Author Archives: pappp

Article note: ...plausibly deniable [algorithmic collusion? predatory pricing?] Like the old plague of "trivial process _on a computer_ counts as patent-able" patents, we have "Antisocial behavior _on a computer_ doesn't count as prosecute-able" dodges.

Article note: Academic career arcs are definitely not a toxic game antithetical do to doing valuable research. /s

Enlarge / Katalin Karikó and Drew Weissman. (credit: Mark Makela / Stringer)

Biochemist Katalin Karikó and immunologist Drew Weissman won the Nobel Prize in Physiology or Medicine Monday for their foundational research showing that chemical modifications to the molecular building blocks of messenger RNA (mRNA) could enable its use for therapeutics and vaccines—a realization crucial to the rapid development of the life-saving mRNA COVID-19 vaccines during the deadly pandemic.

The pair's prize-winning and tenacious work on different types of RNA culminated in a 2005 breakthrough study showing that chemical modifications of mRNA bases (nucleosides)—adenine (A), cytosine (C), uracil (U), and guanine (G)—could keep them from igniting innate immune responses and inflammation reactions, which had foiled previous efforts to use mRNA for therapeutics.

In our cells, mRNA is an intermediate molecule, a single-stranded copy of coding from the genes in our DNA blueprints that is then translated into functional proteins. (DNA uses bases A, C, G, and thymine (T), which is structurally similar to RNA's U.) The mRNA is copied (aka transcribed) from DNA in a cell's nucleus and then moves to the cytoplasm for its code-deciphering translation into proteins. Thus, mRNA is critical for protein production and is more accessible than DNA—features that made it an appealing target for developing therapeutics.

Article note: Can we please just burn the entire academic publishing industry to the ground? It is in every possible way impeding a healthy research process.

Article note: Huh, I always thought the modprobe (only from tree)/ insmod (load your own random modules) distinction was intentional.

Article note: Interesting. They have a custom IC doing the glue, but it's still a Broadcom SoC (this time a BCM 2712) which probably means it still does the "boot via a blackbox running on the GPU" bullshit. Performance looks comparable to an RK3588 system so (as always) it's largely going to come down to software support and other ecosystem effects. The 4GB=$60, 8GB=$80 pricing isn't unreasonable. The 1x PCI-E lane on FPC is cool and should enable some nice applications and less-shitty storage media. The dedicated connections for UART and fan are nice, as is keeping analog video on some pins for those who want it. Hopefully they don't run into another supply chain choke.

Article note: This is a nifty tale of architectural details and subtly different instructions. Nice example for why knowing assembly is useful even if you don't generally work directly in it.

Article note: I love goofy little standalone computers. I'm always a bit puzzled why so many people who build them choose Lisp.

Article note: This is some insane shit. The fact that "GPU-accelerated CSS filters on a cross-origin iframe" are a thing is psychotic and and indictment against the state of the Web on multiple levels. The fact that someone figured out they can use the mechanism to launch side-channel attacks by building filters with different execution times based on pixel properties is super nifty in a horrifying way.

Enlarge

GPUs from all six of the major suppliers are vulnerable to a newly discovered attack that allows malicious websites to read the usernames, passwords, and other sensitive visual data displayed by other websites, researchers have demonstrated in a paper published Tuesday.

The cross-origin attack allows a malicious website from one domain—say, example.com—to effectively read the pixels displayed by a website from example.org, or another different domain. Attackers can then reconstruct them in a way that allows them to view the words or images displayed by the latter site. This leakage violates a critical security principle that forms one of the most fundamental security boundaries safeguarding the Internet. Known as the same origin policy, it mandates that content hosted on one website domain be isolated from all other website domains.

Optimizing bandwidth at a cost

GPU.zip, as the proof-of-concept attack has been named, starts with a malicious website that places a link to the webpage it wants to read inside of an iframe, a common HTML element that allows sites to embed ads, images, or other content hosted on other websites. Normally, the same origin policy prevents either site from inspecting the source code, content, or final visual product of the other. The researchers found that data compression that both internal and discrete GPUs use to improve performance acts as a side channel that they can abuse to bypass the restriction and steal pixels one by one.

Article note: ...This is a webserver running on a Pi Zero serving a page to the feeble internal browser on the Kindle over Wifi, and talking to a Bluetooth keyboard. There's that SolarWriter app that does the same trick with a phone as the intermediary. Either way, there are two relatively powerful computers (as in... bigger than minicomputer that would have served a whole department in the late 70s) running Linux and a complete web stack at each end, to attach a keyboard and display for simple text editing. It's shocking how the "little eink terminal" market has failed and always spirals into this kind of weird complexity and/or goofy proprietary closed devices freewriter type things.

Article note: This caused me to think. Remember when a little bit of judicious JS to do small updates on the client made pages seems super fast compared to doing a bunch of network roundtrips in the early 2000s? Notice how now connections are only slightly faster (only slightly lower latency, typical bandwidth has improved more) and most JS pages are so bloated they consume enough resources to be the limiting factor on otherwise-usable computers, which has made static HTML pages seem startlingly fast while typical JS-heavy pages are sluggish? It's quite an indictment of where the web has gone. Plus, we lost local presentation control/structure (for theming and alternative displays and screen readers and such) in the process.