Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

GitHub Repos Masquerading as Legitimate Projects Used in New Malware Campaign: GitVenom

2025-03-03

Kaspersky's Global Research & Analysis Team (GReAT) uncovered a new malware campaign, dubbed GitVenom, utilizing hundreds of open-source repositories on GitHub. These repositories, deceptively disguised as legitimate projects (including tools for Instagram automation, Telegram Bitcoin wallet management, and a Valorant cheat), secretly download and execute malware. This malware steals passwords, bank account information, cryptocurrency wallet data, and more. The attackers successfully stole approximately 5 Bitcoin (around $485,000). The attackers used AI-generated descriptions to enhance the projects' legitimacy. Kaspersky advises developers to carefully vet third-party code before execution.

Read more
(www.kaspersky.com)
Tech

78% of Hardware Companies Lack Security.txt

2025-03-03

A developer maintaining a public list of companies using libexpat in hardware found that 78% (39 out of 50) of the companies tested in 2025 did not serve a /.well-known/security.txt file as specified by RFC 9116. This reveals a concerning lack of proactive security posture in many companies, making it difficult to contact their security teams. The author urges affected companies to fix this issue and share a link to securitytxt.org.

Read more
(blog.hartwork.org)
Hardware security.txt

ACCESS.bus: The Forgotten Universal Serial Bus That Lives On

2025-03-03
ACCESS.bus: The Forgotten Universal Serial Bus That Lives On

ACCESS.bus, a universal serial bus based on the I²C protocol, attempted to challenge USB in the 1990s but ultimately failed. This article recounts its history, from DEC's ambitious vision to its eventual use in monitor communication (DDC), and explores the reasons for its failure: slow speed, lack of major vendor support, and DEC's declining influence. While ACCESS.bus didn't become mainstream, parts of its technology persist in HDMI and DisplayPort, showcasing its innovative and forward-thinking nature.

Read more
(tedium.co)
Tech

Chrome Prototypes Powerful CSS Functions: Expanding CSS Capabilities

2025-03-02
Chrome Prototypes Powerful CSS Functions: Expanding CSS Capabilities

Chrome is prototyping CSS Functions, a game-changer for CSS. This allows developers to create custom functions that compute values based on parameters and custom properties, acting as advanced custom properties. For instance, a `--light-dark()` function could return different colors or font weights depending on system dark mode preference, overcoming limitations of the built-in `light-dark()` function. While still in prototype form in Chrome Canary (requiring the Experimental Web Platform Features flag), this opens up massive possibilities for more expressive and flexible CSS.

Read more
(www.bram.us)
Development

Firefly's Blue Ghost Makes History with Successful Moon Landing

2025-03-02
Firefly's Blue Ghost Makes History with Successful Moon Landing

Firefly Aerospace announced the successful lunar landing of its Blue Ghost lander, marking the first fully successful commercial soft landing on the Moon. Carrying 10 NASA instruments, Blue Ghost executed a precise landing and is conducting various scientific experiments, including subsurface drilling and imaging. This achievement represents a significant milestone for commercial space exploration and paves the way for future lunar missions and deeper space exploration.

Read more
(fireflyspace.com)
Tech Commercial Space

Prompting LLMs in Bash Scripts: The ofc Tool

2025-03-02
Prompting LLMs in Bash Scripts: The ofc Tool

A new tool, ofc, simplifies integrating Ollama LLMs into bash scripts. It allows for easy system prompt swapping, enabling comparison of model behavior across different prompts. The author demonstrates its use in generating datasets for testing Harper and even having the LLM generate its own prompts for deeper analysis. Installation is straightforward via cargo.

Read more
(elijahpotter.dev)
Development Bash Scripting

Resurrecting 30-Year-Old Apple SCSI Hard Drives: The Rubber-Decay Data Recovery

2025-03-02

This post details the author's experience restoring 1990s Apple-branded Quantum and Conner SCSI hard drives. These drives commonly suffer from a failure mode where they spin up and immediately stop. By opening the drives, the author discovered the root cause: aging rubber bumpers causing the read/write head to stick. Two methods—manually moving the head and using Kapton tape to hold it in place—were successfully employed to recover data. The article also shares interesting details about how data is physically stored on these drives and serves as a reminder to regularly back up important data.

Read more
(www.downtowndougbrown.com)
Hardware vintage hardware SCSI hard drive

Tesla's European Sales Plummet Amidst Competition and Musk's Political Controversies

2025-03-02
Tesla's European Sales Plummet Amidst Competition and Musk's Political Controversies

Tesla's European sales plummeted by 45% year-over-year in January 2025, while overall EV sales in the region increased by 37%. Several factors contributed to this decline: the delayed launch of a cheaper Tesla model, an upcoming Model Y refresh causing buyer hesitation, intensifying competition from Chinese automakers like SAIC Motor (whose sales surpassed Tesla's by a factor of two), and significant public backlash against Elon Musk's controversial political activities. While the impact of public opinion on purchasing decisions is debated, Musk's actions undoubtedly exacerbated Tesla's sales slump in Europe.

Read more
(www.npr.org)
Tech European Market

Nvidia GPUs on a Bare-Metal Kubernetes Cluster with NixOS: A Rabbit Hole Adventure

2025-03-02

To scale his machine learning framework, MAZE, the author attempted to enable Nvidia GPU support on his Kubernetes cluster, comprising three mini-PCs and a retired workstation. This proved far more challenging than anticipated, involving hurdles such as configuring the Nvidia device plugin, navigating the complexities of a NixOS environment, and deploying PKI certificates. He ultimately succeeded, sharing his experiences deploying a Kubernetes cluster using NixOS, Ansible, and Sops, alongside a deep dive into CRI, CDI, nvidia-container-toolkit, and more. He also developed nix-playground, a tool to simplify patching and building open-source projects, and leveraged Grok 3 for debugging. Along the way, he encountered further challenges like PyCharm issues with WSL NixOS and Kubernetes RuntimeClass configuration. The entire journey, akin to Alice's Adventures in Wonderland, highlights the author's impressive execution power and problem-solving skills.

Read more
(fangpenlin.com)
Development

Rotors vs. Quaternions for 3D Graphics Rotations?

2025-03-02

This article delves into the mathematical theory and practical application of using rotors for rotations in 3D graphics rendering. Rotors, stemming from geometric algebra, offer a potentially more elegant and simpler alternative to quaternions. The article begins with a theoretical explanation of concepts like the wedge product and geometric product, showing how they enable vector reflection and rotation. It then provides C++ code examples demonstrating the creation, combination, inversion of rotors, and their application to vector transformations and matrix generation. Finally, it discusses rotor interpolation methods, including nlerp and slerp, analyzing their strengths and weaknesses.

Read more
(jacquesheunis.com)
Development Geometric Algebra Rotors

LLM Code Hallucinations: Not the End of the World

2025-03-02

A common complaint among developers using LLMs for code is the occurrence of 'hallucinations' – the LLM inventing non-existent methods or libraries. However, the author argues this isn't a fatal flaw. Code hallucinations are easily detectable via compiler/interpreter errors and can be fixed, sometimes automatically by more advanced systems. The real risk lies in undetected errors only revealed during runtime, requiring robust manual testing and QA skills. The author advises developers to improve their code reading, understanding, and review capabilities, and offers tips to reduce hallucinations, such as trying different models, utilizing context effectively, and choosing established technologies. The ability to review code generated by LLMs is presented as valuable skill-building.

Read more
(simonwillison.net)
Development

SmallPond: A Lightweight Data Processing Framework

2025-03-02
SmallPond: A Lightweight Data Processing Framework

SmallPond is a lightweight, high-performance data processing framework built on DuckDB and 3FS. It scales to handle petabyte-scale datasets without requiring long-running services and supports Python 3.8-3.12. Its simple API allows for easy data loading, processing, and saving. Benchmarked using GraySort on a cluster of 50 compute and 25 storage nodes running 3FS, SmallPond sorted 110.5 TiB of data in 30 minutes and 14 seconds, achieving an average throughput of 3.66 TiB/min.

Read more
(github.com)
Development

Interactive Web App: An Orwellial

2025-03-02

This post describes a heavily interactive web application requiring JavaScript. The author rejects the term 'Bluetorial,' instead dubbing it an 'Orwellial' and including a humorous GIF. This suggests the app is complex and interactive, far beyond a simple HTML interface.

Read more
(bsky.app)
Development Interactive

Matt's Script Archive: A Treasure Trove of Free CGI Scripts

2025-03-02

Matt's Script Archive (MSA) offers a plethora of free Perl and C++ CGI scripts, including visitor counters, form mailers, guestbooks, discussion forums, and search engines. These scripts have been popular since 1995, boasting millions of downloads. MSA also provides supporting documentation, a help center, and paid hosting services for easier use and maintenance.

Read more
(www.scriptarchive.com)
Development CGI scripts web tools

Southeast Asia's Prehistoric Seafaring Prowess Rewrites History

2025-03-02
Southeast Asia's Prehistoric Seafaring Prowess Rewrites History

New archaeological research challenges established beliefs, revealing that 40,000 years ago, the Philippines and Southeast Asia possessed remarkably advanced seafaring technology. Stone tools, plant fiber traces for rope-making, fishing hooks, net weights, and remains of large pelagic fish found in the Philippines, Indonesia, and Timor-Leste, point to sophisticated boatbuilding and deep-sea fishing. This predates similar advancements in Europe and Africa, suggesting Southeast Asia was a technological leader in maritime innovation during the Paleolithic era. This discovery upends the long-held notion that Paleolithic technological progress was centered in Africa and Europe.

Read more
(www.popularmechanics.com)
Tech prehistoric seafaring Southeast Asia

Tamper-Proof PCR Machine: Ensuring Verifiable Scientific Results

2025-03-02
Tamper-Proof PCR Machine: Ensuring Verifiable Scientific Results

Addressing the rampant problem of data fabrication in biomedicine, researchers have developed a verifiable PCR machine. By integrating cryptographic signing and secure hardware into the PCR machine, the system ensures that experimental results cannot be altered after generation. Using a virtual machine and a trusted execution environment, the PCR software is isolated, preventing malicious modification. This approach enhances data reliability even for older equipment, representing a significant step towards building a system of verifiable scientific research.

Read more
(github.com)
Tech

Cornell University Announces Hiring Freeze

2025-03-02

Facing significant financial challenges, Cornell University has announced a hiring freeze to address potential deep cuts in federal research funding and tax legislation impacting endowment income. The freeze prioritizes positions deemed essential to the university's core mission, with all hiring subject to a rigorous review process. A central position control committee will evaluate staff positions, while faculty hiring requires consultation with deans and the provost. This measure aims to ensure the university's continued success in a more complex financial landscape, maintaining its core missions in education, research, and service.

Read more
(hr.cornell.edu)
Misc hiring freeze

The Pentium's Mysterious ×3 Circuit: A Deep Dive into Chip Design

2025-03-02
The Pentium's Mysterious ×3 Circuit: A Deep Dive into Chip Design

In 1993, Intel released the high-performance Pentium processor. This article delves into the surprisingly complex design of a seemingly simple circuit within the Pentium: the multiply-by-three circuit (×3 circuit). This circuit is part of the floating-point multiplier; the Pentium uses radix-8 multiplication, which is faster than binary multiplication, but multiplication by three requires special handling. The article explains how this circuit combines techniques like carry lookahead, Kogge-Stone adders, and carry-select adders to maximize performance. Analysis of microscope images of the chip reveals the intricate structure of the ×3 circuit and its crucial role in the Pentium, highlighting the ingenuity and technical innovation in processor design.

Read more
(www.righto.com)
Hardware processor design chip architecture radix-8 multiplication

The 'Other' Trap in Enums: Version Compatibility and Open Enums

2025-03-02
The 'Other' Trap in Enums: Version Compatibility and Open Enums

This article discusses the pitfalls of using an 'Other' value (e.g., WidgetFlavor::Other) in C++ enums. Adding new enum values presents a challenge: how to handle them and maintain compatibility with older code versions. The author suggests avoiding 'Other' altogether and declaring the enum as open-ended, letting programs handle unrecognized values independently. This elegantly solves version compatibility issues, preventing confusion when adding new enum values and ensuring smooth transitions between old and new code.

Read more
(devblogs.microsoft.com)
Development Version Compatibility

Mozilla's Betrayal: Firefox Users Revolt Over Data Privacy Changes

2025-03-02
Mozilla's Betrayal: Firefox Users Revolt Over Data Privacy Changes

Mozilla's recent update to Firefox's Terms of Use has ignited a firestorm of outrage among users. The update grants Mozilla broad permission to use user data, a stark contrast to previous promises to never sell user data—promises now scrubbed from the Firefox FAQ. While Mozilla claims the data will only be used as described in its Privacy Notice, concerns remain about the potential use of this data for AI development. The vague wording and the removal of previous guarantees have shaken user trust, leading some to migrate to alternative, Firefox-based open-source browsers. This incident highlights the growing importance of data privacy and the repercussions of companies contradicting their past assurances.

Read more
(www.pcgamer.com)
Tech

TypeScript 5.8 Bids Farewell to Enums: A Dignified Exit

2025-03-02
TypeScript 5.8 Bids Farewell to Enums: A Dignified Exit

TypeScript 5.8 introduces the `--erasableSyntaxOnly` flag, effectively ending the era of enums and namespaces. While literal unions offer superior ergonomics, the author expresses nostalgia for enums. The article highlights a key advantage of enums: superior documentation support for members, including deprecation notices, crucial in large codebases, a feature lacking in literal unions. The author urges the TypeScript team to improve documentation support for literal unions in future releases.

Read more
(blog.disintegrator.dev)
Development enums literal unions

The Solopreneur Revolution: AI-Powered Startups Disrupting SaaS

2025-03-02
The Solopreneur Revolution: AI-Powered Startups Disrupting SaaS

DeepSeek's $200M annual revenue with a 500%+ profit margin, achieved at 1/25th the cost of OpenAI, highlights the power of AI-driven development. AI is not just building models; it's writing code, optimizing infrastructure, and even debugging itself. This allows solopreneurs to build sophisticated applications that previously required massive teams. This paradigm shift threatens established SaaS giants who face workforce reductions and the need to rebuild their AI-native products. The opportunity lies in building AI-first solutions targeting bloated SaaS verticals, offering leaner, more efficient alternatives and ultimately reshaping the future of the industry.

Read more
(manidoraisamy.com)
Startup

Breakthrough: Ambient RF Energy Harvesting Module Powers Small Electronics

2025-03-02
Breakthrough: Ambient RF Energy Harvesting Module Powers Small Electronics

Researchers from the National University of Singapore have developed a novel energy harvesting module capable of converting ambient radio frequency (RF) signals into direct current (DC) voltage, powering small electronics without batteries. This technology overcomes the low efficiency of existing rectifiers at low power levels, utilizing nanoscale spin-rectifiers for high sensitivity and compact design. Successfully powering a commercial temperature sensor, the module opens possibilities for IoT devices and wireless sensor networks in remote areas. Published in Nature Electronics, this research marks a significant advance in ambient energy harvesting.

Read more
(news.nus.edu.sg)
Tech energy harvesting

olduse.net: A Continuously Updated Delayed Usenet Archive

2025-03-02
olduse.net: A Continuously Updated Delayed Usenet Archive

olduse.net is a unique Usenet archive project that adds a new port each year, with a one-year delay. The post details the project's history from 2011 to 2021 and how Adam Sjøgren took over and continues to maintain it. Now, users can access Usenet article archives with varying delays through multiple ports, experiencing the charm of Usenet's past. This isn't just a technical project; it's a continuation of an interactive art piece.

Read more
(olduse.net)
Misc Archive Interactive Art

Gamers Accidentally Become Cybersecurity Experts

2025-03-02
Gamers Accidentally Become Cybersecurity Experts

Thousands of video game enthusiasts are unknowingly developing cybersecurity skills through their hobby. Speedrunners, in pursuit of the fastest game completion times, exploit glitches requiring reverse engineering skills. They utilize tools like IDA Pro and Ghidra, even developing custom tools, to understand game mechanics. The glitches they find—buffer overflows, use-after-frees, etc.—are strikingly similar to real-world cybersecurity vulnerabilities. These gamers possess valuable vulnerability research skills without realizing the professional potential. This article encourages them to transition into the cybersecurity industry, transforming their passion into a career.

Read more
(zetier.com)
Tech Game Glitches

CSRF, CORS, and the Same-Origin Policy: A Browser Security Tug-of-War

2025-03-02

This article delves into the web security mechanisms of CSRF (Cross-Site Request Forgery) and CORS (Cross-Origin Resource Sharing). While both relate to cross-site requests, their functions and mechanisms differ significantly. By default, browsers enforce the same-origin policy, restricting cross-site writes but permitting cross-site reads. CSRF exploits vulnerabilities in this policy, while CORS provides a mechanism to allow specific cross-site requests. The article analyzes the impact of the SameSite attribute on CSRF, the crucial role of browsers in the overall security architecture, and notes that browser adoption of the SameSite=Lax default will directly affect internet security.

Read more
(smagin.fyi)
Development

DeepSeek's smallpond and 3FS: Scaling DuckDB to Petabytes

2025-03-02
DeepSeek's smallpond and 3FS: Scaling DuckDB to Petabytes

DeepSeek AI has released smallpond and 3FS, designed to extend the DuckDB database to handle petabyte-scale datasets. smallpond is a lightweight distributed data processing framework enabling DuckDB to process data in parallel across multiple nodes, while 3FS is a high-performance parallel file system leveraging SSDs and RDMA networking for extreme throughput. However, deploying and using these tools is complex, requiring specialized hardware and DevOps expertise. For datasets under 10TB, a single-node DuckDB instance or simpler solutions are more efficient. Only when dealing with massive datasets do smallpond and 3FS show their advantages.

Read more
(www.definite.app)
Development high-performance storage

The Rise of Agentic Business Objects: Data That Works for You

2025-03-02
The Rise of Agentic Business Objects: Data That Works for You

For decades, business data has been passive, waiting for humans to process it. Now, AI is giving data agency. This article explores the concept of Agentic Business Objects (ABOs), intelligent entities that can autonomously handle workflows, coordinate resources, and even communicate with other systems. Using the example of an invoice, the author demonstrates how ABOs can independently manage approval, payment, and reconciliation processes. The article envisions applications across sales, support, and HR, transforming enterprise software architecture and freeing humans to focus on higher-value work. This shift moves us from data operators to process orchestrators, unleashing human potential for creativity and innovation.

Read more
(10xbetterai.beehiiv.com)
Development Enterprise Software

Falsehoods Programmers Believe About Languages: A Hilarious Debunking

2025-03-02
Falsehoods Programmers Believe About Languages: A Hilarious Debunking

This article humorously debunks common misconceptions programmers hold about programming languages in the context of software localization. From assuming all languages have the same sentence structures and word lengths as English, to believing translations always maintain the same length, the article highlights the absurdity of these assumptions. It underscores the importance of understanding linguistic diversity and cultural nuances in software development and localization.

Read more
(www.lexiconista.com)
Development software localization

Ladybird Browser Project Monthly Update: Million-Level WPT, Embracing OpenSSL

2025-03-02
Ladybird Browser Project Monthly Update: Million-Level WPT, Embracing OpenSSL

The Ladybird open-source browser project made significant progress this month, merging 281 PRs from 35 contributors. The number of passing subtests in Web Platform Tests (WPT) exceeded 1.77 million, moving closer to the 90% pass rate target for iOS alternative browser engines. The project adopted OpenSSL to replace its homegrown cryptography library and migrated the networking stack to curl. It also added support for Firefox DevTools, improving debugging efficiency. Furthermore, Ladybird added features such as CSS image cursors, new CSS pseudo-classes, text decoration error highlighting, and implemented TextEncoderStream and the Resource Timing API. Style invalidation mechanisms were optimized, and aarch64 Linux continuous integration was added.

Read more
(ladybird.org)
Development
1 2 408 409 410 412 414 415 416 596 597