Signal's reproducible builds are not maintained well. Many versions have been released without anyone noticing the mismatches, until a user reports it.
Open source intelligence. From the ASN to IP ranges, and onwards to old messages on mailing lists, where the headers leaked the fact that the person sent email from WYLTK, and the person was publicly associated with the FBI by way of speaking gigs.
You should at least mention what city you lived in. Your initial comment is hardly credible. Lots of people have ridden buses for more than 18 months in their entire life and appreciate it.
I've had an interesting time transitioning our project from OpenCensus to OpenTelemetry now that the former is EOL'd. We use the otel stackdriver output. Anyone have a refernce comparison between GCP cloud metrics vs. a prometheus monitoring stack?
I did use stackdriver for quite a while before I moved to Mimir. TBH its great that you are still sticking to opentelemetry. Stackdriver as metric storage is not even a wise option in todays world give there are some really good TSDB providers SaaS or otherwise that would do a much better job.
I moved away because of 2 primary reasons
1. The cost of stackdriver can add up with large-scale deployments or high-frequency metrics. It's essential to monitor and control usage to avoid unexpected billing.
2. I have experienced delays in metric updates, specifically at high frequency data. While the delays are usually minimal, they may not be ideal for some real-time monitoring use cases. FYI GCP on its own resources makes metrics available after 210s so you are always behind.
Going the TSDB route to reliably run storage has worked for me.
I'm surprised there's such little hardware (just a small PCB) in the Nest. Appreciate that source tweet puts "jailbreak" in quotes, it's a board replacement in the shell of Google Nest peripherals.
Are there other smart assistants that we can now get for cheap, that have usable and rootable hardware on them to run custom LLMs?
> ... such little hardware (just a small PCB) in the Nest.
> ... have usable and rootable hardware on them to run custom LLMs
All the heavy-lifting is done on the server, hence the board replacement—no need to root. Install your own board with your own firmware which communicates with your own API/servers—where all heavy-lifting is done.
"smart assistants" are glorified iOT microphone/speaker combos which get all their magic from their connected microservices. A warrantless wiretap, if you will.
I don't think it makes any sense to be running custom LLMs on-hardware on these devices. They're too small and too low power to be doing so. It makes a ton of sense to hack their small, specialized hardware for speech-detection to forward that to your own servers, though, and I'd love to see that article.
It may also be that poor people have their services (drivers license renewal, K-12 school, apartment maintenance requests, welfare, job interviews) "improved" by AI while the affluent get to talk to a human
The jetsetters could very well have their personal assistants decide whether/how to interact personally with AI in the wild, or rather to have one of their own local personal AI sub-assistants take care of it.
TikTok is being singled out for having uniquely bad data practices, which is true, but banning a single app won't solve the larger problem. This 1-off is a distraction from Congress's inability to pass real data protection legislation, and will only serve to benefit Reels and Shorts (not smaller competitiors, nor consumers).
By painting car shows as gang activity and by emphasizing the angry neighbors, the article has painted this entire genre of social gathering and an entire circle of enthusiasts as antisocial, and in need of policing.
Instead of thrilling
mass gatherings that push the limits of our car infrastructure and actually do something new and innovative with it (for once), cities will be hollowed out, denuded of their culture, so that sleepy suburbanites can move in and lodge noise complaints. Urban revival will only mean basic bitch breweries and putt putt, instead of mass gatherings of poor workers, with rowdy music and sizzling fajitas.
Imagine if an intersection was shut down for 3 weeks, or maybe 3 decades. Every night, it threw the best party you’ve ever attended in your life. Instead of being a place where you commute every morning and think about how cool it would be to quit, that intersection becomes the place you meet your best friends, or make the happiest memories of your life.
Cars and roads don’t just kill and maim us. Their psychic operation on us makes it impossible for us to dream.
Interesting article and thanks for posting it. I've been curious about that aspect of car culture since I have been rebuilding a Chrysler 300C and searching on youtube for how-to videos often brings up sideshows. Its been fascinating.
How does this tool go from a vuln. in a library to -> a set of affected functions/control paths? My understanding was that the CVE format is unustructed which makes an analysis like this difficult
We added support to the Semgrep engine for combining package metadata restrictions (from the CVE format) with code search patterns that indicate you're using the vulnerable library (we're writing those mostly manually, but Semgrep makes it pretty easy):
- id: vulnerable-awscli-apr-2017
pattern-either:
- pattern: boto3.resource('s3', ...)
- pattern: boto3.client('s3', ...)
r2c-internal-project-depends-on:
namespace: pypi
package: awscli
version: "<= 1.11.82"
message: this version of awscli is subject to a directory traversal vulnerability in the s3 module
>Unfortunately, no technology currently exists that can tell you whether a method is definitively not called, and even if it is not called currently, it’s just one code change away from being called. This means that reachability should never be used as an excuse to completely ignore a vulnerability, but rather reachability of a vulnerability should be just one component of a more holistic approach to assessing risk that also takes into account the application context and severity of the vulnerability.
Err, "no technology currently exists" is wrong, "no technology can possibly exist" to say whether something if definitively called.
It's an undecidable problem in any of the top programming languages, and some of the sub problems (like aliasing) themselves are similarly statically undecidable in any meaningful programming language.
You can choose between over-approximation or under-approximation.
