Four short links: 21 May 2020
Fuzzing, Code from Comments, Open Sourced Games, Podcasting
- Fuzzing: On the Exponential Cost of Vulnerability Discovery — Given the same non-deterministic fuzzer, finding the same bugs linearly faster requires linearly more machines. Yet, finding linearly more bugs in the same time requires exponentially more machines. Similarly, with exponentially more machines, we can cover the same code exponentially faster, but uncovered code only linearly faster. In other words, re-discovering the same vulnerabilities (or achieving the same coverage) is cheap but finding new vulnerabilities (or achieving more coverage) is expensive. This holds even under the simplifying assumption of no parallelization overhead.
- Code from Comments — Demo of a system that writes code based on a function signature and a comment. I’m always on the lookout for systems that automate code production, because they’ll be a big part of how we code in a few years’ time.
- C&C Open Sourced — EA are open-sourcing (GPL!) some Real-Time Strategy classics: Tiberian Dawn, and Red Alert. After discussing with the council members, we made the decision to go with the GPL license to ensure compatibility with projects like CnCNet and Open RA. Our goal was to deliver the source code in a way that would be truly beneficial for the community, and we hope this will enable amazing community projects for years to come.
- The Coming Death of Independent Podcasting — First, Spotify is gaining power over podcast distribution by forcing customers to use its app to listen to must-have content, by either buying production directly or striking exclusive deals, as it did with Rogan. This is a tying or bundling strategy. Once Spotify has a gatekeeping power over distribution, it can eliminate the open standard rival RSS, and control which podcasts get access to listeners. The final stage is monetization through data collection and ad targeting. Once Spotify has gatekeeping power over distribution and a large ad targeting business, it will also be able to control who can monetize podcasts, because advertisers will increasingly just want to hit specific audience members, as opposed to advertise on specific shows.