“Coding is, in fact, fundamentally a design activity”, according to Dave Cooper, who has spent recent years introducing practical programming skills into Curtin University's first- and second-year software engineering units. “If you take the coding out of software design, you’re really just left with an empty shell.”
Until today, I was always under the impression that Maxim Stepin's hq4x was the state of the art in upscaling algorithms for sprites and other pixel art. Backed by Microsoft Research, Kopf and Lischinski's algorithm published in SIGGRAPH 2011 yields even better results, scaling past 4:1 and beyond.
My friend and fellow Curtin computing student doesn't pull any punches when it comes to the multiple, systematic and serious failures and poor decisions made by the management of the university only legally known as the Curtin University of Technology. What is essentially the forced termination of one of our best lecturers was simply the last straw, and until I can find the motivation to write more elaborately about what I've seen in my year here, Kye has expressed my thoughts pretty faithfully.
Every few months, I watch law professor James Duane's captivating Schneier-approved lecture on the perils of responding to police officers when being questioned. While the legal context may not completely adapt to jurisdictions outside the United States, the general principle remains solid: even if you say the complete truth, nothing but the truth, don't reveal any suspicious sentiments, and have your responses recorded, talking to the police can only do harm — never help you.
Contemporary ransomware Bitcrypt held victims' personal files hostage by encrypting them and charging a fee to reverse this. Bitcrypt's cryptographic design also appeared sound at first glance, using PBKDF2 and HMAC-SHA1 to generate random keys for each file, encrypting them with AES-192, then using RSA to encrypt those keys. Except when the author mixes up decimal and binary, "1024 bits" turns out to actually be 426 bits, and failure ensues. It's always the simple things.
A quick introduction to a very useful feature of Git that I wasn't aware of. The stash is essentially a flexible stack that allows you to stow away changes to your working directory while you work on another issue with a clean repository. The flexibility lies in that you may retrieve and apply a stashed change that isn't necessarily at the top of the stack.
Rarely is reimplementing your performance-critical code in C the best initial approach to optimisation. Most of the time, the fruit lies in the time complexities of the algorithms used. Request routing is one of these situations, where PHP developer Nikita Popov cleverly leverages the regex engine by bundling together chunks of route patterns, greatly reducing the number of iterations to dispatch to a handler.
Brian Raiter leads by example in demonstrating that reverse engineering an obscure file format with undocumented encryption can be distilled down to a rigorous application of the scientific method, automation taken to an extreme for gathering large sets of sample data, and creating clever ways to visualise patterns in the data. I'm most impressed by Raiter's ability to come back to the project years later and document it with the astounding level of detail that he has. It's truly a thrilling ride to read.
The world of software development, and that of open source software in particular, is a particularly treasured environment — nobody cares about your background or what you look like, only your skills. Susan Sons investigates the real causes behind the rarity of women in software: it's all in the formative years; retroactively shoehorning women into the field will only harm everyone involved.
Exploiting an admittedly embarrassing lack of specificity in the NBN rollout contracts for Tasmania, executive chairman Switkowski continues to push for the massive dead-end gyp that would be buying or renting Telstra's long perished copper network. “We can have an intellectual argument about the benefits of fibre versus copper, but I think it is quite academic. I don't think it's a real world issue.”
The increasing phenomenon of copyright owners repeatedly and indefinitely delaying the transfer of their works to the public domain concerns me greatly. John Walker eloquently argues in favour of stricter copyright limitations for video games, and his rationale is adaptable to copyright and even analogously to the need for patent reform to balance the needs of creators and societies alike.
Computer hardware at a low, detailed level is something of a blind spot for me, as my current university course focuses on theoretical computer science plus computing from the kernel upwards. Over nearly fifteen years, Jason Patterson has created and updated an overview of issues pertaining to modern processors, including parallelism, pipelining, caches and vector processing, certainly filling this vacancy.
Craig at /dev/ttyS0 cracks open a Linksys WRT120N to find out
just what has been done to obfuscate the firmware. Using SPI to dump the raw
flash data, and cleverly combining binwalk and IDA, he uncovers just what has
been done to the images and even creates a tool to reverse the obfuscation.
James Iry gives a most apocryphal walk through memory lane in the relatively short but colourful history of programming languages. Each step of the way feels simultaneously wrong but also so very correct. I won't bother trying to quote any of it, because the entire piece is equally worthy of quotation.
Bryan interviews Tony Abbott this week, about the comments he has made surrounding the Australian Broadcorping Castration. Only in the second viewing did I notice the dig at the Medicare co-payment proposal. Dawe: “Yeah, but if I follow your logic, I pay to to go to the doctor, [...]” / Clarke: “[Of] course you do.”
“A few months ago I saw a blog post touting fancy new SSE3 functions for implementing vector floor, ceil, and round functions. There was the inevitable proud proclaiming of impressive performance and correctness. However the ceil function gave the wrong answer for many numbers it was supposed to handle, including odd-ball numbers like ‘one’.” — Bruce Dawson
Using a DMA attack over FireWire, Carsten Maartmann-Moe provides a reliable means of breaking into running computers, even with full-disk encryption. Windows XP SP2, Mac OS X 10.6 and Ubuntu 11.04 and onward are all vulnerable, and one can even use a IEEE 1394 controller over PCMCIA, ExpressCard or Thunderbolt. Remember: without physical security, you have no security.
“I began to realize that coming face to face with my own mortality, in a sense, had changed both nothing and everything. Before my cancer was diagnosed, I knew that someday I would die, but I didn’t know when. After the diagnosis, I knew that someday I would die, but I didn’t know when. But now I knew it acutely.”
Qualys has updated its rating guide and testing application for websites with SSL/TLS, to enforce stricter requirements in light of new attacks on older protocol versions and cipher suites. Like any practical deployment of cryptography, it continues to appear that getting TLS right is non-trivial at best.
A comprehensive rundown of Unicode encodings, why UTF-16 is the worst of all worlds, and why Windows and Java got it wrong by being too early in the game — before Unicode 2.0, where UCS-2 became UTF-16 and no longer an encoding with fixed-size code units. The manifesto also effectively attacks the notion that UTF-16 is more efficient for CJK text, by virtue of compression beating both.
When I first played Another World, I was amazed at the visual effects and quality of the graphics that Éric Chahi managed to fit on a floppy disk which ran on an Atari ST. Now I'm even further astounded by the fact that the game has been ported to twelve platforms over twenty years without a single change to the game's code, because of a very clever embedded VM. Fabien Sanglard investigates.
If you charge extortionate prices while sitting on your thumb, someone will rise and dethrone you swiftly and mercilessly. Adobe's InDesign brought a number of blatantly obvious features, as well as some that I was completely unaware of, causing the downfall of QuarkXPress around the turn of the millenium.
Step aside, gaudy ROG rice burners. Okay, perhaps I'm being too harsh, but this board provides virtually everything I want from a 1P system. Most impressive is the use of two PLX PEX 8747 lane switches, providing a configuration of x16/x8/x8/x8/x16/x8/x8 PCIe 3.0 lanes where all slots are occupied.
How do you complete Super Mario World in under two minutes without exploiting an emulator bug? Clearly, the answer is to execute arbitrary code that was programmed via the controller ports, says Masterjun. If you've got an extra minute to spare, why not play Pong and Snake while you're at it?
The difference between Linux distributions and the BSDs reach far deeper than a choice of license and core userland tools. Matthew Fuller thoroughly investigates BSD's centralised development model, its Ports system (which has inspired Gentoo's Portage among others), its rolling branch and release strategy, and much more.
Everyone knows that the perceived size of an object is a function of its actual size as well as its location relative to you and other objects. What if you could move objects while maintaining their perceived size, projecting them as far away as possible without collisions? You could intuitively change the size of objects, even yourself! The Museum of Simulation Technology honestly gave me the same feeling as watching Narbacular Drop for the first time, except on a whole new level. Please take my money.
While most mSATA SSDs were either OEM only, far slower than their 2.5" counterparts, too expensive per gigabyte and/or lacking in capacity, Samsung's new mSATA variant of their 840 EVO drives solve all four, available to retailers at up to 1 TB for under $1/GB, pushing at least 540/410 MB/s. My body is so ready right now.
While basic usage of PGP isn't terribly difficult, having a secure workflow
and configuration is definitely far from trivial. Fortunately, Riseup Labs has
compiled a comprehensive set of hints and a sample gpg.conf
configuration.
While it's nearly impossible to make a practical system that avoids every single one of these assumptions, Patrick McKenzie frequently reminds us all that names aren't always remotely similar to the names that one encounters in their own culture, ethnicity, nationality, language or otherwise.
Hardware hacker Ken Shirriff shows that quality in USB chargers is just as important as buying a quality power supply for your computer in this detailed writeup. Circuit isolation, noisy output power, voltage sag and much more can mean the difference between a good charge run and a glitchy touchscreen, or worse.
Today, after a painstaking seven weeks, we now get to see the creativity in
the entries to this year's International Obfuscated C Code Contest. There are
some familiar names, including dlowe, endou* and hou, to name a few.
This tool by a team of researchers at the University of Newcastle accepts truncated decimal numbers, and given enough precision, attempts to return a source representation including only elementary functions and popular constants (e, π, etc.) For myself at least, Clarke's Third Law definitely applies here.
More elegant branchless || bitwise optimisations than you can peek && poke at. Includes interesting morsels of beauty for bit reversal, clearing, counting, swapping, testing and interleaving.
Eevee: "In glancing over these résumés, I’ve observed a pattern: I’m far quicker to judge the file extension than the contents. [...] pdf clearly generated from LaTeX: Instant boner. Are you sure you’re in comp sci and not math? Maybe you want a LISP shop. [...] anything that 0-days my machine: You can have my job."
Olve Maudal and Jon Jagger will almost certainly take your belief in your understanding of C and C++ down a notch, or ten, in this deep insight into how the standards, implementations and platforms interact in subtle ways.
My relationship with the web as an application development platform is, to put it without profanity, love/hate. Jan Wolter's intricate documentation of the countless behaviours of keyboard events across browsers and platforms exemplifies this.
For OSCON 2011, Tom Christiansen of Perl fame breaks down what Unicode support really entails in popular languages, including normalisation, collation, regular expressions, casefolding, graphemes and encodings. Unsurprisingly, Perl wins by far. While the original slide deck is now gone, I have archived it for your pleasure.
With the use of two-dimensional curves, Nick Berry intuitively describes Shamir's Secret Sharing, a simple method of sharing passwords with any number of owners, requiring an arbitrary number of them to unlock. Shamir's algorithm also supports weighted passwords as well as eliminating compromised passwords.
Patrick McFarland writes a most detailed analysis of materials and error correction methods used in CDs and DVDs, and how these contribute to longevity. In short: always buy Taiyo Yuden where possible, and always use DVD+R over DVD-R.