1. Firefox tooltip bug fixed after 22 years

Total comment counts : 68

Summary

The article discusses a bug in the XUL language, which is an XML-based language used for Mozilla’s user interface. The bug causes tooltips from Thunderbird to interfere with work in other windows. The bug has been open for 21 years and is still occurring in the latest versions of Firefox and Thunderbird. Some users have suggested disabling tooltips as a workaround. Various steps to reproduce the bug and potential fixes are discussed, including one related to the MOZ_ENV_XINPUT2 setting.

Top 1 Comment Summary

The article highlights Mike Conley’s livestreams of his development work at Mozilla where he demonstrates how to find and fix bugs in the Firefox codebase. The livestreams involve selecting a bug from the backlog and meticulously resolving it. It is recommended for beginners in programming who want to understand the real-world work in a codebase.

Top 2 Comment Summary

Mozilla has been recognized for addressing a bug that causes mouse positioning issues while launching full-screen games. This bug often triggers tooltips to appear over the game, making it difficult to navigate. Mozilla’s prompt response to this bug is appreciated, and users are hopeful for more bug fixes in the future.

2. The largest DDoS attack to date, peaking above 398M rps

Total comment counts : 34

Summary

Google’s DDoS Response Team has noticed a significant increase in the size of distributed denial-of-service (DDoS) attacks in recent years. They recently prevented an attack that was 7½ times larger than the previous largest attack, reaching a peak of 398 million requests per second (rps). These attacks, which began in August, targeted major infrastructure providers, including Google services and Google Cloud infrastructure. Google collaborated with industry partners to understand the attack methods and develop mitigations. The attacks utilized a novel “Rapid Reset” technique based on stream multiplexing in the HTTP/2 protocol. Google was able to mitigate the attacks by leveraging their edge capacity and updating their defenses. They also coordinated with other cloud providers and software maintainers to share intelligence and develop patches. The collective susceptibility to this attack has been designated as a high severity vulnerability. Organizations using HTTP-based workloads should verify their servers’ vulnerability and apply patches to limit the impact. Google Cloud customers can take advantage of Cloud Armor’s DDoS protection, which includes proactive rate limiting rules and AI-powered Adaptive Protection.

Top 1 Comment Summary

The article discusses two ongoing threads related to HTTP/2 ‘Rapid Reset’ DDoS attacks and HTTP/2 Zero-Day Vulnerability resulting in record-breaking DDoS attacks.

Top 2 Comment Summary

The author is questioning the motives behind Distributed Denial of Service (DDoS) attacks and speculating that foreign governments might be responsible. They acknowledge that these attacks inconvenience American tech companies and their customers, but the author wonders why someone would invest significant resources into such attacks. Ultimately, they are seeking insight into the reasons behind these actions.

3. ECC RAM on AMD Ryzen 7000 Desktop CPUs

Total comment counts : 26

Summary

The author discusses the absence of error-corrected memory (ECC RAM) support on AMD Ryzen 7000 CPUs and new Socket AM5 motherboards. They share their experience of attempting to enable ECC RAM on an ASRock motherboard and provide evidence of its functionality using Linux commands. The author also explains the sources of the information provided by the system and clarifies that ECC support is determined by the memory controller. They conclude that ECC RAM can be used on Ryzen 7000 desktop CPUs with ASRock motherboards and emphasize its importance for reliability.

Top 1 Comment Summary

The article discusses the author’s experience with ECC (Error Correcting Code) support on the AMD AM4 platform with a Zen3 APU core. The author confirms that ECC support is present on their system, providing a command output that shows corrected errors without any required action. The system used for testing is an ASRock B550M-ITX/ac motherboard with an AMD Ryzen 5 PRO 5650G processor, although the same functionality was observed with a Ryzen 5 3600 CPU when using a dedicated GPU for video output. The article also mentions the use of the “rasdaemon” service to detect and log ECC activity on GNU/Linux systems, which decodes and persists hardware-related errors to a database.

Top 2 Comment Summary

The author of the article is interested in upgrading their processor and wants to know if AMD processors and motherboards support ECC RAM. They came across a thread on Reddit where two people were arguing about this topic and were unsure who was right. The author then provides a link to a post that supposedly settles the debate by confirming that the AMD+ASRock combo does support ECC RAM.

4. Extreme parkour with legged robots

Total comment counts : 39

Summary

This article discusses the challenges of teaching robots to perform parkour, which involves navigating obstacles with dynamic movements. Traditionally, engineers have tackled this problem by separately designing perception, actuation, and control systems with stringent requirements. However, humans can learn parkour without altering their biology. In this study, the authors take a similar approach by developing a robot that can perform parkour using a low-cost robot with imprecise actuation and a single front-facing depth camera. They demonstrate that a neural network policy trained in simulation can overcome imprecise sensing and actuation to achieve precise control behavior. The robot is able to perform various parkour moves such as high jumps, long jumps, handstands, and running across tilted ramps. It can also adapt to different obstacle courses.

Top 1 Comment Summary

The article discusses how a single neural network policy, trained through large scale reinforcement learning in simulation, can overcome imprecise sensing and actuation to achieve highly precise control behavior. This approach is simpler compared to how Boston Dynamics operates, which involves working out all the dynamics in simulation first. The article highlights the significance of achieving vision-to-actuators control behavior in one neural network, shedding light on how animals might have evolved this ability. The author also mentions their own attempts at solving this problem in the past, using self-tuning methods, and shares their progress in running up and downhill in 2D in the 1990s.

Top 2 Comment Summary

The article discusses the impressive animal-like behaviors observed in a certain subject. These behaviors include the subject hesitating, coiling its back legs, and making rapid movements to boost itself when jumping. The author wonders if these behaviors are a result of the subject being trained in animal behaviors or if they are emergent behaviors that animals naturally perform.

5. The novel HTTP/2 ‘Rapid Reset’ DDoS attack

Total comment counts : 17

Summary

The article discusses a recent Distributed Denial of Service (DDoS) attack that targeted Google services and Cloud customers. These attacks were larger than previous Layer 7 attacks, with the largest attack reaching 398 million requests per second. However, Google’s global load balancing infrastructure successfully stopped the attacks, and there were no outages. The article explains the methodology behind Layer 7 attacks and how HTTP/2, the protocol used, can be exploited to make DDoS attacks more efficient. It discusses the “Rapid Reset” attack, where the client quickly cancels requests after sending them, which puts an asymmetrical load on the server. The article also mentions two variants of the Rapid Reset attack. The first variant cancels streams in batches, while the second variant tries to open more concurrent streams than the server advertises. Mitigation strategies are suggested, such as closing connections that exceed the concurrent stream limit. The article recommends patching software and enabling protection mechanisms like Application Load Balancer and Google Cloud Armor to defend against these attacks. The article also mentions that HTTP/3 (QUIC) is not currently being used as a DDoS attack vector at scale. Overall, the article highlights the seriousness of these attacks and the importance of implementing appropriate mitigations.

Top 1 Comment Summary

The article highlights two related ongoing threads related to DDoS attacks. The first thread discusses the largest DDoS attack recorded, which reached a peak of over 398 million requests per second. The second thread focuses on a zero-day vulnerability in HTTP/2 that has resulted in record-breaking DDoS attacks.

Top 2 Comment Summary

The article discusses the Haproxy team’s discovery of an issue with HTTP/2 and their efforts to mitigate it in 2018. For more details, you can read the full article here: [link]

6. Simulation Islands

Total comment counts : 7

Summary

The author discusses the importance of island management in physics engines and the impact it has on solver design and performance. They compare three different approaches to island management, focusing on making island building scale better with multiple CPU cores. The article explains the concept of islands in rigid body simulations and their role in optimizing performance, particularly for sleeping and waking rigid bodies. The author discusses the use of depth-first search (DFS) and union-find algorithms for building islands and highlights the limitations of these approaches in a multithreaded context. They then introduce the concept of persistent islands, which are retained across time steps and support incremental addition and removal of bodies and constraints. The author explains how they modified the island structure in Box2D and implemented serial union-find for merging and splitting islands. They also discuss the role of the narrow-phase in driving island management and maintaining determinism in edge additions and removals. The article concludes with performance benchmarks and the positive impact of persistent islands on solver performance.

Top 1 Comment Summary

The author expresses admiration for the creator of Box2D, a physics engine widely used in gaming for the past decade. They hope that the creator has received financial rewards for their work, as it has greatly benefited the game development community. The author also mentions Jolt physics as another impressive example of what one person can achieve, and they express a desire to be able to use it in place of the PhysX engine.

Top 2 Comment Summary

The article discusses the possibility of a deterministic parallel algorithm for union find. It mentions an arxiv paper from April that claims to have such an algorithm. The algorithm processes batches of edges, handling conflicting edges in serial and sequentially processing non-conflicting edges. The paper provides a bound on edge conflicts and uses it to analyze the algorithm’s complexity.

7. How Netflix uses Java

Total comment counts : 19

Summary

The article discusses the presentation given by Paul Bakker, Java Platform at Netflix, at the QCon San Francisco conference. Bakker debunked the myth that Netflix primarily uses RxJava microservices with Hystrix and Spring Cloud. He explained the original architecture of the Netflix movie application, which utilizes REST and gRPC connections to various services. Bakker introduced the GraphQL Federation as an alternative to REST, allowing multiple GraphQL services to be combined into a single schema. He also discussed Netflix’s use of Java, including their support for Azul Zulu 17 and their active testing on JDK 21. Netflix is also exploring the use of virtual threads and supports Spring Cloud.

Top 1 Comment Summary

The article states that 15+ years ago, the author noticed that Java was widely used in a certain place, but not always effectively. They mention a specific app named after a Star Wars character that was likely a violation of the Geneva Convention. The app was poorly coded, performed poorly, and had a bad user experience.

Top 2 Comment Summary

The article discusses the omission of Falcor, Netflix’s alternative to GraphQL and REST, in favor of GraphQL. Despite being simpler to adopt, Falcor did not gain as much popularity.

8. Lensm, a tool for viewing disassembly

Total comment counts : 8

Summary

error

Top 1 Comment Summary

The writer of the article finds it helpful to be able to view disassembly code. They believe it speeds up the process of understanding branches and correlating instructions with source code lines, although it may not be very precise in highly optimized code. The writer suggests that this feature should be included in all IDEs.

Top 2 Comment Summary

The article discusses the importance of specifying that a topic is related to Go in the title.

9. Fair coins tend to land on the same side they started

Total comment counts : 31

Summary

The article introduces arXivLabs, a framework that enables collaboration and development of new features on the arXiv website. It states that individuals and organizations working with arXivLabs embrace values such as openness, community, excellence, and user data privacy. The article also mentions that arXiv works only with partners who adhere to these values. The article concludes by providing information on how to learn more about arXivLabs and receive status notifications via email or slack.

Top 1 Comment Summary

The article describes a method, proposed by Von Neumann, to obtain fair results from a biased coin. The method involves flipping the coin twice, and if the same result is obtained both times, the process is repeated. Once different results are obtained, the first element of the pair of flips is used as the result.

Top 2 Comment Summary

The article discusses a study conducted to determine the probability of a fair coin landing on the same side it started after flipping. The study collected data from 350,757 coin flips and found overwhelming evidence for a “same-side” bias, where the coin is more likely to land on the same side it started. The mean estimate for this bias is 50.8%, with considerable variance among different participants. The study also mentions that betting on the outcome of coin tosses could earn an average of $19 in a series of 1000 flips. The manuscript, data, code, and video recordings from the study are available through specific links provided in the article.

10. A real-time 3D digital map of Tokyo’s public transport system

Total comment counts : 29

Summary

error

Top 1 Comment Summary

The author of the article expresses a desire to move to Tokyo based on the convenient train culture in the city. They acknowledge that the fact that trains stop at night can be inconvenient for nightlife and early morning flights. However, they appreciate the ease of making plans to meet friends at train stations compared to their current car-dependent location. The author specifically mentions that although train culture is not unique to Tokyo, they have experienced it more extensively in cities with train systems, and Tokyo stands out with its abundance of train lines.

Top 2 Comment Summary

The article describes a cool feature of a map that accurately depicts buildings and weather conditions in different locations. It mentions how the graphics show the author’s house in Yokohama correctly, including its height relative to neighboring buildings. Additionally, the map accurately displays current weather information, indicating rain in Tokyo but not in Yokohama.