notice: I've disabled signup/login as malformed RSS feeds were costing me loads in cloud bills. Will look at a better way to fix this in future. Contact me on twitter if there's a feed you'd like included in the meantime

Every year, I look forward to the summer. But not for the reason that most people would think of with me being a teacher.For me, it's because I'm excited to go teach at Georgia's Governor's Honor Program (GHP).If you've never heard of it, GHP is a four-week program at Berry College in Rome, GA, where enthusiastic high school students from all around Georgia interview and audition to intensively study a major subject of their choosing. It's the kind of environment every teacher dreams of — students who are there because they want to soak in as much knowledge as possible and be around equally-motivated students. (It's also, as far as I'm aware, the only such governor's school that operates free of charge to its students, which is an important contribution to the diversity of the student body.)I also see GHP as an opportunity to push myself as a teacher — it takes a lot of work to keep up with these students! We guide them as they explore mathematics that they normally wouldn't see until undergraduate or even graduate courses. I like to try a lot of new ideas with my teaching at GHP, ideas that I can then bring back to my own classroom. (And the fact that there are no grades to worry about certainly helps eliminate some of the usual confounding variables!)This year, I felt like taking a bit more of a risk, and decided to teach a course in computational algebraic geometry....yes, to high schoolers.If you're not familiar with algebraic geometry, at a bird's-eye level, it studies geometric shapes called varieties, defined as the zero sets of one or more polynomials in multiple variables, using techniques from abstract algebra. (For example, the unit circle in \(\mathbb{R}^2\) can be thought of as all the points where \(x^2+y^2-1\) equals zero.) The "computational" part comes in when you start looking at algorithms to manipulate those polynomials (for example finding a convenient basis of polynomials to work with).I actually had just taken a course in Computational Algebraic Geometry last year as part of my master's program, which I absolutely loved. The entire time, I kept thinking to myself, "You know ... I bet GHP students could handle this." It touches on so many things that high school students already see in their curriculum:Coordinate geometrySystems of equationsReal and complex number systemsPolynomial zeros, factoring, and divisionThe Fundamental Theorem of AlgebraRational functionsConic sectionsParametric curvesWhat's even better is that it beautifully ties together all these concepts — something that unfortunately can't be said for most of the high school mathematics curriculum.I also realized this would be a great opportunity to work in one of my all-time favorite topics: projective geometry and division by zero.All of this led me to conclude that this would be a perfect course to offer at GHP, so I went ahead with it. I decided to call the course Varieties: The Spice of Life. (Thanks to @notamoon1 on Twitter for that suggestion!)My main source was Ideals, Varieties, and Algorithms by Cox, Little, and O'Shea. I also referenced Elliptic Tales by Ash and Gross for some of the projective geometry material toward the
(read more)
About Axiom.aiAxiom is no-code browser automation. We enable non-coders to automate repetitive work, and new businesses to be built on top of websites that can't currently be automated. Where tools like Zapier automate with APIs, Axiom automates using the User Interface (UI) of web applications. Automation that acts on keyboard and mouse input to the UI, is known as Robotic Process Automation, or RPA. RPA has been hugely successful on Enterprise desktops, with developer tools like UiPath valued at $33 billion. Axiom brings RPA to every business, in the browser. We're backed by Y Combinator an
(read more)
The Heptagon of Configuration is a term I'm coining to describe a pattern I've observed in software configuration, where configuration evolves through specific, increasing levels of flexibility and complexity, before returning the restrictive and simple implementation.How does the Cycle Work?Hardcoded values are the simplest configuration - but provide very little flexibility. The program surface increases, and with it the configuration, incorporating environment variables*, flags, and when that becomes cumbersome, a configuration file to encode the previous.When multiple environments require
(read more)
Singapore-based mega-app Grab has revealed that it generates 40TB of data a day, meaning each of its 23.8 million users can put their names to around 1.7MB every 24 hours. All that data is clearly valuable: Grab has also announced record profits. The Southeast Asian company, which bought out Uber in Singapore and since expanded into e-commerce, payments, and financial services, did not disclose what it does with the data, nor how it is protected. It did disclose [PDF] a record US$507 million adjusted net sales in its first quarter, boasting that the company saw a 39 per cent increase in adjusted net sales despite a COVID-related hit to its mobility services. Grab also claimed that in Q1 2021 it was Southeast Asia's most downloaded app, with its mobility and delivery services drawing the highest share of average monthly active smartphone users in the region across iOS and Android combined. Not only are more people downloading the app in Southeast Asia, they are spending more. According to Grab, its spend per user increased by 31 per cent year-on-year. Facebook and Singapore teams looking for ways to get data centres relaxing in moist tropical climes Big dogs get new ride-share service from Singaporean giant Grab Uber’s Asian outpost wins Singaporean banking licence The multinational company also said in 2020 it was overall responsible for 50 per cent of Southeast Asia's online food delivery, 72 per cent of the region's ride-hailing services and 23 per cent of its e-wallet market. The online food delivery segment seems to be the one to watch, as it experienced 96 per cent year-on-year growth from Q1 2020 to Q1 2021. In an investor's call, Grab president Ming Maa said: "In Q1 2021, in spite of [COVID] re-emergence in various countries at different times, the diversification of our platform from both a geographic and segment perspective resulted in fairly stable GMV performance over the quarter. "Now we did witness weaker mobility volumes in Q1, but this was offset by a strong uptick in deliveries with Grabmart proving to be one of the bright spots in the delivery segment." Maa attributed the shift from mobility to delivery to lockdown measures across Southeast Asia. As for the future, he predicted: Another expectation for Grab in the second half of 2021 is its plans to go public in the United States through a US$40 billion
(read more)
2021-08-01 4 min read WelcomeLet’s build some stuff. Today on AWS(EKS). Today with popular solutions and almost without coding(in YAML). Today focus on speed and simplicity. Additionally no CI/CD.ComponentsI will keep it simple.Terraformaws clidockerhelmcurldig, kubectl, emacsBuilding infrastructureSetupFirst steps. I need to build some infrastructure. As almost everyone use Terraform for building and managing resources I decided to use it too. Based on Terrafrom EKS module I’ve created a sample manifest. Also, I decided to add ECR and configure output in a specific way.# I'd like to have control plane endpoint output "cluster_endpoint" { description = "Endpoint for EKS control plane." value = module.eks.cluster_endpoint } # get kubectl config based on cluster_name output "cluster_name" { description = "Name of created cluster" value = local.cluster_name } # upload to ECR with dynamic name output "ecr_url" { description = "URL of ECR registry" value = aws_ecr_repository.ecr.repository_url } # also region could be dynamic output "region" { description = "AWS region." value = var.region } Variables.tf and main.tf weren’t very interesting, so it will be pushed to the repo.Commands flow# get modules terraform init # take a look at plan, if it's correct go-ahead terraform plan | less # this step will take some time to finish. (9:33.03 total) # if correct enter yes or terraform apply -auto-approve terraform apply Kubectl and ECRIs anybody there?After successful cluster creation, we could want to check if the cluster is running. First I need to update my kubeconfig for the purpose of cluster authentication. For this event, I will AWS CLI and kubectl.# variables are based on Terraform outputs aws eks update-kubeconfig \ --region $(terraform output -raw region) \ --name $(terraform output -raw cluster_name) Docker loginNow I need to login into ECR and push some images.aws ecr get-login-password \ --region $(terraform output -raw region) \ | docker login --username AWS \ --password-stdin $(terraform output -raw ecr_url | cut -d'/' -f1) Then I can push an awesome Nginx image to ECR.docker tag nginx:latest $(terraform output -raw ecr_url):1.0.0 docker push $(terraform output -raw ecr_url):1.0.0 HelmingAfter all this preparation we can finally deploy an app. For this process I decided to use helm. It’s a standard, very popular, and flexible solution. Again Helm Chart is attached to the repository. There is no hack or magic - just boring templates.Command flow# dry run helm template -f --dry-run # for example # helm template example-app -f example-app.yaml --dry-run ./example-app # install chart helm install -f --namespace # for example # helm install example-app -f example-app.yaml --namespace example ./example-app # upgrade app helm upgrade --set.image= # for example # helm upgrade example-app ./example-app --set=image.tag=2.0.0 DNSNow all I need is a DNS record change. Ah, I forgot about LoadBalancer. For this article, I’m using LoadBalancer. After adding a service ELB provides an AWS endpoint for our application. My primary domain 3sky.dev is delegated to CloudFlare,
(read more)
IBM cloud has experienced a significant Severity One outage – the rating Big Blue uses to denote the most serious incidents that make resources in its cloud unavailable to customers. The impact was indeed severe: IBM stated that users might not be able to access its catalogue of cloudy services or provision affected services. Speaking of which, there were 23 – among them Cloud Object Storage, Block Storage Snapshots for VPC, Load Balancers and virtual private networks. In other words, some basic building blocks of enterprise IT that clouds are supposed to be able to scale as and when you – or your infrastructure-as-code – need more resource. Emails sent to IBM customers and the company's incident customer portal offered differing timelines for the incident. Emails state 16:41 UTC on August 2nd as the moment IBM started investigating the issue, but the portal's first listed action is ongoing probes as of 20:56. The timelines converge at 21:24 when mitigation commenced, before resolution at 00:54 on August third. IBM's cloud endured a similar outage on Sunday, and some of the services that could not be provisioned over the weekend were also down today. Big Blue's Cloud Console was among the weekend casualties. IBM Cloud’s biggest region hit by five-hour Severity One brownout IBM Cloud resets ‘Days Since Last Major Incident’ clock to zero – after just five days Big Blue services enjoy a lie-in: IBM cloud gets the Monday blues and its customers won't have been happy either IBM also had an outage on July 22nd when users were unable to log on to its cloud, and experienced similar outages on April third, April 26th, and May 31st. The company told The Register the July outage was due to the temporary demise of Akamai Edge DNS. In June 2020, IBM's cloud went down so hard even its self-hosted status page was unavailable. The Register asked IBM if it is working to ensure its cloud will not fall victim to single points of failure — be they at Akamai, in-house or elsewhere. The company did not reply to our queries. The upshot is that IBM has twice in two days been unable to present its cloud catalogue to users or ensure they can provision all services. Yes, the same IBM that has bet its business on hybrid clouds. IBM is not alone in having big problems, though. Google Cloud has also experienced outages in recent days. The company's Component Access Gateway produced errors for nearly two days, and last week users suffered through three days and ten hours of trouble during which it was not reliable to provision the persistent SSDs in four US-based regions. That meant users could not create new resources in Google Compute Engine, Google Kubernetes Engine, Cloud Composer, Cloud SQL, Cloud Dataproc, and Apigee X. Again, that's so not the "what you need, as soon as you need it" experience promised by elastic public clouds. ®
(read more)
A fourth law enforcement officer who responded to the Capitol on Jan. 6 has died by suicide, the Metropolitan Police Department confirmed to The Hill on Monday.A department spokesman said Officer Kyle DeFreytag, who had been with the department since November 2016, was found dead on July 10. He was 26 years old. Police confirmed DeFreytag was among a host of MPD officers who were sent to the Capitol in response to the riot.WUSA9, a CBS affiliate in Washington, D.C. was the first to report that DeFreytag died by suicide last month. “I am writing to share tragic news that Officer Kyle DeFreytag of the 5th District was found deceased last evening,” Chief Robert J. Contee III wrote in a
(read more)
Say what you will about suitcase computers, but at least most of them still have their keyboards with them. [danjovic] has this vintage Brazilian computer from the 1980s called a Gradiente Expert. These were MSX machines with Z80 chips that ran BASIC, DOS, and CP/M, and they looked like state-of-the-art dual-deck stereo systems. You can still find them pretty easily, but sadly, most of them have lost their rad mechanical keyboard with its giant arrow keys and proprietary connector. If you now want to get one of these awesome pieces of computing history and would like to be able to talk to it, [danjovic] has you covered with the open-source EXPS/2 keyboard adapter. It will
(read more)
Attack protection specialist Cybereason has fingered threat actors working on behalf of "Chinese state interests" as being behind attacks on telcos operating in Southeast Asia – with some having been prowling the penetrated networks for information on high-value targets since 2017. Cybereason's DeadRinger report, published today, described the attacks as being carried out by "highly adaptive" groups which "worked diligently to obscure their activity and maintain persistence on the infected systems." The telcos themselves were not the primary targets, however, but a source of surveillance on activists, politicians, business leaders, and more. "Telcos are a prime target for nation-st
(read more)
First Look Microsoft has revealed the full range of options and pricing for its Windows 365 Cloud PCs, and The Register is not impressed – on price or performance. Your humble hack signed up for the base level of the service: a $20/month Cloud PC with a single virtual CPU, 2GB of RAM and 64GB of storage. The signup process was not slick, produced some 404 errors as admin pages failed to load, and took more than 30 minutes to spawn a cloudy computer. Once the ethereal PC started running, performance in a browser was decidedly laggy when running under Windows 10 Pro on a 2019-vintage Lenovo X1 Carbon with 8GB of RAM and a quad-core Corei5-8250U CPU at 1.60GHz. We connected to the Microsoft
(read more)
C++20 added concepts as a language feature. They’re often compared to Haskell’s type classes, Rust’s traits or Swift’s protocols. Yet there is one feature that sets them apart: types model C++ concepts automatically. In Haskell, you need an instance, in Rust, you need an impl, and in Swift, you need an extension. But in C++? In C++, concepts are just fancy boolean predicates that check for well-formed syntax: every type that makes the syntax well-formed passes the predicate and thus models the concepts. This was the correct choice, but is sometimes not what you want. Let’s explore it further.
(read more)
After a very long porting journey, Launchpad is finally running on Python 3 across all of our systems. I wanted to take a bit of time to reflect on why my emotional responses to this port differ so much from those of some others who’ve done large ports, such as the Mercurial maintainers. It’s hard to deny that we’ve had to burn a lot of time on this, which I’m sure has had an opportunity cost, and from one point of view it’s essentially running to stand still: there is no single compelling feature that we get solely by porting to Python 3, although it’s clearly a prerequisite for tidying up old compatibility code and being able to use modern langu
(read more)
PRECIS (Preparation, Enforcement, and Comparison of Internationalized Strings) is a framework for consistent and secure management of Unicode strings in web applications. If you haven’t read my previous article Input validation of free-form Unicode text in Python, that contained the problem statement and low-level solution using Unicode character categories. PRECIS goes one step further by proposing specific string classes that represent typical usage scenarios involving processing of Unicode strings. PRECIS starts from just two use cases — string used as an identifier, that will be subsequently used in URIs and databases, where one of the most challenging problems is reliable comparison. For example, are “ŻÓBR” and “ŻÓBR” the same usernames, or group names? Visually they should be identical in most fonts and displays, and both could have been honestly typed by the same user using different keyboards, yet they are composed of different code points. First, using a non-combining keyboard: > import unicodedata > x='ŻÓBR' > for c in x: print(f'{c}: {unicodedata.name(c)}') Ż: LATIN CAPITAL LETTER Z WITH DOT ABOVE Ó: LATIN CAPITAL LETTER O WITH ACUTE B: LATIN CAPITAL LETTER B R: LATIN CAPITAL LETTER R Second, using letters followed by combining accents: > x='Z\u0307O\u0301BR' > x 'ZOBR' > for c in x: print(f'{c}: {unicodedata.name(c)}') Z: LATIN CAPITAL LETTER Z : COMBINING DOT ABOVE O: LATIN CAPITAL LETTER O : COMBINING ACUTE ACCENT B: LATIN CAPITAL LETTER B R: LATIN CAPITAL LETTER R Usual byte-by-byte comparison will fail, and if you’re not careful your application will allow creation of visually identical usernames that are assigned distinct user objects. In my previous article (Input validation of free-form Unicode text in Python) I suggested using Unicode normalisation to always convert these homoglyphic forms into a single, consistent one. PRECIS The two string classes proposed by PRECIS are IdentifierClass and FreeformClass, and their purpose is quite self-describing. What sits inside them, is a carefully selected combination of character classes (such as letter, digits, spaces) that are allowed, others that are disallowe
(read more)
vroom — Adventurous users can try the new implementation now by adding a registry key. Enlarge / Forget bendable mobile phones, we're holding out for working mobile phone plushies.The WireGuard VPN project announced a major milestone for its Windows users today—an all-new, kernel-mode implementation of the VPN protocol called WireGuardNT. The new implementation allows for massively improved throughput on 10Gbps LAN connections—and on many WI-Fi connections, as well. WireGuard (on Windows) and Wintun The original implementation of WireGuard on Windows uses wireguard-go—a userspace implementation of WireGuard written in Google's Go programming language. Wireguard-go is then tied to a virtual network device, the majority of which also lives in userspace. Donenfeld didn't like tap-windows, the virtual network interface provided by the OpenVPN project—so he implemented his own replacement from scratch, called Wintun. Wintun is a definite improvement over tap-windows—the OpenVPN project itself has implemented Wintun support, with impressive results (414Mbps over tap-windows vs 737Mbps over Wintun). But while using Wintun is an improvement over
(read more)
Including an example of property-based testing without much partitioning. A tweet from Brian Marick induced me to read a paper by Dick Hamlet and Ross Taylor called Partition Testing Does Not Inspire Confidence. In general, I find the conclusion fairly intuitive, but on the other hand hardly an argument against property-based testing. I'll later return to why I find the conclusion intuitive, but first, I'd like to address the implied connection between partition testing and property-based testing. I'll also show a detailed example. The source code used in this article is available on GitHub. Not the same # The Hamlet & Taylor paper is exclusively concerned with partition testing, which makes sense, since it's from 1990. As far as I'm aware, property-based testing wasn't invented until later. Brian Marick extends its conclusions to property-based testing: "I've been a grump about property-based testing because I bought into the conclusion of Hamlet&Taylor's 1990 "Partition testing does not inspire confidence"" This seems to imply that property-based testing isn't effective, because (if you accept the paper's conclusions) partition testing isn't effective. There's certainly overlap between partition testing and property-based testing, but it's not complete. Some property-based testing isn't partition testing, or the other way around: To be fair, the overlap may easily be larger than the figure implies, but you can certainly describes properties without having to partition a function's domain. In fact, the canonical example of property-based testing (that reversing a list twice yields the original list: reverse (reverse xs) == xs) does not rely on partitioning. It works for all finite lists. You may think that this is only because the case is so simple, but that's not the case. You can also avoid partitioning on the slightly more complex problem presented by the Diamond kata. In fact, the domain for that problem is so small that you don't need a property-based framework. You may argue that the Diamond kata is another toy problem, but I've also solved a realistic,
(read more)
As a remote-first startup (from day one), we were heavy Slack users.  Considering moving to Mattermost, or any other alternative, caused many folks to shiver.  But we switched.  Why?  Because of what matters the most to us: Permissionless innovation Control and visibility of our data Zero Trust security Belief in open source Ability to dogfood our Zero Trust functions Now, obviously core messaging functionality is critical.  Mattermost is great there, but so is Slack.  In fact, Slack features like third-party integrations and threaded messaging were missed greatly (thank you, Mattermost, for recently adding threaded messaging).  So the relative parity between the solutions from a ‘speeds and feeds’ perspective was table stakes, but we ended up going with the solution that actually had less ‘features’ and niceties, but fit better with our core principles. Sidebar: we are sharing the paragraph above because we believe it is critical to any startup, such as Mattermost, which is courting an early adopter market segment.  Focus on what your tiny, tiny pond of early adopters wants and needs, rather than fighting a feature war for mass market opportunities.  Delight your tiny pond of early adopters, and you can grow from there.  Ok, back to the main story. Let’s look at the reasons we switched from Slack to Mattermost, grouping together the list at the top of this post: Permissionless innovation; control; open source We like to innovate.  Mattermost, as an open source based solution (just like us), gives us that opportunity.  Closed SaaS (like Slack) is terrific, and we use plenty of it, but we always prefer to use open source at the core to give us the extensibility and flexibility we want, and then to use SaaS around the periphery to make our lives simpler or easier.  The world is much different than it was before C-19 became part of our vocabulary.  What will the world look like in 5 years?  No idea.  So we need the flexibility to change with an ever changing world.  We believe in edge innovation – our people will innovate when we enable them to innovate.  Mattermost open source helps provide the basis for
(read more)
Levitating things with magnets is no great feat these days. We don’t see as many projects with sonic levitation. However, Japanese engineers have a new method to lift objects using sound. The process isn’t totally reliable yet, but it may lead to better methods in the future. You can see a video about the work below. Manipulating very small items via laser or acoustics isn’t new. However, there are significant limitations to current methods. This new approach uses an array of hemispherical ultrasound transducers. By controlling the amplitude and phase of each transducer, an acoustic trap forms and can pick up a 3mm polystyrene ball without direct contact. Manipulating objects without contact interests us for a few reasons, not the least of which is circuit assemb
(read more)
Download PDF Abstract: We introduce a new image editing and synthesis framework, Stochastic Differential Editing (SDEdit), based on a recent generative model using stochastic differential equations (SDEs). Given an input image with user edits (e.g., hand-drawn color strokes), we first add noise to the input according to an SDE, and subsequently denoise it by simulating the reverse SDE to gradually increase its likelihood under the prior. Our method does not require task-specific loss function designs, which are critical components for recent image editing methods based on GAN inversion. Compared to conditional GANs, we do not need to collect new datasets of original and edited images for new applications. Therefore, our method can quickly adapt
(read more)
Clear picture — Vaccines and masks are both needed to lower transmission, US officials stress. Enlarge / MELBOURNE, Fla. - 2021/07/29: A treatment tent is seen outside the emergency department at Holmes Regional Medical Center in Melbourne. The tent was set up to serve as an overflow area as the number of COVID-19 infections surges throughout Brevard County, Florida, due to the Delta variant and large numbers of unvaccinated residents. The delta-fueled surge in COVID-19 cases among unvaccinated Americans continues to overwhelm states and health care systems across the country, with Florida and Louisiana experiencing some of the worst tolls. Nearly one in five new cases reported in the US each day is in the state of Florida—the third-most populous state in the country and one with below-average vaccination rates. On Friday, the Sunshine State reported 21,683 new cases to the Centers for Disease Control and Prevention. It is the state's highest daily total of new cases in the course of the entire pandemic (aside from a reporting anom
(read more)
Tilck (Tiny Linux-Compatible Kernel) Contents Overview What is Tilck? Future plans What Tilck is NOT ? Features Hardware support File systems Processes and signals I/O Console Userspace applications Screenshots Booting Tilck Tilck's bootloader 3rd-party bootloaders Grub support Documentation and HOWTOs Building Tilck Testing Tilck Debugging Tilck Tilck's debug panel A comment about user experience FAQ Why Tilck does not have the feature/abstraction XYZ? Why Tilck runs only on x86 (ia-32)? Why having support for FAT32? Why keeping the initrd mounted? Why using 3 spaces as indentation? Why many commit messages are so short? Overview What is Tilck? Tilck is an educational monolithic x86 kernel designed to be Linux-compatible at binary level. Project's small-scale and simple design makes it the perfect playground for playing in kernel mode while retaining the ability to compare how the very same usermode bits run on the Linux kernel as well. That's a unique feature in the realm of educational kernels. Thanks to that, to build a program for Tilck it's enough to use a i686-musl toolchain from bootlin.com. Tilck has no need to have its own set of custom written applications, like most educational kernels do. It just runs mainstream Linux programs like the BusyBox suite. While the Linux-compatibility and the monolithic design might seem a limitation from the OS research point of view, on the other side, such design bring the whole project much closer to real-world applications in the future, compared to the case where some serious (or huge) effort is required to port pre-existing software on it. Also, nothing stops Tilck from i
(read more)
[Eric Arcana] has been creating animated holiday decorations for several years, which involved a lot of custom code to make things light up the way he wanted, pulling the microcontroller to make changes. Using ESP32s with remote software updates is easier, but [Eric] also wanted to make the code simpler. To achieve this he created Fade, a custom programming language/framework for controlling LED animations from the ESP32. Fade is written for addressable RGB LEDs like the Neopixel/WS2812. It keeps track of the current color of every LED in the system and allows the user to define what color it should be at a specified time in the future. Time is specified using 10 ms clock cycles. The LEDs will smoothly change from one color to the other in the specified number of clock cycles, without needing to specify what the intermediate colors should be. Code is written in simple IDE, running on a web server on the ESP32 itself, or on a remote Windows PC. The language is very simple, but still powerful enough to create complex LED animations. A key part of it is the ability to specify multiple concurrent state changes in just a few lines of code. [Eric] also included optioning to take touch button inputs and use them to update the animations. Another nice feature is a simulation window on the desktop IDE. It allows you to create custom LED layouts on PC, and test your code without needing to send it to the ESP32. Addressable LEDs have made creating large LED installat
(read more)
Why did this happen? Please make sure your browser supports JavaScript and cookies and that you are not blocking them from loading. For more information you can review our Terms of Service and Cookie Policy. Need Help? For inquiries related to this message please contact our support team and provide the reference ID below. Block reference ID:
(read more)
In late August 2018, in the heat of one of the warmest and driest years on record in the Four Corners country, under a blanket of smoke emanating from wildfires burning all over the place, I piloted the Silver Bullet — my trusty 1989 Nissan Sentra — to the quiet burg of Monticello, Utah. I was on my way from one camping site on the Great Sage Plain to another on Comb Ridge, where I would feed my misanthropic side with a searing hike down a canyon, seeking out potholes that still had a smidgen of stagnant water left over from the last rain. I took a detour through Mon
(read more)
The Second Age — Plus, Amazon shared one of the first visuals from the series. Enlarge / The first live action promotional image for Amazon's new The Lord of the Rings-related series. Today, Amazon Studios announced that its new TV series based on J.R.R. Tolkien's The Lord of the Rings has finished filming its first season. The season is expected to premiere on September 2, 2022, "with new episodes available weekly," Amazon says. Additionally
(read more)
SpaceX is clear to build a lander with NASA to put the first American woman and next American man on the Moon – after Uncle Sam dismissed complaints that the $2.94bn contract was awarded unfairly. In May, Jeff Bezos's Blue Origin and non-Bezos-owned Dynetics formally protested the US space agency's decision in April to use just Elon Musk's SpaceX for the lunar lander project. It was alleged NASA had, among other things, gone back on a promise to keep the process competitive by funding multiple lunar hardware designs, and eventually selecting the best for the mission, and thus the contract shouldn’t have been given to just one party at this stage. After these complaints were submitted to the Government Accountability Office, NASA paused its collaboration with SpaceX as an investigation
(read more)
Docker containers have been an essential part of the developer's toolbox for several years now, allowing them to build, distribute and deploy their applications in a standardized way.This gain in traction has been, not surprisingly, accompanied by a surge in security issues related to containerization technology. Indeed, containers also represent a standardized surface for attackers. They can easily exploit misconfigurations and escape from within containers to the host machine.Furthermore, the word “container” is often misunderstood, as many developers tend to associate the concept of isolation with a false sense of security, believing that this technology is inherently safe.The key here is that containers don’t have any security dimension by default. Their secu
(read more)
Google today said the latest iteration of its Android smartphones, the Pixel 6 and Pixel 6 Pro, are coming this fall. So far the internet advertising goliath has only offered a glimpse of the gear: no official specifications have been released. The Pixel 6 and 6 Pro look like your standard high-end 6.ish-inch aluminium-framed smartphones. The Pixel 6 Pro is expected to sport a 6.7" 120Hz screen, 5G connectivity, and a raised bank of cameras on the back that includes a wide-angle main sensor and one with a 4X optical-zoom telephoto lens. We're told the Pixel 6 duo will use Google's homegrown system-on-chip called Tensor. This is said to include a mix of CPUs and GPU cores, which could be and likely are licensed from other designers, plus Google's own custom AI acceleration engine. T
(read more)
Back from the dead and thirsting for blood — No one dies in the town of Skarnes. Could a hungry vampire save the local funeral home? The seemingly idyllic Norwegian town of Skarnes. Live (Kathrine Thorborg Johansen) and her brother Odd (Elias Holmsen Sorenson) run the family funeral parlor.
(read more)
Hi all, With excitement we're sharing today that Vue.js is Wikimedia Foundation's official choice for adoption as future JavaScript framework for use with MediaWiki. The evaluation of front-end frameworks officially started mid 2019, as part of the Platform Evolution program’s goal to evolve our technology platform and development processes to empower the Wikimedia Movement[0]. The corresponding Technical RFC was successfully resolved in March 2020[1]. As this framework selection is a wide-ranging, long-term decision, a dedicated group, the Front-end Architecture Working Group[2], was established to drive the technology comparison and the final recommendation. Besides the resolved RFC the outc
(read more)
I just discovered a lurking problem in the timebase.c module in all of the branches for releases >=3.20: In gpsd_gpstime_resolv(): /* sanity check week number, GPS epoch, against leap seconds * Does not work well with regressions because the leap_sconds * could be from the receiver, or from BUILD_LEAPSECONDS. */ if (0 < session->context->leap_seconds && 19 > session->context->leap_seconds && 2180 < week) { /* assume leap second = 19 by 31 Dec 2022 * so week > 2180 is way in the future, do not allow it */ week -= 1024; GPSD_LOG(LOG_WARN, &session->context->errout, "GPS week confusion. Adjusted week %u for leap %d\n", week, session->context->leap_seconds); } This code is going to trigger
(read more)
For years, I’ve had a private term I’ve used with my family. To give a few examples of its use: No, I never applied for that grant. I spent two hours struggling to log in to a web portal designed by the world’s top blankfaces until I finally gave up in despair. No, I paid for that whole lecture trip out of pocket; I never got the reimbursement they promised. Their blankface administrator just kept sending me back the form, demanding more and more convoluted bank details, until I finally got the hint and dropped it. No, my daughter Lily isn’t allowed in the swimming pool there. She easily passed their swim test last year, but this year the blankface lifeguard made up a new rule on the spot that she needs to retake the test, so Lily took it again and passed even mor
(read more)
U.S. authorities obtained a court order allowing them to demand financial information from banks and couriers about wealthy Americans suspected of using a Panamanian law firm to evade taxes.The Internal Revenue Service can now get information about electronic fund transfers and courier deliveries between the firm, Panama Offshore Legal Services, and its U.S. clients, the Justice Department said in a statement Thursday. The IRS seeks to identify clients who used the law firm to “create or control foreign assets and entities” to evade taxes, the department said.“We continue our joint efforts with the IRS to investigate tax evaders who use foreign financial accounts and sham foreign entities to hide their assets,” Manhattan U.S. Attorney Audrey Strauss said in the statement.U.S. Distr
(read more)
A kettle of raptors — Progress on the regulatory side of things remains murky, though. Image of 29 Raptor rocket engines installed on a Super Heavy booster.Elon Musk/TwitterSometimes it is difficult to write objectively about the rate at which SpaceX makes progress. The advancements we're seeing at the company's Starbase site in South Texas are unprecedented. Like, seriously unprecedented. On Sunday, SpaceX finished stacking what it is calling "Booster 4," the first of its Super Heavy rocket boosters expected to take flight. This is a massive, single-core rocket that is approximately 70 meters tall, with a diameter of 9 meters. It has a thrust approximately
(read more)
A motorbike might not take up a lot of parking space, but this is not true for the trailer required to transport one. To solve this problem, [Make It Extreme] built a custom single-wheel motorbike trailer barely wider than the motorcycle itself. The frame of the trailer is welded together from a couple of sections of large diameter steel tube, with a single car wheel mounted to a C-shaped portion on the rear end. A standard ball hitch would allow the entire trailer to tilt over to one side, so a pin hitch is used instead, with a pivot to allow up and down movement. Another pivot was added to the frame just ahead of the rear wheel to allow the trailer to lower to the ground for loading. It is raised and lowered with a manually pumped hydraulic cylinder, and a small pivot
(read more)
In brief Malicious libraries capable of lifting credit card numbers and opening backdoors on infected machines have been found in PyPI, the official third-party software repository for Python. That's according to the JFrog security research team, which documented its findings here at the end of last month. A package dubbed noblesse, and five variants, would, we're told, look on Windows systems for Discord authentication tokens, and browser-stored credit card numbers, and siphon them off to remote systems. Another called pytagora, and a variant, would execute arbitrary Python code provided by a remote system. The goal, it would seem, is to steal data and cause other havoc on machines that have these dependencies installed. We've covered PyPI package security previously here.
(read more)
August 01, 2021 The recent release of PetitPotam by @topotam77 motivated me to get back to Windows RPC fuzzing. On this occasion, I thought it would be cool to write a blog post explaining how one can get into this security research area. RPC as a Fuzzing Target? As you know, RPC stands for “Remote Procedure Call”, and it isn’t a Windows specific concept. The first implementations of RPC were made on UNIX systems in the eighties. This allowed machines to communicate with each other on a network, and it was even “used as the basis for Network File System (NFS)” (source: Wikipedia). The RPC implementation developed by Microsoft and used on Windows is DCE/RPC, which is short for “Distributed Computing Environment / Remote Procedure Calls” (source: Wikipedia). DC
(read more)
Zoom can't redefine end-to-end encryption — Zoom users to get $15 or $25 each in proposed settlement of class-action lawsuit. Enlarge / Technical preview of Zoom's end-to-end encryption, made available months after Zoom was caught lying to users about how it encrypts video calls. Zoom has agreed to pay $85 million to settle claims that it lied about offering end-to-end encryption and gave user data to Facebook and Google without the consent of users. The settlement between Zoom and the filers of a class-action lawsuit also covers security problems that led to rampant "Zoombombings." The proposed settlement would generally give Zoom users $15 or $25 each and was filed Saturday at US District Court for the Northern District of California. It came nine months after Zoom agreed to security improvements and a "prohibition on privacy and security misrepresentations" in a settlement with the Federal Trade Commission, but the FTC settlement didn't include compensation for users. As we wrote in November, the FTC said that Zoom claimed it offers end-to-end encryption in its June 2016 and July 2017 HIPAA compliance guides, in a January 2019 white paper, in an April 2017 blog post, and in direct responses to inquiries from customers and potential customers. In reality, "Zoom did not provide end-to-end encryption for any Zoom Meeting that was conducted outside of Zoom's 'Connecter' product (which are hosted on a customer's own servers), because Zoom's servers—including some located in China—maintain the cryptog
(read more)
Introduction There are a ton of great explainers of what graph neural networks are. However, I find that a lot of them go pretty deep into the math pretty quickly. Yet, we still are faced with that age-old problem: where are all the pics?? As such, just as I had attempted with Bayesian deep learning, I'd like to try to demystify graph deep learning as well, using every tool I have at my disposal to minimize the number of equations and maximize intuition using pictures. Here's my attempt, I hope you find it useful! Graphs In my Network Analysis Made Simple tutorial, we see that the term "graph" are really nothing more than a synonym for networks. Defined strictly, graphs are comprised of nodes, i.e. entities, and edges that define relations between nodes. Examples are social networks (nodes = people, edges = friendship), and flight networks (nodes = airports, edges = flights that exist between the two networks). Pictorially, we'd usually draw something that looks like this: A graph G, in really concise mathematical notation, can be represented as G = (V, E), or in plain English, an unordered collection of vertices (a synonym for nodes) and an unordered collection of edges. Graphs as arrays One thing that's a really neat property of graphs is that we can actually represent them as arrays. This is covered in the Linear Algebra sectio
(read more)
The Myth of RAM, part I # The Myth of RAM, part I April 21, 2014 ## Preface This article is the first of four in a series, in which I argue that thinking of a memory access as _O(1)_ is generally a bad idea, and we should instead think of them as taking _O(√N)_ time. In part one I lay out a hand-wavy argument based on a benchmark. In [part II](2014_04_28_myth_of_ram_2.html) I build up a mathematical argument based in theoretical physics, and in [part III](2014_04_29_myth_of_ram_3.html) I investigate some implications. [Part IV](2015_02_09_myth_of_ram_4.html) is a FAQ in which I answers some common questions and misunderstandings. (This preface was added on August 29, 2016) ## Intro If you have studied computing science, then you know how to do [complexity analysis](https://en.wikipedia.org/wiki/Analysis_of_algorithms#Run-time_analysis). You'll know that the time complexity for iterating through a linked list is _O(N)_, binary search is _O(log(N))_ and a hash table lookup is _O(1)_. What if I told you that all of the above is not just misleading, but wrong? What if I told you that the time it takes to iterate through a linked list is actually _O(N√N)_ and hash lookups are _O(√N)_? Don't believe me? By the end of this series of articles you will. I will show you that accessing memory is not a _O(1)_ operation but _O(√N)_. This is a result that holds up both in theory and practice. Let’s start with the latter: ## Measuring it First of all, let's get our definitions straight. [Big O notation](https://en.wikipedia.org/wiki/Big_O_notation) can be applied to many things, from memory usage to instructions executed. For the purpose of this series of articles I'll be using the _O(f(N))_ to mean that _f(N)_ is an upper bound (worst case) of the *time* it takes to accomplish a task accessing _N_ bytes of memory (or, equivalently, _N_ number of equally sized elements). That I use Big O to analyze _time_ and not _operations_ is important. As we'll see, the CPU spends a lot of time waiting for memory. Personally, I do not care what the CPU does while I wait for it – I only care about how long something takes, hence the definition above. Another clarif
(read more)
Heap is a digital insights platform that automatically captures web and mobile behavior like page views, clicks, and taps. We recently shipped Effort Analysis, a way for Heap customers to see the median number of interactions and seconds engaged between each step within a funnel. Here’s what it looks like:To build this feature, we needed to write a query that could quickly scan more than a billion rows of event data. But when we first started working on this feature, it took too long to scan the data.Fortunately, we found a way to double the speed of this feature's p90 performance. To do this, we had to work around a case where the Postgres planner is, according to the Postgres docs, “not very smart.” This Postgres quirk surprisingly prevented an existing index from supporting an index-only scan. This post is about the quirk that caused our performance problem and the workaround we leveraged to achieve a 2x performance win.What’s an index-only scan?First, a quick refresher on index-only scans. An index is a secondary data structure in your database that the query planner can use to make some queries faster. For example, an index on the user_id column can make lookups of a specific user_id faster. An index-only scan is a special kind of operation in which the database can
(read more)
While there’s probably a Cherry MX clone born every year or so, it’s not often that such a radically different type of switch comes along. These “Void” switches are Hall-effect magnetic levitation numbers devised by keyboard connoisseur and designer [riskable]. Can you imagine how satisfying it is to clack on switches that actuate with magnets? They have adjustable tactility and travel thanks to even more tiny magnets. But you won’t be able to get these in a group buy or anything. If you want some of these babies, [riskable] says you’ll have to print and assemble ’em yourself. These attractive switches don’t have a Cherry MX footprint, either, so you’ll need some of [riskable]’s AKUs, or Analog Keyboard Units (YouTube) to actually use them. [riskable] predicts that unlike the switches, the AKUs will likely be available to buy at some point in the future. (Okay good, because we really would love to know what these feel like in a keyboard!) So, how do they work? As explained in the first video embedded below, there is one magnet in the slider and another in the housing. These two are attracted to each other, so actuating the switch separates them, which is where the Hall effect comes in. A third magnet in the keycap acts as the levitator to help return the switch to open position. The tactility of these switches is determined by the thickness of the plastic between the two lovebird magnets, so you could totally dial that in to whatever you want, in addition to all the other customization that 3D printing affords. Tour and Teardown The inimitable [Chyrosran22] featured these mag-nificent switches in one of his teardown videos, which is embedded below. One of the things [riskable] sent was a tactility sampler that ranges from an unimaginably tactile 0.0 mm of plastic in between them to not quite 2 mm. In case you’re wondering, the video is remarkably safe-for-work, which is surprising given the content creator’s propensity for long strings of creative and hyphenated curses. We suppose [Chyrosran22] saves that stuff for the bad keyboards, then. Stick around after the rightfully glowing review for [riskable]’s tour of a hand-wired an
(read more)
Along with other optimizations to benefit the Steam Deck, AMD and Valve have been jointly working on CPU frequency/power scaling improvements to enhance the Steam Play gaming experience on modern AMD platforms running Linux. It's no secret that the ACPI CPUFreq driver code has at times been less than ideal on recent AMD processors with delivering less than expected performance/behavior with being slow to ramp up to a higher performance state or otherwise coming up short of disabling the power management functionality outright. AMD hasn't traditionally worked on the Linux CPU frequency scaling code as much as Intel does to their P-State scaling driver and other areas of power management at large. AMD is ramping up efforts in these areas including around the Linux scheduler given their recent hiring spree while it now looks like thanks to the Steam Deck there is renewed interest in better optimizing the CPU frequency scaling under Linux. AMD and Valve have been working to improve the performance/power efficiency for modern AMD platforms running on Steam Play (Proton / Wine) and have spearheaded "[The ACPI CPUFreq driver] was not very performance/power efficiency for modern AMD platforms...a new CPU performance scaling design for AMD platform which has better performance per watt scaling on such as 3D game like Horizon Zero Dawn with VKD3D-Proton on Steam." AMD will be presenting more about this effort next month at XDC. It's quite possible this new effort is focused on ACPI CPPC support with the previously proposed AMD_CPUFreq. Back when Zen 2 launched in 2019, AMD did post patches for their new CPUFreq driver that leveraged ACPI Collaborative Processor Performance Controls but the driver was never mainlined nor any further iterations of the patches posted. When inquiring about that work a few times since then, AMD has always said it's been basically due to resource constraints that it wasn't a focus at that time. Upstream kernel developers also voiced their preference to seeing AMD work to improve the generic ACPI CPPC CPUFreq driver code rather than having another vendor-specific solution. It's also possible AMD has been working on better improvements arou
(read more)
Promo Even the smallest organisation knows its data is precious. Unlocking the value of your data is crucial to future growth, while protecting it is central to your very survival. But while we’ve gotten used to many sophisticated tech tools being available to virtually anyone, it can feel top-end security, performance and data management are the preserve of those who can afford legacy, “enterprise” storage platforms. Which means everyone else is stuck with a cut-down, “mid-range” version. This system might be good for those legacy vendors, and those organisations who don’t seem t
(read more)
Jason A. Donenfeld Jason at zx2c4.com Mon Aug 2 17:27:37 UTC 2021 Previous message (by thread): wireguard command line, dumplog and GUI pop-up in 0.3.16 Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] Hey everyone, After many months of work, Simon and I are pleased to announce the WireGuardNT project, a native port of WireGuard to the Windows kernel. This has been a monumental undertaking, and if you've noticed that I haven't read emails
(read more)
Your log data is a treasure-trove of information about your application, but it can be overwhelming. This post will dig into several strategies for extracting metrics and other helpful information from your logs. We’ll start with the basics of the heroku logs command, then we’ll dig into the real fun using a tool called Angle Grinder. How to view your Heroku logs heroku logs on its own just prints the most recent logs from your app and then exits. Generally that’s not very useful. I almost always want the -t (or --tail) option to continually tail my logs. Additionally I usually want it scoped to a specific dyno process, so I’ll include -d router, -d web, or -d worker so I’m only seeing relevant logs. Here’s how I would tail my router logs: heroku logs -t -d router 2021-07-28T16:23:07.870849+00:00 heroku[router]: at=info method=POST path="/api/REDACTED/v2/reports?dyno=web.8&pid=4" host=api.railsautoscale.com request_id=0ce66277-877c-4d4f-91c4-2c1075089b41 fwd="3.84.54.241,172.70.34.122" dyno=web.7 connect=1ms service=156ms status=204 bytes=358 protocol=https 2021-07-28T16:23:07.774247+00:00 heroku[router]: at=info method=POST path="/api/REDACTED/v2/reports?dyno=web.3&pid=81" host=api.railsautoscale.com request_id=fe46b69d-8938-4d41-a566-4c837050f6da fwd="3.85.98.203,172.69.62.61" dyno=web.14 connect=1ms service=14ms status=204 bytes=358 protocol=https 2021-07-28T16:23:07.627308+00:00 heroku[router]: at=info method=POST path="/api/REDACTED/v2/reports?dyno=web.1&pid=11" host=api.railsautoscale.com request_id=f5b69be4-8283-48f6-b683-30c051b4f51d fwd="34.232.107.232,172.70.42.94" dyno=web.11 connect=0ms service=327ms status=204 bytes=358 protocol=https 2021-07-28T16:23:07.740752+00:00 heroku[router]: at=info method=POST path="/api/REDACTED/v2/reports?dyno=web.4&pid=4" host=api.railsautoscale.com request_id=89d2da0d-e1d8-484d-99f2-bf26921ba9a5 fwd="3.249.54.29,162.158.158.123" dyno=web.11 connect=0ms service=354ms status=204 bytes=358 protocol=https 2021-07-28T16:23:07.881220+00:00 heroku[router]: at=info method=POST path="/api/REDACTED/v2/reports?dyno=web.1&pid=24539" host=api.railsautoscale.com request_id=37171239-4524-46cf-9dce-7cdda8bd4ace fwd="3.95.158.194,172.70.34.173" dyno=web.20 connect=2ms service=34ms status=204 bytes=358 protocol=https 2021-07-28T16:23:07.743590+00:00 heroku[router]: at=info method=POST path="/api/REDACTED/v2/reports?dyno
(read more)
A kettle of raptors — Progress on the regulatory side of things remains murky, though. Image of 29 Raptor rocket engines installed on a Super Heavy booster.Elon Musk/TwitterSometimes it is difficult to write objectively about the rate at which SpaceX makes progress. The advancements we're seeing at the company's Starbase site in South Texas are unprecedented. Like, seriously unprecedented. On Sunday, SpaceX finished stacking what it is calling "Booster 4," the first of its Super Heavy rocket boosters expected to take flight. This is a massive, single-core rocket that is approximately 70 meters tall, with a diameter of 9 meters. It has a thrust approximately double that of the Saturn V rocket that launched NASA astronauts to the Moon. Then, overnight, something remarkable happened. Technicians and engineers at the SpaceX build facility near Boca Chica Beach attached 29 Raptor rocket engines to the rocket. Twenty-nine engines. Each with intricate plumbing lines and connections. This is the number of engines that Super Heavy will fly with for initial flight tests, although the final configuration is likely to have 32 engines. I'm not really sure what to write or say about all this, because typically in the rocket business it takes a few days to install a single engine. After some initial checkouts in the assembly area, Booster 4 will roll to the launch site a couple of kilometers down the road. This may happen as early as Tuesday. After this, there likely will be pressure tests and a series of static fire tests. With this many valuable Rapto
(read more)
Aug 2, 2021This is a quick blog post about a security vulnerability (now fixed) that allowed me to make anyone like or message a profile on okcupid.com simply by getting them to click a link on my website. In doing so, I used one of the most boring web application security issues (CSRF) combined with a somewhat interesting JSON type confusion. Proof that it worked on a friend who agreed to help me with security testing and is definitely NOT a rabbit: A short recap of CSRF The story, like many, began with me opening devtools and checking if websites were sending CSRF tokens alongside requests that require authentication, like sending messages to another user from your account. CSRF is an attack whereby an attacker sends a link to a victim which, when visited in the victim’s browser, performs some action on behalf of the victim on a site that they are logged into. So for instance, if Bob is logged into Facebook, and Facebook doesn’t have CSRF mitigations on the endpoint that deletes a user’s account, then Alice can trick him into deleting his Facebook account by sending him a hidden link to https://facebook.com/delete (which is not the actual URL that deletes your FB account). In this case, I noticed that OkCupid messages are sent via POST requests to https://www.okcupid.com/1/apitun/messages/send with a JSON-encoded body like so: {"receiverid": "123", "body": "sup"} Conspicuously, there was no CSRF token sent in the request. CSRF tokens are a common way to miti
(read more)
A mysterious, one-letter npm package named "-" sitting on the registry since 2020 has received over 700,000 downloads. What's more? The package contains no functional code, so what makes it score so many downloads? Inside the npm package "-" An npm package called "-" has scored almost 720,000 downloads since its publication on the npm registry, since early 2020. There's only one version of the package: 0.0.1 and it contains three files: tar tvf 0.0.1/--0.0.1.tgz package/dist/index.js package/package.json package/README.md Inside these files—mainly the manifest (package.json) and index.js, there is nothing phenomenally interesting, just skeleton code. The manifest does pull in a bunch of development dependencies (devDependencies) and invokes some commands on the "ts-node" component, but that's about it. It's practically dead code, for now: The index.js file and the manifest file (package.json) of "-" (BleepingComputer) "-" is used by over 50 packages It gets even better. The practically useless package "-" serves as a dependency for over 50 npm packages, without a clear explanation: npm package "-" is used by 56 packages (npmjs.org) But most of these dependencies have no more than a few dozen weekly downloads. So, how is it that "-" has scored almost 720,000 downloads? It is plausible the package gets pulled in when someone is running npm commands from terminal, and makes typographical errors. For example, to install an npm package called "somepackage," you'd have to run: npm i somepackage What if you were specifying a few flags, but made a mistake. For example: npm i - someFlag somepackage The space between the "-" and someFlag may cause npm to pull in "-" as the package with that name does exist. It's therefore plausible that the package's thousandfold download counts are a result of developers making typos. And similarly, when adding dependencies to package.json via command-line, it isn't too hard too see how a "-" could slip in by error. In a test, BleepingComputer, ran the following command, with the intention of downloading "somepackage" and "axsharma" from npm. But notice the intentional typo, an extra "-" before the "--save" flag: npm install somepackage axsharma - --save Unsurprisingly, both the resulting file package-lock.json and the node_modules/ folder contained the "-" package, explaining how it could slip into your dependencies in the real world: Generated node_modules folder and package-lock.json file contain "-" package (BleepingComputer) BleepingComputer reached out to the package's author Dmitry Parzhitsky with some questions, like, why was this package created. But, we haven't heard back. The package's creation itself could be accidental or caused by a test script that finished prematurely. Both the README.md file included within the package and the package's npm page indicate "-" was generated by a script: README file for "-" (BleepingComputer) Suffice to say, while there is nothing right now in "-" that indicates it is malicious, we don't know what the next version of "-" could look like, should it be released. Other examples of single-letter packages, or those resembling np
(read more)
For years I’ve looked forward to seeing each new unofficial hardware badge that comes out of the #Badgelife powerhouse known as AND!XOR. A mix of new and interesting components, alternate-reality game, and memes, you never know what they’re going to throw down. A bubble pack landed on my desk on Thursday with the newest offering, the AND!XOR electronic badge built for DEF CON 29, happening this weekend as a hybrid in-person and online conference. While each previous year upped the ante on complexity and manufacturing magic tricks, it’s no surprise considering the uncertainty of both the global pandemic and global chip shortage that they took a different tack. What we have here is a badge hacking puzzle that challenges you to just figure out how to put the thing together! The Hardware Unpacking the badge it is clear that this is a solder kit. In addition to the main PCB and four daughter PCBs, there’s a small zipper bag of components in tape, along with two coin cells, a battery holder, and a beautiful color lanyard. You’ve got to put all of this stuff inside of a package to ship it, so the meme factory decided to roll out a pack of “Damonitos”, a play on Doritos-brand corn chips and the badge collective’s recently adopted hashtag-mascot, Matt Damon. I haven’t asked why and neither should you. The thing is, there’s nothing programmable here; through and through this is a hardware badge. I’ll dive into the assembly details later on, but this looks like surface mount resistors, capacitors, and transistors, and one through-hole trimpot. It’s a clever way to sidestep the problem of reliably sourcing microcontrollers in any kind of volume in 2021. The boards themselves are obviously the “After Dark” treatment of OSH Park (and sure enough, their logo is on the back of the board). The iconic treatment uses black substrate (the board itself), clear solder mask to let the copper traces show through, ENIG plating for golden pads, and white solder mask. The Assembly Puzzle I think AND!XOR is hands-down the best at documenting their badges, but within a limit of the puzzles they design into them. In this case, most people would reach for the schematic and begin putting paste on the board for assembly. But head over to their project page and you’ll find no such resources available. What you will find is encouragement to break the glyph cipher used as component reference next to each footprint on the back of the board. There are sixteen icons used in the key, which strikes me as nice number for hex-values, but I’m just spitballing. I have not yet had time to start work on this challenge, but it’s all I want to do right now. Not great for the outlook on getting my actual work done, thaaaaaanks AND!XOR. Three-legged footprints are easy enough to figure out, but two different tape strips of transistors have me thinking that you’ll need to establish PNP versus NPN. Even if you get that sorted out, and crack the code on resistor values, there’s also a routing puzzle afoot. The daughter PCBs themselves are an interesting part of the challenge. The front of each has two face
(read more)
This is about more than just making a product that looks nice and works well. Because our product lets people build their own apps, we need both to create an app builder that's intuitive and easy to use, and give our users beautiful, well-designed components for them to build their apps from too. You should have a strong aesthetic, and especially experience building complex, data-powered products. You should feel comfortable creating visual designs, working in design systems, and also thinking about product from a much higher level.
(read more)
Tweet storm product announcements are new — Google's "Whitechapel" SoC is officially "Google Tensor," plus we've got pictures! The Pixel 6. Notice how the bottom one has a bigger area above the camera block? That's the "Pro" model. Google
(read more)
31 Jul 2021 The computers sitting on our desks are incomprehensibly fast. They can perform more operations in one second than a human could in one hundred years. We live in an era of CPUs that can perform billions of instructions per second, tens of billions if we take multi-cores into account, of memory that can transfer data to the CPU at hundreds of gigabytes per second, of disks that support streaming reads of gigabytes per second. This era of incredibly fast hardware is also the era of programs that take tens of seconds to start from an SSD or NVMe disk; of bloated web applications that take many seconds to show a simple list, even on a broadband connection; of progr
(read more)
The shortlisted images from 2021's Astronomy Photographer of the Year competition have been revealed. The largest astrophotography competition in the world, Astronomy Photographer of the Year showcases the very best space photography from a global community of photographers. Now in its 13th year, the competition received a staggering 4,500-plus entries, submitted from 75 countries worldwide.  Check out an incredible selection of the shortlisted images below. Follow the competition: #APY13
(read more)
Microsoft has added Windows 11 to the Beta channel of its Insider preview scheme and issued a new build which replaces flashing taskbar icons - indicating attention is required - with what it calls a "red pill." There are three Insider channels: Dev for the latest builds, Beta for builds tied to a specific upcoming release, described as "reliable", and Release Preview for supported builds just before general availability. Windows 11 has been added in the Beta channel, though right now the Beta and Dev builds are the same, 22000.111. Microsoft noted that "if you are in the Dev Channel, now would be the right time to consider switching to the Beta Channel if you want to stay on more st
(read more)
Dollar Stores Make Up Nearly Half of All New Store Openings This Year About 45% of the 3,500 reported retail openings this year are Dollar General, Dollar Tree or Family Dollar, according to CNN. Dollar store openings had been on the rise even before the pandemic, but economic fallout over the last year has exacerbated wealth inequality. And as Next City has previously reported, dollar stores proliferate in low-income neighborhoods where fresh produce and other healthy food access are scarce. According to a 2018 Institute for Local Self-Reliance report, “While dollar stores sometimes fill a need in
(read more)
The Rubesletter is a newsletter with thoughts from Matt Ruby, comedian/writer/creator of Vooza (email [email protected]).In this Rubesletter, there’s an essay about what my life was like pre-iPhone addiction, a look at Instagram-famous chef Salt Bae, a video of my recent Instant Pot Indian Butter Chicken adventure, and a preview of the new Hell & Wellness pod discussing Marie Kondo. Away we go…I was not alertedI used to get lost all the time. I’d ask for directions, look for landmarks, fold maps, carry a guidebook, and keep an atlas in the glove compartment. I never knew when the next train was coming. I waited around a lot.I memorized phone numbers, jotted things down in notebooks, had conversations with taxi drivers, talked to random people at bars, wrote checks, went to the bank, and daydreamed. I was grossly inefficient and terribly bored. I rarely got what I wanted and, when I did, I had to wait at least 8-10 days for it to be delivered. I was not archived, nor was I searchable; things I said just disappeared forever.I had no idea how many steps I'd walked or stairs I’d climbed. My desk’s height did not adjust; I just sat in a chair and took it. I tolerated unstapled stomachs, breasts which subjugated themselves to gravity, and butts that were incapable of functioning as shelves. I had no influence and never disrupted anything. Strangers did not wish me a happy birthday or “Like” me. My personal brand was invisible. I operated on hunches, browsed bookstores, and fearlessly entered restaurants on a whim, with no knowledge of the party of eight who’d travelled all the way from Connecticut to dine there and who, despite their reservations for 8:45pm, were not seated until 9:30pm and then had to endure a server who was extremely rude, unprofessional, and “tattooed up on his neck.”I did not eat gummy bears, worms, or any other gummy species. I never charged my weed, microdosed, or took pills to help me focus. Only doctors took my temperature and masks were for parties. My life lacked motivational quotes, nutrition tips, and workout advice. My wellness ran dry.I did not take photos of myself, was not filtered, and had no idea what I looked like as a bunny rabbit, puppy, or unicorn. I had to buy film, load it in a camera, carry it around, find something worth shooting, get the film developed, and then pick up the prints. I only had 36 shots so each one mattered; I was constantly forced to ask myself, “Do I actually want a photo of this?” Also, my genitals went unphotographed.Doing my best Ethan Hawke impression while riding the rails in Europe in the 90’s.There was no surveillance of the streets. Crimes occurred and there was no footage to review. Planes crashed and we only saw the wreckage. There were no body cams and only spies could install hidden cameras. I trusted the nanny. We all did. It must have been a field day for nannies.I was rejected to my face and broken up with in person. I was not polyamorous and, truth be told, was gleeful if just one woman agreed to be in a relationship with me. In order to go on a date, I had to approach a woman, talk to her, get her number, call her, talk to her again, and ask her
(read more)
Google bookmarks won't be supported past September 31, 2021 21 points by penguin_booze 51 minutes ago | hide | past | favorite | 23 comments Just logged in to bookmarks, and found this message: https://imgur.com/a/OQ7YZqB. To be clear, this is not Chrome's ability to save bookmarks and its useful ability to synchronize bookmarks across devices when logged into a Google account.This is an older bookmark service provided here:https://www.google.com/
(read more)
tl;dr: When multiple apps interact with the same database, nasty side-effects can happen: One app keeps the database busy; all other apps might stop responding. In this case, you are dealing with an incident that is difficult to debug due to a non-obvious root cause. Assigning a name to each database connection can make a difference. It will reduce the time to debug by multiple hours and finding the root cause faster. From the perspective of the database, you can differentiate the apps and their commands to identify the bad client.➡️ Want to see how it works? Checkout examples for MongoDB,
(read more)
Sign-in on Android devices running Android 2.3.7 or lower will not be allowed starting September 27, As part of our ongoing efforts to keep our users safe, Google will no longer allow sign-in on Android devices that run Android 2.3.7 or lower starting September 27, 2021. If you sign into your device after September 27, you may get username or password errors when you try to use Google products and services like Gmail, YouTube, and Maps. If your device has the ability to update to a newer Android version (3.0+), we advise you to do so in order to maintain access to Google apps and services on that device.How this change will affect youWhen support ends for sign-in with a Google Account on Android 2.3.7 and below, you will receive a username or password error if you try to sign in to your devices or to add an email or calendar account. The following cases can also lead to this error if you:Perform a factory reset of your device and try to sign in.Change your password either on the device or on a different device, which then signs you out everywhere else. When you try to sign in again, you will receive the error message.Remove your account from your device and re-add it.Create an account on the device.How you can still access your accountYou will be able to sign into your account with a newer Android version (3.0 or newer). If your device has the ability to update to a newer Android version (3.0+), we advise you to do so. If you cannot update your device to a newer Android version (3.0+), you can try to log into your Google account on your device’s web browser. You can still use some Google services when logged into Google on your device’s web browser.To access your Google Account and email on your device using a web browser:Open your phone’s browser app. Enter your username and password. Latest Update Latest Updates (0) Recommended Answer Recommended Answers (0) Relevant Answer Relevant Answers (0) Our automated system analyzes the replies to choose the one that's most likely to answer the question. This question is locked and replying has been disabled. Failed to attach file, click here to try again.Edit linkText to display:Link to: Notifications are currently off and you won't receive updates. To turn them on, go to Notifications preferences on your Profile page. Discard post? You will lose what you have written so far. Personal information found We found the following personal information in your message: This information will be visible to anyone who visits or subscribes to notifications for this post. Are you sure you want to continue? This will remove the reply from the Answers section. Notifications are off Your notifications are currently off and you won't receive subscription updates. To turn them on, go to Notifications preferences on your Profile page. Google user This reply is no longer available. Badges Some community members might have badges that indicate their identity or level of participation in a comm
(read more)
Arik Kershenbaum, a zoologist and animal communications researcher at the University of Cambridge, thinks that the evolutionary forces that shape life on Earth will produce many similar features in extraterrestrial life.The laws of physics and biomechanics constrain the ways that animals can conceivably evolve mobility on this planet. “And so we can expect these constraints to be operating everywhere in the universe,” Kershenbaum said.You’re arguing that wherever organisms confront similar environmental challenges, they may come up with similar adaptive solutions. And you expect to see this throughout the universe? Consider flight, since that’s the most famous example of convergence. If you live on a planet with an atmosphere, or even with an ocean or some other fluid, if you want to get from one place to another through that fluid, there’s only a handful of ways to do it. You can jump. You can float, if you’re lighter than the medium that you’re in. The only other way is aerodynamically, with a wing, to generate lift. Those are the mechanics of moving through a fluid medium. On Earth, flight evolved four different times in four different groups: in birds and bats and pterosaurs and insects. The fact that they all use wings isn’t because they evolved on Earth; it’s because it was advantageous to fly, and wings are just about the only way to fly. And so we can expect these constraints to be operating everywhere in the universe. How far can that insight take us, though? As you said, organisms anywhere that need to fly are likely to evolve wings. But the wings of bumblebees, bluebirds and bats are very different. Yes, bat wings and bee wings are different, but only in detail, not in principle. Both consist of a membrane supported by rigid structures. Both generate lift by creating airflow over that membrane. In fact, the main difference between bee wings and bat wings is not in their structure, it’s in the way they use them. The small size of insects means that they cannot simply flap their wings like bats and expect to fly. They need to buzz, generating lift both on the forward stroke of their wings and on the backward stroke — something that neither birds nor bats do. So rather than the diversity of implementations on our planet confounding our comparisons, we can actually be more confident about our predictions, because we can see how tightly constrained these solutions really are. Yes, birds, bats and bees have different wings, but they’ve all achieved the same end result — an aerodynamic wing — despite the hugely different physical constraints acting on them. Coincidences of evolutionary (and even cosmic) history will always affect the details of animal shape and appearance. We have four limbs only because it was a four-finned fish that crawled out of the sea almost 400 million years ago. We could easily have had six limbs, or even eight, if evolutionary history had played out differently. So there will never really be close similarity between us and our equivalent species on an alien planet. But some things are just so tightly constrained that there aren’t really many alternative ways to do things. Stephen J
(read more)
The concept of a new media ecosystem that's non-profit, publicly funded and tech-infused is drawing interest in policy circles as a way to shift the power dynamics in today's information wars.Why it matters: Revamping the structure and role of public media could be part of the solution to shoring up local media, decentralizing the distribution of quality news, and constraining Big Tech platforms' amplification of harmful or false information.Flashback: Congress in 1967 authorized federal operating money to broadcast stations through a new agency, the Corporation for Public Broadcasting, and what is now PBS launched down-the-middle national news programming and successful kids shows like "Mr. Rogers' Neighborhood" and "Sesame Street." NPR was born in 1971. Despite dust-ups over political interference of national programming and funding, hundreds of local community broadcast stations primarily received grants directly to choose which national programs to support. Driving the news: A new policy paper from the German Marshall Fund proposes a full revamp of the CPB to fund not just broadcast stations, but a wide range of digital platforms and potential content producers including independent journalists, local governments, nonprofits and educational institutions. The idea is to increase the diversity of local civic information, leaning on anchor institutions like libraries and colleges that communities trust. Beyond content, the plan calls for open protocol standards and APIs to let consumers mix and match the content they want from a wide variety of sources, rather than being at the mercy of Facebook, Twitter or YouTube algorithms. Data would be another crucial component. In order to operate, entities in the ecosystem would have to commit to basic data ethics and rules about how personal information is used. "It's about power. We don't want government to tell the platforms what to do, but we don't want the platforms to have the power to deplatform" and decide which voices get heard, said Ellen Goodman, co-author of the report, a professor at Rutgers Law School, and founder and director of the Rutgers Institute for Information Policy & Law."No one thinks the most efficient way to do things was to have a gazillion broadcast stations, but it was to decentralize power. So what would that look like on the internet?"Reality check: Allowing people to "tune" their own content preference dials could exacerbate filter bubbles.Still, the authors say the involvement of local trusted institutions in the creation and amplification of civic information — from public health updates to local election news — could improve people's overall media diet and exposure "so it's not just a battle of government vs. platform," Goodman said. The big picture: More broadly, new models of non-profit media are gaining traction.The Local Journalism Sustainability Act takes a different approach to the government grant model. The bill would, for example, give a tax credit to people who donate to nonprofit newsrooms, or to small businesses who buy advertising at a nonprofit outlet. What they're saying: "There absolutely has to be a much bigger role for nonprofit media, with publ
(read more)
Quadcopters are great for maneuverability and slow, stable flight, but it comes at the cost of efficiency. [Peter Ryseck]’s Mini QBIT quadrotor biplane brings in some of the efficiency of fixed-wing flight, without all the complexity usually associated with VTOL aircraft. The Mini QBIT is just a 3″ mini quadcopter with a pair of wings mounted below the motors, turning it into a “tailsitter” VTOL aircraft. The wings and nosecone attach to the 3D printed frame using magnets, which allows them to pop off in a crash. There is no need for control surfaces on the wings since all the required control is done by the motors. The QBIT is based on a research project [Peter]
(read more)
A firm that sells nuisance call-blocking systems is itself nursing a £170,000 fine from the UK's data watchdog, ironically for cold calling almost 200,000 people registered with the Telephone Preference Service (TPS). Brighton-based Yes Consumer Solutions Ltd (YCSL) failed to check its marketing list against the TPS, and as such made 188,493 unsolicited direct marketing calls between October 2018 to October 2019. Phoning individuals registered with TPS for longer than 28 days is a violation of electronic marketing law, better known to Reg readers as Privacy and Electronic Communications Regulations (PECR). YCSL, which in its own words sells "high quality Nuisance Call Prevention equ
(read more)
A recurring questions that surfaces around the Future of Coding Community is what happened to OpenDoc? why did it fail? This post is a summary of reasons found around the web, then I will explore other implementations similar to OpenDoc to see if there is a general pattern. Bias warning: I pick the quotes and the emphasis, read the sources in full to form your own conclusion and let me know! OpenDoc To start, here's a brief description of what OpenDoc was: The OpenDoc concept was that developers could just write the one piece they were best at, then let end-users mix and match all of the little pieces of functionality together as they wished. Let's find out the reasons: OpenDoc pos
(read more)
Ask HN: Freelancer? Seeking freelancer? (August 2021) 17 points by whoishiring 2 hours ago | hide | past | favorite | 34 comments Please lead with either SEEKING WORK or SEEKING FREELANCER, your location, and whether remote work is a possibility.Bonsai (YC W16) (https://www.hellobonsai.com) offers freelance contracts, proposals, invoices, etc. SEEKING WORK | REMOTE | Software/System ArchitectLocation: Toronto, Ontario, CanadaMost recent system/software architecture design: Online professional conference system with UI styling based on the dynam
(read more)
Ask HN: Who wants to be hired? (August 2021) 33 points by whoishiring 58 minutes ago | hide | past | favorite | 29 comments Share your information if you are looking for work. Please use this format: Location: Remote: Willing to relocate: Technologies: Résumé/CV: Email: Readers: please only email these addresses to discuss work opportunities.Searchers: try https://seisvelas.github.io/hn-candidates-search/. Location: european, living in chinaRemote: yesWilling to relocate: not at this time. maybe in the futureTechnologies: Linux, fr
(read more)
Launch HN: Tavus (YC S21) – AI-generated personalized videos for sales outreach 34 points by rishabhdhar 5 hours ago | hide | past | favorite | 53 comments Hi HN - Hassaan, Quinn & Rishabh here and we're the founders of Tavus (https://tavus.io/). We generate personalized videos that realistically imitate your gestures and voice. See a short demo at https://video.tavus.io/video?id=2302 and play with it at https://tavus.io/playground/.Companies like Loom and Vidyard have proven the value of personalized videos for sales, onboarding, marketing, and more. The problem is the time it takes to create a video for each prospect. We make it scalabl
(read more)
PC makers are starting to prioritise production lines in favour of more profitable Windows PCs at the expense of Chromebooks, or so warns IDC. The analyst recently finished totting up preliminary shipments for calendar Q2, showing sales growth of hardware running on Google's Chrome OS starting to slow but still coming in at an impressive 12.3 million units globally. According to the figures, this means that vendors shipped 5 million more Chromebooks than the same period in 2020 when government lockdowns made PCs, particularly relatively low-cost ones, must-have items at home. This equates to growth of 68.6 per cent Despite the positive shipment data, IDC noted this was a slowdown on recent quarters, including the 357 per cent rise recorded in Q1 and the buying frenzy that made Chromebooks a bigger seller than Apple's Mac in 2020. "For Chromebook, while still in high demand and even on backlog for many education deals, vendors have started prioritising higher margin Windows laptops given the ongoing component shortages," the analyst said. Not every vendor caught the Chromebook wave in Q2: HP leapfrogged Lenovo into the top spot with sales of 4.3 million, up 115.7 per cent, while its Chinese rival grew 81.2 per cent. Acer shipped 1.9 million units, up just 21.7 per cent, and Dell sent 1.8 million Chromebooks into the channel. Fifth-placed Samsung recorded 900,000 units, up from 600,000 units a year ago. Laptops are on fire! In a good way (if you're selling). PC sales race to highest growth rate since 2011 Google fixes 'Chromebork' one-character code typo that prevented Chrome OS logins Chromebook boom won’t outlive COVID-19 pandemic, says IDC 10 years later, Chrome OS starts to look like a proper OS with hardware diagnostics and the ability to scan documents Windows' cloudy future: That Chrome OS advantage is Google's to lose PC component shortages in the past year mostly included memory and notebook panel driver ICs, and Lenovo, the world's biggest computer maker, said last autumn it could have shipped 30-40 per cent more product had it not been for supply chain restrictions on production. HP boss Enrique Lores said in May h
(read more)
Supermicro Liquid Cooling High End Servers Cover Image Many readers at STH will know that we have been running a series around the future of data center technologies. Today, we are going to take a look at the impact of liquid cooling in the data center. Specifically, we are going to take a look at some of the common options, and then get a hands-on look at some of the impacts. Indeed, we are even going to show off 8x NVIDIA A100 80GB 500W GPU performance a part that is not even officially listed by NVIDIA. Let us get to it. Video Version As we have been doing with this series, you can check out a video version here: We always suggest opening the video in a YouTube tab or window for a better viewing experience. Also, we wanted to point out that the way we were able to do this is that we managed to get to stop by Supermicro in June where there were two 8x NVIDIA A100 systems setup. Luckily, we had the ability to check out some of the other interesting items in the lab. A quick thank you to Supermicro for making this happen. Liquid Cooling Methods Overview First, let us get into liquid cooling methods and why we should care. Starting with the why is perhaps the easiest to work through so we are going to start with that. Why Data Center Liquid Cooling is Ine
(read more)
Major social media platforms fail to take down more than 80% of anti-Semitic posts on their platforms, a new report claims. The Center for Countering Digital Hatred (CCDH) said it reported more than 700 posts containing "anti-Jewish hatred", which had collectively been viewed 7.3 million times. The research covered Facebook, Instagram, TikTok, Twitter and YouTube.Facebook was the worst performer, CCDH said, failing to act on 89% of posts. In its report, called "Failure to Act", CCDH accused several of the tech giants of being "safe places to spread racism and propaganda against Jews". One in sixUsing the reporting tools offered by each platform, its researchers collected 714 posts between May and June - examples it claimed "clearly violated" the social media firms' own policies. It said they included Holocaust denial, and conspiracy theories with false claims about Jews "controlling" governments and banks, or orchestrating world events.They were reported through "ordinary user accounts", rather than one identifying itself as involved with the CCDH. "We found that the platforms acted on fewer than one in six reported examples of anti-Semitism," it said. Each social network had a different sample size of the 714 total posts tracked: Facebook acted on 14 out of 129 posts reported to it (10.9%) Twitter removed 15 of 137 (11%) TikTok removed 22 of 119 (18.5%) Instagram acted on 52 of 277 (18.8%) YouTube took down 11 of 52 (21.2%) On average, the CCDH said 84% of the reported posts were not acted upon. Groups and tagsIt also "tagged" the posts it collected as belonging to certain categories, in the judgement of the researchers. It said that those it tagged as Holocaust denial remained online 80% of the time, while for neo-Nazi content it was 71%. CCDH was also critical of some of the companies for allowing discussion forums for anti-Semitic content to exist, despite any action taken on individual posts. On Facebook, it said that Facebook groups from which it sourced many of its sample posts, with titles such as "Exposing the new world order" and "Exposing Zionism", were still active. On Instagram, TikTok, and Twitter, it criticises the allowed use of hashtags such as
(read more)
Hi HN,I’m Marcus, I’m the co-founder of Heimdal together with Erik (www.heimdalccu.com). We remove atmospheric carbon dioxide and trap it in materials that are used to make cement. More CO2 is trapped in our process than is re-emitted in cement production.Concrete is responsible for 8% of global CO2 emissions. Cement is usually made from mined limestone, which is one of the largest natural stores of carbon dioxide. Using that to make cement is a bit like burning oil. The world is addicted to concrete, so this problem is not going away. We make synthetic limestone using atmospheric CO2, such that when it is used to make cement, the process is carbon neutral.We were both master's students in engineering at Oxford University in the UK. I decided to write my dissertation on direct air capture of CO2. While looking through existing solutions it struck me that none were sufficient. They all operated a circular process that left them with gaseous CO2 that needed to be stored somewhere. A circular process is one that uses a sorbent to trap atmospheric CO2 but then re-releases the trapped CO2 as a pure gas stream to regenerate the sorbent for re-use. We don't have enough high-quality cheap stores of CO2 to justify such an approach. Storage must be permanent and safe. We realized that by taking a linear approach, we both make the process of capturing CO2 profitable and avoid the problem of where to store the CO2. We make sorbents for trapping CO2 in the form of mineral carbonates, these compounds are inert and trap CO2 for millions of years. They can also be commercialized as raw materials for making building materials including glass and concrete. In one step we solve three key problems of carbon capture: 1. How to trap CO2 energy efficiently 2. How to store the CO2 3. How to make money while doing all this.Specifically, we use renewable electricity to extract dissolved oceanic CO2 as mineral carbonates of calcium and magnesium by contacting seawater with our proprietary alkaline sorbent. These mineral carbonates are important ingredients in cement as well as other building materials. The undersaturated ocean then re-absorbs an amount of atmospheric CO2 equivalent to
(read more)
Those who pay attention to business news have probably noted an interesting and curious phenomenon over the past few months: China is smashing its internet companies. It started — or at least, most people in the U.S. started noticing it — when the government effectively canceled the IPO of Ant Financial, then dismantled the company. Jack Ma, the founder of Ant and of e-commerce giant Alibaba, was summoned to a meeting with the government and then disappeared for weeks. The government then levied a multi-billion dollar antitrust fine against Alibaba (which is sometimes compared to Amazon), deleted its popular web browser from app stores, and took a bunch of other actions against it. The value of Ma’s business empire has collapsed.But Ma was only the most prominent target. The governme
(read more)
Quoting Wikipedia on the classic social science text, "Exit, Voice, and Loyalty": The basic concept is as follows: members of an organization, whether a business, a nation or any other form of human grouping, have essentially two possible responses when they perceive that the organization is demonstrating a decrease in quality or benefit to the member: they can exit (withdraw from the relationship); or, they can voice (attempt to repair or improve the relationship through communication of the complaint, grievance or proposal for change). For example, the citizens of a country may respond to increasing political repression in two ways: emigrate or protest. Similarly, employees can choose to quit their unpleasant job, or express their concerns in an effort to improve
(read more)
Wed, May 27, 2020There are not a lot of very strong empirical results in the field of programming languages. This is probably because there’s a huge amount of variables to control for, and most of the subjects available to researchers are CS undergraduates. However, I have recently found a result replicated across numerous codebases, which as far as I can tell makes it one of the most robust findings in the field: If you have a very large (millions of lines of code) codebase, written in a memory-unsafe programming language (such as C or C++), you can expect at least 65% of your security vulnerabilities to be caused by memory unsafety. This result has been reproduced across: Android (cite): “Our data shows that issues like use-after-free, double-free, and heap buffer overflows generally constitute more than 65% of High & Critical security bugs in Chrome and Android.” Android’s bluetooth and media components (cite): “Use-after-free (UAF), integer overflows, and out of bounds (OOB) reads/writes comprise 90% of vulnerabilities with OOB being the most common.” iOS and macOS (cite): “Across the entirety of iOS 12 Apple has fixed 261 CVEs, 173 of which wer
(read more)
Space advice — Vice President Kamala Harris to host first National Space Council meeting this fall. Enlarge / Chirag Parikh, then-Microsoft Azure Space lead at Microsoft Corp., speaks during a discussion at the Satellite 2020 Conference in Washington, DC.Andrew Harrer/Bloomberg via Getty ImagesOn Monday morning, the White House named Chirag Parikh as executive secretary of the National Space Council. This is a key position within the space policy firmament of Washington, DC, as Parikh will have responsibility for suggesting and implementing executive space policy across the domains of military, civil, and commercial space. With the announcement, the White House also said that Vice President Kamala Harris, who will serve as chair of the National Space Council, will host the first meeting of the council this "fall." In background information provided about the announcement, the White House cited several top priorities for the space council, including climate change and advancing "peaceful" exploration programs with allies and partners. However, the first objective listed was, "Support sustainable development of commercial space activity." This signals that the Biden White House is likely to continue the pro-commercial trend furthered by the previous space council, which was led by Vice President Mike Pence and featured Scott Pace serving as executive secretary. Under their leadership, the Trump administration sought to bolster the US commercial space industry, seeing it as an important advantage over China and its increasing focus on space a
(read more)
Over the last few years, I've worked on open-source distributed systems in Go at Google. As a result, I've thought a lot about dependency management, systems configuration, programming languages, and compilers.Again and again, I saw the same fundamental data structure underpinning these technologies: the directed acyclic graph. The most frustrating part was modeling graph-based configuration in languages that optimized for hierarchical data structures. That's why I created Virgo.Virgo is a graph-based configuration language. It has two main features: edge definitions and vertex definitions. The vgo configuration file then parses into an adjacency list. You can achieve similar results by adding additional conventions and restrictions on YAML or JSON. Much like YAML optimized for human readability, Virgo optimizes natural graph readability, editability, and representation. // config.vgo a -> b, c, d -> e <- f, gA graphical representation of the Virgo graphVirgo is open to proposals and language changes. Please open up an issue to start a discussion at https://github.com/r2d4/virgo.Graphs are everywhere in configuration management. One graph that engineers may be familiar with is the Makefile target graph. The make tool topologically sorts the targets that it resolves, which lets it build the files in order. Virgo's CLI or Go library allows developers to replicate this feature easily.clean -> parser, lexer -> "src files" -> test parser = `goyacc parser.y` lexer = `golex lex.l
(read more)
In the October 1999 Communications of the ACM Lutz Prechelt had an interesting article entitled Comparing Java vs. C/C++ Efficiency Issues to Interpersonal Issues which asked 38 programmers to implement versions of a program in C, C++, or Java. The conclusions showed that Java was 3 or 4 times slower than C or C++, but that the variance between programmers was larger than the variance between languages, suggesting that one might want to spend more time on training programmers rather than arguing over language choice. (Or, suggesting that you should hire the good programmers and avoid the
(read more)
Machine Learning Operations (MLOps) has come to be an important push for enterprises in 2021 and beyond – and there are clear reasons why this paradigm shift in Enterprise AI is upon us. Most enterprises who have begun data science and machine learning programs over the last several years have had difficulties putting even their promising machine learning models and proof of concept exercises into action, by deploying them meaningfully in production environments. I use the term “meaningfully” here, because the nuances around deployment make all the difference and form the soul of th
(read more)
In late June of 2021, GitHub launched a ‘technical preview’ of what they termed GitHub Copilot, described as an ‘AI pair programmer which helps you write better code’. Quite predictably, responses to this announcement varied from glee at the glorious arrival of our code-generating AI overlords, to dismay and predictions of doom and gloom as before long companies would be firing software developers en-masse. As is usually the case with such controversial topics, neither of these extremes are even remotely close to the truth. In fact, the OpenAI Codex machine learning model whic
(read more)
This project keeps the Linux Kernel Module Programming Guide reasonably up to date, with working examples for recent 5.x kernel versions. The guide has been around since 2001 and most copies of it on the web only describe old 2.6.x kernels. The book can be freely accessed via https://sysprog21.github.io/lkmpg/ The original guide may be found at Linux Documentation Project. License The Linux Kernel Module Programming Guide is a free book; you may reproduce and/or modify it under the terms of the Open Software License. Use of this work is governed by a copyleft license that can be found in the LICENSE file. The complementary sample code is licensed under GNU GPL version 2, as same as Linux kernel.
(read more)
In an effort to take advantage of an old Rodenstock newspaper enlargement lens that was only being used as a paperweight, photographer Tim Hamilton has constructed an enormous “ultra-large-format” projection camera that he has used to capture unique photos and videos. Hamilton says that the reason he built the device was to make use of the old enlargement lens that he had in his possession. “Before I got the lens, it was being used as a paperweight, and the old photojournalists who worked at the newspaper before the digital transition were saddened by that. So someone handed it to me,” he says. “They are fairly rare and expensive lenses and it’s been begging to be made into a camera.” Hamilton says that the lens he has is a Rodenstock 600mm f/9 APO-Ronar, which in good
(read more)
Photo: Craig F. Walker/The Boston Globe via Getty Images On Thursday night, with the equivalent of a five-alarm siren, the Washington Post and New York Times, along with other media outlets, blared the major bullet points of an internal CDC slide presentation explaining a recent shift in mask guidance: The Delta variant was “as contagious as chicken pox,” according to the presentation, and “may be spread by vaccinated people as easily as the unvaccinated,” as the Times put it. “The war has changed,” the presentation declared, and public-health officials needed to acknowledge it. To those who’d bee
(read more)
Background Note: I’ve started writing this article about one year ago (September 2020), but I dropped it at some point. Its final version is way less ambitious than my original plans for it, mostly because I forgot some of things that were on mind back then. Still, better than nothing. A long time ago (in 2011) I wrote about my frustrations with Linux that led me to abandon the OS after having spent quite a lot of time on it. After this article I made one failed attempt to convert to Windows and eventually I settled on macOS for almost a decade. While I was reasonably happy with macOS for most of the time, it never felt like home and I kept longing to revisit Linux. I was also missing having a custom-built desktop PC for a while, so I was very tempted to get one and run Linux on
(read more)
Paragon Software, in response to a nudge from Linux Torvalds, said it will submit a pull request for its NTFS driver for Linux. The process of submitting a read-write NTFS driver for Linux was initiated by Paragon nearly a year ago, when it ran into complaints that its 27,000 line patch was too big to review. Paragon resubmitted the code in more manageable chunks, but its less than complete understanding of the Linux kernel development process apparently continued, with Torvalds stepping in last month to point out that it was not enough to post the code to the fsdevel list – at some point the code would actually have to be submitted as a pull request. It is too late for version 5.14 of the kernel, for which rc4 has just been released, but potentially could be included in version
(read more)
The Bike Shed August 15, 2012Volume 10, issue 8   PDF Quality happens only when someone is responsible for it. Poul-Henning Kamp Thirteen years ago, Eric Raymond's book The Cathedral and the Bazaar (O'Reilly Media, 2001) redefined our vocabulary and all but promised an end to the waterfall model and big software companies, thanks to the new grass-roots open source software development movement. I found the book thought provoking, but it did not convince me. On the other hand, being deeply involved in open source, I couldn't help but think that it would be nice if he was right. The book I brought to the beach house this summer is also thought provoking, much more so than Raymond's (which it even mentions rather positively): Frederick P. Brooks's The Design of Design (Addiso
(read more)
%PDF-1.2 %���� 2 0 obj << /Length 4723 /Filter /FlateDecode >> stream H��W�n��}�W  n�����^mv��`�"��鑸�^4�|}NU�6��1$��Y]]u�ԩv����7�fwxǛ�D. �ٸ( R��_���Wo~��6�wū;������mku��]�����w��_��x�kz�����m��m$��l� �`�G��д}~_Ve�Lf���|[����۪Oe�HFRu#���ܱ�7?Y�:�q�� ��Z8v�N���,'��=��?t�>�6��b�ql`���W�T�óx�OC�_�F�>w�?v���Ǻ|�m'�û�㑩]�6u�\:���i��F��Ͼ9Ƴ5U�<��o8���ms��yK��!�i*q�t�Տ�?S�������� ��?�����fw��}��A�k؍ � #���ʜ��U
(read more)
Resources Download Source CodeSummary # Terminal rails new template --skip-javascript bin/rails g scaffold products name color "price:decimal{8,2}" sku bundle add faker bundle add hotwire-rails bin/rails hotwire:install# db/seeds.rb 100.times do Product.create( name: Faker::Lorem.word, color: Faker::Color.hex_color, price: Faker::Commerce.price, sku: Faker::Number.number(10) ) end# views/products/index.html.erb <% @products.each do |product| %> <%= content_tag :tr, id: dom_id(product) do %> <%= product.name %> <%= product.color %> <%= product.price %> <%= product.sku %> <%= link_to 'Show', product %> <%= link_to 'Edit', edit_product_path(product) %> <%= link_to 'Destroy', product, data: { "turbo-method": :d
(read more)
To combat thieves, Home Depot is introducing power tools that won't work if they're stolen. Home Depot executive Scott Glenn spoke to Insider about the company's efforts to stymie shoplifters. He said the goal is to stop thieves without looking like an "armed encampment." Loading Something is loading.
(read more)
Security specialist Armis has discovered vulnerabilities, collectively dubbed PwnedPiper, in pneumatic tube control systems used in thousands of hospitals worldwide – including 80 per cent of the major hospitals found in the US. The researcher spotted the PwnedPiper vulnerabilities in Swisslog's Nexus stations for its Translogic Pneumatic Tube System (PTS) product – a connected control system for the delivery tubes which send medicines, samples, blood products, and paperwork whizzing around a hospital. The vulnerabilities have not been exploited in the wild, Armis added. The systems include hardcoded passwords for both user and administrative accounts which can be accessed over an unencrypted Telnet connection – enabled by default, with no way for an end user to disable it, Armis sa
(read more)
2 What are you doing this week? ☶ ask programming authored by caius 1 hour ago | 2 comments What are you doing this week? Feel free to share! Keep in mind it’s OK to do nothing at all, too. caius 1 hour ago | link Holiday. 😄 Bl
(read more)
Shoplifting is a major problem for many brick-and-mortar retail stores, and it seems that stealing and then selling power tools is a lucrative enterprise for some criminals. To combat this, Home Depot is starting to sell power tools that will not work unless they are activated at the checkout counter. According to a 2020 survey in the US, “organized retail crime” cost retailers $719,548 per $1 billion dollars in revenue. One thief was recently arrested after stealing more than $17,000 worth of power tools from Home Depot. While many stores put high value items in locked display cases, Home Depot felt that this tactic would negatively affect sales, so they partnered with suppliers to add an internal kill switch. Although persist
(read more)
This project aims to simplify creation of basic Arduino programs by just editing a UI on Android. Instead of the usual Arduino development cycle: You have just to create your program via the Android UI and send it Arduino via Serial. In order to make the setup work you have to do two things Build and deploy the generic program to your Arduino board in order to do that Include the ArdUI.zip (./arduino-library/generated/c/ArdUI.zip) library (You can include the Library zip can in Arduino IDE via: Sketch -> Include Library -> Add .ZIP Library.) Upload GenericProgram.ino to your Arduino board. That's it! All subsequent changes to the Arduino Program can be done with Android UI now. Technical details Below is a technical description for whats happening under the hood The workflow go as described here a Protobuf file is used to describe the serialization/deserialization of data between Kotlin objects, byte streams and C structures. the Protbuf file used here to describe the data format is located at ./proto/common.proto The Android application allows to create a program in UI which is translated to data classes generated by the Protobuf generator. This data is serialized and sent to Arduino via the Serial. The C program in Arduino deserializes the received bytes and construct the set of instructions to run. The fact that Protobuf is supported for an array of languages allowed us to write programs in Kotlin (for Android), C (for Arduino) and JS (for a NodeJS app) Web interface A NodeJS application is provided too in case you don't have access to an Android phone. The interface is pretty simple and basic; you have 2 text fields: For set
(read more)
→ Listen to this story on Racket.“You just learn one thing, and that’s the browser,” quipped Bill Gates while showcasing the then-upcoming Windows 98.The empire that Microsoft had built piecemeal—software languages here, DOS and Windows there, Office and a software ecosystem tying it all together—was suddenly threatened by the web. The earliest web apps promised you could run anything, anywhere. A browser, not the latest operating system, was all you’d need.Ignoring the web wasn’t possible. Microsoft’s infamous Embrace, Extend, Extinguish philosophy would have to work instead.So they acquired Hotmail, one of the first web apps, and built the web so deeply into Windows 98 the US Government would accuse Microsoft of using Internet Explore to maintain a monopoly.Gates correctly recognized that browsers were the last app we’d learn how to use, that so much of the software to come would be browser-based SaaS.Yet somehow, it seems unlikely he’d have imagined that decades later, a browser would be all you’d need to run Windows 98—or at least a facsimile its most memorable features.Rebuilding the past.We run everything in the browser today: Slack, and Figma, and Superhuman, and Airtable, and Google Docs, and so many of the other tools that make today’s work happen.So why not run Windows in the browser, too?That was—in part—the idea that got ctrlz and their fellow students to painstakingly recreate the Windows of the ’90’s in the browser with Windows 96. It’s a passion project that lets you relive some of your formative computing memories—and it started with a chance encounter.“Back around
(read more)
Where I currently work we are all in on event-driven architecture. For our DLQs, we have alerts on when the queue is growing in size or if messages are in the queue too long. When those alerts come in, we manually move the messages back to the normal queue for reprocessing and if they get DLQed again after that we will look into the reason it is failing.One of the benefits of this architecture for us is the ability to easily share information between services. We utilize SNS and SQS for a pub/sub architecture so if we need to expose more information we can just publish another type of message to the topic or if we need to consume some information then we can just listen to the relevant topic.There are two big issues that I've run into while at this company. One is tracking down where events are coming from can be a big pain, especially as we are replacing services but keeping message formats the same. The other big issue is setting up lower environments (dev,qa,etc) can be difficult because you pretty much need the entire ecosystem in order for the environment to be usable, which requires buy-in from all teams in the organization I guess it's still harder to track down event emitters, but have you tried using bitbucket or GitHub code search to search all of your repos at once? Yea, I have use GitHub search in a pinch and sometimes it is helpful enough to show me exactly where to look. Unfortunately, though, there are several events we emit that are many layers of string concatenation, so GitHub search may narrow it down to 4 or so places and I have to manually go from there. "Everything looks like a red thumb when you're holding a golden hammer."Events are a part of a greater whole. It's a tool that you can use to solve certain data flows, but not all data flows. When you start taking more liberty with the word "eventually," you are almost certainly in a realm where ev
(read more)
The most highly valued Leonardo Codex of the last few years, whose original was purchased in 1994 by Bill Gates for $ 30,000,000 This work faithfully reproduces the original codex. The English translation is reproduced together with the original text, making it suitable not only for scientific study and research, but also for immediate consultation. The leicester codex, also known as the "Hammer" codex from the name of the american millionaire who owned it before Bill Gates, was compiled between 1506 and 1513, during the period when Leonardo was dividing his time between short stays in Florence and returning to Milan, this time under the protection of the French king, Louis Xii. Unlike the other manuscripts where the subject changes on each page according to Leonardo's mood or his innumerable interests, this codex is almost totally dedicated to an in-depth study of a sole theme: the study of water. Currents, whirlpools, waves, heads, canals, banks, locks, dams, tunnels, projects for docks, for land reclamation, [...]
(read more)
NHS England has missed the latest deadline in the procurement of a £200m replacement ERP system responsible for managing the UK's annual health spending of £110bn and is now more than two years late. The migration of the Oracle financial management system to a cloud-based ERP system, which is now judged a "red" risk, according to the government's own Infrastructure and Projects Authority, was supposed to see tender documents published by the end of July. Delays had already forced the government to spend £59.2m on a contract extension for its existing system as it ran out of road with the procurement and implementation of a replacement. The Integrated Single Financial Environment (ISFE) is currently provided through NHS Share Business Services, a joint venture between the Department of Health and Social Care (DHSC) and French IT services company Sopra Steria. The contract with the supplier was set to end in April 2021. In the tender notice for the contract extension, NHS England said the "current timeline assumes that the tender for the replacement ISFE system will go live toward July of 2021." No such tender documents have appeared and NHS England has stonewalled The Register's requests for further information for more than a week. "The ISFE re-procurement project is a large and complex project which will deliver a replacement for the current service," the document said. "During the planning stages for the reprocurement, it was identified that short term uncertainties regarding Group structure posed significant challenge to finalising a tender specification during 2019 with a review to implementing a replacement service by April 2021. The outbreak of the COVID-19 pandemic has meant that the project team and other key colleagues have had to focus their resource on keeping critical business processes running and work on the procurement of the new contract has inevitably been delayed." But the project was already running more than one year late before the pandemic hit. In 2018, a prior information notice, designed to gather intelligence from suppliers before the formal competition started, priced the project at £200m and
(read more)
A large blaze at Victoria’s “big battery” project has been brought under control by firefighters after burning for more than three days, allowing investigators to begin examining the site.A Tesla battery bank caught fire while it was being set up in Moorabool on Friday morning, and then spread to a second battery.The fire burned throughout the weekend and into a fourth day, before it was declared under control just after 3pm on Monday.Fire crews will remain at the site for the next 24 hours “as a precaution in case of reignition” and will take temperature readings every two hours, the Country Fire Authority said.Investigations into how the fire started will soon begin with multiple agencies involved, including Energy Safe Victoria, WorkSafe, police and the CFA.The 300MW battery project is being produced by French renewable energy giant Neoen and was registered with the energy market operator on 28 July.Neoen Australia managing director Louis de Sambucy told AAP its own “physical inspections and investigations are now underway”.CFA incident controller Ian Beswicke said the fire had been particularly challenging due to the complex nature of the battery site. Sign up to receive an email with the top stories from Guardian Australia every morning Sign up to receive the top stories from Guardian Australia every morning“This is the first mega pack fire that’s ever happened in the world, is our understanding,” he said.“They are difficult to fight because you can’t put water on the mega packs … all that does is extend the length of time that the fire burns for.”Firefighters have taken advice from experts including Tesla, the battery’s creators, and UGL, who are installing the battery packs.“The recommended process is you cool everything around it so the fire can’t spread and you let it burn out,” Beswicke said.The site is slated to become the biggest battery in the southern hemisphere and forms part of a state government push to transition to renewable energy.But the fire has sparked calls for the government to conduct its own probe into what happened before pressing forward.“If Labor’s renewable energy solutions go up in flames
(read more)
FREEAccount InformationConnect to more than 1,000 banks in Europe and access banking dataGreat coverageWe provide connections to 1,000 banks in Europe. Live across 31 countries, including EU and UK.Fast & powerfulWe’re connected to PSD2 bank APIs. Service uptime and data quality ensured by European banks.Totally freeOur Account Information service is completely free of charge. No usage fees or commitments.Get bank data with consent using real bank APIsAccess account holder’s name, bank account numbers, transactions and account balances. For personal and business accounts.View API documenta
(read more)
Column There is much that people of breeding and taste can and should despise in gaming. Some of it comes from the angry undertow of sullen boyish aggression that pervades the over-muscled, over-weaponised first-person-shooter end of the market, where it is impossible to pick up the controller without hearing your mother tell you to tidy your room. Then there's the regrettable aesthetics of the custom gaming PC sector, a curious amalgam of macho metal vibe and sugar-rush amphetamine-acid LED colour cycling. Then there's the more-grunt-is-more-better vibe. For anyone of ZX Spectrum vintage whe
(read more)
One of the goals of the Psycopg 3 project is to make easy to port code developed from Psycopg 2. For this reason the creation of a Django backend (the module you specify in the settings as your database ENGINE) was a project with a double goal: A Django driver is a way to make Psycopg 3 useful from the start, with the possibility of dropping it in a project transparently and have available, when needed the new features offered (for instance the superior COPY support). The difficulty of introducing Psycopg 3 in the Django codebase and the type of changes required are indicative of the type of problems that could be found porting other projects. ...and it's done! A few days ago, the new Psycopg 3 Django backend could pass the entire Django test suite! The implementation of the Django backend actually started several months ago, but it can be seen, from the test progression above, that its development had been suspended for several months. The problem, in the first attempts, was that too much of the Django code was in need of being adapted: this was a sign that the changes needed to use the new adapter were too invasive and that the same type of difficulties would have been met by everyone trying to replace Psycopg 2 with Psycopg 3. Back to the design board then, but hopefully the resulting adapter will behave mostly as you might expect and will not force users to change every query in their program (which would have been a deal breaker for most non-trivial projects). The backend cannot be used with the current Django version: a few modifications to the Django codebase are needed in order to use it. These changes will be proposed to the Django project: if the Django maintainer will accept them, the driver should be usable starting from one of the next Django releases. The aim of this article is to take a look at some of these modifications, to understand where the behaviour of Psycopg 3 diverges from its well known predecessor and how to work around the differences. Server-side parameters binding Many of these changes are the consequence of using server-side binding for the query parameters (using the libpq PQexecParams() function), instead of merging the arguments to the query on the client-side and using the simpler PQexec() function. In the PQexec() case, the Postgres query parser has access to the l
(read more)
This post is a summary of content from papers covering the topic, it's mostly quotes from the papers from 1983, 1993 and 1997 with some edition, references to the present and future depend on the paper but should be easy to deduce. See the Sources section at the end. Introduction In 1981, the emergence of the government-industry project in Japan known as Fifth Generation Computer Systems (FGCS) was unexpected and dramatic. The Ministry of International Trade and Industry (MITI) and some of its scientists at Electrotechnical Laboratory (ETL) planned a project of remarkable scope, projecting both technical daring and major impact upon the economy and society. This project captured the imagination of the Japanese people (e.g. a book in Japanese by Junichiro Uemae recounting its birth was titled The Japanese Dream). It also captured the attention of the governments and computer industries of the USA and Europe, who were already wary of Japanese takeovers of important industries. A book by Feigenbaum and McCorduck, The Fifth Generation, was a widely-read manifestation of this concern. The Japanese plan was grand but it was unrealistic, and was immediately seen to be so by the MITI planners and ETL scientists who took charge of the project. A revised planning document was issued in May 1982 that set more realistic objectives for the Fifth Generation Project. Previous Four Generations First generation: ENIAC, invented in 1946, and others that used vacuum tubes. Second generation: IBM 1401, introduced in 1959, and others that used transistors. Third generation: IBM S/360, introduced in 1964, and others that used integrated circuits. Fourth generation: IBM E Series, introduced
(read more)
The first time I opened Peter Singer’s “Animal Liberation,” I was dining alone at the Palm, trying to enjoy a rib-eye steak cooked medium-rare. If this sounds like a good recipe for cognitive dissonance (if not indigestion), that was sort of the idea. Preposterous as it might seem, to supporters of animal rights, what I was doing was tantamount to reading “Uncle Tom’s Cabin” on a plantation in the Deep South in 1852. Singer and the swelling ranks of his followers ask us to imagine a future in which people will look back on my meal, and this steakhouse, as relics of an equally backward age. Eating animals, wearing animals, experimenting on animals, killing animals for sport: all these practices, so resolutely normal to us, will be seen as the barbarities they are, and we will come to view “speciesism”–a neologism I had encountered before only in jokes–as a form of discrimination as indefensible as racism or anti-Semitism. Even in 1975, when “Animal Liberation” was first published, Singer, an Australian philosopher now teaching at Princeton, was confident that he had the wind of history at his back. The recent civil rights past was prologue, as one liberation movement followed on the heels of another. Slowly but surely, the white man’s circle of moral consideration was expanded to admit first blacks, then women, then homosexuals. In each case, a group once thought to be so different from the prevailing “we” as to be unde
(read more)
Happiness Engineer As a Happiness Engineer, you love helping people. Transforming publishing on the web is no small task. Our goal is to build relationships based on trust, resulting in happy, passionate, loyal customers and colleagues. We do this by listening to our customers’ needs and guiding them to the fullest use of the products we offer. We are looking for people with the right mix of compassion, writing skills, and technical knowledge to get the job done. Are you interested in learning more about how our team works? Check out what Happiness Engineers have to say about their work. In general, a typical day involves: Being an active member of a global team that provides 24/7 support via live chat, tickets, one-on-one screen share sessions, and forums.  Helping people use Automattic’s products, including WordPress.com, WooCommerce, Jetpack, Tumblr, and more. Troubleshooting, investigating, and creating detailed bug reports. Building a community of support by sharing knowledge and helping team members around the world. Being a Happiness Engineer requires: Mid to high proficiency with WordPress, HTML, and CSS. Experience providing technical support to customers, particularly via live chat, tickets, telephone, or forums. Excellent written and communication skills, with a knack for taking technical language and making it understandable for the general public. A passion for solving challenging problems and proposing elegant solutions. Solid ability to identify and accurately document technical issues. An intense intellectual curiosity and an eagerness to share knowledge with others. Patience, grace, and a sense of humor. Happiness Engineers must be fluent and eloquent in written English. If you know additional languages, please be sure to tell us. An ideal candidate: Has created three or more WordPress websites. Has experience installing and configuring WordPress plugins and themes. Is adept at troubleshooting technical issues. Has experience creating bug reports. Has experience providing technical support to customers via telephone, tickets, live chat, or forums. HOW TO APPLY Write a cover letter to let us know what you can contribute to the team. Proofread! Make sure you spell and capitalize WordPress and Automattic correctly. Please upload your cover letter and resume as PDFs.Also, in your cover letter, you must respond to one of the following prompts: Tell us about a recent experience you had with technical support. What went well? What would you do differently (if anything)? Tell us three interesting facts you'd share over a meal at the Grand Meetup. Tell us about a recent technical problem you encountered and how you resolved it. Note: Applications that are not complete or that fail to follow directions in this job ad will not be considered. About Automattic We are the people behind WordPress.com, WooCommerce, Jetpack, Tumblr, Simplenote, Longreads, Day One, and more. We believe in making the web a better place. We’re a distributed company with more than 1400 Automatticians in 80+ countries speaking 90+ different languages. We democratize publishing and commerce so anyone with a story can tell it, and anyone wit
(read more)
Who, Me? Welcome to another edition of Who, Me? where this week a typo manages to send a hub of rampant capitalism into meltdown. Our story takes us back a few decades and concerns an adventurous time in network support. "Mort" – for that is not his name – was working for a well-known stock exchange, the network of which was running on Cisco gear. The cards, he recalled, cost $50k each and the whole shebang could probably be replaced by a single unit nowadays. But back then this was top-end stuff – nothing but the best would do for the nation's traders. There was, however, a problem. Packets were being lost, resulting in delayed or lost trades. "When I think of traits that traders possess in abundance, tolerance is not one of them," Mort told us. "Neither is patience, so as you can imagine the pressure on the network team to resolve the issue was intense." Those Ferraris weren't going to service themselves, and one lost packet could mean a world of difference in the quality of Champagne purchased at bonus time. The support team struggled in vain to recreate the problem in the lab, and with pressure mounting, Mort decided the only way to get to the bottom of matters was to plug into the network and diagnose the problem live. "Anyone who's ever worked on Cisco IOS (Internetwork Operating System, they beat Apple to the acronym by well over a decade) knows that debugging is a minefield as some commands can cause serious impact to the system," he said. It's true. A glance at an example of Cisco's documentation shows it festooned with warnings designed to deter all but the most determined and (ideally) competent of users. Debug output spewed over the console could make typing a command difficult, and the wrong debug command could easily take down a router. That said, it was also pretty straightforward. The syntax was debug followed by whatever was needed. The output could then be captured, and the command backed out by prefixing it with un. "More often," explained Morty, "you'd just use 'undebug all' to turn it all off." Somebody is destined for somewhere hot, and definitely not Coventry How to keep your enterprise up to date by deploying the very latest malware Ah, I see you found my PowerShell script called 'SiteReview' – that does not mean what you think it means One good deed leads to a storm in an Exchange Server The opposite command was the most dangerous of all: "You never, ever ran debug all unless you wanted to demonstrate how quickly you could take out your network." Cisco had yet to add any "Are you sure?"-type prompts, doubtless assuming the operators of its hardware knew what they were doing. Instead, "if you typed it in it would salute, shout 'sir yes sir!' and then obediently jump off a cliff, similar to 'rm -rf /' on a *nix box." You can probably see where this is going. Our hero was careful – very careful – and had taken great pains in his planning. However, after a very limited set of packet captures, he was having problems getting the data and grew concerned that he might adversely affect the network. So he issued undebug all. All hell broke loose. Text whizzed
(read more)
Not only did Valve announce Steam Deck in July but the overall Linux gaming marketshare according to the Steam Survey also hit a multi-year high. According to the Steam Survey numbers out today for July 2021, Steam on Linux hit a 1.0% marketshare, or a +0.14% increase over the month prior. This is the highest we have seen the Steam on Linux marketshare in a number of years and well off the lows prior to introducing Steam Play (Proton) since which point there has been the gradual increase in marketshare. Back when Steam on Linux first debuted there was around a 2% marketshare for Linux before gradually declining. Back when Steam first debuted for Linux, the overall Steam customer base was
(read more)
In a recent HN thread I came across the following comment: For tech-heavy programming/operations how-to or bugfix content, Stack Overflow killed those for me. I can absolutely relate to this. There are many things I didn’t write about because a complete SO answer, with several alternatives, already existed. But I’ve realized that there is room for technical content that describes solutions based on experience with tools or with a very specific use-case. This type of content is not for the same target audience as SO. It’s for a more experienced dev who is looking to solve a very specific issue. The more experienced dev is less likely to post the question in the fir
(read more)
Colour palettes are a mystery in and of itself. Fluent Design, Material Design, Tailwind or even Bootstrap have them, and the colours have colour labels. I always wondered where these numbers are coming from until I recently had enlightenment. All palettes follow the same order from lighter to darker colours, with the regular colour somewhere in the middle range. Here are some examples of the most popular Frameworks. Material Colour System Bootstrap Colour System Tailswind Colour System Origins of the values of the numbers As far as I know, the first design system that introduces the numbers attached to the colours was Material Design. For a long time, I wondered where these values co
(read more)
Guido van RossumSep 2, 2019·1 min readMy series of blog posts about PEG parsing keeps expanding. Instead of updating each part to link to all other parts, here’s the table of content:PEG ParsersBuilding a PEG ParserGenerating a PEG ParserVisualizing PEG ParsingLeft-recursive PEG GrammarsAdding Actions to a PEG GrammarA Meta-Grammar for PEG ParsersImplementing PEG FeaturesPEG at the Core Developer SprintA video of a talk I gave about this topic at North Bay Python is up on YouTube: Writing a PEG parser for fun and profitUpdate: April 2, 2020. In case you are wondering what’s happening, we now have PEP 617 up, which proposes to replace the current parser in CPython with a PEG-based parser
(read more)
In the [previous post I talked about how to generate input strings from any given context-free grammar. While that algorithm is quite useful for fuzzing, one of the problems with that algorithm is that the strings produced from that grammar is skewed toward shallow strings. For example, consider this grammar: Important: Pyodide takes time to initialize. Initialization completion is indicated by a red border around Run all button. To generate inputs, let us load the limit fuzzer from the previous post. The Fuzzer The generated strings (which generate random integers) are as follows As you can see, there are more single
(read more)
We love seeing old technology brought back to life, especially when it’s done in the context of how the device was originally intended to be used. And double points when it’s space gear, like what [Curious Marc] and his usual merry band of cohorts did when they managed to light up a couple of real Apollo DSKY displays. The “Display and Keyboard” formed the human interface to the Apollo Guidance Computer, the purpose-built machine that allowed Apollo missions to fly to the Moon, land safely, and return to Earth. Complete DSKYs are hard to come by, but a lucky collector named [Marcel] was able to score a pair of the electroluminescent panels, one a prototype and one
(read more)