Security sharpshooter at Apple
How is 3d printing software on the Mac?
I'm thinking of getting into 3d printing next year, and I might rid of the PC under my desk when I move later this year. I haven't used Windows in a while and for Linux, my Sweet Potato is really just as good (I am mostly a CLI guy in Linux, so running Terminal on my Mac to connect to it is reasonable).
So all I really care about is potential firmware updates to IoS and 3d printing, and I can probably firmware update on my kid's PC.
@dev My cats are not so discriminating. Cans they have recently run to:
* ravioli
* solder flux
* paste wax
@joe uh oh, now you have to write the paper analyzing the fixed points of all of the floating point operations
@jbk Apple's xnu kernel does this in several places to segregate untrusted unsanitized input. You want a real int, you gotta use a value-checking unpack function.
@ai6yr Our lead replacement program eventually determined that multiple employees in the past put "copper" for pipe material when they didn't know what the pipe was made out of, because if they didn't someone would make them dig a hole and check what the pipe was made out of; and they didn't have the budget for doing that.
@sperbsen Years ago working on a port of X Windows, found a bug where Select All + Copy in Netscape on a sufficiently large web page would crash the display server. The display server was using a stack-allocated array for either the selection highlight rectangles or the pasteboard contents (can't remember which), and that was bad news with a sufficiently-large array and a sufficiently-small maximum stack frame size.
This has been bugging me for a while, and I finally figured it out over the long weekend. Who wants to be the first person to blow a hole in my proof? https://factorcode.org/slava/abaaabaaaab.pdf
@drahardja Except Y2K.
I've been getting custom (out-of-tree) passes to work at LTO with LLVM's new pass manager (I hope they never rename it).
I couldn't find a good description of this solution anywhere online so I wrote it up:
https://gist.github.com/tommymcm/1c65f9ed5f169bdc8ee1f4d1268558bb
Hopefully someone finds it useful.
I have a similar workflow working now for Rust/Cargo.
If folks are interested in that I can take some time to write it up as well, otherwise I'll do it when I feel like it.
@cocoawithlove tied with Mac OS X Tiger 10.4.11
maybe more for classic Mac System 7.0/7.1 depending how you count
This instruction:
mov [rDest + <index>], ch
under these conditions, when overclocked a bit, once the machine has "warmed up", seems to have around a 1/10000 chance of actually storing the contents of CL instead of CH to memory.
(this was "fun" to debug.)
The workaround: when we detect Raptor Lake CPUs, we now do
shr ecx, 8
mov [rDest + <index>], cl
instead. This takes more FE and uop bandwidth, but this loop is mainly latency-limited, and this is off the critical path.
@pkhuong In Apple's tools our terminology distinguishes between "leaked" memory (unreachable) and "abandoned" memory (technically reachable but logically never to be used again). We have pretty good tools for detecting and diagnosing leaked/unreachable memory, so undesirable footprint growth is often dominated by abandoned memory.
@Alice @craig_groeschel @bedast To add a little onto this, in around 2008 there was a measles outbreak in California - some were exposed in the waiting room of antivax doctor Bob Sears:
https://justthevax.blogspot.com/2011/04/2008-measles-in-dr-bob-sears-waiting.html?m=1
I learned of this iduring the later 2014 measles outbreaks. At the time I was working as a safety analyst and software developer for our firm's facility analysis code. The program was originally intended to answer weird and complex questions like "If the gas in this tank of radioactive sludge blew up, how much sludge would come flying out the vents as aerosols?". It was also a very flexible code so I wondered if I could use it to predict the probability of catching measles in Bob Sears' waiting room.
Turns out that you can.
You can model the human respiratory system as a set of compartments and flow paths and filters - there's a simple-ish model from 1979 and a much more complex one from 1994 that were intended for predicting radiation dose from breathing contaminated air. Thing is, part of the model only cares about particles sticking in your nose, sinus, trachea, and lungs - it doesn't care what those particles are. Could be radioactive sludge, could be spray paint, could be mucus ejected from a sneeze - an aerosol is an aerosol.
So if one were bored and curious, one could estimate how much goo sprays out of a person when they sneeze, the range of sneeze particle sizes, the number of virus particles per milligram of sneeze goo, and the chance of being infected with measles per virus particle that get deposited in their respiratory system. Combine that with the size of a waiting room, how often the waiting room air gets replaced by fresh air, people's breathing rates, how long they spend in the waiting room, WHETHER THEY ARE WEARING A MASK AND WHAT THE FILTER EFFICIENCY OF THE MASK IS, and so on, you can turn this into solvable politically-neutral engineering problem. Aside from modeling how aerosols settle out of the air, most of this problem is tedious but straightforward and all of it could be modeled to some degree of accuracy by our software. And when you run the numbers, you get an answer that's eerily close to what professional epidemiologists observe in outbreaks. You can see the difference ventilation and masking makes, the effect of being exposed for an hour vs 15 minutes, the difference in protection between a 50% and a 95% effective mask.
Measles is incredibly virulent - you can get infected by a single virus particle. If I could model measles transmission with reasonable accuracy using publicly available info (props to 3M for their tech reports on respirator effectiveness against biological hazards), anyone with the data, the software, and some basic understanding of HVAC and respiratory safety could model COVID transmission. The main differences would be in the number of COVID virus particles per droplet of sneeze aerosol and the probability of infection per COVID particle. Everything else in the model is the same.
I built this model because I was curious; I was surprised that it lined up pretty well with what epidemiologists observed. I got laid off in 2018, COVID happened in 2020, and I've spent the last 5 years watching this murderous idiocy unfold. It was clear early on that COVID was airborne and I knew the effect of masking, linger time, and ventilation on infection probability. There wasn't much I could do to help beyond trying to keep myself safe and explain it to anyone who'd listen.
Anybody whose job it was to set policy to protect public health had the resources to ask and answer these questions, to build the model I did. Our software wasn't magic, it just modeled aerosols, something humanity has been doing since at least the 1930s (https://iara.org/wp-content/uploads/2023/01/2AerosolPioneerEditedAugNAFuchs.pdf). I'm not some extraordinary brain genius but I am a competent engineer with experience in this field. It's infuriating how this all played out, how even without the MAGA choads the medical and public health community wouldn't do what I did in my goddamn spare time with off-the-shelf software (granted, it's a very small shelf but we didn't write this code to solve this problem, I just used what we already had available and some basic engineering.) If I could do it, someone whose actual fucking job it was to do it could too.
I'm only a little bitter; I'm more upset about the avoidable mountain of dead than getting any credit.
I guess what I'm saying is that I have questionable judgment when it comes to how I spend my free time, I know waaaay too much unmonetizable technical trivia, and I'm lousy at self-promotion.
@BoydStephenSmithJr @enbrown.bsky.social Also is it a jury trial? I know that, and you know that, but better to avoid any doubt that the jurors all know that.
@ricci Because you can't sit in the fort and sit on the keyboard at the same time, that's why not!
@calcifer@masto.hackers.town
Young man, there's no need to have RAM
I said young man, you can simply program
I said young man, logic gates are my jam
There's no need for a CPU
It's fun to program the FPGA
It's fun to program the FPGA
It has everything
For a Turing machine
You can write out all your routines
@lcamtuf 6 × 9 = 42
remember that time a north african merchant(?) named constantine was in italy and a guy in the hostel was sick and they called a doctor and constantine was like "uhh aren't you gonna take a urine sample" and the doctor was like "a what" and constantine was like "…" and the doctor was like "…" and then constantine africanus moved to the monastery of monte cassino and spent the rest of his life translating arabic medical texts into latin,
because i think about this probably every single week
more: https://constantinusafricanus.com/2017/12/22/ego-constantinus-africanus-montis-cassinensis-monacus/ 🐘
