yeroc @yeroc@qoto.org

I've been writing serverside SQLite applications for several years now and I still picked things up from this article, which is extremely good. https://kerkour.com/sqlite-for-servers

This is the best timeline I've seen so far on what we know about the Xz backdoor. Some good info here for researchers: https://boehs.org/node/everything-i-know-about-the-xz-backdoor

🤯 The level of sophistication of the XZ attack is very impressive! I tried to make sense of the analysis in a single page (which was quite complicated)!

I hope it helps to make sense of the information out there. Please treat the information "as is" while the analysis progresses! 🧐 #infosec #xz

Justin Ling's third dispatch from Kyiv offers insight that is too often ignored:

"The right word, I think, is frustrated. Frustrated that they have wound up here, frustrated that there are no good options ahead, frustrated that their allies have grown bored of supporting their struggle, frustrated that huge swaths of the country lay in ruin, frustrated that imperialism is on the march and all the flowery promises about democracy and freedom have meant so very little."
https://www.bugeyedandshameless.com/p/from-the-kyiv-jellyfish-museum

"The thing about Facebook is that the people who work there just do this shit", the ongoing series.

"By 2013, Netflix had begun entering into a series of “Facebook Extended API” agreements, including a so-called “Inbox API” agreement that allowed Netflix programmatic access to Facebook’s users' private message inboxes [...]"

https://arstechnica.com/gadgets/2024/03/netflix-ad-spend-led-to-facebook-dm-access-end-of-facebook-streaming-biz-lawsuit/

Canada's annual greenhouse gas emissions, by jurisdiction: 1990 to 2021

#canada #cdnpoli #climate #climatechange #alberta #saskatchewan #manitoba #ontario #newbrunswick #novascotia #pei #newfoundland #ableg #skpoli #mbpoli #onpoli #nbpoli #nspoli #peipoli #nfldpoli

Look, I went over the Snowden documents as a journalist, but I never saw anything that shocked me quite like this story of Meta buying a VPN company for "security" but then spying on users of competitive apps by decrypting the traffic.

This is a real SSL added and removed here :) moment.

Seriously, like wow: https://techcrunch.com/2024/03/26/facebook-secret-project-snooped-snapchat-user-traffic/

Court document: https://storage.courtlistener.com/recap/gov.uscourts.cand.369872/gov.uscourts.cand.369872.735.0.pdf

It should be fair to post screenshots like this for companies that tout “the fastest frontends” on their home page—especially notable that this is *not* a temporary regression. It’s been like this for a long time—why is no one talking about it?

#JDK22 contains the final version of the Foreign Function & Memory API (#JEP454). Being a modern successor to #JNI, it allows cool stuff like building Java wrappers arounds C libraries.

We did just that and are proud to announce the first production-ready version of #jFUSE, allowing you to develop #FUSE filesystems in #Java. It is module-ready, multi-platform, thoroughly tested by @Cryptomator and thanks to the FFM API requires no further dependencies.

https://github.com/cryptomator/jfuse

In true Apple fashion, the company quietly posted an update to its developer site yesterday vaguely hinting that its M-Series CPUs leak cryptographic keys, as I reported the same day. The update went on to advise developers to invoke a defense that has gone completely undocumented until now on Apple's site, and isn't even available for M1 and M2 CPUs. Apple also acknowledged that the defense, known as DIT or data-independent timing, will "slow down your code."

Apple's paranoia and lack of transparency hurts end users and makes the company look bad.

https://developer.apple.com/documentation/xcode/writing-arm64-code-for-apple-platforms#Enable-DIT-for-constant-time-cryptographic-operations

⭐ There is no EU cookie banner law https://www.bitecode.dev/p/there-is-no-eu-cookie-banner-law

"You absolutely don't have to suffer through this, it is a decision made by the companies to inflict it on you."

📌 https://rknight.me/links/there-is-no-eu-cookie-banner-law/

So a country of 8M people lost all their groceries in a week. And almost nobody had savings or backup food.

Meanwhile Ireland was also growing lots of grain!

But the people who owned most of the land kept exporting it, while subsistence farmers who rented from them starved.

Oh wow. I don't expect Apple to care about developers (not since Woz left), but this sounds extremely bad: https://bugs.openjdk.org/browse/JDK-8327860 and https://blogs.oracle.com/java/post/java-on-macos-14-4
Changing a SIGBUS/SIGSEGV to a SIGKILL just in between minor OS updates sounds extremely rude.
Awaiting Apple's response, but I currently don't see how one can justify this.

Are you looking for a quick way to get started with #OpenTelemetry and #Grafana? Try our new Docker image! https://grafana.com/blog/2024/03/13/an-opentelemetry-backend-in-a-docker-image-introducing-grafana/otel-lgtm/

Learning how to learn: Mental models by Neil Keleher is on sale on Leanpub! Its suggested price is $29.00; get it for $16.80 with this coupon: https://leanpub.com/sh/cueZLg3e #Philosophy #PersonalTransformation

OK, this is exciting: we now have four alternatives with benchmarks that put them in the same class as GPT-4 - up from zero contenders less than a month ago

Claude 3 Opus, Gemini 1.5, Mistral Large and now Inflection-2.5: https://simonwillison.net/2024/Mar/8/inflection-25/

Looks like the GPT-4 barrier has been well and truly smashed

GitHub is struggling to contain an ongoing attack that’s flooding the site with millions of code repositories. These repositories contain obfuscated malware that steals passwords and cryptocurrency from developer devices, researchers said.

The malicious repositories are clones of legitimate ones, making them hard to distinguish to the casual eye. An unknown party has automated a process that forks legitimate repositories, meaning the source code is copied so developers can use it in an independent project that builds on the original one. The result is millions of forks with names identical to the original one that add a payload that’s wrapped under seven layers of obfuscation. To make matters worse, some people, unaware of the malice of these imitators, are forking the forks, which adds to the flood.

“Most of the forked repos are quickly removed by GitHub, which identifies the automation,” Matan Giladi and Gil David, researchers at security firm Apiiro, wrote Wednesday. “However, the automation detection seems to miss many repos, and the ones that were uploaded manually survive. Because the whole attack chain seems to be mostly automated on a large scale, the 1% that survive still amount to thousands of malicious repos.”

https://arstechnica.com/security/2024/02/github-besieged-by-millions-of-malicious-repositories-in-ongoing-attack/

I just looked up Voyager 1's current position for a talk and saw something wild: https://voyager.jpl.nasa.gov/mission/status/

The distance between Earth and Voyager 1 is actually *decreasing* right now (even though the distance between Voyager 1 and the Sun is increasing). A website bug?

Nope! Earth moves really fast around the Sun. Right now we're moving faster toward Voyager 1 than it's flying away from us

Earth orbits at 30 km/s around the Sun, Voyager is going "only" 17 km/s. I love orbital dynamics!

ok ok yeah yeah high availability and whatever but also have you seen how highly available a single fucking binary running on a single fucking computer can be? Have you seen the performance specs of sqlite?

I'm reminded of that one paper from like 2010 or so when a researcher showed that a single threaded binary could outperform many 100 core clusters because they were so poorly designed to scale *down* at all

Did we learn nothing from that? Anything? Anything at all??

So apparently the term "patch" in software development comes from punch cards.

"Small corrections to the programmed sequence could be done by patching over portions of the paper tape and re-punching the holes in that section."

https://chsi.harvard.edu/harvard-ibm-mark-1-language

#til #computers #development #language #history