Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

GitHub Actions Policy Bypass: A Trivial Circumvention of Seemingly Secure Policies

2025-06-11

GitHub Actions provides a policy mechanism to restrict the actions and reusable workflows usable within a repository, organization, or enterprise. However, this mechanism is easily bypassed. By cloning the action repository into the runner's filesystem and then using a local path reference to run the same action, the policy is trivially circumvented. This renders the seemingly secure policy ineffective. The author urges GitHub to address this vulnerability to prevent developers from mistakenly believing the policies provide a security boundary that doesn't exist.

Read more
(blog.yossarian.net)
Development Policy Bypass

Square Theory: A Unified Framework for Crossword Puzzles, Branding, and Jokes

2025-05-27
Square Theory: A Unified Framework for Crossword Puzzles, Branding, and Jokes

The story begins in Crosscord, a Discord server for crossword enthusiasts. A phenomenon called "double doubles," pairs of word pairs with interesting relationships (like synonyms), emerged, exhibiting a 'square' structure. This structure isn't limited to crosswords; it's found in branding, jokes, and even research paper titles. The author calls it "square theory," arguing that the closure and coincidental nature of this structure make it inherently compelling. The theory illuminates successful crossword themes, brand names, and the structure of clever jokes, highlighting the satisfying feeling of completion inherent in this square arrangement.

Read more
(aaronson.org)
Game Square Theory Crossword Puzzles

33 Malicious Chrome Extensions Stole Data From 2.6 Million Devices

2025-01-03
33 Malicious Chrome Extensions Stole Data From 2.6 Million Devices

Researchers discovered at least 33 Chrome extensions secretly siphoning sensitive data, including browser cookies and login credentials for Facebook and ChatGPT, from roughly 2.6 million devices over the past 18 months. Attackers used spear-phishing emails to exploit OAuth vulnerabilities and upload malicious extension versions to the Chrome Web Store. The compromised extensions spanned various categories, with some malicious versions persisting for months. Users are urged to check for these malicious extensions and change passwords immediately.

Read more
(arstechnica.com)
Tech malware

AI Startups: A New Era of Hypergrowth

2025-06-07
AI Startups: A New Era of Hypergrowth

The generative AI era has redefined startup growth. Data reveals median enterprise AI companies achieving over $2M ARR in their first year, with consumer AI companies surpassing $4.2M. This surpasses previous benchmarks and reflects strong user demand. However, this rapid growth also widens the gap between 'good' and 'exceptional' companies, emphasizing the continued importance of metrics like user retention and engagement. Surprisingly, consumer AI companies, often fueled by model updates causing revenue spikes, are outpacing B2B counterparts in revenue. The conclusion? It's a prime time to build application-layer software companies.

Read more
(a16z.com)
Startup rapid growth application-layer software

Run Python in Your Browser Effortlessly with WebAssembly

2025-01-08

Run Python code directly in your browser using the power of WebAssembly! This post details how Pyodide, an open-source project, enables running Python in the browser. The author successfully ported MarkItDown, a Python program converting Office files to Markdown, to a browser-based tool. Pyodide supports nearly all Python syntax and many popular packages, offering a robust JavaScript/Python interoperability interface. Overcoming file transfer and dependency installation challenges, the author created a fully functional browser-based MarkItDown tool, highlighting WebAssembly's transformative potential for browser-based applications.

Read more
(kai.bi)
Development

Critical Flaws in US Water Infrastructure Patched After Joint EPA & Manufacturer Effort

2025-06-10
Critical Flaws in US Water Infrastructure Patched After Joint EPA & Manufacturer Effort

Researchers discovered nearly 400 exposed US water systems vulnerable on the internet. They contacted both the software manufacturer and the EPA. The EPA swiftly responded, prioritizing over 300 unauthenticated systems and achieving a 24% remediation rate within nine days. A month later, 58% of vulnerable systems were secured, and the manufacturer enhanced security measures, including multi-factor authentication.

Read more
(censys.com)
Tech water infrastructure

DuckLake: Lightweight Data Lake and Catalog in One

2025-05-27
DuckLake: Lightweight Data Lake and Catalog in One

DuckLake offers a lightweight, all-in-one solution for building a data lake and catalog. It enables a 'multiplayer DuckDB' setup with multiple DuckDB instances reading and writing the same dataset—a concurrency model not supported by standard DuckDB. Even if you only use DuckDB for your DuckLake entry point and catalog database, you still benefit from features like time-travel queries, data partitioning, and storing data across multiple files instead of a single, potentially huge, database file.

Read more
(ducklake.select)
Development data lake

Beyond Frameworks: Mastering Frontend Development Requires Understanding the Fundamentals

2025-03-02
Beyond Frameworks: Mastering Frontend Development Requires Understanding the Fundamentals

Numerous articles advise developers against over-reliance on frameworks, advocating for a deep understanding of underlying languages. However, the real reason isn't the fleeting nature of frameworks; it's this: you can't master frontend development without understanding the underlying mechanisms. Modern frontend stacks often involve frameworks like React and numerous intermediary layers, with CSS applied indirectly via JavaScript tools. While these tools offer convenience, understanding the browser ecosystem makes debugging JavaScript and CSS errors, writing custom CSS, and understanding client-side browser errors significantly easier. The author shares anecdotes illustrating how seemingly complex frontend issues—multicolored footers, custom icons, and webfont optimization—are easily resolved with solid CSS and JavaScript knowledge, avoiding bloated npm dependencies. While most developers write excellent React and TypeScript code, few can judge CSS code quality, impacting website performance. Mastering browser and network fundamentals is crucial for building robust, maintainable applications and rapidly resolving incidents. Ultimately, deep language proficiency is key to becoming a senior frontend engineer.

Read more
(helloanselm.com)
Development frontend development

Phantom Time: When Centuries Vanish

2025-02-03

From questioning Shakespeare's authorship to doubting the existence of entire historical periods, conspiracy theories about history abound. 17th-century French priest Jean Hardouin took this to an extreme, claiming nearly all books before 1300 AD were forgeries, including the Gospels and most Greco-Roman literature. This sparked ongoing debates about historical truth, with some scholars even proposing entire centuries, such as 614-911 AD, were fabricated. The article explores the roots of these 'phantom time' theories and their potential dangers to historical research and societal understanding.

Read more
(www.historytoday.com)
Misc conspiracy theory phantom time

Escaping AWS: How a Danish Firm Slashed Cloud Costs by 90% While Maintaining ISO 27001

2025-06-21
Escaping AWS: How a Danish Firm Slashed Cloud Costs by 90% While Maintaining ISO 27001

A Danish workforce management company successfully migrated away from AWS, reducing its cloud costs by 90%. Facing compliance concerns and high expenses with US cloud providers, they switched to European providers like Hetzner and OVHcloud. By leveraging infrastructure-as-code with Ansible, Prometheus/Grafana/Loki for monitoring, and a security-by-design approach, they not only cut costs but also enhanced data sovereignty and security compliance. They also used their European hosting as a sales tool, strengthening brand trust.

Read more
(medium.com)
Tech

LegoGPT: Building Stable LEGO Models from Text Prompts

2025-05-09

Researchers have developed LegoGPT, an AI model that generates physically stable LEGO brick models from text prompts. Trained on a massive dataset of over 47,000 LEGO structures encompassing over 28,000 unique 3D objects and detailed captions, LegoGPT predicts the next brick to add using next-token prediction. To ensure stability, it incorporates an efficient validity check and physics-aware rollback during inference. Experiments show LegoGPT produces stable, diverse, and aesthetically pleasing LEGO designs closely aligned with the input text. A text-based texturing method generates colored and textured designs. The models can be assembled manually or by robotic arms. The dataset, code, and models are publicly released.

Read more
(avalovelace1.github.io)
AI Generative Model

NASA Plans Deep Dive into Near-Earth Asteroid Apophis

2025-06-30
NASA Plans Deep Dive into Near-Earth Asteroid Apophis

Following the success of the DART mission, NASA plans a follow-up mission to the near-Earth asteroid Apophis. Apophis, approximately 370 meters in diameter, will make a close approach to Earth on April 13, 2029, offering scientists a rare opportunity to study its internal structure. This close flyby will see Apophis perturbed by Earth's gravity, altering its shape; observing its response will reveal its internal composition, crucial information for future asteroid threat mitigation. NASA's OSIRIS-REx spacecraft has had its mission extended to rendezvous with and study Apophis.

Read more
(arstechnica.com)
Tech

Solar and Wind Power Dominate US Electricity Generation Growth

2025-08-24
Solar and Wind Power Dominate US Electricity Generation Growth

Solar and wind power accounted for nearly 91% of new US electricity generating capacity added in the first five months of 2025. Solar has been the leading source of new capacity for 21 consecutive months. FERC forecasts show solar capacity is poised to surpass coal and wind within two years, becoming the second largest source after natural gas. The rapid growth of renewables is displacing coal and nuclear power, and closing the gap with natural gas.

Read more
(electrek.co)
Tech

US Sanctions Funnull, a CDN Powering Pig Butchering Scams

2025-05-30

The US Treasury Department sanctioned Funnull Technology Inc., a Philippines-based company providing infrastructure for hundreds of thousands of websites involved in “pig butchering” cryptocurrency scams. These scams lure victims into fraudulent investment platforms, resulting in over $200 million in US losses. Funnull routed traffic through US cloud providers, masking its criminal activity. The sanctions highlight the ongoing fight against transnational cybercrime and the challenges in combating sophisticated scams. The article also mentions EU sanctions against Stark Industries Solutions, another company facilitating Russian cyberattacks, underscoring the global nature of this problem.

Read more
(krebsonsecurity.com)
Tech

Will This Linux Server Security Guide Protect You From Hackers?

2025-08-01
Will This Linux Server Security Guide Protect You From Hackers?

This comprehensive guide details how to secure your Linux server against malicious attacks. It covers everything from choosing a secure Linux distribution to configuring firewalls and intrusion detection/prevention systems (like Fail2Ban and CrowdSec), and provides Ansible playbooks to automate many security steps. The guide also touches on advanced topics like using SSH keys, two-factor authentication, and kernel sysctl hardening, while cautioning readers about the risks involved in these steps. It's a living document intended to be a comprehensive resource for Linux server security.

Read more
(github.com)
Development Server Security

International Homicide: Tech Forensics Uncovers Hidden Truth

2025-07-21

A baffling missing person case morphed into a gripping international homicide investigation. A lawyer, through meticulous technical investigation, particularly analyzing the IP address and timestamps of a crucial "proof of life" email, along with corroborating witness testimony and diverse evidence, ultimately exposed the husband's culpability in his wife's murder. This case powerfully demonstrates the importance of digital evidence in modern criminal investigations and highlights the necessity of international cooperation in combating crime.

Read more
(www.andrewwatters.com)
Tech Tech Forensics International Case Digital Forensics

Gen Z's Gaming Spending Plummets: A Warning Sign for the Industry?

2025-07-02
Gen Z's Gaming Spending Plummets: A Warning Sign for the Industry?

New data reveals a significant drop in video game spending among 18-24 year-olds in the US. April saw a nearly 25% decrease compared to last year, part of a broader trend of reduced spending across various categories. This downturn, attributed to economic uncertainty, a tighter job market, and resuming student loan payments, contrasts with stable spending among older demographics. This presents a serious challenge for the games industry already grappling with layoffs and slowing revenue growth, highlighting the vulnerability of traditional game models compared to the continued success of free-to-play giants like Roblox.

Read more
(www.gamespot.com)
Game Gaming Market Economic Impact Gen Z Spending

High-Performance Dynamic Dispatch with GLIBC hwcaps

2025-07-16

This article demonstrates how to leverage GLIBC 2.33+ hwcaps for simple dynamic dispatch in amd64 and POWER shared libraries. By creating library files for different CPU instruction sets (e.g., x86-64-v4, x86-64-v3, etc.) under `/usr/lib/glibc-hwcaps/`, the dynamic linker automatically loads the corresponding library based on the highest instruction set supported by the CPU, optimizing performance. This solves the challenge of maintaining consistent library performance across different CPU architectures, as demonstrated in the Debian packaging of the ggml library used by llama.cpp and whisper.cpp.

Read more
(www.kvr.at)
Development dynamic dispatch

pipask: Secure Python Package Installation

2025-05-03
pipask: Secure Python Package Installation

pipask is a safer alternative to pip, adding security checks before installing Python packages. It prioritizes using PyPI metadata, avoiding downloading and executing code whenever possible. If third-party code execution is necessary, pipask asks for user consent. After performing checks, including repository popularity, package age, known vulnerabilities, PyPI download counts, and metadata verification, it presents a formatted report and requests approval. Upon approval, it hands off installation to standard pip.

Read more
(github.com)
Development

Comet: The Curiosity-Powered Browser That Reimagines the Web

2025-07-12
Comet: The Curiosity-Powered Browser That Reimagines the Web

Comet is a revolutionary browser designed to fuel curiosity. It consolidates all your tabs and tasks into a streamlined workspace, empowering you to explore the web like never before. More than just a browser, Comet acts as a thinking partner, connecting ideas, boosting productivity, and turning wonder into action. It learns your thinking style, collaborates on research, and keeps your digital life organized, ensuring you stay focused and never lose track of your work. Comet allows you to quickly understand any webpage, in any language, anytime, maximizing the potential of your curiosity.

Read more
(comet.perplexity.ai)
Tech

65-Year-Old Math Mystery Solved: Dimension 126 Hosts Weird Shapes

2025-05-05
65-Year-Old Math Mystery Solved: Dimension 126 Hosts Weird Shapes

After 65 years, mathematicians have finally proven the existence of strangely twisted shapes in dimension 126, shapes that cannot be transformed into a sphere through a simple surgical procedure. This research reveals the bizarre nature of shapes in higher dimensions and solves the long-standing "doomsday hypothesis." The team used a combination of computer calculations and theoretical insights to complete this monumental project.

Read more
(www.quantamagazine.org)
Math higher dimensions mathematical problem

Statically Linking Go Executables with CGO and Zig

2025-03-28

This post demonstrates building a statically linked Go executable that utilizes CGO dependencies via Zig. The author creates a Zig static library, then writes a simple Go program to call a function within it. By employing specific `go build` flags and leveraging Zig's build system, a statically linked executable, free from dynamic library dependencies, is successfully created, enhancing portability and security.

Read more
(calabro.io)
Development static linking

Elon Musk's Former Friend Calls Him a 'Miserable Self-Loathing Poser'

2025-01-29
Elon Musk's Former Friend Calls Him a 'Miserable Self-Loathing Poser'

Philip Low, a neuroscientist and former collaborator of Elon Musk, penned a scathing open letter accusing Musk of calculated political maneuvering and personal vendettas. Low alleges Musk's two Nazi salutes at Trump's inauguration were intentional power plays, fueled by a desire to control the far-right and potentially stemming from jealousy over his ex-wife's interactions with Low. The letter details a fractured relationship, claims of Musk attempting to manipulate NeuroVigil's stock (Low's company), and suggests Musk's creation of Neuralink was partly motivated by competition with NeuroVigil. Musk has yet to publicly respond to these serious accusations.

Read more
(www.lonestarlive.com)
Tech

Kindle Comic Converter: Optimize Comics for eInk Readers

2025-05-07
Kindle Comic Converter: Optimize Comics for eInk Readers

Kindle Comic Converter (KCC) is a powerful tool for optimizing comics and manga for eInk readers like Kindle, Kobo, and Remarkable. It removes margins, supports fixed layouts, and employs various image processing steps to ensure optimal viewing on eInk screens. KCC supports multiple input (folders/CBZ/CBR/PDF, etc.) and output (MOBI/AZW3/EPUB/KEPUB/CBZ, etc.) formats and optimizes file size based on device resolution for improved performance on less powerful ereaders. The software offers a range of options and customization for both casual and advanced users.

Read more
(github.com)
Development comics

AirPods Max USB-C Gets Lossless Audio, But Is Apple Overhyping It?

2025-03-26
AirPods Max USB-C Gets Lossless Audio, But Is Apple Overhyping It?

Apple announced that AirPods Max (USB-C) will gain support for lossless audio and ultra-low latency audio via a firmware update next month, alongside iOS 18.4, iPadOS 18.4, and macOS 15.4. However, Apple's own support documents claim that AAC audio is already virtually indistinguishable from original studio recordings, contradicting marketing chief Greg Joswiak's claim of an "ultimate" audio upgrade. While the improvement from lossless audio alone is minimal, the combination with ultra-low latency will make AirPods Max the only headphones allowing musicians to create and mix in Personalized Spatial Audio with head tracking.

Read more
(www.macrumors.com)
Hardware Lossless Audio Ultra-Low Latency Audio

AppGoblin Uncovers Mystery Ad Domains: A Deep Dive into Mobile Game Advertising

2025-08-28

AppGoblin analyzed over 40,000 apps, tracking millions of API calls and thousands of advertising domains. Many domains lacked landing pages, leaving their owners a mystery. Through IP address analysis, API keys, and SDKs, AppGoblin identified the companies behind these domains, including Bigo Ads, BidMachine, and Unity. `lazybumblebee.com` likely belongs to BidMachine for app mediation; `news-cdn.site`, `kickoffo.site`, `onegg.site`, and `acobt.tech` are linked to Bigo Ads. This research sheds light on the complex domain network and data tracking mechanisms in the mobile game advertising ecosystem.

Read more
(jamesoclaire.com)
Game domain analysis

Ice's Shocking Secret: Bending Generates Electricity, Potentially Explaining Lightning

2025-09-17
Ice's Shocking Secret: Bending Generates Electricity, Potentially Explaining Lightning

A study published in Nature Physics reveals that ordinary ice is a flexoelectric material, generating electricity when bent. This discovery could revolutionize electronics and potentially explain the formation of lightning. Researchers found that ice produces electric charge in response to mechanical stress at all temperatures, with a ferroelectric layer on its surface at low temperatures. This offers two mechanisms for ice's electricity generation. This groundbreaking research puts ice on par with advanced electroceramics like titanium dioxide and paves the way for new electronic devices using ice as an active material.

Read more
(phys.org)
Tech ice flexoelectricity

PIN AI: Your Personal AI, Under Your Control

2025-02-15
PIN AI: Your Personal AI, Under Your Control

PIN AI is a decentralized personal AI app that runs directly on your smartphone, challenging big tech's dominance over user data. Unlike cloud-based AI, PIN AI keeps your AI model on your device, ensuring privacy and customization. You own your data and control how your AI learns. Boasting over 2 million alpha users and backed by investors like a16z Crypto, PIN AI aims to create a user-centric AI ecosystem, empowering individuals to own and control their AI assistants, much like Iron Man's J.A.R.V.I.S.

Read more
(venturebeat.com)
AI decentralized AI personal AI

Rust Dependencies: A 3.6 Million Line Code Nightmare

2025-05-09

The author loves Rust, but its dependency management is causing concern. A simple web server project, after depending on several crates, ballooned to 3.6 million lines of code, mostly from dependencies. This raises concerns about code auditing and dependency maintenance. The author tried code counting and vendoring, but the problem persists. The article explores the challenges of Rust's dependency management and how to balance performance, safety, and code size.

Read more
(vincents.dev)
Development code size

Ryanair Faces GDPR Complaint Over Mandatory Face Scans

2024-12-19
Ryanair Faces GDPR Complaint Over Mandatory Face Scans

The privacy advocacy group noyb filed a GDPR complaint against Ryanair for forcing users to create accounts and undergo invasive biometric verification, including face scans, during the booking process. This practice, allegedly aimed at preventing online travel agencies from bulk purchasing tickets, violates GDPR principles of data minimization, purpose limitation, and consent. Ryanair is accused of prioritizing competitive advantage over user privacy.

Read more
(noyb.eu)
Misc biometrics
1 2 240 241 242 244 246 247 248 596 597