Toyota is to slash global production of motor vehicles due to the semiconductor shortage. The news comes as Samsung pledges to invest about $360 billion over the next five years to bolster chip production, along with other strategic sectors. In a statement, Toyota said it has had to lower the production schedule by tens of thousands of units globally from the numbers it provided to suppliers at the beginning of the year. "The shortage of semiconductors, spread of COVID-19 and other factors are making it difficult to look ahead, but we will continue to make every effort possible to deliver as many vehicles to our customers at the earliest date," the company said. This has resulted in the suspension of manufacturing in May and June for 16 Toyota production lines in 10 plants, out of 28 lines across 14 plants, according to the company. The news is just the latest in the saga of shortages caused by lockdowns and other issues that have led to long delays in chip shipments affecting multiple industries. In April, Volvo cited chip shortages for a 22.1 percent drop in sales of its vehicles in March, when compared to the same period the previous year. Jaguar Land Rover, General Motors and others say they've also felt the squeeze this year. Car manufacturers were particularly badly hit due to lack of flexibility in the supply chain, but the effects are also being felt by makers of computers and other kit, with Dell reporting in February that it is expecting the backlog to grow. Chipmaker TSMC warned in April that supply difficulties are likely to last through this year and into 2023. Amid all this, Samsung has announced that it plans to invest about $360 billion in total over the five years to drive growth in semiconductors, biopharmaceuticals, and other next-generation technologies. The investment represents an increase of more than 30 percent over the previous five-year period, and comes with the expectation that this will lead to the creation of 80,000 jobs, mostly in semiconductors and biopharmaceuticals and most of these likely in Samsung's backyard. According to Reuters, Samsung said 80 percent of the investment wi
(read more)
When 360 Hz won't cut it — Upcoming 500 Hz monitor targets PC gamers with beefed-up systems, various skill levels. A 24-inch PC monitor with the ability to update its image 500 times per second will be available soon, Asus and Nvidia announced Tuesday. The monitor should boost desktop monitors from the 360 Hz max native refresh rate they see today while putting a mysterious new spin on an old panel technology. Aptly named the Asus ROG Swift 500 Hz Gaming Monitor, it manages high refresh rates with lower resolution. The 1920×1080 screen leverages a new take on TN (twisted nematic) panels called E-TN, with the "E" standing for esports. According to Asus, the E-TN panel offers "60 percent better response times than standard TN panels," and in its own announcement, Nvidia claimed the E-TN panel brings "maximum motion
(read more)
Introduction The story began with a tweet about a new eBPF-based Security Observability and Runtime Enforcement solution, named Tetragon, posted by the CTO of the company (Isovalent) that created it. With a very cute logo, eBPF, Kubernetes, Linux kernel runtime and real-time security enforcer, capable of hooking into all layers of the operating system and application stack, the solution seemed to hit the ground running right from the start. All the features the tool provides can be found at its website: [1]. The "transparent security observability across the stack from the lower level up into the applications. File access, networking, storage, syscalls, escalations, function tracers, ..." sounds interesting, but what really caught our eye was the enforcement capabilities. On the website, in the section "Automatic Mitigation of Privilege & Container Escapes", the authors claim that "Tetragon adds the ability to prevent privilege, capability, and namespace escalations in the kernel by detecting them and stopping the involved processes". To demonstrate its effectiveness, the authors show a portion of an apparently simple policy that is supposed to automatically detect a capability change to CAP_SYS_ADMIN and kill the responsible process. As a worthy opponent, an exploit (authored by theflow) for the CVE-2021-22555 vulnerability [5] (Netfilter bug leading to the privilege escalation, more about the bug can be found in an excellent write up at [7]) in the Linux kernel had been selected. The original version of the Tetragon blog post showed how the exploit process gets killed upon executing the execve() system call with the escalated privilege, which was quickly pointed out to be far too late [2]. Now, the authors claim to be using a similar policy attached to all system calls, in order to catch and kill the exploit earlier. Why the change? We will discuss it in the next section. Regardless of the exact policy and exact moment of detecting the escalation, the exploit process gets ultimately killed. That is excellent, right!? Well, there is a small (read: huge) caveat, that authors of the Tetragon blog post perhaps unknowingly admit: "The process was killed right when the vulnerability was exploited to escalate privileges". "vulnerability was exploited"?! This can't be good. Why it can't work To quickly recap the situation: in attempting to mitigate container escapes, Tetragon tries using advanced Linux kernel features like eBPF and kprobes not to protect the very same kernel from getting exploited, but instead to stop an already successful exploit from using its gains. Going back to security fundamentals, this approach is simply infeasible: post-exploitation detection/mitigation is at the mercy of an exploit writer putting little to no effort into avoiding tripping these detection mechanisms. To help illustrate this point, it helps to think in terms of the graphic below: At point 1, a defense employs methods like attack surface reduction to prevent a vulnerability from being reached in the first place. This is highly (even perfectly) effective where it is possible. Once a vulnerability can be triggered, however, an attacker will invoke a series of steps in order to achieve both greater reliability and greater control over the vulnerability. The initial steps (points 2 and 3) are precarious and essential: disrupting these either require significant reworking of the exploit or renders it infeasible (due to a high probability of detection), impossible without an additional vulnerability, or simply impossible. As illustrated in the graphic, the further along the exploit is able to operate in achieving that reliability and control, the more possibilities (size of the circles in the graphic) open up for it at a lower marginal cost to the attacker. In the case of the exploit used for Tetragon's demo in its blog, the exploit was able to achieve ROP, allowing it to execute any code in the kernel, modify any memory -- the possibilities are virtually endless. The attacker is in full control of the environment in which Tetragon attempts to perform its enforcement actions. The core message here is: Tetragon (in its aspect of post-exploitation container escape mitigation) simply tries to address the problem too late. Post-exploitation "effectiveness" Tetragon aims in its container escape defense for a post-exploitation "mitigation". In order to be even slightly successful without strong and comprehensive pre-exploitation defenses/hardening, it has to adhere to certain principles. We can evaluate Tetragon's effectiveness here by looking at modern principles for its closest post-exploitation comparison: integrity checking / anti-persistence. First, one can only expect some guarantees from a higher privilege level component monitoring or enforcing policies for a lower privilege level component (for example: OS kernel vs user-land programs). Let's call it "privilege domain separation". Second, "Nemo iudex in causa sua": there must be role separation between a monitoring/enforcing component and the one being watched. One cannot expect any reasonable guarantees from a component monitoring or enforcing policies on itself, regardless of the component's privilege level, once an attacker has significant control over that component. How does Tetragon adhere to the basic principles (in the example above specifically)? Tetragon tries to use Linux kernel privilege level features (eBPF/kprobes) to enforce security policies on... the Linux kernel. Quite immediately this creates a connotation with another realm of security software: old-style Antivirus (AV). What Tetragon claims to do is no different from an AV vendor with only a userland hook library injected into malware processes, claiming to be able to detect or stop malware, when the malware gets to run first. Simply, after compromising the core controller, using that (already compromised!) controller's features to mitigate the already successful attack just can't work out well. Furthermore, it does not matter how fine-grained the applied policy might be, it cannot reliably mitigate against a kernel memory corruption bug and all the opportunities it gives to the attacker. To quote Mathias Krause: "When you give control to the weird machine, it is game over". An attacker can use all sorts of evading/bypassing techniques. Some of them might become a standard part of any exploit by default. Let's take a look at the original exploit used in the Tetragon demonstration. By default, it avoids very effectively a handful of popular mitigations: W^X - avoids by using ROP SMEP - avoids by using ROP SMAP - avoids by using data in sprayed kernel-land objects only Knowing if the mitigation is or is not enabled oftentimes does not make any big difference. An attacker can simply assume it is there and accommodate the exploit to bypass it just in case. For instance, in the example exploit, one doesn't need to actually confirm the presence of an SMAP-capable CPU before using a technique that avoids tripping over SMAP. The same is the case for Tetragon. There is however a significant difference between the mitigations listed above and Tetragon. Ideally, useful pre-exploitation mitigations should require, at minimum, significant reworking of exploits and not allow an attacker to circumvent them by generally-applicable additions to an exploit library. They stand in the way of successful or reliable exploitation before or while it occurs. Tetragon however, does not prevent the exploitation at all (it does not make the W^X, SMEP nor SMAP bypasses any harder), it lets it happen and hopes to be able to detect the fallout. It just cannot do that very well (or at all to be frank), because at this point it is fully at the mercy of the attacker, who can quite easily (deliberately or accidently) wipe out all Tetragon's capabilities right away. Since the attacker can, the attacker will. Mitigation side-effects Speaking of the fine-grained policy: additional hooks, checks, probes and the like come at a cost. Adding more and more is not free, as the performance hit
(read more)
YouTubeDrive is a Wolfram Language (aka Mathematica) package that encodes/decodes arbitrary data to/from simple RGB videos which are automatically uploaded to/downloaded from YouTube. Since YouTube imposes no limits on the total number or length of videos users can upload, this provides an effectively infinite but extremely slow form of file storage. YouTubeDrive depends externally on FFmpeg, youtube-upload, and youtube-dl. These programs must be downloaded and installed separately, and prior to first use, YouTubeDrive must be configured with their install locations. See below for details. YouTubeDrive is a silly proof-of-concept, and I do not endorse its high-volume use. Usage Example NOTE: A short time needs to pass between calls to YouTubeUpload and YouTubeRetrieve for YouTube to process the uploaded video. I find that 5-10 minutes suffices for small (less than 10MB) file uploads. The video YouTubeDrive produces in this example can be viewed at https://www.youtube.com/watch?v=Fmm1AeYmbNU. Installation Install FFmpeg, youtube-upload, and youtube-dl as your operating system dictates. Find an arbitrary test video, say test.mp4, and run youtube-upload --title="Test Video" test.mp4. Follow the displayed instructions to create an OAuth token for your YouTube account. This will be the YouTube account used for all YouTubeDrive uploads. Download and open YouTubeDrive.wl from this repository. In lines 75-77, enter the install locations of the FFmpeg, youtube-upload, and youtube-dl executables. Make sure to use proper string escape sequences (in particular, backslashes \ need to be escaped as double-backslashes \\ in Windows paths). 75 | FFmpegExecutablePath = "FFMPEG_PATH_HERE"; 76 | YouTubeUploadExecutablePath = "YOUTUBE-UPLOAD_PATH_HERE"; 77 | YouTubeDLExecutablePath = "YOUTUBE-DL_PATH_HERE"; For example, I use the following install locations on my system (Windows 10): 75 | FFmpegExecutablePath = "C:\\Games\\MiscExes\\ffmpeg.exe"; 76 | YouTubeUploadExecutablePath = Sequence["python", 77 | "C:\\Users\\dzhan\\AppData\\Local\\Programs\\" <> 78 | "Python\\Python35\\Scripts\\youtube-upload.py"]; 79 | YouTubeDLExecutablePath = "C:\\Games\\M
(read more)
In gods we trust — “Let me tell you the story of the space viking, Thor Odinson….” Marvel Studios released the official trailer for Thor: Love and Thunder during Game 4 of the NBA Eastern Conference finals. With the film's release mere weeks away, Marvel Studios finally released the official full trailer for Thor: Love and Thunder last night during Game 4 of the NBA Eastern Conference finals. As I've reported previously, Thor: Rag
(read more)
We don’t always acknowledge it, but most people have an innate need for music. Think of all the technology that brings us music. For decades, most of the consumer radio spectrum carried music. We went from records, to tape in various forms, to CDs, to pure digital. There are entire satellites that carry — mostly — music. Piracy aside, people are willing to pay for music, too. While it isn’t very common to see “jukeboxes” these days, there was a time when they were staples at any bar or restaurant or even laundrymat you happened to be in. For the cost of a dime, you can hea
(read more)
Collect data for our trillion dollar corporation for free, thanks! — Street View gets some new features for its 15th birthday. Enlarge / The "See more dates" option will soon appear on iOS and Android. Google Today is the 15th birthday of Google Maps Street View, Google's project to take ground-level, 360-degree photographs of the entire world. To celebrate, the company is rolling out a few new features. First up, Google is bringing historical Street View data to iOS and Android phones. The feature has long existed on desktop browsers, where you can click into Street View mode and then time travel through Google's image archives. When you tap on a place to see Street View imagery, a "see more dates" button will appear next to the current age of the photo, letting you browse all the photos for that area going back to 2007. Google says the feature will release "starting today on Android and iOS globally," though, like all Google product launches, it will take some time to fully roll out. If you'd like to help Google with its plan to photograph the entire world, the company is launching "Street View Studio." Google calls this "a new platform with all the tools you need to publish 360 image sequences quickly and in bulk." The Street View app is still around for people who want to build a 360 photosphere from a regular smartphone camera, but Google imagines Street View Studio as a tool for people with consumer 360 cameras. Google has a store-style page that lists compatible 360 cameras; the options range from sub-$200 fisheye cameras to the $3,600, ball-shaped Insta360 Pro, which looks like something out of Star Wars. Enlarge / The new Street View camera. Google is also introducing a new in-house camera built specifically for Street View. The company says it's "roughly the size of a house cat" and weighs less than 15 pounds. The goal is to take "all the power, resolution and processing capabilities that we’ve built into an entire Street View car" and cram it into an ultra-portable package that can be shipped to underserved areas "like the Amazon jungle." Google already has several versions of a backpack-mou
(read more)
Tuesday May 24, 2022 by Ulf Hermann | Comments This is the third installment in the series of blog posts on how to adjust your QML application to take the maximum advantage of qmlsc. In the first post we've set up the environment. You should read that post first in order to understand the others. In the second post I've shown how to add type annotations to JavaScript functions. Now we need to make sure that all types we want to use in QML are visible at compile time. If you compile Qt Creator again, after our latest changes to the ButtonsBar.qml file, you may see some warnings like these: Warning: ButtonsBar.qml: Object type Timeline::TimelineTheme is not derived from QObject or QQmlComponent Warning: ButtonsBar.qml:59:34: Property "PanelStatusBarBackgroundColor" not found on type "Timeline::TimelineTheme" color: Theme.color(Theme.PanelStatusBarBackgroundColor) Clearly, qmlsc has trouble identifying the type of our TimelineTheme. This means the binding for the background color of our button is not compiled to C++. Let's see how long it takes to execute this binding in its unoptimized form. QML-profile Qt Creator and load our example trace in the instance being profiled as described in the first blog post. Then look at ButtonsBar.qml again in the editor. You should see a little label to the left of the binding we're interested in. Clicking that label focuses the respective events in the QML profiler. We note that the binding is called once, and on my computer it takes 14.2µs to evaluate. I won't repeat the point about it not being a statistically significant measurement anymore. This disclaimer holds for all such numbers from here on. Back to the original warning, though. Why is this type unknown to qmlsc? The base type of Timeline::TimelineTheme is Utils::Theme, as we can see in timelinetheme.h: class TRACING_EXPORT TimelineTheme : public Utils::Theme { Q_OBJECT [...] The Utils library, however, is not prepared to be integrated with a QML module. In particular, it does not generate a metatypes.json file. The QML module for our Tracing library needs such metatypes to, well, know the types it's dealing with. You can make a library generate metatypes.json files using the qt_extract_metatypes() CMake command. There is no downside to having those metatypes generated. Therefore, let's generate them for all of the libraries in Qt Creator. For this, we adapt Qt Creator's cmake/QtCreatorAPI.cmake and add this command to add_qtc_library(), conditional on Qt Creator being compiled with Qt >= 6.2 and using CMake's AUTOMOC feature: get_target_property(have_automoc_prop ${name} AUTOMOC) if("${Qt5_VERSION}" VERSION_GREATER_EQUAL "6.2.0" AND "${have_automoc_prop}") qt_extract_metatypes(${name}) endif() We need to query for AUTOMOC as the metatypes files are generated by moc. In places where we don't run moc, we cannot generate any metatypes. However, there probably aren't any types to be exposed to QML in such places. Indeed this helps and the original warning is gone. However, we get a new warning in the same place: Warning: ButtonsBar.qml:59
(read more)
Among the underutilized HTML elements is the q tag, for quotes. This should, depending on user agent, render with appropriate opening and closing quote marks, without needing to specify them by hand. This sounds really convenient, to avoid ambiguity when quotes are nested inside quotes inside quotes. I said, “Alex told Bobby, “according to Chris, “Danny said “No way am I the one who’s confused,” when asked,” direct quote,” yesterday morning,” emphatically. Lucky Danny.The browser might even somewhat intelligently choose pairs of quotes that alternate with each nesting. In practice, I’ve found they mostly pick double quotes for the outside, then single quotes for all inner quotes. Fortunately, we can add a custom style that defines a larger vocabulary of quote marks.I said, Alex told Bobby, according to Chris, Danny said No way am I the one who's confused, when asked, direct quote, yesterday morning, emphatically. I personally despise the archaic fake fancy ASCII double quotes, but nevertheless useful for demonstration purposes. Another cool trick is that the quotes can be auto selected by language. For example, I might quote Le 24 février 1815, la vigie de Notre-Dame de la Garde signala le trois-mâts le Pharaon, venant de Smyrne, Trieste et Naples. in French, but it will be quoted as On the 24th of February, 1815, the look-out at Notre-Dame de la Garde signalled the three-master, the Pharaon from Smyrna, Trieste, and Naples. in English. Alas, this only works if the stylesheet leaves the default untouched or specifies auto, necessitating the second style with the span selector above. But now comes a more serious problem. Pseudo element content is, per standard, not selectable. Not copyable. So if I highlight my quotable quotes sentence, copy it, and paste it into another application, I get varying results.Edge and Safari copy the sentence without any quote marks at all: I said, Alex told Bobby, according to Chris, Danny said No way am I the one who’s confused, when asked, direct quote, yesterday morning, emphatically. Most confusing.Firefox inserts double quotes for the q elements: I said, “Alex told Bobby, “according to Chris, “Danny said “No way am I the one who’s confused,” when asked,” direct quote,” yesterday morning,” emphatically. I’m not sure if that’s to spec or not, but it’s certainly more helpful. (flak makes them look pretty; the copied text contains plain straight quotes.)Lynx does not support CSS, so the French quotes are less French, but it does intelligently alternate between double and single quotes for deeply nested tags. I said, “Alex told Bobby, ‘according to Chris, “Danny said ‘No way am I the one who’s confused,’ when asked,” direct quote,’ yesterday morning,” emphatically. Was that so hard?I lack the web wizardry skills to fix this in a reliable fashion. I guess you’d have to insert invisible elements containing the quote characters you want copied, but I think at that point just give up and don’t even use the q element.By default, the blockquote element does not feature such decoration, although I’ve found it nice to add. Here, the inability to s
(read more)
Home _______ _______ __ _ ______ _ _ _ ____ ____ ____ |______ | |______ | \ | | ____ |\/| | |___ |--< [__] | |_____ |______ | \_| |_____| Version: 1 This software is an implementation of "FLENG", a low level concurrent logic programming language descended from Prolog. A cross-compiler for UNIX-compatible systems is provided to translate programs written in FLENG into executable code for Z80 CPUs running CP/M, the Commodore 64 and the "Uxn" virtual computer system. executable. As FLENG is quite minimal in features, a translator from "Flat Guarded Horn Clauses" or "Strand" (other concurrent logic languages) into FLENG is also availabl
(read more)
slow down, you move too fast — First-party PlayStation Plus classics launch at slower 50 Hz standard.
(read more)
If you deploy your applications in regions around the globe and need to keep database read latency low, you will want to physically have a database nearby. With PlanetScale Portals, you can now create read-only regions to support your globally distributed applications and better serve your users worldwide.Put your data where your users and applications are#Portals allow you to read data from regions closest to where you globally deploy your applications. Whether your application is deployed near Northern Virginia, Frankfurt, São Paulo, or any of our other PlanetScale regions, Portals can now provide lower read latency for your applications!Today, each database in PlanetScale reads and write
(read more)
Pay the price — Zuckerberg and Facebook sold "as much access to users as possible," AG says.
(read more)
Meta's ad transparency tools will soon reveal another treasure trove of data: advertiser targeting choices for political, election-related, and social issue spots. Meta said it plans to add the targeting data into its Facebook Open Research and Transparency (FORT) environment for academic researchers at the end of May. The move comes a day after Meta's reputation as a bad data custodian resurfaced with news of a lawsuit filed in Washington DC against CEO Mark Zuckerberg. Yesterday's filing alleges Zuckerberg built a company culture of mishandling data, leading directly to the Cambridge Analytica scandal. The suit seeks to hold Zuckerberg responsible for the incident, which saw millions of users' data harvested and used to influence the 2020 US presidential election. Jeff King, Meta's VP of business integrity, said that FORT would allow researchers to look at detailed targeting information for social issue, electoral and political ads. "This data will be provided for each individual ad and will include information like the interest categories chosen by advertisers," King said. Prior to this announcement, data for social, electoral, and political ads in the run-up to the 2020 election was available as part of a pilot program. This new release will expand the pilot and add data from all ads in those categories run globally since 2020, King said. The non-academic public has to wait until July to get their hands on that data in Facebook's Ad Library, and when released it will be in a summarized form. Included in the update will be data on total number of social, electoral, and political ads ran on a page using particular targeting data, percentage spent on the different issues, and whether the page uses a custom or lookalike audience. King said that Meta hopes the release will "help people better understand the practices used to reach potential voters on our technologies," and emphasized yet again that Meta is "committed to providing meaningful transparency, while also protecting people's privacy."  Zuckerberg sued for alleged role in Cambridge Analytica data-slurp scandal Meta to squeeze money from WhatsApp with Cloud API
(read more)
Just as the Jedi youngling would have to build their light saber, so is it a rite of passage for a true geek to build their own computer interfaces. And nothing makes a personal computer more personal than a custom keyboard, a bespoke mouse, an omnipotent macropad, a snazzy jog wheel, or a fancy flight yoke. In this contest, we encourage you to make your strangest, fanciest, flashiest, or most custom computer peripherals, and share that work with all the rest of us. Wired or wireless, weird or wonderful, we want to see it. And Digi-Key is sponsoring this contest to offer three winners an online shopping spree for $150 each at their warehouse! More parts, more projects. Make It Yours Anyone can just go out an buy a keyboard, but if you want a custom ergonomic keyboard that’s exactly fit to your own two hands, you probably have to make one with your own two hands. And if you an engraved brass mouse, well, you’ve got some engraving to do — Logitech ain’t gonna make one for you. Maybe you only type in binary, or maybe you need a keyboard for some alien language that has 450 individual letters. Or maybe the tiniest keyboard ever? You’ve got this. [Ren]’s 450-key monstrosity SuperLyra is super [Uri Tuchman]’s Fancy Mouse
(read more)
Cockroach Labs has finally added a new command line tool with the release of version 22.1 of its eponymous database, out today. Although it was possible to deploy CockroachDB using something like Terraform (for example, deployment on Oracle Cloud Infrastructure) the process is often not particularly elegant. "Until this release we didn't have an API to control the database," Jim Walker, recovering developer and product evangelist at Cockroach Labs told The Register during 2022's EU Kubecon in Valencia, Spain. "It's really around control of environment: it's removing nodes, it's adding nodes, it's starting the cluster, it's stopping the cluster, the basic stuff. "And so it's really as simple as kind of building it out so that we can actually integrate with the workflows that people have, or the way that they're delivering software in their organization. Like how we work in the context of the CI/CD flow where you're provisioning hardware or TerraForm, you're setting up security over here, the database has got to get up and running. "That step with the database [for CockroachDB at least] was kind of a manual thing for a while there. And so we have an API." The update also includes Quality of Service prioritization and data domiciling features, which will be handy for a potentially massively distributed database with nodes that are not necessarily where lawmakers would like them The arrival of the API marks a step toward maturity for the database. Having been designed with distribution in mind from the outset, to run across clouds and be pretty much unkillable has proven attractive for investors (the company recently took $278 million in Series F funding, giving it a $5 billion valuation.) However, as with much of the cloud native landscape, the next challenge is integrating seamlessly into automated workflows. "It's been a matter of 'we had to build this awesome database' and now it's like 'how does it work with all the other things?'" said Walker. As well as the command line tooling, Cockroach Labs has applied the API to its CockroachDB Serverless product, aimed at luring developers to its world via a horizontally scalab
(read more)
Big news! The Tilt team is joining Docker. The Tilt project is joining too. We think this is a great fit and I will tell you why. The Problem Modern apps are made of so many services. They’re everywhere. Every team we talk to is trying to figure out how to set up environments to run their apps in dev.  Simple `start.sh` scripts inevitably grow into mini bespoke orchestrators. They need to start servers in the right order, update them in-place, and monitor when one is failing. We built Tilt, a dev environment as code for teams on Kubernetes, to help solve these problems. Whether your dev env is local processes or containers, in a local cluster or a remote cloud, Tilt keeps you in flow and your feedback loops fast. So how does this make sense at Docker? When we started building Tilt in 2018, we thought of Docker as the container company selling Swarm to enterprises. In 2019, the Docker’s Next Chapter blog post announced a change in focus to invest more in great tools for developers and development teams to help them spend more time on innovation, less time on everything else.  Tilt interoperates with Docker Buildkit, Docker Desktop, and Docker Compose. Improvements to these tools help Tilt users too! We always had a hunch that our product roadmaps might overlap. And in the years since Docker focused on developers, we’ve been converging more and more. Once we started talking more with Docker, we found more in common than just a problem space including: A product philosophy around deeply understanding devs’ existing workflows, so we can make dramatic improvements in user experience that feel magic; An engineering philosophy around patterns and flexibility so devs can adapt their tools to their needs; A business philosophy around building a sustainable company so we can continue to make great free, open-source tools for every developer. So you could say we got along. What’s next? What Does a Combined Tilt + Docker Look Like? Tilt will remain open-source. It’s great! You should try it! We’ll still be responding to issues and hanging out in the community slack channel. But this has never been about Tilt the technology.
(read more)
About ScienceDirect Shopping cart Contact and supportTerms and conditionsPrivacy policy We use cookies to help provide and enhance our service and tailor content and ads. By continuing you agree to the use of cookies. Copyright © 2020 Elsevier B.V. or its licensors or contributors. ScienceDirect ® is a registered trademark of Elsevier B.V.
(read more)
A little over a decade ago, there were some popular blogposts about whether Ruby was an acceptable Lisp or whether even Lisp was an acceptable Lisp. Peter Norvig was also writing at the time introducing Python to Lisp programmers. Lisp, those in the know knew, was the right thing to strive for, and yet seemed unattainable for anything aimed for production since the AI Winter shattered Lisp's popularity in the 80s/early 90s. If you can't get Lisp, what's closest thing you can get? This was around the time I was starting to program; I had spent some time configuring my editor with Emacs Lisp and loved every moment I got to do it; I read some Lisp books and longed for more. And yet when I tried to "get things done" in the language, I just couldn't make as much headway as I could with my
(read more)
The Cat S22 Flip takes the cell phone back to what it should be… a phone.  Made for those who want a device as simple to use as it is tough, the Cat S22 Flip features physical buttons and a large touch screen, letting you choose how you interact with it. The Cat S22 Flip’s ‘Snap it to End it’ calling gives you confidence that when it is closed the call is over. Android™ 11 (Go Edition) Programmable PTT Button IP68 & MIL-SPEC 810H Drop tested up to 6ft on to steel Waterproof to a depth of 5ft for up to 35 mins Exclusively Available at T-Mobile The Cat S22 Flip brings the worlds biggest operating system, Android™ 11 (Go Edition) and its Play Store to the traditional cellphone design so you no longer have to choose between
(read more)
There’s no question that Sony’s PlayStation Portable (PSP) was an impressive piece of hardware when it was released in 2004, but for all its technical wizardry, it wasn’t able to shake Nintendo’s vice-like grip on the handheld market. Perhaps that explains why we still see so many nostalgia-fueled hacks for Nintendo’s Game Boy and Dual Screen (DS) systems, while PSP hacks tend to be few and far between. But looking at projects like this one that turn the PSP into a capable robot controller (video, embedded below) we can’t help but wonder if the community has been missing out. Thanks to an open source software development kit for the system, [iketsj] was able to write a WiFi controller program that can be run on any PSP with a homebrew-compatible firmware. The other side of the equation is a simple robot powered by an ESP32. To take control of the bot, the user connects their handheld to the WiFi network being offered by the MCU and fires up the controller application from the main menu. It’s all very slick, and the fact that you don’t need to make any modifications to the PSP’s hardware is a huge plus. From the video after the break we get the impression that the remote software is pretty simplistic in its current form, but we imagine the only really limitations are how good you are at writing C code for what by today’s standards would be considered a fairly resource constrained system. We’d love to see that widescreen display lit up and showing live first-person video from the bot’s perspective. Many of the PSP hack’s we’ve seen over the years have been about repurposing the hardware, or in some cases, replacing the system
(read more)
May 24, 2022 Series overview This article is part of the series systemd by example. The following articles are available. Introduction This is the fourth article in a series trying to understand systemd by creating small containerized examples. In Part 1, we created a minimal systemd setup in a container. In Part 2 we took a close look at systemd’s dependency management. In Part 3 we saw the basics of services and how to define them. In this post, we will see another way to add dependencies for units. This technique is most commonly used when adding new units to the system that should be activated during bootup. Recap of dependencies Let’s briefly recap systemd dependencies (see Part 2: Dependencies for more details). There are two types of dependencies: ordering dependencies, specified with the directives Before= and After=, and requirement dependencies, with the most common directives Wants= and Requires=. In this post, we are concerned with the latter dependency type. If a.service has a requirement dependency on b.service, then whenever a.service is activated, so is b.service. We have used this several times already. For example, in the minimal setup of Part 1, default.target has a Requires= dependency on systemd-journald.service, so when the system boots, default.target gets activated and with it the journald service. Similarly, halt.target has a Requires= dependency on halt.service, so when the system is shut down, systemd activates halt.target, which causes th
(read more)
Microsoft Build Windows still rules the enterprise, and among all the Azure and Power Platform action during Microsoft's annual Build event for developers, the company had news for users of its flagship operating system. The first followed this week's revelation that Windows Subsystem for Android is now running on Android Open Source Project (AOSP) 12.1, and concerns the Amazon Appstore preview. After an inexplicable delay, Microsoft is finally adding additional countries on top of the US. Users in France, Germany, Italy, Japan and the UK will now be able to join in previewing the Amazon Apps
(read more)
Version 251 of the controversial systemd Linux init system is here, and you can expect it to feature in the next version of your preferred distro. The unified system and service manager for Linux continues to grow and develop, as does Linux itself. There is a comprehensive changelog on Github, so we will just try to pick out a few of the highlights. New releases of systemd appear roughly twice a year, so the chances are that this will appear in the fall releases of Ubuntu and Fedora. The new version now uses the GCC compiler's C11-with-GNU-extensions standard, nicknamed gnu11.
(read more)
Bulk material is stuff handled ‘in bulk’. One LEGO piece is a brick but 1,000 poured into a bag is bulk material. Corn starch, sand, flour, powder-coat powder, gravel, cat food, Cap’n Crunch, coins, screws, Styrofoam beads, lead shot, and gummy worms are bulk materials. Applications abound where you need to move stuff in bulk. Selective sintering 3D printers, animal feeders, DIY injection molders, toner based PCB makers, home powder coating, automatic LEGO/domino/whatever sorters or assemblers, automated gardeners, airsoft accessories – handling bulk material is part of hackin
(read more)
A few weeks ago I wrote about the Hare language and its lack of generic data structures. I don’t want to talk about this topic again, instead I want to discuss something more generic (pun intended). In my view, any modern programming language that aims for high performance should have some form of generics in it. To not have that in place is a major mistake and a huge cause for additional complexity and loss of performance. One aspect of that is the fact that generic data structures get a lot more optimizations than one-off implementations. But I already talked about that in the previous post.The other issue is that by not having generics, there is a huge barrier for optimizations in front of you. You lack the ability to build certain facilities at all. Case in point, let us tak
(read more)
Please enable cookies. We are checking your browser... www.researchgate.net Why do I have to complete a CAPTCHA? Completing the CAPTCHA proves you are a human and gives you temporary access to the web property. What can I do to prevent this in the future? If you are on a personal connection, like at home, you can run an anti-virus scan on your device to make sure it is not infected with malware. If you are at an office or shared network, you can ask the network administrator to run a scan across the network looking for misconfigured or infected devices.
(read more)
A Ukrainian minister has accused software giant SAP of continuing to operate in Russia despite the German vendor previously vowing to withdraw from the aggressor nation. In the months following Russia's invasion of Ukraine, SAP attracted criticism as it continued to support installations of its software in Russia and cloud services used by Russian businesses, including state-owned bank Sberbank. Pressure from Ukrainian president Volodymyr Zelenskyy contributed to the enterprise application provider promising, in late April, to conduct an "orderly exit from… operations in Russia" following a 30-year presence there. Cloudflare, Akamai: Why we're not pulling out of Russia READ MORE However, news outlet Politico has reported that Ukraine's minister of digital transformation Mykhailo Fedorov
(read more)
Pinned Symbian OS Kernel C++ 196 44 Repositories Type Select type All
(read more)
MonsterWriter The most enjoyable desktop app for writing a thesis or paper. Write once, publish everywhere Export as PDF, LaTeX, HTML, Markdown. Decide at the last moment what template to use. No reformatting required! Fast editing of large documents MonsterWriter will not bother you with a slow interface. Even when you write large documents it is super fast. No need to learn complex apps MonsterWriter is not for writing letters, invoices, invites, ... Its focus is to be very intuitive to use for art
(read more)
I'm not crying—you're crying — InSight lived up to its name, providing deep insights about the Martian interior. Enlarge / Planetary scientist Paul Byrne created this compilation of NASA images showing the InSight spacecraft on its 10th day on Mars, and the lander 1,201 days later. Paul Byrne/Twitter/NASA Anyone planning to move to Mars should probably account for dust. Lots of dust. Earlier this month NASA announced that it would soon have to cease science operations on its Mars InSight lander due to diminishing power levels from the vehicle's dust-cloaked solar panels. The spacecraft, which landed on the red planet in November 2018 to
(read more)
Huawei's long established trading relationship with Leica to integrate the German camera maker's technology into its phones is over, the companies have confirmed. From February 2016, all Huawei flagships were slated [PDF] to have Leica-developed lenses and branding. The Reg was generally quite impressed by the combined products over the years. But alas, Huawei's smartphone sales started to tumble thanks to US sanctions on the company starting in 2019, and the relationship with Leica was itself brought to a halt on March 31, 2022, the pair confirmed. Leica and Huawei jointly told The Register: The breakup follows Huawei's attempts to realign its business segments without access to components containing non-American tech. Huawei's smartphones, tablets, and wear
(read more)
Neuromorphic chips have been endorsed in research showing that they are much more energy efficient at operating large deep learning networks than non-neuromorphic hardware. This may become important as AI adoption increases. The study was carried out by the Institute of Theoretical Computer Science at the Graz University of Technology (TU Graz) in Austria using Intel's Loihi 2 silicon, a second-generation experimental neuromorphic chip announced by Intel Labs last year that has about a million artificial neurons. Their research paper, "A Long Short-Term Memory for AI Applications in Spike-based Neuromorphic Hardware," published in Nature Machine Intelligence, claims that the Intel chips are up to 16 times more energy efficient in deep learning tasks than performing the same task on
(read more)
FORGE THIS! — A litany of security flaws allows forgeries that are easy, quick, and cheap. In late 2019, the government of New South Wales in Australia rolled out digital driver's licenses. The new licenses allowed people to use their iPhone or Android device to show proof of identity and age during roadside police checks or at bars, stores, hotels, and other venues. ServiceNSW, as the government body is usually referred to, promised it would “provide additional levels of security and protection against identity fraud, compared to the plastic [driver's license]” citizens had used for decades. Now, 30 months later,
(read more)
Master Series MX MECHANICAL Wireless Illuminated Performance Keyboard Master Series MX MECHANICAL Wireless Illuminated Performance Keyboard
(read more)
Nassau Hall, photographed in 2013Princeton University, Office of Communications, Denise Applewhite Classics professor Joshua Katz was fired Monday by Princeton’s trustees, according to a University statement released Monday evening. “The dismissal followed an investigation initiated in February 2021, after the University received a detailed written complaint from an alumna who had a consensual relationship with Dr. Katz while she was an undergraduate under his academic supervision,” the statement says. “That relationship was the focus of a 2018 disciplinary proceeding against Dr. Katz, which resulted in a penalty of unpaid suspension for academic year 2018-2019 and three years of probation following his return to the Faculty in 2019.”   The alumna did not parti
(read more)
DigitalOcean is committed to providing products that serve developers throughout their journey, and access to serverless computing has been one of the most popular requests from DigitalOcean users who want to spend less time managing their infrastructure and more time building impactful applications. In recent years, serverless computing has gained tremendous popularity among developers building modern apps, and according to IDC’s IaaSView buyer survey, 25% of cloud IaaS buyers intend to utilize serverless functions in the next 12 months. In September 2021, DigitalOcean acquired Nimbella to accelerate our introduction of serverless computing, and today we’re delighted to announce the general availability of our serverless product, DigitalOcean Functions. DigitalOcean Functions is a fa
(read more)
  You block advertising 😢Would you like to buy me a ☕️ instead?Now and then, fierce debates ignite on Twitter about whether the term Software Architecture is misleading or even harmful. The argument goes as follows: Code is ever evolving while buildings are static. Furthermore, making changes to code is easy and cheap and making changes to buildings is borderline impossible. Therefore rigorous planning of an architect is justified when building a house but a waste of time when writing code.I always felt that this way of thinking is flawed. And when I recently did some work to prepare for the renovation of a balcony, it became clear to me that Software Architecture and real Architecture are very similar indeed. So let’s dissect the arguments and look at the glaring similarities.First misconception: changing software is cheapThe notion that making changes to a big software project is cheap is utterly flawed. At least it’s not reflected in my reality. Sure, renaming a variable or function here and there really is not very expensive. But the same goes for replacing a carpet in your house. On the other hand, making a significant change to a particular feature that requires the combined effort of three programmers, one designer, and a project owner, is a different (user) story.I assume people think making adaptions to software is cheap because most of us never had to foot the bill for a five-person development team. While many people roughly know how much it costs to do some (in our view) minor renovations. Also, spending 1.000 € me money feels a lot more expensive than spending 1.000 € company money.Of course, some things are easier to change than others. But a
(read more)
HP's cybersecurity folks have uncovered an email campaign that ticks all the boxes: messages with a PDF attached that embeds a Word document that upon opening infects the victim's Windows PC with malware by exploiting a four-year-old code-execution vulnerability in Microsoft Office. Booby-trapping a PDF with a malicious Word document goes against the norm of the past 10 years, according to the HP Wolf Security researchers. For a decade, miscreants have preferred Office file formats, such as Word and Excel, to deliver malicious code rather than PDFs, as users are more used to getting and opening .docx and .xlsx files. About 45 percent of malware stopped by HP's threat intelligence team in the first quarter of the year leveraged Office formats. "The reasons are clear: users are familiar with these file types, the applications used to open them are ubiquitous, and they are suited to social engineering lures," Patrick Schläpfer, malware analyst at HP, explained in a write-up, adding that in this latest campaign, "the malware arrived in a PDF document – a format attackers less commonly use to infect PCs." While they may not be used at the same rate as Office files, cybercriminals have seen advantages in using PDFs for fraud and malware campaigns. In a 2019 report, researchers at cybersecurity firm TitanHQ found that to be effective, phishing campaigns need to create a sense of urgency or surprise as well as a sense of trust. PDF is a document type that people trust. That's because the public's perception is that it is a secure document that can't be manipulated "This could be accomplished by spoofing your boss's email address or by attaching some sort of business
(read more)
Here's a new Haskell WAT?! Haskell has a type Rational for working with precisely-valued fractional numbers, and it models the mathematical concept of a rational number. Although it's relatively slow compared with Double, it doesn't suffer from the rounding that's intrinsic to floating-point arithmetic. It's very useful when writing tests because an exact result can be predicted ahead of time. For example, a computation that should produce zero will produce exactly zero rather than a small value within some range that would have to be determined. Rational is actually a (monomorphic) specialization of the more general (polymorphic) type Ratio (from Data.Ratio). Ratio allows you to specify the underlying type used for the numerator and denominator. For example, to work with rational numbers using Int as the underlying type you can use Ratio Int. For the common case of using Integer as the underlying type, the type synonym Rational is provided: type Rational = Ratio Integer It's tempting to use Ratio with a fixed-width type like Int because Int is much faster than Integer. However, let's see what can happen if you do this: λ> import Data.Int λ> import Data.Ratio λ> let r = 1 % 12 :: Rational in r - r == 0 True λ> let r = 1 % 12 :: Ratio Int8 in r - r == 0 False WAT?! Let's see what those subtracted values evaluate to: λ> let r = 1 % 12 :: Rational in r - r 0 % 1 λ> let r = 1 % 12 :: Ratio Int8 in r - r 0 % (-1) Hmmm, let's see if that Ratio Int8 value is considered equal to 0: λ> let r = 0 % (-1) :: Ratio Int8 in r == 0 True WAT?! Let's see what those manually-entered values are: λ> 0 % (-1) :: Ratio Int8 0 % 1 λ> 0 :: Ratio Int8 0 % 1 OK, so these values really are equal, but why are the values in the subtraction different? The explanation is two-fold. First, 0 % (-1) is a denormalized state for Ratio and shouldn't occur. (As you've probably suspected, it arises from integer overflow. More on that in a minute.) It's not too surprising, then, that it isn't equal to 0. But why is it equal to 0 when we enter it directly? It's because % is a function not a constructor, and it normalizes the signs of the numerator and den
(read more)
Simple web page with a Go backend to control an esp32 remotely throught MQTT protocol Installation Firstly you need to edit the esp32/esp32.ino file filling this variables with your data: char WIFI_SSID[] = ""; char WIFI_PASS[] = ""; char MQTT_ADDR[] = ""; char MQTT_USER[] = ""; char MQTT_PASS[] = ""; Then you can upload this code to your ESP32 card. Now we can build Go backend, simply run from your terminal to compile the project: This generate the backend executable called esp32-mqtt. Usage We need first to run the Mosquitto broker (follow installation instruction for your OS), run: This starts an MQTT Broker on default port 1883. If you have started the ESP32 you can see on serial port some debugging info like wifi connection and broker connection, in mosquitto terminal tab also you can see our client connection like something like this: New connection from 127.0.0.1:61832 on port 1883. New client connected from 127.0.0.1:61832 as esp32-client (p2, c1, k30). Now we can start our backend, run: You can run this command with --help flag to see other run options. Now open web browser at http://127.0.0.1:1234 and you can see our beautiful control panel. If all goes right you can control you ESP32 Led from this page. Have fun!
(read more)
Informed Tip of the Week: Take a look at our recent series of posts covering Informed’s premise and our business model. We will be adding additional content over the next few weeks. This is obviously an old chart in the background! At the beginning of the year, I wrote about most of the obvious bubbles out there and how they all were nearing the end. I specifically cited tech stocks, meme stocks, bond yields, and crypto. Not bad! But this isn’t pat on the back time. This is the time to reexamine the thesis. Is this the beginning of the fall or the end? I’m not going to review every asset class, but I think it’s worth examining one in more detail: crypto. The conclusion: it’s over. In two or three years, people won’t even talk about crypto. It will become a small corner of the investment world limited to the true believers who refuse to surrender. Names will be taken off arenas. Matt Damon will return to making movies instead of commercials. El Salvador will revert to using whatever worthless currency they had before Bitcoin. Bitcoin as an alternative currency has already been debunked. The true believers just haven’t realized it yet. It’s not just because a stablecoin failed. It’s so much more than that. Let’s explore… Not An Inflation Hedge The original case for Bitcoin was fiat currency couldn’t be trusted because of evil governments who would debase their currencies. Because bitcoin was limited in supply, it couldn’t be printed at will and thus would hold value when paper currencies collapsed. How’s that working out? Well, governments have printed money at unprecedented rates worldwide over the last year. If there were ever a time for BTC to be going parabolic, it would have been over the last year. What happened? It went down by half. Now, that’s from an all time high but the point is that all time high came before evidence of inflation. Once the inflation arrived, BTC has gone only one direction – the wrong one. To be fair, the traditional inflation hedge of gold is largely flat over the last year and has underperformed BTC over longer time periods. However, the US dollar inde
(read more)
Everyone who knows me IRL (and, I suppose, who follows me online for long enough), knows that I have a… special relationship with LaTeX. I think it has something to do with its obscurity, when it wasn’t specifically made to be obtuse, and then being so good at what it does — which is typeset documents. It doesn’t help that people consistently make impressive things with it, thus showing that it’s not just theoretically Turing-complete, but really something you can bend to your will, provided you’re willing to grapple with books from the 70s and obscure PDFs scattered online, in lieu of some modern documentation. This is to say, I set out to write a document and then suddenly 5 hours have passed and I’m reading about glue and fragile commands. In the end, it’s rarely worth it, but the giddy feeling of having mastered the weird machine lingers, and so the cycle repeats when the following report (or presentation) is due. As an example of this, let me share with you my recent venture into statefulness via auxiliary files with LaTeX. The goal was simple: fully decouple metadata input from a title page, in terms of order and redundancy. I wanted to be able to do something like this: \author{James A. First} \affiliation{Reduandant Affiliation} \affiliation{The Institute} \author{John B. Deux} \affiliation{Reduandant Affiliation} \affiliation{The Other Institute} \maketitle and get something like this: James A. First¹² John B. Deux¹³ ¹ Redundant Affiliation ² The Institute ³ The Other Institute Warm-up This turned out to be a slightly more complex variant of something that I’d previously managed: creating a Table of Contents. In this version of the problem, we aim to define two commands, \topic{Title} and \maketopics, such that we can get with the latter a list of all titles defined with the former. If we were promised that all \topic commands preceded \maketopics, then this would be fairly easy1 2 3: \makeatletter \newcommand{\@topics}{} \newcommand{\topic}[1]{% \edef\@topics{\@topics \par #1}} \newcommand{\maketopics}{% \@topics}
(read more)
When you’re lucky enough to have a dog in your life, you tend to overlook some of the more one-sided aspects of the relationship. While you are severely restrained with regard to where you eliminate your waste, your furry friend is free to roam the yard and dispense his or her nuggets pretty much at will, and fully expect you to follow along on cleanup duty. See what we did there? And so dog people sometimes rebel at this lopsided power structure, by leaving the cleanup till later — often much, much later, when locating the offending piles can be a bit difficult. So nat
(read more)
(View on desktop for best experience.) Podcast Modder Interviews Bethesda Store Nexus Mods It may be hard to believe, but as of 2022, Bethesda Softworks’ The Elder Scrolls III: Morrowind is 20 years old. For so many who have played the game, the music, and the memories of playing have inspired deep nostalgia. For others, the ability to mod the game captured imaginations and inspired creativity. So, on this 20-year anniversar
(read more)
The next release of Ubuntu, version 22.10 and codenamed Kinetic Kudu, will switch audio servers to the relatively new PipeWire. Don't panic. As J M Barrie said: "All of this has happened before, and it will all happen again." Fedora switched to PipeWire in version 34, over a year ago now. Users who aren't pro-level creators or editors of sound and music on Ubuntu may not notice the planned change. Currently, most editions of Ubuntu use the PulseAudio server, which it adopted in version 8.04 Hardy Heron, the company's second LTS release. (The Ubuntu Studio edition uses JACK instead.) Fedora 8 also switched to PulseAudio. Before PulseAudio became the standard, many distros used ESD, the Enlightened Sound Daemon, which came out of the Enlightenment project, best known for its desktop. PulseAudio hit version 1.0 in 2004 and is currently on version 15. One of PulseAudio's lead developers was Lennart Poettering, who is now best known as the project lead of the famed and controversial systemd, so perhaps it's reasonable to think he's busy with other things these days. PipeWire also handles video streams so it does a little more than the outgoing PulseAudio, which as its name suggests only handles audio. To explain what this change means, let's clarify what an audio server is and does. The sound playback software system in Linux is a stack, and like the network stack, it has multiple layers that do different things. At the bottom are sound drivers, which are intimately connected with the Linux kernel. Above them sits a sound server, and above that, your apps playing sounds. PulseAudio (and part of the functionality of PipeWire) are sound servers. They manage access from different apps to the underlying sound hardware, mixing their audio streams before playback. You can play, or record, sound without a sound server, but if you don't have one, the current program that is playing sound owns the audio device: it has complete and exclusive control over it, meaning that the operating system can't mix sources. So, for example, it's a good thing to have a sound server managing your sound devices if you want to be able to hear a new-message notification while you're listening to music. The sound server manages the inputs, and can mute – or better still, fade out – the music player, fade in the source of the notification, and then
(read more)
A fully interactive, real-time, and modern text-based browser rendered to TTYs and browsers Why use Browsh? Not all the world has good Internet. If you only have a 3kbps internet connection tethered from a phone, then it's good to SSH into a server and browse the web through, say, elinks. That way the server downloads the web pages and uses the limited bandwidth of an SSH connection to display the result. However, traditional text-based browsers lack JS and all other modern HTML5 support. Browsh is different in that it's backed by a real browser, namely headless Firefox, to create a purely text-based version of web pages and web apps. These can be easily rendered in a terminal or indeed, ironically, in another browser. Do note that currently the browser client doesn't have feature parity with the terminal client. Why not VNC? Well VNC is certainly one solution but it doesn't quite have the same ability to deal with extremely bad Internet. Terminal Browsh can also use MoSH to further reduce bandwidth and increase stability of the connection. Mosh offers features like automatic reconnection of dropped or roamed connections and diff-only screen updates. Furthermore, other than SSH or MoSH, terminal Browsh doesn't require a client like VNC. One final reason to use terminal Browsh could be to offload the battery-drain of a modern browser from your laptop or low-powered device like a Raspberry Pi. If you're a CLI-native, then you could potentially get a few more hours of life if your CPU-hungry browser is running somewhere else on mains electricity. Installation Download a binary from the releases (~7MB). You will need to have Firefox 63 (or higher) already ins
(read more)
The future of high-performance computing will be virtualized, VMware's Uday Kurkure has told The Register. Kurkure, the lead engineer for VMware's performance engineering team, has spent the past five years working on ways to virtualize machine-learning workloads running on accelerators. Earlier this month his team reported "near or better than bare-metal performance" for Bidirectional Encoder Representations from Transformers (BERT) and Mask R-CNN — two popular machine-learning workloads — running on virtualized GPUs (vGPU) connected using Nvidia's NVLink interconnect. NVLink enables compute and memory resources to be shared across up to four GPUs over a high-bandwidth mesh fabric operating at 6.25GB/s per lane compared to PCIe 4.0's 2.5GB/s. The interconnect enabled Kurkure's team to pool 160GB of GPU memory from the Dell PowerEdge system's four 40GB Nvidia A100 SXM GPUs. "As the machine learning models get bigger and bigger, they don't fit into the graphics memory of a single chip, so you need to use multiple GPUs," he explained. Support for NVLink in VMware's vSphere is a relatively new addition. By toggling NVLink on and off in vSphere between tests, Kurkure was able to determine how large of an impact the interconnect had on performance. And in what should be a surprise to no one, the large ML workloads ran faster, scaling linearly with additional GPUs, when NVLink was enabled. Testing showed Mask R-CNN training running 15 pe
(read more)
Fifteen years ago, Street View began as a far-fetched idea from Google co-founder Larry Page to build a 360-degree map of the entire world. Fast forward to today: There are now over 220 billion Street View images from over 100 countries and territories — a new milestone — allowing people to fully experience what it’s like to be in these places right from their phone or computer. And Street View doesn't just help you virtually explore, it’s also critical to our mapping efforts — letting you see the most up-to-date information about the world, while laying the foundation for a more immersive, intuitive map.While that’s all worth celebrating, we aren’t stopping there. Today, we’re unveiling Street View’s newest camera, giving you more ways to explore historical imagery, and taking a closer look at how Street View is powering the future of Google Maps.Bringing Street View to more places with our newest cameraFrom the back of a camel in the Arabian desert to a snowmobile zipping through the Arctic, we’ve gotten creative with the ways we’ve used Street View cameras to capture imagery. And if there’s one thing we’ve learned, it’s that our world changes at lightning speed. Our hardware is one way we’re able to keep up with the pace.In addition to our Street View car and trekker, we’re piloting a new camera that will fully roll out next year to help us collect high-quality images in more places. This new camera takes all the power, resolution and processing capabilities that we’ve built into an entire Street View car, and shrinks it down into an ultra-transportable camera system that’s roughly the size of a house cat. But unlike house cats, it’s ready to be taken to remote islands, up to the tops of mountains or on a stroll through your local town square. Here’s a quick look at our new camera system:It weighs less than 15 pounds. This means it can be shipped anywhere. This is especially handy when we work with partners around the world to capture imagery of traditionally under-mapped areas — like the Amazon jungle.It’s extremely customizable. Previously, we needed to create an entirely new camera system whenever we wanted to collect different types of imagery. But now, we can add on to this modular camera with components like lidar — laser scanners — to collect imagery with even more helpful details, like lane markings or potholes. We can add these features when we need them, and remove them when we don’t.It can fit on any car. Our new camera can be attached to any vehicle with a roof rack and operated right from a mobile device — no need for a specialized car or complex processing equipment. This flexibility will make collections easier for partners all over the world, and allow us to explore more sustainable solutions for our current fleet of cars — like plug-in hybrids o
(read more)
Can positivity be toxic? We’ll investigate the concept of toxic positivity. From this, we'll learn how we can communicate authentically.  What is toxic positivity?  ‘Toxic positivity’ is a relatively new term. It refers to positivity to the point of excess. It is predominantly a social media phenomenon. But, it has bled into our behaviour in daily life. Ironically, it fosters a negative culture. One that denies lived experiences and alienates people from a sense of community. When do I need to be aware of toxic positivity? Toxic positivity can crop up in a few different ways: On social media Instagram is notoriously a highlight reel rather than a window. It’s your prerogative to post whatever you want on social media. You may use your own feed as a way to motivate yourself. For example, if you’re documenting your fitness journey. Nobody has any obligation to anyone else to post lowlights. We can be as private or public as we want. Each person is responsible for their own self-esteem.  However, it’s best to keep in mind that social media doesn’t reflect real life. If someone is open about their struggles, it’s likely it helps them to simply document it. If they want a response, it's likely an empathetic one. Toxic positivity can invalidate someone's lived experience. In the workplace  Airing concerns or struggles in the workplace can be really nerve-wracking. Often, we are afraid of appearing unprofessional. We fear being judged negatively. This is the perfect opportunity to practice active listening. Active listening is taught in Mental Health First Aid.  Active listening looks like this: Giving someone space to air their feelings without interrupting Showing signs verbally and nonverbally that you’re listening Asking questions Respecting the person’s feelings It shows empathy instead of enforcing positivity to toxic levels. In ourselves We are our own worst critics. Sitting with one’s feelings is one of the most difficult skills to learn. Toxic positivity could hinder emotional intelligence. Emotional intelligence means being able to express our emotions. With it, we handle our interpersonal relationships with empathy and good judgement. We can’t do that without having a good relationship with ourselves.  Don’t be too hard on yourself if you’re struggling with negative thoughts. Acknowledge them neutrally and with curiosity. Ask yourself what you would say to a friend feeling the same way. It’s likely you would be empathetic and respect their feelings. Not deny the negative feelings altogether. Try to do the same thing for yourself.  How does this apply to my content?  It’s natural to emulate what we see online. But, going overboard on the ‘positive vibes’ may affect your content. Of course, you should communicate in the positive. Fear-based advertising will likely reflect poorly on your brand. It’s best practice to steer clear of negativity whenever possible. However, you could easily come across as unrelatable.  The key is knowing the difference.  Positive branding  Toxic positivity goes overboard. It minimises real human experiences. Positive branding is b
(read more)
When we all shifted our television broadcasts to digital, for a moment it looked as though we might have had to upgrade our sets only once and a set-top box would be a thing of the past. In Europe that meant the DVB-T standard, whose two-decade reign is slowly passing to DVB-T2 for higher definition and more channels. All of this might seem simple but for the DVB-T2 standard being a transport layer alone without a specified codec. Thus the first generation of DVB-T2 equipment uses MPEG4 or H.264, while for some countries the most recent broadcasts use HEVC, or H.265. [CyB3rn0id] is there to guide us through the resulting mess, and along the way produce a nifty upgrade tha
(read more)
To say that the material world alone exists is not terribly informative unless we have some account of what matter is.  Those who are most tempted to materialism are also inclined to answer that mat
(read more)
Computex Nvidia's push deeper into enterprise computing will see its practice of introducing a new GPU architecture every two years brought to its CPUs and data processing units (DPUs, aka SmartNICs). Speaking on the company's pre-recorded keynote released to coincide with the Computex exhibition in Taiwan this week, senior vice president for hardware engineering Brian Kelleher spoke of the company's "reputation for unmatched execution on silicon." That's language that needs to be considered in the context of Intel, an Nvidia rival, again delaying a planned entry to the discrete GPU market. "We will extend our execution excellence and give each of our chip architectures a two-year rhythm,"
(read more)
In its draft law to combat child sexual abuse, the EU Commission describes one of the most sophisticated mass surveillance apparatuses ever deployed outside China: CSAM scanning on everybody's device
(read more)
Logitech's MX Master 3S. Scharon Harding Specs at a glance: Logitech MX Master 3S Sensor Optical (model not disclosed) Connectivity options Bluetooth Low Energy, 2.4 GHz wireless dongle Programmable buttons 6 Onboard profiles None Lighting None Size 4.92×3.32×2.01 inches (124.9×84.3×51 mm) Weight 4.97 ounces (141 g) Warranty One year Price (MSRP)  $99 I've used the Logitech MX Master 3 as my primary productivity mouse since it came out in 2019. I've tested dozens of mice since, but none juggled a decent number of programmable buttons, advanced wireless capabilities, multi-device control, and long-term comfort as admirably as the MX Master 3. Today, Logitech released a revamped version, the MX Master 3S. It follows in Master 3's footsteps of wireless mouse excellence but doesn't introduce enough improvements to warrant ditching my MX Master 3 and opening my wallet again. As you might have guessed by the mild moniker modification, the 3S is slightly different from the 3. The new mouse has quieter left- and right-click buttons, and it supports higher sensitivity, so your cursor can move farther with less physical mouse movement—and that's it. While the tech enthusiast in me would love to see innovation in the design and feature set, the MX Master 3S didn't need many changes from the predecessor to be the ultimate power mouse. Now, it's just a bit more future-proofed for an 8K or second 4K monitor. Quieter clicks The difference was apparent immediately when Logitech followed the MX Master 2S with the MX Master 3. But the mildly upgraded 3S looks identical to the 3, save for a white color option, but once I started clicking, the disparity was clear. Clicking the 3S creates a soft thud, followed by a quieter noise as the button travels back up. Those sounds are purportedly 90 percent softer than the clicks heard when pressing the 3's left- or right-click buttons down and when they reset. A Logitech rep told me the company couldn't use these quieter buttons before because they weren't confirmed to last for 10 million clicks. The MX Master 3S in graphite. Scharon Harding The MX Master 3's audible clicks didn't bother me before. I felt like they emphasized my clicks, making them feel sharp and precise but slightly more exhausting to press than the same buttons on other mice, such as the gaming-geared wireless Alienware AW720M. However, the 3S's primary click buttons don't feel mushier or flatter than the 3's. They still have a discernible amount of travel to them, so I can tell when I've bottomed out, and they return rapidly. The mouse still has zippy clicks without the noise to prove it. Extra sensitive for 4K and beyond From 4K to 8K screens and multi-monitor setups, we often push ourselves to do more, multi-task, and keep an eye on projects across many pixels. With an optical sensor supporting a larger sensitivity range than before, the MX Master 3S makes it so you don't have to move your arm as much to move your mouse across your dual 4K setup... you just
(read more)
Amazon announced the Graviton 3 processor and C7g instance family in November 2021, but it took six months before they were ready for general availability; in the mean time, however, as the maintainer of the FreeBSD/EC2 platform I was able to get early access to these instances. As far as FreeBSD is concerned, Graviton 3 is mostly just a faster version of the Graviton 2: Most things "just work", and the things which don't work on Graviton 2 — hotplug devices and cleanly shutting down an instance via the EC2 API — also don't work on Graviton 3. (Want to help get these fixed? Sponsor my
(read more)
Here’s the summary of the hardware and the software that powers Healthchecks.io. Hardware Since 2017, Healthchecks.io runs on dedicated servers at Hetzner. The current lineup is: HAProxy servers: 4x AX41-NVMe servers (Ryzen 3600, 6 cores)Web servers: 3x AX41-NVMe servers (Ryzen 3600, 6 cores)PostgreSQL servers: 2x AX101 servers (Ryzen 5950X, 16 cores) All servers are located in the Falkenstein data center park, scattered across the FSN-DCx data centers so they are not all behind the same core switch. The monthly Hetzner bill is €484. Software Ubuntu 20.04 on all machines.Systemd manage
(read more)
If only it were cheaper — Switches and wireless capabilities are spectacular, but there's stiff competition. Enlarge / Logitech's MX Keys Mechanical (bottom) and MX Keys Mini (top) keyboards. Scharon Harding Specs at a glance: Logitech MX Keys Mechanical Switches Kailh low-profile tactile, clicky, or linear Keycaps ABS plastic Connectivity options Bluetooth Low Energy or 2.4 GHz USB-A dongle Backlighting White Size 17.08×5.18×1.03 inches (433.85×131.55×26.1 mm) Weight 1.35 lbs (612 g) Warranty 1 year Price (MSRP) $170 With an office-friendly appearance, tasteful backlighting, multi-PC wireless control, and simple software all backed by a reputable name, the Logitech MX Keys Mechanical ($170 MSRP) wireless keyboard was announced Tuesday, as well as the smaller MX Keys Mini ($150), are solid, serviceable entry points into mechanical keyboards. If the new keyboards look familiar, it's because they take inspiration in appearance and features from the MX Keys ($120) and MX Keys Mini ($100) membrane wireless, respectively, but with satisfying, low-profile clicky, tactile, or linear mechanical switches. It's the kind of design that leads plenty of people to try a mechanical keyboard for the first time. But when comparing it to other wireless mechanical keyboards, you can find more features, including some that power users will miss, from rivals for less money. Keeping a low(er) profile I tend to be wary of low-profile mechanical keyboards. Some subpar options I've tried with shallow, mushy, linear low-profile switches and flat keycaps have scarred me a bit. They're popular among gamers, due to a perceived speed advantage, but you'd have to be quite competitive (I'm not) for that to make a huge difference. But with a little more height than other low-profile options and higher actuation force specs, the switches in the MX Keys proved to offer a nice middle ground. They still actuated quickly, as in laptop keyboards, while providing healthy travel for those used to full-sized mechanical switches. You can get the MX Keys Mechanical with what Logitech told me are proprietary tactile, clicky, or linear switches made by Kailh. All three types have 3.2 mm total travel, actuate at 1.3 mm, and require 55 g of force to actuate. The switches' travel specs make them similar to Kailh's Choc line of low-profile switches but require more actuation force (compared to 45 g). I primarily used the tactile version of the keyboard, and they felt far from mushy. Compared to a full-size Cherry MX Brown switch (4 mm / 2 mm / 55 g), the MX Keys Mechanical's brown switches felt quicker to actuate and return, likely due to the shorter travel. Low-profile tactile mechanical switches.
(read more)
SupabaseBuild in a weekend. Scale to billions.Apply to Supabase and hundreds of other fast-growing YC startups with a single profile.Apply to role ›About the role!Join Supabase Supabase is an Open Source and fully remote company building developer tools for hundreds of thousands of indie developers, startups, and businesses. We’re seeking a Head of Documentation to, well ... write documentation. You’ll guide developers to use databases, authentication, file storage, edge functions, REST APIs, GraphQL, and realtime data streaming. We believe that documentation is more than just a tool. It’s part of our product. The documentation is where developers take their first step on their side project. We know our docs need a lot of work, and that’s why we need you. If you have ideas for what the best docs in the world would look like, we want you to join us and make that happen. Who we need: You write concisely. We like short sentences. We don’t like fluff. You love developer tools. That’s the content you’ll be writing about every day. You are collaborative. You’ll be working with basically everyone in the company. You know how to structure docs. Have an understanding that your structure is to help search engines find things as well as humans. You understand the communication level of docs. Guides vs Reference Level. Understand how to and when to link to other parts of the docs. Who we don’t need A manager. You won’t need to manage a team of people to write docs. You will be the writer and the owner of documentation as a product. A frontend developer. The docs are written in Next.js but you don’t need to develop the docs themselves - we have a great team who will be happy to help you implement any idea you want. A designer. You won’t need to come up with icons and font-selections. If you can pencil an idea onto paper, we’ll turn it into something cool. Some skills that will be useful Knowledge of SQL and databases (specifically databases). Know how to create images or videos/gifs. We love visual docs (and generally anything to write less words). Understanding of SEO We offer 100% remote work from anywhere in the world. No location-based adjustment to your salary. Autonomous work. We work collaboratively on projects, but you set your own pace. Health, Vision and Dental benefits. Supabase covers 100% of the cost for employees and 80% for dependants Generous Tech Allowance for any office setup you need Annual Education Allowance Annually run off-sites. BUILD IN A WEEKEND. SCALE TO BILLIONS Supabase adds auth, realtime, and restful APIs to Postgres without a single line of code. Each project within Supabase is an isolated Postgres cluster, allowing customers to scale independently, while still providing the features that you need to build: instant database setup, auth, row level security, realtime data streams, auto-generating APIs, and a simple to use web interface. We are a fully remote company. Key Tech: Javascript, Typescript, Go, Elixir, PostgREST (haskell), Postgres, Pulumi About the team We're a startup. It's unstructured. Collectively founded more than a dozen venture-backed companies. More than 10 different n
(read more)
Ask HN: Serious mathematics books that can replace a good teacher? 41 points by newsoul 1 hour ago | hide | past | favorite | 28 comments Mathematics is best learned under the guidance of a mentor. But not everyone has access to mentors all the time. That's where books come in. Good books. Books that can be substitute for a mentor or sometimes even better.Which books (preferably not pop-sci) fall into this category? If someone has a nonstandard analysis text that they endorse as really good, I would love to hear about that. It would be a shame to tell a kid about deltas and epsilons. No. Books can't understand how you think and learn and help guide you. There is no substitute for a good teacher. Is there a best book for that student? Probably, but who is that student? We don't know!Beyond just learning mathematics, seeing the art and beauty in it is also best taught by someone who knows the subject and the student. Without the beauty, it's just what could be in a textbook, assuming you found the right book.If you're asking if you can find a good book to teach someone, that depends on your style and theirs . . .We will almost certainly have good student-focused AI teachers during our lifetimes for things like math and languages. Will AI be able to show us the art? I can't say for sure, but I bet so . . . > There is no substitute for a good teacher.Note that this does not mean one cannot fully learn a subject from books or that the average teacher is better than books or that a good teacher dealing with 30 other kids will be better than a good book. I expected to see something about probability and statistics but they're hidden with dozens of other topics in the electives > Any and every topic imaginable. Are probability and statistics not part of a regular mathematics curriculum? I really like Arthur Benjamin's work on mental mathematics. I'm not savant-level, doing division in the thousands or huge floating points in my head yet but I sure am a lot sharper than I was coming out of high school from studying his work, and I guarantee you will just have fun with expanding your capability to think about numbers. [1]I got a copy of this book from the 1920s which is really cool because it teaches you math lessons you have to actually go out and physically do stuff with like pegs and strings in a field, from the perspective of the history of mathematics where people were limited to such devices in order to do stuff like trigonometry. Very very different approach, probably not for everyone, but for me I just think it's pretty cool. It definitely was written in the 1920s though so you better get used to that particular writing style if you plan on digesting it like a course. It's designed that way, though, and it's got great reviews. Just keep
(read more)
Amazon is reportedly installing AI-powered cameras in delivery vans to keep tabs on its drivers in the UK. The technology was first deployed, with numerous errors that reportedly denied drivers' bonuses after malfunctions, in the US. Last year, the internet giant produced a corporate video detailing how the cameras monitor drivers' driving behavior for safety reasons. The same system is now apparently being rolled out to vehicles in the UK.  Multiple camera lenses are placed under the front mirror. One is directed at the person behind the wheel, one is facing the road, and two are located on either side to provide a wider view. The cameras are monitored by software built by Netradyne, a co
(read more)
An (Unofficial) Firmware Upgrade for Dyson V6/V7 Vacuum Battery Management System (BMS) Dyson vacuum batteries are designed to fail. Here's why: Series battery cells in a battery pack
(read more)
The Chinese government has announced that it will again allow "platform companies" – Beijing's term for tech giants – to list on overseas stock markets, marking a loosening of restrictions on the sector. "Platform companies will be encouraged to list on domestic and overseas markets in accordance with laws and regulations," announced premier Li Keqiang at an executive meeting of China's State Council – a body akin to cabinet in the USA or parliamentary democracies. The statement comes a week after vice premier Liu He advocated technology and government cooperation and a digital economy that supports an opening to "the outside world" to around 100 members of the Chinese People's Politi
(read more)
Way back in April 2018, GitLab 10.7 introduced the Web IDE to the world and brought a delightful multi-file editor to the heart of the GitLab experience. Our goal was to make it easier for anyone an
(read more)
Amazon Web Services has made its latest homebrew CPU, the Graviton3, available to rent in its Elastic Compute Cloud (EC2) infrastructure-as-a-service offering. The cloud colossus launched Graviton3 at its late 2021 re:Invent conference, revealing that the 55-billion-transistor device includes 64 cores, runs at 2.6GHz clock speed, can address DDR5 RAM and 300GB/sec max memory bandwidth, and employs 256-bit Scalable Vector Extensions. The chips were offered as a tech preview to select customers. And on Monday, AWS made them available to all comers in a single instance type named C7g. EC2's C-series instances are billed as ideal for compute intensive tasks. The series is now in its seventh generation – and the only seventh-gen instance uses Graviton3. Intel Xeons and AMD EPYCs are currently confined to sixth-gen instance types. Take that, you x86 dinosaurs. A peek into Gigabyte's GPU Arm for AI, HPC shops AMD reveals 5nm Ryzen 7000 powered by Zen 4 cores The 'substantial contributions' Intel has promised to boost RISC-V adoption Intel's Habana unit reveals new Nvidia A100 challengers The C7g instances offer eight sizes, with 1, 2, 4, 8, 16, 32, 48, and 64 vCPUs. The Register has looked up hourly prices for the C7 instance, the C6 instance that uses the Graviton 2, and the C-series instances running the third-gen Xeon and EPYC processors. We used the US West (Oregon) region as our guide, as it is one of just two regions currently offering the Graviton3. Our research considered instances running the same number of vCPUs offered by the C7 instance type. As the table below shows, Graviton3 instances cost more than Graviton2-powered rent-a-servers, but less than their x86 competitors. AWS offers other ways to consume its infrastructure at lower prices. vCPUs C7g Graviton3 C6i 3rd-gen Xeon C6a 3rd-gen EPYC C6g Graviton2 1 $0.036 N/A N/A $0.034 2 $0.073 $0.085 $0.077 $0.068 4 $0.145 $0.170 $0.153 $0.136 8 $0.290 $0.340 $0.306 $0.272 16 $0.580 $0.680 $0.612 $0.544 32 $1.160 $1.360 $1.224 $1.088 48 $1.740 $2.040 $1.836 $1.632 64 $2.320 $2.720 $2.448 $2.176 The AWS announcement of Graviton3 going into pro
(read more)
High-speed video reveals a big difference in how salamanders react to falling. While ground-dwelling (nonarboreal) salamanders seem helpless during freefall in a vertical wind tunnel, arboreal salamanders maneuver confidently. This suggests that the tree-dwellers have adapted to routine falls, and perhaps use falling as a way to quickly move around in the canopies of the world’s tallest trees. The white spots are paper disks attached with water in order to track the motion of the head, body and tail. (Video produced by Roxanne Makasdjian with footage courtesy of Christian Brown) Salamanders that live their entire lives in the crowns of the world’s tallest trees, California’s coast redwoods, have evolved a behavior well-adapted to the dangers of falling from high places: the ability to parachute, glide and maneuver in mid-air. Flying squirrels, not to mention numerous species of gliding frogs, geckos, and ants and other insects, are known to use similar aerial maneuvers when jumping from tree to tree or when falling, so as to remain in the trees and avoid landing on the ground. Similarly, the researchers suspect that this salamander’s skydiving skills are a way to steer back to a tree it’s fallen or jumped from, the better to avoid terrestrial predators. “
(read more)
Computex Nvidia's Grace CPU and Hopper Superchips will make their first appearance early next year in systems that'll be based on reference servers unveiled at Computex 2022 this week. It's hoped these Arm-compatible HGX-series designs will be used to build computer systems that power what Nvidia believes will be a "half trillion dollar" market of machine learning, digital-twin simulation, and cloud gaming applications. "This transformation requires us to reimagine the datacenter at every level, from hardware to software from chips to infrastructure to systems," Paresh Kharya, senior director of product management and marketing at Nvidia, said during a press briefing. All of the four reference systems are powered by Nvidia's Arm-compatible Grace and Grace-Hopper Superchips announced at GTC this spring. The Grace Superchip fuses two Grace CPU dies, connected by the chipmaker's 900 GB/s NVLink-C2C interconnect tech, onto on a single daughter board that delivers 144 CPU cores and 1TB/s of memory bandwidth in a 500W footprint. Grace-Hopper swaps one of the CPU dies for an H100 GPU die, also connected directly to the CPU by NVLink-C2C. These latest additions to the HGX line are supposed to be chipmaker's answer to large HPC deployments where compute density is the primary concern. One reference design, the 2U HGX Grace-Hopper blade node, uses a Grace-Hopper Superchip with 512GB of LPDDR5x DRAM and 80GB of HBM3 memory. For compute workloads that aren't optimized for GPU acceleration, Nvidia also offers the 1U HGX Grace blade server, which swaps out the Grace-Hopper Superchip for an a CPU-only module with 1TB of LPDDR5x memory. Two HGX Grace-Hopper or four HGX Grace nodes can be slotted into a single chassis for system power. "For these HGX references, Nvidia will provide [OEMs with] the Grace-Hopper and Grace CPU Superchip modules as well as the corresponding PCB reference designs," Kharya said. Six Nvidia partner vendors — Asus, Foxconn, Gigabyte, QCT, Supermicro, and Wiwynn — plan to develop systems based on the reference designs, with initial shipments slated for early next year. Nvidia CEO Jensen Huang talks chips, GP
(read more)
Nvidia's GPUs are becoming increasingly more power hungry, so the US giant is hoping to make datacenters using them "greener" with liquid-cooled PCIe cards that contain its highest-performing chips. At this year's Computex event in Taiwan, the computer graphics goliath revealed it will sell a liquid-cooled PCIe card for its flagship server GPU, the A100, in the third quarter of this year. Then in early 2023, the company plans to release a liquid-cooled PCIe card for the A100's recently announced successor, the Hopper-powered H100. Nvidia's A100 has already been available for liquid-cooled servers, but to date, this has only been possible in the GPU's SXM form factor that goes into the company's HGX server board. With the new liquid-cooled PCIe form factor, Nvidia is making fluid-cooled GPU servers more widely available. Over a dozen server makers are expected to support the liquid-cooled A100 PCIe card later this year, including ASUS, Gigabyte, Inspur, and Supermicro. Nvidia reveals specs of latest GPU: The Hopper-based H100 Nvidia open-sources Linux kernel GPU modules. Repeat, open-source GPU modules How Nvidia is overcoming slowdown issues in GPU clusters Intel plans immersion lab to chill its power-hungry chips The upcoming PCIe cards will use direct-to-chip liquid cooling, and, because of that, they will only take up one PCIe slot in a server versus the two slots required by the air-cooled versions. In a briefing with journalists, Paresh Kharya, Nvidia's director of datacenter computing, claimed that these factors will allow datacenters with liquid-cooled A100 PCIe cards to provide the same level of performance as datacenters with air-cooled A100 cards while consuming up to 30 percent less power and using 66 percent fewer racks, based on recent tests Nvidia conducted with datacenter giant Equinix. He said the liquid-cooled PCIe cards will also help datacenters improve their power usage effectiveness (PUE). PUE is a key industry metric that determines a datacenter's efficiency by measuring how much energy goes into the building and dividing it by the amount of energy consumed by the datacenter, including the cooling systems
(read more)
Mr. Derek Taylor (DistroTube) uploaded a video on his YouTube channel about a fellow YouTube poster named Roel Van de Paar.  While DistroTube creates well-produced and informative content about Linux and free and open source software, Mr. Van de Paar has adopted a different posting approach. He takes Stack Exchange questions and answers and creates text-based videos containing nothing but those questions and answers. Mr. Van de Paar has recently been posting more than one video per minute, and has now uploaded more than 2,000,000 videos to YouTube. (He has posted more YouTube videos than anyone else.)Is it time for a new content-posting strategy here at The New Leaf Journal?  (I kid.)
(read more)
Unprecedented evidence from internal police networks in China’s Xinjiang region proves prison-like nature of re-education camps, shows top Chinese leaders’ direct involvement in the mass internment campaign. The Xinjiang Police Files are a major cache of speeches, images, documents and spreadsheets obtained by a third party from confidential internal police networks. They provide a groundbreaking inside view of the nature and scale of Beijing's secretive campaign of interning between 1-2 million Uyghurs
(read more)
A few weeks ago we posted a build of an avid motorcycle enthusiast named [fvfilippetti] who created a voltage regulator essentially from the ground up. While this was a popular build, the regulator only works for a small subset of motorcycles. This had a large number of readers clamoring for a more common three-phase regulator as well. Normally we wouldn’t expect someone to drop everything they’re doing and start working on a brand new project based on the comments here, but that’s exactly what he’s done. It’s important to note that the solutions he has developed are currently only in the simulation phase, but they show promise in SPICE models. There are actually two schematics available for those who would like to continue his open-source project. Compared to shunt-type regulators, these have some advantages. Besides being open-source, they do not load the engine when the battery is fully charged, which improves efficiency. The only downside is that they have have added complexity as they can’t open this circuit except under specific situations, which requires a specific type of switch. All in all, this is an excellent step on the way to a true prot
(read more)
Enlarge / A negative stain electron micrograph of a monkeypox virus virion in human vesicular fluid. The US Centers for Disease Control and Prevention today provided an update on the monkeypox situation in the US, which is connected to a growing multinational outbreak. It also used the time to address open questions and calm some unfounded fears. To date, there are five confirmed and probable cases in the US. The one confirmed case of monkeypox in the US was identified last week in a Massachusetts man who had recently traveled to Canada. The four probable cases include one in New York City, one in Florida, and two in Utah. Those four cases are probable because they all tested positive for an orthopoxvirus, the family of viruses that includes monkeypox and smallpox. They are considered presumptive monkeypox cases and are being treated as such while the CDC carries out secondary testing to confirm monkeypox. All five confirmed and probable cases in the US are in men, and all have a history of international travel that fits with the multinational outbreak. The CDC also used today's briefing to highlight that it had sequenced the genome of the monkeypox virus from the initial Massachusetts case. The genetic sequence closely matches that of a case in Portugal. Globally, there are nearly 250 confirmed and suspected cases from 17 countries, most of which are in Europe. Roughly 165 cases are confirmed, and 83 are suspected (you can track the growing tally here and here). The cases are predominately in men and, specifically, in men who identify as gay, bisexual, or are men who have sex with men (MSM). This is an unusual o
(read more)
microcontrollers are overrated introduction This is an LED array that lights up in response to motion and sends waves across the array. The array consists of identical "units" connected in a grid, with 16 units per board. Boards are tileable to make an arbitrarily large array. What makes this array unique is that the LEDs are controlled entirely by analog circuitry. No digital logic anywhere! (Except perhaps the switching regulators on each board.) All "computation" is done by operational amplifiers (opamps). There is no need for it to boot up or communicate with anything else, and the dimming and wave effect are completely smooth with no modulation or discrete levels. concept and design A Long Time Ago(TM) I was curious about the uses of opamps. I learned that they were capable of implementing many mathematical operations, including differentiation and integration. It also happened that I had recently learned about differential equations, which can be solved by (you guessed it) differentiation and integration. Putting two and two together... I got the idea to visualize differential equations using an array of LEDs and motion sensors driven by opamps. I wanted to create a circuit to model a physical process by solving a differential equation, like the wave equation or the heat equation. In particular, I thought the wave equation would be fun; waving your hand over the array would be like stirring a pool of water. This idea then languished for some ten years. mat
(read more)
May 23, 2022 / 6:01 PM / MoneyWatch Some 3 million Americans will enroll in graduate programs this year — only to work toward degrees that often aren't worth the time or money, according to an education policy analyst. Many undergraduates earn their bachelor's degrees and go straight to graduate school in hopes of gaining a new degree or skills that will make them more attractive to prospective employers."The reason people go makes sense. They go t
(read more)
Tether claims its dollar-pegged token is "fully backed."Justin Tallis | Afp | Getty ImagesInvestors have yanked more than $10 billion out of tether in the past two weeks amid heightened regulatory scrutiny over stablecoins.Tether, the world's largest stablecoin, has seen its circulating supply plunge from a record $84.2 billion on May 11 to around $73.3 billion as of Monday, according to data from CoinGecko. About $1 billion was withdrawn late Friday evening.The cryptocurrency, which is meant to be pegged to the U.S. dollar, temporarily dipped as low as 95 cents on May 12 after another type of
(read more)
Date Make Model Number of Cars Location State / Province Country Collision Fatalities Injuries Description 5/23/2022 Unknown 1 Route 3, Brooklyn IL 0 0 Car purchased a week prior 5/23/2022 Unknown 1 Austin TX 0 0 Car in flames on side of road 5/22/2022 Model S 3 3851 Bird Road, Miami FL 0 0 Car ignited in Tesla Sales Center parking lot, s... 5/21/2022 Model 3 1 California City CA 0 0 Parked car burst into flames 5/20/2022 Model Y 1 Mountain Hwy and Hunter, Vancouver 0 0 Car stopped and shut down before bursting into f... 4/24/20
(read more)
Broadcom is to acquire VMware for $60 billion in a deal that will be announced on Thursday. That's according to the Wall Street Journal. VMware is scheduled to report its Q1 2023 results on the same day, so the Thursday announcement theory is not entirely unrealistic. Neither biz has had anything to say about the reported deal at the time of writing, with VMware declining comment on rumor and speculation. Shareholders have expressed differing opinions about the proposed acquisition. Broadcom's share price fell three percent during Monday trading, while VMware's rose by almost 25 percent. Until today's share price spike, VMware underperformed the NYSE index over the past six months. A $60 billion price tag, at $140 per share, would represent a premium on VMware
(read more)
Organized philanthropy, like most things, looks different on the inside than it does from the outside. “Philanthropy” comes from the Greek for “love of humanity,” and public perceptions of it have usually centered on donors and how humanity-loving they really are. The good guys are generous rich people who give to causes we all approve of, like combatting climate change; the bad guys give in order to launder their reputations (like the opioid-promoting Sackler family) or to advance unsavory goals (like the anti-environmentalist Kochs). Either way, the salient questions about philanthropy, for most people, have to do with the size and the quality of a donor’s heart and soul.In real life, the interaction between big-money philanthropy and philanthropy-reliant institutions like univ
(read more)
We write a lot about self-driving vehicles here at Hackaday, but it’s fair to say that most of the limelight has fallen upon large and well-known technology companies on the west coast of the USA. It’s worth drawing attention to other parts of the world where just as much research has gone into autonomous transport, and on that note there’s an interesting milestone from Europe. The British company Oxbotica has successfully made the first zero-occupancy on-road journey in Europe, on a public road in Oxford, UK. The glossy promo video below the break shows the feat as the vehicle with number plates signifying its on-road legality drives round the relatively quiet roads through one of the city’s technology parks, and promises a bright future of local deliveries and
(read more)
LONDON (AP) — A leading adviser to the World Health Organization described the unprecedented outbreak of monkeypox in developed countries as “a random event” that appears to have been caused by sexual activity at two recent raves in Europe.Dr. David Heymann, who formerly headed WHO’s emergencies department, told The Associated Press that the leading theory to explain the spread of the disease was sexual transmission at raves held in Spain and Belgium. Monkeypox has not previously triggered widespread outbreaks beyond Africa, where it is endemic in animals. “We know monkeypox can spread when there is close contact with the lesions of someone who is infected, and it looks like sexual contact has now amplified that transmission,” said Heymann. That marks a significant departure fr
(read more)
Screencastify, a popular Chrome extension for capturing and sharing videos from websites, was recently found to be vulnerable to a cross-site scripting (XSS) flaw that allowed arbitrary websites to dupe people into unknowingly activating their webcams. A miscreant taking advantage of this flaw could then download the resulting video from the victim's Google Drive account. Software developer Wladimir Palant, co-founder of ad amelioration biz Eyeo, published a blog post about his findings on Monday. He said he reported the XSS bug in February, and Screencastify's developers fixed it within a day. But Palant contends the browser extension continues to pose a risk because the code trusts multiple partner subdomains, and an XSS flaw on any one of those sites could potentially be misused
(read more)
Democrat senators have urged America's Federal Trade Commission to do something to protect the privacy of women after it emerged details of visits to abortion clinics were being sold by data brokers. Women's healthcare is an especially thorny issue right now after the Supreme Court voted in a leaked draft majority opinion to overturn Roe v Wade, a landmark ruling that declared women's rights to have an abortion are protected by the Fourteenth Amendment of the US Constitution. If the nation's top judges indeed vote to strike down that 1973 decision, individual states, at least, can set their own laws governing women's reproductive rights. Thirteen states already have so-called "trigger laws" in place prohibiting abortions – mostly with exceptions in certain conditions, such as if the pre
(read more)
Fentanyl test strips (FTS) are a simple, inexpensive, and evidence-based method of averting drug overdose. FTS are small strips of paper that can detect the presence of fentanyl in any drug batch—pills, powder, or injectables. This tool might be lifesaving for the teenager experimenting for the first time, the individual in the throes of a severe opioid use disorder, the concert-goer looking for a trip, the person using a preferred substance obtained from a new source, or the individual years into recovery. FTS also support the dignity and well-being of people who use drugs (PWUD), enabling them to make educated decisions about their safety. And yet after years of press and discussions of the strips’ utility, FTS aren’t as widely available as one would expect them to be. It is t
(read more)
The idea of a cyberdeck is simple. A relatively portable case that is primarily a keyboard with some screen attached. Cyberdecks often try to hit a particular aesthetic or vibe rather than focusing on usability or practicality. [Carter Hurd] took a step back and asked himself what would be a cyberdeck-like system that he could practically use every day. [Carter’s] build is a prototype that allows him to try out the form factor and use it as a daily driver, so many decisions were made to speed up the build and get something functional. For example, rather than spend the time tweaking and printing his own keyboard, he used an off-the-shelf keyboard he knew he liked. While a framework motherboard would have been perfect for something like this, they, unfortunately, weren
(read more)
Introducing Indigo — the native macOS app which will revolutionise the way you configure and run local web servers on your Mac.Sign up for the beta Bare metal. With the best of virtualized.Run all the same services as your production stack, isolated but directly on your Mac.No Docker, no virtual machines, no hassles.Remove or rebuild your stacks anytime you want to start fresh.Each stack configuration is stored in a single file. Build your entire dev environment on a new Mac with a single click.Run all the things.Nginx, Apache, PHP, MySQL... Indigo comes with everything you’ll need to get your projects running locally in no time. Run all your projects—as many servers and PHP versions as you want—all at once if you like.Say hello to instant.No more waiting for your files to sync in
(read more)
Please enable cookies. We are checking your browser... www.researchgate.net Why do I have to complete a CAPTCHA? Completing the CAPTCHA proves you are a human and gives you temporary access to the web property. What can I do to prevent this in the future? If you are on a personal connection, like at home, you can run an anti-virus scan on your device to make sure it is not infected with malware. If you are at an office or shared network, you can ask the network administrator to run a scan across the network looking for misconfigured or infected devices.
(read more)
Cambridge Analytica is back to haunt Mark Zuckerberg: Washington DC's Attorney General filed a lawsuit today directly accusing the Meta CEO of personal involvement in the abuses that led to the data-slurping scandal.  DC AG Karl Racine filed [PDF] the civil suit on Monday morning, saying his office's investigations found ample evidence Zuck could be held responsible for that 2018 cluster-fsck. For those who've put it out of mind, UK-based Cambridge Analytica harvested tens of millions of people's info via a third-party Facebook app, revealing a – at best – somewhat slipshod handling of netizens' privacy by the US tech giant. That year, Racine sued Facebook, claiming the social network was well aware of the analytics firm's antics yet failed to do anything meaningful until the data ha
(read more)
Trial Status: Active This phase I trial tests the safety, side effects, and best dose of CF33-hNIS-antiPDL1 in treating patients with triple negative breast cancer that has spread to other places in the body (metastatic). CF33-hNIS-antiPDL1 is an oncolytic virus. This is a virus that is designed to infect tumor cells and break them down. Inclusion Criteria Documented informed consent of the participant and/or legally authorized representative * Assent, when appropriate, will be obtained per institutional guidelines
(read more)
I have the kind of garden plot where you’re lucky to even push a shovel into the ground. The rocky clay is so hard it’s not only exhausting to work, it broke my neighbor’s tractor when he tried to till it. That’s why I ended up building raised beds to grow food, and we offer them as a general recommendation to budding gardeners because it’s an easy, reliable method that works pretty much anywhere. And — very important in these times — they help you get growing fast.However, raised beds won’t last forever. Wood rots — even pressure-treated wood. Metal rusts away. Stone beds can last nearly forever, but they’re a pain to build, and even then compost disappears and the beds sink unless you refill them every so often.Long term, we want to build up our native soil so we don’t need the crutch of raised beds. Dumping a box of compost on top of the ground can go a long way toward improving the soil, as it adds organic matter and beneficial bacteria that loosen and liven up dead soils. At least in theory.But some of us need more help. David the Good, one of my favorite gardening authors and YouTubers, has been tracking the journey of his friend Elizabeth. She started with concrete-like soil and has successfully turned it into a beautiful and productive garden. Not only that, but she uses no commercial inputs and has thus closed her dependency loops. Let’s see how she did it.Lasagna Gardening FailNo-till gardening is the hottest thing going in the horticultural world. In traditional gardening and farming, you use tools and machines to till or pulverize the ground until it’s loose enough for delicate human-cultivated plants to grow in it. That’s a lot o
(read more)
This RFC outlines the biggest update to Next.js since it was introduced in 2016:Nested Layouts: Build complex applications with nested routes.Designed for Server Components: Optimized for subtree navigation.Improved Data Fetching: Fetch in layouts while avoiding waterfalls.Using React 18 Features: Streaming, Transitions, and Suspense.Client and Server Routing: Server-centric routing with SPA-like behavior.100% incrementally adoptable: No breaking changes so you can adopt gradually.Advanced Routing Conventions: Offscreen stashing, instant transitions, and more.The new Next.js router will be built on top of the recently released React 18 features. We plan to introduce defaults and conventions to allow you to easily adopt these new features and take advantage of the benefits they unlock.TimelineThis RFC will be divided into two parts:Part 1 (This Post): Overview of the new routing system and how it integrates with React Server Components and Data Fetching.Part 2 (Next Post): Advanced routing examples and conventions, and how Next.js will use Suspense behind the scenes for streaming and selective hydration.MotivationWe've been gathering community feedback from GitHub, Discord, Reddit, and our developer survey about the current limitations of routing in Next.js. We've found that:The developer experience of creating layouts can be improved. It should be easy to create layouts that can be nested, shared across routes, and have their state preserved on navigation.Many Next.js applications are dashboards or consoles, which would benefit from more advanced routing solutions.While the current routing system has worked well since the beginning of Next.js, we want to make it easier fo
(read more)
A small group of quality assurance workers at an Activision Blizzard-owned game studio have unionized, marking the arrival of the first labor union at a major U.S. gaming company.The workers at Raven Software, which is a Wisconsin subsidiary of Activision, voted to form the union Game Workers Alliance with the Communications Workers of America. Nineteen workers voted in favor of the union, with three voting against, the National Labor Relations Board tallied Monday. Two additional challenged ballots were uncounted, but do not change the outcome. The union victory at the video game giant could serve as a foothold for other workers in the gaming industry looking to organize. Workers have increasingly criticized practices in the industry, including temporary contracts with little job security and grueling working conditions during weeks-long pushes to meet game deadlines. North America saw its first video game union form at the end of 2021 at Vodeo Games, an indie studio with about a dozen employees.The vote comes during a transitional and tumultuous period at Activision Blizzard, with Microsoft announcing its intentions to purchase the company for nearly $69 billion in January. Activision Blizzard has in recent years faced high-profile claims of sexual misconduct and unequal pay. The Santa Monica video game giant creates some of the most well-known franchises in the industry, including “Call of Duty,” “Diablo” and “World of Warcraft.” Raven Software, a subsidiary acquired in 1997, leads the company’s “Call of Duty” development. Raven Software workers walked off the job in early December after several members of the quality assurance department were let go at the end of their contracts. Between 70 and 75 workers from Raven and other parts of Activision Blizzard went on strike. The work stoppage lasted more than a month and culminated in workers announcing their intent to unionize in January.Days after workers announced their intent to unionize, Raven management announced plans Jan. 24 to break up the department of quality assurance workers and distribute them to other teams. Activision Blizzard then lobbied the NLRB to expand the group of workers
(read more)
We all share the same fate — "Your days of fighting for the so-called greater good are over." Tom Cruise and his plucky team are back to save the world (again) in Mission: Impossible–Dead Reckoning Part One. The official trailer for Mission: Impossible–Dead Reckoning Part One (aka Mission: Impossible 7) is here and chock-full of the kind of global intrigue and jaw-dropping stunts fans have come to expect from this hugely successful franchise. The trailer was shown in April exclusively at CinemaCon and the intent was to release it this coming weekend when the highly anticipated Top Gun: Maverick finally (finally!) hits theaters. But an online leak supposedly forced Paramount's hand, so we get to see star Tom Cruise drive his motorcycle off a cliff a week early. We'll have to wait until next summer, however—that's 2023—to see the film. (Mild spoilers for previous films in the franchise below.) Launched in 1996 with the first Mission: Impossible, the franchise is one of the highest-grossest film series, with a combined global box office take of more than $3.5 billion so far. The first film was set six years after the
(read more)
Badda-badda-boom! — This season's big bad is Vecna, a villain straight out of Dungeons and Dragons Netflix has dropped the final trailer for Stranger Things S4 (Volume 1). The fourth season of Stranger Things is almost here—at least the first seven episodes since the release is split in two. So Netflix released a spooky final trailer, chock full of 1980s horror tropes, on the heels of the revelation last month that the season's Big Bad will be a Dungeons and Dragons villain named Vecna. We've previously reported that David Harbour is returning as Hopper, along with the rest of the main cast. Winona Ryder (Joyce Byers), Finn Wolfhard (Mike Wheeler), Natalia Dyer (Nancy Wheeler), Noah Schnapp (Will Byers), Charlie Heaton (Jonathan Byers), Gaten Matarazzo (Dustin Henderson), Joe Keery (Steve Harrington), Caleb McLaughlin (Lucas Sinclair), and Sadie Sink (Max Mayfield) all return. We also know the fourth season is the first to mostly occur outside of Hawkins since Eleven and the Byerses have moved away, and Hopper is in a Russian prison. Maya Thurman Hawke returns as Robin, Brett Gelman is back as Murray Bauman, Cara Buono returns as the Wheeler matriarch, and we'll be seeing more of Priah Ferguson, who plays Lucas' sassy younger sister, Erica. Robert Englund of Nightmare on Elm Street fame is among the new cast members, a nice little nod to classic '80s horror. Englund plays Victor Creel, the former owner of the spooky Creel House featured in one of the teasers. S4 is the longest season yet in terms of running time; not one of its nine episodes runs less than an hour. (Prior seasons had the occasional shorter 35- to 45-minute episode, and episodes only rarely ran past one hour.) Because the main characters have been split up, three distinct storylines must be woven together, prompting the Duffer brothers to call S4 their "Game of Thrones season." The sheer length of the run times prompted the brothers (with the concurrence of Netflix) to release S4 in two installments.
(read more)
Mixed reality — It's a complicated tale of processors, base stations, politics, and Jony Ive. Enlarge / Jony Ive speaks onstage during the 2017 New Yorker TechFest in New York City. A series of reports in The Information paint a detailed picture of progression, politics, and problems facing Apple's plan to develop a virtual, augmented, or mixed reality headset since the initiative picked up steam back in 2015. Citing several people familiar with the product, including some who worked on it directly, the reports describe a contest of wills over the direction of the device. The standoff was between Apple's mixed reality product team (called the "Technology Development Group") and famed Apple designer Jony Ive and his industrial design team. The report sheds light on Apple's direction for the device, which Bloomberg recently reported is nearing launch. They also claim that Apple CEO Tim Cook has been relatively hands-off from the product compared to others like the iPhone, and that the Technology Development Group's location in a separate office from the main Apple headquarters has been a source of problems and frustration. The Information's sources say that Apple's mixed reality efforts began almost accidentally when the company purchased a German AR startup called Metaio to use some of its technology on Project Titan, its self-driving car project. Another key moment was when Apple hired the AR/VR project team leader, Mike Rockwell, away from Dolby Laboratories. Starting in 2015, Rockwell built a team that included Metaio co-founder Peter Meier and Apple Watch manager, Fletcher Rothkopf. In 2016, several AR demos were shown to members of Apple's board. In one, a tiny triceratops grew to lifesize before the board members' eyes. In another, a room was transformed into an immersive, leafy environment. But the board was not Rockwell and the company's most significant barrier. According to The Information, it was Ive, who oversaw both the industrial design and human interface teams at Apple.
(read more)
Schema.org is a collaborative, community activity with a mission to create, maintain, and promote schemas for structured data on the Internet, on web pages, in email messages, and beyond. Schema.org vocabulary can be used with many different encodings, including RDFa, Microdata and JSON-LD. These vocabularies cover entities, relationships between entities and actions, and can easily be extended through a well-documented extension model. Over 10 million sites use
(read more)
IEEE Account Change Username/Password Update Address Purchase Details Payment Options Order History View Purchased Documents Profile Information Communications Preferences Profession and Education Technical Interests Need Help? US & Canada: +1 800 678 4333 Worldwide: +1 732 981 0060 Contact & Support
(read more)
unprecedented photorealism × deep level of language understanding unprecedented photorealism deep level of language understanding There are several ethical challenges facing text-to-image research broadly. We offer a more detailed exploration of these challenges in our paper and offer a summarized version here. First, downstream applications of text-to-image models are varied and may impact society in complex ways. The potential risks of misuse raise concerns regarding responsible open-sourcing of code and demos. At this time we have decided not to release code or a public demo. In future work we will explore a framework for responsible externalization that balances the value of external auditing with the risks of unrestricted open-access. Second, the data requirements of text-to-image models have led researchers to rely heavily on large, mostly uncurated, web-scraped datasets. While this approach has enabled rapid algorithmic advances in recent years, datasets of this nature often reflect social stereotypes, oppressive viewpoints, and derogatory, or otherwise harmful, associations to marginalized identity groups. While a subset of our training data was filtered to removed noise and undesirable content, such as pornographic imagery and toxic language, we also utilized LAION-400M dataset which is known to contain a wide range of inappropriate content including pornographic imagery, racist slurs, and harmful social stereotypes. Imagen relies on text encoders trained on uncurated web-scale data, and thus inherits the social biases and limitations of large language models. As such, there is a risk that Imagen has encoded harmful stereotypes and representations, which guides our decision to not release Imagen for public use without further safeguards in place. Finally, while there has been extensive work auditing image-to-text and image labeling models for forms of social bias, there has been comparatively less work on social bias evaluation methods for text-to-image models. A conceptual vocabulary around potential harms of text-to-image models and established metrics of evaluation are an essential component of establishing responsible model release practices. While we leave an in-depth empirical analysis of social and cultural biases to future work, our small scale internal a
(read more)
If you’ve ever worked with multi-cell rechargeable battery packs, you know that the individual cells will eventually become imbalanced. To keep the pack working optimally, each cell needs to be analyzed and charged individually — which is why RC style battery packs have a dedicated balance connector. So if you know it, and we know it, why doesn’t Dyson know it? It’s that question which inspired [tinfever] to start work on the FU-Dyson-BMS project. As you might have surmised from the name, [tinfever] believes that Dyson has intentionally engineered their V6 and V7 batteries to fail by not using the cell balancing function of the onboard ISL94208 battery management IC. What’s worse, once the cells get as little as 300 mV out of balance, the controller considers the entire pack to be shot and will no longer allow it to be charged. These missing resistors deserve justice. Or at least, that’s what used to happen. With the replacement firmware [tinfever] has developed, the pack’s battery management system (BMS) will ignore imbalanced cells so you can continue to use the pack (albeit at a reduced capacity). Of course the ideal solution would have been to enable cell balancing on the ISL94208, but unfortunately Dyson didn’t include the necessary resistors on the PCB. Though it’s worth noting that earlier versions of the board did have unpopulated spots for them, lending some credence to the idea that their omission was intentional on Dyson’s part. But not everyone is onboard with the conspiracy theory. Over on the EEVBlog forums, some users pointed out that a poorly implemented cell balancing routine can be more problematic than not having one at all.
(read more)
2022-05-02: I have started rewriting this article for improved style, reduced snark, more accurate information and I also added a new section about control flow that should be easier to digest and better expresses my thoughts on the topic. The section about memory has been removed and will reappear as another entry to appear later. You probably heard of SPIR-V. Otherwise, SPIR-V is a binary format for writing programs that run on the GPU, and it is designed to be consumed by OpenCL and Vulkan. As well as those two, OpenGL 4.6 added support for SPIR-V shaders, and WebGPU’s WGSL is essentially a close cousin. In the case of Vulkan specifically, SPIR-V replaces GLSL as the default way to feed code to the GPU. GLSL is a human-readable programming language with a lot of syntactic forms that needs to be parsed correctly, and it has been a steady source of implementation bugs, runtime overhead and intellectual property concerns (as you essentially ship the source of every shader in your app!). SPIR-V, much like Vulkan itself, trades API surface area for dramatically less driver complexity: by offering an intermediate language for feeding the driver, you put all the complexity and risk of bugs when implementing the high level language outside of the driver. This is -IMO- an unquestionable upgrade. We can now genuinely expect shaders to “just work” on another vendor. We can use any shading language we want, or make up our own, or even implement our
(read more)
Corsair Voyager a1600 — Like a soft-touch macro keyboard. Corsair Apple ditched capacitive touch strips along the top of its MacBook Pro decks last year, giving Corsair plenty of room to sail-in a similar input bar. Corsair seems to think it has found a fitting use for the design, incorporating it into its first laptop, which it built with a heavy focus on streaming. Corsair has made a name for itself in gaming desktops, but the Corsair Voyager a1600 AMD Advantage Edition announced today marks the first foray for the gaming brand, also known for PC peripherals and DIY components, into Corsair-brand laptops. The move comes about two years after it acquired boutique PC-maker Origin. Enlarge / Corsair's Voyager a1600 laptop will start at $2,700. Corsair In its announcement, Corsair said the 16-inch clamshell is made for the "aspiring content creator, avid gamer, or a full-time streamer." Thus, it's equipped with a 1080p resolution webcam with a physical shutter flanked by four microphones with ambient noise cancellation and a colorful "macro bar with center LCD display" as well as a colorful, programmable soft-touch keyboard. The bar has 10 keys for programming oft-used features of the Elgato Stream Deck software, which Corsair also owns via acquisition. One-touch access to things like switching scenes, adjusting volume levels, or launching media or a gaming macro can be a lifesaver in the stressful world of live video, and the laptop even makes the controls usable if the clamshell is shut. Elgato Stream Deck's versatility also means you could find use for these buttons outside of the streaming world, such as controlling smart bulbs, taking a screenshot, opening an app, or controlling Zoom. Just don't forget which number key is for which function. Enlarge / The laptop will weigh 5.29 lbs, Corsair said.Corsair Hard to miss is the bar's bright battery meter. It provides a clear read on battery status; although, with this being a power-hungry gaming laptop, you'll likely have it plugged in when doing anything serious like streaming or gaming. Corsair's Voyager a1600 joins the Dell XPS 13 Plus in reviving touch bars atop keyboards, à la Apple. Corsair takes a more niche approach, focusing on the new age of livestreamers and gamers open to flashy, potentially trendy, technology and who may already make use of things like the Elgato Stream Deck hardware or macro keypads. Corsair also isn't forcing the touch bar on a beloved product. There is, perhaps, broader appeal in the Voyager a1600's integrated wireless receiver. It's like having a wireless Corsair dongle built into the laptop, meaning up to three peripherals using Corsair's Slipstream-branded wireless USB-A dongle technology to work without a dongle. This requires greater commitment to the Corsair ecosystem than most have but is still a novel concept I'd love to see broadened—especially if Corsair successfully executes it without dist
(read more)
A large number of servers running the Kubernetes API have been left exposed to the internet, which is not great: they're potentially vulnerable to abuse. Nonprofit security organization The Shadowserver Foundation recently scanned 454,729 systems hosting the popular open-source platform for managing and orchestrating containers, finding that more than 381,645 – or about 84 percent – are accessible via the internet to varying degrees thus providing a cracked door into a corporate network. "While this does not mean that these instances are fully open or vulnerable to an attack, it is likely that this level of access was not intended and these instances are an unnecessarily exposed attack surface," Shadowserver's team stressed in a write-up. "They also allow for information leakage on version and build." That said, enterprises shouldn't downplay the risk that such exposed Kubernetes API servers represent, according to Erfan Shadabi, head of market for data security firm comforte AG. "Kubernetes growth is unstoppable, and while it provides massive benefits to enterprises for agile app delivery, there are a few characteristics that make it an ideal attack target for exploitation," Shadabi told The Register. "For instance, as a result of having many containers, Kubernetes has a large attack surface that could be exploited if not pre-emptively secured, so it is not a surprise that The Shadowserver Foundation's scan found so many vulnerabilities." What's most concerning is that the data security capabilities built into Kubernetes meet the bare minimum standards, with protection for data at rest and data in motion, but "no persistent protection of data itself, for example, using industry accepted techniques like field-level tokenization," Shadabi said. "If an ecosystem is compromised, it's only a matter of time before the sensitive data being processed by it succumbs to a more insidious attack. Organizations that use containers and Kubernetes in their production environments must take Kubernetes security very seriously." Kubernetes was developed by Google almost a decade ago and is now the most popular tool for managing containers both on premises and in the public cloud, with such vendors as Red Hat (OpenShift), VMware (Tanzu), and SUSE (Rancher) selling commercial versions. Almost 50 percent of organizations worldwide have adopted Kubernetes in some form as of 2021, according to market research firm Statista. How to find NPM dependencies vulnerable to account hijacking Microsoft sounds the alarm on – wait for it – a Linux botnet South Korean and US presidents gang up on North Korea's cyber-offensives Conti: Russian-backed rulers of Costa Rican hacktocracy? Shadowserver scanned for accessible Kubernetes API instances that responded with 200 OK, listing in its report almost two dozen instances that came back with that response. The group also disclosed the five most-accessible platforms. The researchers also noted that almost 53 percent of the accessible instances – 201,348 Kubernetes API servers – were located in the United States. Open-source systems are an increasingly popular target for th
(read more)
Enlarge / AMD's Ryzen 7000 chips are due out in the next few months.AMD AMD first teased its upcoming Ryzen 7000-series CPUs and its new Zen 4 CPU architecture at CES in January. The company said that the chips would use the new AM5 CPU socket, that they would be built on a 5 nm manufacturing process from TSMC, and that they would be available this fall. None of those facts has changed, and AMD still hasn't announced pricing or more specific availability info for the new chips. But at its Computex keynote this week, AMD revealed a few additional details about the Ryzen 7000 processors and the motherboards and chipsets that will suppo
(read more)
While the US Supreme Court considers an emergency petition to reinstate a preliminary injunction against Texas' social media law HB 20, the US Eleventh Circuit Court of Appeals on Monday partially up
(read more)
Four years ago, I wrote a blog post titled Minimalism in Programming, in which I tried to formulate an argument as to why it’s usually a good idea to try to minimize complexity in your programming projects. Today, I want to write about something I’ve been thinking about for a long time, which is the idea that we also ought to take a more intentionally minimalistic philosophy when designing programming languages. Designing a programming language to be intentionally minimalistic is an idea that’s highly underrated in my opinion. Most modern programming languages adopt much more of a maximalist design approach. Rapidly adding new features is seen as a competitive edge over other
(read more)
How to Make Automatic Supercuts I’ve been working on some long-needed updates to Videogrep, my command-line tool that automatically generates supercuts. These updates were motivated in
(read more)