Almost exactly one year ago I wrote the first commit for
rules_xcodeproj. Like a lot of software engineers, I’m pretty
bad at estimating, and thought that I would be able to finish 1.0 in 2 to 4
months 😅. The longer development cycle was a result of an increased scope and
level of quality that I came to expect for a proper 1.0 release. Over the course
of the year, I believe the project has risen to meet my expectations, and today
I’m happy to announce the release of version 1.0 of
rules_xcodeproj!The road to 1.0The road to 1.0 has been an incredible journey. Early in the development cycle
Spotify, Robinhood, and Slack engineers became adopters and contributors;
without their help I wouldn’t be writing this blog post today 🙏.
JP became a vocal champion of rules_xcodeproj after
integrating it with the SwiftLint and Envoy Mobile projects. During BazelCon
2022 the project got a couple shout-outs, including during
Erik’s wonderful talk. And I’m also
incredibly grateful th
(read more)
Australian government doxxed citizens who criticized illegal 'Robodebt' scheme
The Register - Tue Feb 7 11:57
Asia In Brief Australia's government deliberately released personal information on citizens who protested a welfare payment debt recovery scheme that was linked to multiple suicides and later found to have no legal basis.
"Robodebt" – as the scheme came to be known – calculated that hundreds of thousands of welfare recipients had been overpaid, and ordered them to repay the government. But the calculations used to determine the "debts" were flawed and the "debts" did not exist. Yet the scheme placed the onus of proof on welfare recipients, causing great distress.
Some people who received debt notices therefore protested the scheme, and their efforts attracted considerable media coverage.
The government of the day argued some of those protestors' accounts were not accurate, so released their personal information to media to "correct the record."
Alan Tudge, the minister responsible at the time of the releases, last week told [PDF] a Royal Commission into the scheme that six or seven citizens' data was released to media.
Tudge said it was not his intention that the release of personal information would be perceived as intimidating by others who believed their debts were incorrectly calculated.
The scheme eventually collapsed after it was found to be illegal, and repaid debts were returned by Australia's government – at a cost exceeding the expected returns from the scheme.
The Royal Commission continues.
– Simon Sharwood
India is the new China for Apple
Apple plans "a lot of emphasis" on India in the near future, CEO Tim Cook told investors on last week's earnings call to discuss the iGiant's Q1 2023 financial results.
"Looking at the business in India, we set a quarterly revenue record and grew very strong double digits year over year," Cook said.
"India is a hugely exciting market for us and is a major focus. We brought the online store there in 2020. We will soon bring Apple retail there."
"We're putting a lot of emphasis on the market."
Cook said Apple has worked on financing options and trade-ins "to make products more affordable and give people more options to buy" – important initiatives as t
(read more)
Nothing compares more to the sense of power UNIX sysadmin experiences when being able to print from a command line on its UNIX system :p
I kinda omitted this topic (printing) for quite a lot of time – when I was using FreeBSD in the corporate environment I still printed from Windows VM on a network printers. Then they forced me to use Windows anyway. At home my wife always had a printer configured (as she uses it more) and the other printer also had USB port – so you could just copy the PDF or JPG file to a USB pendrive – attach it the printer and hit print button for the selected files. No configuration needed.
I was also disappointed when I tried several years ago to configure USB printer on FreeBSD … and failed.
Recently I though that its about fucking time to dig into that topic and have at least one working printer on FreeBSD.
This guide will focus on using two printers with CUPS on FreeBSD:
HP Color LaserJet 200 M251nw Printer (attached over TCP/IP network)
Samsung Black/White ML-1915 Printer (local USB attached)
There will be two different prompt types used for the commands:
starting with % for commands that can be executed as regular user or root
starting with # for commands that must be executed as root user
The Table of Contents for this article is shown below.
CUPS Packages and Service Configuration
Network Printer – HP M251nw
Try to Print Some Document
USB Printer – Samsung ML-1915
Choose Default Printer
CUPS Printers Config
Command Line Printing
Last Chance Fancy Pants
Summary
There are only three pkg(8) packages needed for my printers – these are:
# pkg install cups cups-filters splix
We will also need to add some lines to the /etc/devfs.rules file.
These lines are important for printing with CUPS:
add path 'lpt*' mode 0660 group cups
add path 'ulpt*' mode 0660 group cups
add path 'unlpt*' mode 0660 group cups
The rest of the config is just the rest of my desktop config and can be omitted for printing.
The entire /etc/devfs.rules file looks as follows.
% cat /etc/devfs.rules
[desktop=10]
add path 'lpt*' mode 0660 group cups
add path 'ulpt*' mode 0660 group cups
add path 'unlpt*' mode 0660 group cups
add path 'acd*' mode 0660 group operator
add path 'cd*' mode 0660 group operator
add path 'da*' mode 0660 group operator
add path 'pass*' mode 0660 group operator
add path 'xpt*' mode 0660 group operator
add path 'fd*' mode 0660 group operator
add path 'md*' mode 0660 group operator
add path 'uscanner*' mode 0660 group operator
add path 'ugen*' mode 0660 group operator
add path 'usb/*' mode 0660 group operator
add path 'video*' mode 0660 group operator
add path 'cuse*' mode 0660 group operator
We will also need to add devfs_system_ruleset=desktop to the /etc/rc.conf file.
% grep desktop /etc/rc.conf
devfs_system_ruleset=desktop
Now we need to restart the devfs daemon to read new config.
# service devfs restart
We can also make sure that devfs(8) know our ruleset config.
# devfs rule -s 10 show | column -t
100 path acd* group operator mode 660
200 path cd* group operator mode 660
300 path da* group operator mode 660
400 path pass* group operator mode 660
500 path xpt* group operator mode 660
600 path fd* group operator mode 660
700 path md* group operator mode 660
800 path uscanner* group operator mode 660
900 path lpt* group cups mode 660
1000 path ulpt* group cups mode 660
1100 path unlpt* group cups mode 660
1200 path ugen* group operator mode 660
1300 path usb/* group operator mode 660
1400 path video* group operator mode 660
1500 path cuse* group operator mode 660
The column(1) is not needed here – I used it only to format the output.
What amaze me to this day that column(1) command is still not available on such enterprise (and overpriced also) IBM AIX system 🙂
Here are the contents of fresh CUPS installation at /usr/local/etc/cups dir.
# tree -F --dirsfirst /usr/local/etc/cups
/usr/local/etc/cups
├── ppd/
├── ssl/
├── cups-files.conf
├── cups-files.conf.sample
├── cupsd.conf
├── cupsd.conf.sample
├── snmp.conf
└── snmp.conf.sample
3 directories, 6 files
You will need to add cupsd_enable=YES to the /etc/rc.conf file.
% grep cups /etc/rc.conf
cupsd_enable=YES
Make sure that cupsd service is started and running.
# service cupsd start
Starting cupsd.
# service cupsd status
cupsd is running as pid 44515.
# sockstat -l4 | grep -e ADDRESS -e 631
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
root cupsd 44515 6 tcp4 127.0.0.1:631 *:*
Just in case – here are the groups in which my vermaden user is:
% id | tr ',' '\n'
uid=1000(vermaden) gid=1000(vermaden) groups=1000(vermaden)
0(wheel)
5(operator)
44(video)
69(network)
145(webcamd)
920(vboxusers)
It was not needed to add my vermaden user to the cups group to print – but feel free to also test that if you face any problems.
First I will go with the TCP/IP attached network printer – HP M251nw.
Before doing any steps or configuration on FreeBSD part we first need to connect that printer to the TCP/IP network. As the HP M251nw printer has WiFi – I decided to connect it to my wireless WiFi router instead of using RJ45 cable. I will not document that part as HP already provides decent guide on how to achieve that – https://youtu.be/jLDzQBAtKyQ – on YouTube service.
In my case I used the 10.0.0.9 IP address and I configured my WiFi router to always attach that MAC address to that IP address.
Next step is to open http://localhost:631/ page in your browser. You will see default CUPS web interface.
Hit the Administration tab on the top. Then click the Add Printer button in the middle of the page – you will be asked for username and password – use your username and your password here.
The HP M251nw network attached browser has already been detected by CUPS. Select it and click Continue button.
CUPS will suggest some long names and description as showed below.
… but we will use simpler and shorter name instead.
Next we need to choose which driver to use.
We will not find a HP M251nw driver on the CUPS list but there are two drivers that will work here:
HP LaserJet Series PCL 6 CUPS (en)
HP Color LaserJet Series PCL 6 CUPS (en)
As HP M251nw is color printer we will choose HP Color LaserJet Series PCL 6 CUPS here.
After a moment we will see a message that HP M251nw printer has been successfully added to CUPS.
You can notice that new PPD file appeared at CUPS dir named exactly like the printer name.
% ls -l /usr/local/etc/cups/ppd
total 9K
-rw-r----- 1 root cups 9721 2023-02-06 11:24 HP-M251nw.ppd
-rw-r----- 1 root cups 9736 2023-02-06 11:23 HP-M251nw.ppd.O
This is how our HP M251nw printer status page looks like.
We should now setup the default printing options. From the Administration drop down menu select Set Default Options option. The only things I selected/set that are different from the CUPS defaults are A4 paper size and 1200 DPI resolution.
I will now use Atril PDF viewer to test how the printing on the HP M251nw works – I used a small one page PDF file with one of my old guides – the ZFS Madness one from 2014. From the File menu select Print… option – or just hit [CTRL]+[P] shortcut.
Then select HP-M251nw printer from the list and hit the Print button below.
After some noises and time (not much later) the printer dropped a printed page. Seems to work properly.
Looks good.
Lets now add USB printer.
To get needed PPD driver for the Samsung ML-1915 printer we installed the print/splix package.
Here is the exact driver we will use.
% pkg info -l splix | grep 1915
/usr/local/share/cups/model/samsung/ml1915.ppd
Before attaching the Samsung ML-1915 printer to your computer you may check what devices devd(8) will create.
First power on the Samsung ML-1915 printer.
Then attach the USB cable from the printer to your FreeBSD box (assuming that printer has AC p
(read more)
If you sat down to work this morning and attempted to do something as routine as check your emails with Outlook, you'd be bang out of luck.
According to outage tracker DownDetector, reports began coming in of users facing a 500 error and being unable to send, receive or search email through Outlook.com from about 4am UTC, peaking at 8 and 9am as Europeans reached their desks.
Microsoft confirmed the outage on its service health website, saying: "We're applying targeted mitigations to a subset of affected infrastructure and validating that it has mitigated impact. We're also making traffic optimization efforts to alleviate user impact and expedite recovery."
It added that extra "Outlook.com functionality such as Calendar APIs consumed by other services such as Microsoft Teams are also affected."
At the time of writing, the blackout appears to be ongoing. As for what caused it, the Microsoft 365 Status Twitter account said: "We've confirmed that a recent change is contributing to the cause of impact. We're working on potential solutions to restore availability of the service."
In plain English, Microsoft tweaked something and the house of cards came tumbling down, so they'll probably have to revert the change. It offered the reference number EX512238 to track in the admin center and otherwise directed users to watch the service health page for any updates.
Until then, you have The Register's blessing to slack off – just check with your boss that you don't have anything outstanding that can be done without the aid of Outlook.
Warning: Microsoft Teams Free (classic) will be gone in 2 months
Microsoft injects AI into Teams so no one will ever forget what the meeting decided
Microsoft warns some Azure usage notifications – including abnormalities – are broken
WAN router IP address change blamed for global Microsoft 365 outage
As ever, Microsoft's legendary approach to quality control is incredibly poorly timed because today the company is supposed to host a super-duper mystery event at Redmond that is thought to include a relaunch of its search engine Bing, now with added ChatGPT from OpenAI!
Microsoft has invested
(read more)
Video The Seinfeld spoof Nothing, Forever - a sitcom developed using generative AI - has been temporarily banned on Twitch after one of the characters accidentally spewed transphobic profanities.
The bizarre show made headlines last week for using AI to improvise visuals and script of a never-ending episode of Seinfeld. In comedy imitating art, sitcom 30 Rock predicted something like this over 15 years ago.
The characters, modelled after iconic comedy series' characters Jerry, George, Elaine and Kramer, utter a dialogue completely made up using OpenAI's GPT-3 language models. The text is tra
(read more)
The European public DNS that makes your Internet safer.A free, sovereign and GDPR-compliant recursive DNS resolver with a strong focus on security to protect the citizens and organizations of the European Union.Set up on your deviceDownload the configuration profile.Open the Settings app.Tap Profile Downloaded.Tap Install in the upper-right corner, then follow the onscreen instructions.Infrastructure & NetworkWe distribute our infrastructure across multiple hosting providers in every member state of the European Union. Our custom-built software stack has been battle-tested for more than 3 year
(read more)
Who, Me? Welcome back once again, dear reader, to the untidy corner of The Reg we call Who Me? in which readers' confessions are filed in the dusty shadows until rediscovered.
At the top of the creaking pile of submissions this week we found a reader we'll Regomize as "Jock" who leaned way back on his rocking chair to recount for us a story of his younger years – in the 1960s.
Yes, this tale comes from the era of free love, psychedelia, and banking certificates printed on gigantic tractor-fed dot-matrix printers that could only use perforated paper. Jock worked in a bank, so on the spectrum of the cultural revolution he was more at the heavy stock end than Woodstock.
Aged 16 and keen to impress, Jock was helping the Ledgers clerk clear her desk before the Christmas break. Said clerk had to print out hundreds of end-of-year share certificates, which were delivered as "stacks of perforated, folded computer paper." Jock's role in the procedure should have been to separate the certificates and then place each in the appropriate customer files.
Unfortunately, Jock tells us, the Ledgers clerk "forgot I was new and would have no idea what she meant when she told me to 'tear up the dividend certificates'."
Shag pile PC earned techies a carpeting from HR
Dear Stupid, I write with news I did not check the content of the [Name] field before sending this letter
Sysadmin infected bank with 'alien virus' that sucked CPUs dry
Mixing an invisible laser and a fire alarm made for a disastrous demo
Let us now imagine the youthful zeal and enthusiasm Jock brought to this task. "I ripped each one into about 16 pieces before placing them in the trash," he told Who, Me. Next, he "carefully and conscientiously mixed them with lots of our other branch paper waste." Such a thorough job!
When he finished, he proudly informed the clerk that no-one would ever be able to put them back together.
But, dear reader, it seems he was mistaken about that. Not only could someone put them back together, someone had to. Guess who?
Of course it was not only Jock. Bank rules required every single certificate to be completely reassembled and taped back together, with the branch manager obliged to initial each and every one of the repaired joints. Other staff were called in to assist.
Even so, it took until early Christmas Day. Not quite the holiday any
(read more)
The UK government has come under further fire for dragging its feet on a national semiconductor strategy while other industrialized nations push ahead with investment in their own high-tech sectors.
A committee of MPs within the House of Commons has reiterated its call for a semiconductor strategy to be published urgently in order to safeguard the local tech industry, expressing disappointment with the government's response to its earlier report on the state of the industry.
The earlier report, "The semiconductor industry in the UK," was published at the end of November last year by MPs on the Business, Energy and Industrial Strategy Committee. As detailed by The Register at the time, it laid out how the UK industry has strengths in some areas but does not have a complete end-to-end supply chain and is vulnerable to any future disruption in global supplies. It contained key recommendations including better cooperation with allies to safeguard supplies and to secure inward investment.
The committee today indicated it was dismayed that its recommendations had not been fully addressed, and called for a full response to its report whenever an official strategy - due months ago - is finally published.
"It's a poor excuse for the government to hide behind its failure to publish a semiconductor strategy for not responding to our practical recommendations fully," said committee chair Darren Jones, who is Labour MP for Bristol North West.
Countries across the globe have grasped the importance of securing semiconductor supply chains for their futures, he said, yet "while others race ahead, ploughing billions into setting up fabs or industry support, we're not even at the starting line." Further delay would be an act of national self-harm, he added.
In its response to the earlier report in November, the government said it agreed fully on the importance of the semiconductor industry, and there was a need for "timely, coherent and decisive action to be taken across the market."
The government claimed it was already in initial talks with "like-minded nations on the future of the global semiconductor market," including the US, Japan, and Korea.
In order to ensure that the UK is able to contribute significantly to these international discussions, it said it was vital the country remains a key part of the global semiconductor value chain, and the government will need to capitalize on the UK's existing strengths in semiconductor chip design.
The government said it agrees on the importance of publishing a new UK semiconductor strategy that will set out a clear long-term vision for the UK, adding that, "This is why we are aiming to publish the forthcoming UK semiconductor strategy as soon as possible."
How soon that will be is difficult to tell. The semiconductor strategy was promised at least as far back as April last year, when Lord Callanan told the House of Commons the Department for Digital, Culture, Media and Sport was working on one "to be published shortly."
Meanwhile, in Japan, the country is pushing ahead with plans for its state-backed semiconductor venture Rapidus, which aims to partner with IBM on
(read more)
While working on my master’s thesis, I investigated some recently proposed constructions that turn AEADs into key-committing or fully-committing ones. Key commitment has recently gotten a lot more attention and I, therefore, expect this post to be outdated quite soon, as new research emerges. This post serves as a quick collection of personal notes and pointers, that maybe could help someone looking to add key commitment to their AEAD schemes today. There exist constructions proposed in earlier work, but the ones covered herein are the ones I focused on primarily.
An implementation of UtC+HtE and CTX for ChaCha20-Poly1305 with BLAKE2b is available here: https://github.com/brycx/CAEAD
Key-committing or fully committing?
The first question you need to figure out is whether you only want a key-committing AE or fully committing one.
If an AEAD is key-committing, it means that it commits to the input (K, N, C). That is the key, nonce, and ciphertext. A fully committing AE will commit to the entire input, meaning the AD as well: (K, N, AD, C).
If you deal with protocols where you need message franking, you would for example require a fully-committing AEAD.
Both constructions mentioned in this post are generic, meaning they can add commitment on top of any AEAD scheme and not just, say, AES-GCM.
UtC, RtC and HtE by Bellare and Hoang
These transformations have been described in the 2022 paper “Efficient Schemes for Committing Authenticated Encryption” by Mihir Bellare and Viet Tung Hoang. They define two generic constructions that turn either a nonce-based AEAD (nAEAD) into a key-committing scheme or a misuse-resistant AEAD (MRAE) into a key-committing scheme.
UtC (UNAE-then-Commit)
UtC adds key commitment to any nonce-based AEAD scheme. It uses what Bellare and Hoang call a committing PRF (F), to derive a commitment block P and subkey L from the key and nonce. The subkey L is what is used as the key for the underlying AEAD and P is appended to the ciphertext.
(P, L) ← F(K, N)
C ← AEAD(L, N, A, M)
C ← P || C
Bellare and Hoang propose a specific instantiation of a committing PRF based on AES, in their paper.
RtC (MRAE-then-Commit)
RtC adds key commitment to any misuse-resistant AEAD (MRAE) scheme. RtC utilizes a committing PRF, just as UtC does, but additionally incorporates a collision-resistant PRF H.
(P, L) ← F(K, N)
C ← MRAE(L, N, A, M)
T ← H(P, C[1 : n])
We again get a commitment P, but this time it’s used to generate the hash output T, which is appended to the ciphertext. We assume there that the ciphertext from MRAE is at least n bits long, where n is the output length of H.
HtE (Hash-then-Encrypt)
This transform takes any key-committing schemes (what Bellare and Hoang call CMT-1) and turns it into a fully committing scheme (what Bellare and Hoang call CMT-4). This means this can be put on top of both UtC and RtC.
L ← H(K, (N, A))
C ← CMT-1-AE(L, N, ε, M)
We derive a subkey L which commits to the additional data and use this to encrypt with a CMT-1 scheme (ε is simply an empty string).
CTX by Chan and Rogaway
CTX is described in the 2022 paper “On Committing Authentica
(read more)
Microsoft will officially kill its legacy free Teams app for business, Teams Free (classic), on April 12, with all chats, files and other data lost unless you switch to a paid version.
News of the premium push on Microsoft's productivity app was covered by The Reg in January, but we're told some sysadmins on the free plan are only now waking up to the fact that they'll either have to convince corporate to switch to a paid plan or manually migrate all of their company's Teams data.
Microsoft has presented two paid options for moving off Teams Free (classic). The first is to shift to Microsoft Teams Essentials for $4 per user/month, where users will be treated to the terrifying prospect of gr
(read more)
Image source, Getty ImagesEnergy giant BP has reported record annual profits after oil and gas prices surged last year following Russia's invasion of Ukraine.The company's profits more than doubled to
(read more)
Pricing updates for businesses based in the European Economic Area [pdf]
Starting 10 April 2023, fees for card processing, disputes, and USD currency payouts will be higher due to increases in network costs (in recent years, major card networks have introduced several new fees and increased existing fees), as well as increases in underlying service costs.
Please refer to the following details to understand how these changes may impact your business.
Changes for card processing
Card fees today
Card fees starting 10 April 2023
All EU cards: 1.4% + €0.25 per transaction
Standard EU cards: 1.5% + €0.25 per transactionPremium EU card: 1.9% + €0.25 per transaction
International
(read more)
WINE Windows translation layer has matured like a fine... you get the picture
The Register - Tue Feb 7 06:51
The WINE Project has reached version 8.0 and DXVK version 2.1 of its Vulkan-based DirectX translation layer. If you'd give Linux a go except for one or two pesky but necessary apps, it's worth a try.
(read more)
File the decision to withdraw free access to its API under "Twitter doing dumb things" because owner Elon Musk has partially walked back on it mere days later.
Last month, third-party Twitter clients suddenly stopped functioning without explanation. This caused the death of numerous projects, including the popular Twitterific app, and bot accounts ceased activity too. Twitter later pasted a bunch of new rules into its Developer Agreement as justification.
Last week, the Twitter Dev account announced: "Starting February 9, we will no longer support free access to the Twitter API, both v2 and v1.1. A paid basic tier will be available instead."
The backlash was severe and immediate, with developers pointing out that their work improves the utility of Twitter for many users and that they often do it for free. There is also the issue of data scientists and researchers who used that data in their jobs suddenly having access revoked.
But what Musk failed to understand is that bot accounts, those programmed to autonomously post whatever information through the Twitter API, form a large part of what people enjoy about the platform. There are some examples of the most useful or entertaining ones here.
Musk's relationship with bots is weird. First he claimed Twitter was obscuring the number of "fake bot accounts" when he set about buying the company, trying to get a better price than the one he offered. Then, not long into his stewardship, the bot that tracked the movements of his private jet was suspended and later reinstated with an added delay.
Musk, Tesla win securities fraud battle over that 'funding secured' tweet
No more free API access, says Twitter: You pay for that data
Landlord favorite Twitter sued for allegedly not paying rent on Market Square HQ
Musk: Tesla's doing great. I mean, have you seen my Twitter follower count?
He claimed that the free API was "being abused badly by bot scammers & opinion manipulators," adding: "Just ~$100/month for API access with ID verification will clean things up greatly."
Since Twitter's finances are in chaos due in no small part to Musk's takeover, the most believable reason is simply anothe
(read more)
It is possible to extract copies of images used to train generative AI models
The Register - Tue Feb 7 05:41
Generative AI models can memorize images from their training data, possibly allowing users to extract private copyrighted data, according to research.
Tools like DALL-E, Stable Diffusion, and Midjourney are trained on billions of images scraped from the internet, including data protected by copyright like artwork and logos. They learn to map visual representations of objects and styles to natural language. When they're given a text description as input, they generate an image matching the caption as output.
The new technology has sparked a fresh legal debate over copyright: do these tools violate intellectual property rights since they ingested copyrighted images without permission?
Lawsuits have been filed against makers of the most popular generative AI tools for infringing copyright. Companies building text-to-image models argue that since their software generates unique images, their use of copyright data is fair use. But artists who have seen their styles and work imitated by these tools believe they've been ripped off.
Now research led by researchers working at Google, DeepMind, the University of California, Berkeley, ETH Zurich, and Princeton University demonstrates that images used to train these models can be extracted. Generative AI models
(read more)
Google works on Blink-based iOS browser contrary to Apple's WebKit rule
The Register - Tue Feb 7 09:51
Google's Chromium developers have begun work on an experimental web browser for Apple's iOS using the search giant's Blink engine.
That's unexpected because the current version of Chrome for iOS uses Apple's WebKit rendering engine under the hood. Apple requires every iOS browser to use WebKit and its iOS App Store Review Guidelines state, "Apps that browse the web must use the appropriate WebKit framework and WebKit Javascript."
So Google's project, a content_shell iOS port, would not be allowed on iOS if it were turned into a release-ready browser. Yet, Google, for some reason, is pursuing this.
Apple's rules have been a sore point among competitors and the web development community for years. Critics have argued that Apple's browser restrictions – which turn every iOS browser into a Safari clone, more or less – make web applications less capable and less attractive. That steers developers toward writing native platform apps for iOS, over which Apple has gatekeeping and monetary powers.
Over the past two years, however, Apple's platform autarchy has become more fragile as legal and regulatory challenges have proliferated.
The latest questioning of Apple's authority came from the US National Telecommunications and Information Administration (NTIA), which has just issued a report calling for changes to the mobile app ecosystem to promote competition.
The NTIA report echoes concerns raised by other regulators like the UK Competition and Markets Authority, and competition authorities in Australia and Japan. What's more, the European Digital Markets Act, which comes into effect next year, is expected to force Apple to allow third-party app stores and perhaps to alter its WebKit requirement.
US government calls foul on Apple and Google over walled gardens for apps
Chrome bug bedevils file storage in the cloud
Apple sued for promising privacy, failing at it
Apple preps for 'third-party iOS app stores' in Europe
Google presumably is aware of the possibility of pending changes but the company insists there's nothing to see here. The creator of the bug report describing the project explained, "This experimental applicat
(read more)
US stalkerware developer fined $410,000 and ordered to modify apps so they reveal spying
The Register - Tue Feb 7 09:27
A New York man who developed several stalkerware apps has been ordered to pay $410,000 in civil fines to settle a court case against him, and must modify the apps to let people know they are being monitored.
The NY Attorney General's Office this month announced the agreement with Patrick Hinchy, who sold the apps through more than a dozen companies in New York and Florida.
AG Letitia James' office said Hinchy's stalkerware let users secretly monitor the activity of other people's devices, including text messages, location, Gmail activity, messages in WhatsApp and Skype, call logs, and social media activity.
Hinchy set up at least 16 companies to promote his apps. All told buyers that the apps were legal, but the software didn't notify those whose devices were being monitored that the stalkerware was running and reporting on their activities, breaking state and federal laws, according to James.
As part of the agreement [PDF], the apps must be modified to alert people when their device is being monitored by the software.
In addition, Hinchy and the companies – which used names including Data, DDI Data Solutions, Highster Data Services, and PhoneSpector – also misrepresented their refund and data security policies, didn't tell buyers that the apps could harm the devices they were installed on, and published fake reviews on sham sites created by Hinchy.
Stalkerware proliferates
"Snooping on a partner and tracking their cell phone without their knowledge isn't just a sign of an unhealthy relationship, it is against the law," James said in a statement. "These apps and products put New Yorkers at risk of stalking and domestic abuse."
The Coalition Against Stalkerware, which launched in 2019, said such software is part of a larger problem of people using software to track others. In the US, one in four victims of stalking said technology played a role in the harassment they experienced and 21 percent of victims in France said their harassers used stalkerware.
Between 2017 and 2020, NortonLifeLock identified more than 1,000 apps that could enable users to stalk people and that it was detecting about 1,250 infected mobile devic
(read more)
The reasons businesses and consumers like contactless payment transactions – high security and speed – are what make those systems bad for cybercriminals.
If miscreants want to get back to stealing data and committing fraud, they need to find a way to force transactions away from tap-to-pay systems like Apple Pay and Google Pay and get people putting their credit cards back into the point-of-sale (POS) PIN devices.
According to Kaspersky researchers, that's what the Brazilian operators behind the Prilex POS malware have done.
Kaspersky discovered two new Prilex variants in early 2022 and found a third in November that can target NFC-enabled credit cards and block contactless transactions, forcing payers over to the less-secure PIN machines.
"The goal here
(read more)
Qualcomm feels the squeeze because you don't want a new smartphone right now
The Register - Tue Feb 7 09:20
Qualcomm reported a 12 percent year-on-year slide in revenue for the first quarter of its fiscal 2023 amid weakening global demand in the smartphone market.
The telecoms chipmaker generated $9.46 billion worth of sales for the quarter ended December 25 2022, down from $10.7 billion a year ago. Its net income was $2.23 billion, a reduction of 34 percent.
Qualcomm shares were down 3 percent after an extended trading session following the results.
However, it wasn't all bad - for company execs and investors - thanks to continued growth in Qualcomm's automotive and IoT business sectors, according to president and CEO Cristiano Amon.
"In the current quarter, combined auto and IoT revenues represented 27 percent of total QCT revenues reflecting continued progress on
(read more)
We have a thing for DOOM, and we admit it. The source was released, and clever hackers have ported the engine to every system imaginable. It’s a right of passage, when hacking a machine, to run DOOM on it — be it a VoIP phone, or tractor. But the original 1993 release does have a few notable tricks, and there’s something to be said for recreating that experience on period hardware. And that’s what we’re covering today: [Tech Tangents] discovered DOOM’s multi-monitor support, and built a 4-computer cluster to show it off.
There is a catch, of course. DOOM 1.1 has the multi-monitor support, and under-the-hood, it works by running a copy of the game on individual computers, and controlling the drones over the network. As the game’s network code was updated for version 1.2, the multi-monitor feature was axed to make the network code easier to maintain. So, find a 1.1 shareware release, install it on a DOS machine with IPX drivers, and start each iteration with a -net flag. Use -left and -right to set the drones to the appropriate view. And that view is ninety degrees left and right.
Maybe not ideal, but at the time it was one of the first games to hav
(read more)
Bruce Knuteson writes:
Prompted by your blog post this morning, I attach a plot from Figure 3 of They Still Haven’t Told You showing overnight and intraday returns to AIG (with logarithmic vertical scale, updated with data through the end of October).
If you invested $1 in AIG at the start of 1990 and received only intraday returns (from market open to market close), you would be left with one-twentieth of a penny, suffering a cumulative return of -99.95%. If you received only overnight returns (from market close to the next day’s market open), you would have $1,017, achieving a cumulative return of roughly +101,600%.
You can easily reproduce this plot yourself. Data are publicly available from Yahoo Finance.
AIG is just one of many stocks with a suspiciously divergent time series of overnight and intraday returns.
If you have a compelling innocuous explanation for these strikingly suspicious overnight and intraday returns that I have not already addressed, I would of course be keen to hear it.
Alternatively, if you can think of a historical example of a strikingly suspicious return pattern in a financial market that turned out to clearly be fine, I would be keen to hear it.
If neither, perhaps you can bring these strikingly suspicious return patterns to the attention of your readers.
What continues to stun me is how something can be clear and unambiguous, and it still takes years or even decades to resolve.
The linked article is fun to read, but I absolutely have no idea about this, so just sharing with you. Make of it what you will. You can also read this news article from 2018 by Matt Levine which briefly discusses Knuteson’s idea.
(read more)
I made a Chrome Extension for summarizing any web articles in 1 click using AI
Hacker News - Tue Feb 7 08:54
AI Alfred can summarize your articles in 1 single click.
You just need to go to the web articles' URL and open the AI Alfred extension.
1. Browse the content you want to summarize
Summarize whatever you want by going on the articles you want. 2. Open our Extension or Copy the link
Once you're on the article you want to summarize, you just need to open our Extension (Chrome), or you can copy and paste the URL inside the app Your summary is ready.
Save it, edit it, or copy it in 1 click.
Why you should choose AI Alfred
AI Alfred can help you save hours thanks to our advanced summary model.Do you need to pick up the best articles? Save them.
Do you want to add more to your final summary? Or do you want to change something? You can!AI Alfred is very simple: you just need to open the article you want to summarize (URL), and the extension will do the rest. In Alternatively, you can always copy and paste the article URL into the app.Our AI model replies to the "Human" summary. You'll have a good-quality summary with Alfred after months of training.Users are already saving time!
This is our second version, and we've already tested the product with lot of users during the last 2 months.It's available and easy for anyone you do
I read a lot of articles and I am tired of having 50+ tabs that I am never able to read. This gives me a good opportunity to read through articles and If I want I can push towards reading them in full.
It seemed like an interes
(read more)
PhotoRoom (YC S20) Is Hiring a Fullstack Engineer (Generative AI API) in Paris
Hacker News - Tue Feb 7 08:35
✨ About us ✨PhotoRoom develops cutting-edge technology that empowers entrepreneurs, small businesses, and merchants to easily create images that sell - leveraging deep learning. Our ambition: power the internet’s commerce images.Our first consumer product, the PhotoRoom app, is already a leader in mobile photo editing: we serve 7M+ users across more than 180 countries monthly and our app was awarded as the Best App of 2021 by Android and named Editor’s Choice by Apple.Our company is profitable, and our lean team is made of world-class experts in deep learning, product, and marketing wi
(read more)
Mozilla, like Google, is looking ahead to the end of Apple's WebKit rule
The Register - Tue Feb 7 08:27
Mozilla is planning for the day when Apple will no longer require its competitors to use the WebKit browser engine in iOS.
Mozilla conducted similar experiments that never went anywhere years ago but in October 2022 posted an issue in the GitHub repository housing the code for the iOS version of Firefox that includes a reference to GeckoView, a wrapper for Firefox's Gecko rendering engine.
Under the current Apple App Store Guidelines, iOS browser apps must use WebKit. So a Firefox build incorporating Gecko rather than WebKit currently cannot be distributed through the iOS App Store.
As
(read more)
Peter Hutterer
peter.hutterer at who-t.net
Tue Feb 7 00:28:41 UTC 2023
Previous message (by thread): ANN: luit-20230201
Next message (by thread): [ANNOUNCE] xorg-server 21.1.7
Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
X.Org Security Advisory: February 07, 2023
Security issue in the X server
==============================
This issue can lead to local privileges elevation on systems
where the X server is running privileged and remot
(read more)
The UK government has set up a delivery body tasked with building a prototype fusion energy plant to be sited at West Burton in Nottinghamshire.
Announced today by the Department for Business, Energy and Industrial Strategy (BEIS), the newly established UK Industrial Fusion Solutions Ltd (UKIFS) will have responsibility for delivering the prototype nuclear fusion facility, known as the Spherical Tokamak for Energy Production (STEP).
The STEP project, which was first revealed just over a year ago, is expected to have completed construction by 2040, so don't hold your breath for the "near limitless, low-carbon energy" the program promises to deliver as part of a path to net-zero carbon dioxide emissions and driving economic growth across the UK.
Nevertheless, the government is enthus
(read more)
An encrypted messaging service that has been on law enforcement's radar since a 2019 raid on an old NATO bunker has been shut down after a sweeping series of raids across Europe last week.
In a search of 79 properties in German, The Netherlands, Belgium and Poland last Friday, Authorities in those four countries arrested 48 people who were users, operators and administrators of the Exclu crypto communications service.
Exclu, which still has an operational website that appears to still accept payments of €500 ($537/£446) or €900 ($966/£804) for three and six month licenses, respectively, was used extensively by organized criminals and drug gangs, Dutch police said.
Exclu made it possible to exchange messages, photos, notes and other communications with users, of which Dutc
(read more)
The year 2022 marks seven years since the stable version of the Rust language was officially released. Since its release, Rust has been popular among developers. In a Stack Overflow poll of over 73,000 developers from 180 countries, Rust was voted the most popular programming language for the seventh consecutive year, with 87% of developers expressing a desire to use it.
2022 also marks the second year of the existence of the Rust Foundation, which was founded on February 9, 2021. At its inception, there were only five founding platinum members: Mozilla, Amazon, Huawei, Google, and Microsoft. Today, in December 2022, the Rust Foundation has 39 headline companies from various industries as members, working towards the implementation of Rust in their respective domains.
The num
(read more)
Microsoft swears it's not coming for your data with scan for old Office versions
The Register - Tue Feb 7 07:03
Microsoft wants everyone to know that it isn't looking to invade their privacy while looking through their Windows PCs to find out-of-date versions of Office software.
In its KB5021751 update last month, Microsoft included a plan to scan Windows systems to smoke out those Office versions that are no longer supported or nearing the end of support. Those include Office 2007 (which saw support end in 2017) and Office 2010 (in 2020) and the 2013 build (this coming April).
The company stressed that it would run only one time and would not install anything on the user's Windows system, adding that the file for the update is scanned to ensure it's not infected by malware and is stored on highly secure servers to prevent unauthorized changes to it.
The update caused some discussion among u
(read more)
This tool provides utilities for interacting with OpenAI APIs and storing the results in a SQLite database.
See Semantic search answers: Q&A against documentation with GPT3 + OpenAI embeddings for background on this project.
Installation
Install this tool using pip:
pip install openai-to-sqlite
Configuration
You will need an OpenAI API key to use this tool.
You can create one at https://beta.openai.com/account/api-keys
You can then either set the API key as an environment variable:
export OPENAI_API_KEY=sk-...
Or pass it to each command using the --token sk-... option.
Embeddings
The embeddings command can be used to calculate and store OpenAI embeddings for strings of text.
Each embedding has a cost, so be sure to familiarize yourself with the pricing for the embedding model.
(read more)
China’s Baidu reveals generative AI chatbot based on language model bigger than GPT-3
The Register - Tue Feb 7 06:57
Chinese web giant Baidu, which has “AI” in its name and has made AI the focus of its hyperscale cloud, has revealed it will launch a generative AI chatbot later this year.
Chinese media reported the launch and Baidu confirmed it to The Register.
“The company plans to complete internal testing in March before making the chatbot available to the public,” a Baidu spokesperson wrote.
The bot will be named “Wenxin Yiyan文心一言” or "ERNIE Bot" in English.
The spokesperson added that the bots are based on the Enhanced Representation through Knowledge Integration (Ernie) model first proposed in 2019. We were told Ernie “expands into a series of advanced big models that can perform a wide range of tasks, including language understanding, language gen
(read more)
India’s Ministry of Electronics and Information Technology (MeitY) has commenced the process to ban and block 138 betting apps and 94 loan lending apps with Chinese links, but has drawn criticism for a lack of transparency and the inclusion of several non-Chinese platforms.
The ban has reportedly been executed on behalf of the Ministry of Home Affairs (MHA) after app operators granted substantially large loans and then engaged in extortion, harassment, and other nasty measures to achieve repayment at annual interest rates up to 3,000 percent.
The Indian government began investigating lending apps last year and also issued an advisory in October 2022 against betting and gambling platforms. The Reserve Bank of India attempted [PDF] to further regulate the industry in August 2022 by issuin
(read more)
Power grid worries force Amazon to run Oregon datacenters using fuel cells
The Register - Tue Feb 7 06:33
Unable to get the power it needs to feed its growing datacenter footprint, Amazon plans to transition some of its Oregon datacenters over to natural gas fuel cells.
First reported by local media, Amazon's initial plan would involve installing just shy of 75 megawatts of fuel cell capacity across three datacenters with the option to expand that to four additional sites in the future.
Fuel cells extract electricity from a fuel like natural gas or hydrogen without the need for combustion. With hydrogen, the only byproducts of this reaction are electricity and water vapor, but with natural gas, CO2 — a potent greenhouse gas — is still produced.
The ability to produce power without combustion has made hydrogen fuel cells a popular source of power in spacecraft and other advanced pow
(read more)
UK regulators are investigating a cyberattack against financial technology firm ION, while the LockBit ransomware gang has threatened to publish the stolen data on February 4 if the software provider doesn't pay up.
According to a statement posted on ION Market's website, its ION Cleared Derivatives division "experienced a cybersecurity event" on January 31.
"The incident is contained to a specific environment, all the affected servers are disconnected, and remediation of services is ongoing," the notice said. "Further updates will be posted when available."
LockBit, a ransomware group with ties to Russia, has since said it pulled off the data heist, and promised to publish "all available data," according to a screenshot posted by Emsisoft threat analyst Brett Callow.
#LockBit h
(read more)
Microsoft is changing how it handles device diagnostic data to keep EU sweet
The Register - Tue Feb 7 06:02
Microsoft is continuing to change how diagnostic data from Windows devices is processed and controlled to keep its place in the European market amid stringent privacy and security regulations.
IT administrators enrolling devices in the Windows diagnostic data processor configuration option had been able to use a range of policies for each system, such as allowing for a commercial data pipeline and for desktop analytics processing.
As part of a larger effort announced in May 2021 to enable European entities to process and store their data in Europe, the software giant is ending the use of policies to configure the processor option and instead is offering a configuration for an entire organization based on Azure Active Directory to set Microsoft's role in processing data.
"We're maki
(read more)
MIT recently announced its research on toroidal propellers to create quieter drones. That got [Major Hardware] thinking about noisy PC fans. The obvious solution was to adapt the toroidal shape for a PC fan. He was familiar with the idea from similar screws on boats that are commercially available. You can see his tests in the video below.
The shape of the blades on the MIT drones is visible in video and pictures, but there were no available 3D models. [Major] did a design and 3D printed the blades. Watching the comparison with a conventional fan using smoke was pretty impressive.
The fan appeared to work pretty well, but the stock fan worked better. Oddly, the stock fan was also a little quieter overall, but the MIT-inspired blade was quieter at high frequencies. Stat
(read more)
Pakistan’s PM overturns Wikipedia ban, seeks end to whack-a-mole content blocks
The Register - Tue Feb 7 05:33
Pakistan’s years-long whack-a-mole attempts to prevent its citizens seeing some content online gone up a level, after the nation’s prime minister intervened to overturn a fresh ban on Wikipedia.
As The Register has recently reported, Pakistan's Telecommunications Authority (PTA) last week downgraded access to the crowdsourced encyclopedia after demanding supposedly blasphemous material be removed, and threatened a ban if it was not taken down.
A ban duly followed, prompting the Wikimedia Foundation – operator of Wikipedia – to protest and point out that Pakistani authorities should request site editors address the situation in line with the encyclopedia’s policies.
Now Pakistan prime minister Shehbaz Sharif has intervened to reverse the ban.
The PM c
(read more)
Prof. Abraham Lempel's groundbreaking work in the field of data compression helped pioneer technologies widely popular to this day; 'few are the researchers whose work has had such a broad impact on technological progress and our daily lives'Famed Israeli computer scientist Prof. Abraham Lempel, whose revolutionary work on lossless data compression algorithms served as a precursor of ubiquitous file formats such as MP3 and ZIP, passed away on Sunday at 86.Lempel’s innovative work together with electrical engineer Prof. Jacob Ziv helped transform the field of computer science and is considered one of the most significant technological breakthroughs in the history of the State of Israel and the Technion, the leading research institute where he was professor emeritus.2 View gallery Prof. Abraham Lempel (Photo: Technion)Technion President Prof. Uri Sivan eulogized Lempel as one of the most consequential researchers in the university’s history."The late Prof. Emeritus Lempel was a source of inspiration for all of us, and was among the greatest researchers the Technion has produced in its hundred years," he said.“The Lempel-Ziv algorithm has contributed to the world, free of charge, an unprecedented technology that enables the transfer of data quickly and without loss of data.In his professional life, Prof. Lempel embodied the connection between deepening in basic science and excelling in applied research. Few are the researchers whose work has had such a broad impact on technological progress and our daily lives. May his memory be a blessing".Prof. Lempel was born in Poland in 1936 and began his studies at the Technion in 1959. He completed his three academic degrees in
(read more)
Researchers Find “Inert” Components in Batteries Lead to Cell Self-Discharge
Hackaday - Tue Feb 7 03:00
When it comes to portable power, lithium-ion batteries are where it’s at. Unsurprisingly, there’s a lot of work being done to better understand how to maximize battery life and usable capacity.
Red electrolytic solution, which should normally be clear.
While engaged in such work, [Dr. Michael Metzger] and his colleagues at Dalhousie University opened up a number of lithium-ion cells that had been subjected to a variety of temperatures and found something surprising: the electrolytic solution within was a bright red when it was expected to be clear.
It turns out that PET — commonly used as an inert polymer in cell assembly — releases a molecule that leads to self-discharge of the cells when it breaks down, and this molecule was responsible for the color change. The molecule is called a redox shuttle, because it travels back and forth between the cathode and the anode. This is how an electrochemical cell works, but the problem is this happens all the time, even when the battery isn’t connected to anything, causing self-discharge.
As [Dr. Metzger] points out, this came as a surprise in part because no one was paying much attention to “inert” components like PET. PET is present in the plastic foils and tapes that make up a battery’s internals, and while it is indeed inert at the time of cell manufacture, it can degrade within the battery and release the redox shuttle molecule. Elevated temperatures worsen this condition.
There are two papers (Identification of Redox Shuttle in Cells, and Self-discharge Originating from Redox Shuttle Generation) on the subject, and if you’d like to learn a bit more about lithium-ion batteries in general, o
(read more)
Human psychology may prevent people from realizing the benefits of artificial intelligence, according to a trio of boffins based in the Netherlands.
But with training, we can learn to overcome our biases and trust our automated advisors.
In a preprint paper titled "Knowing About Knowing: An Illusion of Human Competence Can Hinder Appropriate Reliance on AI Systems," Gaole He, Lucie Kuiper, and Ujwal Gadiraju, from Delft University of Technology, examine whether the Dunning-Kruger effect hinders people from relying on recommendations from AI systems.
The Dunning-Kruger effect (DKE) dates back to research from 1999 by psychologists David Dunning and Justin Kruger, "Unskilled and unaware of it: How difficulties in recognizing one's own incompetence lead to inflated self-assessments."
Dunning and Kruger posit that incompetent people lack the capacity to recognize their incompetence and thus tend to overestimate their abilities.
Assuming DKE exists – something not everyone agrees on – the Delft researchers suggest this cognitive condition means AI guidance may be lost on us. That's not ideal since AI systems presently tend to be pitched as assistive systems that augment human decision-making rather than autonomous systems that operate without oversight. Robo help doesn't mean much if we don't accept it.
"This a particularly important metacognitive bias to understand in the context of human-AI decision making, since one can intuitively understand how inflated self-assessments and illusory superiority over an AI system can result in overly relying on oneself or exhibiting under-reliance on AI advice," state He, Kuiper, and Gadiraju in their paper, which has been conditionally accepted to CHI 2023. "This can cloud human behavior in their interaction with AI systems."
To test this, the researchers asked 249 people to answer a series of multiple choice questions to test their reasoning. The respondents were asked to answer questions first by themselves and then with the help of an AI assistant.
The questions, available in the research project GitHub repository, consisted of a series of questions like this:
The study participan
(read more)
Announcing Rust Magazine
2022-12-10
VecDeque::resize() optimization
2022-12-24
MiniLSM: A Tutorial of Building Storage Engine in a Week using Rust
2022-12-30
The Hidden Control Flow — Some Insights on an Async Cancellation Problem in Rust
2023-01-12
How I contribute to Rust Compiler
2023-01-29
Interview with Weihang Lo
2023-01-30
(read more)
Have we learnt nothing from SolarWinds supply chain attacks? Not yet it appears
The Register - Tue Feb 7 04:45
The hack of SolarWinds' software more than two years ago pushed the threat of software supply chain attacks to the front of security conversations, but is anything being done?.
In a matter of days this week, at least four disparate efforts to shore up supply chain security were declared, an example of how front-of-mind such risks have become and a push from vendors and developers to reduce them.
The threat is growing. Gartner expects that by 2025, 45 percent of organizations globally will have experienced a software supply chain attack, a three-fold jump from 2021. It's not a surprise, according to Neatsun Ziv, CEO of startup Ox Security that's building an open MITRE ATT&CK-like framework for enterprises to check software supply chains.
"These kinds of attacks become super, super lucrative just because the [hits] that you could get from a single weapon is not proportional to anything else you see in the industry," Ziv told The Register.
As with the SolarWinds attack, a miscreant can inject malicious code into a piece of software before the compromised software is sent out to customers and compromises those systems. Organizations seem to be slow in catching up to this.
More recently, attackers have targeted code repositories like GitHub and PyPI and companies like CI/CD platform provider CircleCI, an incident that expanded the definition of a supply chain attack, according to Matt Rose, field CISO for cybersecurity vendor ReversingLabs.
"What the CircleCI incident illustrates is that organizations have to not only be concerned about malware being injected into a compiled object or deliverable, but also of the tooling used to build them," Rose wrote in a blog post. "That's why the CircleCI hack is an eye opener to a lot of organizations out there."
One framework for them all
The OSC&R (Open Software Supply Chain Attack Reference) was launched this week, founded by Ziv – former vice president of cybersecurity at Check Point – and other security pros with background at such places as Google, Microsoft, GitLab, and Fortinet.
The idea is to give enterprises a common framework for evaluating and measuring the risk to their s
(read more)
South Korea to treat crypto tokens and virtual assets as if they were securities
The Register - Tue Feb 7 04:34
South Korea’s Financial Services Commission yesterday revealed plans to regulate crypto assets as if they are securities.
An announcement from the Commission’s Capital Market Division argues that investors should expect that tokenised assets enjoy the same protection as conventional securities, because they meet the same definitions South Korea applies to other securities.
The document also notes that there are many types of securities traded in South Korea without the involvement of institutions or exchanges, such as shares in private companies. The regulator therefore does not believe that defining crypto tokens as securities creates a new class of securities.
Or as the machine translation of the document puts it: “The food does not change no matter what container it is served in.”
The Commission extends that metaphor by noting “You cannot use anything as a container for food” and “Suitable bowls may vary depending on the type of food.”
Tokenized assets, the regulator argues, are a new form of container suitable for a new class of security.
The document also suggests that the same blockchain tech powering tokenised assets could be used to create new containers that “improve the issuance and transaction of existing securities more efficiently and conveniently”.
South Korea makes crypto crackdown a national justice priority
FBI catches up with infosec and crypto communities, blames Lazarus Group for $100 million heist
North Korea hits new low by using Seoul Halloween tragedy to exploit Internet Explorer zero-day
Amid FTX's burning wreckage, Japan outpost promises asset withdrawals in February
Interestingly, the document appears not to mention the use of blockchain based assets as currency. It does, however, envisage some self-regulation with exchanges asked to decide when tokens they trade are securities and when that treatment is not needed.
The regulator has also pointed out that South Korea’s laws, and the opinions expressed in this document, apply to tokenised assets issued and created overseas.
The regulator intends to submit amendments to relevant South Korean statutes later in 2023, in t
(read more)
Event TimelineThere are a very large number of changes, so older changes are hidden. Show Older Changeslibcxx/include/__algorithm/sort.h
128libcxx/include/__algorithm/sort.h
187–191libcxx/benchmarks/algorithms.bench.cpp
27–28
libcxx/include/__algorithm/sort.h
152
160
187–191
libcxx/test/libcxx/algorithms/robust_against_copying_comparators.pass.cpp
192Comment Actionslibcxx/benchmarks/algorithms.bench.cpp
27–28
libcxx/test/libcxx/algorithms/robust_against_copying_comparators.pass.cpp
192libcxx/include/__algorithm/sort.h
127libcxx/include/__algorithm/sort.h
127libcxx/benchmarks/algorithms
(read more)
On Monday, Google unveiled an AI chatbot, Bard, that will be integrated into its search engine soon in the face of rising competition from Microsoft's Bing and OpenAI's ChatGPT.
Talk of Microsoft revamping its search engine Bing with a massive investment in OpenAI's upcoming large language model GPT-4 has kicked Google into building its own rival service.
Large language models have rapidly improved and are better at generating text, summarizing knowledge, and answering questions. They aren't perfect, however, and can still produce toxic and false information. But folks are fascinated and draw
(read more)
Don't buy an Android phone in China, boffins have warned, as they come crammed with preinstalled apps transmitting privacy-sensitive data to third-party domains without consent or notice.
The research, conducted by Haoyu Liu (University of Edinburgh), Douglas Leith (Trinity College Dublin), and Paul Patras (University of Edinburgh), suggests that private information leakage poses a serious tracking risk to mobile phone customers in China, even when they travel abroad in countries with stronger privacy laws.
In a paper titled "Android OS Privacy Under the Loupe – A Tale from the East," the trio of university boffins analyzed the Android system apps installed on the mobile handsets of three popular smartphone vendors in China: OnePlus, Xiaomi and Oppo Realme.
The researchers looked specifically at the information transmitted by the operating system and system apps, in order to exclude user-installed software. They assume users have opted out of analytics and personalization, do not use any cloud storage or optional third-party services, and have not created an account on any platform run by the developer of the Android distribution. A sensible policy, but it doesn't seem to help much.
The pre-installed set of apps consists of Android AOSP packages, vendor code and third-party software. There are more than 30 third-party packages in each of the Android handsets with Chinese firmware, the paper says.
These include Chinese input apps like Baidu Input, IflyTek Input and Sogou Input on the Xiaomi Redmi Note 11. On the OnePlus 9R and Realme Q3 Pro, there's Baidu Map as a foreground navigation app and the AMap package, which runs continuously in the background. And there are also various news, video streaming, and online shopping apps bundled into the Chinese firmware.
Inflation to kill growth prospects for smartphone sales
To cut off all nearby phones with these Chinese chips, this is the bug to exploit
White House pushes for total ban on US exports to Huawei
Should open source sniff the geopolitical wind and ban itself in China and Russia?
Within this limited scope, the researchers found that Android handsets from the three named vendors "send a worrying amount of Personally Identifiable Information (PII) not only to the device vendor but also to service providers like Baidu and to Chinese mobile network operators."
The tested
(read more)
I built an app called Queryable, which integrates the CLIP model on iOS to search the Photos album OFFLINE. It is available on App Store today and I thought it might be helpful to others who are as frustrated with the search function of Photos as I was, so I wrote this article to introduce it.
CLIP
CLIP(Contrastive Language-Image Pre-Training) is a model proposed by OpenAI in 2021. CLIP can encode images and text into representations that can be compared in the same space. CLIP is the basis for many text-to-image models (e.g. Stable Diffusion) to calculate the distance between the generated image and the prompt during training.
To run on iOS devices in real time, I made a compromise between the performance and the model size, and finally chose the ViT-B-32 model, separated the Text Encoder and Image Encoder.
In ViT-B-32:
Text Encoder will encode any text into a 1x512 dimensional vector.
Image Encoder will encode any image into a 1x512 dimensional vector.
We can calculate the proximity of a text sentence and an image by finding the cosine similarity between their text vector and image vector. The pseudo code is as follows:
import clip
model, preprocess = clip.load("ViT-B/32", device=device)
image_feature = model.encode_image("photo-of-a-dog.png")
text_feature = model.encode_text("rainly night")
sim = cosin_similarity(image_feature, text_feature)
Integrate CLIP into iOS
I exported the Text Encoder and Image Encoder to CoreML model using coremltools library. The final models has a total file size of 300MB. Then, I started writing Swift.
Here is how to do inference w
(read more)
In brief Google has hinted it will unveil AI-powered products and features in a live event next week.
Online search and advertising are Google's biggest sources of income. The potential that its business could be threatened by Microsoft incorporating OpenAI's GPT-4 into the Bing search engine has raised alarm bells internally.
Google has pulled engineers from other projects to work on building a rival AI chatbot-powered search, and CEO Sundar Pichai promised to produce results soon. "I'm excited by the AI-driven leaps we're about to unveil in search and beyond," Pichai said in a statement, reported by Bloomberg.
Google's AI model – LaMDA – will be made available "in the coming weeks and months," and Pichai promised that people will soon be able to use language models "as a companion to search." How AI-powered search has been incorporated Google Search, Maps, and more will be unveiled next week, according to an invite for a live event on February 8 received by The Verge.
The presentation will reportedly reveal "the power of AI to reimagine how people search for, explore and interact with information, making it more natural and intuitive than ever before to find what you need."
No sign of Cruise and Waymo slowing down driverless cars soon
Transport officials are wary of driverless cars operating in San Francisco, but Cruise and Waymo's fleets are logging more miles than ever.
Cruise and Waymo operate fully driverless autonomous cars in Sa
(read more)
Sooner or later, everything ends up in Microsoft Excel.
The 37-year-old spreadsheet has been used to run Doom and Pac-Man, stop-motion animation, a turn-based role playing game, chess, and a neural network, among other things.
Excel's latest trick comes courtesy of Microsoft's own software developers: "FLAME: A small language model for spreadsheet formulas."
It's detailed in a preprint paper from Microsoft researchers Harshit Joshi, Abishai Ebenezer, José Cambronero, Sumit Gulwani, Aditya Kanade, Vu Le, Ivan Radiček, and Gust Verbruggen. The paper describes an assistive AI system called FLAME. It's a small language model that can improve the creation and maintenance of Excel formulas.
Large language models like OpenAI's ChatGPT are all the rage at the moment. These are statistical models trained on vast amounts of text that can predict a likely output based on a text prompt input.
The problem with large language models is that they're, well, large – training requires lots of input data and money, and using the resulting model for inference also demands a lot of hardware. For example, the researchers cite Incoder 6.7B, a model trained for code infilling on 159GB of source code over a period of 24 days with 248 Nvidia V100 GPUs.
Lambda Labs has estimated the cost to train GPT-3, a 175B parameter model, comes to about $4.6 million using Tesla V100 instances.
Weighing in at a mere 60M parameters, FLAME is "the first language model designed exclusively for Excel formulas." While the research paper does not explicitly state that FLAME is an acronym representing "First LAnguage Model for Excel," we speculate that this is the case.
Microsoft to offer ChatGPT-as-a-service from Azure real soon now
Microsoft injects AI into Teams so no one will ever forget what the meeting decided
GPT-4 could pop up in Bing, as Google races to build chatbot search products
It's your human hubris holding back AI acceptance
Despite its modest size, FLAME manages to outperform much larger models tuned for completing lines of code (code infilling), including CodeT5 (220M), Codex-Cushman (12B), and Codex-Davinci (175B).
FLAME is designed to autocomplete Excel formulas or repair malformed ones, and to handle syntax reconstruction, a technique for stripping delimiters (eg, curly braces) out of a formula so models can more easily recognize and reconstruct the full formula.
So in some future version of Excel, once FLAME has been wired into the software, entering a buggy formula like this…
=IF('Jan 13'!B2="", 'Feb 13'!B2="", 'Mar 13'!B2="", 'Apr 13'!B2="", yes, no)
…could end up looking like this with the help of FLAME's corrective ability.
=IF(AND('Jan 13'!B2="", 'Feb 13'!B2="", 'Mar 13'!B2="", 'Apr 13'!B2=""), "yes", "no")
And being able to do so with two orders of magnitude less training data than Codex or other large language models means Microsoft should find FLAME much more affordable to deploy when it's ready.
For those who have to maintain large spreadsheets with lots of formulas, your humble vulture has to say, FLAME looks pretty cool. ®
(read more)
UK health minister confirms data platform worth £480m will replicate Palantir dashboards
The Register - Tue Feb 7 02:57
The UK's health service has confirmed it will require winners of the procurement for a Federated Data Platform (FDP) to migrate existing dashboards from the current platform by US spy-tech firm Palantir.
Palantir, which made its name creating data analytics technologies for the CIA and US immigration agency ICE, is said to be making the competition a "must-win."
The company got a foothold in the National Health Service (NHS) during the pandemic, when it was one of a number of suppliers to build a "data store" to detail information about the spread of COVID-19 and its impact on the NHS, one of the world's largest healthcare providers.
It won a £23 million ($28 million) contract without competition to extend its work on the platform, built on its Foundry product. The deal, which was extended without competition in January, was subject to threats of judicial review, after which the NHS agreed not to extend it without public consultation.
Also in January, NHS England and NHS Improvement launched the competition for a new £480 million ($580 million) data platform which promised to provide "the connectivity [which] will enable us to rapidly scale and share innovative solutions that directly addresses the challenges most pressing for the NHS," according to an NHS England blog.
Potential suppliers of the new system have questioned whether Palantir has an unfair advantage in the competition given it built the existing dashboards and data platform the NHS expects to migrate to the FDP.
In November 2022, supplier documents showed that existing services based on the NHS implementation of Foundry were "within the scope of the requirement for the Federated Data Platform and would be transitioned to the FDP as part of its implementation in place of the existing platform."
In response to a Parliamentary question late last week, Nicholas Francis Markham, member of the House of Lords and under-secretary of state in the Department of Health and Social Care (DHSC), confirmed existing dashboards within Foundry would be interoperable.
"Over the coming months, an assessment will be undertaken to determine which dashboards will be migrated to the new Federated Data Platform and which will be decommissioned. The format of the specifications for these dashboards will be developed as part of the planned transition activities of the programme," he said.
That NHS England patient data platform procurement, FDP, is live. And worth up to £480m
Government tech spending in England more than doubles in five years
NHS England Palantir contract extension could result in further legal threats
Palantir's Covid-era UK health contract extended without competition
The precise meaning of that statement can be open to technical interpretation. It is possible the technology in Foundry, a proprietary system, may be interoperable without necessarily offering a level playing field to alternative suppliers hoping to replicate its dashboards.
Last week, NHS Digital, a wing of the DHSC responsible for digital strategy in the health service, finally bit the dust. It officially merged with NHS England, completing a move first announced by then h
(read more)
podman provides an integrated auto-update mechanism, which I recently applied to all of my containers running on feldspaten. The mechanism is nice, but at first appears a bit counter-intuitive. In this post ’m trying to explain how you can use the mechanism and what to watch out for. I’ll start with the trap I think most people fall for.
Most people’s path to containers starts with docker, which by itself is an amazing tool. I see podman as an improvement/modernization step of docker because it can run daemonless, rootless and thereby integrates well with systemd. The last part is in my experience a stumbling block, most people fall over at first.
When you deply your ap
(read more)
James Cameron did the experiment: Titanic’s Jack probably wouldn’t have survived
Ars Technica - Mon Feb 6 23:55
Enlarge / Jack (Leonardo DiCaprio) sacrifices his spot on a makeshift raft to save Rose (Kate Winslet) in Titanic.CBS/Getty Images
(Major spo
(read more)
Sync’ up! … without getting drained
feb 6
It’s imperative
If you’re writing code in an imperative language like C or Python,
there’s one over-arching heuristic that I think all such hackers should
try to follow: don’t write whopper routines.
What are whopper routines? Well, if you don’t know, maybe you are
subjecting the world to such source-code.
Whopper routines are functions, routines, methods, that run on and
on, and try to do everything all right there. These routines kind
of even look like a whopper (burger), as all the conditional branching
is falling out everywhere, like onions and pickles hanging outs
(read more)
iWF will make you a 10x developer!
iWF is a platform providing all-in-one tooling for building long-running business application. It provides an
abstraction for persistence(database, e
(read more)
US woman has walked around with untreated TB for over a year, now faces jail
Hacker News - Mon Feb 6 23:21
Menace to society —
Recent X-rays of her lungs were so bad, doctors thought she had cancer.
Enlarge / Scanning electron micrograph of Mycobacterium tuberculosis bacteria, which cause TB.
A woman in Washington state is facing electronic home monitoring and possible jail time after spending the past year willfully violating multiple court orders to have her active, contagious case of tuberculosis treated and to stay in isolation while doing so.
Last week, the Tacoma-Pierce County Health Department announced that it was "monitoring" a case of active tuberculosis in a county woman who had refused treatment.
"Most people we contact are happy to get the treatment they need," Nigel Turner, division director of Communicable Disease Control, said in a press announcement last week. "Occasionally people refuse treatment and isolation. When that happens, we take steps to help keep the community safe."
But reporting by The News Tribune discovered that the woman's refusal to heed public health guidance is a long-standing challenge for local officials. Documents filed in the Pierce County Superior Court and reviewed by the Tribune found that the woman's first court order for involuntary isolation dates back more than a year ago, to January 19, 2022.
Deadly threat
Tuberculosis is a bacterial infection caused by Mycobacterium tuberculosis, which mostly causes disease in the lungs, though it can invade other areas of the body. It can easily turn deadly without proper treatment. M. tuberculosis is transmitted through the air when an infected person coughs, sneezes, spits, or launches bacterial cells around them. Although transmission mostly occurs from close, prolonged contact, inhaling only a few of these microscopic germs is enough to spark an infection. According to the World Health Organization, tuberculosis is one of the top infectious disease killers in the world, causing 1.6 million deaths in 2021.
Treatment for tuberculosis is not easy—in uncomplicated cases, it takes a four-month or six-month course of four types of antibiotics to effectively rid the infection. But M. tuberculosis is becoming increasingly drug-resistant, even extensively drug-resistant (XDR-TB), both of which are considered a global public health crisis and health security threat. These drug-resistant cases can take up to 20 months of antibiotic courses to shake using alternative treatments that can be expensive and toxic. But drug resistance develops or increases if patients fail to complete or properly take their prescribed antibiotic courses—as is the case for the Washington woman.
The January 2022 court documents noted that "The Local Health Officer ordered [the woman] to self-isolate and treat; which she declined to do. [The woman] has not complied with such efforts, has discontinued treatment and is unwilling to resume treatment or voluntarily self-isolate." As such, the health department was seeking an orde
(read more)
Better font rendering for Windows.
Latest beta
2021.1-RC1 (Recommended)
Official site
MacType official site:
http://www.mactype.net
What's new?
Win10 compatible
CET compatible
Updated FreeType
Support for color fonts 😎
New installer
Lots of bug fixes
Updates for multi-monitor support
Tray app can intercept explorer in Service Mode now
Tweaks for diacritics
Updates to EasyHook
Lower CPU in Tray Mode
Better DirectWrite support thanks to しらいと[http://silight.hatenablog.jp]
Separate DirectWrite parameter adjustment
Traditional Chinese localization greatly improved thanks t
(read more)
Activision-Blizzard pays $35m to send SEC away, Microsoft merger still in doubt
The Register - Tue Feb 7 01:35
Rather than face proceedings before the US Securities and Exchange Commission, Activision Blizzard has agreed to pay $35 million to settle charges that it both failed to maintain appropriate misconduct reporting controls over so-called "frat boy culture," and also violated whistleblower protection laws.
More specifically, the SEC alleged the World of Warcraft maker "lacked controls and procedures among its separate business units to collect and analyze employee complaints of workplace misconduct" between 2018 and 2021. The toxic work culture at the company was the source of frequent complain
(read more)
Opinion The tech sector is failing at cybersecurity. Global spending on the stuff is at $190 billion a year, a quarter of the US defense budget. That hasn't stemmed an estimated $7 trillion in annual cybercriminal damages. People are fond of saying that the Wild West days of the internet are over, but on those numbers an 1875 Dodge City bank vault looks like Fort Knox.
So where's the sheriff? There are plenty of posses; no end of companies both small and large selling security by the bushel. Firewalls, scanners, heuristic, intrinsic, behavioral, managed, managerial, in-cloud, on-prem, you can mix and match the buzzwords and buy into every new idea. What you can't do is make your systems safe.
If you do want a safe bet in cybersecurity, it's that things aren't going to change any time soon without some fundamental shift in how the market works – if 40 years of constant failure can be called working.
We have so little reason to trust what's on offer or those offering it. Several stories last week show this: Apple, which makes a big play of intrinsic platform security, is heading to court for ignoring user consent and silently gathering app data anyway. Microsoft, even as it announces the extension of its security platform into Linux, reveals it fumbled its switches on its service infrastructure and took business-critical access away from its customers. These are the big shots in town, but they can't shoot straight.
It's almost as if we can't rely on the private sector to protect us against crime. Guess what: we never could and we never will. The state has to take on that role – usually late, usually badly, and usually against the wishes of those who like their crimes kept in the private sector, but usually to better effect than the alternatives.
Public governance and policing of cybercrime is a mixed bag. After a decade or so of mischief, most legislatures got around in the 1990s to defining and outlawing computer misuse by unauthorized parties. If you get caught, there's at least a book to throw at you. It's the catching that's the problem.
State agencies concentrate on areas where IT is used to further more traditional crimes – drugs, extortion, organized theft and international money laundering, all those fun things. Less so the cybercrime that depends on the characteristic ability of the internet to let small groups operate at scale to commit data-centric badness and move on quickly from target to target. Effective policing here needs to replicate what works in the physical world: inhabit the places where the crimes take place, work with the consent of the general population, and become proficient with the tools, thought processes, and human networks of the criminals.
FOSS could be an unintended victim of EU crusade to make software more secure
Bill shock? The red ink of web services doesn't come out of the blue
Time to study the classics: Vintage tech is the future of enterprise IT
Disruptive innovation's like a party. It's always happening elsewhere
Would you trust the police – by extension, the state – with your data, personal or corporate? Bit of a problem there, especially with s
(read more)
In an attempt to explain why the company had laid off 12,000 employees, Sundar Pichai, the CEO of Google's parent company, Alphabet, said executives decided to slash jobs after a "rigorous review" of Google's internal structures and organization. Pichai suggested that the company "hired for a different economic reality" than the one it faced and that the layoffs were necessary to set Google up for the future.But while Pichai, who made $280 million in compensation in 2019, said he took "full responsibility for the decisions that led us here," he failed to elucidate those choices. He didn't mention that during his time at the helm Google has been hit with billions of dollars' worth of antitrust fines, been left in the dust by OpenAI's ChatGPT despite "pivoting the company to be AI-first," and seen its core search product get steadily worse. And though Pichai later said at a company town hall that "all roles above the senior-vice-president level will witness a very significant reduction in their annual bonus," including his own, the vast majority of the pain from his missteps seemed to fall squarely on the shoulders of the 12,000 people who were let go. The employees who were laid off — via email — included several high-performing staff members and longtime employees, such as an engineer who'd been at the company for 20 years and who described the sudden layoff as a "slap in the face."This sort of responsibility dodging is running rampant around Silicon Valley. CEOs at companies like Amazon, Microsoft, Salesforce, and Meta set their companies on an unsustainable course, investing in boneheaded new ventures and assuming the pandemic-driven tech boom would be a new normal. Now that those expectations have been shattered, rank-and-file tech workers are bearing the brunt of these bad decisions, while the executives most responsible for the messes face little to no meaningful consequences.
Any executive who participates in decision-making that leads to hundreds or thousands of people losing their jobs should be the one leading them out the door. Pichai and other tech CEOs shouldn't be making $280 million a year or even $1 million a year — they should be fired for poorly managing some of the largest companies in the world.CEOs made mistakes, workers bear the bruntIn their layoff announcements, pretty much every tech company placed the blame for the cuts on the economy. At Amazon, the cuts were supposedly necessary because of "supply chain difficulties, inflation, and productivity overhang" and economic uncertainty. Salesforce CEO Marc Benioff cited the "economic downturn we're now facing" as the reason for the company's 10% headcount reduction, and Workday laid off 3% of its workforce based on a "global economic environment that is challenging for companies of all sizes." PayPal CEO Dan Schulman pinned the blame for his company's decision to lay off 2,000 employees on the "challenging macro-economic environment."But in many instances, the real source
(read more)
Large language models (LLMs) like the GPT family learn the statistical structure of language by optimising their ability to predict missing words in sentences (as in 'The cat sat on the [BLANK]').
Despite the impressive technical ju-jitsu of transformer models and the billions of parameters they learn, it's still a computational guessing game.
ChatGPT is, in technical terms, a 'bullshit generator'.
If a generated sentence makes sense to you, the reader, it means the mathematical model has made sufficiently good guess to pass your sense-making filter.
The language model has no idea what it's talking about because it has no idea about anything at all.
It's more of a bullshitter than the most egregious egoist you'll ever meet, producing baseless assertions with unfailing confidence because that's what it's designed to do.
It's a bonus for the parent corporation when journalists and academics respond by generating acres of breathless coverage, which works as PR even when expressing concerns about the end of human creativity.
Unsuspecting users who've been conditioned on Siri and Alexa assume that the smooth talking ChatGPT is somehow tapping into reliable sources of knowledge, but it can only draw on the (admittedly vast) proportion of the internet it ingested at training time.
Try asking Google's BERT model about Covid or ChatGPT about the latest developments in the Ukraine conflict.
Ironically, these models are unable to cite their own sources, even in instances where it's obvious they're plagiarising their training data.
The nature of ChatGPT as a bullshit generator makes it harmful, and it becomes more harmful the more optimised it becomes.
If it produces plausible articles or computer code it means the inevitable hallucinations are becoming harder to spot.
If a language model suckers us into trusting it then it has succeeded in becoming the industry's holy grail of 'trustworthy AI'; the problem is, trusting any form of machine learning is what leads to a single mother having their front door kicked open by social security officials because a predictive algorithm has fingered them as a probable fraudster, alongside many other instances of algorithmic violence.
Of course, the makers of GPT learned by experience that an untended LLM will tend to spew Islamophobia or other hatespeech in addition to talking nonsense.
The technical addition in ChatGPT is known as Reinforcement Learning from Human Feedback (RHLF).
While the whole point of an LLM is that the training data set is too huge for human labelling, a small subset of curated data is used to build a monitoring system which attempts to constrain output against criteria for relevance and non-toxicity.
It can't change the fact that the underlying language patterns were learned from the raw internet, including all the ravings and conspiracy theories.
While RLHF makes for a better brand of bullshit, it doesn't take too much ingenuity in user prompting to reveal the bile that can lie beneath.
The more plausible ChatGPT becomes, the more it recapitulates the pseudo-authoritative rationalisations of race science.
It also shows that despite the boast that
(read more)
A top US cyber diplomat said his Twitter account was compromised over the weekend.
Nate Fick, the inaugural US ambassador at large for Cyberspace and Digital Policy, on Saturday announced the hack of his personal account (not the government agency one) with - of course - a tweet.
"Perils of the job," he added, suggesting that his sense of irony remains intact. Assuming that was an authorized tweet, of course.
My account has been hacked. Perils of the job…
— Nate Fick (@ncfick) February 5, 2023
The US Department of State did not immediately respond to The Register's questions about who was responsible for the attack, how they accessed Fick's account, or whether the miscreants posted a
(read more)
New battery seems to offer it all: lithium-metal/lithium-air electrodes
Ars Technica - Mon Feb 6 23:01
Current lithium-based batteries are based on intercalation—lithium ions squeeze into spaces within electrode materials such as graphite. A
(read more)
%PDF-1.4
%����
299 0 obj <>
endobj
xref
299 15
0000000016 00000 n
0000001221 00000 n
0000001495 00000 n
0000001756 00000 n
0000002264 00000 n
0000002876 00000 n
0000002912 00000 n
0000003161 00000 n
0000003404 00000 n
0000003481 00000 n
0000005660 00000 n
0000006166 00000 n
0000006422 00000 n
0000001041 00000 n
0000000607 00000 n
trailer
<<8F6ECC9B26DE9A4EB5CC48BA519C69AA>]>>
startxref
0
%%EOF
313 0 obj<>stream
x�b```b``Qe`a``lb�[email protected]~V da���*b�
���c�E�E�η: q������ (�%��J�DpOX3#S�d��K���Tv�Im������t<*�!Թ�X�ԋO�)Pj��ķ�A���l��8�����u��9
(read more)
US woman has walked around with untreated TB for over a year, now faces jail
Ars Technica - Mon Feb 6 22:20
Menace to society —
Recent X-rays of her lungs were so bad, doctors thought she had cancer.
(read more)
Simulation of tsunami from dinosaur-killing asteroid that brought 2.5 mile waves
Hacker News - Tue Feb 7 00:39
The 6+ miles wide asteroid that hit Earth 66 million years ago, widely accepted to have wiped out nearly all the dinosaurs and roughly three-quarters of the planet’s plant and animal species, also triggered a megatsunami with mile-high waves. Recent historical tsunamis pale in comparison with this globally catastrophic event, thought to be 30,000 times more initial energy than any recorded events.
In this dataset, the black continents depict the land masses at the time of the impact, around 66 million years ago. The white country borders show where the land masses are today — moving at approximately 2.5 cm (1 inch) per year, the continents are constantly drifting. The animation shows tsunami wave amplitude 10 minutes after impact until 48 hours after impact, shown in hours below the scale. After the first 48 hours, the tsunami had mostly subsided except near the point of impact. The colors on the tsunami animation are associated with both positive (red) and negative (blue) wave amplitudes, highlighting how the ocean ripples with both higher and lower water levels in the ocean basins during a catastrophic tsunami.
Note that even though the color bar numerical values top out at +/- 5 meters, the wave amplitudes were much more extreme in some places. Two and a half minutes after the asteroid struck, a curtain of ejected material pushed a wall of water outward from the impact site, briefly forming a 4.5 kilometers high (2.8 miles) wave that subsided as the ejecta fell back to Earth. Ten minutes after the projectile hit the Yucatan, and 220 kilometers (137 miles) from the point of impact, a 1.5 kilometers high (0.93 miles) tsunami wave—ring-shaped and outward-propagating—began sweeping across the ocean in all directions, according to the U-M simulation.
An international group of researchers from academic institutions and government agencies, including NOAA’s Pacific Marine Environmental Lab and Geophysical Fluid Dynamics Lab, combined numerical modeling and analysis of geological records to recreate the global impact of the tsunami generated by the asteroid. This dataset presents the first global simulation of the Chicxulub asteroid impact
(read more)
Getty sues Stability AI for copying 12M photos and imitating famous watermark
Ars Technica - Mon Feb 6 22:04
Getty or not —
Getty lawsuit against Stability AI could change how courts view web scraping.
Getty Images is well-known for its extensive collection of millions of images, including its exclusive archive of historical images and its wider selection of stock images hosted on iStock. On Friday, Getty filed a second lawsuit against Stability AI Inc to prevent the unauthorized use and duplication of its stock images using artificial intelligence.
According to the company's newest lawsuit filed in a US district court in Delaware, “Stability AI has copied more than 12 million photographs from Getty Images’ collection, along with the associated captions and metadata, without permission from or compensation to Getty Images, as part of its efforts to build a competing business.”
In this lawsuit, Getty alleged that Stability AI went so far as to remove Getty’s copyright management information, falsify its own copyright management information, and infringe upon Getty’s “famous trademarks” by duplicating Getty’s watermark on some images. Reuters reported Getty's second lawsuit against Stability AI followed last month's fi
(read more)
China's ambition to record government and commercial activity on a blockchain has a new engine: a 1,000-server cluster in Beijing capable of handling 240 million smart contract transactions each second.
The machine is notable for two reasons.
One is that this rig uses homegrown tech. The cluster is linked to ChainMaker – a made-in-China blockchain platform that's been contributed to and/or adopted by significant Chinese private and government enterprises. ChainMmaker has also claimed to have developed 96-core silicon designed to accelerate blockchain transactions. The Beijing Academy of Blockchain and Edge Computing – understood to be the designer of the facility – has previously announced it has developed petabyte-scale storage systems.
With the USA leading bans on export of high tech to China, rigs like this show that Beijing can build big and complex things.
The second reason is that this rig demonstrates that Beijing's drive for extensive blockchain use is real, and ready to roll.
As state-controlled media reports on the cluster explain, it will be used to secure and record transactions across 80 departments, 16 districts, and organizations in the fields of transportation, finance, and telecommunications, and is intended to ensure information flows back to Beijing to realize "efficient coordination of the governance system."
And at quite a scale, suggesting China is going to make smart contracts an important part of its business environment.
It's just the sort of thing one might expect in a single party state that exercises close control over economic development and likes to keep tabs on organizations' performance.
China aims to grow local infosec industry by 30 percent a year, to $22 billion by 2025
Beijing blitz of crypto promotions and marketing underway
China’s top court calls for blockchain to record vast number of transactions
China's blockchain boosters slam crypto as Ponzi scheme
The rig is likely one of Earth's mightiest blockchain implementations, which will give boosters of such technology heart. Expect them to promote its use – and distinguish those efforts from the wretched hive of scum a
(read more)
DEAR WORLD RADIO AMATEURS - DUE TO THE MASSIVE EARTHQUAKES IN TURKEY, 28.540 MHZ (USB) FREQUENCY HAS BEEN DETERMINED AS A DISASTER COMMUNICATION FREQUENCY
PLEASE DO NOT BUSY THIS FREQUENCY 73 TA1XX
Last edited by a moderator: Feb 6, 2023 at 4:45 PM
A 7.8 Magnitude earthquake hit Türkiye and Syria at 01:17UTC on 6th February leading to a large loss of life and many casualties. Aftershocks continue in the area with another large 7.5 magnitude event happening at 10:24UTC affecting the response. The emergency communications group of TRAC will be involved in the response activities, primarily expected to be on VHF/UHF but they do also use 3.777 and 7.092MHz as needed. Radio Amateurs are requested to give way to any emergency traffic around those frequencies.
https://www.iaru-r1.org/2023/turkiye-earthquake-6-february-2023/
Prayers to the people who lost their lives. Sorry this happened.....
Thank you dear OM,
As 3C3CA I was monitoring all the day the frequency.
As originally TA2OM, I'm grateful to all OM's keeping the frequency clear for important, responsible announcements. Yes they were some people send CW on the fq or using only +2 to have QSO, it was clear readable also in Equatorial Guinea.
We are very sad...
73
Prayers are being lifted u
(read more)
Having an enclosure around an FDM 3D printer is generally a good idea, even when printing only with PLA, as it keeps the noise in, and the heat (and smell, with ABS) inside. With all the available options for enclosures out there, however, [David McDaid] figured that it should be possible to make an enclosure that does not look like a grow tent and is not overly expensive. He also shared the design files on GitHub.
The essential idea is very simple and straightforward: the structural part is cut out of pine beams that are cut to size and joined into a cube by (3D-printed) corner brackets, with acrylic (Perspex) sheets filling in the space between the wooden beams. A door is formed using (also 3D-printed) hinges and door handles. The whole enclosure is rounded off with a
(read more)
Here is a copy of the MIT license. One of the well-known open source licenses. It is, effectively, the only license that I’ve used for software I wrote or contributed in the last 10 years:
Copyright
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS
(read more)
A sneaky botnet dubbed HeadCrab that uses bespoke malware to mine for Monero has infected at least 1,200 Redis servers in the last 18 months.
The compromised servers span the US, UK, German, India, Malaysia, China and other countries, according to Aqua Security's Nautilus researchers, who discovered the HeadCrab malware and have now found a way to detect it.
"The victims seem to have little in common, but the attacker seems to mainly target Redis servers and has a deep understanding and expertise in Redis modules and APIs as demonstrated by the malware," Asaf Eitani and Nitzan Yaakov reported.
Open-source Redis database servers do not have authentication switched on by default, which is something the HeadCrab attackers use to their advantage. If administrators don't enable authentication, or ensure the servers run on a secure, closed network as opposed to being exposed to the internet, the servers are vulnerable to unauthorized access and command execution. It appears a lot of them aren't.
Additionally, Redis clusters use master and slave servers for data replication and synchronization, which HeadCrab also takes advantage of in its attacks.
After th
(read more)
You do not have to follow these rules every time. If you have a good reason to break any of them, do. But they are safe to follow every time.
Use near-black and near-white instead of pure black and white
Pure black looks unnatural on a screen, and pure white is too bright. Use close-to-black and close-to-white instead. Any other references to “black” and “white” in these rules assume you’re following this rule.
Saturate your neutrals
A neutral is generally a black, white, or grey. If you use colour in your interface, add a little bit of that colour to your neutrals. This will make the colour palette feel more coherent. If you use the HSB colour system less than 5% saturation should do it.
Use high contrast for important elements
Important elements means buttons, content, or anything else that the user needs to notice. A higher contrast means that the element will grab attention, which is useful for important elements. Elements that the user does not need to notice (e.g. structural elements, drop-shadows) can use as little contrast as possible.
Everything in your design should be deliberate
You should be deliberate about absolutely everything in your design. This means whitespace, alignment, size, spacing, colour, shadows. Everything. If someone points at a random part of your design you should have an explanation for why it looks that way. If you do not do this your design will not feel coherent.
If you are new to design you can use this rule as a prompt to learn more about what you are not deliberate about yet.
Optical alignment is often better than mathematical alignment
Your design soft
(read more)
The man accused of bringing down decentralized crypto exchange Mango Markets through market manipulation has made his first appearance in court in connection with the theft of millions in cryptocurrency.
Avraham Eisenberg was arrested in late December in Puerto Rico in relation to charges [PDF] filed by the US Securities and Exchange Commission, which allege he made off with more than $110 million in crypto "by artificially manipulating the price of certain perpetual futures contracts."
A Department of Justice grand jury indicted Eisenberg in early January, leading to this latest court hearing.
According to the lawsuit, Eisenberg is alleged to have used a pair of accounts on Mango Markets to pump the price of the MNGO "governance token" used on the platform. Using a series of trades between his two accounts at incrementally higher prices, the SEC alleges that Eisenberg raised the value of MNGO by more than 2,200 percent in a single day of trading.
Eisenberg, in turn, used his position "as collateral to borrow and ultimately withdraw from the Mango Markets platform approximately $116 million worth of various crypto assets – some of which belonged to investors trading on the Mango Markets platform, thereby draining all available assets from the platform," the suit alleges.
On October 12, 2022, a day after the attack, Mango's decentralized autonomous organization (DAO) decided to halt a new platform upgrade, and closed its entire market. As of now
(read more)
A free tool aims is helping organizations defend against KillNet distributed-denial-of-service (DDoS) bots and comes as the US government issued a warning that the Russian cybercrime gang is stepping up its network flooding attacks against hospitals and health clinics.
At current count, the KillNet open proxy IP blocklist lists tens of thousands of proxy IP addresses used by the Russian hacktivists in their network-traffic flooding events. SecurityScorecard's threat researchers developed the list following their ongoing investigation into Killnet and other network-spamming miscreants.
"DDoS a
(read more)
The best TV deals ahead of the Super Bowl —
In the market for a new TV? Now is the perfect time to score a big deal.
Whether you're looking to kick off your Super Bowl party or just in the market for a new TV, this is one of the best times to shop for a new big-screen TV for your living room. We found plenty of deals and discounts on QLED, OLED, and LED TVs. And even though 4K is now the standard, you can also opt to future-proof your n
(read more)
Hackers are mass infecting servers worldwide by exploiting a patched hole
Ars Technica - Mon Feb 6 21:32
ONGOING ATTACK CAMPAIGN —
Servers running unpatched versions of ESXi are sitting ducks for ESXiArgs attacks.
Getty Images
An explosion of cyberattacks is infecting servers around the world with crippling ransomware by exploiting a vulnerability that was patched two years ago, it was widely reported on Monday.
The hacks exploit a flaw in ESXi, a hypervisor VMware sells to cloud hosts and other large-scale enterprises to consolidate their hardw
(read more)
We’ve just uploaded mypy 1.0 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:
python3 -m pip install -U mypy
You can read the full documentation for this release on Read the Docs.
New Release Versioning Scheme
Now that mypy reached 1.0, we’ll switch to a new versioning scheme. Mypy version numbers will be of form x.y.z.
Rules:
The major release number (x) is incremented if a feature release includes a significant backward incompatible change that affects a significant fraction of users.
The minor release number (y) is incremented on each feature release. Minor releases include updated stdlib stubs from typeshed.
The point release num
(read more)
A new PostgreSQL extension is now available in Supabase: pgvector, an open-source vector similarity search.
The exponential progress of AI functionality over the past year has inspired many new real world applications. One specific challenge has been the ability to store and query embeddings at scale.
In this post we'll explain what embeddings are, why we might want to use them, and how we can store and query them in PostgreSQL using pgvector.
What are embeddings?
Embeddings capture the “relatedness” of text, images, video, or other types of information. This relatedness is most commonly used for:
Search: how similar is a search term to a body of text?
Recommendations: how similar are two products?
Classifications: how do we categorize a body of text?
Clustering: how do we identify tr
(read more)
proposal: log/slog: structured, leveled logging · Issue #56345 · golang/go
lobste.rs - Mon Feb 6 21:10
We propose a new package providing structured logging with levels. Structured logging adds key-value pairs to a human-readable output message to enable fast, accurate processing of large amounts of log data.
See the design doc for details.
fsouza, zephyrtronium, r5sec5cyl, willfaught, AndrewHarrisSPU, carlmjohnson, gilcrest, wdvxdr1123, komuw, rverton, and 138 more reacted with thumbs up emoji
tdakkota, mrwormhole, aea7, 08d2, nahwinrajan, zxysilent, salehmu, and blissd reacted with thumbs down emoji
septemhill, fsouza, smlx, r5sec5cyl, gilcrest, hnakamur, bytheway, collinforsyth, mikeschinkel, cypres, and 12 more reacted with ho
(read more)
LibreOffice 7.5 update: A great time to jump on this FOSS productivity suite
The Register - Mon Feb 6 21:04
FOSDEM The Document Foundation has released LibreOffice 7.5 with a host of improvements. Windows and Mac users can just download it, and for Linux types the new version is already up on Flathub.
LibreOffice, formerly known as OpenOffice, and before that StarOffice, is the go-to FOSS office suite, but there's always room for improvement. This version is a bit prettier than before, with new, much more colorful icons for both the individual modules and their respective documents.
We liked this – frankly they were verging on drab before. There's also improved dark mode support. As before, there's a choice of UIs: you can have old-style menus and toolbars, or a single context-sensitive toolbar, or a tabbed toolbar (which is to say, a ribbon), if you like that sort of thing, which can be full
(read more)
Generative AI is out of control: Nothing, Forever is a Seinfeld spoof about nothing... forever
The Register - Mon Feb 6 21:03
Updated When plague winds howl across the surface of cadaver world Earth, humanity long dead by its own hand, imperial archaeologists picking through the remnants will excavate a bunker. Inside they will find a primitive computer. The computer broadcasts AI-generated spoof Seinfeld episodes for eternity.
This is the haunting promise of the Twitch channel watchmeforever officially launched last week by Mismatch Media, which claims to be about "experimental forms of television shows, video games, and more, through generative... and other machine learning technologies."
Twitch is a good place for "experimental" TV because that's exactly what it is. Viewers can interact with livestreamed video in real time, though the vast bulk of broadcasters use it to show off their skill (or lack thereof)
(read more)
In the old days, scanners would listen to a bunch of channels in a round-robin fashion. If a signal breaks the squelch, the scanner stops and scanning continues scanning after a few seconds of inactivity. But with modern SDRs, you don’t have to listen to one channel at a time. You can listen to all of them. [Tech Minds] shows RTL SDR Scanner on Linux to record up to 20 MHz of the band simultaneously. It records all the channels in the band of interest. The actual project is on GitHub.
Once recorded, you can use a Web interface to listen to the channels and see some statistics about them. [Tech Minds] tried recording aircraft traffic. It worked, but the program doesn’t know how to demodulate AM yet so if you want to record the entire shortwave band, aircraft, or othe
(read more)
In software we express our ideas through tools. In data, those tools think in rectangles. From spreadsheets to the data warehouses, to do any analytical calculation, you must first go through a rectangle. Forcing data through a rectangle shapes the way we solve problems (for example, dimensional fact tables, OLAP Cubes).But really, most data isn’t rectangular. Most data exists in hierarchies (orders, items, products, users). Most query results are better returned as a hierarchy (category, brand, product). Can we escape the rectangle?Malloy is a new experimental data programming language that, among other things, breaks the rectangle paradigm and several other long held misconceptions in the way we analyze data. This example is going to start off very simple, but as you will
(read more)
Apple could skip an M2 Mac Studio update to boost Apple Silicon Mac Pro
Ars Technica - Mon Feb 6 20:42
pro no —
That's one way to address the potential overlap between the two high-end Macs.
Enlarge / Apple's Mac Studio desktop.Andrew Cunningham
If rumors are to be believed, Apple has had to scale back its ambitions for the Apple Silicon Mac Pro. A planned performance-boosting "M2 Extreme" chip has suposedly been canceled, and some of the perks people normally associate with the Mac Pro—upgradeable RAM and graphics—likely won't be supported because of the way Apple Silicon chips are designed.
Which leaves us with, if the most recent rumors are accurate, a high-end Mac Studio with user-accessible storage slots stuffed into the current
(read more)
Preparing for the worst —
UK inquiry's preliminary findings could be issued as early as this week.
Enlarge / A small selection of the characters that would be part of Microsoft if its proposed Activision/Blizzard merger is allowed to go through.
Microsoft's legal team now expects Britain's Competition and Markets Authority to formally oppose its long-planned $69 billion merger with Activision Blizzard. That's according to "four people briefed on the matter" cited many paragraphs deep in a New York Times report about the direction of globalized antitrust regulation.
Microsoft expects the European Union's separate "in-depth" investigation i
(read more)
My iPhone SE 2016 is a good one. It’s easy to handle with one hand. The screen is more than decent. For most things the camera is good enough. It has a headphone jack. Good battery life. The Touch ID works faster than Face ID.I dropped it on the pavement a few times. No problem, only the casing has a few scratches and dents. To you it may look like a piece of junk now, but to me it’s like that proverbial old pair of jeans.Now you may think that it’s slow as mud in a pond. But, contrary to my experience with previous models, the iPhone SE actually got faster with iOS updates! It’s 2023 and this is still a really good phone. None of the currently supported iPhones is as small and light as my current phone. They all are more expensive. And I believed technology was getting sma
(read more)
Colossal clacker —
Unlike other novelty jumbo keyboards, this one has lubed switches and a numpad.
Enlarge / So big it takes two to maneuver.
Sometimes, bigger is better. And sometimes, bigger is just... massive. That's the word that comes to mind when looking at and pricing the latest DIY mechanical keyboard from YouTuber Glarses that's as long and costly as he is tall.
Enlarge / Colossal keyboard completed.
As you might imagine, mechanical keyboards with buttons so big you could comfortably use more than one finger to press one are rather rare. Budget peripheral-maker Redragon has one that you can actually buy that is 1.9 feet long, 7.
(read more)
As a child, I was told many "indoctrinating" stories. While I don't care to name them here, many of these stories were meant to educate and set examples for students. There is one in particular that I find applicable for this discussion. The story goes like this:
A young soldier was walking with the general. As they walked on the stone path to cross the stream that surrounded their encampment, the young soldier slipped on a stone. Feeling flustered in front of the general, the young soldier quickly put the stone back in place to catch up.
Once they reached the other side, the general asked "aren't you afraid that you'll slip on the same stone on the way back?"
"That's okay. I'll know which stone to watch out for," said the young soldier.
To which the general replied "what about the rest o
(read more)
Twitter suspended 400K for child abuse content but only reported 8K to police
Ars Technica - Mon Feb 6 20:01
NurPhoto / Contributor | NurPhoto
Last week, Twitter Safety tweeted that the platform is now “moving faster than ever” to remove child sexual abuse materials (CSAM). It seems, however, that’s not entirely accurate. Child safety advocates told The New York Times that after Elon Musk took over, Twitter started taking twice as long to remove CSAM flagged by various organizations.
The platform has since improved and is now removing CSAM almost as fast as it was before Musk’s takeover—responding to reports in less than two days—The Times reported. But there still seem to be issues with its CSAM reporting system that continue to delay response times. In one concerning case, a Canadian organization spent a week notifying Twitter daily—as the illegal imagery of a victim younger than 10 spread unchecked—before Twitter finally removed the content.
"From our standpoint, every minute that that content's up, it's re-victimizing that child," Gavin Portnoy, vice president of communications for the National Center for Missing and Exploited Children (NCMEC), told Ars. "That's concerning to us."
Twitter trust and safety chief Ella Irwin tweeted last week that combating CSAM is “incredibly hard,” but remains Twitter Safety’s “No. 1 priority.” Irwin told The Times that despite challenges, Twitter agrees with experts and is aware that much more can be done to proactively block exploitative materials. Experts told the Times that Twitter’s understaffing of its trust and safety team is a top concern, and sources confirmed that Twitter has stopped investing in partnerships and technology that were previously wo
(read more)
Judge tosses Joy-Con drift class action because of Switch’s pop-up EULA
Ars Technica - Mon Feb 6 19:22
Switching tactics —
Kids can't sign the license, but that also doesn't give them the right to sue.
Enlarge / Replacing a drifting Joy-Con joystick is a lot easier than finding standing to sue Nintendo about it.
A potential class-action lawsuit over the joystick drift experienced by Nintendo Switch owners has been dismissed, with a federal judge ruling that Nintendo's end-user license agreement (EULA) for the console bars such lawsuits.
In a filing from late November, but seemingly only recently noticed by games media, William Alsup, US District Judge for the Northern District of California, ruled (PDF) that two plaintiffs, both minors, were not able to sue Nintendo because setting up the Switch requires agreeing to a EULA that has arbitration and forum-selection clauses. The minors and their mothers were the original plaintiffs, but after an arbitrator ruled that the mothers couldn't pursue a claim because their children had accepted the EULA, they attempted to refile the case, with the children as plaintiffs. Because Nintendo's EULA requires a person to be at least 18 years old to sign it, the mothers argued, the children could not have agreed to it and should be able to pursue their case.
But Alsup ruled that the parents who purchased the console were the true owners and that they had failed to assign ownership to the children. Having already sent the parents to arbitration, the judge denied the plaintiffs' request to amend their complaint and dismissed the case.
(read more)
Drones are spying on the U.S. and The Pentagon acts like they’re UFOs (2021)
Hacker News - Mon Feb 6 20:07
We may not know the identities of all the mysterious craft that American military personnel and others have been seeing in the skies as of late, but I have seen more than enough to tell you that it is clear that a very terrestrial adversary is toying with us in our own backyard using relatively simple technologies—drones and balloons—and making off with what could be the biggest intelligence haul of a generation. While that may disappoint some who hope the origins of all these events are far more exotic in nature, the strategic implications of these bold operations, which have been happening for years, undeterred, are absolutely massive.Our team here at The War Zone has spent the last two years indirectly laying out a case for the hypothesis that many of the events involving supposed UFOs, or unidentified aerial phenomena (UAP), as they are now often called, over the last decade are actually the manifestation of foreign adversaries harnessing advances in lower-end unmanned aerial vehicle technology, and even simpler platforms, to gather intelligence of extreme fidelity on some of America's most sensitive warfighting capabilities. Now, considering all the news on this topic in recent weeks, including our own major story on a series of bizarre incidents involving U.S. Navy destroyers and 'UAP' off the Southern California coast in 2019, it's time to not only sum up our case, but to discuss the broader implications of these revelations, what needs to be done about them, and the Pentagon's fledgling 'UAP Task Force' as a whole.A big pill to swallowYes, I realize that the idea that an adversary is penetrating U.S. military training areas unmolested, and has been for years, using lowly drone technology and balloons, is a big pill to swallow, but as one of the people who have repeatedly warned about the threat posed by lower-end drones for a decade—warnings that largely were dismissed by the Pentagon until drones made or altered in ramshackle ISIS workshops in a war zone were literally raining down bomblets on U.S. and allied forces in Iraq—it isn't really surprising at all. Nor is the fact that the Defense Department is still playing catch-up when it comes to t
(read more)
Musk, Tesla win securities fraud battle over that 'funding secured' tweet
The Register - Mon Feb 6 19:21
Elon Musk and Tesla have been found not liable by a jury in a securities fraud trial in which the billionaire and his automaker were accused of misleading investors.
The verdict came on late Friday afternoon at a federal court in San Francisco. It was claimed Musk and Tesla cheated shareholders by tweeting in August 2018 about taking the car manufacturer private at $420 per share – a business move that never actually materialized.
According to Musk, Saudi Arabia’s sovereign wealth fund had informally agreed to put up cash to help take Tesla off the stock market, but that apparently fell through. Amid that drama, the tycoon – who now owns and runs Twitter – emitted the following fateful tweet:
Am considering taking Tesla private at $420. Funding secured.
— Elon Musk (@elonmusk) August 7, 2018
At the time, Tesla was trading at about $23 a share. It peaked at about $407 in November 2021, and is now at $198 apiece.
In 2018, America's financial watchdog the SEC filed a lawsuit against Musk over that tweet, pointing out there appeared to be no actual funding in the bag for such a move.
Elon Musk shows what being Chief Twit is all about across weird weekend
READ MORE
Then investors moved in, and sued Musk for securities fraud: they claimed his tweets about Tesla goin
(read more)
When a Texas school district sold some old laptops at auction last year, it probably didn't expect to end up in a public legal fight with a local computer repair shop – but a debate over what to do with district data found on the liquidated machines has led to precisely that.
The San Benito Consolidated Independent School District sold more than 3,500 devices at auction in July 2022, of which 700 were purchased by local computer repair and resale shop RDA Technologies.
RDA co-owner David Avila said he found 11 hard drives the district had failed to wipe, and which contained sensitive data on employees and students. Avila told local media that he reported the presence of the data to the district in October, saying "legally, it's their job to wipe out or destroy hard drives."
It's here things start to get complicated.
The district admitted to the exposure of the data as a result of the sale to RDA, but said Avila's company "has not agreed to our proposed solution." Avila disputed that characterization in a late January interview, saying that the district wanted him to sign a nondisclosure agreement as part of a deal to buy back the 11 computers, and an additional 503 that hadn't been inspected.
Avila says he wants the district to be open about the errors in its process – particularly as he alleges some computers sold by the district went to foreign buyers – so is not willing to sign an NDA.
The district also claimed that it wasn't given the chance to inspect the machines to verify they contained the alleged data. Avila denied this too, claiming a representative from the district had visited his shop to inspect them in October. Local news media reported they had inspected a machine and verified the data was present.
The district fired back with a statement on February 2, along with a copy [PDF] of communications with RDA. Among those communications are accusations from the district's legal representatives that Avila is attempting to "extort" the district.
Conveniently absent from the trove of communications is Avila's initial message to San Benito. Also missing is anything that actually incriminates Avila in
(read more)
SpaceX CEO Elon Musk said over the weekend that, despite nearly two years since a successful launch, Starship will be flying again this March – with orbital ambitions.
"If remaining tests go well, we will attempt a Starship launch next month," Musk said in a tweet, which is backed up by an FCC application SpaceX filed for a Starship launch window between March and September.
According to SpaceX's application, the March launch will entail an "experimental orbital demo and recovery test of the Starship test vehicle from Boca Chica TX."
The last successful launch and recovery (or only, depending on how you classify them) was in May 2021, when Starship 15 reached 10,000 meters (32,808ft), or a little over six miles, and managed to land, but not without a little unexpected methane fire.
The Karman line, commonly accepted to be the spot where Earth's atmosphere ends and space begins, is around 100 kilometers, or 62 miles, above sea level.
In early February, Musk said he was "highly confident" Starship would reach orbit last year, which didn't happen. Gwynne Shotwell, SpaceX president and COO, said in 2019 that the company "definitely" wanted to land Starship on the Moon "before 2022," which definitely didn't happen.
SpaceX has a contract with NASA to land astronauts on the Moon using Starship as part of the Artemis program, which has been extended to order additional work on Starship for a planned 2027 landing of astronauts on the Moon using the craft.
Space: The final (climate change) frontier
Whether or not Starship is successful in its upcoming launch attempt, a study from a group of scientists out of New Zealand is pointing out something about the burgeoning space industry: we have very little idea the degree to which launches are harming the atmosphere and could put a new hole in the ozone layer.
Rocket fuels, the study found, emit "a suite of gaseous and particulate exhaust products" including carbon dioxide, water vapor, black carbon (soot), aluminum and nitrogen oxides, and reactive chlorine.
Based on current launch behavior, the team estimates that global rocket launches release 10 kilotons of carbon dioxide, six k
(read more)
If you are running video around your home theater, you probably use HDMI. If you are running it in a professional studio, however, you are probably using SDI, Serial Digital Interface. [Chris Brown] looks at SDI and shows a cheap SDI signal generator for an Arduino.
On the face of it, SDI isn’t that hard. In fact, [Chris] calls it “dead simple.” The problem is the bit rate which can be as high as 1.485 Gbps for the HD-SDI standard. Even for a super fast processor, this is a bit much, so [Chris] turned to the Arduino MKR Vidor 4000. Why? Because it has an FPGA onboard.
(read more)
Updated A Chinese high-altitude spy balloon, spotted drifting over America, has caused concern about national security – though the US Department of Defense says it will not be shot down by F22s at this time.
"The United States Government has detected and is tracking a high altitude surveillance balloon that is over the continental United States right now," read a statement from Pentagon press secretary brigadier general Pat Ryder. Ryder said the balloon was carefully being tracked by North American Aerospace Defense Command (NORAD) and does not currently pose a physical threat.
"Instances
(read more)
How Musk beat Tesla fraud lawsuit: Juror says case relied too much on tweets
Ars Technica - Mon Feb 6 19:13
Enlarge / Elon Musk attends the 2022 Met Gala at The Metropolitan Museum of Art on May 2, 2022, in New York City. Getty Images | Dimitrios Kambouris
Elon Musk's victory against a class-action lawsuit filed by Tesla investors took some legal experts by surprise. Investors had won a significant pretrial ruling when a judge found Musk's tweets about securing funding to take Tesla private were false and made recklessly—but a federal jury sided with Musk after the trial ended Friday.
"I thought he was crazy to try his chances at trial, given the stakes involved," University of Michigan law professor Adam Pritchard said, according to a New York Times story. Noting the judge's pretrial ruling on Musk's tweets being false and reckless, Pritchard said, "you're fighting with one hand behind your back in that situation—and yet he won."
Judge Edward Chen had instructed the jury in US District Court for the Northern District of California to assume that Musk's tweets were "untrue" and that "Mr. Musk acted with reckless disregard for whether the statements were true."
But plaintiffs still had to prove that Musk knew the tweets were false and that the tweets were material facts to investors—i.e., that the tweets caused Tesla investors to lose money. Plaintiffs claimed the tweets caused $12 billion in losses.
Juror: “The overall message, it just didn’t land”
Taking about two hours to reach a unanimous verdict in Musk's favor, the nine-person jury seemed to conclude that Musk believed what he wrote and that plaintiffs didn't prove the false statements moved the Tesla stock price. Jury foreperson Robin Cadogan spoke to the plaintiffs' lawyers after the verdict on Friday, and his comments were reported in several news stories.
Cadogan "said he wasn't persuaded by arguments that the tweets were material," a Wall Street Journal report said. "The overall message, it just didn't land," Cadogan said. "There was nothing there to give me an 'aha' moment."
According to a Bloomberg story, Cadogan also said the investors' case was "disorganized" and that "the defense had a better case."
"Musk's lawyers did a better job of showing 'he was presenting what he believed to be true,' and was acting as a genuine bidder for t
(read more)
The Samsung Galaxy S23’s bloated Android build somehow uses 60GB of storage
Hacker News - Mon Feb 6 18:53
256MB ought to be enough for anybody —
Samsung's Android build is 4x bigger than Google's—twice the size of Windows 11.
Enlarge / The square one is the S23 Ultra; the other two are the S23 and S23 Plus.
As a smartphone operating system, Android strives to be a lightweight OS so it can run on a variety of hardware. The first version of the OS had to squeeze into the T-Mobile G1, with only a measly 256MB of internal storage for Android and all your apps, and ever since then, the idea has been to use as few resources as possible. Unless you have the latest Samsung phone, where Android somehow takes up an incredible 60GB of storage.
Yes, the Galaxy S23 is slowly trickling out to the masses, and, as Esper's senior technical editor Mishaal Rahman highlights in a storage space survey, Samsung's new phone is way out of line with most of the ecosystem. Several users report the phone uses around 60GB for the system partition right out of the box. If you have a 128GB phone, that's nearly half your storage for the Android OS and packed-in apps. That's four times the size of the normal Pixel 7 Pro system partition, which is 15GB. It's the size of two Windows 11 installs, side by side. What could Samsung possibly be putting in there?!
We can take a few guesses as to why things are so big. First, Samsung is notorious for having a shoddy software division that pumps out low-quality code. The company tends to change everything in Android just for change's sake, and it's hard to imagine those changes are very good. S
(read more)
AI is the most profound technology we are working on today. Whether it’s helping doctors detect diseases earlier or enabling people to access information in their own language, AI helps people, businesses and communities unlock their potential. And it opens up new opportunities that could significantly improve billions of lives. That’s why we re-oriented the company around AI six years ago — and why we see it as the most important way we can deliver on our mission: to organize the world’s information and make it universally accessible and useful.Since then we’ve continued to make investments in AI across the board, and Google AI and DeepMind are advancing the state of the art. Today, the scale of the largest AI computations is doubling every six months, far outpacing Moore’s Law. At the same time, advanced generative AI and large language models are capturing the imaginations of people around the world. In fact, our Transformer research project and our field-defining paper in 2017, as well as our important advances in diffusion models, are now the basis of many of the generative AI applications you're starting to see today.
Introducing BardIt’s a really exciting time to be working on these technologies as we
(read more)
256MB ought to be enough for anybody —
Samsung's Android build is 4x bigger than Google's—twice the size of Windows 11.
Enlarge / The square one is the S23 Ultra; the other two are the S23 and S23 Plus.
As a smartphone operating system, Android strives to be a lightweight OS so it can run on a variety of hardware. The first version of the OS had to squeeze into the T-Mobile G1, with only a measly 256MB of internal storage for Android and all your apps, and ever since then, the idea has been to use as few resources as possible. Unless you have the latest Samsung phone, where Android somehow takes up an incredible 60GB of storage.
Yes, the Galaxy S23 is slowly trickling out to the masses, and, as Esper's senior technical editor Mishaal Rahman highlights in a storage space survey, Samsung's new phone is way out of line with most of the ecosystem. Several users report the phone uses around 60GB for the system partition right out of the box. If you have a 128GB phone, that's nearly half your storage for the Android OS and packed-in apps. That's four times the size of the normal Pixel 7 Pro system partition, which is 15GB. It's the size of two Windows 11 installs, side by side. What could Samsung possibly be putting in there?!
We can take a few guesses as to why things are so big. First, Samsung is notorious for having a shoddy software division that pumps out low-quality code. The company tends to change everything in Android just for change's sake, and it's hard to imagine those changes are very good. Second, Samsung may want to give the appearance of having its own non-Google ecosystem, and to do that, it clones every Google app that comes with its devices. Samsung is contractually obligated to include the Google apps, so you get both the Google and Samsung versions. That means two app stores, two browsers, two voice assistants, two text messaging apps, two keyboard apps, and on and on. These all get added to the system partition and often aren't removable.
Enlarge / This is from the S22, but you get the idea. There are actually folders called "Google" and "Samsung" that make duplicate app hunting pretty easy.Ron Amadeo
Unlike the clean OSes you'd get from Google or Apple, Samsung sells space in its devices to the highest bidder via pre-installed crapware. A company like Facebook will buy a spot on Samsung's system partition, where it can get more intrusive system permissions that aren't granted to app store apps, letting it more effectively spy on users. You'll also usually find Netflix, Microsoft Office, Spotify, Linkedin, and who knows what else. Another round of crapware will also be included if you buy a phone from a carrier, i.e., all the Verizon apps and whatever space they want to sell to third parties. The average amount users are reporting is 60GB, but crapware deals change across carriers and countries, so it will be different for everyone.
(read more)
With Twitter being a mess at the moment, I decided to try out Mastodon1 as an alternative. Mastodon is a federated social media platform, built on top of a protocol called ActivityPub2. It can be self-hosted, letting you own your data, and I wanted to do so using Nomad3 as a cluster orchestrator. This post shows how I did it, and will hopefully inspire you to give Mastodon a try if you haven’t already! You can find me on the fediverse at @[email protected] 🐘.
A screenshot of Nomad's web UI, showing it running the jobs that make up Mastodon
Getting started #
The first thing to note is that I’m writing this up as inspiration, not as a step-by-step guide. It’s prove that it works, and offer an alternative to more complex setups that use Kubernetes (which Mastodon have a first-party Helm Chart4 for). Your mileage may vary - use your best judgement! If you know of improvements, feel free to send me a message at the link above.
This post is meant to be read with the repository that I’ve open-sourced, containing the actual Nomad task definitions and scripts discussed below: https://github.com/CarrotCodes/nomad-mastodon
With that out of the way, let’s start with some goals and assumptions. I wanted to:
Self-host a Mastodon server, such that I could own my social media presence
Host the server infrastructure on AWS
Use Cloudflare in some capacity for caching
Use Nomad to do cluster orchestration and keep jobs running
Use Ansible and Terraform to manage the basic infrastructure (not in scope for this post)
Not spend more than around $50 a month doing so
It’s worth noting that my budget balances my financial situation, the tooling I’m already familiar with, and performance of the system. You can definitely do things cheaper if budget is a primary concern, for example by using cheaper cloud providers like DigitalOcean.
Infrastructure #
Mastodon itself is comprised of a number of systems:
The main web server (Ruby on Rails)
An event/message processor (Sidekiq, Ruby on Rails)
A front proxy to route web requests (nginx)
A streaming server, for real-time updates (Node)
A persistent database (Postgres)
A cache for “temporary” data (Redis)
On top of this, there are some other necessities to run it, and keep the system healthy after the initial setup:
Persistent storage, for user-generated content (S3-compatible)
A way of doing frequent cleanup (removing old media files, accounts, etc)
A way to run SQL migrations, for both the message processor and web server
A way to run tootctl - the administrative CLI for Mastodon5
As mentioned, I’m using Terraform and Ansible to manage my infrastructure. These tools have a lot of benefits, including making the act of setting up networking and servers repeatable, and documenting what exists in your cloud account. I strongly encourage you to use these tools (or alternatives) to manage your infrastructure, if you’re not already doing so.
Main components #
(read more)
Join the most important conversation in crypto and Web3 taking place in Austin, Texas, April 26-28.Helene is a U.S. markets reporter at CoinDesk, covering the US economy, the Fed, and bitcoin. She is a recent graduate of New York University's business and economic reporting program.Join the most important conversation in crypto and Web3 taking place in Austin, Texas, April 26-28.Crypto exchange Binance is temporarily suspending U.S. dollar bank transfers starting on Wednesday, the company confirmed to CoinDesk on Monday."We are temporarily suspending USD bank transfers as of February 8th," a Binance spokesperson said, noting just 0.01% of monthly active users use USD bank transfers. "Affecte
(read more)
In this post, I discuss how I used GPT embeddings to build a smart search tool for my second brain note-taking system.
Try this if the video isn't working for you
Int
(read more)
Protocol Buffers are a popular choice for serializing structured data
due to their compact size, fast processing speed, language independence, and
compatibility. There exist other alternatives, including Cap’n Proto,
CBOR, and Avro.
Usually, data structures are described in a proto definition file
(.proto). The protoc compiler and a language-specific plugin convert it into
code:
$ head flow-4.proto
syntax = "proto3";
package decoder;
option go_package = "akvorado/inlet/flow/decoder";
message FlowMessagev4 {
uint64 TimeReceived = 2;
uint32 SequenceNum = 3;
uint64 SamplingRate = 4;
uint32 FlowDirection = 5;
$ protoc -I=. --plugin=protoc-gen-go --go_out=module=akvorado:. flow-4.pr
(read more)
Since the release of Eleven Labs’s Prime Voice AI platform, AI-based voice synthesis and modification
has seen a revival in popularity. Browsing online forums, I stumbled upon Voice.AI,
which bil
(read more)