Sam Symons

Math Notes: Ray-Plane Intersection

Thu, 17 Aug 2017 00:00:00 +0000

As part of working on ray tracing recently, I spent some time brushing up on how to calculate intersections between rays and different types of 3D objects. In preparation for blogging about actually creating a ray tracer, I thought it would be nice to spend some time covering some of the math.

Detecting Simulator Builds in Swift

Fri, 11 Aug 2017 00:00:00 +0000

When developing a Swift app, you will occasionally find yourself wanting to include a piece of code only if you’re running in the simulator. Perhaps you want to run some alternative code paths (like not calling Metal APIs, which aren’t available in the simulator), or avoid attempting to register for push notifications. There are a few ways in which to do this, and the techniques are different depending on whether you’re writing Swift or Objective-C.

This difference often catches people out who have come from Objective-C and are used to using all of the familiar C macros. Let’s cover the right approach for each language.

Understanding Objective-C Modules

Thu, 03 Aug 2017 00:00:00 +0000

A few years back, the idea of Objective-C modules was introduced to LLVM. They were developed as a solution to the problems associated with the traditional #include and #import mechanisms.

Better String Enums in Swift

Sat, 20 May 2017 00:00:00 +0000

Swift has a number of great features for improving the way it imports Objective-C code. With NS_SWIFT_NAME you can customize the name of functions imported into Swift, and nullability annotations let you work closer with Swift’s optional system. These features are very useful and pretty well known, but one feature I don’t see talked about as often is NS_STRING_ENUM.

Crafting Interpreters

Wed, 22 Feb 2017 00:00:00 +0000

This is a fantastic guide on the ins and outs of building an interpreter. It’s still in its early stages, but what’s already there is great.

Notes for Coursera Machine Learning, Week 1

Tue, 16 Aug 2016 00:00:00 +0000

Some time ago, I started Andrew Ng’s Machine Learning course on Coursera. I loved every bit of it, but I only got halfway through before I started a new job and it ended up falling by the wayside.

Bayes' Theorem

Wed, 10 Aug 2016 00:00:00 +0000

One of the most useful and interesting theorems in statistics is Bayes’ Theorem. I like it a lot because it can be used to solve interesting problems with very little effort — it boils down to one equation! I wanted to go over it and try to provide some intuition into how it works, and then why you would want to use it.

Rendering Math with KaTeX

Sat, 06 Aug 2016 00:00:00 +0000

The other day, I was looking into how easy it is to render LaTeX via a Markdown document. MathML isn’t yet widespread enough to use reliably, so instead I started looking at some of the third-party libraries available. I had looked at KaTeX from Khan Academy a few times in the past, and was happy to find that it was exactly what I wanted.

Writing High Performance Swift Code

Thu, 28 Jul 2016 00:00:00 +0000

Great collection of tips for improving Swift’s performance.

Exploring Swift, Part 2: Installing Custom Toolchains

Mon, 18 Jul 2016 00:00:00 +0000

As you’re making changes to Swift, you’ll want to test them out by using your new version of the compiler and writing some programs with it. The most convention way to do this is to provide the system with a new version of Swift to use. Some of the projects in the Swift ecosystem (like the package manager) may even require that you have a more recent version than that which Xcode provides.

Creating Siri Extensions With SiriKit

Mon, 20 Jun 2016 00:00:00 +0000

With the introduction of iOS 10 at WWDC 2016, Siri has finally been opened up to developers, in the form of SiriKit. It comes with support for a fixed set of app categories for now, ranging from messaging and phone calls to payments and booking rides. Siri is an extremely complicated product, having to manage many languages and process words correctly, so I wanted to see how easy it is to add support for it to an app.

Linting Changed Files With SwiftLint

Sun, 19 Jun 2016 00:00:00 +0000

SwiftLint is an incredible tool for identifying style issues with Swift codebases, and highlighting them right in Xcode. It’s great for saving time during code reviews, letting reviewers to worry about important issues. The problem is trying to integrate SwiftLint into an existing codebase which has been worked on by dozens of authors – adding SwiftLint into a work project gave us over 20,000 warnings. It’s fantastic that SwiftLint caught these, but this drowns out issues which may be really important.

Exploring Swift, Part 1: Getting Started

Tue, 14 Jun 2016 00:00:00 +0000

With the open source release of Swift in December last year, developers everywhere have been able to delve into the code behind the language and help improve it for everybody else. They’ve been able to help track down bugs in the current releases, and also help plan out future iterations. This has been fantastic for those of us who work with Swift daily, and it would be great to be able to help contribute to the language as well.

Writing an OS in Rust

Wed, 01 Jun 2016 00:00:00 +0000

Fantastic series from Philipp Oppermann on building an operating system from scratch using assembly and Rust.

No More GitHub Streaks

Mon, 30 May 2016 00:00:00 +0000

As part of this update, code streaks are no longer featured on your contribution graph. The simplified interface focuses on the work you’re doing rather than the duration of your activity. Great change. 👍

Deliberate Practice

Sun, 29 May 2016 00:00:00 +0000

Peak: Secrets from the New Science of Expertise is a book studying deliberate practice, the act of pushing yourself to learn more about a subject while constantly reviewing your progress and applying feedback. Many of the examples in the book are of activities that can be easily quantified; playing chess or memorizing numbers, for example. You can graph your progress from day to day, allowing you to spot weaknesses and improve those areas.

It's Just Bits

Mon, 18 Apr 2016 00:00:00 +0000

It’s just bits, why call through a bunch of code that can make his system less stable if understanding the bits isn’t actually that hard? Thinking of complex algorithms and protocols as “just bits” helps me to understand them every single time.

Reverse Engineering Challenges

Sun, 15 Nov 2015 00:00:00 +0000

This collection of programming challenges looks like a great way to spend some free time. There are a ton of different interesting pieces of code to dig into.

corecrypto

Sun, 01 Nov 2015 00:00:00 +0000

I was excited to see Apple release the source code of their corecrypto library the other day. It provides implementations of many of the low level crypto primitives used in their other frameworks, like CommonCrypto. Sadly, it’s not truly open source as the license prevents you from using it elsewhere, but being able to audit the code is a step in the right direction.

Eliminating Roundtrips with Preconnect

Wed, 09 Sep 2015 00:00:00 +0000

Ilya Grigorik from the web performance team at Google had a great write-up of the upcoming preconnect feature in Chrome and Firefox a few weeks ago. This is the kind of thing which I really love to see implemented in browsers: small, subtle features which yield nice performance boosts.

BetterCap

Wed, 22 Jul 2015 00:00:00 +0000

Whenever I play with MITM attacks against my devices on the local network, it always feels like I’m just putting together pieces of Lego until I find a combination of software that does what I want. BetterCap has pretty much put an end to this problem – earlier I ran a MITM attack again my iPhone, modifying HTTP traffic in about a dozen lines of code.

How Traceroute Works

Wed, 22 Jul 2015 00:00:00 +0000

After taking Stanford’s introductory networking course earlier this year, I decided it would be fun exercise to put some of that knowledge into practice and go about recreating traceroute in Rust. Traceroute is a neat little program; it ties together a bunch of networking protocols in a relatively simple way, making for a good test of a language’s networking APIs. A Brief Overview of Network Protocols If you’ve done any basic network programming in the past, you’re likely familiar with the IP protocol, along with its partners, TCP and UDP.

Reverse Engineering With Radare2, Part 1

Sun, 05 Jul 2015 00:00:00 +0000

A couple of weeks back, the folks at RPISEC posted the lecture slides and lab contents of their Modern Binary Exploitation course, held earlier this year. The course is designed to take somebody with basic C skills and have them work their way through a series of reverse engineering challenges of increasing difficulty. This seemed like a great opportunity to fire up Radare2 and put it to work. This series of posts will work through each of the lecture challenges and labs, with a focus on solving them using Radare2 (and a little help from gdb and friends along the way).

A Reverse Engineering Reading List

Wed, 13 May 2015 00:00:00 +0000

One of my hobbies is taking apart binaries and figuring out how they work. It is really satisfying to take a program and break it apart, before reassembling the pieces in a way that you understand. There are so many resources for picking up this stuff that it seemed like a crime to not collect it in one place. Warming Up If you’re just getting into reverse engineering, there are a number of concepts you’ll need to get your head around.

Linux Insides

Sun, 03 May 2015 00:00:00 +0000

This has been doing the rounds for a few weeks now, but it’s very much worth checking out. I’ve been looking for a good overview of the Linux kernel for a while – this is it.

Inspecting Binaries with Hexdump

Mon, 20 Apr 2015 00:00:00 +0000

Lately I’ve been working on an 8080 emulator in Swift. The process of having to take a binary apart and figure out which byte is associated with which instruction has gotten me interested in programs and how they work under the hood. Instead of doing some private research and calling it a day, I wanted to try and put things together into one place. What Are Binaries? A binary is nothing more than an executable chunk of data arranged in a certain way.

Introduction to Nmap

Sun, 19 Apr 2015 00:00:00 +0000

Nmap is one of my favorite tools. It gives you an easy way to discover the machines available on a network, and determine the services that each one is running. However, networks are complicated – this is reflected in the sheer number of options which Nmap provides (running nmap with no arguments outputs over 110 lines of available flags). Basics The simplest way to use Nmap is to give it an address to scan.

Software Security Course Review

Mon, 13 Apr 2015 00:00:00 +0000

As a follow up to the crypto course from earlier this year, I enrolled in the software security course from the University of Maryland for something a bit more hands-on. I wanted to write up a short review of the course here, especially since I haven’t seen many (any?) other security courses like this offered on Coursera. Overview The syllabus is what you would expect in a security course:

Low-Level Software Security

Sun, 15 Mar 2015 00:00:00 +0000

This video was posted in the IRC channel for the Coursera Software Security course the other day. It covers all of the usual attacks beautifully (and I think I’m finally getting my head around return-oriented programming).

NASM Tutorial

Sun, 15 Mar 2015 00:00:00 +0000

A simple (and understandable) intro to writing Assembly with NASM. I spent a solid amount of time with this article this morning – it’s great.

Exploit Exercises Protostar Guide, Part 1

Sat, 07 Mar 2015 00:00:00 +0000

In order to better understand the material from the Software Security course on Coursera, I decided to take a stab at the challenges on Exploit Exercises. So far it has been an amazing way to really cement the concepts from the course, so I decided to document my progress here for anybody else interested in making their way through the levels. I’ve been running through these challenges by setting up the downloadable ISOs from the Exploit Exercises downloads page in VirtualBox, then sshing in so I don’t have to deal with VirtualBox as much.

Seeing Circles, Sines, And Signals

Wed, 04 Mar 2015 00:00:00 +0000

This looks like a fantastic companion guide to help out with learning how DSP works. Check out those animations!

Dan Boneh's Crypto Course

Sun, 01 Mar 2015 00:00:00 +0000

Inspired by Ole Begemann’s review of the Programming Languages course, I wanted to write about my experience with Dan Boneh’s Cryptography course on Coursera. Overview The course assumes you have no cryptographic background; at the beginning it covers the history of cryptography, basic ciphers like the Caesar and Vigenère cipher, and a review of the probability used to assess crypto algorithms. Even if you’ve never even used a crypto library before, you’d be just fine here.

Disabling GCC's Overflow Protection on OS X

Sun, 01 Mar 2015 00:00:00 +0000

Earlier, I was playing with some code from Jon Erickson’s book which exploited stack overflow bugs, on an older Linux system. When it came time to bring that code over to OS X though, the overflow protection would kill the process before it got a chance to do anything nasty. Here’s the incantation required to disable it: gcc -fno-stack-protector -D_FORTIFY_SOURCE=0 -g -o overflow overflow.c Before: › ./overflow 1234567890 [BEFORE] second_buffer is at 0x7fff52d22868 and contains 'two' [BEFORE] first_buffer is at 0x7fff52d22870 and contains 'one' [BEFORE] value is at 0x7fff52d22854 and contains 5 (0x00000005) Copying 10 bytes into second_buffer zsh: abort .

Introduction to find

Tue, 17 Feb 2015 00:00:00 +0000

Of the various Unix utilities I use semi-regularly, find is the one that has me reaching for its documentation the most often. Every time I do, it’s a reminder of how powerful it can be, if you can just remember how to use it. This article goes over how to use find beyond just searching for files by name, mostly just so that I have something to refer back to when I inevitably forget how to use it again.

Matasano/Square CTF

Sun, 19 Jan 2014 00:00:00 +0000

A fantastic new Capture The Flag contest from the security guys at Matasano, in conjunction with Square. This is a great playground for exploit development, and the tutorial is a lot of fun. You can read the introduction blog post on the Matasano blog for more.

RedditKit 1.0

Mon, 11 Nov 2013 00:00:00 +0000

reddit has always had a massive nerd audience. /r/programming has a subscriber base of nearly half a million, and there are countless other subreddits dedicated to the art of software development. Despite the interest from developers, there has never been a lot of activity around reddit’s API (for those who don’t know Python, at least), especially not compared to the likes of Twitter and Facebook. I’m thrilled to be able to finally show off RedditKit, a pair of libraries for communicating with the reddit API, available in Ruby and Objective-C.