1. We spent $20 to achieve RCE and accidentally became the admins of .mobi
Total comment counts : 35
Summary
In this article, the author discusses their research on vulnerabilities in WHOIS clients and how they parse responses from WHOIS servers. They discovered that the WHOIS server for the .MOBI TLD had migrated to a new domain and the old domain had expired. They decided to acquire the expired domain and set up a WHOIS server behind it. They found that many systems were actively speaking to their server, and they identified several Certificate Authorities using their server to determine domain ownership and verification details. This unintentionally undermined the CA process for the entire .mobi TLD. The author acknowledges the importance of this process for the security of internet communication and expresses their exasperation with the situation. They mention their initial intention to find vulnerabilities in WHOIS clients but ended up witnessing the foundation of secure internet communication crumble. The author also addresses skeptics who questioned the realism of their attack scenario, stating that it would require the resources and capabilities of a nation-state or someone with expertise in compromising TLD WHOIS servers.
Top 1 Comment Summary
The article suggests that one of the errors that led to a recent exploit could have been prevented if the WHOIS server for the .MOBI TLD had not been allowed to expire. The author advises businesses never to let a domain expire because once it is associated with the business, the association cannot be removed.
Top 2 Comment Summary
The article highlights concern over the ongoing presence of the internet, with the author expressing a belief that it could suddenly disappear due to malicious activities carried out remotely using a Raspberry Pi and a coffee shop’s wifi hotspot.
2. The magic of DC-DC voltage conversion (2023)
Total comment counts : 20
Summary
The article discusses the concept of voltage conversion in consumer electronic devices. It explains that DC voltage conversion is necessary because the voltage provided by batteries or cheap wall adapter is not suitable for all parts of the circuit. The article explores different methods of voltage conversion, such as resistor-based voltage dividers and transistor-based voltage followers. It also highlights the limitations and challenges associated with these methods. The article concludes by suggesting improvements to linear regulators, which are commonly used for voltage conversion.
Top 1 Comment Summary
DC-DC converters are efficient power supplies that convert current through an inductor into a voltage spike, which can be used to charge a capacitor and produce DC output. These converters have low resistance in the power path, resulting in high efficiency. However, they can be a fire hazard and require safety measures such as inrush current limiters and fuses. There are different types of DC-DC converters, including boost converters, buck converters, and transformers, with the latter being necessary for isolating the input from the output when using AC power. The article also mentions a specific DC-DC converter design that uses a USB input and generates 120VDC output for operating antique teletype machines. The circuit includes components like ferrite beads and capacitors to minimize noise.
Top 2 Comment Summary
The article discusses the connection between Boost Converters and Hydraulic Rams. It explains that a Hydraulic Ram is a device that uses the kinetic energy of a stream to pump water to a higher location without needing any other power source. The article also mentions that the equations for these two devices are similar, but the units differ.
3. How economical is your local Taco Bell?
Total comment counts : 46
Summary
This article is about a website that displays the prices of different menu items at Taco Bell in the US. The prices listed on the site are accurate at the time of retrieval and are sourced from Taco Bell’s official mobile ordering system.
Top 1 Comment Summary
The author of the article states that their local Taco Bell is the most expensive one listed. However, the restaurant is currently closed and has been replaced by a costly and subpar dumpling restaurant.
Top 2 Comment Summary
The legendary Taco Bell in Pacifica is not the most expensive one, but it comes close. This particular location has a fireplace, serves margaritas, and has a walk-up window for surfers.
4. Possibly all the ways to get loop-finding in graphs wrong
Total comment counts : 12
Summary
The article discusses the problem of checking for loops in graphs in puzzle games. The author explains that they have tried multiple algorithms to solve this problem but none were satisfactory. They decided to write about their mistakes and the effort wasted in order to find a better solution. The author then describes using a data structure called the disjoint-set forest (dsf), also known as the union-find data structure, to efficiently track equivalence between elements in a set. They mention that the dsf is a crucial component in their puzzle collection and is used by the automated solver to determine if adding an edge in the graph would create a loop.
Top 1 Comment Summary
The article mentions the disjoint-set data structure, which the reader was unfamiliar with. They found that its implementation has a complex asymptotic complexity that utilizes the inverse Ackermann function. The reader also expresses surprise at the claim of “almost constant time” in its performance.
Top 2 Comment Summary
The article discusses the benefits of using Floyd’s tortoise and hare algorithm for finding cycles in a directed acyclic graph (DAG) with low memory usage. The algorithm is considered handy in this context.
5. Breaking Bell’s Inequality with Monte Carlo Simulations in Python
Total comment counts : 8
Summary
This article explores a game called the Bell game that challenges classical physics and introduces quantum mechanics. The game involves three players - Alice, Bob, and Victor - who perform experiments to test Bell’s theorem. The players use measurement devices to determine if the physical world can be explained by deterministic local hidden variables. The article explains how classical strategies adhere to Bell’s inequality and how non-local action-at-a-distance and entangled qubits can break it. The goal of the game is to compute the Bell statistic, which quantifies the correlation between Alice and Bob’s measurement outcomes. The article provides a mathematical formula for calculating the Bell statistic and discusses the implications of deterministic local hidden variables on the result.
Top 1 Comment Summary
The article discusses the availability of widgets that allow users to input strategies for a violation of Bell inequalities. These widgets perform a Monte Carlo sampling of the strategies and present their success rate. There are two types of widgets available - one for classical strategies and one for quantum strategies. The classical widget prevents cheating by restricting access to global variables, while the quantum widget allows for cheating in order to accurately simulate quantum mechanics. The author mentions that playing around with these widgets has helped some people understand the concept of Bell inequalities.
Top 2 Comment Summary
This article highlights the importance of code in making mechanisms concrete and eliminating vague explanations. The author also expresses the desire for a direct explanation for why the red matrix is transposed.
6. Consent-O-Matic – automatically fills ubiquitous pop-ups with your preferences
Total comment counts : 32
Summary
The article discusses how most websites use tracking technologies to collect user data and require permission through consent pop-ups. However, 90% of these pop-ups use “dark patterns” that make it difficult to decline consent. The use of dark patterns is illegal, but enforcement is lacking. The Consent-O-Matic browser extension is introduced as a tool that automatically fills out consent pop-ups based on user preferences, even when they employ dark patterns. The extension can be installed on Chrome, Firefox, Safari, and Edge for desktop, as well as Safari for mobile. Consent-O-Matic is open-source and does not process personal data. The extension only stores minimal data on the user’s computer, and this data can be easily deleted. The extension may request access to user data to interact with consent pop-ups but does not collect information about visited websites or user activities. Reports of malfunctioning pop-ups may be sent to the developers, who store and analyze the URLs for improvement. Additionally, the Consent-O-Matic website collects certain data for security and performance evaluation purposes, which is stored for a limited time. Users have rights over their personal data and can contact the developers for inquiries or to exercise these rights.
Top 1 Comment Summary
The author expresses their satisfaction with a tool they have been using for a couple of years, which is owned by the University of Aarhus. They appreciate the association with academia as it increases their trust in the tool’s access to their browsing data. The author calls for browser vendors to improve permission models to prevent malicious plugins from accessing and exploiting browsing data. They propose a policy where plugins can only make network requests to predefined endpoints with specific headers and data, thereby safeguarding browsing history.
Top 2 Comment Summary
This article discusses the upcoming eprivacy regulation in Europe that aims to transfer opt-in choices from individual websites to the browser. The regulation intends to provide users with more control over their privacy by consolidating these choices in the browser. The link provided leads to the full text of the regulation.
7. Jeremy Couillard’s video games capture what it’s like to be alive
Total comment counts : 7
Summary
error
Top 1 Comment Summary
The article mentions that the game “Escape From Lavender Island” is available to play on Steam, specifically for Windows. The game can be found on the Steam website with the provided link.
Top 2 Comment Summary
The article discusses the game “Dream Emulator” for PlayStation 1, comparing it to LSD: Dream Emulator but without the disturbing atmosphere. The author expresses their positive opinion of the game but also reflects on how their passion for video games has diminished as they’ve gotten older. They feel anxiety when trying to play games again due to the amount of time they spent on them in their youth and adulthood.
8. What is the best pointer tagging method?
Total comment counts : 10
Summary
The article explores pointer tagging, which involves encoding metadata into a word-sized pointer. This allows for a compact representation that can be efficiently processed by compilers. The author tests different ways of encoding tagged pointers and compares their performance. They find that alignment bit tagging performs well, especially for pointers with a tag value of zero. However, when dealing with non-zero tags, additional instructions are required to remove the tag before dereferencing the pointer. The author also notes that different compilers handle optimizations differently, with GCC outperforming LLVM in some cases. Additionally, the article mentions that the performance of tagged pointers can vary depending on the instruction set architecture, with low-byte tagging being faster on x86 compared to ARM. Overall, the article provides insights into the optimization potential and trade-offs of using pointer tagging in programming languages.
Top 1 Comment Summary
The article states that ARM is not the only major vendor with support for TBI (Top Byte Identity). Intel and AMD also have variants of TBI on their chips, known as Linear Address Masking and Upper Address Ignore respectively. However, the implementation of TBI in these chips differs from ARM’s TBI, as they mask off different bits of the address.
Top 2 Comment Summary
The article discusses the benefits of nan-boxing. One benefit is that nan-boxing avoids the need to dereference a pointer to obtain a float. Another benefit is that by using nan-boxing, floats can be stored inline instead of on the heap, which saves space and time, especially in numerical code where many numbers are allocated.
9. Some of us like “interdiff” code review
Total comment counts : 44
Summary
The article discusses the use of Gerrit Code Review, an open source tool that works with Git repositories, for code review. It highlights the importance of code review and how different tools handle the process differently. It explains the drawbacks of using GitHub for code review and introduces the concept of “diff soup” where changes become mixed together and difficult to track. The article emphasizes the need for a structured and efficient code review process.
Top 1 Comment Summary
The article discusses a workflow used by the author when collaborating on GitHub. The process involves incorporating feedback from reviewers and merging code changes. The main disadvantages are that it requires more work from the author and may not be obvious to collaborators. However, it offers advantages such as allowing reviewers to view differences without breaking git blame
and git bisect
. The author uses the command git commit --fixup <commit hash>
to incorporate reviewer feedback and leaves a comment with the fixup commit hash. When the pull request is approved, the author merges the changes using git rebase --interactive origin/main --autosquash
to combine fixup commits with the original ones. Finally, a git push --force-with-lease
is executed to push the changes and merge them. The author notes the reliance on terminal autocomplete for efficiency and mentions that using a tool that supports and encourages this workflow would be beneficial. Although the author feels limited to using GitHub, they consider the workflow acceptable.
Top 2 Comment Summary
The author agrees that the way Github handles updates is terrible and believes it is unfortunate that many people have gotten used to it. They mention using Phabricator for updates, which involved a somewhat-manual process, but it was made easier with command line macros. The author suggests that having a dedicated user interface for updates would be even better.
10. AppleWatchAmmeter
Total comment counts : 7
Summary
This article discusses how to turn an Apple Watch or any watch with an accessible magnetometer into an ammeter to measure DC currents. It explains that newer Apple Watches, starting from Series 5, have a compass that also contains a magnetometer sensitive to magnetic fields from nearby currents. The article outlines the steps to use a coil of wire around the watch to alter the magnetic field sensed, and provides a formula for calculating the magnetic field generated by the coil. It suggests that an app can be used to calibrate and display the current in Amperes, and mentions that only DC currents can be detected since the magnetometer is too slow to react to AC currents. The article concludes by mentioning the sensitivity of the coil and the possibility of discerning small changes in current with careful observations.
Top 1 Comment Summary
The article discusses a previous trend of DIY biohacking, where people would implant magnets into their pinky fingers in order to develop a “sixth sense” of detecting the flow of current. The author asks if this trend is still ongoing.
Top 2 Comment Summary
The article discusses the magnetic field generated by a circular coil of wire with N turns and a diameter D. It states that the magnetic field can be calculated using the formula B = u0.I/D, where u0 represents the vacuum magnetic permeability. The vacuum magnetic permeability is further explained as a magic constant defined to be 4.π.10^-7. The article provides a link to the Wikipedia page on vacuum permeability for more information.