An audit of Homebrew found issues that could allow an attacker to load executable code at unexpected points, undermine integrity guarantees, and potentially pivot from triggering CI/CD workflows to controlling execution and exfiltrating secrets. The audit identified 13 findings, including vulnerabilities in Homebrew's CI/CD and brew CLI, which could be exploited by an attacker to subvert ...

The author argues that designing pedestrian spaces with dignity is crucial for making walking a desirable activity, and that compliance, safety, and dignity are essential layers in creating great pedestrian spaces. The author proposes a test to determine dignity, citing factors such as consistent shade, intuitive routes, and engaging frontage, and emphasizes the need for agencies to ...

Porffor is a research-focused JavaScript engine/compiler/runtime that compiles JS code to WebAssembly or native ahead-of-time, resulting in faster and smaller output. It is written in a memory-safe language, supports TypeScript input, and is designed with ahead-of-time compilation in mind, making it safe and efficient.

Memorization plays a crucial role in learning and creativity, as it allows individuals to recognize patterns and connections between different concepts, enabling them to focus on higher-level problems and create novel solutions. By internalizing patterns and heuristics through repeated exposure and memorization, individuals can develop autonomy and creativity in various domains, leading to ...

Meta will pay Texas $1.4 billion to settle a lawsuit alleging the company used personal biometric data without users' authorization. The settlement is the largest ever obtained by a single state and requires Meta to notify the attorney general's office of any future activities that may violate Texas' biometric data laws.

OpenStreetMap.org is being scraped by AI companies, which is common and often involves fake user agents and multiple IPs. The companies are asked to donate $10,000 for a download link to the planet's geo data, and $50,000 for live updates, instead of scraping the website.

Apple acquired Dark Sky, a popular weather app, in 2020 and shut it down in 2023, integrating its technology into the Apple Weather app. Dark Sky's design was praised for its contextualized information graphics, which helped users quickly understand weather forecasts and make decisions based on their specific situations.

Defense Advanced Research Projects Agency Program Detail

Apple has released an open-source Swift package for homomorphic encryption, enabling computation on encrypted data without decryption or access to the decryption key. The package, called swift-homomorphic-encryption, is used in Apple's Live Caller ID Lookup feature and provides a means for clients to send encrypted data to a server without revealing the underlying data.

Large Language Models (LLMs) require significant memory and computational resources, and quantization is a technique used to reduce the precision of model parameters and activations, allowing for more efficient storage and computation. Various quantization methods, including post-training quantization (PTQ), quantization-aware training (QAT), and BitNet, have been developed to achieve this ...

The author reflects on the limitations of advice, noting that people often ignore good advice and struggle with implementing it, and that advice may not be effective due to various factors such as cognitive biases, lack of understanding, and personal preferences. The author concludes that advice is often cheap and may not be helpful in many situations, and that people may seek advice for ...

SSOReady is an open-source alternative to Auth0 or WorkOS that allows developers to add SAML support to their products for free, forever. It provides a simple and secure way to implement enterprise SSO, with a focus on clarity and security, and is licensed under MIT to ensure developers have control over the code.

The user shares lecture notes on modern regression, written in 2015, which emphasize robust techniques over traditional theory. The notes cover linear regression from a 21st-century perspective, with some overlap with the user's other book, Advanced Data Analysis from an Elementary Point of View.

Zig is a programming language that aims to replace C, offering low-level and systems programming capabilities, and has impressive interoperability with C, allowing for easy integration of C libraries and header files. The language's design, which includes reflection capabilities, enables developers to create a mapping of C macro values to names, making it easier to work with C code and libraries.

The author attempts to estimate the total compute cost required to replicate a paper titled "Scaling Exponents Across Parameterizations and Optimizers" by GDM, which involves conducting over 10,000 LLM training runs under different regimes. The author provides a detailed breakdown of the estimated compute cost, including the number of experiments, tokens per experiment, and FLOP requirements, ...

Turn any website into a knowledge base for LLMs with Embedding.io. Easily crawl, chunk, and vectorize web content for seamless integration with large language models. Start for free and explore our powerful API for efficient data collection and querying.

Wells Fargo & Co. allegedly conducted fake job interviews for diversity purposes, interviewing minority candidates to comply with hiring rules. The company would then reject these candidates and offer the job to a white man, despite the fake interviews.

A portrait of King Henry VIII, previously unknown, was identified by an art historian in a West Midlands council hall, and it is believed to be one of a collection of 22 portraits made for tapestry maker Ralph Sheldon in the 1590s. The artwork has been moved to the Museum Collections Centre for further research and may be put on display for the public to admire.

Micro-frameworks are lightweight JavaScript libraries that do one thing well, making them portable and efficient. Microjs.com helps discover and use these compact-but-powerful microframeworks, allowing users to pick the best one for their needs.

Butterflies and moths accumulate static electricity while flying, which increases their efficiency and effectiveness as pollinators. The amount of static electricity varies between species and correlates with ecological factors, suggesting that it is an adaptive trait that can be acted upon by natural selection.

The author revisits their project to implement a mark-and-sweep garbage collector for the Lox language in Rust, aiming to improve memory management and overcome the limitations of Rust's memory model. The author explores two approaches, including using Rust's reference counting and indirection, and a more straightforward implementation that ignores Rust's safety guarantees, ultimately ...

The user is trying to troubleshoot the slow startup time of xterm on Windows, which takes around 900ms compared to 100ms on Fedora, and finds that the issue is caused by the X410 server's animation effects and font configuration. The user eventually solves the problem by creating a cache of processes using an LD_PRELOAD library and modifying their shortcuts to run pkill instead of xterm, ...

The myth that the ARPANET was designed to survive a nuclear attack has been widely perpetuated, but a thorough examination of historical records and interviews with key figures reveals that this narrative is largely inaccurate. The ARPANET was actually designed to facilitate time-sharing of expensive computers and improve collaboration among researchers, with no direct connection to nuclear ...

Researchers developed a low-cost method to train large-scale text-to-image generative models using diffusion transformers, achieving competitive results at 118x lower cost than stable diffusion models. The approach uses a deferred masking strategy and mixture-of-experts layers, and is made possible by using synthetic images and publicly available data, with a trained model costing only $1,890.

Lewis Lapham, a renowned journalist and editor, died at 89 in Rome. He was a prominent figure in American journalism, known for his critiques of American life, politics, and culture through his work at Harper's Magazine and Lapham's Quarterly.

Sorry, something went wrong. We're working on getting this fixed as soon as we can.

A stunning ancient Roman floor mosaic, dating back to the 3rd century CE, has been discovered underwater near Naples, Italy, in the ancient city of Baiae. The mosaic, known as "opus sectile," is being restored and will eventually be recreated on land, offering a glimpse into the luxurious life of ancient Rome.

Go can produce statically-linked binaries, but it requires extra work, especially on Unix systems. The Go standard library defers to the system's libc for certain functionality, but this can be overridden using build tags or disabling cgo.

The 2024 Olympics swimming pool in Paris is 2.15 meters deep, below the new World Aquatics minimum of 2.5 meters, which some experts believe affects performance and world records. Despite this, athletes and coaches are downplaying the impact, citing other factors such as pressure, intimidation, and external challenges, and many are focusing on the Olympic experience rather than times.

The user relies on music as their muse and finds that music discovery algorithms on Spotify and Apple Music are too predictable and fail to suggest new and interesting melodies. They developed a tool that generates playlists from images, which provides a more random and satisfying music discovery experience, and are sharing it with others who want to try it.

Canarytokens is a free tool that helps you discover you’ve been breached by having attackers announce themselves. The tokens allow you to implant traps around your network and notifies you as soon as they are triggered.

OpenSSL's SSL_select_next_proto function has a heap leak vulnerability that affects Python and Node.js, allowing up to 255 bytes of client heap data to be sent to the server. The vulnerability was not caught by various audits and analysis tools, but can be triggered by calling SSL_select_next_proto with a client buffer that is not a valid list of protocols.

The FTC's attempt to ban nearly all employee non-compete agreements has been met with mixed results in court, with one court ruling the FTC lacks authority and another finding it has the power to issue such a rule. The issue is likely to be decided by the US Supreme Court, with multiple court rulings and appeals expected before the September 4, 2024, effective date of the non-compete rule.

AWS CodeCommit no longer allows new customers to create repositories, only existing customers can create additional repositories. You've tried creating a repository in your root and admin accounts, and the error message suggests it may be an issue with your AWS account or organization, which you're trying to resolve by opening a case with AWS Support.

The role of a certificate is to prove the identity of a website, and a common misconception is that only certificate authorities can issue certificates, but anyone can issue certificates. The complexity of certificates arises from the interconnected roles of clients, CAs, and websites, and understanding these roles is crucial to establishing trust in the certificate chain.

Surma, Jason, and I discovered that garbage collection within a function doesn't work as expected, retaining bigArrayBuffer beyond initial execution. The engine keeps bigArrayBuffer due to its association with the scope created when demo() was called, despite it being no longer referenceable.

Orca provides a canvas API for 2D vector graphics and powers the UI system, with recent updates including a streamlined user tooling, C standard library, and WebGPU vector graphics backend. The project is adopting a more permissive license, moving to GitHub, and accepting sponsorships, with a focus on developing a unified platform for sandboxed graphical applications.

The US Consumer Product Safety Commission ruled that Amazon is responsible for recalling faulty products sold on its platform, rejecting the company's claim it's just an intermediary between buyers and sellers. Amazon is required to notify customers and offer refunds or replacements for affected products, and must develop a plan to address product hazards.

Functional programming languages need to allow mutation in some way to avoid unnecessary overhead, but unrestricted mutable data structures can lead to accidental side effects. Various options, such as locally sourced mutation, linearity, and functional farming, have been proposed to address this issue, but each has its own limitations and challenges.

Rendley offers in-browser video editing for websites, allowing users to edit and publish videos directly on the platform without server requirements. The Rendley SDK provides a customizable video editor template and supports various formats, with pricing that adapts to user needs.

The program parses nginx access logs and stores data in an SQLite DB, with default paths and formats that can be overridden by environment variables. Command-line arguments are used to build a SQL query to count requests, with filtering criteria such as time range and path.

A modern and exectuable specification language

A sudden nuclear unit trip in Texas caused grid frequency to decline, prompting ERCOT to deploy ancillary services, including the Emergency Contingency Reserve Service, to stabilize the grid. The incident highlights the importance of meticulous planning and maintenance to ensure grid reliability, as even a single point of failure can cause significant disruptions.

The user compares two tools, ContextMenu and Automator, for re-encoding files to a smaller size using ffmpeg, and discusses the limitations of Automator. They also share their own experience with ContextMenu, a macOS app that allows for customizing the right-click menu and storing files in a specified folder.

Fly.io, a global public cloud, has developed a new operation called "clone" to migrate Fly Machines with attached volumes, allowing for fast and durable storage migration without data loss. The clone operation uses dm-clone, iSCSI, and the flyd orchestrator to create a new volume, copy data from the original volume, and hydrate the new volume, making it possible to drain workers with minimal ...

The text introduces Lean, a proof assistant that uses a rich logic called the calculus of inductive constructions, which supports dependent types, and provides a formal system for type checking and type inference. The type system consists of derivation rules that can be instantiated with arbitrary values and connected to form derivation trees, allowing for the proof that a term is well typed ...

Two mothers in Bristol, England, Amy Rose and Alice Ferguson, conducted an experiment where they shut down their street to traffic for two hours, allowing children to play freely, and found that kids didn't need special equipment or lessons, just time and space. The experiment also brought adults together, fostering a sense of community and connection, and highlighting the need for a shift in ...

Azure services are experiencing issues globally, causing timeouts for customers. Multiple engineering teams are working to diagnose and resolve the problem.

Video is a language for making movies. It combines the power of a traditional video editor with the capabilities of a full programming language. Video integrates with the Racket ecosystem and extensions for DrRacket to transform it into a non-linear video editor. Get Started Follow us on Twitter Get Video Swag

Denmark's economy is heavily reliant on Novo Nordisk, a Danish company that manufactures the popular diabetes medication Ozempic, which has become a powerful growth engine with sales increasing by over 60% in the past year. However, this dominance raises concerns about the risks of having one giant company driving the economy, including the potential for Dutch disease and the Nokia trap, ...

Functional programming languages need to allow mutation in some way to avoid unnecessary overhead, but unrestricted mutable data structures can lead to accidental side effects. Various options, such as locally sourced mutation, linearity, and functional farming, have been proposed to address this issue, but each has its own limitations and challenges.

A person describes how to hack a laundry machine's payment system by short-circuiting wires to make it think a quarter was inserted, bypassing the need for a prepaid card or app. This is done to expose the machine's dark patterns and predatory practices, which include manipulating pricing and keeping leftover balances.

A Ferrari executive received WhatsApp messages and a phone call from a deepfake impersonating CEO Benedetto Vigna, attempting to discuss a confidential deal, but the executive's suspicions were raised and the call was ended. This is one of several recent cases of deepfake scams targeting high-profile executives, with experts warning that the technology is becoming increasingly sophisticated ...

Experimental metaphysics combines physics and philosophy to test fundamental assumptions about reality, challenging traditional notions of objectivity and the nature of observation. The field has led to new insights and technologies, but its implications have yet to be fully incorporated into mainstream physics, leaving many questions unanswered.

The TAG organization is concerned about the impact of third-party cookies on privacy and has updated its finding to emphasize the need for their removal. The organization hopes Google will reverse its decision and recommit to removing third-party cookies, which could have a detrimental impact on improving privacy on the web.

Microsoft apologized for global issues with its products, including Outlook and Minecraft, after thousands of users reported problems. The company said it implemented a fix and is monitoring the situation, but did not provide a timeline for resolution.

The Kagi LLM Benchmarking Project evaluates large language models' reasoning, coding, and instruction following capabilities through diverse and challenging tasks. The project assesses models' quality, speed, and cost, with a focus on features essential for LLMs in Kagi Search, and periodically updates the benchmarks with harder questions to prevent overfitting.

The FDA approved a new blood test, Shield, for colon cancer screening in adults 45 and older, offering a noninvasive approach to detect DNA fragments shed by tumor cells. The test is not a replacement for colonoscopies, but can be ordered by doctors as a laboratory test with an out-of-pocket price of $895.

The US Commerce Department recommends against restrictions on open-source AI technology, citing benefits in innovation and openness, but also warns of potential dangers and the need for continued monitoring. The report's release comes amid a presidential election debate on AI policies, with some candidates advocating for open-source AI and others pushing for restrictions to prevent misuse.

Delta has hired attorney David Boies to seek damages from CrowdStrike and Microsoft after a software update caused a historic outage, resulting in flight cancellations and estimated losses of $350-500 million. The outage also led to a 5% drop in CrowdStrike's value and a total loss of $5.4 billion for Fortune 500 companies, according to an insurance startup.

I was hit by a truck in California and suffered multiple injuries, but I'm making steady progress in my recovery, gradually reducing painkillers and taking on more responsibilities. I'm grateful for the support of my family, friends, and medical professionals, and I'm focusing on healing and adapting to my new limitations.

The author reflects on growing up in Los Angeles, unaware of the city's history as an oil town, and discovers the Inglewood Oil Field, one of the largest urban oil extraction complexes in the US, which has been extracting oil for nearly a century. The author argues that the fight for a better future requires a shift away from fossil fuels and towards a more sustainable and environmentally ...

This essay is a lengthy and complex exploration of the concept of monopolies, particularly in the context of the technology industry. The author argues that the traditional narrative of monopolies being inherently bad and exploitative is not always accurate, and that in some cases, monopolies can be beneficial for society. The author uses several examples, including Apple's dominance in the ...

Researchers found evidence of complex life 1.5 billion years ago in marine sedimentary rocks in Gabon, challenging the long-held belief that life emerged 635 million years ago. The study suggests a "two-step" evolution to complex life, with the first attempt failing to spread globally but laying the foundation for the animal biodiversity seen today.

The user replaced social media with Hacker News, learning new things and discovering valuable tools and advice, but also noticed the community's toxic and negative tone. They realized that their own analytical nature and desire to be right were causing harm to personal relationships, and they are now making an effort to be kind and empathetic instead.

Medieval scholars and scribes stored and arranged books in various ways, including bookcases, cupboards, and carousels, with some featuring decorative designs and symbols. The use of bookwheels and carousels allowed for efficient access to multiple books, while the introduction of paper and printing technology revolutionized book production and storage.

Logitech CEO Hanneke Faber discussed the possibility of a "forever mouse" that can be updated through software and potentially sold through a subscription model. The concept mouse would be designed to last forever, with the hardware potentially subsidized by subscription payments, and could be priced around $200.

Anthropic's Claude LLM training involves aggressive data scraping from websites, ignoring robots.txt restrictions, and overwhelming server resources. This behavior is not unique to Anthropic, but its level of aggression has been particularly notable, with some sites experiencing millions of hits in a short period.

The user is considering leaving Safari due to its slow performance, lack of improvement, and issues with privacy and web extensions. They urge Safari to improve its speed, stop leaking user data, and loosen its restrictive App Store policies to allow for more browser engine competition.

no, I think you were vulnerable. there's a difference.

Spamhaus has observed abusive activity facilitated by Cloudflare's services, with 1201 unresolved blocklist listings and 10.05% of domains listed on Spamhaus's Domain Blocklist hosted on Cloudflare nameservers. Cloudflare's approach to abuse handling is problematic, as it masks the true location of backend services and passes on complaints to the abused or abusive services, potentially ...

Please enable JS and disable any ad blocker

Coinbase, a cryptocurrency exchange, donated $25 million to Fairshake, a super PAC, despite being a federal contractor, potentially violating campaign finance laws. The donation was made while Coinbase was in negotiations for a $32.5 million contract with the US Marshals Service to manage seized cryptocurrency assets, which is prohibited by federal law.

Tog designed a picker for selecting one or more options, inspired by a mercury droplet that pops sideways, and tested it on users. The component, dubbed "multipicker", is simpler to implement than the checkbox version but has hidden logic, and the user is seeking a web version for testing.

A signal detected by the Parkes radio dish in Australia in 2019, which seemed to come from Proxima Centauri, was later found to be a form of radio frequency interference (RFI) and not a signal from an alien civilization. The incident highlights the importance of considering terrestrial explanations for unusual signals and the need for continued exploration and upgrades in astronomy technology ...

Microsoft's Q4 earnings beat expectations, but cloud revenue missed estimates, causing shares to drop. The company's Intelligent Cloud revenue fell short, but overall revenue rose 21% year-over-year, with AI services contributing 8 percentage points of growth.

Boomla's error handling approach separates success and failure results, using return for success, fail for client errors, and panic for developer errors. The language enforces explicit error handling, warning the compiler if an error cannot be implicitly propagated.

Wild capuchin monkeys (Sapajus) are known for their habitual tool use, whereas gracile capuchins (Cebus) rarely use tools, but a recent study found a population of white-faced capuchins in Panama habitually using stone tools to access food. The study found that stone tool use is male-biased and occurs year-round, with over half of individuals participating, offering insights into the ...

Disneyland workers and managers declared victory after union members voted to accept a 31% pay raise over three years, avoiding a strike. The new contract raises hourly pay from $19.90 to $24 in 2024 and $26 in 2026, with long-term employees receiving additional pay increases.

Selina Zhang, an 18-year-old high school senior, has developed an innovative solution to combat the spotted lanternfly, an invasive species that has ravaged New Jersey's agricultural industry, using a solar-powered, self-cleaning, artificial-intelligence-driven "tree" that entices the pest and eliminates it using an electronic mesh. Zhang's invention, called ArTreeficial, uses machine ...

Waymo expanded its driverless ride-hailing service in San Francisco and Los Angeles in May, with over 200,000 people riding its autonomous vehicles, a 57% increase from April. The company's robotaxis logged over 903,000 vehicle miles traveled in May, with San Francisco emerging as its most popular market, averaging 4,300 daily trips.

Fish shell is getting a Rust-based makeover, with a beta release planned to tackle bugs before a stable release. The Rust port improves maintainability and bug-fixing, but doesn't add new features for end-users.

Google detected unusual traffic from the user's computer network, possibly due to malicious software or automated requests. The user is asked to solve a CAPTCHA to continue using Google services, which will expire once the unusual traffic stops.

Apple introduced foundation language models for its Apple Intelligence features, including a 3 billion parameter model for efficient device use and a large server-based model for Private Cloud Compute. The models are designed for efficient, accurate, and responsible performance, with a focus on Responsible AI principles and fine-tuned for various user experiences.

David Heinemeier Hansson, creator of Ruby on Rails, criticizes the cloud technology and software-as-a-service model, advocating for a "once" payment model and simplicity in development tools. He also emphasizes the need to lower barriers for solo developers and small teams, citing the importance of building things efficiently and making technology accessible to all.

Norway's wealth, fueled by its significant oil reserves, has led to a growing sense of guilt among some Norwegians about their privileged lives compared to those struggling overseas. This "Scan guilt" is reflected in contemporary Norwegian literature, films, and TV series, which often explore the contrast between the wealthy and the suffering "other".

OpenAI is reportedly on the verge of bankruptcy with projected losses of $5 billion in 2024 due to high operational costs, spending $7 billion on AI model training and $1.5 billion on staffing. Despite generating $3.5-4.5 billion in revenue, the company's expenses exceed its income, raising concerns about its financial sustainability.

The repository contains a list of open-source security tools that can be used for adversary simulation, threat hunting, and post-exploitation activities, including tools for password spraying, payload creation, and evasion techniques. The tools are designed to help red teams and penetration testers conduct simulated attacks and test detection and prevention capabilities, and can be used to ...

The blog post describes a utility that uses large language models (LLMs) and yt-dlp to summarize YouTube videos by extracting key points and insights from subtitles. The utility is demonstrated by summarizing a discussion between Jensen Huang and Mark Zuckerberg on the impact of AI on society, business, and technology.

The US failed to anticipate the battery revolution, unlike other technological revolutions, and this failure is attributed to various factors including supply chain dominance by China, lack of government support, and opposition from oil companies. The US should respond by playing catch-up in batteries and ensuring its scientific, governmental, and media institutions are not broken in a way ...

Ask-a-Metric is a WhatsApp-based AI data analyst that uses LLMs to answer SQL database queries, aiming to streamline data access for decision-making in the development sector. The system went through two iterations, from a simple pipeline to a pseudo-agent pipeline, which combined the best of both approaches, reducing costs and response times while maintaining accuracy.

ClickHouse acquired PeerDB, a Postgres connector, to improve data movement speed and offer specialized capabilities. The acquisition aims to help businesses move data from Postgres to ClickHouse, with PeerDB's existing open-source components remaining unchanged.

The author, working at the Childhood Cancer Data Lab, highlights the need for a free and open alternative to the proprietary Aspera software, which is used for high-speed data transfers, and proposes two approaches to creating such an alternative. The author encourages developers to take on the challenge, emphasizing the potential benefits for science, software freedom, and data sharing, as ...

Tesla issued a recall for over 1.8 million cars due to faulty hood latches that can open while driving, affecting various models from 2020-2024. The problem can be fixed with an over-the-air software patch, and no crashes or injuries have been reported, but three warranty claims have been filed.

Little Tech believes American technology supremacy is a critical political issue and will fight to defend it, while also supporting politicians who prioritize startup innovation and competition. The company argues that regulatory capture by big companies is stifling innovation and growth, and proposes policies to encourage tech startups and drive American economic, military, and technological ...