Notes from the Web
These are various artices / posts I find noteworthy. If you have any comments, feel free to write me an email at
<notes (at) philippludwig.net>.
Lesser-known methods for hiding malicious code
https://research.swtch.com/nih
This article is a very interesting reflection on an older paper about modifying the binary of a compiler in such a way that it produces malicious code, while keeping the source of the compiler clean.
When reading this, it got me thinking if you could use this technique to manipulate docker images that are used in CI in such a way that binaries of programs contain your backdoor.
If you pull it off correctly, you could probably have a small download routine for your payload or similar in a number of exe files before anyone notices.
Using graphs to convey information
http://www.stat.columbia.edu/~gelman/research/published/dodhia.pdf
If you are in the business of displaying data in e.g. research papers, you want to make sure that you get your point across. While tables show the exact information, a graph - which does not even have to be pretty - may be much more clear to the reader.
The paper “Let’s Practice What We Preach: Turning Tables into Graphs” by Andrew Gelman, Cristian Pasarica, and Rahul Dodhia shows lots of very good examples on how to do that.
“The Age of PageRank is Over”
https://blog.kagi.com/age-pagerank-over
Noteworthy quotation:
Nowadays when a user uses an ad-supported search engine, they are bound to encounter noise, wrong and misleading websites in the search results, (…). The algorithms themselves are constantly leading an internal battle between optimizing for ad revenue and optimizing for what the user wants. In most cases the former wins. Users are given results that keep them returning and searching for more instead of letting them go about their business as soon as possible.
This is true. Most of the search results on Google are nearly worthless; they are all about getting the most ad impressions as possible.
Sometimes you find the information you need, but these websites also spread wrong “facts” without checking before, because they need enough “content” to get listed in the search results.