Dieses erste James Bond Buch soll stellvertretend für die ganze Reihe aufgeführt werden, die in Kinde unlimited verfügbar ist. Fleming hat beginnend in 1953 pünktlich zum April so gut wie jedes Jahr einen neuen Agentenroman veröffentlicht.

Casino Royale

Der James Bond dieser Geschichten ist deutlich ein Mann der 50er und 60er, und viel weniger der Action Superhero der frühen Bond Verfilmungen - es wird deutlich, wie viel näher die Filme der mit Casino Royale begonnenen Reihe am Roman sind als die Filme vor diesem. Der Bond der Romane ist sterblich, menschlich, macht Fehler und Tode gehen ihm Nahe. Er ist eine Person, keine Action-Abziehfigur.

Der leider viel zu früh verstorbene Pieter Hintjens ist nicht nur Urheber und Contributor bei zahlreichen Open Source Projekten gewesen (darunter ZeroMQ), sondern hat sich auch sehr weitreichende Gedanken zu dem Umfeld von erfolgreichen Open Source Projekten gemacht.

Social Architecture

Im Buch erklärt er die Systematik, die hinter der Konstruktion der ZeroMQ Community steht, wie er dazu gekommen ist und warum sie seiner Meinung nach funktioniert. Er stellt die Toolbox (“Strong Mission”, “Free Entry”, “Free Contributors”, “Strong Protocols”, “Fair Authority”, “Non-Tribalism”, “Self-Organisation”, “Tolerance”, “Measurable Success”, “Decentralisation”, …) vor, und diskutiert am Beispiel von ZeroMQ die Umsetzung. Am Ende geht er auf Archetypen von Personen in Projekten ein, und wie sie sich sinnvoll einsetzen oder auffangen lassen.

Eine Biographie von Jack Ma, dem Gründer von Alibaba. Zugleich eine Geschichte über die Entwicklung in Asien.

Wahrscheinlich hat jeder den TED Talk von Hans Rosling gesehen, in dem er mit Statistiken zeigt, daß sich die Welt in den letzten 50 Jahren fundamental verändert hat - und zwar zum Besseren. Mit Ausnahme von Afrika hat die Menschheit extremen Hunger und extreme Armut besieht, und insbesondere für Asien dokument Rosling eine unglaubliche Entwicklung in die Moderne.

“Good Taste”, Isaac Asimov (1976)

In which the spacer Chawker Minor, leaves his home, the Orbital Habitat Gammer, and tours other places, including the deadly depths of the Gravity well created by the mass of planet Earth. The literal dirt.

And he brings back with him spectacular new flavors.

That does not go over well.

‘The idea for the dish occurred to me, actually, on the Other-World Kapper, which is why I called it Mountain Cap, in tribute. I used ordinary ingredients, Grand-Elder, carefully blended, all but one. I suppose you detected the Garden Tang?’

Enterprise security software is interesting, because in order to do what it does it often uses privilege, but it is also very often written extremely badly.

In ASLR we have had a look on the Trend Micro binary on MacOS and found that it is running as root, and with ASLR off. That means we have a privileged process that is being loaded at a fixed address, and that process is parsing random user generated data in order to scan it for viruses. If we manage to find a bug in that code, we have a way to make this privileged process do our bidding – by simply putting a special file into a directory that is being scanned by the virus scanner.

So two days ago Harebrained Schemes’ Battletech came out.

Harebrained Schemes is an Indie Game Dev Studio from Seattle, previously known for the very successful Shadowrun Games . I found time to play the intro and the first few chapters in the campaign, and the game is exceptionally nice. It feels like one of those over designed simulation games, where you can minmax the player characters and their gear to the limit, but the computer is taking over the task of all the bookkeeping, so the bookkeeping is not going to pull you down.

So a few days ago, somebody found an exploit in beep - now CVE-2018-0492 .

beep is a program that is part of Debian (and Ubuntu) to have the PC speaker multiple times, at different frequencies, with different pauses and beep lengths. That works just fine. It’s also SUID root. There is zero code in it that deals with the fact that it may run privileged.

The author confidently writes:

Some users will encounter a situation where beep dies with a complaint from ioctl(). The reason for this, as Peter Tirsek was nice enough to point out to me, stems from how the kernel handles beep’s attempt to poke at (for non-programmers: ioctl is a sort of catch-all function that lets you poke at things that have no other predefined poking-at mechanism) the tty, which is how it beeps. The short story is, the kernel checks that either:

In Hashes and their uses we have been talking about hash functions in general, and cryptographic hashes in particular. We wanted four things from cryptographic hashes:

1. The hash should be fast to calculate on a large string of bytes.
2. The hash is slow to reverse (i.e. only by trying all messages and checking each result).
3. The hash is slow to find collisions for (i.e. it’s hard to find two input strings that have the same hash value).
4. The hash does chaotically cascade changes (i.e. a single bit flip in the original message does flip many bits in the hash value).

With these things and general cryptography we can built three very versatile things that see many applications: Digital signatures, eternal logfiles (“blockchains”) and hash trees (“torrents”).

A hash function is a function that maps a large number of arbitrary data types onto a smaller number of contiguous integers.

This simple hash function maps strings of arbitrary length to integers. Some strings are mapped to the same integer: a hash value collision.

The base set here is a number of strings of arbitrary length, which is a theoretically open ended set size. The target is a bounded number of integer values. It is thus inevitable that two strings exist which are mapped to the same target number, a hash value collision. Hash functions are useful in computer science, and you have been using them in everyday life, or at least seen them:

Intel finally published a whitepaper about Spectre #2 Mitigation. The PDF is also featured on Hacker News . It’s a technical whitepaper, but you can see the footprints of lawyers all over the language. For me, it basically says that, yes, Retpolines are indeed incompatible with Controlflow Enforcement Technology (CET) that Intel was planning for later CPUs (PDF , El Reg article ).

CET introduces a shadow stack for return addresses only, and will fail your code into an exception if the normal stack return address and the shadow stack address disagree. Trying to touch and manipulate the shadow stack will also fail into an exception. That is, CET makes touching a return address on the stack toxic by having in effect separate argument and return address stacks, and your code explodes every time you try to do something funny with return addresses. Which is what Retpolines depend on.