Project Zero – Policy and Disclosure: 2025 Edition
Posted by Tim Willis, Google Project Zero In 2021, we updated our vulnerability disclosure policy to the current “90+30” model. Our goals were to drive faster yet thorough patch development, and improve patch adoption. While we’ve seen progress, a significant challenge remains: the time it takes for a fix to actually reach an end-user’s device. […]
How Hyper Built a 1m-Accurate Indoor GPS
To @AndrewHartAR: “Our app is shit and we know it’s shit”. My life changed forever when a senior exec from one of the world’s largest retailers messaged me on Twitter. This was back in 2017. My outdoor AR navigation demos had just gone viral, and my new open-source project for Apple had elevated me to […]
Show HN: ELF Injector
Injects a relocatable code chunk of arbitrary size into an ELF executable that will run before the original entry point of the executable. NOTE: The code can only build and run on a 32-bit ARM processor as it contains a mix of C and assembly. Build elf_injector: ~/elf_injector $ make all gcc -Werror -std=gnu99 -fno-builtin […]
Attention is your scarcest resource
Like many people, I have most of my best ideas in the shower. This is sometimes annoying: I could use more than one shower’s worth of good ideas a day, but I’d rather not end up as a shrivelled yet insightful prune. Mostly, though, shower ideas are the incentive that keeps me smelling okay, so […]
Claude Finds Contradictions in My Thinking
I have two Obsidian vaults with a lot of notes. I asked Claude, “Look thru my Obsidian vaults and find examples where I contradict myself”. I’ll help you explore your Obsidian vault to identify contradictions in your thinking. Let me start by getting an overview of your vault structure and then examine the content systematically.Based […]
Go’s race detector has a mutex blind spot
28 Jul, 2025 I recently read Ralf Jung’s blog post “There is no memory safety without thread safety” which mentions that Go is not a memory safe language in the presence of data races. “But Go comes with a built in data race detector” some might say. This reminded me of a quirk in Go’s […]
Observable Notebooks 2.0 Technology Preview
Notebook file format The heart of Notebooks 2.0 is a simple, human-readable, and human-editable file format. It’s based on HTML, which means you get nice editing affordances in today’s text editors without needing special plugins. In addition, it’s easy to review diffs when storing notebooks in source control, to search, to find-and-replace, and countless other […]
Learning Is Slower Than You Think
What AI-optimized schools misunderstand about learning It was just a question over breakfast. “What’s a metaphor?” Mira asked her father, spoon halfway to her mouth. He began to explain, but she interrupted: “So it’s when something isn’t what it is—but also is?” There was a silence at the table—not confusion, but recognition. She had already […]
iPhone cameras are good
Ever wonder why you never see a smartphone photo printed and framed on the wall? I’ll explain exactly why. The photos above look similar at a glance, but there are some key differences that seem small but are actually very sensitive to our perception of humans: The fish eye iPhone lens creates distortion, look at […]
My 2.5 year old laptop can write Space Invaders in JavaScript now (GLM-4.5 Air)
29th July 2025 I wrote about the new GLM-4.5 model family yesterday—new open weight (MIT licensed) models from Z.ai in China which their benchmarks claim score highly in coding even against models such as Claude Sonnet 4. The models are pretty big—the smaller GLM-4.5 Air model is still 106 billion total parameters, which is 205.78GB […]