We went to Long Beach Comic Con last weekend…

We went to Long Beach Comic Con last weekend. Had a good time. Katie dressed up as Professor Trelawney, we found some cool art and hit some panels, and J. spent as much time as he could playing laser tag and looking at remote-controlled Astromech droids.

10 Years of Long Beach Comic Con! (2018) – K²R

Back in 2009, I attended the first-ever Long Beach Comic-Con, an event that filled the void left when Wizard World cancelled WWLA at the last minute. I had a good time, and it had a lot of support from the industry, but I wondered how long it would last. Ten years on, LBCC is still …

Double the fun: Appearance of the 22° halo during a total solar eclipse – Halo Phenomena

Cool: A simulation of what a 22 degree halo *during* a total solar eclipse would look like. It turns out it’s not just the brightness that would differ, because the corona’s a ring, not a disc!

Double the fun: Appearance of the 22° halo during a total solar eclipse – Halo Phenomena

At the Arbeitskreis Meteore (AKM) spring meeting in March 2018, we discussed an observation made by Jörg Strunk during the “US eclipse” from August 21st, 2017: A 22° halo was visible in cirrus clouds around the sun up to around half a minute before the onset of totality. Similar observations…

On Wandering.shop

When algorithms surprise us

Exploiting floating point errors for free energy is a good one. And lots of cases where the problem wasn’t defined precisely enough, and the simulation solved it in a completely different way than was expected.

“Sometimes I think the surest sign that we’re not living in a computer simulation is that if we were, some microbe would have learned to exploit its flaws.”

When algorithms surprise us

Machine learning algorithms are not like other computer programs. In the usual sort of programming, a human programmer tells the computer exactly what to do. In machine learning, the human programmer merely gives the algorithm the problem to be solved, and through trial-and-error the algorithm has t…

Facebook Container Extension: Take control of how you’re being tracked – The Firefox Frontier

This is pretty cool: Firefox has a new extension that isolates your Facebook session from the rest of your browsing. That way Facebook isn’t able to track you as you visit every website that happens to have a Like button or embedded FB comments.

Facebook still knows what you do *on* FB, but this cuts down on their ability to track you elsewhere.

Facebook Container Extension: Take control of how you’re being tracked – The Firefox Frontier

The Facebook container extension helps you control more of your web activity from Facebook by isolating your identity into a separate container. This makes it harder for Facebook to track your activity on other websites via third-party cookies.

Facebook is pushing its data-tracking Onavo VPN within its main mobile app

Facebook is plugging a VPN app they own. It lets you hide your non-FB activity from your ISP and let Facebook collect that data instead.

Facebook is pushing its data-tracking Onavo VPN within its main mobile app

Onavo Protect, the VPN client from the data-security app maker acquired by Facebook back in 2013, has now popped up in the Facebook iOS app itself, under the..

Interesting story about the history of the Los Angeles River (and paving it).

Interesting story about the history of the Los Angeles River (and paving it).

Paving the Los Angeles River wasn’t an egalitarian idea. The plan for revitalizing it should be

As we remake the Los Angeles River once again, we ought to allow the river to re-make us, too — into a more equitable city.

On Facebook

Meltdown and Spectre

TL;DR: 2 vulnerabilities in CPU performance optimization that allow locally-running programs to access either system memory or other applications’ memory. One affects all Intel processors, the other affects all Intel, AMD and ARM – so basically everything from your phone to the cloud server you connect to.

Patches are rolling out for some attack vectors, basically having software do the security checks the hardware is supposed to. But it’s both a performance hit and whack-a-mole.

Meltdown and Spectre

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre…

The main target is a technique called speculative execution, where the CPU uses idle resources to predict the most likely followup instruction and do it ahead of time. If the next instruction comes in and it was right, great, it’s already done! If not, no big deal, it wasn’t doing anything else at the time, so it just rolls back the actions and moves on to what it’s been asked to do.

But it turns out that it doesn’t always roll back completely, and under the right circumstances it can leave traces in memory that another program can read.

More fun: As ~~Brion~~ Brooke points out, JavaScript can be used for timing attacks *in the browser*, so vendors are disabling high-precision timing and shared buffers in javascript.