Sapere Aude
Tag: software
root cause: dummy companies not patching their systems. these things will continue until everyone in the world is on auto update.
A new strain of ransomware dubbed “Petya” is worming its way around the world with alarming speed. The malware is spreading using a vulnerability in Microsoft Windows that the software giant patched in March 2017 — the same bug that was exploited by the recent and prolific WannaCry ransomware strain.
IEEE floats are broken. Posits beat floats at their own game:
• superior accuracy, dynamic range, closure
• Bitwise-reproducible answers (at last!)
• Proven better answers with same number of bits
• …or, equally good answers with fewer bits
• Simpler, more elegant design can reduce silicon cost, energy, and latency.
The team at MIT hopes that Foundry will become 3D printing’s analog to graphic design’s Photoshop. To aid rapid prototyping, the platform enables the designer to assign distinct material properties to each part in a composite print. For example, it could produce a dental appliance containing a rigid, tooth-like material connected to a softer and more malleable material to merge with the gums.
i’m always amazed about how powerful mathematica is and then sad about how niche it is. not sure they could do better if they went the R route (open source things) as more and more they’re vertically integrated, but i do wonder what things would be like if it were much more widely used in education and business.
what’s the big new thing in Version 11? Well, it’s not 1 big thing; it’s many big things. To give a sense of scale, there are 555 completely new functions that we’re adding in Version 11—representing a huge amount of new functionality (by comparison, Version 1 had a total of 551 functions altogether). And actually that function count is even an underrepresentation—because it doesn’t include the vast deepening of many existing functions.
Ms. Watson wrote things like “Yep!” and “we’d love to,” speaking on behalf of her fellow TAs, in the online forum where students discussed coursework and submitted projects. “It seemed very much like a normal conversation with a human being”. Shreyas Vidyarthi ascribed human attributes to the TA—imagining her as a friendly Caucasian 20-something on her way to a Ph.D. Students were told of their guinea-pig status last month. “I was flabbergasted”. “Just when I wanted to nominate Jill Watson as an outstanding TA”.
They’re easy to identify though: No one in academia answers emails right away. To look realistic, build in a 3 week response delay.
Nice! Defanged malware.
Why Symantec shouldn’t be trusted with anything, certainly not “security”
In this timeline of events, it becomes obvious that many examples selected were of a specific CA’s failures. This CA was intentionally chosen to show that these concerns are not isolated one-off incidents from a variety of unrelated CAs, but a long-term pattern of behavior. Unfortunately, a number of CAs have similarly problematic histories, so these issues are by no means limited to this single CA. The most vocal critics of the SHA-1 deprecation in the CA industry, and the most vocal advocates of ways in which to extend the dates, have repeatedly abused the concessions and delays afforded in the past, to the point of causing serious and long-lasting harm to the security of the Internet.
When you can’t take a bus to get where you need to go, a rickshaw is the next best option. In Lahore, rickshaws run for 200 rupees, compared to 500 rupees for taxis. “That is why rickshaws are the go-to transport for the people of Lahore and all of Pakistan, except Islamabad, where there are only taxis”. But the city of Lahore caps rickshaw registrations at 100k, and the vehicles are restricted from many residential areas. “Almost all of the drivers complained that each district should provide them their local rickshaw stands where they can park their rickshaw and wait for the rides, instead of being told to hide behind market areas or outside of residential societies”. A typical driver wastes half his day just waiting for fares to come to him. Travly cuts out the idle time, and in the future, Khan hopes to streamline the process even further with special vehicle tags that would allow rickshaws to pass through security in residential areas.
Another industry is learning the hard way that they suck at software.
Imagine it’s 1995, and you’re about to put your company’s office on the Internet. Your security has been solid in the past—you’ve banned people from bringing floppies to work with games, you’ve installed virus scanners, and you run file server backups every night. So, you set up the Internet router and give everyone TCP/IP addresses. It’s not like you’re NASA or the Pentagon or something, so what could go wrong?
That, in essence, is the security posture of many modern automobiles—a network of sensors and controllers that have been tuned to perform flawlessly under normal use, with little more than a firewall (or in some cases, not even that) protecting it from attack once connected to the big, bad Internet world.
an overview of the nest of vipers doing 0day business with hacking team. all these companies are good targets for being taken down.
The recent compromise of Hacking Team’s email archive offers 1 of the first public case studies of the market for 0days. Because of its secretive nature, this market has been the source of endless debates on the ethics of its participants. The archive also offers insight into the capabilities and limits of offensive-intrusion software developers.
Gregor J. Rothfuss 