Links für 2024 KW 45#
Meine To-Read Liste, Zusammengefasst von LlongOrca.
This article is a comprehensive overview and exploration of the programming language Ada, covering its history, syntax, types, concurrency, memory management, exceptions, C interoperability, and container libraries. The author discusses the strengths and weaknesses of Ada, comparing it to other languages like C and C++, and ultimately expresses their admiration for Ada’s robustness and expressiveness.
The article describes a confirmation process for determining if the user is human by asking them to press and hold a button until it turns completely green. If they believe there is an error, they should contact support.
Title:LoRA vs Full Fine-tuning: An Illusion of Equivalence:
The article discusses the comparison between full fine-tuning and Low-Rank Adaptation (LoRA) methods for adapting pre-trained large language models to downstream tasks, with a focus on understanding if their learned solutions are equivalent or not. It is found that both methods yield different weight matrix structures when analyzed through the lens of their spectral properties. LoRA models have new high-ranking singular vectors called „intruder dimensions,“ which do not appear in fully fine-tuned models. Despite achieving similar performance on the target task, these intruder dimensions make LoRA models worse at adapting to multiple tasks sequentially and can be minimized to achieve more robust model behavior.
In a 1970s excavation of an ancient graveyard in Belgium, archaeologists discovered a skeleton that they initially believed to be a typical Roman burial. However, during a recent reexamination, researchers identified peculiarities in the skeleton’s spine and used radiocarbon dating and DNA analysis to determine that it is composed of bones from at least eight unrelated men and women, dating back to the late Neolithic period. The skull belongs to a Roman woman from the third or fourth century CE. Researchers suggest that Gallo-Roman groups may have disturbed an old burial while interring their own dead, resulting in this composite skeleton.
Among unmarried adults, women without children have as much wealth as single men:
In the United States, the wealth gap between married and single adults has been studied extensively. It is found that households headed by married individuals have much more wealth on average than those headed by single adults. Within the unmarried population, there is also a significant wealth gap between men and women. The typical single man had $82,100 in wealth in 2022, compared with $58,100 for the typical single woman according to U.S Census Bureau data. This analysis was based on data from the U.S Census Bureau’s 2023 Survey of Income and Program Participation (SIPP) which reported on households‘ assets and liabilities. The survey included more than 17,000 households, making it possible to analyze outcomes for smaller demographic groups such as households headed by an unmarried mother with a child under 18. However, the wealth of households headed by unmarried men with or without children separately could not be looked at due to the relatively small number of single-father households.
Glasfaserausbau: Harte Bandagen im Kampf um die Kunden:
The article discusses the ongoing fiber-optic expansion in Germany and the challenges faced by competitors, such as Deutsche Telekom, who dominate the copper network that is set to be replaced by fiber. It highlights concerns about the slow pace of fiber deployment, increasing infrastructure costs, and the potential for strategic overbuilds. The article also discusses the political landscape surrounding these issues and suggests that the future may lie in a European „Champions League“ where Telekom competes with other European providers.
The Staff+ Engineer role is a complex and nuanced position that often falls between the Senior and Engineering Manager levels in an organization’s career ladder. These engineers typically have extensive technical knowledge, experience leading teams towards shipping products, and strong management skills. Their primary responsibilities involve using their expertise to guide their team towards achieving objectives, while also being able to adapt and fill various roles within the team as needed. Staff+ Engineers are expected to contribute significantly to the success of their organization or company, often through mentoring and elevating the capabilities of their teams.
Intentrace is a strace-like tool that intercepts and records system calls made by a process, helping in debugging crashing binaries. It works similarly to the UniKraft kernel’s methodology and currently supports around 166 Linux syscalls out of over 380. The tool is in beta stage and only supports x86-64 architecture. Intentrace plans to cover all Linux syscalls eventually, while accepting contributions through issues and pull requests for cross-compatibility and improvements.
Text File formats – ASCII Delimited Text – Not CSV or TAB delimited text:
The article discusses issues with common text formats, such as CSV and tab delimited text, due to the use of printable characters like quotes, commas, and tabs that are often found in exported data. It suggests using ASCII Delimited Text instead, which uses control characters 28-31 for field and record separators, resulting in a more straightforward format with no need for escaping characters.
This scientist treated her own cancer with viruses she grew in the lab:
Beata Halassy, a virologist at the University of Zagreb, successfully treated her breast cancer by injecting it with lab-grown viruses in an unproven treatment called oncolytic virotherapy (OVT). She has now been cancer-free for four years. The case report published in Vaccines outlines how Halassy self-administered the treatment, which is an emerging field of cancer treatment that uses viruses to attack cancerous cells and provoke the immune system into fighting them. While ethical concerns have been raised over self-experimentation, Halassy’s experience has given her research a new direction, with funding to investigate OVT for treating cancer in domestic animals.
The text provided appears to be an instructional prompt for confirming human identity, likely for a website or application. It instructs users to press and hold a button until it turns green, indicating that they are not a bot. If the user believes there is an error, they should contact support.
SQLite is not a single connection database:
The article clarifies that SQLite is often misunderstood as a single connection database, which can lead people to avoid using it. In reality, SQLite supports multiple concurrent reads and uses a write lock at the DB level, allowing only one „connection“ to write at once. This typically isn’t an issue since immediate transactions are possible for queuing queries to acquire the write lock later.
Glasfaserausbau: Harte Bandagen im Kampf um die Kunden:
The article discusses the ongoing fiber optic expansion in Germany, highlighting the challenges faced by companies and the government in providing high-speed internet access to all households. The German Telekom and its competitors are struggling for customers while adhering to strict regulations that allow multiple providers to compete within the same geographical area. The article also mentions the increasing competition and market dynamics, such as the Deutsche Telekom’s dominance in the copper-based network, which is expected to be replaced by fiber optics soon.
Maxun is a tool that enables users to train robots in 2 minutes for web data extraction tasks, such as capturing lists, text, or screenshots from websites. The tool also supports BYOP (Bring Your Own Proxy) to bypass anti-bot protection and adapts to website layout changes. Maxun offers a managed cloud version that handles infrastructure management, proxy networks, and CAPTCHA solving for users interested in extracting data at scale. The project is still in early development and welcomes feedback for improvement.
Dobble, also called Spot It!, is a card game that uses circular cards with different symbols or images. The goal is to find common symbols between two cards. This article explores the design and creation of such a deck. There are various ways to play, but all games involve finding which symbol is common to two cards. Given the number of symbols (s) per card, how many cards can be made, and how many different symbols do you need? If you want to make k cards, how many symbols do you need on each card, and how many in total?
To design a deck like this, there are three main requirements: every card has one symbol in common with every other card, each card has the same number of symbols, and no symbol appears more than once on a given card. The article also discusses the mathematics behind creating decks for different numbers of symbols per card and how to find larger decks.
Tuberculosis is rising in the U.S. again. How did we get here?:
Since 2020, tuberculosis (TB) rates have been increasing steadily in the US due to resource diversion from COVID tracking and treatment, according to a report from the Centers for Disease Control and Prevention. With 1.5 million deaths per year, TB is the world’s deadliest infectious disease. While most people in the U.S. are not at risk of developing TB compared to high-TB incidence countries like India, China, and the Philippines, recent trends have raised concerns among health experts. The rise in cases has been attributed to the pandemic’s impact on TB prevention efforts, disrupted health care access during COVID-19, and increased travel. TB remains a leading infectious killer worldwide, affecting millions in every country and age group, but hitting particularly hard in low- and middle-income populations.
Ousterhout’s dichotomy is a classification by computer scientist John Ousterhout that divides high-level programming languages into two groups: system programming languages and scripting languages. System programming languages are static, support complex data structures, and are compiled into machine code. Examples include C, OCaml, and Modula-2. Scripting languages, also known as glue languages, lack complexity in data structures, are interpreted, and often serve to connect other programs or add functionality on top of existing applications. Examples include Python, AppleScript, C shell, DOS batch files, and Tcl. Ousterhout’s dichotomy is used in the design of his language, Tcl. Critics argue that this distinction is arbitrary and some refer to it as Ousterhout’s fallacy or false dichotomy.
VW-Betriebsrat zu Lohnkürzungen: „Nur an Arbeitskosten zu sparen, ist unfair“:
The VW Works Council is opposing the planned wage cuts and estimates that personnel costs will only make up 17% of the company’s total costs. According to a special edition of the works council newspaper „Mitbestimmen,“ which was made available to the Deutsche Presse-Agentur, it is unfair to criticize labor costs alone. The Works Council states that the VW house tariff is only marginally higher than the industry standard tariff, with an entry salary for engineers at 69,280.50 euros per year compared to 67,715 euros in the industry standard. They also argue that employees in production earn around 55,078.50 euros per year compared to 50,454 or 54,947 euros in the industry standard tariff. The Works Council’s position is that VW workers are not significantly different from those in the branch tariffs. Volkswagen is demanding a 10% wage cut for its core brand in current negotiations and plans to reduce various bonuses and allowances, including those given at plant anniversaries. The IG Metall union has called for a 7% increase in pay. Talks will continue on November 21st with the VW house tariff applying to around 120,000 employees in six major west German locations.
Introducting Early Cascade Injection | Outflank Blog:
This article discusses a novel process injection technique named Early Cascade Injection, which is designed to evade detection by endpoint detection and response systems (EDRs). The technique leverages the user-mode part of process creation in Windows and combines elements of the well-known Early Bird APC Injection technique with the EDR-Preloading technique.
The article begins by explaining how a process is created in Windows, focusing on the user-mode part of process creation and presenting a call graph that outlines the key events during this process. It then delves into how Early Bird APC Injection works and interacts with the user-mode part, specifically when the queued APC is executed.
The author discusses EDR-Preloading, which demonstrated code execution through the overwriting of a callback pointer in the target’s ntdll.dll during process initialisation. However, this code execution was limited due to the presence of Loader Lock, which prevents the loading of additional DLLs and the creation of new threads.
The article then introduces Early Cascade Injection, a technique that involves creating a child process in suspended state, writing a two-part payload into it, and assigning the address of the first payload part (the payload stub) to the g_pfnSE_DllLoaded pointer of the new process. This allows for code execution before any Shim Engine related pointers are invoked and prevents them from executing.
The technique also involves queuing the second part of the payload as an APC on itself using NtQueueApcThread, which is triggered near the end of the Windows Image Loader by the NtTestAlert function. This ensures that the main payload executes without any issues related to incomplete DLL loading.
The article concludes by exploring how and when EDRs load their user-mode detection measures, such as hooks, during process creation. It explains that EDRs typically inject shellcode into the process memory and place a hook in LdrInitializeThunk, redirecting code execution to the injected shellcode. This shellcode is responsible for loading the EDR’s detection measures, which are then responsible for intercepting API calls in real-time and monitoring the process.
The author notes that techniques like Early Cascade Injection can preempt the EDR’s detection measures, allowing malicious code to run before these measures are fully loaded and take effect. This makes it an effective method for evading EDR detection.
Overall, the article provides a comprehensive overview of process injection techniques and their interaction with EDR systems, offering valuable insights into how attackers can bypass security measures and evade detection.
Methodology is bullshit: principles for product velocity:
The article discusses the importance of focusing on making the right thing quickly, rather than being slowed down by process, features, or other unnecessary elements. By eliminating requirements and doing less stuff, companies can often achieve product velocity. Some principles for achieving product velocity include operating in „idiot mode,“ prioritizing solving problems that matter, avoiding technical debt when possible, buying solutions from vendors instead of building them in-house, and focusing on the few things that are actually worth building. The article also emphasizes keeping engineering teams small to maintain flexibility and productivity.
1st-image-of-our-milky-ways-black-hole-may-be-inaccurate-scientists-say:
Scientists at the National Astronomical Observatory of Japan (NAOJ) have suggested that the first-ever image of the Milky Way’s supermassive black hole, Sagittarius A*, which was revealed by the Event Horizon Telescope (EHT) in May 2022, might be inaccurate. The researchers argue that part of the image’s doughnut-like appearance may be an artifact due to errors during EHT’s imaging analysis. They hypothesize that the ring image resulted from issues during the EHT’s imaging process rather than being a true astronomical structure.
The article presents a speculative outcome for the 2024 US Presidential election between Kamala Harris and Donald Trump, based on their 2020 results. In this scenario, Harris receives 69.1 million votes (47.7%) while Trump receives 73.5 million votes (50.7%). The article then discusses the importance of recognizing the problem with low voter turnout among Democrats, who lost over 10 million votes in 2020 and did not vote at all. The author suggests that this lack of engagement may continue into future elections unless they address the issue.
This article discusses the debate over whether mitochondria, the energy-producing organelles within cells, are considered alive or merely non-living membranous structures. American evolutionary biologist Lynn Margulis proposed that mitochondria have their own life forms and should be classified as living entities rather than just organelles. The article suggests that a deeper understanding of the nature and role of mitochondria may lead to advances in scientific research, tools for manipulating bioenergetics, and insights into age-related diseases related to mitochondrial dysfunction.
Ease of maintenance is a feature - Ronak’s Blog:
This article argues that ease of maintenance is an important feature in software development, and should not be overlooked in favor of scalability, speed, or shiny new technology. The article emphasizes the importance of building software that can adapt to various scenarios such as changes in ownership, developer turnover, financial crises, team downsizing, rare skill requirements, and more. The author suggests that a key aspect of building long-lasting software is focusing on ease of maintenance, which includes quick and efficient processes for making code changes, deployments, and updates.
Methodology is bullshit: principles for product velocity:
In the provided text, an individual shares their experiences and opinions on software development methodologies. They argue that many companies focus on assigning requirements, setting deadlines, and treating quality as an output, which they believe is not effective. Instead, they suggest a more flexible approach where engineers are given a standard of quality and asked what can be shipped within a specific timeframe, such as 60 days.
They also discuss the use of vendors for certain tasks, stating that it’s often beneficial to outsource work when it’s a solved problem rather than reinventing the wheel. This allows teams to focus on core competencies and avoid unnecessary complexity. Additionally, they emphasize the importance of understanding what problems are truly important and which ones can be ignored.
The author believes that many methodologies and processes are overused or misapplied in the software industry, leading to inefficiencies and a lack of innovation. They advocate for a more agile, flexible approach that allows teams to adapt quickly to changing circumstances without getting bogged down in unnecessary bureaucracy. However, they acknowledge that this approach may not be suitable for all situations, especially those involving complex or critical systems where strict oversight and planning are necessary.
Overall, the author’s perspective is rooted in a desire for simplicity, efficiency, and flexibility in software development, with a focus on empowering engineers to make decisions and take ownership of their work.
The article discusses various games and activities created by union members and supporters during a strike. These games include Frogger 8th Ave, Scabby’s Fair Contract Builder, Match Strike, Word Search, Connections: Strike Edition, Strikle, and Trivia and Jokes. The games are not affiliated with the New York Times company, and there might be some bugs due to ongoing development. Additionally, a cookbook is provided for those interested in cooking during the strike.
Matthew Bird - Audio Decomposition:
This article describes an open-source project called Audio Decomposition Premise, which aims to separate music into its constituent instruments without relying on external libraries. The software uses Fourier transforms and envelope analysis to decompose music files into individual notes and instruments. To achieve this, the program takes the Fourier transform of the audio every 0.1 seconds and adds it to the stored Fourier transform of each instrument. Additionally, the envelope is extracted by taking the maximum value at each chunk of the sound wave. The results can be displayed using matplotlib’s scatter plot with - shaped points for sheet music representation.
In a recent study published in Science journal, researchers found that Facebook’s algorithms were not major drivers of misinformation during the 2020 United States election. However, the results have been challenged by another team of researchers who argue that Facebook likely changed its algorithm during the study, leading to different findings. The original study claimed that Facebook’s news feed algorithm reduced user exposure to untrustworthy news content. This has highlighted the problems caused by big tech funding and facilitating research into their own products and emphasized the need for greater independent oversight of social media platforms.
GitHub - dandavison/delta: A syntax-highlighting pager for git, diff, grep, and blame output:
The article discusses a package called „git-delta,“ which is an advanced Git diff viewer with many features and customization options. It supports various syntax highlighting themes, line numbering, side-by-side view, and improved merge conflict display. Delta can also handle traditional unified diff output and automatically detect terminal colors. The package is easy to install and comes with a user manual for further information on its features.
Following up „Mother of all htmx demos“:
This article discusses the author’s journey with htmx (a web framework) and how it has impacted their work. The author shares their experience with a SaaS company called Contexte, where they were able to use htmx to improve user experience while reducing costs. They also address common questions and concerns about using htmx, such as compatibility with other frameworks and the need for separate back-ends. Overall, the article highlights the benefits of the hypermedia approach in web development and its potential impact on SaaS products.
Algol-68 seemed like a good idea – until it wasn’t:
The 1960s saw rapid growth in programming languages, with the first commercial languages being Fortran and Cobol. Algol was developed as a scientific programming language, but its development eventually led to the creation of Algol-68, which was too complex and obscure for widespread adoption. The Algol family of languages remained rooted in the academic community and did not have strong connections to industry. Algol-68 derivatives saw some use in the USSR, but overall it failed as a commercial and teaching language.
Here are the patents Nintendo and The Pokémon Company are suing Palworld over:
Palworld developer Pocketpair has revealed the patents at the center of a lawsuit filed by Nintendo and The Pokémon Company in Japan, seeking 5 million yen each plus late fees. The three Japanese patents cited are No. 7545191, No. 7493117, and No. 7528390. Pocketpair is also seeking an injunction against the game and compensation for a portion of damages between the date of registration of the patents and the filing of the lawsuit. The legal battle has led to the delay of Palworld’s Japanese PS5 launch, but development on a mobile port continues with Krafton as the publisher.
Russische Zensurbehörde blockiert Cloudflare wegen Verschlüsselungsoption:
Die russische Zensurbehörde Roskomnadzor empfiehlt Netz-Zensoren, sich von Cloudflare zu distanzieren, da sie die Einführung einer TLS-Erweiterung namens Encrypted Client Hello (ECH) durch den US-Anbieter als eine Bedrohung für die Sicherheit in Russland betrachtet. Die ECH-Erweiterung verschlüsselt den Domainnamen beim Aufruf einer Webseite per HTTPS so, dass mithilfe von Firewalls oder Zensurstellen der Domainname nicht mehr eingesehen werden kann. Cloudflare hat sich bislang nicht zu dieser Frage geäußert. Die Blockade betrifft alle über Cloudflare’s CDN (Content Delivery Network) ausgelieferten Webseiten inner- und außerhalb Russlands, und wie gravierende die Auswirkungen sind, ist unklar.
It’s legal for police to use deception in interrogations. Advocates want that to end:
Ted Bradford was wrongfully convicted due to a confession obtained through deception during an interrogation by Yakima, Washington detectives. Since then, ten states have passed laws banning police from lying to juveniles during interrogations, but some legal advocates argue that this ban should apply to all individuals. Nearly a third of DNA exonerations from 1989-2020 involved a false confession and legal experts believe vulnerable groups like young adults, people with intellectual disabilities, and those who are naturally compliant could also be affected by deceptive practices during interrogation. Washington state lawmakers have introduced a bill that would make incriminating statements made in police custody largely inadmissible in court if obtained using deception, but it has not yet passed.