I’ve always suspected some bullshit like this — Apple devices (Macs and iPhones) expect a specific non-standard wifi setting. If you’ve noticed Apple devices falling off the network and taking a long time (many seconds) to rejoin, where devices with other OSes do not have the same problem, this may be the cause. tl;dr: the DTIM (delivery traffic indication message) setting, which defaults to 1 in a standards-compliant AP, is expected to be set to 3 by Apple devices, in order to improve battery life. Source: https://twitter.com/revolutionwifi/status/725489216768106496 (“Apple engineers have strongly suggested a DTIM of 3.”)
Justin Mason's Weblog Posts
How best can scientists push back against [science denialists]? There is a range of evidence-based strategies. These include: “Public inoculation”–warning people about the risk of being misled and drawing attention to who is pushing the contentious information and their financial competing interests; Highlighting scientific consensus; and Mapping the institutional networks who are pushing controversial information and then using political and legal strategies to counter them. For physicians, scientists, and public health officials to be effective countering efforts like the [Great Barrington declaration], it will be absolutely critical for them to realize that they are not dealing with an orthodox scientific debate based on sound data and evidence, but a well-funded sophisticated science denialist campaign based on ideological and corporate interests.
Whoa, this is unexpected — Oracle Cloud has a really good deal for hobby projects, including: ‘4 Arm-based Ampere A1 cores and 24 GB of memory usable as one VM or up to 4 VMs; 2 Block Volumes Storage, 200 GB total; 2 AMD based Compute VMs with 1/8 OCPU** and 1 GB memory each.’ The catch is that at the end of the 30 day trial period, the 4 ARM-based VMs will be terminated, but the other resources remain intact.
‘Almost-free serverless on-demand Minecraft server in AWS’:
Instead of paying a minecraft hosting service for a private server for you and your friends, host it yourself. By utilizing several AWS services, a minecraft server can automatically start when you’re ready to use it, and shut down when you are done. The final cost will depend on use but can be as little as a a dollar or two per month. The cost estimate breakdown is below. This is a reasonably cost effective solution for someone that doesn’t need their server running 24/7. If that’s you, read on! The process works as follows: Open Minecraft Multiplayer, let it look for our server, it will time out. The DNS lookup query is logged in Route 53 on our public hosted zone. CloudWatch forwards the query to a Lambda function. The Lambda function modifies an existing ECS Fargate service to a desired task count of 1. Fargate launches two containers, Minecraft and a watchdog, which updates the DNS record to the new IP The watchdog optionally sends a text message through Twilio when the server is ready. Refresh Minecraft server list, server is ready to connect. After 10 minutes without a connection or 20 minutes after the last client disconnects (customizable) the watchdog sets the desired task count to zero and shuts down.This is a very neat hack, actually quite potentially usable, and a good illustration of how viable Fargate+EFS are at hosting transient but not transitory workloads!
Great read from EARTH3R:
We have traditionally treated disaster management like we’re trying to build things back to what they were before the disaster. Climate change increasingly is showing us that’s not what we should be doing. Climate adaptation is not about maintaining the status quo. Frankly, the status quo sucks for a lot of people. […] We have to think about doing things differently. New Orleans 100 years ago didn’t look exactly like it does today, and it won’t look like it does now 100 years from now. Things will change. Adaptation is deciding what things from 100 years ago we want to hold onto, and what things will change — and making sure a bunch of rich white people aren’t the only ones deciding what to hold onto.
Good Twitter thread detailing the (IMO disastrous) history of these “new and exciting” ways in which Ireland’s Fine Gael government were lobbied successfully in 2015 and 2018 to rewrite housing policy and permit co-living, communal living, very small studios, and 1-bedroom apartments. This then resulted in many property developers scrapping existing plans and going back to the drawing board to cram in as many tiny apartments as possible to maximise their returns
Good caches have feedback loops. Like back pressure, and limited concurrency. Bad caches are typically open-loop. This starts to give us a hint about how we may use caches safely, and points to some of the safe patterns for distributed systems caching. More on that later.
Interesting, didn’t realise this data was being resold….
“I’m concerned that netflow data being offered for commercial purposes is a path to a dark fucking place,” one source familiar with the data told Motherboard. […] At a high level, netflow data creates a picture of traffic flow and volume across a network. It can show which server communicated with another, information that may ordinarily only be available to the server owner or the ISP carrying the traffic. Crucially, this data can be used for, among other things, tracking traffic through virtual private networks, which are used to mask where someone is connecting to a server from, and by extension, their approximate physical location. Team Cymru, one threat intelligence firm, works with ISPs to access that netflow data, three sources said. Keith Chu, communications director for the office of Senator Ron Wyden which has been conducting its own investigations into the sale of sensitive data, added that Team Cymru told the office “it obtains netflow data from third parties in exchange for threat intelligence.” Companies that may source Team Cymru’s data include cybersecurity firms hired to respond to data breaches or proactively hunt out hackers. On its website, Team Cymru says it works with both public and private sector teams to “to help identify, track and stop bad actors both in cyber space and on the ground.” “I’m less worried about a bad guy hacker and more worried about a bad guy government or company or politician,” one source familiar with the data said. A source in the threat intelligence industry added that they “always thought it was kinda bonkers,” referring to Team Cymru’s sale of netflow data.
“Your Refurbished (Super) Marketplace” — an eBay for refurbished devices. “Back Market has created a transparent grading system that takes into account both the cosmetic appearance and technical condition of every device. Every device is guaranteed to be 100% functional on our site—so ”technical condition” refers to the durability one can expect from a product given its refurbisher’s operations/processes and historical quality data). Everything is fully transparent so you can choose from three conditions based on your needs.” Looks decent, Paris-based.
“It is increasingly clear that there’s now a concerted effort under way in parts of the British press to derail action on the Climate Emergency. This [Twitter] thread highlights key examples & shows how the main arguments are textbook Climate Delay.”
Amazingly, it seems you can experiment with GAN art using Google Collab, for free
tl;dr: if you choose the right AZ, yes:
DigitalOcean is a fantastically simple provider of cloud hosting services with transparent pricing. Regrettably, they’re less transparent about their green credentials. [jm: you should see AWS….] This post is a living document explaining which DigitalOcean data centres we think are green. This is surmised data through support requests, community notes, and some assumptions, and maybe incorrect.
Excellent demonstration via Robbie Semple on Twitter: “Ireland’s biggest fossil fuel company is @dccplc. They are a FTSE100 company. Last year they made £13.4 billion in revenue and £530.2 million in profit. 71% of the profit came from their fossil fuel businesses. ‘In the face of a global crisis, Ireland’s biggest fossil fuel company refuses to stop selling fossil fuels ’: Why is this not more of a story? DCC are very good at communications. Given how they make their money, most publicity is bad for business, so they keep a low profile. And what they do communicate is very skilful. […] “We have adopted a Net Zero 2050 target for our group Scope 1 and 2 emissions. Our interim target is a 20% reduction by 2025.” This is a masterclass in how to tell the world you won’t stop selling fossil fuels without telling the world you won’t stop selling fossil fuels. The key is referring only to scope 1 and 2 emissions, meaning the emissions produced in running their business. For DCC, that will include things like electricity for their factories, and fuel for their trucks. But they don’t mention scope 3 emissions, which would include emissions produced in their supply chain, or by their customers. For DCC, that means they don’t have to worry about the methane that escapes when it’s fracked out of the earth, or the carbon emitted as their oil and gas they sell is burned by end users. DCC’s 2021 sustainability report refers to scope 3 emissions, but doesn’t quantify them and has set no targets for reducing them. So with their current banner commitments, they could double the amount of fossil fuels they sell and still meet their 2050 targets.” Scope 1/2/3 emissions are a hard concept to get your head around, but very important in dissecting greenwashing PR.
Twitter UK analysed the racist abuse directed at England football players on the night of the Euro 2020 final, and noted: “our data suggests that ID verification would have been unlikely to prevent the abuse from happening — as of the permanently suspended accounts, 99% of account owners were identifiable.”
Well, this is a problem —
Running these workshops was a fascinating experience. In each, there was a definite point which I came to think of as a “penny-drop moment”, when the participants came to realise the significance of the climate crisis and the way it would shape our collective future. In one workshop, for example, a very eminent scientist explained to MPs how crop yields are likely to be severely affected by extreme weather, a likely scenario if global average temperatures rise by 2C or more – and that this could lead to food shortages. The response was striking. There was a silence, a collective intake of breath, a recognition of the significance of the changes that could be upon us if we don’t act. And then, at the end of our workshop, they walked out of the door and back to their normal lives. […] It became clear to me that there were two main reasons why MPs struggled with the issue: first, because it didn’t fit easily into the culture of political life and their own identity as a parliamentarian; and second, because they worried that public support for climate action was limited, and that, as representatives, they needed to be led by their electorate.I have some confidence that a Citizen’s Assembly approach is the right answer here. In Ireland it was clear that politicians felt more comfort with gay marriage and abortion as topics once those CAs had delivered their findings and demonstrated how an electorate really felt about them.
BBVA run the numbers on AWS Lambda vs bare-EC2 cost effectiveness. This is a good analysis, as of Dec 2020 pricing at least:
With traffic profiles where requests arrive in at periodic intervals, and a low total amount of requests, serverless architecture seems to be a great architecture in terms of cost, speed of delivery and effort. Thus, Lambda is probably the way to go if our application has sufficiently large periods of inactivity. Once the break-even point is reached, when EC2 is more cost-effective than Lambda, the cost difference grows rapidly, making Lambda less and less attractive in terms of cost. Thus, it is of great importance to know if the expected amount of traffic will be around the break-even point. Be aware of the CPU throttling you will get with the smaller memory flavors of Lambda. If your code is CPU-bound, choosing the smaller memory flavors might not be an option, since execution times, and thus latency, might grow beyond your requirements. On the other hand, if your code is I/O bound, the CPU throttling might not affect you significantly. Break-even point (if there is one, that is) strongly depends on the application itself. Without measuring the target application code, knowing the intended usage of the service, the SLA and the capabilities of the team in charge of building the application it is almost impossible to know for sure which service, Lambda or EC2, is more convenient.IMO there are still significant costs in organisational and infrastructure terms around replacing a working EC2 infrastructure with a Lambda-based one; deployment and other integration points with AWS are extremely tricky to deal with. But this is good data on the $ point alone.
Yes, I know about Pi-Hole. If you are telling me about Pi-Hole you are inadvertently proving my point, which is that responsibility or intentionally parenting these days involves a frankly unreasonable and untenable amount of both content moderation both passive and interactive and at this point a quite enraging amount of goddamn systems administration.
These are fantastic — “Much like Hokusai’s views of Mt. Fuji, Edward Luper’s prints capture London’s BT Tower from various vantage points and throughout different weather patterns and seasons. And while initiative’s like these run the risk of coming across a kitschy copies, Luper’s attention to detail and artistic execution renders them an artful adoration for a city. “[BT Tower] became a point of stability for me; like a lighthouse. My life seems to revolve around it in some way or form. Much in the same way Mount Fuji was to the artist Katsushika Hokusai.””
Cannot agree more with this paper from Google: ‘One of the basic arguments in this paper is that machine learning packages have all the basic code complexity issues as normal code, but also have a larger system-level complexity that can create hidden debt. Thus, refactoring these libraries, adding better unit tests, and associated activity is time well spent but does not necessarily address debt at a systems level. In this paper, we focus on the system-level interaction between machine learning code and larger systems as an area where hidden technical debt may rapidly accumulate. At a system-level, a machine learning model may subtly erode abstraction boundaries. It may be tempting to re-use input signals in ways that create unintended tight coupling of otherwise disjoint systems. Machine learning packages may often be treated as black boxes, resulting in large masses of “glue code” or calibration layers that can lock in assumptions. Changes in the external world may make models or input signals change behavior in unintended ways, ratcheting up maintenance cost and the burden of any debt. Even monitoring that the system as a whole is operating as intended may be difficult without careful design. Indeed, a remarkable portion of real-world “machine learning” work is devoted to tackling issues of this form. Paying down technical debt may initially appear less glamorous than research results usually reported in academic ML conferences. But it is critical for long-term system health and enables algorithmic advances and other cutting-edge improvements.’ (via Grady Booch)
Regarding smart home power management — Niall Douglas on ITC says “If you choose your solar inverter components right, they’ll come with a LAN capable mains AC meter which you stick just after the mains. It essentially duplicates the smart meter, should get very close, but it’s on your LAN and you can Home Assistant script the lot. My notes here suggest [this meter] for €385 inc VAT delivered, it talks to all the other Fronius kit such as inverter and thermal store immersions over your LAN. All with high quality Home Assistant support.”
The Forecast.Solar service provides solar production forecasting for your solar panel system, based on historic averages combined with weather forecasting. This integration provides an estimated forecast on how much energy your solar panels are going to produce, allowing you to plan ahead on how you spend your produced energy in most efficiently.
An incredibly detailed sheet of SSD specs, maintained by a Redditor (via notjosh on the Irish Tech Community slack)
Execute code in sustainable DCs:
Green Compute can be enabled for any Cron triggered Workers. The concept is simple: when turned on, we’ll take your compute workload and run it exclusively on parts of our edge network located in facilities powered by renewable energy. Even though all of Cloudflare’s edge network is powered by renewable energy already, some of our data centers are located in third-party facilities that are not 100% powered by renewable energy. Green Compute takes our commitment to sustainability one step further by ensuring that not only our network equipment but also the building facility as a whole are powered by renewable energy. There are absolutely no code changes needed.Note, this allows you to ensure that your code is executed *only* using renewable energy sources, not just offsetting!
“The irony: the more advanced a control system is, the more crucial may be the contribution of the human operator. [….] The more we depend on technology and push it to its limits, the more we need highly-skilled, well-trained, well-practised people to make systems resilient, acting as the last line of defence against the failures that will inevitably occur.” (via Abeba Birhane)
“Biofuels have consistently been marketed as a ‘green’ alternative to fossil fuels, which hides their sky high emissions, human rights abuses & ecological impact.”
Detailed Twitter thread covering a preprint paper; tl;dr: RT-PCR of a saliva sample actually proved to have a higher sensitivity
This is an absolute litany of shitty ML practices, including a dataset which “mixed X-rays of supine and erect patients, without noting that only the sickest patients were X-rayed while lying down. The model learned to predict that people were sick if they were on their backs” (via Cory Doctorow)
@KishoreBytes notes: “Helix [is] not well known but widely used at LinkedIn, Airbnb, Pinterest, Uber, Yahoo to build distributed systems. Helix is probably managing hundreds of thousands of servers today!” It is “a generic cluster management framework used for automatic management of partitioned, replicated and distributed resources hosted on a cluster of nodes, [providing] the following features: Automatic assignment of resource/partition to nodes; Node failure detection and recovery; Dynamic addition of Resources; Dynamic addition of nodes to the cluster; Pluggable distributed state machine to manage the state of a resource via state transitions; Automatic load balancing and throttling of transitions” Sounds handy for automatic shard-based scaling. Built on Zookeeper.
[…] a method of cookery practiced by the rural poor in the early to mid 19th century Ireland […] Parboiling or half-roasting rendered a potato that was at once half-cooked and half-raw, with the inner core hard to the bite. Potatoes cooked in this way were called potatoes with the moon (an ghealach) or potatoes with the bone. William Wilde, father of Oscar, describes the practice in some detail in his essay, ‘The Food of the Irish’, which was published in 1854 in the Dublin University Magazine. Here is his explanation of the practice: “the heart of the potato was allowed, by checking the boiling at a particular point, to remain parboiled, hard and waxy; when the rest of the potato has been masticated in the usual manner, this hard lump, about the size of a walnut, was bolted; and in this manner nearly a stone of the root was taken into the stomach of the Irish labourer per diem… it was grounded on a certain knowledge of physiology. “The stomach digested the well boiled farinaceous portion of the potato within the space of a few hours, and that having all been disposed of, the half-boiled lumps remained behind, and a second digestion was commenced to assimilate this portion of food, and convert it into nutritious, life-sustaining material; which latter process lasted some hours longer, and thus the craving of hunger were warded off for five or six hours after the original meal.”
This is a great idea and a good way to approach OSS funding, IMO:
We have seen skilled developers come and go for years, the latter becoming a growing concern. Contributing takes a crazy amount of time and people have family, work and other responsibilities to take care of. Thus when core team contributors are willing to be paid for making Free Software, we have decided that GIMP as a project should encourage such endeavours by putting more emphasis on their funding. There are currently 2 such crowdfunding projects. You can consider these crowdfundings as “official” as can be and completely endorsed by the GIMP project.
Paper in JAMA, mentioned by Daniel Griffin in his COVID-19 Clinical Updates on TWIV. “We compared symptoms compatible with long COVID in children and adolescents reported within 6 months after SARS-CoV-2 serologic testing [… using] a longitudinal cohort study investigating SARS-CoV-2 seroprevalence in 55 randomly selected schools in the canton of Zurich in Switzerland.” Results: 4% — so 1 in 25 — reported at least one symptom lasting more than 3 months after the initial infection date, particularly fatigue, or difficulty concentrating.
There was a “protest” outside the Dail in Dublin yesterday purporting to be “brides-to-be” disappointed at ongoing COVID-19 restrictions on weddings. As this Reddit post notes, however, it seems extremely likely that this “protest” is an astroturfed PR campaign. Sadly the Irish news media were happy to report it straight and gloss over the astroturfing. ‘Nothing I’ve said here will really be a surprise to anyone, and it’s not exactly the Reichstag Fire, but I hope it’s a useful example of just how poorly Irish media serves the audience, and how easily astroturfing is done here. This protest couldn’t muster the hundred or so “real” people they expected to show up, as the padding they’d have needed to look convincing, but others can – and do. Something worth remembering for how our national media covers major, minor, totally or partly fake protests in future, and how protests are organised in the first place. Not all their instigators are as mostly-harmless as Wedding Planners.’
Pretty short list, unfortunately :(
Chrome extension for flexible full text browsing history search. Press f, then space or tab, in the omnibar to start searching your previously visited websites! Every time you visit a website in Chrome, Falcon indexes all the text on the page so that the site can be easily found later. Then, for example, if you type f
mugwort, Falcon will show the websites you visited containing the text “mugwort”! Install from the Chrome store here or get the CRX file!
‘the reason we have been stuck using boron instead of gallium over the past 20 years is that the process of doping silicon with gallium was locked under a patent.’ IP destroying the world now….
Finally, a decent article on the origins of COVID-19 from The Bulletin of the Atomic Scientists, by Ian Lipkin:
Over the past 40 years, I have personally been involved in addressing several: HIV/AIDS, West Nile encephalitis, SARS, MERS, Lujo, Lassa, Nipah, Dandenong, Ebola, Marburg, dengue, monkeypox, Zika, influenza, and COVID-19. Estimates of numbers of unknown viruses lurking in mammals range from 320,000 to 1,000,000. If even 1 percent of them can infect humans or domestic animals, we may be ignorant of thousands of potential threats to human health and food security. In an increasingly interconnected world, diseases that might once have been contained to a region are now global. Accordingly, the international community can have zero tolerance for wildlife markets and wildlife trafficking for food, medicinal, or pet trade purposes. Our current focus in on China. However, trafficking in wildlife is a global threat and should be banned everywhere. It may have contributed to the emergence of HIV/AIDS and to outbreaks of Ebola and Marburg
Wow, this is Proustian —
This repository contains bitmapped fonts from disused operating systems and graphical user interfaces. As operating systems and GUIs have moved on to scalable vector fonts, the bitmap fonts that dominated the 1980s and 1990s languish away in non-obvious and often binary formats that are rapidly falling into obscurity. The main purpose of this repository is to liberate these fonts from their binary shackles, preserving the ancient art of monochrome bitmap typography for human appreciation.
The story of BigPharmia and Novaxia, from Oliver Johnson on Twitter, a nice demo of how log-scale graphs can make interesting patterns in the data clearer
BMJ op-ed from Karl Friston and Anthony Costello:
The UK is an outlier by allowing children to remain unvaccinated at a time when lifting of restrictions will increase covid-19 infection rates. We have heard much about how vaccination is breaking — or weakening — the link between SARS-CoV-2 and the clinical manifestations of covid-19. We consider the nature of this link from the perspective of quantitative modelling — and what it means for risks following exposure to the virus. In brief, it suggests we should shift our focus from mortality to morbidity, particularly in children.
Including a Python script to decode a Green Pass code:
As you can see, 23 year-old Gabriele was vaccinated in February, once, with BioNTech/Pfizer’s Comirnaty. What is not included is the date during which she is considered immune. Those are calculated from the number of shots received and the date of vaccination, as well as the circumstances (going to a restaurant vs. going to work, for example) by the scanner app. Apart from the name/manufacturer of the received vaccine, there is no superfluous data inside, so the QR code is not a privacy nightmare, as some have feared.
Given the increased risk of vaccine-induced thrombosis, the HSE have produced this leaflet to advise young people. IMO it should really include details of Long Covid, although I guess that’s hard to quantify at this stage
Amazing C=64 demo, running on a 1541 disk drive connected directly to the monitor! What an insane hack. I too ran demo code on the 1541 in one of my demos, but the only video output in that case was to flash the LED on the drive in time with the music :) (thanks Craig!)
what does the ONS data tell us with their very large datasets? They looked at 313,000 people aged 2 or over, surveyed in the month to June 6. On July 1 the new data shows 962,000 people in private households in the UK (1.5% of the population) were experiencing self-reported “long COVID” (symptoms persisting for more than four weeks). https://www.ons.gov.uk/peoplepopulationandcommunity/healthandsocialcare/conditionsanddiseases/bulletins/prevalenceofongoingsymptomsfollowingcoronaviruscovid19infectionintheuk/1july2021 856,000 (89.0%) first had (or suspected they had) COVID-19 at least 12 weeks previously, and 385,000 (40.0%) first had (or suspected they had) COVID-19 at least one year previously. They estimate that 13,000 children aged 2-11, 20,000 aged 12-16 and 71,000 aged 17-24 had Long Covid of any duration. Most in these 3 age groups had had symptoms for AT LEAST 12 weeks (10,000, 16000, 65000 respectively). Perhaps most worrying is that the latest UK Long Covid estimate for children aged 12-16 who experience prolonged symptoms for at least ONE YEAR is 0.12% (0.06-0.17) or 1 in 830, with possible but unknown effects on developing brain structure based on recent adult studies.Costello is a member of Independent SAGE and an ex-director of the WHO
Detailed thread from Professor Philip Nolan on Twitter, on the scenario modelling used by NPHET to inform the government on likely COVID-19 infection trajectories; several models are used, including a basic SEIR model and an agent-based model, “where social structures and transmission are simulated in detail at the individual level; these show rapid spread in younger people with transmission into older groups, and highlight uncertainty on the role of children and adolescents”, and the role of super-spreader events. tl;dr: “a variant with a transmission advantage [ie., Delta] can do very significant damage if we let it spread in a partially vaccinated population, the scale of the damage depends on the transmission advantage, and it starts slowly and escalates rapidly.”
“19 March 1991: Three software developers. One desk. No chairs.” — I was there!
arm_freq_min and over_voltage settings do the job
According to one calculation, the heat wave was five standard deviations above expectations, meaning it was an event that should arrive, in the absence of climate change, once every 5,000 years. That’s once since the age of Ancient Egypt. We are experiencing that five-sigma event this year. In British Columbia, it was as hot as it was in Death Valley, California. They called it Death Valley for a reason.
One “important reason”, Rischard said, was the failure of the UK and EU to agree on mutual recognition of database rights. While both have an agreement to recognise copyright protections, that only covers work which is creative in nature. Maps, as a simple factual representation of the world, are not covered by copyright in the same way, but until Brexit were covered by an EU-wide agreement that protected databases where there had been “a substantial investment in obtaining, verifying or presenting the data”. But since Brexit, any database made on or after 1 January 2021 in the UK will not be protected in the EU, and vice versa. Other concerns Rischard listed include the increasing complexity and cost of “banking, finance and using PayPal in the UK”, the inability for the organisation to secure charitable status, and the loss of .eu domains. The increased importance of the EU in matters of tech regulation also played a role: “We could more effectively lobby the EU [and] EU governments and have more of an impact, especially in countries where there is no local chapter,” Rischard wrote.
This is an excellent classification for a particular style of climate denialism: ‘‘Discourses of climate delay’ pervade current debates on climate action. These discourses accept the existence of climate change, but justify inaction or inadequate efforts. In contemporary discussions on what actions should be taken, by whom and how fast, proponents of climate delay would argue for minimal action or action taken by others. They focus attention on the negative social effects of climate policies and raise doubt that mitigation is possible. Here, we outline the common features of climate delay discourses and provide a guide to identifying them. […] * Someone else should take actions first: redirect responsibility * Disruptive change is not necessary: push non-transformative solutions * Change will be disruptive: emphasise the downsides * It’s not possible to mitigate climate change: surrender.’
All looking pretty shite for Western Digital — one of their engineers *removed* the need for authentication on the factory-reset PHP script for the My Book Live devices:
A Western Digital developer created five lines of code to password-protect the reset command. For unknown reasons, the authentication check was [….] commented out as indicated by the double / character at the beginning of each line. […] The discovery raises a vexing question: if the hackers had already obtained full root access by exploiting CVE-2018-18472 [a separate bug], what need did they have for this second security flaw? There’s no clear answer, but based on the evidence available, Abdine has come up with a plausible theory — that one hacker first exploited CVE-2018-18472 and a rival hacker later exploited the other vulnerability in an attempt to wrest control of those already compromised devices.
‘a system-wide profiler, combining multiple sampling profilers to produce unified visualization of what your CPU is spending time on.’ — claims to have little impact on performance of running code, supports Linux, java and Ruby
Ivermectin, in this case, but hydroxychloroquine before that, and other treatments for cancer and so on before that. ‘What seems to really be at work here, in the end, is a political battle, not a medical one. The laetrile wars of the 1970s also launched what’s known as the “health freedom” movement — a libertarian-tinged social tendency that holds Americans should have unrestricted access to alternative treatments—into the spotlight. […] It’s a familiar set of claims, amounting to an assertion that being given the broadest possible platform is the same as being silenced, and that one’s theories being tested is the same as them having been suppressed.’ I think part of the appeal of these drugs is that you can claim that they _are_ a miracle cure, and that they are being suppressed by a conspiracy of silence by Big Pharma. The conspiracy part is a key selling point for the promoters. Interesting phenomenon, though.
Snapchat are fans, using cronet on the Android/iPhone client side. The HN comment thread at https://news.ycombinator.com/item?id=27626394 is also a decent read, some insightful discussion
we determined that calls to time.Now() or time.Since(time.Time) in Golang were taking about 200 times longer on new servers than they were on old servers. We found similar impacts in Python, which lead us to the clocksource. It turns out that in our Grub boot parameters for AL2, we had added clocksource=hpet about two years ago, but all of our servers launched prior to 6/17 had a clocksource of kvm-clock, apparently ignoring the Grub config. Servers launched after 6/17 (with the same AMI, Grub config, everything) were honoring the specified clocksource, which caused our performance issue.
Amazing level of detail on how the Apollo mission control room operated! (plus more from Ken Shirriff at https://twitter.com/kenshirriff/status/1409241533757345792 )
It seems that ‘symptoms vary slightly based on whether you’re fully vaccinated, half vaccinated or unvaccinated.’
Senior executives at a French spyware firm have been indicted for the company’s sale of surveillance software to authoritarian regimes in Libya and Egypt that resulted in the torture and disappearance of dissidents. While high-tech surveillance is a multibillion-dollar industry worldwide, it is rare for companies or individuals to face legal consequences for selling such technologies—even to notorious dictatorships or other dangerous regimes. But charges in the Paris Judicial Court against leaders at Amesys, a surveillance company that later changed its name to Nexa Technology, claim that the sales to Libya and Egypt over the last decade led to the crushing of opposition, torture of dissidents, and other human rights abuses. The former head of Amesys, Philippe Vannier, and three current and former executives at Nexa technologies were indicted for “complicity in acts of torture” for selling spy technology to the Libyan regime. French media report that Nexa president Olivier Bohbot, managing director Renaud Roques, and former president Stéphane Salies face the same charges for surveillance sales to Egypt.
This repository contains open-source libraries and tools to perform fully homomorphic encryption (FHE) operations on an encrypted data set. […] Fully Homomorphic Encryption (FHE) is an emerging data processing paradigm that allows developers to perform transformations on encrypted data. FHE can change the way computations are performed by preserving privacy end-to-end, thereby giving users even greater confidence that their information will remain private and secure.
Matthew Green writes: “This is an amazing paper. It implies (with strong statistical evidence) that the design of a major mobile-data encryption algorithm — used in GPRS data — was deliberately backdoored by its designer.”
Instead of providing full 64-bit security, we show that the initial state of GEA-1 can be recovered from as little as 65 bits of known keystream (with at least 24 bits coming from one frame) in time 240 GEA-1 evaluations and using 44.5 GiB of memory. The attack on GEA-1 is based on an exceptional interaction of the deployed LFSRs and the key initialization, which is highly unlikely to occur by chance. This unusual pattern indicates that the weakness is intentionally hidden to limit the security level to 40 bit by design.
Impressive performance figures from the distributed messaging/streaming platform using NVMe and DCPMM persistent memory devices: ‘Pulsar architecture can accommodate different types of hardware which allows users to balance performance and cost based on required throughput and latency. Pulsar has the capability to adapt to the next generation of storage devices to achieve better performance. We have also seen that persistent memory excels in the race to achieving higher write throughput by maintaining low latency. ‘
there are a few limits you must understand to model properly in DynamoDB. If you’re not aware of them, you can run into a brick wall. But if you understand them and account for them, you remove the element of surprise once your app hits production. Those limits are: The item size limit; The page size limit for Query and Scan operations; and The partition throughput limits. Notice how these limits build on each other. The first is about an individual item, whereas the second is about a collection of items that are read together in a single request. Finally, the partition throughput limit is about the number and size of concurrent requests in a single DynamoDB partition.I just ran into the last one on a pretty massive table we own, so this is worth bookmarking…