xz-backdoor.md FAQ on the xz-utils backdoor (CVE-2024-3094) This is still a new situation. There is a lot we don't know. We don't know if there are more possible exploit paths. We only know about this one path. Please update your systems regardless. This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything abo
A few months ago, I set myself the challenge of writing a C compiler in 500 lines of Python1, after writing my SDF donut post. How hard could it be? The answer was, pretty hard, even when dropping quite a few features. But it was also pretty interesting, and the result is surprisingly functional and not too hard to understand! There's too much code for me to comprehensively cover in a single blog
LogLog Games
The article is also available in Chinese. Disclaimer: This post is a very long collection of thoughts and problems I've had over the years, and also addresses some of the arguments I've been repeatedly told. This post expresses my opinion the has been formed over using Rust for gamedev for many thousands of hours over many years, and multiple finished games. This isn't meant to brag or indicate su
Orange Tsai tweeted a few hours ago about “One of [his] PHP vulnerabilities, which affects XAMPP by default”, and we were curious to say the least. XAMPP is a very popular way for administrators and developers to rapidly deploy Apache, PHP, and a bunch of other tools, and any bug that could give us RCE in its default installation sounds pretty tantalizing. Fortunately, for defenders, the bug has o
I was browsing social media this morning, and I saw a claim I’ve seen go past a few times now – that there’s a maximum size for a PDF document: Terrible Maps @TerribleMaps Maximum size of a PDF, version 7: 381 km × 381 km. https://commons.m.wikimedia.org/wiki/File:Seit… 5:14 PM - 30 Jun 2023 Some version of this has been floating around the Internet since 2007, probably earlier. This tweet is pret
As it happened — ADOR CEO Min Hee-jin press conference
3:06 p.m. “I'm telling you to leave, but this is just so difficult for me right now,” Min says. 3:08 p.m. “We have a lot to say today,” reporters are told. “Important things will be discussed, so we ask that you please stop taking photos for now.” 3:11 p.m. “I have become involved in a lot of rumors, in tandem with NewJeans' new music,” Min says. “I..." Min sighs. "I wanted to tell my story after
NOTE: This is based on, but completely rewritten, from a Twitter post: https://x.com/TheGingerBill/status/1802645945642799423 TL;DR It makes Go feel too “functional” rather than being an unabashed imperative language. I recently saw a post on Twitter showing the upcoming Go iterator design for Go 1.23 (August 2024). From what I can gather, many people seem to dislike the design. I wanted to give m
今回の件について|hisa
日本語 osu!絡みで大炎上中のクソ野郎です。 経緯 曲を無断使用している動画に対して著作権侵害報告(7日間の猶予無し) その界隈ではかなり歴史のあるチャンネルが停止 一部の過激な方々の怒りに触れ罵詈雑言や殺害予告や自殺教唆を受ける 毎回、匿名で通報があった動画だけ著作権侵害報告をしています。 (下記のポストはこれのこと) それに対して謝罪の連絡をくれた人に関しては、報告の撤回をしてます。 通報する際にチャンネルの中身までは見てないし、新規のチャンネルだろうが歴史があるチャンネルだろうが違反は違反。 色々な意見を静観し、目立った意見への返答。 「7日間の猶予を与えずすぐ削除するのは何故?過剰な反応。」 被害者であるこちらが何故譲歩しないといけないのでしょうか。 何年も前から自分は定期的にosu!への拒否反応示してますし、Youtubeのチャンネル等にも使用やめてねって書いてます。 それに猶
24 Things Great Scrum Masters Don’t Do. » Growing Scrum Masters
Growing Scrum Masters Scrum Master, Agile Coach, Certified Scrum Trainer and Entrepreneur Being a great scrum master is not just about what you do but also about what you don’t do. It’s all about sidestepping the pitfalls, avoiding the traps, and resisting the lure of those seemingly practical shortcuts that ultimately lead down the rocky road to chaos. In this spirit, we present to you your survi
The teeth are not the only problem 2023-11-05 Table of contents (This is not) a performance review Pulling back the curtain Engine and architecture Attachment issues Renderdoc analysis DOTS instance data update Simulation Virtual texturing cache update Skybox generation Pre-pass The teeth controversy Pre-pass continued, featuring the high poly hall of shame Motion vectors Roads and decals Main pas
Writing CSS In 2023: Is It Any Different Than A Few Years Ago? — Smashing Magazine
CSS is evolving faster than ever. With all of the new features that are now available — and forthcoming — since we got Flexbox and Grid years ago, the way we write CSS is evolving, too. In this article, Geoff Graham shares which features have had the most influence on his current approaches to CSS, as well as those that have not (at least yet). Is there anything in the front-end world that’s evolv
Opening windows in linux with sockets, bare hands and 200 lines of C | Hereket
Opening windows in linux with sockets, bare hands and 200 lines of C Intro In this post I want to create a single file C file program to open a windows inside Linux without using xlib or any similar libraries. The idea is to explore X11 protocol and see how it is used to interact with X server to create windows. Before I had strong association that X11 was some magic thing to manipulate windows an
Nix is a better Docker image builder than Docker's image builder - Xe Iaso
$50 of Fly.io CreditsCoupon code go-fly-nix. Only valid for new accounts that have not used a DevRel coupon code before. The Talk The title slide of the talk. It features a hot air balloon breaking into a shipping container with a crowbar. Art by Annie Rugyt. Hi, I'm Xe Iaso and today I'm gonna get to talk with you about one of my favourite tools: Nix. Nix is many things, but my super hot take is
This is my closing talk (video) from the GopherConAU conference in Sydney, given November 10, 2023, the 14th anniversary of Go being launched as an open source project. The text is interspersed with the slides used in the presentation. What We Got Right, What We Got Wrong INTRODUCTION Hello. Let me start by thanking Katie and Chewy for the giving me the honor of presenting the closing talk for the
So, Mastodon is a nice escape from the big tech social media platforms. Whether it is about ignoring Elon Musk's mood swings on X (or formerly Twitter) or refusing to be a part of Mark Zuckerberg's data points, Mastodon has proved to be an impressive open-source social media platform. While it is privacy-friendly, and lets users take control of their data, the platform is not perfect. Nothing is,
Happy New Year: GPT in 500 lines of SQL - EXPLAIN EXTENDED
Translations: Russian This year, the talk of the town was AI and how it can do everything for you. I like it when someone or something does everything for me. To this end, I decided to ask ChatGPT to write my New Year's post: "Hey ChatGPT. Can you implement a large language model in SQL?" "No, SQL is not suitable for implementing large language models. SQL is a language for managing and querying d
The Bizarre Story Behind Shinzo Abe’s Assassination - The Atlantic
This article was featured in One Story to Read Today, a newsletter in which our editors recommend a single must-read from The Atlantic, Monday through Friday. Sign up for it here. On the last morning of his life, Shinzo Abe arrived in the Japanese city of Nara, famous for its ancient pagodas and sacred deer. His destination was more prosaic: a broad urban intersection across from the city’s main t
Date: June 23, 2023 | Estimated Reading Time: 31 min | Author: Lilian Weng Building agents with LLM (large language model) as its core controller is a cool concept. Several proof-of-concepts demos, such as AutoGPT, GPT-Engineer and BabyAGI, serve as inspiring examples. The potentiality of LLM extends beyond generating well-written copies, stories, essays and programs; it can be framed as a powerfu
Hello again. Obviously, this article deals with adult topics, so don’t read it if you’re under 18. I won’t have any super explicit images on screen, but I don’t recommend reading this in public nonetheless. With that out of the way, I wanna preface this piece with some thoughts. The goal of this Substack is to record parts of VTuber history that have been forgotten or aren’t well known, in a way t
Bloom Filters
This page makes heavy use of JavaScript to visualise the concepts discussed. Viewing it without JavaScript will be a strange experience, as the text talks about the visualisations. I strongly recommend either enabling JavaScript, or not wasting your time. Everyone has a set of tools they use to solve problems. Growing this set helps you to solve ever more difficult problems. In this post, I'm goin
This is why you should never use parser combinators and PEG
Let me tell you why you should (nearly) never use PEG (parsing expression grammars). Nearly everything I will say applies to parser combinators (parsec in Haskell, nom in Rust), too. So, don't use PEG. Use CFGs (context-free grammars) instead. They are more natural. I feel that CFGs more naturally represent how we think. Thus when you have some language in your head and you try to write it down as
Engineering for Slow Internet How to minimize user frustration in Antarctica. Hello everyone! I got partway through writing this post while I was still in Antarctica, but I departed before finishing it. I’m going through my old draft posts, and I found that this one was nearly complete. It’s a bit of a departure from the normal content you’d find on brr.fyi, but it reflects my software / IT engine
Why async Rust?
Async/await syntax in Rust was initially released to much fanfare and excitement. To quote Hacker News at the time: This is going to open the flood gates. I am sure lot of people were just waiting for this moment for Rust adoption. I for one was definitely in this boat. Also, this has all the goodness: open-source, high quality engineering, design in open, large contributors to a complex piece of
It's Time For A Change: datetime.utcnow() Is Now Deprecated
I was going through the release notes of the new Python 3.12 version the other day, and one item caught my attention in the deprecations section: datetime.datetime’s utcnow() and utcfromtimestamp() are deprecated and will be removed in a future version. If you have followed my web development tutorials you must have seen me use utcnow() a lot, so I will clearly need to re-train myself to use an al
A lot of people have been asking if AI is really a big deal for the future of work. We have a new paper that strongly suggests the answer is YES. For the last several months, I been part of a team of social scientists working with Boston Consulting Group, turning their offices into the largest pre-registered experiment on the future of professional work in our AI-haunted age. Our first working pap
Leaders command people. That’s kind of what a leader is: someone with the authority to direct the actions of others. But people don’t often appreciate being commanded. When you step into leadership you face this challenge: how do you direct the members of your team without offending them? How do you become a good boss, but not be “bossy”? It’s worth starting this discussion with the reminder that
Tailwind CSS v3.4: Dynamic viewport units, :has() support, balanced headlines, subgrid, and more - Tailwind CSS
There’s nothing like building a major new product for finding all the features you wish you had in your own tools, so we capitalized on some of that inspiration and turned it into this — Tailwind CSS v3.4. There’s nothing like building a major new product for finding all the features you wish you had in your own tools, so we capitalized on some of that inspiration and turned it into this — Tailwin
How I Have Fun With Rust
Ruby is my main programming language, but in the last few months, I’ve been playing with Rust on side projects. Sometimes it was super fun, sometimes it was ultimately frustrating. To ensure I always break even, I came up with a few guidelines for myself. Take the easy way out A systems programming language introduces lots of new (and often hard) concepts. Some of them are similar but have trade-o
A new F# compiler feature: graph-based type-checking - .NET Blog
This is a guest blog post by Florian Verdonck. Florian is a freelance software craftsman. He does consultancy, training and open-source development. Currently, he is very active in the F# community, working on the compiler and tooling, improving the overall state of the F# ecosystem according to the needs of his customers. Florian is a member of the open-source division at G-Research and a maintai
Yoko Kanno On Her Music For ‘Escaflowne’, ‘Cowboy Bebop’ And Letting Her Imagination Run Free
'Macross Plus' was one of Yoko Kano's earliest and formative productions. Big West “When I left Yamaha, at around 9 or 10 years old, I started to learn under a proper piano teacher. However, they were located in the neighboring prefecture, so it took about 3 hours to get there. As I was learning piano, a big part of that was learning about harmony but I didn't seem to pay much attention to that at
Err... thanks for the technical explanation. But what does this actually mean in real life? Which setting should you use? Does it even matter? And if it does, why don't those clever browser engineers just set it to the best setting? Well recently I ranted on Twitter about this (as I am often want to do!) in a long thread that really should have been a blog post. So here is that blog post. Some mis
Database Fundamentals
About a year ago, I tried thinking which database I should choose for my next project, and came to the realization that I don't really know the differences of databases enough. I went to different database websites and saw mostly marketing and words I don't understand. This is when I decided to read the excellent books Database Internals by Alex Petrov and Designing Data-Intensive Applications by
Whenever I explain my research at Google into mobile text editing, I’m usually met with blank stares or a slightly hostile “Everyone can edit text on their phones, right? What’s the problem?” Text editing on mobile isn’t ok. It’s actually much worse than you think, an invisible problem very few appreciate. I wrote this post so you can understand why it’s so important. But as it’s a rather nuanced
The Three Cs: 🤝 Concatenate, 🗜️ Compress, 🗳️ Cache – CSS Wizardry
I began writing this article in early July 2023 but began to feel a little underwhelmed by it and so left it unfinished. However, after recent and renewed discussions around the relevance and usefulness of build steps, I decided to dust it off and get it finished. Let’s go! When serving and storing files on the web, there are a number of different things we need to take into consideration in order
"},"dump":{"kind":"string","value":"CC-MAIN-2013-20"},"url":{"kind":"string","value":"http://%20jwashington@ap.org/Content/Press-Release/2012/How-AP-reported-in-all-formats-from-tornado-stricken-regions"},"date":{"kind":"string","value":"2013-05-18T05:48:54Z"},"file_path":{"kind":"string","value":"s3://commoncrawl/crawl-data/CC-MAIN-2013-20/segments/1368696381249/warc/CC-MAIN-20130516092621-00000-
CSS Button Styles You Might Not Know – David Bushell – Freelance Web Design (UK)
Buttons are everywhere! We can use all sorts of fancy CSS to style a button. I prefer using Flexbox layout for example. In this blog post I share a few lesser-known CSS styles. Let’s use this example code: <button type="submit" class="button"> <img href="icon.svg" alt=""> <span>Sign in</span> </button>Touch Actions Have you ever repeatedly tapped on a button only for the page to zoom in unexpected
How bad are search results? Let's compare Google, Bing, Marginalia, Kagi, Mwmbl, and ChatGPT
Marginalia does relatively well by sometimes providing decent but not great answers and then providing no answers or very obviously irrelevant answers to the questions it can't answer, with a relatively low rate of scams, lower than any other search engine (although, for these queries, ChatGPT returns zero scams and Marginalia returns some). Interestingly, Mwmbl lets users directly edit search res
Subscribe to my newsletter, support me on Patreon or by PayPal donation. I would love to hear your feedback! I wrote this blog series for the second edition of my book titled “Performance Analysis and Tuning on Modern CPUs”. It is open-sourced on Github: perf-book. The book primarily targets mainstream C and C++ developers who want to learn low-level performance engineering, but devs in other lang
Interview: Kenta Cho (Japanese indie game developer) ⌘I Get Info
Kenta Cho is a Japanese indie game developer, who has been active since the 1980s. He became well-known in the West in the early 2000s with a series of bullet hell shoot-em-ups. In 2021 he created a total 139 games, which is one hell of a lockdown project. In early 2024 his game Paku Paku went viral, as “1D Pac-Man”, a year after it was made. I reached out to him with some questions and he was gra
May 22, 2024 In response to a recent Boats article, I mentioned that Rust’s type system drastically changes things for verification. This comment seems to have aroused a lot of interest, so I figured I’d expand on it, explaining how Rust simplifies formal verification and why this had the verification community excited for a while now. I assume that most of you reading this post won’t be experts i
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
xz-utils backdoor situation (CVE-2024-3094)
Writing a C compiler in 500 lines of Python
No Way, PHP Strikes Again! (CVE-2024-4577)
Making a PDF that’s larger than Germany
Why People are Angry over Go 1.23 Iterators
Why Cities: Skylines 2 performs poorly
What We Got Right, What We Got Wrong
Please Don’t Share Our Links on Mastodon: Here’s Why!
LLM Powered Autonomous Agents
The History of 18+ VTubers: Part 1
Engineering for Slow Internet – brr
Centaurs and Cyborgs on the Jagged Frontier
How to Boss Without Being Bossy – Holy Ghost Stories
What does the image decoding attribute actually do?
The invisible problem – Scott Jenson
HuggingFaceFW/fineweb · Datasets at Hugging Face
Memory Profiling Part 1. Introduction | Easyperf
xavxav - Visions of the future: formal verification in Rust