jdarpinian

///$(which true);FLAGS="-g -Wall -Wextra --std=c17 -O1 -fsanitize=address,undefined";THIS_FILE="$(cd "$(dirname "$0")"; pwd -P)/$(basename "$0")";OUT_FILE="/tmp/build-cache/$THIS_FILE";mkdir -p "$(dirname "$OUT_FILE")";test "$THIS_FILE" -ot "$OUT_FILE" || $(which clang || which gcc) $FLAGS "$THIS_FILE" -o "$OUT_FILE" || exit $?;exec bash -c "exec -a \"$0\" \"$OUT_FILE\" $([ $# -eq 0 ] || printf ' "%s"' "$@")"
#include <stdio.h>

int main() {
  printf("Hello world!\n");
  return 0;
}

antirez

Meltdown fix impact on Redis performances in virtualized environments

UPDATE: apparently kernel difference may have a serious impact, so I'll redo the test from scratch.

Test performed with AOF enabled, fsync policy 1 second, allowing the rewrites to be triggered.

Command lines used:

djspiewak

Quick Tips for Fast Code on the JVM

I was talking to a coworker recently about general techniques that almost always form the core of any effort to write very fast, down-to-the-metal hot path code on the JVM, and they pointed out that there really isn't a particularly good place to go for this information. It occurred to me that, really, I had more or less picked up all of it by word of mouth and experience, and there just aren't any good reference sources on the topic. So… here's my word of mouth.

This is by no means a comprehensive gist. It's also important to understand that the techniques that I outline in here are not 100% absolute either. Performance on the JVM is an incredibly complicated subject, and while there are rules that almost always hold true, the "almost" remains very salient. Also, for many or even most applications, there will be other techniques that I'm not mentioning which will have a greater impact. JMH, Java Flight Recorder, and a good profiler are your very best friend! Mea

zoocoup

###  Updated to reflect changes introduced with 10.13.4. Update to 10.13.4 if needed before attempting to make 
SecureToken-related changes. ###

sysadminctl is a tool Apple introduced in 10.10 for working with system user accounts. In 10.13, sysadminctl is Apple's 
recommended tool for working with user accounts in the CLI, replacing functionality that has long been provided by dscl 
and adds new features available only in 10.13. sysadminctl can be used to change user passwords, create new users or 
check the status of a new-to-10.13 security feature named SecureToken.

SecureToken is a non-visible APFS file system attribute, unlike the SIP protected flag or file creation date, that triggers 
the creation of a new AuthenticationAuthority entry in a user's local account record 

pfeilbr

Slides for Re:Invent conference

• Re:Invent 2018
• Re:Invent 2017
• Re:Invent 2016
• Re:Invent 2015
• Re:Invent 2014
• Re:Invent 2013
• Re:Invent 2012

agentsim

# Generate a BaseSystem.dmg with 10.13 Install Packages
hdiutil attach /Applications/Install\ macOS\ 10.13\ Beta.app/Contents/SharedSupport/InstallESD.dmg -noverify -mountpoint /Volumes/highsierra
hdiutil create -o /tmp/HighSierraBase.cdr -size 7316m -layout SPUD -fs HFS+J
hdiutil attach /tmp/HighSierraBase.cdr.dmg -noverify -mountpoint /Volumes/install_build
asr restore -source /Applications/Install\ macOS\ 10.13\ Beta.app/Contents/SharedSupport/BaseSystem.dmg -target /Volumes/install_build -noprompt -noverify -erase
cp -R /Volumes/highsierra/Packages /Volumes/OS\ X\ Base\ System/System/Installation
hdiutil detach /Volumes/OS\ X\ Base\ System/
hdiutil detach /Volumes/highsierra/
mv /tmp/HighSierraBase.cdr.dmg /tmp/BaseSystem.dmg

rain-1

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

• Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
• Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
• Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
• Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
• Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

roycewilliams

CAA Adoption Notes

CA/B mandate

The CA/Browser Forum has voted to mandate that CAs must start checking CAA records to control certificate issuance (to verify what CAs are allowed to issue certificates for a domain) by September 8th, 2017.

https://blog.qualys.com/ssllabs/2017/03/13/caa-mandated-by-cabrowser-forum

Full language of the ballot is here.

simonw

How to recover lost Python source code if it's still resident in-memory

I screwed up using git ("git checkout --" on the wrong file) and managed to delete the code I had just written... but it was still running in a process in a docker container. Here's how I got it back, using https://pypi.python.org/pypi/pyrasite/ and https://pypi.python.org/pypi/uncompyle6

Attach a shell to the docker container

Install GDB (needed by pyrasite)

apt-get update && apt-get install gdb

serithemage

AWS 학습 링크집 시리즈

• AWS 학습 자료집 http://bit.ly/aws-study-resource
• AWS 공인 솔루션스 아키텍트 - 어소시에이트 수험 가이드 http://bit.ly/sacertguide
• AWS 공인 개발자 - 어소시에이트 수험 가이드 http://bit.ly/devcertguide
• AWS 보안 관련 컨텐츠 모음집 http://bit.ly/seccontents

---

AWS 공인 개발자 - 어소시에이트 수험 가이드(http://bit.ly/devcertguide)