A technical analysis of Pegasus for Android - Part 1

Seeing through hardware counters: a journey to threefold performance increase

10 Mistakes to avoid when building your API

Look out! Divergent representations are everywhere

Issue #301

11/30/2022

{{PreviewText}} 

Soup?
Thanks to everyone who helped out with the tweet yesterday by retweeting it. I emailed the server provider directly, to see if they'd be open to partnering. Fingers crossed.
Does anyone have experience with generating plain English summaries of SQL databases? I work with a marketer who doesn't know SQL and I thought it would be cool if they could run a script to get an understandable summary of the database, which they could then use to query information they want. OpenAI has an example that lets you generate SQL from natural language input, which could be paired with the general summary to give someone who doesn't know anything about SQL the ability to use a database pretty easily.
Looking to dive into C? I came across this article full of tip.
To whoever wrote about switching their jobs, I'm sure you'll do great! Feel free to email me if you want a list of articles I've featured in the newsletter with the tags you mentioned.
According to the feedback form, 7 people like turtles.
Anyway, here's the issue.

====================================================================

Today's Sponsor: signNow

Use signNow's flexible eSignature API to implement custom document flows that require legally binding signatures.

====================================================================

A technical analysis of Pegasus for Android - Part 1

Published: 29 August 2022
Tags: android, infosec


CyberMasterV wrote a series of articles as a technical deep-dive on the Pegasus spyware.
Some highlights:

  • The Pegasus spyware was developed by the NSO group and analyzed by Amnesty International and CitizenLab
  • The spyware is pretty noisy and logs messages using the Log.i method
  • It logs messages from Facebook, Kakao, Skype, Twitter, Viber, Gmail, Android native email, Android native browser, and the default calendar



====================================================================

Seeing through hardware counters: a journey to threefold performance increase

Published: 10 November 2022
Tags: aws, cpu, java, microservices, optimization


Vadim Filanovsky and Harshad Sane discuss how a microservice was moved to a larger AWS instance size in order to increase performance, but the results were far from the desired goal. Through further investigation, it was discovered that there was a strange pattern in the CPU and latency metrics between nodes.
Some highlights:

  • A larger instance type didn't solve the problem
  • Flame graphs can be used to compare CPU performance
  • The root cause was “false sharing,” where 2 independent variables share a cache line



====================================================================

10 Mistakes to avoid when building your API

Published: 17 February 2022
Tags: api, design patterns, sponsored


The signNow team shares a list of mistakes you should avoid when building your own API (with descriptions).


====================================================================

Look out! Divergent representations are everywhere

Published: 10 November 2022
Tags: compiler, infosec, sqlite


Andreas Kellas shows how a signed integer overflow in certain versions of SQLite can enable arbitrary code execution and result in a denial of service.
Some highlights:

  • The compiler’s representation of an important integer variable is semantically different in different parts of the program, called "divergent representations"
  • This can lead to inconsistent interpretations of the variable when it overflows
  • Andreas used binary and source code analyses to find more divergent representations in existing open-source codebases



How did I do?

* Amazing
* Articles not relevant to me
* Articles were relevant, but badly written
* Summaries told me everything I wanted to know
* I like turtles

Want to help?

Thank you for reading! If you enjoy the newsletter, I would really appreciate you helping me spread the word by forwarding this to your friends and colleagues or sharing it on social media! Get cool stuff for your referrals using your link https://abyteofcoding.com.

Your referrals:


If you want to discuss or comment on this issue, head on over to this page at A Byte of Coding. You can also subscribe there if you're new!

Have comments or feedback? Just reply to this email or hit me up on Twitter @AByteOfCoding.

Email landed in your promotions tab? Please move it over to primary so you don't miss the latest issues in the future.
Thanks for your Support! 

Big thanks to all of the Patreon supports and company sponsors. If you want to support the newsletter you can checkout the Patreon page. It's not necessary, but it lets me know that I'm doing a good job and that you're finding value in the content.


Stats (updated daily)

Sent: 2994

Opens: 1438

Clicks: 449

Link Clicks Clicks % Unique Clicks Unique Clicks %
A technical analysis of Pegasus for Android - Part 1 63 37.06% 66 37.50
Seeing through hardware counters: a journey to threefold performance increase 58 34.12% 59 33.52
10 Mistakes to avoid when building your API Awaiting Update Awaiting Update Awaiting Update Awaiting Update
Look out! Divergent representations are everywhere 49 28.82% 51 28.98

Previous

Back to Issues

Next