Top Posts for January 5, 2018

Why Raspberry Pi Isn’t Vulnerable to Spectre or Meltdown

Summary: The real Meltdown exploit is substantially more complex than this (notably, to avoid having to mis-train the branch predictor, the authors prefer to execute the illegal read unconditionally and handle the resulting exception), but the principle is the same.

Keywords: processor, branch, access, instructions, processors

Full article on raspberrypi.org | 1303 Points and 179 Comments

Full article on twitter.com | 826 Points and 226 Comments

Germany vs. Elsevier: universities win temporary free journal access

Summary: The nationwide deal sought by scientists includes a open-access option, under which all corresponding authors affiliated with German institutions would be allowed to make their papers free to read and share by anyone in the world.

Keywords: access, german, elsevier, journals, scientists

Full article on nature.com | 543 Points and 137 Comments

Intel Analysis of Speculative Execution Side Channels [pdf]

Full article on newsroom.intel.com | 358 Points and 33 Comments

“Intel Core 2 bugs will assuredly be exploitable from userland code” (2007)

Summary: org [ Download message RAW ] Various developers are busy implimenting workarounds for serious bugs in Intel’s Core 2 cpu.

Keywords: intel, bugs, operating, list, systems

Full article on marc.info | 313 Points and 115 Comments

Intentional Fire-Spreading by “Firehawk” Raptors in Northern Australia

Summary: Bilinarra, Gurindji and Malngin Plants and Animals, Aboriginal Knowledge of Flora and Fauna from Judbarra/Gregory National Park, Nitjpurru, Kalkarindji and Daguragu, North Australia.

Keywords: scholar, google, fire, australia, australian

Full article on bioone.org | 287 Points and 237 Comments

GitMask – Develop Anonymously

Summary: Simple Adding a new git remote is much easier than setting up another GitHub account and remembering to use that secondary SSH key.

Keywords: gitmask, github, code, open, source

Full article on gitmask.com | 236 Points and 106 Comments

About speculative execution vulnerabilities in ARM-based and Intel CPUs

Summary: The Meltdown and Spectre exploitation techniques abuse speculative execution to access privileged memory—including that of the kernel—from a less-privileged user process such as a malicious app running on a device.

Keywords: meltdown, spectre, ios, apple, techniques

Full article on support.apple.com | 227 Points and 77 Comments

AMD ships microcode update to disable branch prediction

Summary: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch):

Keywords: suse, linux, enterprise, server, patch

Full article on lists.opensuse.org | 220 Points and 152 Comments

Bitcoin Visa debit cards are cancelled

Full article on reddit.com | 216 Points and 173 Comments

AMD PSP: Firmware TPM Remote Code Execution via Crafted EK Certificate

Summary: Current thread: AMD-PSP: fTPM Remote Code Execution via crafted EK certificate Cfir Cohen via Fulldisclosure (Jan 05)

Keywords: fulldisclosure, remote, cohen, execution, code

Full article on seclists.org | 213 Points and 79 Comments

AI in drug discovery is overhyped: examples from AstraZeneca, Harvard, Stanford

Summary: The Silicon Valley VC firm Andreessen Horowitz launched a new 450 Million dollars bio investment fund , with one focus area in applications of AI to drug discovery.

Keywords: ai, deepchem, paper, molecules, team

Full article on medium.com | 213 Points and 86 Comments

Update on Meltdown and Spectre

Summary: The impact of these vulnerabilities is an attacker who can run code on a computer can potentially gain access to memory space outside the bounds of it’s normal authorization.

Keywords: access, systems, coinbase, browser, update

Full article on engineering.coinbase.com | 207 Points and 99 Comments

The case against GDP: time to change the way we measure the wealth of nations

Summary: Stay informed and spot emerging risks and opportunities with independent global reporting, expert commentary and analysis you can trust.

Keywords: ft, weekend, access, emerging, family

Full article on ft.com | 204 Points and 184 Comments

SymbOS: Graphical Z80 Multitasking Operating System

Summary: Preemptive multitasking - 1024 Kb dynamic memory - 2 terabyte filesystem - 100% flexible windows GUI - network capable available for your Amstrad CPC, MSX, Amstrad PCW and Enterprise 64128

Keywords: amstrad, multitasking, pcw, memory, kb

Full article on symbos.de | 199 Points and 95 Comments

TeaVM – Ahead-of-time transpiler of Java bytecode to JavaScript or WebAssembly

Summary: TeaVM is an ahead-of-time translating compiler (transpiler) of Java bytecode, that’s capable of emitting JavaScript and WebAssembly.

Keywords: teavm, java, code, framework, efficient

Full article on teavm.org | 190 Points and 124 Comments

The Rate of Return on Everything, 1870–2015 [pdf]

Full article on frbsf.org | 188 Points and 138 Comments

Christopher Nolan: The power of people and why 2001 should be preschool viewing

Summary: The 47-year-old filmmaker, clad in his familiar sartorial uniform (blue dress shirt, gray waistcoat, navy jacket), takes a seat behind his desk on a mid-November day, mug of Earl Grey tea at the ready.

Keywords: film, people, dunkirk, films, movies

Full article on latimes.com | 180 Points and 213 Comments

Uber Co-Founder Travis Kalanick Said to Plan Sale of 29% of Stake

Summary: Terms of the deal bar sellers from parting with more than 58 percent of shares initially offered, requiring Kalanick to sell a smaller portion of his stake.

Keywords: uber, kalanick, company, percent, people

Full article on bloomberg.com | 177 Points and 267 Comments

Mailgun Security Incident and Important Customer Information

Summary: On January 3, 2018, Mailgun became aware of an incident in which a customer’s API key was compromised and immediately began diagnostics to help determine the cause and the scope of impact.

Keywords: mailgun, affected, account, notified, compromised

Full article on blog.mailgun.com | 173 Points and 57 Comments

Meltdown fix impact on Redis performances in virtualized environments

Full article on gist.github.com | 166 Points and 67 Comments

WebGraphviz: Graphviz in the Browser

Summary: Sample 1Sample 2Sample 3Sample 4Sample 5 digraph G { “Welcome” -> “To” “To” -> “Web” “To” -> “GraphViz!”

Keywords: graphviz, data, sample, digraph, browser

Full article on webgraphviz.com | 155 Points and 20 Comments

How does GDB call functions?

Summary: it lets you treat gdb a little bit like a C REPL, which is fun and I imagine could be useful for development utility functions to display / navigate complex data structures quickly while debugging in gdb (thanks @invalidop ) set an arbitrary process’s namespace while it’s running (featuring a not-so-surprising appearance from my colleague nelhage !)

Keywords: gdb, function, stack, address, instruction

Full article on jvns.ca | 155 Points and 29 Comments

The State of Vacuum in Postgres

Summary: Putting a vacuumdb command in cron, scheduled to run every 6 hours, was sufficient for my needs at the time, but it only worked because my database was small and handled a limited amount of traffic.

Keywords: vacuum, table, postgresql, time, tables

Full article on rhaas.blogspot.com | 149 Points and 48 Comments

Great things and people that I discovered, learned, read, met, etc in 2017

Summary: Inventing the LISA user interface by Perkins, Ludolph, and Keller ( WWW ) – I’m perpetually interested in retrocomputing topics, especially those with lessons that extend into modern system design considerations.

Keywords: read, favorite, books, language, game

Full article on blog.fogus.me | 144 Points and 23 Comments

Potential Impact of Spectre on Processors in the Power family

Full article on ibm.com | 143 Points and 29 Comments

Xen Project Spectre/Meltdown FAQ

Summary: Lars has 9 years of experience building and leading engineering teams and a track record of executing several change programs impacting 1000 users.

Keywords: xen, mode, pv, information, meltdown

Full article on blog.xenproject.org | 138 Points and 32 Comments

A ‘Brief’ History of Neural Nets and Deep Learning, Part 4 (2015)

Summary: (Source) The paper concluded by showing that deep belief networks (DBNs) had state of the art performance on the standard MNIST character recognition dataset, significantly outperforming normal neural nets with only a few layers.

Keywords: learning, neural, deep, hinton, nets

Full article on andreykurenkov.com | 133 Points and 7 Comments

A Generative Approach to Simulating Watercolor Paints from Scratch

Summary: I’ll include some Haskell sample code below for guidance because I had a good deal of trouble understanding handwavy guides like this when I first implemented it.

Keywords: polygon, edges, polygons, pixel, edge

Full article on blog.paytonturnage.com | 130 Points and 17 Comments

The Foundations of Mathematics (2007) [pdf]

Full article on math.wisc.edu | 124 Points and 30 Comments

When F00F bug hit 20 years ago, Intel reacted the same way

Summary: Moen, who can be caustic about the reaction of companies to situations such as this, noted in his post: “One interesting aspect of all this is how well both Intel and Microsoft have mastered the art of damage control via management of on-line bug information.

Keywords: intel, bug, moen, pentium, page

Full article on itwire.com | 117 Points and 18 Comments

Generative Adversarial Networks Code in PyTorch and Tensorflow

Summary: Multiple Generative Adversarial Networks (GANs) implemented in PyTorch and Tensorflow

Keywords: jan, pytorch, images, mnist, vanilla

Full article on github.com | 113 Points and 6 Comments

Machine Learning Projects for the Past Year

Summary: This is an extremely competitive list and it carefully picks the best open source Machine Learning libraries, datasets and apps published between January and December 2017.

Keywords: stars, github, courtesy, learning, machine

Full article on medium.mybridge.co | 111 Points and 2 Comments

Racket-On-Chez Status

Summary: All benchmarks were run in safe mode and without Gustavo’s work-in-progress addition to the Chez Scheme compiler that can eliminate some runtime checks and related dead code.

Keywords: racket, scheme, chez, expander, current

Full article on blog.racket-lang.org | 104 Points and 13 Comments

Neurovis: Visualizing brain signals in 3D in real-time

Summary: Streaming data from local files, the cloud or connected headsets improves memory usage and computational performance.

Keywords: data, applications, eeg, visualisation, neurovis

Full article on neuropro.ch | 103 Points and 52 Comments

The Future of Transmit iOS

Summary: I think we made an app that is beautiful, elegant, and extremely powerful — a really great way to manage files on iOS with a wide variety of server types.

Keywords: ios, transmit, app, mac, files

Full article on panic.com | 102 Points and 69 Comments

Show HN: Ipfs-dropzone, a subclass of Dropzone.js that publishes to IPFS

Summary: Instead of uploading the dropped files to an URL, this subclass of Dropzone.js publishes them to IPFS with js-ipfs (no running local nodes needed).

Keywords: dec, files, dependencies, latest, property

Full article on github.com | 102 Points and 71 Comments

‎Chromium Security‎: Site Isolation

Summary: There is additional work underway to let Site Isolation offer protection against even more severe security bugs, where a malicious web page gains complete control over its process (also known as “arbitrary code execution”).

Keywords: chrome, sites, site, isolation, isolating

Full article on chromium.org | 93 Points and 33 Comments

About the security content of updates for High Sierra, Sierra, El Capitan

Summary: Description: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

Keywords: sierra, macos, high, memory, description

Full article on support.apple.com | 92 Points and 29 Comments

I was given new hands for Christmas

Summary: The guest speaker was Mark Holden, a senior lawyer, who after hearing my story, spoke to a Kansas congressman, who appealed to the insurers on my behalf.

Keywords: hands, mark, put, man, kansas

Full article on theguardian.com | 91 Points and 60 Comments

Fantastic Timers: High-Resolution Microarchitectural Attacks in JS (2017) [pdf]

Full article on gruss.cc | 83 Points and 31 Comments

Show HN: Compiler using Lisp’s macro system for metaprogramming C-like languages

Summary: Here we define a recursively expanding macrolet, match-int , that inserts conditional clauses (as in (if (regexec ….)) and also checks to terminate the iteration (with ,(lisp (if …)) ).

Keywords: lisp, decl, symbols, type, initializer

Full article on github.com | 76 Points and 34 Comments

Rise of Bitcoin Competitor Ripple Creates Wealth to Rival Zuckerberg

Summary: The company’s board includes the former top financial regulator in New York state, Benjamin M. Lawsky, and Gene Sperling, who was the director of the National Economic Council under Presidents Barack Obama and Bill Clinton.

Keywords: ripple, virtual, tokens, currency, company

Full article on nytimes.com | 76 Points and 104 Comments

Idyll Language – Author interactive narratives for the web

Summary: Idyll helps you create documents that use common narrative techniques such as embedding interactive charts and graphs, responding to scroll events, and explorable explanations .

Keywords: idyll, entire, interactive, examples, react

Full article on idyll-lang.org | 75 Points and 12 Comments

Physicists Aim to Classify All Possible Phases of Matter

Summary: Led by dozens of top theorists, with input from mathematicians, researchers have already classified a huge swath of phases that can arise in one or two spatial dimensions by relating them to topology: the math that describes invariant properties of shapes like the sphere and the torus.

Keywords: phases, quantum, particles, topological, matter

Full article on quantamagazine.org | 70 Points and 13 Comments

Uncanny Valley (2016)

Summary: I keep scrolling until I hit a video of this year’s after-party, which looks like it was filmed in a club or at a flashy bar mitzvah, save for the company logo projected onto the wall: flashing colored lights illuminate men in stripped-down suits and women in cocktail dresses, all of them bouncing up and down, waving glow sticks and lightsabers to a background of electronic dance music.

Keywords: ve, people, company, office, back

Full article on nplusonemag.com | 68 Points and 23 Comments

World Leaders on Twitter

Full article on blog.twitter.com | 63 Points and 97 Comments

Tim Cook Stumbles at His Specialty, Shipping Apple Products on Time

Summary: With Mr. Cook as CEO, though, Apple’s new gadgets are consistently late, prompting questions among analysts and other close observers about whether the technology giant is losing some of its competitive edge.

Keywords: apple, cook, tim, products, specialty

Full article on wsj.com | 62 Points and 91 Comments

Warming Ocean Temperatures Are Starving Reefs and Harming Marine Life

Summary: A Fivefold Change Researchers, led by Terry Hughes, director of the ARC Centre of Excellence for Coral Reef Studies at James Cook University, analyzed bleaching records at 100 sites across 54 countries from 1980 to 2016.

Keywords: bleaching, corals, coral, events, reefs

Full article on newsweek.com | 62 Points and 27 Comments

Privacy Incident Involving DHS OIG Case Management System

Summary: This privacy incident involved the release of personally identifiable information (PII) contained in the DHS OIG case management system and affects two groups of individuals.

Keywords: dhs, information, oig, credit, identity

Full article on dhs.gov | 61 Points and 25 Comments

FCC Chairman Ajit Pai canceled his appearance at CES because of death threats

Summary: Federal Communications Commission Chairman Ajit Pai canceled his scheduled appearance at a major upcoming tech industry trade show after receiving death threats, two agency sources told Recode on Thursday.

Keywords: pai, fcc, threats, public, trade

Full article on recode.net | 58 Points and 48 Comments

NeuG USB True Random Number Generator

Full article on shop.fsf.org | 57 Points and 90 Comments

Show HN: My first HTML Demo

Summary: I also hava an older sister, Sharon, that is 17 but goes to Fuhsing instead of TAS since she only has a Taiwan passport.

Keywords: taiwan, tas, glenn, raised, li

Full article on glennthealien.github.io | 56 Points and 39 Comments

Apple Says All Macs, iPhones and iPads Exposed to Chip Security Flaws

Summary: Apple Inc. said all Mac computers and iOS devices, like iPhones and iPads, are affected by chip security flaws unearthed this week, but the company stressed there are no known exploits impacting users.

Keywords: apple, company, security, devices, software

Full article on bloomberg.com | 56 Points and 40 Comments

Update on the Twitter Archive at the Library of Congress

Summary: In the years since, the social media landscape has changed significantly, with new platforms, an explosion in use, terms of service and functionality shifting frequently and lessons learned about privacy and other concerns.

Keywords: library, collections, tweet, twitter, text

Full article on blogs.loc.gov | 55 Points and 42 Comments

What If Sugar Is Worse Than Just Empty Calories?

Summary: During a keynote address at the 2016 annual meeting of the US National Academy of Medicine, the World Health Organization’s then director general, Margaret Chan, described the twin epidemics of obesity and diabetes worldwide as a “slow-motion disaster”—explosions in the prevalence of these related disorders that frankly strain the imagination.

Keywords: sugar, diabetes, obesity, disease, health

Full article on bmj.com | 55 Points and 31 Comments

Corporate B.S. Generator

Summary: appropriately assertively authoritatively collaboratively compellingly competently completely continually conveniently credibly distinctively dramatically dynamically efficiently energistically enthusiastically fungibly globally holisticly interactively intrinsically monotonectally objectively phosfluorescently proactively professionally progressively quickly rapidiously seamlessly synergistically uniquelyactualize administrate aggregate architect benchmark brand build cloudify communicate conceptualize coordinate create cultivate customize deliver deploy develop dinintermediate disseminate drive embrace e-enable empower enable engage engineer enhance envisioneer evisculate evolve expedite exploit extend fabricate facilitate fashion formulate foster generate grow harness impact implement incentivize incubate initiate innovate integrate iterate leverage existing leverage other’s maintain matrix maximize mesh monetize morph myocardinate negotiate network optimize orchestrate parallel task plagiarize pontificate predominate procrastinate productivate productize promote provide access to pursue recaptiualize reconceptualize redefine re-engineer reintermediate reinvent repurpose restore revolutionize right-shore scale seize simplify strategize streamline supply syndicate synergize synthesize target transform transition underwhelm unleash utilize visualize whiteboard 247 24365 accurate adaptive agile alternative an expanded array of B2B B2C backend backward-compatible best-of-breed bleeding-edge bricks-and-clicks business clicks-and-mortar client-based client-centered client-centric client-focused cloud-based cloud-centric cloudified collaborative compelling competitive cooperative corporate cost effective covalent cross functional cross-media cross-platform cross-unit customer directed customized cutting-edge distinctive distributed diverse dynamic e-business economically sound effective efficient elastic emerging empowered enabled end-to-end enterprise enterprise-wide equity invested error-free ethical excellent exceptional extensible extensive flexible focused frictionless front-end fully researched fully tested functional functionalized fungible future-proof global go forward goal-oriented granular high standards in high-payoff hyperscale high-quality highly efficient holistic impactful inexpensive innovative installed base integrated interactive interdependent intermandated interoperable intuitive just in time leading-edge leveraged long-term high-impact low-risk high-yield magnetic maintainable market positioning market-driven mission-critical multidisciplinary multifunctional multimedia based next-generation on-demand one-to-one open-source optimal orthogonal out-of-the-box pandemic parallel performance based plug-and-play premier premium principle-centered proactive process-centric professional progressive prospective quality real-time reliable resource-sucking resource-maximizing resource-leveling revolutionary robust scalable seamless stand-alone standardized standards compliant state of the art sticky strategic superior sustainable synergistic tactical team building team driven technically sound timely top-line transparent turnkey ubiquitous unique user-centric user friendly value-added vertical viral virtual visionary web-enabled wireless world-class worldwide action items alignments applications architectures bandwidth benefits best practices catalysts for change channels clouds collaboration and idea-sharing communities content convergence core competencies customer service data deliverables e-business e-commerce e-markets e-tailers e-services experiences expertise functionalities fungibility growth strategies human capital ideas imperatives infomediaries information infrastructures initiatives innovation intellectual capital interfaces internal or “organic” sources leadership leadership skills manufactured products markets materials meta-services methodologies methods of empowerment metrics mindshare models networks niches niche markets nosql opportunities “outside the box” thinking outsourcing paradigms partnerships platforms portals potentialities rocess improvements processes products quality vectors relationships resources results ROI scenarios schemas scrums services solutions sources sprints strategic theme areas storage supply chains synergy systems technologies technology testing procedures total linkage users value vortals web-readiness web services wins virtualization

Keywords: based, leverage, capital, supply, effective

Full article on atrixnet.com | 53 Points and 21 Comments

Intel CEO sold all the stock he could after Intel learned of security bug

Summary: In August, three Equifax executives sold blocks of stock just a few weeks before the company revealed its massive security breach.

Keywords: intel, stock, krzanich, sold, sale

Full article on arstechnica.com | 53 Points and 1 Comments