Links für 2023 KW 51
Meine „Wollte ich noch Lesen“-Liste, zusammengefasst von Neural Chat.
MongoDB meldet unbefugten Zugriff auf Unternehmenssysteme:
MongoDB, ein Anbieter von NoSQL-Datenbanksoftware, informierte seine Kunden über einen Sicherheitsvorfall, bei dem unautorisierten Zugriff auf Kundendaten erfolgt sein soll. Die Aktivitäten wurden am 13. Dezember entdeckt, aber MongoDB gab an, dass diese sich bereits einige Zeit vorher ereignet haben könnten. Das Unternehmen empfahl seinen Kunden, gegen Social-Engineering- und Phishing-Angriffe zu achten, Multi-Faktor-Authentifizierung (MFA) zu aktivieren und ihre MongoDB-Atlas-Passwörter regelmäßig zu ändern. MongoDB kündigte zudem die Weitergabe der Informationen an während weiterer Untersuchungen des Vorfalls erfolgen.
Reindeer and the quest for Scottish enlichenment:
Based on the study, reindeer have a unique color-shifting tapetum lucidum that allows them to detect UV-absorbing lichens against snowy backgrounds. Their ability to see UV light may be related to their diet, which consists of lichen-dominated food sources in the Scottish Highlands. This study suggests a connection between reindeer's visual ecology and their foraging behavior in twilight conditions.
The Largest Money-Printing UI Element Ever Made:
In Evan Czaplicki's talk on „The Economics of Programming Languages,“ he discusses how a small open-source project like Elm competes in an ecosystem shaped by tech giants. Google makes $49 billion for search traffic acquisition costs, with significant payments to browsers like Firefox and Safari. Microsoft, however, focuses on its own browser (Bing). This highlights the immense value of the URL/search bar as a revenue-generating feature, potentially making it an attractive area for business innovation.
“Yes” Actually Means “No”: The Curious Language of VCs:
In recent years, venture capitalists have become known for their secret language - VCspeak - which often includes cryptic phrases to reject founders' ideas. A founder who shares his experiences in the process of fundraising reveals the true meaning behind such statements as 'talk to us again when you have traction', 'we think you're too early for us, speak to us when you raise your next round,' or 'yes actually means no'. He also offers 10 survival tips for those navigating the world of venture capital funding.
Mickey, Disney, and the Public Domain: a 95-year Love Triangle | Duke University School of Law:
The article discusses the implications and rights of public domain works related to Mickey Mouse's character after copyright expiration. It explains how Steamboat Willie, which includes Mickey Mouse as a main character, will enter the public domain in January 2024. This means that new creative works can use Mickey in new artistic creations, and anyone may draw from these characters for free without permission or fear of legal issues. Additionally, it clarifies aspects of trademark law concerning Disney's use rights on the character after copyright expires.
So, essentially, as Mickey Mouse and related public domain works become more accessible, they will continue to inspire new creative expressions, ensuring the character's ongoing relevance and cultural impact.
Cats Kill a Staggering Number of Species across the World:
Domestic cats have caused significant ecological harm across the world due to their adaptations for hunting and predation. A study published in Nature Communications found that free-ranging domestic cats consume over 2,000 different species, including many threatened or endangered animals. Researchers analyzed more than 100 years' worth of scientific literature on cat diets, revealing a wide range of prey types like birds, reptiles, and mammals, as well as unexpected meals such as sea turtles, emus, and even domestic cattle. The researchers emphasized that cats are versatile predators with the potential to cause further population declines and extinctions if not managed effectively.
This tweet shares a personal experience of an individual who interviewed over 100 software engineering candidates using various assessment methods and found them all unsuccessful or unpleasant. The person now focuses on alternative evaluation techniques, including asking open-ended questions that encourage self-expression rather than traditional problem-solving approaches. They suggest avoiding generic weakness questions and tailoring the interview to learn about specific skills or values important for the team or role. Overall, the goal is to create a non-toxic hiring environment leading to better candidates joining the company.
The End of Retirement | The Walrus:
This article focuses on the changing concept of retirement as Canadians live longer due to advances in medical care and better lifestyle habits. It discusses the challenges faced by retirees who struggle with ageism at the workplace and suggests potential solutions such as making measures against ageism part of every company's fair-employment practice, promoting flexible working hours for older employees, and considering retirement as a transition instead of an abrupt end to one's professional life. The article also stresses on creating new terms to describe both the concept of retirement and retirees themselves in a non-ageist manner.
Declinism is a belief that a society or institution, usually driven by cognitive biases like rosy retrospection and negativity bias, tends to view the past more favorably while seeing the future more negatively. This idea has been traced back to Edward Gibbon's work on the decline and fall of the Roman Empire. Oswald Spengler's book „The Decline of the West“ provided a name for this concept and gave it a popular appeal after its release in the aftermath of World War I. The belief has been explored in many declinist literatures across different countries, often seeing various societies experience this decline throughout history as a constant theme.
You don't need analytics on your blog:
This article argues that analytics are not necessary for personal blogs and may even demotivate writers. It suggests using vbnla, a Ruby script that analyzes web server access logs to gather similar information on traffic trends without using browser analytics. The author explains that this system allows them to track their blog's success based on writing quality rather than external attention.
If only someone told me this before my first startup:
This article provides various insights and suggestions for individuals in the startup world based on personal experiences. The author shares advice about validating ideas, chasing users instead of investors, hiring the right people, prioritizing global markets, focusing on SEO, selling features before building them, staying away from hype or distractions like cryptocurrency, avoiding working with corporations, not getting attached to bad projects, attending tech conferences, using Scrum, outsourcing only after product-market fit, bootstrapping instead of raising money, and valuing the importance of relationships.
In summary, English had a formal version of „you“ where 'thou' was used for singular address during Early Modern English times. The usage later evolved into plural you being used more frequently in polite contexts. This trend displaced the singular thou, leading to its current archaic perception. Other languages have their own unique ways of addressing people based on social and cultural factors.
Should We Tell People It’s Too Late To Save Civilization?:
This article emphasizes the reality of civilizations coming to an end due to various factors such as climate change, limited resources, pollution, and the decline in biodiversity. The author argues that people need to face these challenges head-on rather than believe in unrealistic solutions, ensuring better preparation for a future without many modern conveniences. Accepting the grim outlook allows individuals to focus on cherishing loved ones, appreciating nature, and making the most of their remaining time.
Resetting the timer in my toothbrush:
This article discusses an NFC-enabled toothbrush with a chip tracking usage time up to 360 minutes. The chip triggers replacement indications even if not necessary. Users can reset the counter by sending a message from their phone using the NFC Tools app and following specific steps involving serial number and password generation.
The article discusses an updated Natural Language Processing course designed for convenience, clarity, and the ability to learn at one's own pace. It covers a wide range of topics from semantic spaces, NLP algorithms, neural networks, language modeling, transfer learning, and more. The materials aim to help students understand and apply these techniques while developing research thinking skills. Each topic includes lectures, blogs, interactive parts, exercises, analysis and interpretability, related papers for deeper exploration, and related games as part of the course content.
An old acquaintance approached the author about developing a website and app with a database for their business idea. After considering several assumptions often held within the software industry, the article asserts that these assumptions - regarding software development being easy, its significance in comparison to a business concept, and the interchangeability of programmers - are largely inaccurate and even becoming less viable. The author believes that while progress has been made, there's still work to be done on improving understanding and appreciation for quality software development.
Is Bach the greatest achiever of all time? - Marginal REVOLUTION:
This article discusses Bach as a potential candidate for being the greatest achiever of all time, using a range of metrics such as the quality and quantity of work, being better than contemporaries, staying exceptional over centuries, tackling additional problems to achieve success, consistency of achievement, surpassing learning only from oneself, never experiencing setbacks, and taking into account historical context. The author also compares Bach with other notable figures like Shakespeare, Beethoven, Homer, Archimedes, Plato, and Aristotle but finds that none reaches the same level in all categories as Bach does.
This article discusses how fun has seemingly become less prevalent and more complicated in modern society, leading to a search for its rediscovery. The author explores various aspects of contemporary life that contribute to this perceived decline in enjoyment, such as an increased focus on work, technology-driven distractions, overplanned events, consumerism, and social comparison through media platforms. The article features insights from several individuals who are seeking ways to reconnect with true fun or are working towards fostering it for others, including a „party coach,“ the author of „Fun at Work,“ a consultant on intentional fun, and the founder of the „How To Feel Alive“ project.
Shein Forces Amazon To Lower Seller Fees:
In response to competition from Shein, Amazon will lower transaction fees for sellers offering apparel items under $15, reducing them from 17% to 5%. This move aims to keep up with Shein, an online-native clothing retailer that is strong in apparel and known for its low prices. Despite the fee reduction, Amazon will remain more expensive than Shein due to higher fulfillment costs, as items stored in domestic warehouses are costlier than direct shipments from China. Shein's strengths lie in offering a unique experience with its clothing products, while Amazon focuses primarily on fast delivery and a wide product range.
You're Supposed To Be Glad Your Tesla Is A Brittle Heap Of Junk | Defector:
A recent Reuters investigation has uncovered significant issues with Tesla's manufacturing process, revealing major part failures on low-mileage vehicles and the company's organized efforts to conceal this from customers. This includes blaming drivers for these defects instead of addressing them as manufacturing issues. Tesla's alleged strategies have involved withholding repairs, misleading regulatory authorities, and even creating substandard replacement parts to cover up issues rather than correcting them. These tactics have resulted in higher profits, making Tesla seem more profitable while masking the inherent problems with their products.
How to Become a Great Software Engineer:
This article discusses various recommendations for becoming a great software engineer. The author shares insights from their 20-year career in the industry and emphasizes on mastering one programming language, learning software engineering concepts, working with experienced professionals as mentors, using productivity techniques, staying focused on fundamentals rather than frameworks, and reading relevant books. Essential skills to learn include algorithms, data, clean code, design patterns, distributed computing, system design, and soft skills like communication and teamwork.
Europe has a wolf problem, and a late Norwegian philosopher had the solution:
The article discusses the ongoing challenges surrounding the European wolf population and the potential for coexisting with them, focusing on Norway's environmental philosopher Arne Næss' ideas about deep ecology. Its core principle of biospherical egalitarianism promotes equal rights for all beings, including humans and wolves. This philosophy suggests that humans should consider the well-being of species such as wolves while tackling issues like livestock protection through measures like fencing or guard dogs. By redefining community to include both humans and nonhuman species, this framework can facilitate solutions to the so-called „wolf problem“ in Europe and enhance understanding of ethical considerations for coexisting with other species on Earth.
Why Do Poor People Commit More Crime? - Marginal REVOLUTION:
The well-known fact that people with lower incomes tend to commit more crime has been explained using different theories - one suggesting a direct link between poverty and crime, whereas another highlights the possibility of a third variable causing both income and crime. A study conducted in Sweden on the lottery winners and their subsequent criminal rates found no significant decrease in crime after receiving money. As a result, these random experiments challenge the conventional view that financial resources have a causal effect on adult offending.
The unfortunate math behind consulting companies:
This article discusses the challenges of expanding a consulting business by hiring employees and how this affects profitability. The author points out that hiring one person generates less profit than expected, while launching products rarely succeeds. The article presents various strategies to mitigate these issues, including increasing rates charged to clients, working more billable hours, developing profitable products, using subcontractors instead of employees, and being disciplined in running a successful consulting company. The aim is to maintain profitability while balancing the demands of managing a growing business.
Polar bear fur-inspired sweater is thinner than a down jacket — and just as warm:
A sweater made from an aerogel fiber, which mimics polar bear fur, offers the same warmth as a down jacket while being just one-fifth as thick, according to a study published in Science magazine. This proof-of-concept fiber could potentially be used for lightweight and durable clothing such as sportswear, military uniforms, and spacesuits without relying on animal fur or down. Aerogels are known to have exceptional heat-locking abilities but traditionally have been difficult to weave into wearable textiles due to brittleness and fragility. In this study, researchers were inspired by the porous inner structure of polar bear fur to create stronger and more elastic aerogel fibers that maintained their insulating properties even after being stretched, washed, or dyed.
Google Search Overwhelmed By Massive Spam Attack:
A recent spam attack on Google's search results has seen many domains ranking for hundreds of thousands of keywords each, potentially reaching millions. While the majority of these sites have been registered within the past two days, they are interconnected in tightly knit networks, a pattern common among spammy links. The attack takes advantage of Google's focus on content over links by exploiting longtail phrases and local search algorithms with little competition. This issue has been ongoing for years and requires further attention from Google to combat it.
Don’t Believe Your Eyes - A WhatsApp Clickjacking Vulnerability:
A vulnerability called '2K2E' affecting Instagram links within WhatsApp messages has been discovered. This issue could lead to phishing attacks where attackers can craft legitimate-looking links that lead to malicious websites. The exploit is based on a Clickjacking technique, with an attacker purchasing a mirror domain of a site to impersonate and removing certain text to hide the actual link in the message. Meta has shown no immediate intention to fix this security issue. As a mitigation, WhatsApp users should be cautious when clicking links within messages and consider copying and checking their clipboard previews before taking any action on them.
Lost history of Antarctica revealed in octopus DNA:
This article reveals a lost history of Antarctica through octopus DNA. Around 100,000 years ago, scientists believe that Antarctica's massive western ice sheet collapsed temporarily. The ice sheet's collapse allowed long-separated populations of Turquet's octopus (Pareledone turqueti) to interbreed for thousands of years when the ice sheet re-formed, separating them once more. This story has been recorded in their genes and highlights concerns about a large rise in sea levels possibly occurring in our planet's near future. The research underscores the importance of understanding modern climate conditions affecting the West Antarctic Ice Sheet and taking proactive steps to address it.
Database Isolation Is Broken and You Should Care:
This month, various articles discussed ACID properties related to databases. A bashdb demonstrates the complexity of databases with ACID features and explains concepts like isolation levels. Postgres focuses on transaction isolation while acknowledging unspecified anomalies not addressed by ANSI SQL 92 specification. Jepsen's MySQL analysis showcases issues with some anomalies, leading to calls for better isolation level standards. Despite the potential challenges, understanding database behavior is crucial for developers to ensure smooth functioning and avoid unsatisfied customers.
This summary includes details about multiple Tesco products from different years. The Tesco Tomato & Basil Sauce For Meatballs contains a mix of tomato, tomato puree, and various ingredients such as basil, lemon juice, sugar, olive oil, garlic pure, citric acid, oregano, calcium chloride, black pepper, salt, sugar, cornflour, concentrated lemon juice, and acidiy regulator. Another product is Tesco Finest Smoked Wiltshire Cure Back Bacon with key components including pork, water, salt, and preservatives (sodium nitrite, potassium nitrate). The third example discusses Tesco Chicken Tikka Masala & Pilau Rice featuring cooked pilau rice, marinated chicken, single cream, tomato pure, yogurt, rapeseed oil, garlic pure, ginger pure, ground cashew nut, honey, butter, cashew nut paste, spices, coriander leaf, sugar, tandoori masala, salt, and cooked pilau rice ingredients. The fourth product is Tesco Italian Macaroni Cheese Pasta with main ingredients such as cooked pasta, milk, mature cheddar cheese, water, single cream, wheat flour, rapeseed oil, cornflour, salt, white pepper, mustard powder, and cooked pasta ingredients. Next, we have Tesco Mayonnaise containing vegetable oil, water, free range pasteurised whole egg & egg yolk, lemon juice from concentrate, spirit vinegar, salt, sugar, stabiliser, natural flavouring (containing mustard). Lastly, the Tesco Mayonnaise 500Ml features rapeseed oil, water, pasteurized egg yolk, spirit vinegar, sugar, salt, modified maize starch, concentrated lemon juice, and flavoring (containing mustard).
The article outlines various offerings from Envato Market, including categories such as Video, Web Themes & Templates, Code, Audio, Graphics, Photos, 3D files, guest cart services, account creation and sign-in procedures, and downloading preview options. It also highlights an interesting story of a DJing older couple bringing life to parties through disco settings.
Was Zuckerketten im Speichel über Krebsveränderungen verraten:
Eine neue Analyse macht die Unterschiede im Zuckeraufbau auf Moleküleinheiten von Zellen sichtbar, was darüber hinaus Informationen über das Vorhandensein von Krebs oder dessen Art in Körperzellen geben könnten. Die Glykan-Bausteine der Zellen fungieren häufig als Steuerungsmoleküle für Proteine und können falsch zusammengesetzt sein, was im Tumorfall vorkommen kann. Ein neues künstliches Intelligenz (KI)-Algorithmus entwickelt ein Team von Wissenschaftlern an der Universität Göteborg. Dieser hilft bei der Unterscheidung zwischen gesunden und kranken Zellproben sowie zur Identifizierung verschiedener Krebsarten, indem er die ungenauen Beschreibungen verbessert. Innerhalb der nächsten vier bis fünf Jahre versucht man auch, kostengünstige Krebstests zu entwickeln, die mit Blut- oder Speichelproben verwendbar sind.
This article discusses guidelines and rules for creating maze structures. The mazes can vary in sizes with width ranging from 2 to 200 cells and height of the same range. There's an option for inner dimensions as well. A commercial license is required if you intend to use these mazes for any selling purpose, else it falls under copyright infringement. The article warns against misleading information provided by some online channels regarding free usage for commercial purposes.
Do you really need Foreign Keys?:
The article emphasizes the importance of critically analyzing and revisiting database schemas involving foreign keys. While foreign keys are often recommended for ensuring referential integrity, excessive usage can lead to performance issues during write operations, unnecessary lock contention, complexity in database migrations, and unwarranted indexes. It recommends considering alternative design patterns and evaluating the effectiveness of constraints periodically. Overall, the article suggests striking a balance between maintaining data integrity and optimizing system performance while designing databases.
Google Makes Over $92 Billion per Year By Owning Android (their 'open source' operating system):
Android, with over 3 billion users worldwide, powers more devices than any other mobile operating system. Although it seems free to use without explicit payment, there are various ways Google makes money from the platform. Device manufacturers such as Samsung have to pay licensing fees for accessing popular Google apps like Gmail, Maps, or YouTube through its bundle known as Google Mobile Services (GMS). This generates revenue of approximately $20 billion annually. The Google Play Store also contributes significantly with income from paid apps, in-app purchases, subscriptions, and advertisements. Pre-installed Google apps, such as Search, Maps, YouTube, Gmail, Drive, Photos, Chrome, and Assistant, while not directly earning money, drive traffic to Google's ecosystem, further increasing their advertising revenue and data collection. In summary, although Android appears free, it generates massive profits for Google in various forms.
Research shows that sniffing women's tears reduces aggressive behavior in men:
A study published in PLOS Biology discovered that human tears contain chemicals, which block aggression in men when they sniff them. This phenomenon is a form of social chemosignaling, where chemical signals affect behavior. The research, led by Shani Agron at the Weizmann Institute of Science, found that these tear-based signals cause reduced brain activity related to aggression and lead to less aggressive behavior. This study suggests that social chemosignaling might have a role in human aggression rather than being just an animal-specific phenomenon.
A scientific study disproves the previous belief that the anabolic response to protein consumption during post-exercise recovery has a limited duration and excess amino acids are oxidized. Using advanced tracer feeding method, researchers found consuming 100 grams of protein led to a more prolonged (over 12 hours) and larger anabolic response compared to 25 grams. The study demonstrated dose-dependent increase in dietary-protein derived amino acid availability and incorporation into muscle protein. Protein ingestion had negligible effects on breakdown or oxidization rates, suggesting the anabolic response to protein consumption is not restricted as previously thought.
What I Wish Someone Had Told Me:
This article emphasizes various factors crucial for starting, finishing, and maintaining success in ventures. It discusses optimism, strong teams, long-term vision, audacious ideas, proper incentives, resource allocation, clear communication, battling bureaucracy, prioritizing outcomes over processes, effective recruitment, valuing superstars, fast iteration, balanced planning, accepting risks, the magic of compounding exponentials, persistence, and enjoying the journey with great people.
How To Turn Off Google’s “Privacy Sandbox” Ad Tracking—and Why You Should:
Google has released its „Privacy Sandbox“ feature in Chrome as a part of improving user privacy by exchanging third-party cookies for what are now called „Topics.“ These topics are generated based on websites users visit, creating advertising categories that may target them with ads. Although this system improves upon the 2019 FLoC proposal, it still tracks user browsing habits and is used in Chrome's enhanced ad privacy control settings. To disable Privacy Sandbox, users can adjust settings for „Ad topics,“ „Site-suggested ads,“ and „Ad measurement“ on the Ad Privacy page within Chrome settings.
Windows 10 end of life could prompt torrent of e-waste as 240 million devices set for scrapheap:
A Summary of the Article Discusses concerns that the end-of-life for Windows 10 could lead to a surge in electronic waste due to millions of devices being scrapped as people shift over to Windows 11. Research from Canalys shows up to 240 million PCs worldwide may be disposed of because they don't meet minimum requirements for installing Windows 11, raising questions about device refreshes and vendors’ responsibility in extending life cycles. The article highlights the need for manufacturers and software vendors like Microsoft to maximize product lifespans by incorporating features that promote durability, reparability, and recyclability.
What We Need Instead of “Web Components”:
Web Components have been around but still struggle to gain traction among developers. They were initially envisioned as a solution but turned out to be an attempt at addressing issues of the past rather than solving contemporary problems faced by web developers. To improve and achieve real progress, browser makers should shift focus on other areas like Reactivity, DOM rendering, and self-sizing iframes, which have already been explored and developed by frameworks. These new solutions need to be made faster, more efficient, and universally available by building upon what developers have already created. This approach will ultimately result in better tools for everyone and promote growth within the web industry.
PostgreSQL: Upgrade auf neue Version durchführen » DecaTec:
In einem letzten Artikel wurde der Migration eines Nextcloud-Datenbank-Systems von MySQL/MariaDB auf PostgreSQL gefolgt. Nach dem Umgang mit der Upgrading auf eine neueren Hauptversion des ORDBMS, wird nun gezeigt, wie diese Datenbank in die neue Version eingeführt werden kann. Dieser Artikel basiert auf einem Ubuntu Server 20.04 LTS und setzt voraus, dass die Paketquellen aus offiziellen PostgreSQL-Repositories benutzt werden. Der Upgrade von PostgreSQL wird mittels Dump und Wiedereinspielen durchgeführt, wobei auch Hinweise zum Upgraden auf Version 14 im Zusammenhang mit neuen Hash-Verfahren für Passwörter erläutert sind.
Five Apache projects you probably didn't know about:
The article introduces lesser-known Apache projects, discussing their features and functionalities. These include Apache APISIX, a robust API Gateway; Apache ShardingSphere which transforms databases into distributed systems; Apache SeaTunnel, a data integration platform; Apache SkyWalking, an APM tool for microservices; Apache Doris, a real-time data warehouse; and Apache Paimon, a streaming data lake platform. The projects have various uses, such as scaling purposes, data integration, monitoring, reporting analysis, or unified data warehousing.
Lessons on building business value:
In the Lex-Jeff Bezos podcast, important lessons for building business value are discussed. Every day is considered a fresh start with „day one thinking,“ avoiding being trapped by dogma or beliefs. Metrics, though crucial, should be fully understood and not treated as absolutes. A company must strive to create an environment where employees can freely share the truth, even overruling seniority if backed by data. The analysis of both data and anecdotes is critical for decision-making. Identifying stable aspects of a business and investing in their improvement is essential. Meetings accompanied by prepared documents enhance efficiency and enable clear discussion.
This article discusses the concept of tech debt in terms of software liabilities and assets instead of focusing only on technical debt. The author emphasizes the importance of code being an asset and having liabilities attached, which can be mitigated through proper design, maintenance, and keeping assumptions minimal. The goal is to ensure that software efficiently solves problems while maintaining its relevance over time.
The number of American children having fewer siblings and cousins is causing concern, leading to possible ramifications in future generations such as a shortage of workers or not enough people paying taxes and filling jobs. As family structures evolve, the role of cousins has changed over time, with less interaction due to distance and socioeconomic gaps. However, these relationships still play a crucial part in our lives, providing emotional support and unique perspectives during times of crisis. Cousin bonds can become increasingly important in preserving family cohesion as siblings become the primary caregivers for aging parents and organize family events. The decline of cousins may lead to a greater dependence on each other in the future, highlighting their importance in our social lives even amidst shrinking families.
how-to-upgrade-the-ssd-and-reinstall-windows-on-your-rog-ally:
This article provides a step-by-step guide on how to upgrade the SSD of the ASUS ROG Ally gaming console and reinstall Windows from scratch while keeping the device updated with its latest BIOS and firmware for optimal performance.
The article discusses designing representations of missing data values and introduces Null Island (SVG) as an example. It also mentions related merchandise, donations to related organizations, the project's license, and a disclaimer for self-printing or outsourcing production.
www.sixdegreesofwikipedia.com:
Find the shortest „path“ between wikipedia articles.
7 Ways to Escape a Container - Panoptica:
The article highlights seven common container escape techniques with varying degrees of complexity. These methods exploit weaknesses in Linux containers, allowing attackers unauthorized access and compromising application integrity within these environments. By understanding these risks and taking necessary precautions, users can ensure their container deployments remain secure and reliable.
The seven ways to escape a container mentioned in this article include: (1) mounting the host filesystem; (2) using a mounted Docker socket; (3) process injection, which involves executing shellcode within a targeted application's memory space; (4) adding a malicious kernel module that opens reverse shell connections from the host; (5) reading secrets from the host by exploiting file or directory read permission checks; (6) overriding files on the host by abusing DAC_READ_SEARCH and DAC_OVERRIDE capabilities, allowing for the writing of files as well as bypassing permissions checks; and (7) abusing notify on release functionality in cgroups version 1. By being aware of these techniques and their implications, users can better protect their containers from potential threats and vulnerabilities.
Breast cancer metastasis on/off switch revealed | Stanford News:
New research from Stanford University and the Arc Institute has revealed an important role of ENPP1, a protein found in the human body, for breast cancer metastases. When a patient has high levels of this protein, it acts as an on/off switch to make their cancer resistant to immunotherapies and increases chances of metastasis (spreading cancer). The findings suggest that targeting this protein could potentially lead to new immunotherapy methods or enhance the effectiveness of existing treatments. This discovery may help clinicians better predict patient responses to medicines and aid in determining proper treatment for breast cancer patients. The team's next step is to examine the relevance of ENPP1 in other cold tumors like lung, pancreatic, and brain cancers.
HP raising Instant Ink subscription pricing significantly - gHacks Tech News:
HP has announced an increase in the monthly prices of its Instant Ink subscription service for Germany, starting in January 2024. The price hike affects all plan levels but varies from 50% to about 25%. However, the number of pages allowed per month remains the same across all plans. This is HP's second price increase since 2022.
Ermittlungen zu vermeintlichem »Anschlag« auf AfD-Chef Chrupalla eingestellt:
Die Ermittler in Bayern haben die Annahme eines möglichen Angriffs auf den Vorsitzenden der AfD, Tino Chrupalla, aufgegeben. Er wurde am Rande einer Wahlkampfveranstaltung in Ingolstadt angeblich attackiert und verletzt. Inzwischen wurden keine Hinweise gefunden, wie die Verletzung entstanden sein könnte, und es gibt keinen Beleg für einen Stich- oder Giftangriff. Der Vorfall hatte Chrupalla dazu veranlasst, mehrere Wahlkampftermine abzusagen und sich medizinisch behandeln zu lassen.
A summary of the article highlights the challenges faced when attempting to apply type hints to Python, a dynamically-typed language. The author explores the purpose of conditional imports and their use in type checking during compilation to deal with circular dependencies. They explain how MyPy's type checking process, more meticulous than runtime checks, necessitates such workarounds in certain scenarios. The article cautions users to be mindful of the limitations and guarantees when using type annotations within Python code.
SSH protects the world’s most sensitive networks. It just got a lot weaker:
1. Summary: A new hack called Terrapin has been discovered that exploits weaknesses in the SSH encryption protocol, potentially undermining its security guarantees. The attack targets the Binary Packet Protocol (BPP) and can be used to manipulate sequence numbers during the handshake process. Vulnerabilities have also been found in AsyncSSH, an app with 60,000 downloads per day. Terrapin can exploit vulnerabilities in certain combinations of encryption modes and implementation flaws in SSH implementations. A scanner has been created to detect vulnerable servers or clients, while patch urgency depends on individual situations and implementations.
2. Summary: Terrapin is a new hack that targets the SSH protocol. The attack exploits weaknesses in the cryptographic algorithms (ChaCha20-Poly1305 and CBC with Encrypt-then-MAC). These vulnerabilities allow an attacker to manipulate sequence numbers, potentially affecting security guarantees of the protocol. A recent paper by researchers from Germany's Ruhr University has identified several ways of exploiting these flaws in SSH implementations, including prefix truncation attacks and downgrading extensions. A patch addressing the issue is already available for AsyncSSH. For other SSH implementations, users should consult with developers to determine if any patches are necessary and if there is a risk of Terrapin exploitation.
Making Software Reliable: The Importance of Testability:
The latest article in the Principles of Reliable Software Design series highlights testability, a crucial aspect often overlooked when designing software. Testability is about how easily software can be tested, enabling quick identification and fixing of errors for reliable performance across conditions. Unlike other aspects, it directly impacts the writing process of software. Upcoming sections will explore automated testing fundamentals, design principles to enhance testability, and efficient tools and frameworks, with a focus on Go (Golang) examples in this context.
Niccolò Machiavelli was a highly influential political thinker and philosopher from the late 15th century known for his views on statecraft, power, and human nature. Criticized for his cynical realism and supposed amorality in „The Prince“ and other writings, Machiavelli's ideas have been widely misunderstood over time. He was not advocating the use of dishonorable practices but rather suggesting that leaders must accept the challenges posed by a complex world where different ideals may coexist and be at odds with each other. His central belief was in the importance of creating strong states, which required ruthlessness in certain situations, and contrasting these Roman virtues with Christian or Humanist principles, which he argued were insufficient for maintaining power and glory. While Machiavelli did not advocate immoral actions, his frank appraisal of reality has led many to misinterpret him as a proponent of amorality and cynical political tactics, making him one of history's most controversial political thinkers.
SolarEdge Leistungsoptimierer für PV-Hausdachanlagen:
Optimize the energy output of each solar panel by reducing all types of module mismatch losses, including manufacturing tolerances, partial shading, and aging of panels.
1. London, a city dominated by techno-feudalism, has been taking over its residents' minds with a captivating rhythm, making them accept their fate as cashless consumers. The city is losing some of its charm due to this change in economic dynamics. 2. As the influence of large corporations and digital platforms increases, smaller businesses are finding it difficult to survive, leading to a homogenized landscape. 3. London's gentrification and growing dependence on big tech companies have pushed many people into a lifestyle based primarily around convenience and efficiency, causing a loss of the city's vibrant culture and holistic spirit. This has led to a lack of resistance towards corporate control and an increased acceptance of digital systems, pushing many small informal economies out of existence or forcing them to conform to new standards, like becoming „cashless.“ 4. The outside - referring to the non-commercial values that contribute to a city's charm - seems to be diminishing as more Londoners fall under the influence of techno-feudalism. As people become increasingly dependent on digital platforms and their associated conveniences, they tend to lose sight of alternative perspectives or ways of living. 5. Ultimately, the city of London is facing a transformation where its residents are being gradually assimilated into the dominant economic culture, which prioritizes efficiency and convenience over individuality and authenticity.
How to: Run a DOS-based Web Server (seriously):
A lawsuit against the Internet Archive could have major ramifications for digital media archives, content publishers and the future of internet services. Four major book publishing companies filed a lawsuit against the Internet Archive, arguing that their „Controlled Digital Lending“ program distributes copyrighted works without permission. The judge in this case ruled that Internet Archive's copying of copyrighted print books to provide digital copies was infringement and not covered under fair use. This ruling endangers the entire archive due to potential damage claims and legal expenses. Although libraries have digital lending systems, this specific lawsuit targets the Internet Archive as a whole for their program. If the current course continues, it could lead to legal liabilities for the whole organization, causing it to potentially shut down or face difficulty in archiving cultural materials.
Beeper’s esoteric fix for iMessage access suggests why it’s pushing politically:
The Beeper app lost its initial connection with iMessage after Apple began pushing back against it less than a week after its launch. Since then, Beeper has continued to revise its approach in efforts to access Android and desktop platforms. Its newest method requires regular access to a physical Mac, which could be problematic for the company due to limiting the market. As a result, Beeper has incorporated a political aspect into its efforts. The app's co-founder advocates for turning insecure SMS messages between iPhone and Android users into end-to-end encrypted chats. Recently, a bi-partisan group of US lawmakers sent a letter to the Department of Justice regarding Apple's potential anti-competitive treatment of Beeper. To resolve the issue, Beeper has introduced a solution that requires access to a Mac computer or help from a friend on Beeper with a Mac. This new approach will be available for both the Android app and desktop apps, though occasional data re-generation on the Mac is needed approximately once per week or month.
Tell HN: Microsoft.com added 192.168.1.1 to their DNS record:
A user named indosauros posted on Hacker News that Microsoft.com had added 192.168.1.1 to their DNS record, which raised concerns about potential security implications. This led to a discussion among users about the possible risks and consequences of such an action.
Some users speculated that this could have been due to a mistake or oversight in Microsoft's internal processes for managing their DNS records. Others discussed the possibility of it being a targeted attack, although most agreed that it was likely unintentional.
The conversation also touched on how this incident highlights the importance of implementing proper safeguards and checks within organizations to prevent such mistakes from happening. Some users shared personal experiences or anecdotes related to similar incidents in their own work environments.
In response to the thread, a user named kotaKat claimed to know someone who works at Microsoft and was made aware of the issue, leading to changes being reverted. This comment generated some humor among other users.
Overall, the discussion revolved around understanding the potential risks associated with this incident, speculating on how it could have occurred, and emphasizing the importance of robust security measures in managing DNS records.
Cory Doctorow: What Kind of Bubble is AI?:
The article discusses how AI is a technology bubble similar to tech bubbles in the past such as dotcom, cryptocurrency, or the financial crisis. While some of these bubbles have left little behind after they burst, others have yielded valuable resources like the residue of millions of young technologists who emerged from dotcom companies. The author speculates that when AI's bubble pops, it may leave small models that run on commodity hardware and people more knowledgeable in statistical analysis and machine learning. However, the overall success of these outcomes remains uncertain due to the high costs of creating and maintaining big, complex AI models.
New Study: At Least 15% of All Reddit Content is Corporate Trolls Trying to Manipulate Public…:
A Pew Research Center study from 2018 discovered that over 10% of Reddit users had encountered corporate trolls attempting to promote products or services. A Computers in Human Behavior study revealed that 15% of the top 100 subreddits contained content likely posted by corporate bots, aimed at showcasing positive news articles and influencing public opinion. Both studies emphasize how these tactics can spread misinformation and manipulate opinions, presenting a growing challenge for platforms like Reddit to address.
The article provides an overview of the process involved in creating a floppy disk driver for 3.5„ floppies using a teensy4.0 device. It elaborates on the structure, working mechanism, and pin functions of such drives. The project involves understanding the bit-banged communication process used by these devices and developing a driver code to read/write from them. It also details various commands like index, drive select, motor on, step, write data, etc., while highlighting their specifications and timing requirements. In addition, the structure of sync barriers, sector and track metadata is explained for effective communication with floppy disks. The article provides a list of additional resources to further explore floppy disk formatting, drive pin-outs, MFM encoding, and related projects on GitHub.
Making my own Bed Sensor — Home Automation Guy:
A user created „bed sensors“ using pressure mats to detect weight on the mattress for a smart home. These sensors helped them manage home automation more efficiently and prevent unwanted triggers. The bed sensors used pressure switches, Aqara Leak Sensors, or ESPHome devices. To build the pressure sensor using Aqara Leak Sensor, connect it to the preferred smart home platform and change its Show As from „Moisture“ to „Occupancy.“ For an ESPHome device, wire it up properly, install ESPHome firmware, configure it as a bed sensor on Home Assistant, and adjust filter settings for accuracy. Combining two sensors can result in more versatile automations, like turning off ceiling lights or switching to Night Mode.
The day I started believing in Unit Tests:
A new embedded software engineer created a Unit Test project, initially dismissing its importance, until a bug in the test framework led to an error that they then found everywhere else in their codebase. This experience highlighted the value of Unit Tests as they raised overall code quality and prevented further issues. The author learned to try development methodologies rather than dismiss them based on initial assumptions and recognized the benefits of thorough testing.
I’ve vastly misunderstood the Single Responsibility Principle:
The Single Responsibility Principle (SRP) states that each class should have a single purpose and only one reason to change it. However, understanding of this principle evolved upon reading Parnas's article on decomposing systems into modules with decision hiding in mind. Robert Martin later clarified the SRP by stating that the module's behavior should be the responsibility of a single actor rather than having a single reason to change per module. This approach combines better with Parnas's principle, and emphasizes that changes are requested by a single or tightly-coupled group representing specific business functions. The article highlights the need for more attention towards knowledge transfer in software engineering as misinterpretation of principles can occur despite clear contradictory evidence.
Can Freshwater Tanks Beat Batteries for Energy Storage?:
Desalination using reverse osmosis, a common technique for producing drinking water in dry areas, requires significant amounts of electricity. Recent research shows that by utilizing hybrid energy grids with both renewable and fossil fuel sources, it is possible to efficiently desalinate saltwater while ensuring cost-effectiveness. Coordinating the timing of freshwater production with renewable energy peaks can offer financial benefits, making it more economical than storing excess energy for later use. This approach would be most advantageous in regions transitioning from 100% fossil fuel grids to hybrid systems and could help optimize their desalination processes.
How to Be Great? Just Be Good, Repeatably:
This article discusses the idea of greatness from a different perspective, not focusing on sudden success but rather on a sustained journey involving small wins and consistent effort over time. It emphasizes how people often aim for instant success rather than taking the long road to achieving something through habitual progression. The text outlines three main aspects for becoming „great“: consistency, intention, and habit progression. Consistency in actions brings about a series of incremental improvements and learning opportunities over time. It also stresses on being intentional with our goals and how they can be achieved. Lastly, developing a habit of progression includes the idea of iteration - testing things repeatedly to find what works or doesn't - and then turning that into habits through deliberate practice. The article encourages people to reframe their views about 'greatness', by focusing on being good consistently rather than searching for perfection. It also recommends a few books related to personal development, which can be beneficial in this journey.
The article discusses the deep appreciation for Ruby programming language despite its declining popularity in recent years. The writer highlights various aspects that make Ruby unique and enjoyable, including its focus on programmer happiness, expressiveness through metaprogramming features and cultural idioms, embracing domain-specific languages (DSLs), and how the language caters specifically to many Rubyists' thought processes. A strong sense of community within the Ruby ecosystem is also emphasized as a major contributing factor to its success. The article seeks to explore why people love Ruby and encourages readers to share their own personal reasons for loving the programming language.
Improvements Since the 1990s · Gwern.net:
This article is a reflection on the improvements in quality of life since the 1990s, focusing on technology, society, food, and more. It highlights advancements such as computers becoming more affordable and powerful, the internet's impact on communication and information access, the democratization of travel, and improved car safety features. The article also touches on societal changes like a decrease in crime rates and the shift towards healthier lifestyles.
The author acknowledges that while progress is often debated in terms of big achievements, it's important to recognize the small improvements in everyday life too. These incremental changes add up over time and greatly enhance our quality of life. The article concludes by emphasizing how far we've come since the 1990s and expressing optimism for future advancements.
Ram, Tesla and Subaru Have the Worst Drivers | LendingTree:
A recent analysis conducted by LendingTree examined insurance quote data from QuoteWizard to determine which car brands had drivers with poor driving records. The study found that Ram had the worst drivers, followed by Tesla and Subaru, as their drivers had incident rates above 30 per 1,000 drivers. On the other hand, Mercury had the best-rated drivers with 50% fewer incidents than those of Ram. The research considered incidents like accidents, DUIs, speeding, and citations. These factors can impact insurance premiums, fines, license suspension risk, and availability of affordable car insurance policies. Responsible driving habits lead to better outcomes for individuals and society at large.
She Gave a Hotel a Mediocre Review. Then Came the Badgering:
In conclusion, online reviews have become an integral part of our economy, helping consumers make informed decisions about products and services. However, they are not always as trustworthy as they seem due to manipulation by businesses seeking high ratings for financial gain. This article shares several examples where individuals were pressured or incentivized to leave positive reviews, highlighting the need for stricter regulations and increased transparency in online review systems.