Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

API Request Signing: Pitfalls and Best Practices

2025-02-09

This article delves into the security challenges of API request signing, particularly the difficulties of signing JSON objects. The author points out that while simple HMAC signing is secure, signing directly within the JSON object can lead to various issues, such as multiple equivalent representations of JSON resulting in signature validation failures. The article compares and analyzes various signing methods, including canonicalizing JSON, adding redundant signature data, and using alternative formats. Examples from AWS and Flickr's signing schemes illustrate the security risks of flawed implementations. Ultimately, the author recommends prioritizing TLS and avoiding inline JSON signing, opting instead for external signing to ensure API request security.

Read more
(www.latacora.com)
Development API Security JSON Signing

H-Nets: A Hierarchical Network Architecture That Outperforms Transformers

2025-07-16
H-Nets: A Hierarchical Network Architecture That Outperforms Transformers

Current AI architectures treat all inputs equally, failing to leverage the inherent hierarchical nature of information. This limits their ability to learn from high-resolution raw data. Researchers introduce H-Nets, a novel architecture that natively models hierarchy directly from raw data. H-Nets' core is a dynamic chunking mechanism that segments and compresses raw data into meaningful concepts. Experiments show H-Nets outperform state-of-the-art Transformers in language modeling, exhibiting improved scalability and robustness, offering a promising path towards multimodal understanding, long-context reasoning, and efficient training and inference.

Read more
(cartesia.ai)
AI Hierarchical Networks

arXivLabs: Experimenting with Community-Driven Features

2025-03-03
arXivLabs: Experimenting with Community-Driven Features

arXivLabs is an experimental framework enabling collaborators to develop and share new arXiv features directly on the website. Participants, individuals and organizations alike, embrace arXiv's values of openness, community, excellence, and user data privacy. arXiv is committed to these values and only partners with those who share them. Have an idea to enhance the arXiv community? Learn more about arXivLabs.

Read more
(arxiv.org)
Development

Blazing Fast Mandelbrot on a Homemade 8-bit CPU

2025-06-27
Blazing Fast Mandelbrot on a Homemade 8-bit CPU

A team successfully rendered a Mandelbrot set on their custom-built 8-bit PJ5 CPU, achieving surprisingly fast results—under 3 seconds! This speed is attributed to 16 registers, single-cycle instructions, and a hardware 8x8 multiplier. They're also developing a fast ROM board to replace the current FPGA and plan to improve the display, audio, and input devices. 18 months of work culminates in this impressive feat.

Read more
(pj5cpu.wordpress.com)
Hardware 8-bit CPU Mandelbrot Set

Ethiopian Solo Founder Builds Viral Auth Tool, Secures $5M Seed Round

2025-06-26
Ethiopian Solo Founder Builds Viral Auth Tool, Secures $5M Seed Round

Bereket Engida, a self-taught programmer from Ethiopia, has quietly built Better Auth, an open-source authentication framework lauded by developers as the best they've ever used. This solo founder's startup recently raised $5 million in seed funding. Better Auth addresses limitations in existing tools, offering flexibility and on-premise data storage, appealing to AI startups and others concerned about data security. Boasting 150,000+ weekly downloads and 15,000+ GitHub stars, Better Auth is a testament to Engida's skill and a source of inspiration for aspiring African founders.

Read more
(techcrunch.com)
Development African founder

Greenland: A Newly Crucial Arctic Strategic Location

2025-01-11
Greenland: A Newly Crucial Arctic Strategic Location

The Trump administration's growing interest in Greenland is no coincidence. The island's strategic importance has placed it at the center of a great power competition in the Arctic between the US, Russia, and China. The US maintains Pituffik Space Base in Greenland, a crucial military presence offering missile detection and space surveillance capabilities. However, climate change is melting Arctic ice, opening new shipping routes and resources, further increasing Greenland's strategic value and intensifying competition. The article reviews the history of US military presence in Greenland, including Cold War bases and nuclear accidents, and analyzes Greenland's role in future military strategy and its importance in Arctic shipping and resource contention.

Read more
(www.twz.com)
Tech Arctic strategy Greenland Military base

Open Source YouTube Translation Blocker

2025-07-01
Open Source YouTube Translation Blocker

This open-source YouTube add-on prevents automatic translation on YouTube. It keeps video titles and descriptions in their original language, defaults to the original audio track (including Shorts), and lets you choose your subtitle language (or disables them if unavailable; auto-generated subtitles are always ignored), ensuring an authentic viewing experience.

Read more
(addons.mozilla.org)
Development

Hoarder: Self-Hosted Web Archiving with AI-Powered Features

2025-03-16
Hoarder: Self-Hosted Web Archiving with AI-Powered Features

Hoarder is an open-source, self-hosted web archiving tool that lets you search, filter, and tag web content, storing full copies locally for offline access. It uses a headless Chrome instance for downloading and optionally integrates AI features (OpenAI or LiteLLM) for automatic tagging and summarization. Hoarder offers a web app and Android app, supporting full-text search, tag filtering, and RSS subscriptions. The author details Docker and Caddy setup, SingleFile integration, and migration from Linkding. Future enhancements include improved annotation, in-app mobile reading, ebook export, and a decentralized social future.

Read more
(brainsteam.co.uk)
Development

The Enshittification of the Internet: Policy Failure or Technical Glitch?

2025-05-28

Science fiction author Cory Doctorow's PyCon US 2025 keynote explored the 'enshittification' of internet platforms. He attributes this phenomenon to a three-stage strategy employed by tech companies to maximize profits: locking in users, degrading user experience to benefit business customers, and finally, extracting all value from the platform. Using Google as an example, he showed how 'twiddling' algorithms manipulate search results and ad placement, harming user interests. Doctorow argues that 'enshittification' isn't a technical issue, but stems from relaxed antitrust regulation and neglected privacy legislation. He calls for stronger antitrust measures, improved interoperability, enhanced privacy protections, and other steps to reverse this trend and build a 'new good internet'.

Read more
(lwn.net)
Tech

Max's Imagebin: A Testament to Simplicity

2025-07-03
Max's Imagebin: A Testament to Simplicity

This story recounts the tale of Max, a programmer, and his Imagebin, a 15-year-old PHP image upload script. Imagebin's code is remarkably simple, a mere 233 lines, mostly changelog. The author attempted a Go rewrite, only to find the codebase ballooned and readability suffered. This led to a reflection on the complexity of software design, highlighting the ease of maintenance provided by concise code. Max's Imagebin's longevity is attributed to this simplicity. Ultimately, the author decided to keep Max's code and stick with PHP.

Read more
(incoherency.co.uk)
Development

Apple Silicon's Speculative Execution: Performance Boost and Security Risks

2025-02-28
Apple Silicon's Speculative Execution: Performance Boost and Security Risks

Apple silicon chips employ out-of-order execution, Load Address Prediction (LAP), and Load Value Prediction (LVP) to boost performance. These techniques predict instruction execution order and memory access values for efficiency gains, but introduce security vulnerabilities like Spectre, SLAP, and FLOP. While exploiting these vulnerabilities is challenging and requires targeting specific CPU architectures, the risks may grow with future CPU advancements. Apple and other chipmakers need to proactively address these security challenges.

Read more
(eclecticlight.co)
Tech Speculative Execution

Forget Wishful Thinking: Finding Real Needs with the PULL Framework – A Harsh Startup Truth

2025-08-05
Forget Wishful Thinking: Finding Real Needs with the PULL Framework – A Harsh Startup Truth

Many entrepreneurs are misled by concepts like 'pain points' and 'market needs,' ultimately losing their way. This author proposes a framework called PULL, emphasizing finding users with urgent problems and insufficient existing solutions, rather than chasing vague desires. The author criticizes the ineffectiveness of 'discovery interviews,' advocating that founders get hands-on experience, immersing themselves in users' workflows to truly understand their needs. He stresses that only actual customer purchases validate assumptions, not relying on so-called 'design partners.' Finally, the author presents a three-step validation method: building a hypothesis using the PULL framework, talking to potential customers, and adjusting and repeating based on the results.

Read more
(howtogrow.substack.com)
Startup

AI-First? Tech CEOs' Groupthink and the Illusion of Productivity

2025-04-30
AI-First? Tech CEOs' Groupthink and the Illusion of Productivity

A recent trend among tech CEOs is the demand for an "AI-first" approach to work, mandating the use of AI tools across the board. The author challenges this, arguing that forcing AI adoption on employees already proficient in their tasks may hinder productivity. Using personal anecdotes, the author illustrates how AI is best suited to assist those lacking specific skills, not replace experts. The author suggests this "AI-first" push is more of a performative act among tech leaders, a way to signal belonging to a particular group, rather than a genuine productivity enhancer. A more effective approach, argues the author, would involve employee choice and a focus on the actual utility of AI tools.

Read more
(www.anildash.com)
Tech AI adoption

Ollama Launches Desktop App for Easier LLM Interaction

2025-07-31
Ollama Launches Desktop App for Easier LLM Interaction

Ollama has released a new desktop application for macOS and Windows, offering a more streamlined way to interact with large language models. The app supports drag-and-drop file uploads (text or PDFs), making it easier to process documents. Users can also increase context length in settings for larger files (requires more memory). Multimodal support allows sending images to compatible models like Google DeepMind's Gemma 3, and code files can be processed for understanding. A command-line interface version is also available.

Read more
(ollama.com)
Development

Passkeys: Convenience vs. Control – A Growing Concern

2025-09-02
Passkeys: Convenience vs. Control – A Growing Concern

The shift towards passkeys as a replacement for usernames and passwords, while aiming for enhanced security, presents underlying issues. The attestation system allows websites to gather detailed device information, enabling governments to restrict users to specific hardware authenticators. Interoperability between password managers is limited, creating vendor lock-in. Sneaky auto-enrollment tactics by services subtly bind users to their ecosystems. The author expresses concern over increasing reliance on tech giants and complex systems, potentially leading to restricted data access, heightened authentication complexity, and ultimately, a loss of user agency.

Read more
(lucumr.pocoo.org)
Tech

Mysterious Tablet with Unknown Script Unearthed in Georgia

2024-12-14

A basalt tablet inscribed with 60 enigmatic characters has been discovered near Lake Bashplemi in Georgia. The unique symbols, arranged in seven registers, bear partial resemblance to scripts from the Middle East, India, Egypt, and even West Iberia, but don't directly match any known writing system. Dating potentially to the Late Bronze or Early Iron Ages, its purpose remains a mystery, though theories include recording military spoils, construction projects, or religious offerings. The discovery suggests cultural exchange between the Caucasus and neighboring regions in antiquity.

Read more
(languagelog.ldc.upenn.edu)
Misc ancient script archaeological discovery Georgia

Indiana Jones Jailbreak Exposes LLM Vulnerabilities

2025-02-24
Indiana Jones Jailbreak Exposes LLM Vulnerabilities

Researchers have devised a new jailbreak technique, dubbed 'Indiana Jones,' that successfully bypasses the safety filters of large language models (LLMs). This method uses three coordinated LLMs to iteratively extract potentially harmful information, such as instructions on how to become historical villains, that should have been filtered. The researchers hope their findings will lead to safer LLMs through improved filtering, machine unlearning techniques, and other security enhancements.

Read more
(techxplore.com)
AI Security Vulnerabilities

Open Source Distilling: Bringing Tradition into the 21st Century

2025-06-06

This project aims to create the world's first open-source software for home distilling. The author, with 15 years of homebrewing and 5 years of distilling experience, plans to leverage the Raspberry Pi and Python to automate the distilling process, including temperature monitoring and alerts. Early development of hardware and software is complete, with ongoing updates planned; community contributions are welcome.

Read more
(opensourcedistilling.com)
Development distilling

pg_test_fsync: Benchmarking Disk Write Performance for Databases

2025-05-28

This article introduces `pg_test_fsync`, a tool for quickly benchmarking disk or cloud storage write performance, particularly useful for database WAL logs and other low-latency write workloads. The author tests a consumer-grade Samsung 990 Pro SSD and an enterprise-grade Micron 7400 SSD, revealing significantly faster synchronous write speeds on the enterprise SSD due to its controller DRAM cache and power-loss protection. `fdatasync` proves faster than `fsync` or `O_SYNC`, but even `fdatasync` takes 1.6 milliseconds for a single 8kB write. The article notes that multiple small writes degrade performance, suggesting batching writes for efficiency.

Read more
(tanelpoder.com)
Development

Improving Algorithms for Simplifying Geographic Polygons

2025-08-30

This article explores algorithms for simplifying geographic polygons, specifically their convex hulls. The current approach combines the Douglas-Peucker algorithm with polygon offsetting: the polygon is first offset outwards to eliminate details, then simplified using Douglas-Peucker, and finally offset inwards. However, this method isn't optimal for convex features. The author seeks more efficient algorithms to achieve higher-quality geometry at the same size or further reduce size without compromising quality.

Read more
(www.volkerkrause.eu)
Development Geometry Simplification

Chrome's AI-Powered History Search: Unlocking Your Browsing Past with Everyday Language

2025-03-02

Chrome introduces AI-powered history search, letting users find browsing history using natural language, even without precise keywords or URLs. Requires US location, English Chrome, being 18+, and a Google account. When enabled, visited page content is stored locally for AI matching. Users can disable it anytime in settings. Results include generated answer summaries and top matches (up to three). Google uses collected data to improve the feature, including safety and addressing large language model challenges.

Read more
(support.google.com)
Tech History Search

The Surprising Struggle with UTC Time Strings in C/C++

2025-01-19
The Surprising Struggle with UTC Time Strings in C/C++

This article delves into the complexities of converting UTC time strings to Unix timestamps in C/C++. The author uncovers unexpected behaviors in POSIX time handling functions across various C libraries and languages. The focus is on using `strptime()`, `mktime()`, and `timegm()`, highlighting issues with daylight saving time and locales. Solutions are provided, including using `timegm()` for UTC times and leveraging C++ streams to bypass locale problems. The article concludes by recommending more robust time handling libraries available in C++20 and later, such as Howard Hinnant's tz library.

Read more
(berthub.eu)
Development

Sixteen Colors: An Online Archive of ANSI/ASCII Artpacks

2025-07-27
Sixteen Colors: An Online Archive of ANSI/ASCII Artpacks

Sixteen Colors is an online archive preserving ANSI and ASCII artpacks, a form initially designed for text-mode computer consoles. Popularized in the early 90s with the rise of dial-up Bulletin Board Systems (BBSs), artists formed groups releasing monthly artpacks, sparking fierce competition (like between ACiD and iCE). The internet's rise in the late 90s diminished BBSs and the demand for ANSI/ASCII art, yet artists continue the tradition. Sixteen Colors aims to publicly archive this legacy. For more context, watch "THE ART OF WAREZ," a short film exploring the scene's origins.

Read more
(16colo.rs)
Design ANSI art

Improving Database Protocols: A Developer Experience Perspective

2025-04-05

This article discusses shortcomings in SQL database client protocols, specifically MySQL and PostgreSQL. The author points out issues with connection management, error recovery, and prepared statements, leading to increased development complexity. For example, mutable connection state makes error recovery difficult, while the session-scoped nature of prepared statements limits their use in connection pools. The author proposes improvements borrowing from the Redis protocol, such as an explicit configuration phase, idempotency keys, and globally scoped prepared statement identifiers. These changes would simplify development workflows and improve the reliability of database clients, resulting in a better developer experience and more user-friendly databases.

Read more
(byroot.github.io)
Development protocol

16th Century European Dinner Party Games: The Story of Painted Trenchers

2025-02-26
16th Century European Dinner Party Games: The Story of Painted Trenchers

Wooden roundels, or 'trenchers', were common at middling and well-to-do dinner parties in 16th-century Europe. Often painted red on one side, the other displayed images and inscriptions covering a wide range of topics: biblical verses, erotic tales, marriage advice, proverbs, depictions of the months' labors, memento mori, clashes of religious ideologies, peasant life, anti-papal sentiments, and current events. After dessert, guests would flip the trenchers, interpreting the images and text, revealing their knowledge, opinions, manners, and beliefs in a unique interactive performance.

Read more
(publicdomainreview.org)
Misc

Roblox Grow a Garden Optimizer: The Ultimate Plant Value Calculator

2025-07-09

Tired of manually calculating plant values in Roblox's Grow a Garden? This powerful calculator handles the heavy lifting! Accurately determine plant worth considering over 70 plant types, 30+ mutations, friend bonuses, weight, and more. Maximize your profits, optimize your garden, and make informed trading decisions with this essential tool. Includes a pet XP calculator and more advanced features for serious players.

Read more
(growagardencalculators.net)
Game Game Tool

Universal Rules Template for AI Coding Assistants: Supercharge Your Workflow

2025-06-18
Universal Rules Template for AI Coding Assistants: Supercharge Your Workflow

Tired of inconsistent AI behavior across different coding assistants? This template provides a robust, cross-platform framework to elevate your AI pair-programming experience. It leverages established software engineering principles and structured documentation to ensure consistent AI operation, deep project understanding, and optimal workflows across tools like Cursor, CLINE, RooCode, Windsurf, and GitHub Copilot. Move beyond simple prototypes and build sophisticated applications with AI partners that truly understand your project.

Read more
(github.com)
Development

Two Reports Highlight Knowledge Gaps and Best Practices for Open Source CRA Compliance

2025-03-22
Two Reports Highlight Knowledge Gaps and Best Practices for Open Source CRA Compliance

The Linux Foundation released two groundbreaking research reports exploring community-driven strategies to address open source security and the European Union’s Cyber Resilience Act (CRA). The first report analyzes how three Linux Foundation projects meet CRA minimum compliance requirements, sharing best practices. The second report reveals significant knowledge gaps within the open source ecosystem regarding CRA awareness, with many respondents unfamiliar with the act and lacking compliance readiness. The reports recommend manufacturers take a more active role in open source security, calling for increased funding and legal support to foster better security practices.

Read more
(www.linuxfoundation.org)
Development Cyber Resilience Act open source security CRA compliance cyber resilience

Llama 3 from Scratch: A Deep Dive TensorFlow Tutorial

2025-02-21
Llama 3 from Scratch: A Deep Dive TensorFlow Tutorial

This project is an enhanced version of naklecha/llama3-from-scratch, comprehensively improved and optimized to help understand and master the implementation principles and detailed reasoning process of the Llama 3 model. Core improvements include: reorganized content presentation, adjusted directory structure, detailed code annotations, complete matrix dimension change annotations, abundant principle explanations and derivations, an added KV-Cache derivation chapter, and bilingual (Chinese and English) documentation. The tutorial starts by loading model files and configuration files, then guides through text-to-embedding conversion, Transformer block construction, attention mechanism implementation, positional encoding (RoPE), RMS normalization, SwiGLU feed-forward network, and finally predicts the next token. It also explores top-k predictions, the impact of different token embeddings, and the principles and advantages of the KV-cache mechanism.

Read more
(github.com)
Development

A Canary's Lifeline: A Coal Mine Resuscitation Cage

2025-06-10
A Canary's Lifeline: A Coal Mine Resuscitation Cage

Lewis, an assistant curator at the Science and Industry Museum in Manchester, reveals his favorite artifact: a cage used to revive canaries poisoned by carbon monoxide in coal mines. This seemingly unassuming object tells a story of early mining practices and the use of canaries as gas detectors. While the use of animals in such dangerous conditions is ethically questionable, the cage's design shows consideration for the canaries' well-being, highlighting the complex interplay between technological advancement and ethical dilemmas. Its worn and imperfect condition adds to its historical significance, offering a genuine glimpse into the past, rather than a sanitized narrative. The artifact prompts reflection on the impact of technological progress on animal welfare and the lessons learned from history.

Read more
(blog.scienceandindustrymuseum.org.uk)
Tech
1 2 256 257 258 260 262 263 264 596 597