Bulletin for Friday, 26 Aug 2022
7 days digest
Metadata (1)
The Ably Blog (1)
Almost Secure (1)
Retool blog (1)
Weaveworks (2)
Notes on software development (2)
- What's the big deal about key-value databases like FoundationDB and RocksDB?
- SQLite has pretty limited builtin functions
Future (2)
- The Insider’s Guide to Data Rooms: What to Know Before You Raise
- Remote Startups Will Win the War for Top Talent
The CircleCI Blog Feed - CircleCI (2)
- Deploying a dockerized .NET Core app to an Azure container instance
- Native vs cross-platform mobile app development
Blog – Hackaday (4)
- A Self-Spinning Tennis Ball to Surprise Your Opponent
- Multispectral Imaging System Built With Raspberry Pi
- Pi Pico Gives Its Life for Overclocking
- Tech In Plain Sight: Rain-Sensing Wipers
- Amazon product query competition draws more than 9,200 submissions
- The science behind grouping package deliveries
- Why Amazon Scholar Yossi Keshet remains "excited about speech"
- Ozge Sahin on the art and science of studying consumer behavior
Pluralistic: Daily links from Cory Doctorow (5)
- Pluralistic: 24 Aug 2022 Moderna's Vaccine Apartheid
- Pluralistic: 23 Aug 2022 Tory UK is in serious trouble
- Pluralistic: 22 Aug 2022 Gmail will call the cops on you based on the content of your emails
- Pluralistic: 21 Aug 2022 The Shitty Technology Adoption Curve Reaches Apogee
- Pluralistic: 19 Aug 2022 Business Roundtable vs Humanity
- Open source and accidental innovation
- Why AI is having an on-prem moment (Ep. 476)
- Does high velocity lead to burnout? That may be the wrong question to ask.
- Combining the best of engineering cultures from Silicon Valley and Shanghai (Ep. 475)
- The Overflow #139: Software licenses against evil
Simon Willison's Weblog: Blogmarks (7)
- How SQLite Scales Read Concurrency
- Stable Diffusion Public Release
- Digitizing 55,000 pages of civic meetings
- Turning SQLite into a distributed database
- Show HN: A new way to use GPT-3 to generate code (and everything else)
- Shoelace
- The Datasette Newsletter: Datasette Lite, Datasette Tutorials, Datasette Cloud
- MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations
- Microsoft Security highlights from Black Hat USA 2022
- MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone
- Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks
- Data governance: 5 tips for holistic data protection
- A multidimensional approach to journalism security
- Microsoft recognized as a Leader in the 2022 Gartner® Magic Quadrant™ for Unified Endpoint Management Tools
- Cyber Signals: Defend against the new ransomware landscape
- Uncovering a ChromeOS remote memory corruption vulnerability
The rise of cloud computing has led to the proliferation of AWS accounts and users. These partners are essential for enterprises looking to tackle long-term, strategic initiatives and day-to-day operations related to DevOps. (BACK TO TOP)
What happens when your distributed service has challenges with stampeding herds of internal requests? How do you prevent cascading failures between internal services? How might you re-architect your workflows when naive horizontal or vertical scaling reaches their respective limits? These were the challenges facing Slack engineers during their day-to-day development workflows in 2020. (BACK TO TOP)
https://www.hackerfactor.com/blog/
I watch my logs like a hawk. (Like a very bored hawk.) Over the last few months, I have been seeing an increase in blind web attacks. This is where an attacker has a long list of potentially vulnerable URLs (e.g., /wp_login.php, /login.action, /shell.php) and they step through each one "just in case" the server might be vulnerable to their exploit. None of these URL paths exist on my servers, but the attackers don't care. A firewall only has a few options when it receives a packet.94.138.94.138. (BACK TO TOP)
http://muratbuffalo.blogspot.com/
This paper from Sigmod 2015 describes the addition of Multi-Version Concurrency Control (MVCC) to the Hyper database, and discusses at length how they implement serializability efficiently with little overhead compared to snapshot isolation. Coming only two years later, this paper seems like a response/one-up-manship to the Hekaton paper . In the paper, you can see at many places statements like "in constrast to/ unlike/ as in/ Hekaton" phrase. Hyper is also an in-memory database as in Hekaton.. (BACK TO TOP)
Our new Message Interactions feature makes it very easy to interact with messages previously sent to a channel. This comes in handy if you’re building chat functionality where users interact with a previous message – for example by ‘liking’, replying, quoting, or adding an emoji reaction. (BACK TO TOP)
https://engineering.atspotify.com/
TL;DR The software development life cycle (SDLC) has always been followed by functional testing to ensure software solutions have all the necessary features and functions. Because of the growing number of cyberattacks, software development stakeholders have been forced to implement security testing as the main track in SDLC to prevent vulnerabilities and flaws in applications [... (BACK TO TOP)
The C and C++ languages offer little protection against programmer errors. Errors do not always show up where you expect. You can silently corrupt the content of your memory. It can make bugs difficult to track. To solve this problem, I am a big fan of programming in C and C++ using sanitizers. They slow your … Continue reading Catching sanitizer errors programmatically (BACK TO TOP)
https://www.tbray.org/ongoing/ongoing.atom
In the previous article we discussed extension privileges . And as we know from another article , extension pages are the extension context with full access to these privileges. So if someone were to attack a browser extension, attempting Remote Code Execution (RCE) in an extension page would be the obvious thing to do. In this article we’ll make some changes to the example extension to make such an attack against it feasible. createElement ( "div" ); div . innerHTML = untrustedData ; document . (BACK TO TOP)
If you’re using Tailscale with short-lived devices such as containers or frequently redeployed infrastructure, you are probably already using ephemeral nodes . Ephemeral nodes are meant for automated, frequently redeployed workloads because they’re automatically removed from your network once they are no longer active. However, this automatic process could potentially take an hour or longer while the coordination server waits to see if the ephemeral node will come back online. Starting in v1. (BACK TO TOP)
Learn about the GDPR-compliant setup Cameron Archer built to replace some of the most useful views in Google Analytics using Retool and Tinybird. (BACK TO TOP)
by Ehtsham Elahi with James McInerney , Nathan Kallus , Dario Garcia Garcia and Justin Basilico Introduction This writeup is about using reinforcement learning to construct an optimal list of recommendations when the user has a finite time budget to make a decision from the list of recommendations. Working within the time budget introduces an extra resource constraint for the recommender system. It is similar to many other decision problems (for e.g.g.g.). This is known as the SARSA algorithm. (BACK TO TOP)
This blog post is written by Jeff Krupinski, Weaveworks Senior Director of Sales. Have you ever thought about how retailers or restaurant chains have adopted cloud-native technology with edge presence at their brick and mortar stores? You may have seen some customer testimonials online from Chick-fil-A and Nordstrom that tackle these challenges and Weaveworks is at the core of helping others as well. Same holds true for Kubernetes clusters.). (BACK TO TOP)
The concept of a hybrid cloud is gaining prominence as it helps organizations save costs, improve agility, better scale development, and utilize applications and tools from a variety of vendors. However, it comes at the cost of potential security threats. Almost 94% of enterprises are concerned about cloud security, according to the 2022 Cloud Security Report . This claim is hardly surprising in the wake of cloud computing’s adoption. Hybrid cloud security is inherently difficult.e. (BACK TO TOP)
Let's assume you're familiar with basic SQL databases like PostgreSQL and MySQL, and document databases like MongoDB and Elasticsearch. You probably know Redis too. But you're hearing more and more about embedded key-value stores like RocksDB , LevelDB , PebbleDB , and so on. And you're hearing about distributed key-value databases like FoundationDB and TiKV . What's the big deal? Aren't these just the equivalent of Redis or Java's ConcurrentHashMap? Let's take a look. And so on.g.g. It is not. (BACK TO TOP)
This is an external post of mine. Click here if you are not redirected. (BACK TO TOP)
Learn how to run commands in batch against a PlanetScale database using the PlanetScale CLI. Read the full story (BACK TO TOP)
Learn about the lightweight and highly collaborative process our product design team follows to ship quickly at PlanetScale. Read the full story (BACK TO TOP)
It’s time for your startup to fundraise. You prepare a deck, practice your pitch, and start reaching out to investors. If a first meeting goes well, it often ends with a request to share your “data room.” But what is a data room, and what should be included in it? What is a data room?... Read More The post The Insider’s Guide to Data Rooms: What to Know Before You Raise appeared first on Future . (BACK TO TOP)
The ease and speed with which you can now buy nearly anything — truly, anything — online is often taken for granted: not just food, but cars, homes, blue-chip art, even a college education. In the past 30 years, we have grown to trust the internet in a way we could never have imagined in... Read More The post Remote Startups Will Win the War for Top Talent appeared first on Future . (BACK TO TOP)
This tutorial covers: Dockerizing an ASP.NET Core app Creating a continuous deployment configuration to build and deploy the container image Deploying the .NET Core app to the Azure Container Registry In this tutorial, you will learn how to build a custom ASP.NET Core container with Docker and host the container image on Azure Container Registry, a platform owned by Microsoft that allows you to build, store, and manage container images in a private registry.NET Core framework . .microsoft. .1. (BACK TO TOP)
In just a decade, smartphones have become ubiquitous. They facilitate communication via texting and calling, provide entertainment, enable administration, and offer utilities for their users in the form of applications. Users access these mobile applications through their app store, whether it is Apple’s App Store or the Google Play Store. Developers construct them with the smartphone’s operating system in mind. The two mainstream operating systems that are targeted are Android and iOS. (BACK TO TOP)
In many ball sports like golf, football and tennis, controlling the ball’s spin is an important skill. Expert players can make golf balls curve around obstacles, launch footballs towards goal …read more (BACK TO TOP)
Multispectral imaging can be a useful tool, revealing all manner of secrets hidden to the human eye. [elad orbach] built a rig to perform such imaging using the humble Raspberry …read more (BACK TO TOP)
How fast can a Raspberry Pi Pico go? Well, apparently the answer is 1 GHz if you freeze it and give it over twice the voltage it normally gets. Oh, …read more (BACK TO TOP)
While it is definitely a first-world problem that you don’t want to manually turn on your windshield wipers when it starts raining, it is also one of those things that …read more (BACK TO TOP)
Launched under the auspices of the KDD Cup at KDD 2022, the competition included the release of a new product query dataset. (BACK TO TOP)
How Customer Order and Network Density OptimizeR (CONDOR) has led to improved delivery routes. (BACK TO TOP)
New speech representations and self-supervised learning are two of the recent trends that most intrigue him. (BACK TO TOP)
The Johns Hopkins business school professor and Amazon Scholar focuses on enhancing customer experiences. (BACK TO TOP)
Today's links Trump gave Moderna all the patent-waivers it needed to make a vaccine: And then Moderna fought against patent-waivers for that vaccine. Hey look at this: Delights to delectate. Part of the WTO is the TRIPS (AKA "Agreement on Trade-Related Aspects of Intellectual Property Rights") – a treaty that binds WTO members to respect each others' patent rights. One way this can go horribly wrong? Pharmaceuticals. They're not ever gonna pay US prices. https://pluralistic. https://newrepublic. (BACK TO TOP)
Today's links Tory Britain is crashing and burning: They got Brexit done. Hey look at this: Delights to delectate. This day in history: 2002, 2007, 2012, 2017, 2021 Colophon: Recent publications, upcoming/recent appearances, current writing projects, current reading Tory Britain is crashing and burning (permalink) After 43 years of Tory policies (including the 12 years of Tory-lite Blairism), Margaret Thatcher has been vindicated – there truly no longer is "any such thing as a society.antipope. (BACK TO TOP)
Today's links falsely told the police that a father was a molesting his son: Filternets fail. Hey look at this: Delights to delectate. Mark’s toddler had a painful, swollen penis. His wife contacted their doctor, whose nurse asked Mark to send him a picture of the toddler’s penis, because the pandemic was raging and the doctor wasn’t seeing patients in person. https://www.nytimes.com/2022/08/21/technology/google-surveillance-toddler-photo. Google refused to listen to Mark's explanation.").eff.g. (BACK TO TOP)
Today's links Workplace surveillance is coming for you: Empricism-washing as a form of wage-theft. Hey look at this: Delights to delectate. This day in history: 2002, 2012 Colophon: Recent publications, upcoming/recent appearances, current writing projects, current reading Workplace surveillance is coming for you (permalink) If you want to do something terrible with technology, you can't just roll it out on people with money and social capital. They'll complain and your idea will tank.nytimes. (BACK TO TOP)
Today's links The Business Roundtable's climate plan was killed by its arch-rival, the Business Roundtable: If only Apple, Pepsi, Walmart and Google knew someone at the lobbying shop they own. Hey look at this: Delights to delectate. Then they spent three years and millions of dollars lobbying against that goal. https://www.businessroundtable. https://www.theguardian. Instead, the Roundtable prefers "voluntary" disclosures that allow companies to omit emissions and risks in their supply chains. (BACK TO TOP)
The more open a system is to new contributors, the more chance that an accidental meeting will benefit everyone involved. The post Open source and accidental innovation appeared first on Stack Overflow Blog . (BACK TO TOP)
The home team discusses how Instagram’s evolving platform has alienated some creators, why AI and machine learning are moving on-premises, and why Amazon’s acquisition of the company behind the Roomba is striking from a privacy perspective. The post Why AI is having an on-prem moment (Ep. 476) appeared first on Stack Overflow Blog . (BACK TO TOP)
High velocity compared to what? The post Does high velocity lead to burnout? That may be the wrong question to ask. appeared first on Stack Overflow Blog . (BACK TO TOP)
The home team sits down with Liam Zhao, founder and CEO of Immersive, a startup that gives creators tools to produce engaging virtual content and events. The post Combining the best of engineering cultures from Silicon Valley and Shanghai (Ep. 475) appeared first on Stack Overflow Blog . (BACK TO TOP)
Low code & no code, electronic export confusion, and free design pattern book The post The Overflow #139: Software licenses against evil appeared first on Stack Overflow Blog . (BACK TO TOP)
https://www.microsoft.com/security/blog/
Microsoft detected an Iran-based threat actor the Microsoft Threat Intelligence Center (MSTIC) tracks as MERCURY leveraging exploitation of Log4j 2 vulnerabilities in SysAid applications against organizations located in Israel. The post MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations appeared first on Microsoft Security Blog . (BACK TO TOP)
Black Hat USA 2022 marked the twenty-fifth year that security researchers, security architects, and other security professionals have gathered to share the latest research, developments, and trends. Here are the highlights from the Microsoft Security booth. The post Microsoft Security highlights from Black Hat USA 2022 appeared first on Microsoft Security Blog . (BACK TO TOP)
Microsoft security researchers have discovered a post-compromise capability we’re calling MagicWeb, which is used by a threat actor we track as NOBELIUM to maintain persistent access to compromised environments. The post MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone appeared first on Microsoft Security Blog . (BACK TO TOP)
Threat actors evade detection by adopting the Sliver command-and-control (C2) framework in intrusion campaigns. The post Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks appeared first on Microsoft Security Blog . (BACK TO TOP)
Proactive data governance offers a holistic approach that conserves resources and simplifies the protection of your data assets. Microsoft Purview provides a comprehensive data governance solution designed to help manage your on-premises, multicloud, and software as a service (SaaS) data. Here are five ways it can help. The post Data governance: 5 tips for holistic data protection appeared first on Microsoft Security Blog . (BACK TO TOP)
Former New York Times Senior Director of Information Security Runa Sandvik shares strategies to help protect journalists and media organizations. The post A multidimensional approach to journalism security appeared first on Microsoft Security Blog . (BACK TO TOP)
Microsoft recognized as a Leader in the 2022 Gartner® Magic Quadrant™ for Unified Endpoint Management Tools
This month, Microsoft has been recognized by Gartner as a Leader in the 2022 Magic Quadrant for Unified Endpoint Management Tools. This blog post outlines the “so what” for IT leaders, and why we believe this Gartner analysis deserves your focus right now. The post Microsoft recognized as a Leader in the 2022 Gartner® Magic Quadrant™ for Unified Endpoint Management Tools appeared first on Microsoft Security Blog . (BACK TO TOP)
Today, Microsoft is excited to publish our second edition of Cyber Signals, spotlighting security trends and insights gathered from Microsoft’s 43 trillion security signals and 8,500 security experts. In this edition, we pull back the curtain on the evolving cybercrime economy and the rise of Ransomware-as-a-service (RaaS). The post Cyber Signals: Defend against the new ransomware landscape appeared first on Microsoft Security Blog . (BACK TO TOP)
Microsoft discovered a memory corruption vulnerability in a ChromeOS component that could have been triggered remotely, allowing attackers to perform either a denial-of-service (DoS) or, in extreme cases, remote code execution (RCE). The post Uncovering a ChromeOS remote memory corruption vulnerability appeared first on Microsoft Security Blog . (BACK TO TOP)
Bulletin by Jakub Mikians