Friday, February 28, 2014

Keep fun in computing (Structure and Interpretation of Computer Programs)

``I think that it's extraordinarily important that we in computer science keep fun in computing. When it started out, it was an awful lot of fun. Of course, the paying customers got shafted every now and then, and after a while we began to take their complaints seriously. We began to feel as if we really were responsible for the successful, error-free perfect use of these machines. I don't think we are. I think we're responsible for stretching them, setting them off in new directions, and keeping fun in the house. I hope the field of computer science never loses its sense of fun. Above all, I hope we don't become missionaries. Don't feel as if you're Bible salesmen. The world has too many of those already. What you know about computing other people will learn. Don't feel as if the key to successful computing is only in your hands. What's in your hands, I think and hope, is intelligence: the ability to see the machine as more than when you were first led up to it, that you can make it more.''

-- Alan J. Perlis (April 1, 1922-February 7, 1990)

Structure and Interpretation of Computer Programs

Thursday, February 27, 2014

Mono 3.2.7 is out! (news.mono-project.com)

After 5 months in development, mono 3.2.7 is out. This is the work of 1235 commits by 65 contributors. A lot of very exciting new things come with this release. The highlights are all the love our JIT received. A much improved ABCREM pass that now can remove a lot more bounds check on 64bits architectures. We added Alias Analysis and Loop Invariant Code Motion that allows even better code to be generated. Performance under some benchmarks was improved by more than 20%. Read more...

GitHub's new text editor Atom (atom.io)

At GitHub, we're building the text editor we've always wanted. A tool you can customize to do anything, but also use productively on the first day without ever touching a config file. Atom is modern, approachable, and hackable to the core. We can't wait to see what you build with it. Read more...

Wednesday, February 26, 2014

Apple's SSL/TLS bug [22 Feb 2014] (imperialviolet.org)

Yesterday, Apple pushed a rather spooky security update for iOS that suggested that something was horribly wrong with SSL/TLS in iOS but gave no details. Since the answer is at the top of the Hacker News thread, I guess the cat's out of the bag already and we're into the misinformation-quashing stage now. So here's the Apple bug: Read more...

Tuesday, February 25, 2014

Announcing the new Roslyn-powered .NET Framework Reference Source (hanselman.com)

In 2007 ScottGu's team announced they were releasing the .NET Framework source code for reference. Just a little later, Microsoft made it possible to step through the .NET Framework Source code while debugging. This was announced to much fanfare, and for a while, it was very cool. It wasn't "Open Source" but it's definitely "Source Opened." However, as time passed, the original Reference Source website for the .NET Framework sucked for a number of reasons, mostly because it wasn't updated often enough. Fast forward to today...we're back and the .NET team is launching the fresh new and updated .NET Reference Source site with a Roslyn-powered index! Read more...

Friday, February 21, 2014

Things That Make Google F1 and the FoundationDB SQL Layer So Strikingly Similar (foundationdb.com)

The Google F1 database paper just became generally available. It’s the database that runs AdWords, so I suspect Google kind of cares about it. Google F1 bears an amazing resemblance to our FoundationDB SQL layer. Both leverage an underlying scalable and transactional storage substrate to allow unprecedented scalability at both the storage and SQL processing levels. Both leverage hierarchical schemas, arranging tables into a hierarchy that is mirrored in storage by interleaving rows of parents with rows of children. Both systems make the tradeoff that higher latency is acceptable for gaining almost unlimited bandwidth and scale. A query may require more round-trips and take a (bounded) longer time, but the overall throughput of the system, measured in number of queries that can run in parallel, is much higher.

The fact that Google has built and is using F1 for their AdWords business demonstrates how the architectural approach works for even the most demanding of applications. However, F1 is only available to Google’s internal teams, while our open-source FoundationDB SQL Layer is intended to have a somewhat broader audience. Read more...

Friday, February 14, 2014

CSS source map support, network performance analysis & more – Firefox Developer Tools Episode 29 (hacks.mozilla.org)

Firefox 29 was just uplifted to the Aurora release channel. This means that it is time to report some of the major changes that you can expect to see inside of the Developer Tools for this release. Read more.

Thursday, February 6, 2014

Managing Node.js Callback Hell with Promises, Generators and Other Approaches (strongloop.com)

Callback hell is subjective, as heavily nested code can be perfectly fine sometimes. Asynchronous code is hellish when it becomes overly complex to manage the flow. A good question to see how much “hell” you are in is: how much refactoring pain would I endure if doAsync2 happened before doAsync1? The goal isn’t about removing levels of indentation but rather writing modular (and testable!) code that is easy to reason about and resilient. In this article, we will write a module using a number of tools and libraries to show how control flow can work. We’ll even look at an up and coming solution made possible by the next version of Node. Read more.

Monday, February 3, 2014

Linux 3.4+: arbitrary write with CONFIG_X86_X32 [CVE-2014-0038] (seclists.org)

Bug:
----
The X86_X32 recvmmsg syscall does not properly sanitize the timeout pointer
passed from userspace.

Exploit primitive:
------------------
Pass a pointer to a kernel address as timeout for recvmmsg,
if the original byte at that address is known it can be overwritten
with known data.
If the least significant byte is 0xff, waiting 255 seconds will turn it into a 0x00.

Restrictions:
-------------
The first long at the passed address (tv_sec) has to be positive
and the second long (tv_nsec) has to be smaller than 1000000000.

Overview:
---------
Target the release function pointer of the ptmx_fops structure located in
non initialized (and thus writable) kernel memory. Zero out the three most
significant bytes and thus turn it into a pointer to an address mappable in
user space.
The release pointer is used as it is followed by 16 0x00 bytes (so the tv_nsec
is valid).
Open /dev/ptmx, close it and enjoy.

Not very beautiful but should be fairly reliable if symbols can be resolved.

Tested on Ubuntu 13.10

Read here more. Here is an example code.

Examining Postgres 9.4 - A first look (craigkerstiens.com)

PostgreSQL is currently entering its final commit fest. While its still going, which means there could still be more great features to come, we can start to take a look at what you can expect from it now. This release seems to bring a lot of minor increments versus some bigger highlights of previous ones. At the same time there’s still a lot on the bubble that may or may not make it which could entirely change the shape of this one. Read more

A re-introduction to JavaScript [JS Tutorial 2006] (developer.mozilla.org)

Why a re-introduction? Because JavaScript has a reasonable claim to being the world's most misunderstood programming language. While often derided as a toy, beneath its deceptive simplicity lie some powerful language features. 2005 saw the launch of a number of high-profile JavaScript applications, showing that deeper knowledge of this technology is an important skill for any web developer. Read more...