Author here - this was just a quick PoC, I'm pleasently surprised that it seems to be handling all the HN traffic.
It's served from a python script using aiohttp, behind nginx, on a $16/year VPS.
I might make a github repo with more details, but in the meantime, here's the server script: https://pastebin.com/ykUeppqc (apologies for pastebin, I don't have access to my github account at present)
It is impossible to spend any real money (as opposed to their $300 credit) without switching to a paid account, which is a multi-step process that you can't perform accidentally.
After the 30 day trial expires your account is switched to the "always free" mode. It does not allow creating any paid resources which are not marked as "always free".
I was curios and read about it, and you are correct. But just like I said, there are many pitfalls. for example - I assumed you can change your paid plan freely but:
It's with HostUS. I got a coupon a few years ago (via LowEndBox), and it's been renewing at the same rate ever since. I have no complaints about them, but I'm not sure you can get the same pricing today.
At this price point you are barely paying for the IPv4 address. It will be an OpenVZ container.
I had a $15/yr VPS with BuyVM.net for many years and would absolutely recommend them at this price point, except that they have shut down this offering and switched to KVM (it's for the best). Ramnode.com are honest enough and still offer the "192MB SVZ" plan for $15/yr.
I would rather scrape by on the GCS/AWS/Heroku free tier, Netlify / GH pages, ...rather than going back to OpenVZ. Better to pay just a few dollars more for a proper KVM VPS.
Looks really nice and educational. I'm a big fan of reeinventing the wheel for understanding certain primitives better. I did the same for ECC. Once it's done it's really liberating because you don't have to consider these things black magic anymore.
Cool diagram. Putting the shellcode in headers is very innovative. I didn't have too much assembly knowledge to trim it further during the competition.
And yet, nobody has done the same for Twitter until now.
The difference is that twitter applies a series of operations to all uploaded image, stripping EXIF data, recompressing, etc., which would normally be difficult to work around.
Did people do this back in the day? 4chan used to be totally fine with just uploading a jpeg concatenated with a zip, but I haven't seen this ICC profile trick before today.
> The main issue with RDTSC is that task-switches may cause your thread of execution to change cores or mess up your timing
I got around this by running my benchmarks in a kernel module, with interrupts disabled. Obviously this is only possible under certain circumstances.
I also disabled caching via the CR0 register for maximum repeatability, although of course that isn't at all reflective of "real world" performance, so it depends on what you're actually trying to measure.
I performed an experiment based on this idea - I wired up a clicky relay to the numlock LED (via a transistor), and glued it to a decent Dell keyboard. Then, I rigged up a python script to toggle the numlock led on each key press/release event.
Honestly, typing experience wasn't too different to a real mechanical keyboard.
