Links für 2023 KW 52
Meine „Wollte ich noch Lesen“-Liste, zusammengefasst von Neural Chat.
The article introduces an OpenStreetMap app that allows users to search and explore various locations worldwide. Based on data from millions of contributors, it offers a user-friendly interface with editing options and includes features like map layers and POI editing. Future updates may include navigation and favorite places management. Contributions and suggestions can be made through Github while the app benefits from Mapillary, Fody, Wikipedia, OpenStreetMap, MapTiler, and project support for images and maps.
American Cars Are Huge And Unsafe, But Automakers Don't Want The Simple Solution:
This article highlights the growing size of cars and their increased impact on accident fatalities compared to smaller vehicles. While automakers focus on complex technological solutions to reduce accidents, one simpler option is to make cars smaller. The chief engineering and technology officer for Stellantis, Ned Curic, discussed this issue in an interview but didn't specifically suggest making cars smaller for the US market. Instead, he emphasized advancing active safety using smart vehicle features enabled by sensors and cameras. However, these technological solutions may add to repair costs, data security risks, and initial purchase prices, raising questions about whether they truly ensure car safety.
“You can’t do that because I hate you.”:
In this article, a programmer expresses frustration with programming tooling and software that lacks intuitive functionality or gives unclear instructions. The author discusses several instances of complex interactions with programming tools like Python, Rust, and Cargo that led to confusion or failed attempts at using specific features. This experience has made the programmer feel disrespected by developers and highlights the need for better support, guidance, or simplification in tooling design.
Using Alpine can make Python Docker builds 50× slower:
Alpine Linux is often recommended as a base image in Docker images because it makes images smaller and speeds up builds. However, when using Python applications, it can cause various issues such as slower build times, larger image sizes, and potential runtime bugs due to the difference between musl and glibc C libraries. To get around these issues, one might consider alternatives like Debian-based base images or Alpine Edge, which includes more up-to-date packages. Overall, it is not recommended to use Alpine Linux as a base image for Python applications due to the drawbacks mentioned above.
It's time to put REST to rest:
REST (Representational State Transfer) remains widely used in HTTP APIs today, but a recent article argues that it is fundamentally flawed. The author suggests that instead of manipulating data structures, HTTP APIs should focus on business-specific operations to make them easier to understand, use, and maintain. A new approach involving commands and queries for these operations has been proposed as an alternative to traditional RESTful API design methods. This method could offer benefits such as simplified validation, improved batching capabilities, and better differentiation between HTTP protocol errors and application-level results. The author concludes that focusing on business operations rather than data structures can significantly enhance the overall effectiveness of an HTTP API.
Lyrongolem discusses his experience with „Ultra-BS,“ a technique used in debate where one creates arguments that are obviously illogical but still coherent enough to confuse or overwhelm opponents. This technique relies on the fact that most people don't have sufficient knowledge on the subject matter and therefore won't be able to refute it effectively. The idea is to craft complex logical structures with seemingly reasonable premises, even if they are not provably true. This allows debaters to maintain a perceived credibility and control over the narrative without actually providing factual evidence or substance.
This article discusses a real-life scenario where two skilled programmers led their respective frontend and backend development teams in a project but ended up causing problems to the overall progress due to their focus on advanced technologies and complex solutions. Their actions resulted in a disjointed product, leading to a high turnover rate among developers, increased costs, and difficulty in refactoring the code in the future. The author proposes potential solutions like simplified languages, agile methodologies, and DevOps practices to tackle this issue and promote better collaboration within teams.
In 2004, during a natural history lecture, the professor presented a painted turtle hatchling as an example of cold-blooded animals' ability to survive freezing. The concept of being cold-blooded relates to these animals adapting their metabolism to match environmental temperature, unlike warm-blooded animals like humans which maintain stable body temperatures. This analogy is also applied to software projects, where cold-blooded ones use stable technology and rely less on external services, making them more resilient over time. The author shares an example of a cold-blooded project powering their blog, demonstrating the benefits of this approach in maintaining functionality for years without modifications.
37C3: Unlocked - media.ccc.de:
This article compilation covers various topics including hacking, technology, security, space exploration, digital forensics, reverse engineering, and more. It includes discussions on Polish trains' digital rights management, iPhone research projects, space communications, open source software development, assistive technology for the visually impaired, and railway communication protocol security.
Hochwasser an der Enz: Land unter bei Oberriexingen:
Die Ortseinfahrt nach Oberriexingen im Kreis Ludwigsburg ist seit Montag gesperrt, weil die Enz über ihre Ufer getreten ist. Warnungen für weitere Überschwemmungen in der Region gab es bereits früher, und die Lage könnte weiter verschlechtert werden. Eine Durchfahrt erfolgt auf eigenes Risiko. Auch der Busverkehr kann beeinträchtigt sein. Am frühen Dienstagmorgen scheint es ruhig zu gewesen sein, aber nachfolgende starker Regen führte wieder zu einer Ansteckung des Enz-Pegels.
This study investigated the neurological complications associated with COVID-19 infection by measuring levels of brain injury markers, inflammatory mediators, and autoantibodies in participants at different stages of the disease. The results showed that these markers were elevated during both the acute phase and convalescent phases, particularly in those who had experienced a neurological complication of COVID-19. This suggests an ongoing neuroglial injury related to a dysregulated immune response following SARS-CoV-2 infection, potentially identifying targets for therapy.
The author describes their frustrations with various products that cease functioning soon after purchase. Despite a citrus juicer from the 1940s lasting for decades, coffee grinders, appliances and other goods often stop working after just one year or have low quality from the beginning. The article discusses potential causes for this issue, including government regulations, trade arrangements with China, weak-link computer chips in items that don't require them, and a degradation of everything human. Some of the author's Twitter followers attribute these problems to environmental concerns, capitalism, or a decline in product quality over time. While acknowledging these perspectives, the author expresses a concern for the world where products are not made to endure, leading people to lose faith and interest in the future.
Outlook/Hotmail is no longer blocking my mail server:
In this article, a user shares their experience of de-listing their mail server address from Microsoft's blocklist. They ran the server on an Oracle Cloud with no cost and successfully deployed mail to major providers without any issues. However, they encountered problems when sending emails to Hotmail/Outlook users due to Microsoft blocking their IP address based on S3150 rules. The user tried multiple approaches to resolve this issue but eventually found that Microsoft unblocked their server after testing via Telnet. They emphasize the importance of defending self-hosting rights and communicating freely through email as part of the Internet's foundation.
Reindeer Sleep and Eat Simultaneously, Saving Precious Time in the Short Arctic Summer:
Reindeer are able to chew their cud and simultaneously enjoy non-REM sleep, allowing them to conserve time during their short Arctic summer when both sunlight and food availability is limited. This unique sleeping pattern helps reindeer maintain a consistent amount of sleep throughout the year without disrupting crucial eating habits needed for energy storage. Neuroscientist Melanie Furrer and colleagues found that ruminating animals display brain activity typical of non-REM sleep, helping them obtain mental benefits while they nourish their bodies. This adaptation might be essential to reindeer's survival in extreme Arctic environments as it enables the efficient use of vital resources like food and rest.
How We Turned the Tide in the Roach Wars:
A remarkable story tells of how an American invention known as Combat eradicated a major cockroach problem in the US during the 1980s. The product was so successful that it contributed to reducing the number of complaints about cockroaches by 93% within a decade. However, despite its triumph over the roach menace, Combat has since faced behavioral resistance from the insect population and is now undergoing a resurgence. While this development doesn't threaten the existence of humanity, it does raise questions regarding public health and environmental concerns associated with pesticide usage.
Yikes! The $60,000 Hyundai Ioniq 5 Battery Replacement Saga Continues:
Hyundai's Ioniq 5 is a promising zero-emission crossover SUV, offering many cool features and appealing aesthetics, but the ownership experience has its downsides. A few Canadian owners faced issues such as expensive insurance, pricy fast-charging, more frequent tire replacement needs, and lengthy repairs. Despite these challenges, EVs like Ioniq 5 do offer benefits; they can serve as home power sources with bidirectional charging or be used for powering camping gear. However, addressing issues with the high cost of replacing battery packs after minor damage to protective panels is essential for improving overall EV ownership experience and ensuring their contribution towards sustainability.
4-year campaign backdoored iPhones using possibly the most advanced exploit ever:
Researchers recently presented findings related to a four-year-long backdoor operation that infected iPhones of Russian security firm Kaspersky employees. The attackers exploited an undocumented hardware feature and four critical zero-day vulnerabilities, allowing them full control over the devices and access to sensitive data. With sophisticated tactics, the attacks aimed at devices from Apple, Macs, iPods, iPads, Apple TVs, and Apple Watches while evading advanced memory protection mechanisms. The targeting of secret features by unknown attackers raises questions about their intentions and capabilities.
This article provides a comprehensive summary of more than 30 different robots supported by Valetudo, and offers details on each robot's manufacturer, specifications, rooting process, and Valetudo binary information. It highlights various aspects that may affect the compatibility and functionality of these robots with Valetudo, including brand-specific cloud implementations and potential challenges during the rooting process. The article also lists notable hardware revisions among some robot models from various brands like Xiaomi, Dreame, Roborock, Viomi, Cecotec, Proscenic, and Commodore. The article aims to help users navigate through the technical aspects of using Valetudo with their specific vacuum robots and provide relevant guidelines for successful integration.
Docs deserve more respect — Rami James:
This article recounts the author's journey in technical writing since 1999, focusing on creating useful documentation for various projects. The writer shares their thoughts on what makes good documentation and offers concrete rules essential for a successful documentation product. They emphasize that docs should tell stories, be searchable, and form part of a larger strategy. In addition, they must be well-designed, well-maintained, targeted to the specific audience, address pain points, and evolve along with products. Documents are seen as an integral part of a product's success, impacting user experience, developer advocacy, brand perception, and overall business performance.
Ask HN: Should I medicate my ADHD?:
An individual diagnosed with ADHD as a child has been working without medication and considers their condition a superpower, allowing them to hyperfocus. Recently, they began questioning if they've been working harder than necessary and whether medication would be helpful. They seek advice from others in the same situation, balancing between maintaining their unique abilities and exploring potential aid.
10 Things Software Developers Should Learn about Learning:
The article is titled „10 Things Software Developers Should Learn about Learning“ by Neil C. C. Brown, Felienne F. J. Hermans, and Lauren E. Margulieux. It discusses various aspects of learning for software developers in light of cognitive psychology research. Here are the most important points from each section:
- Human Memory Is Not Made of Bits - Human memory is not as precise or reliable as computer memory due to its biological complexity, and it can be modified through reconsolidation when accessed. Spreading activation is a process where related information becomes conflated with target information, making recall unreliable but also contributing to problem-solving insights.
- Human Memory Is Composed of One Limited and One Unlimited System - Long-term memory is functionally limitless while working memory has limited capacity at birth, which can be expanded by chunking information together. Cognitive load (intrinsic and extraneous) should be considered when learning new skills or tools to optimize efficiency.
- Experts Recognize, Beginners Reason - Experts have an advantage in problem-solving due to their ability to recognize patterns from long-term memory, freeing up cognitive resources for higher-level reasoning. This is a result of dual-process theories where system 1 (fast and driven by recognition) contrasts with system 2 (slower and focused on reasoning).
- Understanding a Concept Goes from Abstract to Concrete and Back - The semantic wave approach suggests that learning abstract concepts requires continuous switching between the abstract definition and diverse examples, leading to deeper understanding through recognizing connections between details and the concept's definition.
- Spacing and Repetition Matter - According to the spacing effect, humans learn problem-solving concepts best by spacing out their practice across multiple sessions, days, or weeks. This allows for consolidation of information in long-term memory and reduces cognitive load while also allowing rest periods that speed up the consolidation process.
- The Internet Has Not Made Learning Obsolete - While knowledge is readily available online, memorizing it can be more efficient due to faster access and avoidance of cognitive drain from context switching or filtering out extraneous information during a search. Additionally, searching may rob the brain of the benefits of memory-strengthening effects associated with recalling information.
- Problem-Solving Is Not a Generic Skill - Although humans do have some generic problem-solving skills, they are less efficient than domain-specific skills like programming or chess. Attempts to teach problem-solving as a specific skill for various aspects of development are ineffective because these skills cannot be transferred between domains easily.
- Expertise Can Be Problematic in Some Situations - The expertise-reversal effect suggests that hints and guides designed for beginners can become more distracting than useful for experts, while the expert blind-spot problem indicates difficulty in seeing things through a beginner's eyes once an individual becomes an expert. Tacit knowledge can also make it challenging for experts to verbalize their processes effectively when training others.
- The Predictors of Programming Ability Are Unclear - Research has shown that various factors such as gender, age, academic major, race, prior performance in math, prior experience with another programming language, and perceptions of CS do not predict programming ability accurately. Aptitude tests for programming have generally been ineffective due to poor predictive accuracy.
- Your Mindset Matters - The fixed versus growth mindset concept suggests that individuals who approach tasks with a belief in their abilities being malleable tend to persist through difficulties more consistently than those with a fixed mindset, which aligns with an aptitude view of ability as innate and unchanging. However, it's important to remember that maintaining a growth mindset can be difficult due to shifts towards a fixed mindset during setbacks or failure, but these can be overcome with practice.
The article also provides recommendations for both recruiting and learning/training in software development based on the above points.
The World’s Most Famous Cryptographic Couple:
The fictional characters Alice and Bob were invented to simplify the understanding of cryptology research. Originally introduced by authors Ron Rivest, Adi Shamir, and Leonard Adleman in their paper on digital signatures and public-key cryptosystems, they have since become central figures in various fields like game theory, quantum cryptography, physics, and economics. Initially depicted as abstract characters, they were later personified through images that often portrayed them in heteronormative and gendered ways. The ubiquitous presence of Alice and Bob has led to their use in pop culture with references found in music, comics, and digital media. As more females enter these fields, the gender dynamics surrounding these characters have also evolved, resulting in different interpretations of their fictional lives and relationships.
Multicellularity arose several times in the evolution of eukaryotes:
Here's a summary of the key points made in the article:
1) The study focuses on Dictyostelium discoideum, which is a model organism that provides insight into the origins of multicellularity, sociality, development, and cell biology.
2) Dictyostelium is used as a model for animal multicellularity because many key features are shared between the two, such as cell adhesion, communication and signaling, differentiation, and development. Despite deep evolutionary divergence, many genes crucial to these processes in animals are found in Dictyostelium.
3) The authors argue that while there are structural and molecular similarities between animal multicellularity and Dictyostelium's form of aggregation-based multicellularity, this does not necessarily imply a common ancestral origin for the two forms of multicellularity. Instead, they suggest that these similarities may be due to independent convergence or co-option of similar mechanisms across deep evolutionary time.
4) The authors conduct phylogenetic analyses on α-catenin and β-catenin proteins, which are involved in cell adhesion and signaling in both Dictyostelium and animals. They find that while there is some evidence for convergence between the two organisms at the molecular level (e.g., similar functions performed by different protein homologs), this does not support a common ancestral origin of multicellularity for Dictyostelium and animals.
5) The authors suggest that the widespread distribution of genes involved in multicellularity across unicellular organisms supports the view that these genetic tools were already present in microbial lineages but co-opted for new purposes within multicellular organisms, rather than arising at the base of the Metazoa as was previously thought.
6) They conclude by emphasizing the importance of acknowledging and studying the diversity and complexity of unicellular eukaryotes when making deep evolutionary inferences about the origins of multicellularity in animals like humans.
Moderna’s mRNA cancer vaccine works even better than thought:
Adding Moderna's in-development cancer vaccine to standard treatments for melanoma significantly reduces survivors' risk of death or recurrence. The vaccine instructs the body to make proteins unique to cancer cells, preparing it to quickly attack new cancer cells and preventing recurrences. Combining the vaccine with Keytruda, a Merck FDA-approved treatment, has reduced high-risk patient chances of recurrence or death by 49% in a median of three years after treatment, compared to Keytruda alone. The companies have launched phase 3 trials with over 1,000 participants for the combination cancer therapy and intend to launch it under accelerated approval by 2025 if successful.
TODO
Cognitive biases are systematic patterns of deviation from norm and rationality in judgment, often involving mental shortcuts that can affect belief formation, reasoning processes, decision-making, and human behavior in general. These biases include anchoring bias (overreliance on one trait or piece of information), apophenia (perceiving meaningful connections between unrelated things), availability heuristic (overestimating the likelihood of events with greater „availability“ in memory), cognitive dissonance (the perception of contradictory information and mental toll that results from it), egocentric bias (reliance too heavily on one's own perspective), extension neglect (ignoring relevant information in decision-making processes), framing effect (drawing different conclusions based on how information is presented), logical fallacies like Gambler's fallacy and Berkson's paradox, prospect theory involving biases such as loss aversion and status quo bias, self-assessment biases including Dunning–Kruger effect and Illusion of explanatory depth, truth judgment biases like belief bias and the Illusory truth effect, association fallacies (attributing greater accuracy to authority figures), attribution bias (overemphasizing personality-based explanations for others' behaviors), conformity biases (going along with popular opinions or trends), ingroup bias (Preference for members of one's own group over those outside), and memory biases like misattribution errors, conservatism or regressive bias, consistency bias, serial position effect, and spacing effect.
Rescuing the Druid Halsin - Baldur's Gate III Guide - IGN:
Wondering how to get rid of a pesky parasite? Rescuing Halsin could be just the key. This Act One quest is part of the Finding a Cure main storyline and takes you through tricky battles and challenges to potentially find the cure for your party. You'll work your way through many locations, including Emerald Grove, The Blighted Village, Goblin Camp, Pits of the Goblins, Worg Pens, Moonrise Towers, and eventually, the Mountain Pass. Along the journey, you'll meet fascinating characters such as Aradin, Guard Gurgon, One, Two, and Three, Raphael, Minthara, Priestess Gut, Halsin, Nettie, Zevlor, Kagha, Rath, and various enemies like Worgs, Goblins, Skeletons, Treespeakers, Fungal Titans, and the Absolute. Following a series of events to rescue Halsin and take down several leaders like Drog Ragzlin, Minthara, and Priestess Gut, you may come closer to discovering the cure for your parasite-ridden party members. Through the mission's ups and downs, you will experience a mix of encounters - some tougher than others but all critical steps towards locating a solution. Remember to utilize your surroundings, equipment, spells, abilities, and allies to navigate these challenges, keep your goals in mind, maintain your party's health and morale, and most importantly, stay persistent.
The article mentions a product from Waldviertel, Waidhofen an der Thaya that cannot be delivered to the chosen country at this moment, with its price being €59.00 (including tax). Sharing it on Facebook and sending via email are also mentioned. However, there is a statement about a specific issue saying „not available,“ while another individual says they don't have it, implying unavailability of the product for them too.
Donald E. Knuth: 30 Jahre Weihnachtsvorlesungen frei verfügbar:
Die Stanford University hat alle Weihnachts-Vorlesungen des Informatik- und Mathematikexperten Donald E. Knuth auf YouTube veröffentlicht und in einer Playlist organisiert. Hinzu kommen 22 Videos aus der Aha-Serie, die sich mit mathematischen Problemstellungen beschäftigt, und weitere 17 Videos über den Textsatzsystem TeX. Knuth erhielt 1974 den Turing Award für seine Arbeit an Algorithmen in seinem Werk „The Art of Computer Programming“. Der Playlist ist zugänglich unter https://www.youtube.com/playlist?list=PL53D2D2F669CD4B80
Herkunftsnachweise: Ökostrom darf wieder zweimal verkauft werden:
Dieser Artikel erzählt von den Problemen mit dem System der Herkunftsnachweise für erneuerbaren Strom in einigen europäischen Ländern, insbesondere Island und Norwegen. Aufgrund eines Doppelanrechnungssystems können Unternehmen, welche aufgrund dieser Anrechnungen keine kostroffizienten Emissionsbilanzen besitzen, die Herkunftsnachweise erwerben. Aufgrund der fehlenden Kriterien für eine Zustzlichkeit des Stroms bei einem Kostromkunden wurde das System von verschiedenen Seiten in Frage gestellt. In Norwegen ist dieser Umstand im Grunde akzeptiert und es gibt kaum Kontrolle, ob Unternehmen tatsächlich nur erneuerbaren Strom verwenden oder Herkunftsnachweise beziehen. Dieser Missbrauch des Systems wird allerdings nicht als wesentliche Problematik angesehen. Im Gegensatz dazu besteht in Deutschland eine Exportstoppfr Doppelanrechnungen von erneuerbaren Strom, die wiederum aber aufgehoben wurde. Der Isländische Energieminister hat 2021 behauptet, dass sich die norwegischen Regeln entsprechend anpassen werden, um dieses Problem zu lösen. In Deutschland hingegen wird bei Frderprogrammen auf Herkunftsnachweise gesetzt, wobei jedoch in Norwegen ein anderes System angewandt wird: Industrieunternehmen können sich dort Kosten für indirekte Kohlendioxidemissionen ausgleichen lassen, die etwa durch den europäischen Emissionshandel anfallen, und dies ist an eine bestimmte Menge erneuerbarer Energie gekoppelt. Aktuell ist der Ausbau von Wasserkraftwerken in Island hin zum Betrieb mit grner Strom in Gang, wobei die Herkunftsnachweise dazu beitragen sollen, dass diese Anlagen erneuerbar bleiben. Die isländische Regierung hat Pläne, um 2040 nur noch mit erneuerbaren Energien zu produzieren, woran die Verwendung der Herkunftsnachweise maßgeblich beteiligt sein könnte. Die kostenfreie Versorgung von Aluminiumherstellern in Island und anderen Ländern mit erneuerbaren Energien wird nicht durch Herkunftsnachweise erzeugt, sondern durch den Ortshaftungsprinzip im Rahmen des Vertrags über die Arbeitende Gemeinschaft (ACG). Die AIB hat eine Reihe von europäischen Ländern, darunter Deutschland, Österreich und die Schweiz, 2017 gesperrt, um Herkunftsnachweise für erneuerbaren Strom einzuführen. Die Sperre wurde jedoch bereits nach kurzer Zeit wieder aufgehoben, allerdings ohne Kritik aus dem Umweltbundesamt, das 2018 die Aktivitäten des deutschen Bundesministeriums für Wirtschaft und Klimaschutz beklagte.
This article highlights a collection of resources for the Flipper Zero device, including FAQs, databases and dumps, applications and plugins, firmware options, graphics and animations, various modules and cases, off-device tools, notes and references, tutorials on using the device and troubleshooting, a community wiki, disassembly guides, related projects, alternative applications, and more. It emphasizes that it is not affiliated with Flipper Devices Inc.
A cybersecurity incident at Washington-Liberty High School led to disrupted classes and a police investigation. A student used an electronic device within the school, causing nearby iPhones to turn off. The student was identified, but no charges have been sought yet as investigations continue. Arlington Public Schools shared tips on general cybersecurity measures to maintain device security.
Stupid Patent of the Month: Selfie Contests:
This article expresses concern over software patents, particularly those related to online contests. The Electronic Frontier Foundation (EFF) argues that such patents, like Patent No. 8,655,715 held by Opus One's company „Contest Factory,“ claim ownership of basic human activities and harm people's rights to participate in online culture. Contest Factory has filed lawsuits against several companies over their involvement in various online contests, asserting patent infringement on everyday use of computers and voting processes. The article highlights the issue of software patents harming digital freedoms and challenges these practices at both the patent owner and government levels.
This article discusses a forgotten war of the past which has shaped modern computing. It explores the differences between Lisp and Smalltalk machines in their prime. These were powerful computers with unique development environments that could edit live code on the fly, making them more dynamic than today's computers. The article dives into how these systems lost to simpler solutions like the Unix system. Despite these complex systems being less efficient and more fragile, they held advantages over contemporary technology at their peak. The article ends by reminding readers of a time when computing was much different, and how the choices made then have left their impact on today's digital world.
Is software getting worse? - Stack Overflow:
In this article discussing the state of modern app development, various opinions are presented on why apps have become larger, slower, and more bug-prone over time despite recent advances in hardware capabilities. A significant factor is said to be the lack of focus on software quality as compared to feature delivery. The market environment for consumer software is also pointed out as a major contributing issue, where users expect free or low-cost apps while software creators rely on other revenue streams, leading to bloated and slow-running apps. Despite this current situation, the author remains hopeful that in the future there will be more emphasis on efficiency, technical debt reduction, and improved economic exchange in the app development industry.
The dark side of social media on youth mental health:
In May 2023, the U.S. Surgeon General issued a public advisory highlighting the links between social media and youth mental health issues due to conventional beauty standards. Research shows that media content can lead to mental illness, disordered eating, and body image dissatisfaction in both men and women across different communities. Social media is suspected to play a role in worsening young people's mental health, with studies pointing out its impact on diet and exercise patterns. While social media has benefits, such as connecting with supportive communities, the use of social platforms contributes to unrealistic expectations and negative effects on mental health. These factors contribute to the development of eating disorders. Toxic beauty content includes promoting cosmetic procedures, pro-eating disorder content, clean eating posts, and false sense of connection for weight loss and appearance change. To tackle this issue, policy changes may include increased social media company transparency, child data privacy standards, and tax incentives discouraging companies from manipulating images. Families can reduce their screen time by creating phone-free zones, while adults can model healthy social media behaviors and encourage children to focus on building connections and engaging in meaningful activities.
Baldur's Gate 3: How To Level Up Fast:
In Baldur's Gate 3, XP plays a critical role in leveling up characters and enhancing their abilities. The game follows a similar experience system to most CRPGs and Fifth Edition D&D. Players earn XP through defeating enemies, completing quests, and exploring the world. Level progression is generally consistent in each Act, with varying levels of difficulty. Combat remains the primary source of XP in the game, followed by questing. Inspiration also grants XP for performing actions related to a character's background. Players should focus on leveling up through various sources while prioritizing side quests and exploring during their playthrough.
In Baldur's Gate 3, manche Missionen können von kleineren Entscheidungen beeinflusst werden. Wenn Spieler nicht vorsichtig sind oder übersehen einfache Details, kann dies zu unerwünschten Folgen führen wie zusätzlichen Inhalten sperren oder Charaktere sterben. Beispiele für solche Missionen sind das Smaragd-Ritual, Bardin im Smaragd-Hain und die Harpien am Strand. Die Komplexität des Spiels kann zu ungeplanten Zeitkonsequenzen führen. Es gibt auch Hinweise darauf, dass es weitere verborgene Faktoren geben könnte.
Electricity That's Too Cheap To Meter:
The article highlights the challenges in making nuclear power affordable and its failure to live up to expectations as a cheap, safe, and clean source of energy. Construction and decommissioning costs for nuclear power plants remain high compared to their electricity production cost. In contrast, renewable energy sources such as wind power have provided an abundance of electricity at times leading to consumers being paid for their usage. While the world still requires base-load electricity sources, renewables offer promising alternatives that may one day make a significant contribution to global energy needs.
Baldur's Gate 3: Tipps, Tricks und Lösungen im Anfänger-Guide:
Baldur's Gate 3 has a complex story that revolves around the characters and their journey through different lands while also dealing with various plot twists, challenges, and enemies they encounter along the way. The game features numerous quests where players need to make crucial decisions that impact the plot. Furthermore, it offers various character customization options, allowing players to create their own unique protagonist tailored to their personal preferences. Combat in the game is turn-based, with a heavy focus on strategy and making use of different classes' special abilities. Players can also interact with the environment, using elements such as fire, wind, and earth to their advantage in combat situations. Additionally, the game features an intricate crafting system where players can create new items or upgrade existing ones using materials they gather through exploration. The relationship between characters is another important aspect of the storyline, with several romance options available for players to explore. Overall, Baldur's Gate 3 provides a rich and immersive gaming experience that challenges players on both strategic and emotional levels.
x86 Assembly Language Programming with Ubuntu:
This article discusses how to use the x86-64 instruction set within the context of University level assembly language and systems programming courses. Emphasizing its applicability on popular processors, it focuses on using the Ubuntu 64-bit Operating System. Although the provided code is designed for testing in various Linux-based 64-bit OSs, it has specifically been tested with Ubuntu versions 14, 16, and 18 LTS. The x86 programming text and examples are available in PDF format.
Constellations are Younger than Continents:
The song Bold Orion wrongly claims that constellation Orion has witnessed the rise and fall of continents; however, continental changes occur over timescales of tens or hundreds of millions of years, while stars have lifetimes in billions of years. Constellations are patterns formed by stars in our night sky, with most being distant from each other, gravitationally interacting only if part of stellar associations. The constellation Orion is an unusual case, as its seven brightest stars appear to move slowly within the constellation due to their association; they're young and large, meaning they have short lives. Orion will last longer before its bright stars burn out and turn supernova. Constellations change with time, but not on a scale that allows observing continental movements.
This article lists notable names, mostly consisting of entertainers and athletes, along with some brands. A summary would be hard to create without the context of the original article or knowing its purpose. However, these people and entities are seemingly being connected in some way, possibly implying connections, comparisons, or tributes within a particular field (entertainment, sports), or simply as part of a larger list.
Test Smarter, Not Harder: Focus on Outcomes, Not Outputs:
In product management, understanding the distinction between output and outcome is crucial. Output refers to the direct results of our efforts while outcome focuses on delivering valuable results that matter to customers and align with overall business goals. When it comes to testing in software development, efficiency and streamlined processes should be prioritized over focusing solely on output metrics like test numbers or code coverage. By adopting a balanced approach, tests can help accelerate the journey towards building better software more efficiently.
Copy, Acquire, Kill— How Meta could pull off the most extraordinary pivot in tech history:
This article suggests that Meta's sudden interest in ActivityPub and Mastodon seems to be part of a longer-term plan. A theory posits that Meta's objective behind the Threads-to-Mastodon initiative may be related to App.net, a previous microblogging platform that tried to compete with Twitter. The idea is for Meta to create a platform like Threads.net, which would offer interoperability, content ownership, and revenue share programs for smaller developers. This could lead to a significant shift in the social media landscape if successful. However, various challenges remain. The article discusses potential motivations behind this plan, including anti-trust concerns, regulations, and monetization strategies.
How to run a small social network site for your friends:
Running your own social network site can provide you with control over the platform's rules and policies, as well as the ability to modify its software according to your community's needs. It involves a lot of work in terms of managing the server, maintaining the codebase, and ensuring that the community remains cohesive through group activities and shared norms. While it can be challenging, it also offers unique opportunities for building a tailored online environment that aligns with your values and those of your community members.
Cheapest and Most Expensive Appliances to Run Each Year:
In 2022, global energy prices increased by 60% due to the Russia-Ukraine conflict, causing many households worldwide, particularly in the US, financial strain. As predicted, prices are expected to fall by 11% in 2023, leaving people still struggling with high electricity bills. In the US, electricity costs vary across different regions: West - $0.18/kWh; Pacific - $0.25/kWh (Los Angeles); South - $0.15/kWh; Northeast - $0.16/kWh; and Midwest - $0.14/kWh. Air conditioning usage leads to the highest energy consumption, costing up to $1,062 per year in the US. Meanwhile, LED light bulbs are the most economical to run at an estimated monthly average of $0.29. Factors such as remote work can also contribute to higher energy bills. By focusing on areas like swapping air conditioners for fans, using energy during off-peak times, and reducing hot water consumption from household appliances, households can potentially save money on their energy bills.
A simple theory of cancel culture:
The article examines cancel culture as a phenomenon influenced by social media rather than political or cultural factors. It focuses on the increased ability of people to recruit third parties for conflicts, escalating them beyond private issues. Cancel culture leads to the magnification of minor violations and the intimidation of individuals and institutions that were previously unaffected. However, there is hope for positive change as senior administrators become more accustomed to online mobs, and younger generations learn how to efficiently translate their online dominance into real-world political effectiveness. Overall, cancel culture has its challenges but may eventually lead to a better understanding of conflict management on social platforms.
Your Car Is Tracking You. Abusive Partners May Be, Too.:
A woman in the US discovered her estranged husband was tracking her movements using a connected car app after she fled their home due to abuse. Christine Dowdall found out about this service, mbrace from Mercedes-Benz, when she noticed unusual messages on her vehicle's display screen. Despite trying to remove his digital access to the car several times, Dowdall could not do so as her husband had a better credit score and they shared loan and title of the car. Both Mercedes and Tesla have faced lawsuits related to controlling partners using connected cars for harassment.
Public Domain Day 2024 | Duke University School of Law:
The article you provided is about Public Domain Day 2024, which celebrates the entry of thousands of copyrighted works from 1928 into the public domain on January 1st, 2024. This includes books, plays, films, musical compositions, and sound recordings that can be freely used by anyone without permission or fee. The article also discusses the impact of copyright term extensions and how they have led to a shrinking global public domain.
The following are some key points from the article:
- On January 1st, 2024, works from 1928 will enter the US public domain after a 95-year term of copyright protection. This includes famous works such as D.H Lawrence's „Lady Chatterley's Lover“ and Bertolt Brecht's „The Threepenny Opera.“
- The entry into the public domain allows for greater creativity, access to cultural materials that might otherwise be lost or forgotten, and learning from both joyful and sobering aspects of our history. It also provides material for artists and writers to build upon and inspire new works.
- However, many older works are not commercially viable anymore and have been locked away due to copyright restrictions, leading to the loss of a significant part of our cultural heritage. This is particularly true for silent films from the 1920s, where preservation efforts were hindered by long copyright terms.
- The article also highlights the complexity of copyright law and how difficult it can be for users to determine what material is free to use without legal liability. It emphasizes the importance of a clearer system that would benefit artists, citizens, and entrepreneurs alike.
- Despite the consensus among policymakers, economists, and academics that lengthy copyright extensions impose more harm than good, countries continue to extend their copyright terms due to trade deals that require harmonization. This leads to an irrational transfer of wealth from the public domain to a small subset of rights owners.
- The article also mentions the existence of „invisible public domain“ works that may already be in the public domain due to non-renewal or failure to comply with formalities required for copyright protection, but are still considered copyrighted due to practical barriers such as difficulty finding relevant copyright information.
- Finally, the article concludes by expressing a bittersweet sentiment about the celebration of Public Domain Day - while it is a cause for joy and gratitude for the new works entering the public domain, there is also regret over the unnecessary losses caused by long copyright terms that lock away millions of older works from future creators and the public.
In summary, Public Domain Day 2024 marks an important milestone in allowing greater access to our cultural heritage while highlighting the need for a more rational and efficient system governing our collective culture.
Email addresses are not good 'permanent' identifiers for accounts December 30, 2023:
The article discusses using email addresses as permanent identifiers within a system. While it may seem logical due to their widespread usage, this approach has limitations. People's email addresses change frequently, and organizations are not legally obligated to maintain these changes. Using email addresses exclusively for account recovery can lead to problems if they become nonfunctional or get reassigned. It is better to have an independent internal identifier that remains constant throughout a user's account lifecycle.
Instant Messaging: Protocols are “Commons”, Let’s Take Them Seriously / ProcessOne:
An article discusses the lack of an open and universally accepted exchange protocol in instant messaging, still prevalent thirty years after its emergence. The Jabber/XMPP protocol, which aimed to enable communication between messaging platforms, has been overshadowed by proprietary messaging services that leverage internet giants' power. XMPP and the newer Matrix protocol are examples of open protocols, but both have failed to break this barrier, despite their potential in interoperability. This situation highlights the importance of collaboration in digital communication through an open foundation that allows healthy competition. Despite France promoting a secure messaging service called Olvid, it is proprietary and does not promote interoperability, making it less significant in the global market compared to standardized open protocols.
The X220 ThinkPad is the Best Laptop in the World:
The author praises the X220 ThinkPad as the greatest laptop ever made due to its near-perfect build quality, abundance of functional ports, excellent keyboard design with additional Trackpoint, competitive battery life, and high repairability level. They credit Lenovo for providing a detailed maintenance manual alongside the hardware components' simplicity. The author acknowledges that the laptop might be heavier than newer models but still considers it superior in terms of overall performance, functionality, and longevity.
Android Data Encryption in depth:
1. What is Android File-Based Encryption (FBE) and how does it work? Android File-Based Encryption (FBE) is a feature that provides encryption for individual files rather than the whole device. It uses strong crypto algorithms to protect each file, ensuring that only the correct credentials can access its contents. FBE works by encrypting each file individually and then associating it with a unique key. The keys are derived from master key for the directory tree. This approach makes it more resilient to attacks, since any single failure in decryption will not result in the loss of all data on the device. Furthermore, it enables granularity in managing access permissions for files.
### 2. What is Android Device Encryption (ADE) and how does it differ from File-Based Encryption? Android Device Encryption (ADE), previously called Whole Disk Encryption (WDE), encrypts all data on a device's storage, including system files. It protects both the user data and Android system files by using strong crypto algorithms. A key difference between FBE and ADE is that while FBE secures individual files with separate encryption keys, ADE uses only one master key for the entire disk, making it easier to manage but less resilient to attacks compared to FBE.
### 3. What are the main components of Android data encryption that this article discusses? The article focuses on File-Based Encryption (FBE) and Device Encrypted (DE) keys in a device with multiple users. The two mechanisms for authentication are Gatekeeper Trusted Application for devices without security chips, and Weaver Trusted Application when security chips are available. FBE uses a single master key derived from the directory tree while DE protects the files independently with individual keys. Gatekeeper is responsible for password validation and access management, whereas Weaver works by storing pairs of keys and values in a security chip to manage authentication.
Unsichtbare Hand des Strommarktes: Merit-Order im Detail erklärt:
Die Liberalisierung des europäischen Strommarktes führte zur Einführung der Merit-Order, einem Preisbildungsmechanismus an den Großhandelsmärkten. Sie bestimmt, wie sich der Bruttoverbrauchspreis bildet, indem sie die Einsatzreihenfolge von Kraftwerken nach ihren Produktionskosten ordnet. Die Merit-Order dient zur Optimierung der Stromversorgung und berücksichtigt nicht investitionsbezogene Kosten. Starker Bedarf kann aber zu Preissteigerungen führen, was Probleme für die Weiterentwicklung des Strommarkts erzeugen könnte.
Wir können entweder Milliardäre oder Demokratie haben. Nicht beides.:
Im Vorfeld der US-Parlamentswahlen 2024 wird auf Medienexperten warten, sieht man u. a. zu Kandidaten und deren Durchsetzungsfähigkeit, Swing States oder Wahlmannschaften sowie möglichen Wahlergebnissen. Gelegentlich werden auch Themen wie die Notwendigkeit der Ungleichheitsbeseitigung in den USA angesprochen, die jedoch nur als unvermeidbares Ergebnis unserer Wirtschaft gesehen wird. Allerdings besteht diese ungleiche Verteilung von Reichtum aus einer bewussten Planung und der Vorstellung, dass was gut für Milliardäre auch gut für die Gesellschaft ist. Ein neu veröffentlichtes Bericht von UBS zeigt, dass Milliardäre zum ersten Mal in neun Ausgaben des Berichts mehr Vermögen durch Erbfolge als durch Unternehmertum angehoben haben. Es wird vorausgesagt, dass sich diese Tendenz im nächsten Jahrzehnt festigern dürfte, da mehr als 1000 Milliardäre ihre Kinder erben werden, was dem Vermögen des gesamten Vereinigten Königreichs entspräche. Daher ist die Umverteilung des Reichtums angesichts dieser Unterschiede zentral für eine Rettung der amerikanischen Demokratie.
Preissturz bei Wohnungen und Häusern: Was Käufer wissen sollten:
Der deutsche Immobilienmarkt war im dritten Quartal 2023 von einem starken Preisrückgang betroffen, besonders bei Ein- und Zweifamilienhäusern. Expertinnen sind skeptisch in Bezug auf baldige Markterholung, da die Anzahl der abgeschlossenen Wohnbauten im Jahr 2023 erheblich weniger als 2022 betragen könnte und bis 2025 möglicherweise sogar noch weiter sinken. Obwohl Bundesbauministerin Klara Geywitz optimistisch ist, sieht das Institut für Wirtschaftsforschung eine weitere Steigerung der Immobilienpreise als nicht wahrscheinlich an. Die Zunahme des Preisniveaus in Deutschland seit 2010 sei vor allem auf Finanzspekulationen zurückzuführen, da sich die Mieten und Preise deutlich erhöht haben.
Bauern gegen Agrardiesel-Kürzung: Wie berechtigter Protest von rechts vereinnahmt wird:
Im Artikel wird die Annahme einer bevorstehenden Generalstreik-Situation in Deutschland kritisch betrachtet und aufgearbeitet, wie sie von Linksbewegungen erwartet werden könnte. Stattdessen würde ein Generalstreik eine Forderung aus der Selbstorganisation der Lohnabhängigen eintreten, ähnlich wie in der Veranstaltungsreihe „Vergessene Arbeitskämpfe“ dargelegt wurde. Der Rechtspopulistische Ansatz der Bauernproteste gegen die Haushalts- und Energiepolitik verbindet sich zunehmend mit rechten politischen Gruppen, wie etwa der AfD. Die Verbindungen zwischen den konservativen Landwirtschaftsorganisationen und der Partei waren jedoch vorher bereits bestehend, wobei auch Teile der CDU in diese Vernetzung involviert sind. Es ist klar, dass die Beteiligung von Linker Bewegungen an diesen Protesten nicht beabsichtigt ist, da das Thema keine relevante Rolle spielt und der Schwerpunkt auf dem Wettbewerb innerhalb des Landwirtschaftssektors liegt. Dennoch besteht eine Gelegenheit für die linken Gruppen, sich in diesem Umfeld besser zu verstehen, um potentiellen Verbündeten und allen Beteiligten die Notwendigkeit einer gesellschaftlichen Veränderung näherzubringen.
Milliardenverlust: S21-Kostenexplosion seit zehn Jahren eingepreist:
Der Bahnprojekt Stuttgart 21 wurde immer teurer und teurer, obwohl der Disaster schon 2013 bekannt war. Eine Kostenexplosion führte zu einem Anstieg der Ausgaben von früheren geschätzten neun Milliarden Euro auf mindestens elf Milliarden Euro mit einem „Puffer“ von 11,5 Milliarden Euro. Das Projekt sollt im Gegenzug die Kapazitäten des vorhandenen Bahnhofs verbessern, was durch eine Digitalisierung und neue Tunnelbauten erreicht werden soll. Allerdings wird berichtet, dass das Hauptprojekt länger dauern könnte als geplant, da es Fehlplanungen, Verzögerungen im Innenausbau der Bahnhofshalle und Probleme mit einem Partnerunternehmen gaben. Dadurch kann sich die Digitalisierung des Bahnknotens nicht allein um die Mängel wettmachen. Die Kosten könnten insgesamt bis in die 2040er Jahre hinausgehen, was unter Umständen zu weiteren zehn Milliarden Euro führen könnte.
CDU-Spendenaffäre: Von schwarzen Kassen, Geheimnissen und dem Erbe Wolfgang Schäubles:
Wolfgang Schuble war ein wichtiges Mitglied der Christlich-Demokratischen Union Deutschlands, einer konservativen politischen Partei in Deutschland. Er starb im Alter von 81 Jahren und war Teil des Skandals um illegale Parteispenden der CDU, die Ende der 1990er Jahre auf eine tiefe Verfassungskrise in Deutschland führte. Die Affäre war über Spenden aus schwarzen Kassen, nicht offenkundigen Geldern von Unternehmen und Einzelpersonen, die für den Wahlkampf eingesetzt wurden. Vorherrschend waren Fragen nach Transparenz in der Parteienfinanzierung und Reformbemühungen zur Verhinderung solcher Vorgänge. Die CDU-Spendenaffäre hatte tiefgreifende politische Auswirkungen, darunter Rücktritte führender CDU-Politiker und Strafverfahren gegen Schuble und andere Politiker.
Encrypted Remote Backups via rsync | Baeldung on Linux:
8. Analyzing the Encrypted Backup Scripts for Security 1. Overview
- This article describes two Bash scripts; sync.sh for making encrypted backups, and syncRestore.sh for restoring them. The scripts are designed to ensure data security by using file-based encryption tools instead of disk encryption. They can be used to create encrypted archives with rsync over ssh on a remote server while maintaining security, privacy, and flexibility.
2. Encryption Method
- Both backup and restore scripts use gocryptfs in reverse mode for the encryption process, as it provides file-by-file encryption, allowing individual files to be accessed without needing to download or recover the whole backup archive. This technique ensures minimal load on the CPU and RAM and no demand for extra space on the local disk while still providing robust encryption.
- The scripts also require a strong password to protect sensitive data and maintain data integrity with hash verification during the decryption process, ensuring that there is no loss of files or data corruption.
3. Security Considerations
The use of file-based encryption combined with rsync and ssh connections provides an additional layer of security for our encrypted backups. This method ensures:
- Data privacy: Encryption makes the data unusable to unauthorized entities, even if they gain access to the backup files or server storage.
- Protection against brute force attacks: The strength of the chosen password increases the difficulty for attackers to obtain encrypted data.
- Minimizing exposure risk: File-based encryption allows individual files to be accessed without the need to decrypt the entire archive, reducing potential exposure time.
- Continued encryption during transfer: All transfers between hosts are encrypted end-to-end as rsync uses SSH for secure connections, protecting data even if it passes through multiple intermediate servers or network components.
4. Limitations and Improvements
While the scripts provide robust security measures, there are some limitations to consider:
- Inadvertent exposure: If an attacker manages to obtain a single encrypted file from the backup, they could try different passwords or use brute-force techniques. It's crucial to choose strong and unique passwords for better security.
- Relying on SSH keys management: A successful attack on the remote server or the SSH key could lead to a breach of data privacy and encryption failure. Ensuring proper SSH keys management is essential.
- Backup consistency: When restoring backups, it's essential to ensure that the restored files are compatible with the local environment in terms of file format and system requirements. This requires careful testing before using them, possibly creating an up-to-date backup copy for emergency situations.
Improvements can be made by implementing more robust encryption algorithms or integrating end-to-end encryption solutions across data transfer, storage, and recovery stages to further enhance security.
Two kinds of threads pools, and why you need both:
This article discusses how to set up thread pools in Python for large-scale data processing and achieve optimal performance. Thread pools are beneficial for both CPU-bound and network-bound tasks. For CPU-bound tasks, you want exactly N threads running at any given time, matching the number of CPU cores. Network-bound tasks require a different approach, with the thread pool size focused on preventing hitting resource limits without reaching concurrency levels that cause other issues. In many cases, using two separate thread pools for CPU and network tasks is more effective than trying to have one pool fit all circumstances.
“Don’t Mock What You Don’t Own” in 5 Minutes:
A principle called „Don't Mock What You Don't Own“ is discussed, suggesting that when writing tests for real-world software with dependencies on third-party libraries, it should be better to mock your own objects instead of third-party ones. This approach leads to more maintainable and testable business logic code. The article provides examples on how to apply this principle using a DockerRegistryClient class in Python. It also offers alternative approaches for complex conditions involving external dependencies and discusses some related tools and libraries available for testing HTTP clients.
Fast tests for slow services: why you should use verified fakes:
Test doubles are essential for writing efficient and robust test suites, helping developers avoid the challenges posed by interacting with real APIs in their code. Verified fakes take this concept further by ensuring that fake client implementations behave exactly like their real-life counterparts through additional testing. While they require extra effort to set up and maintain, verified fakes are particularly useful when dealing with slow or expensive APIs, frequent API use within the codebase, or when handling mission-critical projects where avoiding costly bugs is paramount.
Pretend is a Python library that simplifies the process of creating stubs, an object-oriented testing technique used in writing tests. It allows developers to create pre-defined responses instead of performing computations. The library helps in ensuring that your system responds as expected for specific inputs and checks results without focusing on API implementation details. This makes it easier for programmers to concentrate on verifying the desired output rather than analyzing side effects.
37C3: Kartensperrsystem KUNO lud IT-Kundige zum Entsperren ein:
Beim Verlust oder Diebstahl einer Girokarte besteht die Gefahr, dass jemand mit der Karte Einkäufe tätigen oder Geld abheben kann. Um dies zu verhindern, gibt es zwei Sperrsysteme, den Sperrnotruf (116 116 oder App) und KUNO („Kriminalitätsbekampfung im unbaren Zahlungsverkehr unter Nutzung nichtpolizeilicher Organisationsstrukturen“). Während der Notruf nur Online-Zahlungen, Geldabhebungen und PIN-basierte Bezahlvorgänge an Terminals blockiert, stößt KUNO darüber hinaus auf Lastschriftverfahren in den meisten Verkaufsstellen des Einzelhandels. Im Falle einer Sperre ist der Gang zur Polizeistation für Girokarteinhaber jedoch immer sinnvoll. Inzwischen wurde aber auch ein KUNO-Sicherheitslücken entdeckt, wobei es bei einer genaueren Untersuchung im Self-Service-Bereich möglich ist, korrekt gesperrte Karten wieder zu entsperren. Ein Sicherheitsforscher hat daraufhin ein Rate-Limit eingeführt, um Abfragen für den Selbstbedienungsbereich zu begrenzen und die Sicherheitslücken zu reduzieren.
37C3: Kopierschutz AACS 2 für Ultra HD Blu-rays ist geknackt:
Wissenschaftler haben einen umfassenden Angriff auf das aktuelle Blu-ray-DRM präsentiert, der Schlüssel extrahieren und UHD-BD-Filme beliebig abspielen lassen kann. Das Kopierschutzverfahren Advanced Access Content System (AACS) in Version 2 für HD DVDs und Ultra HD Blu-rays (UHD BD) mit 4K Auflösung (3840 × 2160 Pixel) hatte umgehenden Versuchen zwar länger standhalten können als der Vorgänger AACS 1, aber am Freitag auf dem 37. Chaos Communication Congress (37C3) in Hamburg wurde nun ein „End-to-End-Angriff“ auf das System zum digitalen Rechtekontrollmanagement (DRM) vorgestellt. Er ermöglicht es, AACS-2-Schlüsselmaterial zu extrahieren und damit UHD-BD-Filme auf jeder Hardware abspielen sowie UHD-BD-Discs klonen. Die Forscher verwendeten dabei Lücken in der Sicherheitsfunktion Software Guard Extensions (SGX) von Intel und deren Update-Mechanismen, die eine wesentliche Voraussetzung für AACS2 darstellen. In den betroffenen Geräten sind schließlich auch Schlüssel extrahierbar geworden. Das Forschungsteam um Adam Batori von der University of Michigan hat dabei weiters gezeigt, wie die PowerDVD-Wiedergabe-Software für Blu-rays von CyberLink per Reverse Engineering rekonstruiert werden kann. Das AACS-2-Protokoll ist technisch gut konzipiert, doch sein Abhängigkeit von der Sicherheit der SGX konnte es letztlich unterlaufen lassen.
The coastline paradox is a phenomenon whereby the length of a landmass's coastline does not have a well-defined measurement. It is attributed to the fact that a coastline has features at all scales, from large features such as bays and promontories to tiny fractions of a millimeter. This results in a seemingly infinite variation in length depending on how it's measured. The problem is distinct from measuring other edges because it involves irregular landforms rather than simpler structures. It was first explored by Lewis Fry Richardson, continued by Benoit Mandelbrot, and later extended to include fractal surfaces.
The coastline paradox can be related to mathematics through concepts like the Hausdorff dimension, which describes the space-filling property of objects and determines how their size changes as they are magnified. Measuring a coastline typically requires estimating its length using varying measurement units, leading to different results. However, the problem doesn't necessarily arise from the act of measuring but rather arises when measuring specific natural phenomena like coastlines that exhibit complex structures and patterns.
This article argues that subscriptions can be a financial trap, with their relative affordability making us easily sign up for new services. Humans are poor at predicting future needs and remembering active subscriptions, causing unnecessary expenditure when subscriptions continue even though they may no longer be useful. The author suggests avoiding subscription-based products by carefully considering if the service is truly needed and using a short-term approach to prevent spending unnecessarily.
The Google 0-day all Infostealer groups are exploiting. | InfoStealers:
This article warns about a vulnerability in Google's cookies, allowing them to stay active even after password changes and not expiring. Cybercriminals take advantage of this issue. Despite being alerted, no action has been taken by Google, possibly due to the perceived tradeoff between user convenience and security. Multiple Infostealer groups have exploited this vulnerability for their benefit.
In 2023, Amazon laid off approximately 27,000 employees, which represents a small percentage of their overall workforce. The majority of these layoffs occurred in the retail sector. To save on costs and maintain high earnings, Amazon has been using methods like return-to-office initiatives and enforcing reductions in compensation. This shift in strategy can lead to an adverse effect on staff retention and employee morale, potentially impacting business growth. Some experts suggest that the company may start centralizing expertise to reduce costs, which could result in challenges for teams focused on innovation and maintaining high operational standards. Overall, these measures are intended to improve Amazon's financial standing while facing increasing competition in the tech industry.
EU CRA: What does it mean for open source? - Bert Hubert's writings:
The final version of the Cyber Resilience Act (CRA) focuses mainly on commercial activity, and most open-source projects should be in clearance according to the law. Organizations like Python Foundation or the Linux Foundation might fit as „open-source software stewards“ under the new rules. For these entities, they'll have light-touch obligations regarding cybersecurity policy development, reporting of vulnerabilities, and cooperation with market surveillance authorities, among other duties. The CRA emphasizes the importance of due diligence for integrators that use open source in their products. It also creates a new process enabling industry to sponsor security documentation, attestations, audits or even security work on open-source products, encouraging collaboration between these industries and open-source communities.
Nibbles is a video game inspired by the snake concept, created using QBasic programming language. Developed in MS-DOS by Rick Raddatz and included with versions 5.0 and above of MS-DOS, it involves guiding a virtual snake through a space, consuming numbers to progress while avoiding collisions. The game has single and multiplayer modes and increases in difficulty over time as players advance.
German word of the day: Stoßlüften:
„Stolften“ is a German term that refers to the practice of letting cold air enter a room by turning off the radiator and opening windows for five minutes before closing them again and turning on the heating. This process aims to refresh the air inside the room, maintaining a better indoor climate without being heavily dependent on external temperature conditions. It is commonly practiced in German schools, particularly to prevent mold growth due to increased humidity levels. However, some students may disagree with this practice, leading teachers to advise them to dress warmer instead.
Getting started with Fail2Ban on Linux:
This article explains how to get started using Fail2Ban to secure Linux servers by keeping them more secure against various internet-facing services, such as brute-force login attempts. It discusses the process of setting up Fail2Ban with Ubuntu as an example reference system and its usage with SSH service through iptables as a firewall. The article explains general concepts in Fail2Ban like checking logs, following rules for adding suspicious IPs to deny lists, configuration options such as bantime for duration of bans, and how to view banned hosts within specific jails or globally. It also covers working on Fail2Ban manually including unbanning or banning hosts and the process of testing your configuration by attempting to connect with wrong credentials. The text provides some advice on further reading if you want more in-depth knowledge about filters and actions for custom services and email notifications when an IP gets banned.
Family testimony reveals new insights into how Hitler became radicalised | News:
The testimony of the Popp family, who took in Hitler during his time in Munich before World War I, has revealed new insights into his radicalization and development of antisemitic ideas. Professor Thomas Weber, an expert on Hitler's politization and radicalisation, will use this information as part of an online short course at the University of Aberdeen focusing on understanding Hitler's turn towards radical political ideologies. The Popps shared wartime letters from Hitler that shed light on his motivations behind targeting Jews during a time when he struggled with personal failures as an artist. This new evidence contributes to the understanding of how people become susceptible to catastrophic levels of extremism.
Open Source Liability is Coming | Developers Alliance:
The European Union is finalizing new rules that will hold open-source creators and licensees responsible for any user harm caused by their software. This shift could impact businesses using open source resources or those who work on collaborative projects, as they may have to prove their code didn't play a role in harmful incidents. The proposed change aims to ensure consumers are compensated when faced with software-related issues, but it remains uncertain how strict liability will be applied and whether open-source contributors will be exempt from responsibility when their work is used in commercial products causing harm.
Why large companies and fast-moving startups are banning merge commits:
This article discusses the differences between merging and rebasing techniques in a git repository. It highlights how the rebase approach has gained popularity among fast-moving companies, mainly due to its ability to create cleaner histories and simpler branching. Rebasing helps by avoiding merge conflicts and keeping branches stable. While some criticisms remain regarding the complexity of Git commands and limited support from GitHub, this technique is being adopted more frequently in closed-source developments as a preferred workflow. The article suggests that using tools like Graphite can automate certain rebase processes, making it easier to manage branches without merging commits.
Intentionally buggy commits for fame—and papers:
A university research project led to intentional bugs being inserted into Linux's software, leading to a review of commits from the University of Minnesota (UMN). Greg Kroah-Hartman is planning to revert these commits and suggested ignoring future submissions with UMN.edu email addresses, unless proven valid or they fix actual issues. This incident has revealed weaknesses in the patching process and may result in heightened scrutiny on new patches. A statement from UMN's Computer Science department acknowledged the situation and initiated an investigation.
Playnite - video game library manager:
Playnite is an open source video game library manager designed to unify game interfaces from various services. It supports multiple platforms and emulators, with customizable appearance, plugin compatibility, fullscreen mode, controller support, and time tracking for in-game hours. The app runs efficiently on large libraries, without installing system dependencies or paywalls. Data is stored locally, ensuring user privacy, and can automatically download game metadata for better organization.