Notes from the Web

These are various artices / posts I find noteworthy. If you have any comments, feel free to write me an email at

<notes (at) philippludwig.net>.

Lesser-known methods for hiding malicious code

https://research.swtch.com/nih

This article is a very interesting reflection on an older paper about modifying the binary of a compiler in such a way that it produces malicious code, while keeping the source of the compiler clean.

When reading this, it got me thinking if you could use this technique to manipulate docker images that are used in CI in such a way that binaries of programs contain your backdoor.

If you pull it off correctly, you could probably have a small download routine for your payload or similar in a number of exe files before anyone notices.

Using graphs to convey information

http://www.stat.columbia.edu/~gelman/research/published/dodhia.pdf

If you are in the business of displaying data in e.g. research papers, you want to make sure that you get your point across. While tables show the exact information, a graph - which does not even have to be pretty - may be much more clear to the reader.

The paper “Let’s Practice What We Preach: Turning Tables into Graphs” by Andrew Gelman, Cristian Pasarica, and Rahul Dodhia shows lots of very good examples on how to do that.

“The Age of PageRank is Over”

https://blog.kagi.com/age-pagerank-over

Noteworthy quotation:

Nowadays when a user uses an ad-supported search engine, they are bound to encounter noise, wrong and misleading websites in the search results, (…). The algorithms themselves are constantly leading an internal battle between optimizing for ad revenue and optimizing for what the user wants. In most cases the former wins. Users are given results that keep them returning and searching for more instead of letting them go about their business as soon as possible.

This is true. Most of the search results on Google are nearly worthless; they are all about getting the most ad impressions as possible.

Sometimes you find the information you need, but these websites also spread wrong “facts” without checking before, because they need enough “content” to get listed in the search results.