I'm watching some folks reverse engineer the xz backdoor, sharing some *preliminary* analysis with permission. The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system(). It's RCE, not auth bypass, and gated/unreplayable. [contains quote post or other embedded content]
Andres Freund notified the community of a backdoor in xz/liblzma affecting OpenSSH, with a focus on bash obfuscation methods. The article details the obfuscation and extraction processes in affected versions 5.6.0 and 5.6.1, using standard command line tools.
The article discusses the vulnerability in xz/liblzma, highlighting the original maintainer's burnout and the subsequent takeover by an attacker who gained trust. It also depicts the open-source community's pressure on maintainers, often leading to unreasonable demands with no offered help.
More information about IrfanView I would like to sincerely thank all you faithful IrfanView users who send me messages of good wishes, congratulations and appreciation. THANKS !
The article introduces a "roll-invert-unroll" method for easily changing a duvet cover, which saves time and reduces frustration. The author shares their personal experience and enthusiasm for the technique, which they've used for over five years.
The article discusses the efficiency of Read, Copy, Update (RCU) in operating systems for concurrent data handling, and challenges the notion that garbage collection (GC) is less efficient than manual memory management. It argues that modern GC can offer high throughput and should be considered a valuable tool in system programming.
An entity has persistently tried to DDoS the company's servers, with a significant amount of traffic originating from the EU. Despite the attacks, the company's monolithic server architecture has maintained performance without incurring high costs or complexity.
The article discusses the author's experience with data extraction tools at a journalism conference and the development of a web app using Tesseract.js and PDF.js for browser-based OCR processing of PDFs and images. The app is serverless, preserves privacy, and is user-friendly with some limitations.
El Salvador's homicide rate was the highest in the world in 1995 but dropped to 2.4 per 100,000 by 2023, attributed to President Bukele's anti-crime crackdown. The author researched the country's safety and Bukele's policies, including the impact of U.S. deportation policies on gang formation.
Tailscale.com experienced a 90-minute outage on March 7, 2024, due to an expired TLS certificate, primarily affecting marketing and documentation. They plan to prevent future issues by updating renewal processes and prober infrastructure.
Paint.NET is a user-friendly photo editing software for Windows with features like layers and special effects. It has grown from a senior design project to a strong competitor in the photo editing market.
PostgreSQL Prolog language handler. Contribute to tatut/pgprolog development by creating an account on GitHub.
The article advocates for using Git as a debugging tool, highlighting its ability to track every version of files and its repository as a rich source of code history. It also introduces Git concepts like pathspecs and commands like git grep and git bisect to efficiently navigate and investigate code changes.
Transformers have dominated AI breakthroughs, but Mamba, a State Space Model, challenges their supremacy by promising similar performance with faster speeds and better scaling for long sequences. Mamba circumvents the quadratic bottleneck of Transformers and excels across various modalities, offering a more efficient alternative.
Veloren releases version 0.16 after 9 months, featuring a release party, dev stream, and updates like new cave biomes and OpenGL support. Community contributions have enhanced translations and plugins, with a vote for a new official server map underway.
The article traces the evolution of version control systems, highlighting the transition from SVN to Git and the rise of GitHub as a dominant platform for code hosting and collaboration. It discusses GitHub's innovative features, like social coding and private repositories, which filled a gap left by SourceForge and Google Code.
Toni Morrison's rejection letters from her time at Random House reveal her empathy and constructive criticism towards aspiring authors, while also reflecting on the challenges and transformations within the publishing industry. Her correspondence underscores the tension between literary quality and commercial viability, as well as her dedication to craft and the writer's community.
A fertilizer spill in Iowa led to the death of roughly 789,000 fish across a 60-mile river stretch, with carcasses lining river banks. The spill occurred when a storage tank valve was inadvertently left open, releasing 265,000 gallons of nitrogen fertilizer.
Figma's engineering team opted to develop their own PostgreSQL sharding solution, despite considering existing options, due to aggressive growth and limited migration time. They may reassess this approach in the future, considering open source or managed solutions.
The Mongolian Meta
The article examines a military-grade IDT chip, revealing an unexpected layout with over 1500 transistors, most of which are unused. It discusses the logic gates and the rationale behind using a gate array design despite its inefficiency.
The article discusses the concept of Kolmogorov Complexity, a mathematical tool used to measure the randomness of a string or sequence. It explains how this complexity depends not only on the string itself but also on the description language, and proposes a theoretical universal language that could provide the shortest description length for all strings, making the complexity measure ...
The article presents GPU4FS, a novel approach to High-Performance Computing (HPC) and AI solutions that shifts file system operations from the CPU to the GPU, thereby reducing latency and freeing up CPU resources. The preliminary implementation shows that a fully-featured file system running on the GPU with minimal CPU interaction is feasible and bandwidth-competitive, depending on the ...
A bug report for xz-utils was sent due to Jia Tan's backdoor and potential additional security risks; reverting to an earlier version before their involvement is suggested but requires careful planning due to dependencies.
The article analyzes freelancing job data from Upwork to determine the impact of AI on job availability, finding that writing, translation, and customer service jobs declined post-ChatGPT release, while tech-related jobs grew. It also notes that the demand for AI-related roles is shifting towards chatbot development rather than machine learning or data annotation.
The article discusses the upcoming total solar eclipse on April 8, 2024, emphasizing the advancements in predicting astronomical events with precision. It also delves into the history of eclipse predictions, from the Antikythera device of 2000 years ago to the modern digital tools, and explains the scientific principles behind the occurrence of eclipses, touching upon the role of the Moon's ...
Michel Talagrand, a mathematician known for his work on stochastic systems, has been awarded the 2024 Abel Prize, often considered the Nobel Prize equivalent in mathematics. His groundbreaking work, which includes the development of inequalities to better understand the limits of variability in random systems, has found applications in various fields such as physics, chemistry, ...
DeWitt and Stonebraker critique MapReduce in their 2008 article, arguing it's a step back to '60s database methods, lacking modern DBMS features like schemas and indexes. They emphasize that MapReduce's techniques are outdated and overlook lessons from decades of database research.
The NetBSD Project announces NetBSD 10.0, enhancing the OS with significant performance gains, especially for multiprocessor systems, and improved compatibility with WireGuard® VPN. It includes stronger cryptography, various system and driver enhancements, and requires users to update kernels, modules, and third-party packages for upgrades.
The article discusses recent enhancements to the kernel post-demand paging project, including fixes and optimizations focused on correctness and performance. Significant changes include automatic deallocation and protection against improper memory mapping, as well as a new allocator reducing frame allocation time.
The study claims Ozempic could be made for $0.89 to $4.73 per month, including profit, but is sold for $968.52 in the US, igniting debate over drug pricing. Senator Sanders urges Novo Nordisk to reduce its price, reflecting a broader criticism of American diabetes drug costs.
This site uses features not available in older browsers.
The author discusses issues with autoplay settings in Firefox when streaming music from a digital source, noting different behaviors between work and home browsers. They adjusted the `media.autoplay.blocking_policy` to '0' for seamless playback, reflecting their preference for continuous music over single-track play.
Kerry McLaven and her team manage a seed orchard in Ontario, producing seeds vital for Canada's goal to plant two billion trees by 2031, facing challenges like seed availability and nursery capacity. The federal government is funding the initiative, aiming for carbon sequestration and biodiversity, despite initial program design flaws and long-term planning needs.
CISA warns of embedded malicious code in XZ Utils 5.6.0 and 5.6.1, tagged as CVE-2024-3094, urging a rollback to 5.4.6 and system checks. The compromised software could enable unauthorized system access.
The article explores the concept of Semiring, a mathematical notion that involves operations such as addition and multiplication with properties of distributivity and associativity. The author illustrates this through various examples like matrices and types, and further discusses how these can be applied to describe transition systems, providing a new perspective on the representation of ...
Cells have a memory system that halts division if a parent cell had trouble dividing, which is linked to DNA damage and cancer. Researchers uncovered a "mitotic stopwatch" involving a protein complex that triggers this response in daughter cells if mitosis is slow.
To build large AI models, a vast training set like LAION-5B, containing billions of harvested internet images and texts, is crucial but also problematic due to uncurated harmful content and biases. LAION-5B, used by many models, illustrates the challenges of dataset curation and the influence of numeric thresholds on AI's worldview.
A US appeals court overturned an EPA ban on plastic containers with PFAS, despite acknowledging health risks, because the EPA's regulatory approach was deemed incorrect. Inhance, the manufacturer, continues production, arguing its process isn't new and thus not subject to the ban.
The article informs that XZ Utils 5.6.0 and 5.6.1 release tarballs have a backdoor and were signed by Jia Tan. Updates on the incident will come, and only the author has access to the main tukaani.org domain.
The roller ship, a unique maritime design with rollers to reduce drag, was built only once by Ernest Bazin but proved slow and impractical. Despite its innovative concept, it failed to outperform traditional ships and remains a historical curiosity.
Civil Rights Corps accuses Michigan jails of banning in-person visits to profit from costly calls in lawsuits against counties, sheriffs, and phone companies. The legal actions claim this scheme impacts families, including children, who can't visit detained relatives.
LLMs are revolutionizing software development, with over a million developers using GitHub Copilot, and the release of COBOLEval, a COBOL code benchmark, could aid in maintaining vital legacy systems. Despite COBOL's age and the retirement of skilled programmers, LLMs have yet to be tested extensively in this domain, but COBOLEval and new models like mAInframer-1 show promise.
Please enable JS and disable any ad blocker
The article critiques the xz data format's adequacy for long-term archiving due to its design flaws and lack of safe interoperability. It argues that xz's complexity and lack of proper error detection make it inferior to bzip2, gzip, and lzip formats for data preservation.
The article details upgrading from a fixed-function pipeline to a modern shader-based approach in OpenGL, embedding shaders in the source code. It provides a step-by-step guide on initializing OpenGL, setting up vertex data, and creating a simple shader program.
The article discusses the use of Hypermedia.systems (HTMX) in professional and personal projects, with the author expressing their satisfaction with the tool. However, they note that while HTMX is beneficial for adding dynamic features and improving developer experience, it isn't a "silver bullet", suggesting its suitability may depend on the project's scope and the user's familiarity with ...
The article discusses launching a secure website with both front and back end, expressing concerns about security, especially regarding user input. It suggests using services like Cloudflare for security features and emphasizes the importance of sanitizing inputs and limiting request frequency.
Ireland's housing bubble in the 2000s, marked by a dramatic rise and crash in prices, has been extensively researched and is a stark example of housing's economic and social impact. Misconceptions about overbuilding and laissez-faire policies are debunked, highlighting the influence of government tax policies and the critical role of supply and demand in the housing market.
The article discusses the ongoing debate about return-to-office (RTO) mandates, arguing that these often lead to decreased employee satisfaction, increased attrition, and no significant improvement in financial performance. It suggests that a better approach is to foster a culture of trust and flexibility, focusing on outcomes rather than physical presence, which can enhance both employee ...
Managers often blame employees for poor performance without acknowledging their own potential contribution to the failure. The article explores the dynamics of boss-subordinate relationships and is co-authored by experts in leadership and organizational development.
Please enable JS and disable any ad blocker
The author struggles with new in-ear monitors and reflects on her and her family's relationship with technology, contrasting her own challenges with the tech-savviness of her mother and daughter. She also discusses the unexpected success of the "Tom's Diner" remix and its impact on her career.
The article criticizes type inference for making code less readable and debugging more difficult, as it can lead to obscure errors far from the actual mistake. It argues for specifying types up front to guide code development and reduce bugs.
South West Water, in defense against a legal action by Devon swimmer Jo Bateman, claims it has no legal obligation to keep rivers and seawater clean of sewage. Despite being one of the UK’s biggest polluters, the company insists it is the responsibility of the Government and the Environment Agency to ensure clean water, not the water companies that manage the nation’s rivers and coastline.
The IEEE Computer Society will stop accepting papers with the "Lenna image" after April 1 to promote inclusivity and respect Lena Forsén's wishes. The image, used since 1973 in tech research, has been criticized for objectifying women.
The Invisibility Shield 2.0, a consumer product for camouflage, has launched on Kickstarter with three sizes available. It uses lenses in a polycarbonate sheet to diffuse light and blend a user into the background.
Bpfman simplifies eBPF program management, offering features like built-in loaders and Kubernetes integration for secure, cluster-wide deployments. It enhances security, visibility, and lifecycle handling of eBPF applications, and is built on the Aya Rust library.
An unknown person falsely claimed control of OpenAI's $175 million fund, with filings listing a homeless housing complex as the headquarters. OpenAI states these documents were fabricated and the listed individual, Jacob Vespers, does not exist.
"Far Cry," released in 2004, is the first game in its series featuring open-ended gameplay and a story about Jack Carver's search for a missing journalist amidst genetic experiments. The game's success led to sequels, a remake, and adaptations, establishing a franchise known for its immersive environments and freedom in gameplay.
David Kemp discussed REA Group's use of Elastic for managing millions of daily property notifications, while an experiment showed a laptop could match properties to searches efficiently without a database. The presentation highlighted the system's architecture and a personal test demonstrated the potential of simple code in large-scale matching tasks.
lol github disabled the xz repo
The article discusses the challenge of applying minimalist design to complex enterprise software, emphasizing that functionality and data density should not be sacrificed for aesthetics. It suggests practical tips for maintaining usability while increasing data density in business applications.
A CTO at a failing startup chooses to return to coding, valuing personal happiness over career progression, which may be seen as a step back by some but offers a more fulfilling work-life balance. The decision to switch from management to a technical role is subjective and depends on individual priorities and contentment.
$$ _| $$ / $$ |$$ | $$ |$$ | $$ |$$ / $$ | $$ | $$ | $$ |$$ | $$ |$$ | $$ |$$ | $$ |
Something went wrong, but don’t fret — let’s give it another shot.
BrickIt app identifies Lego bricks and suggests projects with instructions; online Minifigure Factory lets you design custom Lego characters. Deals on tech like Windows 11 and iPad Pro are highlighted.
AT&T confirms a data breach affecting over 7.6 million current and 65 million former customers, with personal information leaked. The company has reset passcodes and is contacting customers about the breach.
Researchers discovered the first orchid species pollinated by gall midges, marking a unique addition to plant-pollinator relationships. The study on Oberonia japonica opens doors for further research on pollination biology in orchids.
Landlock is a stackable LSM that helps mitigate security risks by allowing processes to restrict their own rights and create security sandboxes. It uses rulesets to define allowed actions on objects, ensuring compatibility across different kernel versions.
Police departments are using GPS tracking darts to track fleeing vehicles, reducing the need for dangerous pursuits. Concerns about the legality of such trackers have been raised, but their use during chases may be constitutional.
AT&T confirmed a leak of personal data, including Social Security numbers, from around 73 million customers, with the data's origin still unclear. The company is proactive in communication and will offer credit, with no substantial impact on operations yet.
The article discusses the fascination and recent advancements in black hole research, including the oldest black hole observed by the James Webb Space Telescope and the study of two supermassive black holes. It also touches on the challenges of unifying theories of general relativity and quantum mechanics in black hole interiors.
The author successfully installed Linux on a OnePlus6T, using it as a compact server that had initial suspend issues but now runs Docker well. They find it faster than a PinePhone but note the Linux app ecosystem needs development.
Former Dawn is a retro-style RPG for the NES, pushing the console's limits by utilizing a new memory mapper to overcome traditional constraints. The developers at Something Nerdy Studios aim to expand the NES's capabilities, like glitchless scrolling and massive ROM sizes, to create an advanced game experience.
A headless robot named Aurora, resembling a coyote, will be used at Fairbanks airport in Alaska to deter wildlife. It performs predator-like movements to prevent animal-aircraft collisions and can change appearance for versatility.
Advertisers accuse Meta of criminal activity, alleging interception of SSL traffic and seek to present evidence. They request additional deposition time with Zuckerberg due to prior interference and unanswered questions.
The article reflects on Gmail's 20-year journey, highlighting how it revolutionized email with its large storage capacity and fast search, becoming a central part of online identities with an estimated 1.2 billion users. However, the author also notes Gmail's challenges in maintaining its relevance amidst the rise of other communication platforms like Slack and WhatsApp, and speculates on ...
OpenAI previews Voice Engine, a tool that clones voices from a short audio sample and has been in development since 2022. The technology raises privacy and abuse concerns, leading to careful rollout plans with safety measures like watermarking.
The article describes a Rust code tool that notifies users of errors and warnings without cluttering the screen, prioritizing errors over warnings. It simplifies interaction by providing key commands and customizable job settings.
The article emphasizes the importance of structured documentation in software projects, advocating for separate user and developer docs and warning against disorganized, growing READMEs. It also stresses the need for a project website, careful web stack selection, and a clear internal documentation strategy to prevent knowledge loss.
President Reagan's 1983 Strategic Defense Initiative (SDI) spurred nonnuclear defense work at Livermore, notably on Brilliant Pebbles—small spacecraft to intercept missiles. Despite Cold War's end scaling back SDI, the Clementine experiment successfully demonstrated Brilliant Pebbles technology before the program's cancellation.
Biomedical knowledge graphs (KGs) are essential for understanding complex biomedical data, but creating them is labor-intensive. This paper explores the use of language models like GPT for automatic KG generation, showing potential in one-shot relation extraction.
Tesla has evolved its language from "Full Self-Driving" to "Supervised Full Self-Driving," indicating a system that still requires driver oversight, despite earlier promises of level 5 autonomy. The company's progress towards a fully autonomous system remains unclear, with current capabilities not aligning with initial robotaxi aspirations.
X's social network confirms embracing NSFW content, with about 13% of posts being adult material, and NSFW communities can now self-identify to avoid automatic filtering. Upcoming updates include new admin features, a Ban button, and enhanced Community analytics and recommendations.
The article criticizes New York City's AI chatbot for providing misleading and illegal advice on housing and business regulations, despite being a part of the city's initiative to improve government services. It highlights the bot's inaccuracies and the need for immediate correction to prevent potential legal liabilities.
The article offers assistance in researching medical queries and understanding test results. It emphasizes that chats are stored anonymously and used to enhance response quality.
Please enable JS and disable any ad blocker
The article criticizes X11 for being outdated and unsuitable for modern systems, advocating for Wayland as a more efficient and secure alternative that works well with newer hardware and features. It highlights the inefficiencies and security flaws of X11, while noting Wayland's improvements in performance, maintenance, and user experience.
KasmVNC offers web-based remote desktop access, diverging from traditional VNC by not adhering to RFB specs to embrace modern tech and enhance security. It's configured with YAML, open-sourced by Kasm Technologies, and requires specific installation steps per distro.
Sunshine, led by former Yahoo CEO Mayer, is launching new apps that aim to simplify photo sharing and event planning with a touch of nostalgia, targeting an older demographic that appreciates familiar technology. Despite concerns about the apps' dated design, Mayer emphasizes that Sunshine will not sell customer data and believes the company's focus on solving everyday problems with AI, ...
Missouri's Attorney General, Andrew Bailey, has filed a lawsuit against Media Matters, accusing the nonprofit watchdog of fraudulent activities aimed at damaging Elon Musk and social network X's reputation. The lawsuit alleges that Media Matters manipulated data on X.com and used deceit to encourage advertisers to withdraw from X, formerly known as Twitter, which Bailey defends as one of the ...
California's new minimum wage law raises fast-food workers' pay to $20 an hour, a significant increase for a segment largely composed of women, immigrants, and people of color. While workers celebrate higher earnings, restaurant owners express concerns over potential price hikes and reduced labor hours to offset costs.
Rustic UI framework aims to enhance AI platform UX with multimodal conversational components, ensuring accessibility and consistency. It offers a Figma library and React components for efficient, customizable design and development.
China strategically leverages foreign companies for technology transfer and industry growth, using joint ventures to enhance domestic capabilities, evident in its high-speed rail and EV sectors. This approach has led to significant advancements in Chinese industries, outpacing other developing nations.
The article suggests human life might owe its existence to gravitational waves, as they induce neutron star collisions that produce essential elements like iodine. It also proposes that the r-process during these events is responsible for many heavy elements on Earth.
The collision of the container ship Dali with Baltimore's Key Bridge highlights the vulnerability of many aging US bridges, with thousands in poor condition and at risk of collapse. Investments and upgrades are needed to mitigate risks from larger modern vessels and extreme weather.
The article discusses the vulnerability in pre-generated autoconf build scripts and lexers, suggesting their removal from release tarballs to match git content for security. It also recommends verifiable CI-generated artifacts with hashes to ensure trust and prevent supply chain attacks.
Stream processing's evolution is driven by open source frameworks and managed cloud services, making it easier and code-free. Leaders in the field include Microsoft and Google, with stream processing becoming integral to modern data architecture.
Purdue University and INDOT are collaborating to create a wireless charging system for electric vehicles on highways, with construction starting on a test bed in Indiana. The system aims to enable heavy-duty trucks to charge at high speeds, potentially electrifying a section of interstate within 5 years.