Case Study House #16 (Craig Ellwood, 1953) has been listed for sale: https://www.zillow.com/homedetails/1811-Bel-Air-Rd-Los-Angeles-CA-90077/20529514_zpid/

More photos on the Esoteric Survey blog: https://esotericsurvey.blogspot.com/2024/02/case-study-house-16-craig-ellwood.html

New blog post, about a fun obsession of mine, the reason why we use elliptic curves and not any other groups for Diffie-Hellman.

https://keymaterial.net/2025/05/23/there-is-no-diffie-hellman-but-elliptic-curve-diffie-hellman/

@regehr @cfbolz Building JavaScriptCore in a qemu VM for a class project¹ takes an entire day, versus minutes natively on the host. "No fun" is right. I really thought this would be better by now :(

__
¹ https://www.cs.utexas.edu/~hovav/class/cs378h-s25/proj5.html

@cfbolz Yup, I think it addressed the Chimera folks' immediate concern because they were given one as a donation, but I don't know if it's price-competitive with, say, a Mac Studio and qemu, especially for buying in the US now.

@regehr Sadly no, as far as I can tell. https://chimera-linux.org/news/2025/03/dropping-riscv.html

@AlesandroOrtiz @futurebird @phooky @sophieschmieg @mhoye Except that TeX’s points aren’t quite printer's points either, for efficiency!

The units have been defined here so that precise conversion to sp is efficient on a wide variety of machines. In order to achieve this, TeX’s “pt” has been made slightly larger than the official printer’s point, which was defined to equal exactly .013837 in by the American Typefounders Association in 1886 [cf. National Bureau of Standards Circular 570 (1956)]. In fact, one classical point is exactly .99999999 pt, so the “error” is essentially one part in 108. This is more than two orders of magnitude less than the amount by which the inch itself changed during 1959, when it shrank to 2.54 cm from its former value of (1/0.3937) cm; so there is no point in worrying about the difference.

(The TeXbook, p. 58)

@rygorous I agree with your assessment. I've been collecting CPU bugs we detect in Firefox here: https://bugzilla.mozilla.org/show_bug.cgi?id=1896406

We've even deployed code to automatically detect CPU bugs from reports because it's a significant problem. We've spotted notorious offenders in the past such as AMD's Jaguar or the very first Zen, as well as certain Atoms. At this stage Raptor Lake has caused more issues than all those CPUs combined (and I don't know how many we haven't spotted).

This instruction:
mov [rDest + <index>], ch

under these conditions, when overclocked a bit, once the machine has "warmed up", seems to have around a 1/10000 chance of actually storing the contents of CL instead of CH to memory.

(this was "fun" to debug.)

The workaround: when we detect Raptor Lake CPUs, we now do

shr ecx, 8
mov [rDest + <index>], cl

instead. This takes more FE and uop bandwidth, but this loop is mainly latency-limited, and this is off the critical path.

Thorough analysis of satellite reentries over the last 5 years, and how they were affected by the May 2024 solar storm: https://arxiv.org/pdf/2505.13752

Personally, I think the paper has way too much of a tone of "wow look at all this great reentry data! We can learn so much about satellite drag!" and not nearly enough "Holy shit guys, that's a lot of metal burning up in the atmosphere, maybe this is a bad idea?"

@skinnylatte Wow, this is so telling:

The solution? Keller will have a replica made by the companies that create fake trees for Disneyland and Las Vegas. “When the tree dies, the duplicate will arrive, and it will be as if nothing has changed,” Fegan writes.

@bill88t What do you base this claim on? --

you were born yesterday

@bill88t @dymaxion What do you base this claim on? --

Due to this?
No, probably it's gonna be some .pdf.exe

CVE-2025-4919 is a classic Manfred Paul bug. I'd be very surprised if other threat actors don't already have working RCE from the patch. Especially because they can likely reuse much of the code they wrote to exploit his Pwn2Own bug in the same Ion subsystem last year (CVE-2024-29943).

When I say that I can't recommend third-party forks of either Firefox or Chrome for real world use, this kind of thing is why. *This* is the bar for what the security team for a browser needs to be able to do. A fork where the entire technical team is ten people that can't even keep up with upstream patches is sadly not in the running.

https://blog.mozilla.org/security/2025/05/17/firefox-security-response-to-pwn2own-2025/

@jerry Good to see Thor again!

So it was fitting that Esa-Pekka Salonen, who has become Boulez’s heir as the leading composer-conductor of our day, led the orchestra’s centennial celebration of the modernist maestro on Sunday afternoon, May 11, at Walt Disney Concert Hall. Like Boulez’s concerts — and just about all of Salonen’s return visits to Los Angeles as conductor laureate — it was a real event, a bold, innovative program loaded with musical crosscurrents.

Richard Ginell reviews the LA Phil’s tribute to Boulez: https://www.sfcv.org/articles/review/esa-pekka-salonen-leads-magnificent-la-phil-tribute-pierre-boulez

Behold my favorite weird Chrome security bug of 2025 so far!

A jaw-dropping URL / omnibox spoof via ligatures, specifically the googlelogo ligature.

https://issues.chromium.org/issues/391788835

Apparently among the grants to Harvard PIs that NSF terminated today: Melanie Matchett Wood’s 2021 Waterman Award (“For fundamental contributions at the interface of number theory, algebraic geometry, topology, and probability”).

[Source: https://grant-watch.us/nsf-data.html]

We found an Apple Silicon CPU issue with FJCVTZS, the "JS-compatible double-to-int32 conversion" instruction that was added to ARMv8.3.

If the Flush-to-Zero flag is set in the FPCR register and FJCVTZS is used with a denormal, my M1 sets the Zero flag to 1 and M2-M4 CPUs set it to 0. This flag indicates whether the conversion was exact. I believe M1 is correct?

Test case: https://gist.github.com/jandem/e6b5660975f145b85d533b97ad054f08

@mcc Random thought I haven't tested works: If you have libicu76 installed, can you trick the dotnet installer by using equivs¹ to create an empty libicu74 package?

__
¹ https://wiki.debian.org/Packaging/HackingDependencies

@carrideen I'm sorry you're dealing with this. If it helps, no credible security researcher thinks that punitive phishing tests are a good idea.

Also, many phishing test e-mails have a distinctive header like X-PhishMe: Phishing_Training that one could hypothetically use to set up an e-mail client filter rule and never see those messages again.