Ethan's Wiki Update #4
Hello, some small additions this week.
What’s New
Computers Page: CS 191 "Classics of Computer Science"
A computer science course from Harvard.
This course examines papers every computer scientist should have read, from the 1930s to the present. It is meant to be a synthesizing experience for advanced students in computer science: a way for them to see the field as a whole, not through a survey, but by reliving the experience of its creation. The idea is to create a unified view of the field of computer science, for students who already know something about it, by replaying its entire evolution at an accelerated frame rate.
I remembered I discovered this course in some comments I read. I saved it for a while now, but haven’t added them to the Wiki. Would be a good reading some day.
Cybersecurity Page: how to gain code execution on millions of people and hundreds of popular apps (HN thread)
A build tool ToDesktop build app in container and publish release
The build pipeline is not isolated, while the key signing is done by ToDesktop within that build container, leaking the key that is applicable to push auto updates for all apps, meaning remote code execution on every computer installed those apps
The vulnerability technically allows releasing update to apps like Cursor, Linear and Notion
Also some advice and discussion in the HN thread from ToDesktop founder and Electron maintainer (Felix Riseberg)
I am interested in this problem space as well, because I had built tools that do untrusted code compilation. They need to be absolutely isolated and secure. But the fact that they need to build code implies remote code execution (RCE) are possible. I don’t believe it is possible to lock down the system to predefined whitelisted source and close off internet access before any code execution. That is an infeasible design because it doesn’t serve the product requirement. So, it is about designing a system that even RCE is possible, it is considered safe. However, pentesters and security auditors are extremely sensitive to product that allows RCE. It is a tough tradeoff between usability (+ maintainability) v.s. security.
TIL Page: I added more Wiki, there are a lot of people doing these things out there too
Everything Shii Knows: Just discovered this week, old archive of short articles
Second-Brain: curated list on GitHub by KasperZutterman
Best of digital gardens: also a curated list on GitHub by lyz-code
Random
The today I learned page reminded me how many people are doing these together, and reminded me I am doing this for myself primarily. It’s just for me to organise and find back resources later. I still find it sad that Nikita’s Wiki is behind a paywall and most of the contents are erased from GitHub.
Reading all other Wiki page also reminds me another reason why I would like to start a page like this. I would like to save the “thing” that “hook” my interest on a topic. There is usually something, be it a news article, a YouTube video, a long form guide, interactive guides, a company, or many other things that made me paid attention to one thing. Often times when someone is motivated to learn something, what drives motivation is just a “hook”. I hope to save down these hooks and share with people. One example is this Veritasium YouTube video and this page by Bartosz Ciechanowski about bicycle (link to Wiki page with more notes). They are the “hook” that made me aware of the interesting designs about bicycles.
On the other hand, I often say rereading certain pages is rewarding and refreshing, the learning page (and anything under that tree) is definitely one. I revisited the Edutainment is not learning blog in that page.