Wow! Go away on vacation for a week and then have a busy week at work and my, what a lot of stuff accumulates in the in-box...
- The Moral Character of Cryptographic Work
Cryptography rearranges power: it configures who can do what, from what. This makes cryptography an inherently political tool, and it confers on the field an intrinsically moral dimension.
- A Little More on the Graph Isomorphism Algorithm
The key ideas of the algorithm for GI are really classic ones from design of algorithms. The genius is getting them all to work together. The ideas break into two types: those that are general methods from computer science and those that are special to the GI problem.
- The best books of 2015
- RTS AI: Problems and Techniques
Real-Time Strategy (RTS) games is a sub-genre of strategy games where players need to build an economy (gathering resources and building a base) and military power (training units and researching technologies) in order to defeat their opponents (destroying their army and base). Artificial Intelligence problems related to RTS games deal with the behavior of an artificial player. This consists among others to learn how to play, to have an understanding about the game and its environment, to predict and infer game situations from a context and sparse information.
- DRAM’s Damning Defects—and How They Cripple Computers
In computing systems built on such huge scales, even low-probability failures take place relatively frequently. If an individual computer can be expected to crash, say, three times a year, in a data center with 10,000 computers, there will be nearly 100 crashes a day.
Our group at the University of Toronto has been investigating ways to prevent that. We started with the simple premise that before we could hope to make these computers work more reliably, we needed to fully understand how real systems fail. While it didn’t surprise us that DRAM errors are a big part of the problem, exactly how those memory chips were malfunctioning proved a great surprise.
- Challenges of Memory Management on Modern NUMA System
Modern NUMA systems are quite different from the old ones, so we must revisit our assumptions about them and rethink how to build NUMA-aware operating systems. This article evaluates performance characteristics of a representative modern NUMA system, describes NUMA-specific features in Linux, and presents a memory-management algorithm that delivers substantially reduced memory-access times and better performance.
- SGX Hardware: A first look
Without much fanfare, Intel has released Software Guard Extensions (SGX) in Skylake.
- Experimental Security Analysis of a Modern Automobile
Of course, it’s possible that the software on those cars could have been updated back at dealerships in the intervening years – but that wouldn’t address all of the issues in the paper, and evidence suggests plenty of vulnerabilities still exist.
- Experimental Security Analysis of a Modern Automobile
Over a range of experiments, both in the lab and in road tests, we demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input — including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on.
- Fast and Vulnerable: A Story of Telematic Failures
In this paper we examine a popular aftermarket telematics control unit (TCU) which connects to a vehicle via the standard OBD-II port. We show that these devices can be discovered, targeted, and compromised by a remote attacker and we demonstrate that such a compromise allows arbitrary remote control of the vehicle.
- How Change Happens: Consultation draft
How Change Happens draws on many first-hand examples from the global experience of Oxfam, one of the world’s largest social justice NGOs, as well as Duncan Green’s 35 years of studying and working on international development issues. It tests ideas and sets out the latest thinking on what works to achieve progressive change.
- Linux Performance Analysis in 60,000 Milliseconds
You login to a Linux server with a performance issue: what do you check in the first minute?
- Fixing the #1 Problem in Computer Security: A Data-Driven Defense
The implementation weaknesses described in this white paper are common to most organizations, and point to limitations in traditional modeling of and response to threats to computer security. Most of the problems occur due to ranking risk inappropriately, poor communications, and uncoordinated, slow, ineffectual responses.
- Why Johnny Still, Still Can’t Encrypt:
Evaluating the Usability of a Modern PGP Client
Our results shown that more than a decade and a half after Why Johnny Can’t Encrypt, modern PGP tools are still unusable for the masses. We finish with a discussion of pain points encountered using Mailvelope, and discuss what might be done to address them in future PGP systems.
- Prudent Engineering Practice for Cryptographic Protocols
The principles are neither necessary nor sufficient for correctness. They are however helpful, in that adherence to them would have avoided a considerable number of published errors.
- Topics in High-Performance Messaging
Successful deployment of a messaging system requires background information that is not easily available; most of what we know, we had to learn in the school of hard knocks. To save others a knock or two, we have collected here the essential background information and commentary on some of the issues involved in successful deployments.
- GD-Wheel: A Cost-Aware Replacement Policy for Key-Value Stores
Currently , these key-value stores use either LRU or an LRU approximation as the replacement policy for choosing a key-value pair to be evicted from the store. However, if the cost of recomputing cached values varies a lot, like in the RUBiS and TPC-W benchmarks, then none of these replacement policies are the best choice. Instead, it can be advantageous to take the cost of recomputation into consideration.
- Apache Kafka, Purgatory, and Hierarchical Timing Wheels
Apache Kafka has a data structure called the "request purgatory". The purgatory holds any request that hasn't yet met its criteria to succeed but also hasn't yet resulted in an error. The problem is “How can we efficiently keep track of tens of thousands of requests that are being asynchronously satisfied by other activity in the cluster?”
- SoK: Eternal War in Memory
We systematize the current knowledge about various protection techniques by setting up a general model for memory corruption attacks. Using this model we show what policies can stop which attacks. The model identifies weaknesses of currently deployed techniques, as well as other proposed protections enforcing stricter policies.
- Optimizing Hash-Array Mapped Tries for Fast and Lean Immutable JVM Collections
In this paper we reduce memory overhead and runtime performance overhead from the implementations of immutable collections on the Java Virtual Machine (JVM).
- What's Worked in Computer Science
In 1999, Butler Lampson gave a talk about the past and future of “computer systems research”. Here are his opinions from 1999 on “what worked”.
- Good Leaders are game changers: Raft & Paxos
In this blog post, we will briefly show the similarities and differences between Paxos and Raft. Firstly, we will describe what a consensus algorithm is. Secondly, we will describe how to build a replication solution using instances of a consensus algorithm. Then we will describe how leaders are elected in both algorithms and some safety and liveness properties.
- The story of one latency spike
A customer reported an unusual problem with our CloudFlare CDN: our servers were responding to some HTTP requests slowly. Extremely slowly. 30 seconds slowly. This happened very rarely and wasn't easily reproducible. To make things worse all our usual monitoring hadn't caught the problem. At the application layer everything was fine: our NGINX servers were not reporting any long running requests.
- Daily Report: Google Gets Serious About Competing in Cloud With Amazon Web Services
One of the great mysteries of the tech industry in recent years has been the seeming disinterest of Google, which is now called Alphabet, in competing with Amazon Web Services for corporate customers.
- A Cabinet of Infocom Curiousities
If you’re coming into this relatively new, or even if you need a little brush-up, let me state: Steve Meretzky has earned the title of “Game God” several times over, having been at the center of the early zenith of computer games in the 1980s and persisting, even thriving, in the years since. He continues to work in the industry, still doing game design, 35 years since he started out as a tester at what would become Infocom.
But more than that – besides writing a large amount of game classics in the Interactive Fiction realm, he also was an incredibly good historian and archivist, saving everything.
- It Was Never Going to Work, So Let’s Have Some Tea
"The master's tools will never destroy the master's house"
- Rainbow Six Siege Review: This Thing Is Disturbingly Real
Ubisoft’s latest tactical shooter, Tom Clancy’s Rainbow Six Siege, adopts a striking bent towards a unique brand of pseudo-realism. Siege evokes a perverse version of the uncanny valley. It mixes the over-the-top, arcade-style renditions of violence games often lean towards with the gut-wrenching reality that we are, in fact, remarkably fragile.
- How Fallout 4 Mastermind Todd Howard Builds His Epic Dream Worlds
“I think if someone has a gaming obsession, Ultima became mine,” says Howard. “I would say no other series ingrained itself in how I want to make games or what I want them to be more than Ultima did.”
- Why Ball Tracking Works for Tennis and Cricket but Not Soccer or Basketball
Most ball tracking systems rely on two different approaches. The first looks to follow the movement of the ball in three dimensions and then predicts various likely trajectories in the future. This “tree” of possible trajectories can then be pruned as more ball-tracking data becomes available.
The advantage of this approach is that the laws of physics are built in to the trajectory predictions so unphysical solutions can be avoided. However, it is hugely sensitive to the quality of the ball tracking data and so tends to fail when the ball is occluded or when players interact with the ball in unpredictable ways.
Another method is to track the players and note when they are in possession of the ball. The movement of the ball is then assumed to follow the player and when possession transfers from one player to another. The advantage here is that the system does not get so confused by rapid or unpredictable passes—indeed, this approach works well in basketball, where dribbling and occlusion can make life difficult for ball trackers. However, without physics-based constraints on the motion of the ball, these systems can produce inaccurate tracks.
- How To Make Millions Of Hoverboards (Almost) Overnight
Shenzhen is also, and only very recently, the hoverboard manufacturing capital of the world. In the smoke and asphalt of Bao An, a sprawling industrial flatland roughly the size of Philadelphia that serves as one of the city’s main manufacturing districts, hundreds of factories churn out much of the world’s supply of the boards, which are then shipped, rebranded, and sold around the globe.