x
This website uses third party cookies exclusively to collect analytics data. If you continue browsing or close this notice, you will accept their use. The EU now requires all sites to display this banner which confuses users and does nothing, actually, to improve your privacy.
Read more on why this law is ignorantLearn about this website's cookiesDisallow cookies
Carlos Fenollosa

Carlos Fenollosa

Engineer, developer, entrepreneur

Carlos Fenollosa — Blog

Thoughts on science and tips for researchers who use computers

Links for 2020-02-09

February 08, 2020 — Carlos Fenollosa

๐Ÿฒ For Tolkien fans

The Tolkien Meta-FAQ (RH, via usenet)

Usenet FAQs used to be a great source of information. I recently found the Tolkien Meta-FAQ and it is absolutely amazing.

๐ŸŽจ Mario Paint tunes

Meet the musicians who compose in Mario Paint (5 min, via waxy)

Delightfully retro.

PS: There is a Mario Paint subreddit!

๐Ÿ’ฃ Android remote code execution via Bluetooth

Critical Bluetooth Vulnerability in Android (CVE-2020-0022) (1 min, via @dethos@s.ovalerio.net)

On Android 8.0 to 9.0, a remote attacker within proximity can silently execute arbitrary code [...] as long as Bluetooth is enabled. No user interaction is required.

I wonder if there are exploits in the wild already. Walking around a big city infecting all phones in a 10-foot radius.

๐Ÿคฏ 40 concepts for understanding the world

In 40 tweets I will describe 40 powerful concepts for understanding the world (5 min, via @paulg)

This thread is worth reading. It's better than most popular books about ideas, and much shorter.

๐Ÿ“’ What they don't teach you in CS classes

The Missing Semester of Your CS Education (RH, via lobste.rs)

Over the years, we have seen that many students have limited knowledge of the tools available to them.

Common examples include holding the down arrow key for 30 seconds to scroll to the bottom of a large file in Vim, or using the nuclear approach to fix a Git repository (https://xkcd.com/1597/)

This is one of the best resources I have ever linked to.

You must learn these skills.

(Self plug: my own UNIX tools workshop slides)

๐Ÿš‚ Upscaling a 1896 film with AI

Someone used neural networks to upscale a famous 1896 video to 4k quality (5 min, via HN)

We already had this capability. Only that it required an enormous effort by experienced video editors.

In a few years movies will be created just by feeding a script to an AI.

๐Ÿš— Fake GMaps traffic jam

Google Maps Hacks (5 min, via @simon_deliver)

99 smartphones are transported in a handcart to generate virtual traffic jam in Google Maps. Through this activity, it is possible to turn a green street red which has an impact in the physical world by navigating cars on another route!

Devilishly genius!

Tags: roundup

Comments? Tweet  

Links for 2020-02-02

February 02, 2020 — Carlos Fenollosa

๐Ÿ’ฃ Remote exploit in OpenSMTPd

OpenSMTPD advisory dissected (5 min, via)

The author of OpenSMTPd does a good post-mortem of the catastrophic bug that has left a remote exploit available for three years and a half.

We canโ€™t prevent human mistakes, they will happen because tools wonโ€™t help spot that a human-described logic is flawed. What we need is to make changes so that OpenSMTPD becomes more resistant to human errors. In other words, we need safe-guards that are not dependant on sanity checks and input, we need safe-guards that will guarantee that even if OpenSMTPD lets completely untrusted input pass through, this will have the most limited consequences... then we ensure that it doesnโ€™t let untrusted input pass through.

Agreed. There is no such thing as bug-free code.

๐Ÿ–ฅ CacheOut, another Intel CPU vulnerability

CacheOut, Leaking Data on Intel CPUs via Cache Evictions (5 min, via)

Every single one of these would be a scandal. Now, we've gotten used to it. Shame on Intel.

๐Ÿ‘ด UNIX lore

The Unix Heritage Society (RH, via)

Great resource to learn more about UNIX history.

Make sure to browse their wiki

๐Ÿ’‰ Antivirus selling user data

Leaked Documents Expose the Secretive Market for Your Web Browsing Data (1 min, via)

An Avast antivirus subsidiary sells 'Every search. Every click. Every buy. On every site.' Its clients have included Home Depot, Google, Microsoft, Pepsi, and McKinsey.

How ironic.

๐ŸŽจ Oldschool web design trends

Dark Ages of The Web (2 min, via) is a visual trip through old web design trends.

It contains, of course:

  • Tables
  • Animated gifs
  • The Web 2.0
  • Flash
  • The "Home Page"

and more

๐Ÿดโ€โ˜ ๏ธ Whatsapp hack for Jeff Bezos

Technical Report of the Bezos Phone Hack (20 min, pdf, via)

Besides the actual forensics of the hack, which are not very in depth, this report provides an interesting insight into the tools and environments that real security firms use to study malware. It seems that Cellebrite's software is very popular.

Be sure to read the HN discussion, which seems to agree with my point: the forensic analysis was not very good, but the between-lines content is insightful.

๐ŸŽ Vintage Apple magazines

VintageApple, Information from the early Apple era (RH, via) is an archive of vintage Apple material, like magazines, books, pictures, and more.

Make sure to check this one out if you're a retro Apple fan.

๐Ÿ‘ The Eye, another internet archive

The Eye (RH, via)

I hope you already know about The Internet Archive, a non-profit effort to archive a lot of content on the Web. If you don't, contgratulations! Play with MS-DOS software in your browser, read free books and watch copyright-free movies

Then, check out The Eye. It's another non-profit project aimed at file archival, a bit more chaotic, which makes browsing through its pages a real archeology dig.

The-Eye is a non-profit, community driven platform dedicated to the archiving and long-term preservation of any and all data including but by no means limited to... websites, books, games, software, video, audio, other digital-obscura and ideas.

๐Ÿ•น Starfox into Zelda

This amazing glitch puts Star Fox 64 ships in an unmodified Zelda cartridge (15 min, via)

The fact that these glitches can be run, and that there is people actively looking for them, makes me very happy.

Let's give due credit: Zfg1 on Twitch

Related link: Ocarina of Time glitches and code execution

Tags: roundup

Comments? Tweet  

Links for 2020-01-26: bash power and Windows nostalgia

January 25, 2020 — Carlos Fenollosa

๐Ÿ“ How to write good bash

Anybody can write good bash (with a little effort) (5 min, via) provides some basic techniques to make your scripts more robust.

The article already mentions this, but I'll reiterate: use shellcheck

โŒจ๏ธ More bash tricks

THC's favourite Tips, Tricks & Hacks (Cheat Sheet) (5 min) is a nice compilation of shell/unix tricks and tools.

If you liked these, make sure to read my own compilation of UNIX tricks

๐ŸŒ Bash web server

bashweb, A tiny web server that serves static files (1 min) is the perfect companion to my own bashblog, I guess?

โœ๏ธ Vanilla vim is nicer than you think

How to Do 90% of What Plugins Do (With Just Vim) (1 hr, video)

Vim is big; so big that it does some very useful things that are often overlooked. Plugins can buy us a lot of functionality, but they can add a lot of burden in the form of dependency complexity. In this talk, we'll explore some of the tradeoffs we can make between plugins and "vanilla" Vim features that achieve similar results, including:

  • autocomplete (VimAwesome, YouCompleteMe)
  • file jumping (FuzzyFinder, Ctrl-P)
  • visual filesystem navigation (NERDTree)
  • build integration
  • snippets

An informative, practical and enjoyable talk.

๐Ÿ”  Oldschool fonts

The Ultimate Oldschool PC Font Pack (5 min, via) is exactly what the title says.

It contains my favorite font of all time, IBM VGA8, the one I use in all my terminals, which I'm looking at while I write this blogpost.

๐Ÿ” How to use security usb keys

Getting started with security keys (15 min, via)

This is the definitive guide on how to set up security keys. It's full of resources, news, and specific gadgets that you can use.

The site is beautiful too, be sure to check it out!

๐Ÿ’ฌ Developing Slack for win31

Building a new Win 3.1 app in 2019 (5 min)

This is so delightful. Even the win31 colorscheme brings great memories.

โ˜‘๏ธ Why the Windows 95 UI was so great

Not everything was perfect in 1995, but I think we've lost something on the way (1 min, tweetstorm, via)

I wholeheartedly agree with Tuomas here.

I despise flat design for software. It is confusing, ugly, and throws out the window (pun intended) what we learned in the last 30 years of UI design.

๐Ÿ’€ Windows 7 EOL

Windows 7 support ended on January 14, 2020 (1 min, via)

While I hate Windows in general, and not only from a philosophical point of view but rather because they're terrible tools, what Microsoft has done with Windows 10 is disgusting.

I've had to pay for Windows 10 copies for my company, and in return the system is slow, spies on you, and has ads on the Start menu.

Windows 7 didn't have that, so that's something. Not that it was a good experience, either

Sorry for the rant. I have nothing interesting to contribute regarding the actual link. I just couldn't pass on the opportunity to hate on modern Windows.

๐Ÿ‘ด๐Ÿผ Appreciating resilient software

Writing Software to Last 50 Years (5 min, via) is a short article that uses grep as an example of good, lasting software. The author analyzes some of the reasons that make good tech.

Thanks to a comment by andyc I've learned about the Lindy Effect: the longer some tech has been available, the longer you expect it will continue being available in the future.

โ›“ Cloudflare, the Gatekeeper

Cloudflare is turning off the internet for me (1 min, via)

I could not finish one of these roundups without your weekly reminder that the centralization of the internet is a scary thing and we all have the responsibility to fight against it.

๐Ÿดโ€โ˜ ๏ธ Support the Indie Web

The IndieWeb, a people-focused alternative to the "corporate web" (RH)

What can we do to push against a total centralization of the Internet by a dozen of companies?

Subscribe to independent RSS feeds, do not use Cloudflare unless strictly necessary, move your conent out of the mainstream platforms, use federated networks, etc.

Do not play their game.

Tags: roundup

Comments? Tweet  

Links for 2019-12-08

December 08, 2019 — Carlos Fenollosa

๐Ÿ’ป Hack your Thinkpad

My personal fight against the modern laptop (45 min, video, via)

In this talk, I will take you through the tools and techniques I used to reverse engineer the keyboard controller in my Thinkpad laptop and re-flash it with custom firmware.

Thinkpad keyboards, never such a niche topic has generated so much debate

Comparison of Thinkpad keyboards

๐Ÿ’ฅ Fight AMP

How to fight back against Google AMP as a web user and a web developer (5 min, via)

The actual contents of the article are not that interesting —don't use Google, don't use Chrome, speed up your website— but the topic is, and the HN discussion is quite insightful

HN user soyyo comments

For publishers, amp is about trying to top the results on google search and capture traffic, it's their only motivation to publish their content using amp, and the only metric they look in order to evaluate the results.

๐Ÿฒ AI-generated text adventure

AI Dungeon 2 โ€“ AI-generated text adventure built with 1.5B param GPT-2 (RH, via)

Imagine an infinitely generated world that you could explore endlessly, continually finding entirely new content and adventures. What if you could also choose any action you can think of instead of being limited by the imagination of the developers who created the game?

If you love text adventures (you should) and you're ready to be mildly amused by the fact that an AI is generating the game (you should), go ahead and give it a go.

๐Ÿ“ฒ 2/3 of your battery is used to move data around

In mobile, 62.7% of energy is spent on data movement (15 min, PDF, via)

The title may suggest that we're talking about the antennas, but it's focused on moving data from memory, and suggests designing new RAM systems with specific instructions for copying and zeroing data.

A bit long, but very interesting.

๐Ÿ“น 30 -> 60 fps using AI

Turning animations to 60fps using AI! (4 min, video, via)

Depth-Aware Video Frame Interpolation [DAIN] is a project that let you interpolate frames using an advanced AI.

Just watch this video:

๐Ÿ‡ A first look into Plan 9

Plan 9: Not dead, Just Resting, by Ori Bernstein (1h, video, via) and How I Switched To Plan 9

Plan 9 is an experimental OS that takes some UNIX principles to the extreme.

Plan 9 from Bell Labs is a research system developed at Bell Labs starting in the late 1980s. Its original designers and authors were Ken Thompson, Rob Pike, Dave Presotto, and Phil Winterbottom.

Plan 9 demonstrates a new and often cleaner way to solve most systems problems. The system as a whole is likely to feel tantalizingly familiar to Unix users but at the same time quite foreign.

In Plan 9, each process has its own mutable name space. A process may rearrange, add to, and remove from its own name space without affecting the name spaces of unrelated processes. Included in the name space mutations is the ability to mount a connection to a file server speaking 9P, a simple file protocol. The connection may be a network connection, a pipe, or any other file descriptor open for reading and writing with a 9P server on the other end.

It is not well suited for most people's daily needs, but it is very interesting both from a research and from a hobbyist point of view.

Think about it as "Plan 9 is to OpenBSD what OpenBSD is to Linux."

Make sure to check out the links above and fall into the Plan 9 rabbit hole.

๐Ÿ Malicious Python libraries

Two malicious Python libraries caught stealing SSH and GPG keys (1 min, via)

The first is "python3-dateutil," which imitated the popular "dateutil" library. The second is "jeIlyfish" (the first L is an I), which mimicked the "jellyfish" library.

Well, another attack to add to the books. Let's keep vigilant when including non-vetoed libraries in our code.

๐Ÿงฎ Vim-like tools

Big Pile of Vim-like (RH, via)

E-mail clients, file managers, browsers, music players... a bunch of software designed after some vim feature.

If you're a vim fan this is a must read!

๐ŸŽ What it's like to sell your company to Steve Jobs

Andy Miller | Sold 1st Co. For $275m, Future of Esports (1 hour, video)

What a fascinating story! Andy Miller explains how he sold his company to Apple, with plenty of anecdotes.

A very rare window inside the mind of Steve Jobs: how he lowballed the exit price with a veiled threat, how he pushed people over acceptable limits to make the most out of theirselves, and how Andy stole Jobs' laptop by mistake on what probably was the worst day of his life.

If you're a Jobs fan, this piece is one of a kind. Watch the video, or convert it to mp3 and listen to it as a podcast.

๐ŸŒŒ The end of the universe

TIMELAPSE OF THE FUTURE: A Journey to the End of Time (30 min, video)

Do you wonder how the universe will end? This excellently produced video explains how the stars will die, and then black holes, and then photons, until there is nothing in the universe, and that nothing stays forever.

A beautiful, moving piece, very informative, that helps put things into perspective.

๐Ÿ“ก How radar works

How Radar Works (15 min, via)

The author makes great effort into explaining how radar works, both from a theoretical point of view, and also with formulas.

I must admit that the math is a bit out of my comfort zone, but I recommend that you read it and at least try to understand the basic concepts. It's worth it.

Tags: roundup

Comments? Tweet  

KONPEITO, Gemini and Gopher

December 07, 2019 — Carlos Fenollosa

KONPEITO is quarterly Lo-fi hip hop & chill bootleg mixtape, distributed exclusively through the Gemini protocol. Each tape is a half-hour mix, clean on side A and repeated on side B with an added ambient background noise layer for atmosphere. Tapes are generally released in the first week of each meteorological season.

Okay, so there's a lot to unpack here.

  • KONPEITO is a very nice chill mixtape with a couple mp3 files that I found thanks to Tomasino on Mastodon
  • These files are distributed over the Gemini protocol, via this link
  • Gemini is a new internet procotol in between Gopher and HTTP
  • There is one Gemini client available, AV-98
  • The specs of the Gemini protocol can be accessed via this Gopher link
  • Gopher is a protocol that ruled over the internet once but got replaced by HTTP, what we know as "the Web" nowadays
  • You can reach Gopher links with lynx or a web proxy, but there are no modern graphical clients
  • Gopher is making a niche comeback among a few enthusiasts and you should definitely check it out if only for its nostalgic and historical value

Now that's one hell of a rabbit hole. If you reach the end you'll find a very cool mp3 mixtape.

Tags: internet, retro

Comments? Tweet