( IBRS ) Note: This software mitigation also requires CPU microcode updates and it only mitigates Spectre variant 2Kernel page-table isolation ( KPTI ) An attacker able to execute code with user privileges can achieve various impacts.

Keywords: spectre, instructions, cpu, memory, meltdown

Full article on kb.cert.org | 137 Points and 82 Comments

How does GDB call functions?

Summary: it lets you treat gdb a little bit like a C REPL, which is fun and I imagine could be useful for development utility functions to display / navigate complex data structures quickly while debugging in gdb (thanks @invalidop ) set an arbitrary process’s namespace while it’s running (featuring a not-so-surprising appearance from my colleague nelhage !)

Keywords: gdb, function, stack, address, instruction

Full article on jvns.ca | 136 Points and 20 Comments

Great things and people that I discovered, learned, read, met, etc in 2017

Summary: Inventing the LISA user interface by Perkins, Ludolph, and Keller ( WWW ) – I’m perpetually interested in retrocomputing topics, especially those with lessons that extend into modern system design considerations.

Keywords: read, favorite, language, books, game

Full article on blog.fogus.me | 136 Points and 23 Comments

Summary: The Justice Department will reverse the so-called Cole and Ogden memos that set out guardrails for federal prosecution of cannabis and allowed legalized marijuana to flourish in states across the U.S., according to two senior agency officials.

Keywords: industry, cannabis, marijuana, policy, states

Full article on bloomberg.com | 136 Points and 196 Comments

Xen Project Spectre/Meltdown FAQ

Summary: Lars has 9 years of experience building and leading engineering teams and a track record of executing several change programs impacting 1000 users.

Keywords: xen, mode, information, pv, meltdown

Full article on blog.xenproject.org | 133 Points and 32 Comments

Show HN: An illustration of Web Developer tools in 2018

Summary: Below you find a set of charts demonstrating the paths that you can take and the technologies that you would want to adopt in order to become a frontend, backend or a devops.

Keywords: roadmap, open, roadmaps, charts, backend

Full article on github.com | 118 Points and 36 Comments

The dawn of online piracy (2015)

Summary: Now he played the MP3 of “California Love.” Roger Troutman’s talk-box intro came rattling through his computer speakers, followed by Dr. Dre’s looped reworking of the piano hook from Joe Cocker’s “Woman to Woman.” Then came Tupac’s voice, compressed and digitized from beyond the grave, sounding exactly as it did on the CD.

Keywords: glover, kali, plant, music, scene

Full article on newyorker.com | 105 Points and 48 Comments

Algorithm efficiency comes from problem information

Summary: These methods, by utilizing a fundamental property of the problem specification, can noticeably reduce the amount of drift in the energy and angular momentum of the approximated solution and make the resulting simulations closer to reality.

Keywords: problem, neural, methods, algorithm, matrix

Full article on stochasticlifestyle.com | 102 Points and 28 Comments

Neurovis: Visualizing brain signals in 3D in real-time

Summary: Streaming data from local files, the cloud or connected headsets improves memory usage and computational performance.

Keywords: data, eeg, applications, visualisation, neurovis

Full article on neuropro.ch | 96 Points and 53 Comments

Wi-Fi startup Eero lays off 30 employees

Summary: We will continue our work to make eero the most reliable, secure, and easiest home WiFi solution.”

Keywords: eero, workforce, employees, techcrunch, wifi

Full article on techcrunch.com | 96 Points and 119 Comments

A list of macOS, tvOS and iOS bugs while helping my family over the holidays

Summary: In the latter case, you can’t even cd into the share without the shell hanging; GUI apps beachball and if you try to kill them, get stuck exiting (the STAT column in ps reads ?E ).

Keywords: photos, app, number, shared, album

Full article on njr.sabi.net | 92 Points and 93 Comments

‎Chromium Security‎: Site Isolation

Summary: There is additional work underway to let Site Isolation offer protection against even more severe security bugs, where a malicious web page gains complete control over its process (also known as “arbitrary code execution”).

Keywords: chrome, sites, site, isolation, isolating

Full article on chromium.org | 89 Points and 33 Comments

Ubuntu anouncement on Spectre/Meltdown

Summary: Timeline 2017 Nov 09: the Ubuntu Security team is notified by Intel under NDA 2017 Nov 20: the CRD is established as 2018-01-09 2017 Dec: the Ubuntu Security team receives notifications from additional silicon vendors about the impact to their products 2018 Jan 03: issue becomes public a few days before the CRD : Ubuntu releases updates

Keywords: updates, ubuntu, security, issue, release

Full article on wiki.ubuntu.com | 89 Points and 15 Comments

Firefox Focus: A Fast Private Mobile Browser from Mozilla

Summary: The full-featured version of Firefox with robust customization and privacy options ready to go for mobile and tablet.

Keywords: firefox, focus, version, robust, customization

Full article on mozilla.org | 79 Points and 39 Comments

Rise of Bitcoin Competitor Ripple Creates Wealth to Rival Zuckerberg

Summary: The company’s board includes the former top financial regulator in New York state, Benjamin M. Lawsky, and Gene Sperling, who was the director of the National Economic Council under Presidents Barack Obama and Bill Clinton.

Keywords: ripple, tokens, virtual, currency, company

Full article on nytimes.com | 75 Points and 99 Comments

Ubuntu Updates for the Meltdown / Spectre Vulnerabilities

Summary: That includes Ubuntu .I say “unfortunately”, in part because there was a coordinated release date of January 9, 2018, agreed upon by essentially every operating system, hardware, and cloud vendor in the world.

Keywords: ubuntu, linux, security, operating, system

Full article on blog.dustinkirkland.com | 75 Points and 4 Comments

Learning to Code as a Woman Changed My Life

Summary: This lack of information (or misinformation) would have completely blocked my current career were it not for a few happy accidents that shifted my occupational trajectory (details I’ll save if only because a map should consist of reliable directions, not timing or circumstance.)

Keywords: women, coding, learning, life, people

Full article on glamour.com | 74 Points and 27 Comments

Astatine: Halogen or Metal?

Summary: In this series of posts I hope to address this question in a manner thorough enough for future graduate student TA’s who work in other areas of chemistry, but still generally approachable to interested non-chemists.

Keywords: astatine, decay, isotopes, halogen, metal

Full article on quantumchymist.blogspot.com | 70 Points and 7 Comments

Motel 6 routinely gave guests’ information to immigration officials

Summary: Ferguson’s lawsuit, filed in King County Superior Court in Seattle, accuses Motel 6 of unfair and deceptive business practices and of violating Washington state privacy laws.

Keywords: motel, washington, attorney, information, state

Full article on latimes.com | 70 Points and 82 Comments

Show HN: Compiler using Lisp’s macro system for metaprogramming C-like languages

Summary: Here we define a recursively expanding macrolet, match-int , that inserts conditional clauses (as in (if (regexec ….)) and also checks to terminate the iteration (with ,(lisp (if …)) ).

Keywords: lisp, decl, symbols, part, initializer

Full article on github.com | 69 Points and 26 Comments

In pursuit of Otama’s tone (2017)

Summary: But I thought a simpler way would be to create a custom FIR frequency response in REAPER, by visually comparing the speaker input and microphone capture spectra.

Keywords: otamatone, sound, wave, speaker, frequency

Full article on windytan.com | 66 Points and 11 Comments

A photographer captures the paths that birds make across the sky

Summary: View ImagesAt a calm bay north of Spain’s Ebro River Delta on the Mediterranean coast, a flock of greater flamingos is silhouetted in the water, while European herring gulls fly overhead.

Keywords: view, birds, bou, spain, appears

Full article on nationalgeographic.com | 65 Points and 6 Comments

Ripple Slides After Coinbase Says Not Adding New Crypto Coins

Summary: Coinbase, one of the largest crypto exchanges, said in a Twitter post by its chief executive officer that it had not made a decision to add new coins.

Keywords: coinbase, bitcoin, ripple, percent, crypto

Full article on bloomberg.com | 64 Points and 67 Comments

Show HN: HNNotify – Get emailed when a users reply to your HN Posts and Comments

Summary: Once per hour we scour your HN Profile looking for new replies on all of your recent (last 10 days) submissions.

Keywords: subscribe, hn, replies, direct, hacker

Full article on hnnotify.xyz | 63 Points and 65 Comments

Battle of the Clipper Chip (1994)

Summary: White House high-tech policy makers share a recurrent fear: one day they might be sitting before an emergency Congressional investigation after the destruction of half of Manhattan by a stolen nuclear weapon planted in the World Trade towers and trying to explain that the Government had intercepted the communications of the terrorists but could not understand them because they used strong encryption.

Keywords: clipper, government, cryptography, key, security

Full article on nytimes.com | 62 Points and 18 Comments

A CPU bug with undocumented opcodes, possibly Intel (scroll to p. 155)

Full article on blackhat.com | 61 Points and 19 Comments

WebGraphviz: Graphviz in the Browser

Summary: Sample 1Sample 2Sample 3Sample 4Sample 5 digraph G { “Welcome” -> “To” “To” -> “Web” “To” -> “GraphViz!”

Keywords: graphviz, data, webgraphviz, browser, enter

Full article on webgraphviz.com | 59 Points and 11 Comments

FCC Chairman Ajit Pai canceled his appearance at CES because of death threats

Summary: Federal Communications Commission Chairman Ajit Pai canceled his scheduled appearance at a major upcoming tech industry trade show after receiving death threats, two agency sources told Recode on Thursday.

Keywords: pai, fcc, threats, public, federal

Full article on recode.net | 57 Points and 47 Comments

Apple Says All Macs, iPhones and iPads Exposed to Chip Security Flaws

Summary: Apple Inc. said all Mac computers and iOS devices, like iPhones and iPads, are affected by chip security flaws unearthed this week, but the company stressed there are no known exploits impacting users.

Keywords: apple, company, devices, security, software

Full article on bloomberg.com | 56 Points and 36 Comments

What If Sugar Is Worse Than Just Empty Calories?

Summary: During a keynote address at the 2016 annual meeting of the US National Academy of Medicine, the World Health Organization’s then director general, Margaret Chan, described the twin epidemics of obesity and diabetes worldwide as a “slow-motion disaster”—explosions in the prevalence of these related disorders that frankly strain the imagination.

Keywords: sugar, diabetes, obesity, disease, health

Full article on bmj.com | 54 Points and 28 Comments