Links für 2025 KW 33#
Meine To-Read Liste, Zusammengefasst von Mistral-Small-24B.
The text is an update from the team behind Anna’s Archive, a digital library initiative. The team reports facing increased attacks on their mission but remains committed to preserving humanity’s literary and scientific heritage. Since 2022, they have saved tens of millions of books, articles, and other documents, thanks to volunteer efforts and partnerships with various libraries and digital collections. Key achievements include acquiring vast amounts of data from institutions like IA Controlled Digital Lending and HathiTrust, and compiling the largest book metadata collections ever. They have also formed partnerships with other digital libraries, enhancing their collection and operational security.
However, they note the disappearance of one of their partner libraries and express caution about a new entrant, WeLib, which has mirrored their collection but not contributed new materials or code improvements. The team is working on new projects and encourages volunteers and donations to support their minimal-budget operations. The update concludes with a call to continue fighting for their cause. (13743)
How AI researchers accidentally discovered that everything they thought about learning was wrong:
The text discusses a significant shift in AI research, focusing on the discovery that large neural networks, contrary to traditional theory, can be highly effective. For centuries, the bias-variance tradeoff governed learning systems, suggesting that overly complex models would overfit and fail to generalize. However, recent empirical evidence has shown that very large neural networks can overcome this issue, a phenomenon known as „double descent.“
Researchers found that these massive models, instead of memorizing data, actually find simple, elegant solutions within vast parameter spaces. This is encapsulated in the „lottery ticket hypothesis,“ which posits that large networks contain many subnetworks (lottery tickets) that can perform well, given the right initial conditions. This discovery has led to a paradigm shift in AI, with major companies investing billions in scaling up models.
The implications extend beyond AI, suggesting that intelligence is about finding simple patterns rather than memorizing information. This understanding also highlights the importance of empirical testing and pushing the boundaries of accepted theory. While scaling has proven effective, it also suggests natural limits and potential future challenges in AI development. Ultimately, the story underscores the value of challenging conventional wisdom and embracing uncertainty in scientific discovery. (13744)
How much do electric car batteries degrade?:
The text discusses the degradation of electric car batteries, a common concern for those considering electric vehicles (EVs). Unlike mobile phone batteries, electric car batteries are designed to last much longer. The text addresses the misconception that EVs lose significant value due to battery degradation, suggesting that the perception of degradation, rather than actual degradation, is a significant factor in the depreciation of second-hand EVs.
There are two main types of battery degradation in EVs: calendar aging, which occurs over time even when the car isn’t used, and cyclical aging, which happens during charging and discharging. The text emphasizes that while initial degradation can be noticeable, it slows down significantly over time. Real-world data from large cohorts of Teslas and other EV models show that batteries maintain a significant portion of their initial capacity even after high mileage.
Manufacturers‘ warranties further underscore the longevity of EV batteries, with most offering warranties covering 8 to 10 years or 100,000 miles, and some extending up to 600,000 miles. The text also provides tips to slow battery degradation, such as avoiding extreme temperatures and states of charge, and not relying on fast charging excessively.
Overall, the text concludes that while battery degradation is a factor, it is not as severe as commonly perceived and should not be a dealbreaker for most EV buyers. Additionally, battery technology is continually improving, which will enhance the longevity of future EV batteries. (13745)
T-Mobile claimed selling location data without consent is legal—judges disagree:
The text discusses a recent legal development involving T-Mobile and its fine for selling customer location data without consent. Here are the key points:
A federal appeals court upheld a $92 million fine imposed on T-Mobile by the FCC for selling customer location information to third parties without proper consent or safeguards. The court rejected T-Mobile’s arguments that the FCC overstepped its authority and that the fines were unjustified. The ruling emphasized that cell phones constantly transmit location data to carriers, making this information highly sensitive.
T-Mobile and its subsidiary Sprint were found to have sold this data to aggregators like LocationSmart and Zumigo, allowing bad actors to access it illicitly. Despite knowing about these abuses, the carriers continued to sell the data without implementing new safeguards.
The carriers tried to argue that the FCC lacked the authority to impose these fines, but the court ruled that the FCC acted properly. They also claimed they were entitled to a jury trial, but the court determined that by choosing to pay the fines and seek direct review, they forfeited that right.
Additionally, the carriers argued that the location data did not qualify as sensitive Customer Proprietary Network Information (CPNI), but the court disagreed, stating that the data is generated whenever a device connects to a network, not just during voice calls.
The case is part of a larger issue involving all major carriers. AT&T and Verizon are still challenging their own fines in separate courts. The FCC’s actions stem from a 2018 revelation that carriers were selling real-time location data, with the fines finalized in 2024. (13746)
The text is an introduction to Phrack Magazine, Issue 72, a well-known publication in the hacking community. Phrack has been a significant platform for sharing knowledge, tools, and stories among hackers for 40 years. The magazine serves as both a technical journal and a cultural document, reflecting the evolution of hacking and the challenges faced by hackers over the decades. It covers a wide range of topics, from manipulating phone systems to vulnerability scanning and complex security concepts. The introduction highlights the ethos of hacking—curiosity, adaptability, and the desire to improve the world. It also acknowledges the contributions of authors, artists, reviewers, and donors who make the magazine possible. The issue includes various articles, visuals, and a Capture The Flag (CTF) challenge, aiming to inspire and educate the hacking community. The magazine is independent and encourages submissions from hackers worldwide, emphasizing the importance of sharing knowledge and experiences. (13747)
BBC witnesses Israeli settlers‘ attack on Palestinian farm in West Bank:
The text describes a violent incident involving Israeli settlers attacking a Palestinian farm in the occupied West Bank. The settlers, known for their extremist views, destroyed olive trees and other properties, aiming to displace Palestinians and thwart the idea of a Palestinian state. The attack was part of a weekly routine that Palestinians face, with settlers using intimidation and violence to seize land. The Israeli army’s intervention often favors settlers, further complicating the situation. The incident highlights the broader conflict, where settlers‘ aggression and government support have led to significant land takeovers and displacement of Palestinians. Tensions escalate as Israeli forces maintain heavy control over the West Bank, resulting in casualties on both sides. The story concludes with the funeral of a Palestinian teen killed by Israeli troops, emphasizing the deep-seated ties and ongoing struggle for the land. The overall message is one of ongoing conflict, violence, and displacement in the West Bank, with settlers and Israeli forces often acting against Palestinian interests. (13748)
Google is killing the open web:
The text discusses how Google has been systematically undermining the open web, with a particular focus on its efforts to deprecate and remove XML-based technologies like XSLT. This strategy is part of a broader trend among tech giants to control and centralize the web, moving away from decentralized, open standards.
Google’s actions include shutting down services like Google Reader, closing XMPP federation in Google Chat, removing support for technologies like MathML, and pushing for formats like AMP that funnel traffic through Google’s servers. These moves have accelerated the shift from decentralized web services to centralized platforms, making the web more proprietary and less interoperable.
The author argues that these changes matter because technologies like RSS and XSLT are crucial for the open web, enabling decentralized content distribution and reducing hosting costs. The removal of XSLT, for instance, would make it harder for websites to use XML feeds effectively and could lead to increased reliance on proprietary solutions.
The text also highlights the importance of user advocacy. It encourages users to voice their opinions, demand better support for open standards, and build alternatives like polyfills to keep these technologies alive. The author concludes by naming and shaming engineers involved in these decisions, emphasizing the need for transparency and accountability in the development of web standards. (13749)
„To Restore America, Start with Honor“:
The text is a personal reflection by Mike Olson, a private citizen with a strong sense of patriotism, who is disheartened by the current state of American politics and institutions. He begins his day by re-reading the Declaration of Independence and wearing a t-shirt that pledges support for the U.S. Constitution. He expresses sadness about the current state of affairs in America. He reads an article by Anne-Marie Slaughter that advocates for ethical and moral responses to the challenges facing the country and the world. Olson is inspired by this article, and hopes that others will find comfort and renewed determination in it. He encourages readers to access the article through a temporary link from his personal Bloomberg subscription. (13750)
The text discusses several political issues, with a focus on gerrymandering ahead of midterm elections. The author first briefly mentions concerns about cryptocurrency players‘ interactions with the Trump administration and the poor jobs report. Then, the author discusses how Texas Republicans are redrawing congressional districts to flip Democratic seats to Republican ones, while Democrats have left the state to try and prevent this. This strategy is an effort to counter the unpopular policies of the Republican party.
The author then shares how California Governor Gavin Newsom plans to respond by turning red districts blue. The author argues that this tit-for-tat approach is necessary to counter the Republicans‘ tactics, which have been used to disempower voters and guarantee electoral advantages. The author believes that if Democrats also employ gerrymandering, it will make the tactic ineffective and dangerous for Republicans to pursue, but they must be clear that they find the strategy odious and unfair.
The author concludes that Democrats have been too passive in response to Republican tactics and must now fight back effectively against the rise of authoritarianism in the US. The author advocates for an honorable approach to countering these tactics. (13751)
The author, a longtime Democratic supporter, has decided to withhold his support—including his votes, time, and money—until Chuck Schumer steps down from his leadership role. This decision is driven by Schumer’s vote that aided MAGA Republicans and enabled the passage of a bill harmful to most Americans. The author argues that Schumer’s actions exemplify the Democratic Party’s lack of vision and effective governance. He advocates for a „Contract for a better America,“ inspired by Newt Gingrich’s Contract with America. The author believes that until the Democratic Party presents a forward-looking, inspiring vision and makes significant changes, it will continue to lose elections. He wants the party to earn his vote by offering a compelling vision for the future. (13752)
The text discusses the intrusive data practices of big tech companies, using Google as a primary example. The author recounts two personal experiences where Google demanded unnecessary and invasive access to location data and personal photos, not for user convenience, but to feed its advertising models and increase revenues. The author critiques Google’s shift from its original motto of „Don’t be evil“ to a focus on maximizing profits at the expense of user privacy. This phenomenon, where tech companies degrade their services to extract more data, is termed „enshittification.“
To combat this, the author suggests several strategies: holding tech companies accountable, refusing to use their invasive products, and encouraging engineers to resist building such systems. The author argues that while tech products can be useful, the cost to privacy and control is too high, and they can be replaced with less intrusive alternatives. The overall message is a call to action against the exploitative practices of big tech companies. (13753)
Features - How to Build a Medieval Castle - Archaeology Magazine - September/October 2025:
The text discusses the Guédelon Castle project in Burgundy, France, an ongoing experimental archaeology initiative aimed at building a thirteenth-century castle using only period-appropriate tools, techniques, and materials. The project, started in 1998, involves a team of skilled craftspeople and archaeologists working together to reconstruct medieval building methods and solve historical puzzles, such as the materials used for windows in lesser edifices. The castle’s construction has led to numerous discoveries about medieval life, including the use of waxed linen for windows, the effectiveness of younger, green oak for timber structures, and the collaborative nature of medieval labor. The project has also influenced restoration efforts, such as those at Notre Dame Cathedral, and continues to attract visitors and contribute to our understanding of the Middle Ages. The castle’s construction is a never-ending process, with each obstacle presenting an opportunity to learn more about the past. The project’s success is attributed to the team’s collaborative effort and their dedication to forgetting the twenty-first century and focusing on medieval techniques. (13754)
The text presents a critique of the current focus on Artificial Intelligence (AI) in the tech industry. The author argues that the excessive investment in AI features often leads to unnecessary and unwanted additions to software, which can degrade the overall user experience. Instead of chasing AI-driven innovations, the author suggests that resources should be directed towards improving existing technology and solving real-world problems. The author gives examples of broken software and AI features that add no value, such as the AI meeting generator at Gamescom, and points out that the tech industry’s obsession with AI often leads to neglected and poorly maintained current systems. The author concludes that the excessive focus on AI is driven by the promise of profit, but that creating better products would be more beneficial in the long run. The text ends with a reflection on the lost potential due to the current AI bubble. (13755)
OpenMower - The DIY Smart Mowing Robot for Everyone:
The text is a repository page for an open-source robotic lawn mower project called OpenMower, created by Clemens Elflein. The project aims to improve upon the existing robotic lawn mowers, which the author finds inefficient and random in their mowing patterns. The core hardware is taken from a disassembled YardForce Classic 500 robotic mower, which is found to be of high quality and easily upgradable. The project’s main goal is to develop better software to enhance the mower’s functionality, safety, and efficiency. Key objectives include autonomous mowing, safety features, flexible mowing areas, cost-effectiveness, open-source sharing, aesthetic design, obstacle avoidance, and rain detection. The project is actively developed, with a functioning prototype that can mow, map, and dock autonomously. The software is in progress, with plans to implement features like obstacle avoidance and path planning. The community is encouraged to build their own OpenMowers, contribute to documentation, and share their experiences. The project is licensed under Creative Commons, allowing private and educational use but prohibiting commercial exploitation without permission. The author also provides resources like a blog, Discord server, and YouTube channel for updates and community engagement. (13756)
How Croatian freediver held breath for 29 minutes:
Vitomir Maričić, a Croatian freediver, has set a new Guinness World Record by holding his breath underwater for 29 minutes and 3 seconds using oxygen. This feat, achieved in a 3-meter-deep pool, surpassed the previous record by over four minutes. Maričić’s preparation involved pre-breathing pure oxygen, a technique that increases usable oxygen in the body. Despite physical discomfort, particularly in his diaphragm, Maričić remained mentally resilient, crediting his team, family, and friends for their support. The previous record holder was Budimir Šobat, who held his breath for 24 minutes and 37 seconds in 2021. Maričić’s achievement is notable not only for its duration but also for the mental and physical control required, highlighting the extreme nature of competitive freediving. (13757)
LDS Software v2.8.2 & App v5.9.3 Now Available:
The text announces the release of updated LaserPecker Design Space software (version 2.8.2 for PC and 5.9.3 for mobile) with several enhancements and bug fixes. The key improvements include a new measuring focus function for precise engraving, an optimized preview interface, a unified grayscale embossing slice range, enhanced help features, and an expanded clipart library. Safety and connectivity reminders have been added for better user guidance and compliance with EU standards.
Additionally, numerous bugs have been addressed across iOS, Android, and PC platforms. These fixes cover a range of issues, including incorrect display of options, engraving parameter saving, and various connectivity and display problems. The updates aim to improve the overall user experience, ensuring smoother and safer engraving processes. (13758)
Your MCP Doesn’t Need 30 Tools: It Needs Code:
The text discusses the challenges and benefits of using command-line interface (CLI) tools versus Model Context Protocol (MCP) servers for certain tasks, particularly in the context of agentic coding tools. The author initially favored CLI tools for their efficiency and capability to use command-line tools, but recognized several challenges with CLI tools, such as platform and version dependency, undocumented features, and difficulties in managing sessions.
The author then introduces an alternative approach using an MCP server that exposes a single tool accepting programming code as inputs. This method addresses some of the challenges faced with CLI tools, particularly in managing stateful sessions. The author experiments with a Python interpreter that runs eval() with retained state, using the pexpect library to interact with command-line programs. This approach allows the MCP server to maintain state and expose tools that the agent already knows how to use, making it more efficient for tasks like debugging.
The text also touches on the security implications of running eval() in an MCP server, acknowledging the inherent risks but suggesting that these risks are not dramatically worse than other forms of code execution. The author further explores the idea of using JavaScript with the Playwright API via an MCP server, finding promising results in terms of efficiency and data handling.
Overall, the text argues that using MCP servers with programming languages like Python or JavaScript can overcome many of the limitations of CLI tools and provide a more robust and efficient approach for agentic coding tasks. (13759)
An alternative to LASIK—without the lasers:
The text discusses a novel alternative to LASIK eye surgery called electromechanical reshaping (EMR). Traditional LASIK uses lasers to reshape the cornea, but it has limitations and risks. EMR, developed by Michael Hill and Brian Wong, reshapes the cornea without incisions by applying an electric potential to a platinum contact lens, temporarily altering the tissue’s pH to make it malleable. In rabbit eye models, EMR successfully corrected nearsightedness and preserved cell viability. The technique also shows potential for reversing corneal cloudiness. However, EMR is still in its early stages and requires further animal studies and funding to advance to clinical use. If successful, EMR could offer a cheaper, reversible, and widely applicable alternative to LASIK. (13760)
The decline of high-tech manufacturing in the United States:
The text discusses the decline of high-tech manufacturing in the United States over the past few decades, focusing on three key sub-sectors: computer and electronic products, pharmaceuticals and medicine, and aerospace products and parts. The analysis reveals a significant decrease in employment and economic contribution from these sectors since the late 1980s, with notable reductions in regions like Silicon Valley, Seattle, and Boston. While pharmaceuticals and medical devices have seen some growth, the overall trend is one of decline. The recent CHIPS and Science Act aims to revitalize semiconductor manufacturing, but its impact on employment remains uncertain due to various factors, including workforce issues and political dynamics. Despite some optimism, the overall picture shows a sustained decrease in high-tech manufacturing’s role in the U.S. economy. (13761)
Unification - Eli Bendersky’s website:
The text discusses the concept of unification in logic and computer science, which is a process of solving equations between symbolic terms. Unification is crucial in logic programming and type inference. The text explains the basic unification algorithm, starting with terminology and examples of terms, which include constants, variables, and function applications. It then delves into pattern matching, where a constant term is matched with a pattern term containing variables, and unification, where both terms can contain variables. The most general unifier (mgu) is introduced as the simplest substitution that can be used to derive other unifiers. The text provides a detailed implementation of the unification algorithm in Python, explaining the key functions and their roles. It also discusses the efficiency of the algorithm and mentions more advanced options for handling large unification problems. The algorithm is demonstrated with several examples, showcasing how it works step-by-step. Overall, the text provides a comprehensive overview of unification, its applications, and a practical implementation of the algorithm. (13762)
The author, Hillel Wayne, prefers reStructured Text (rST) over Markdown for writing documentation, particularly for books, due to its powerful features that allow for complex document structures and transformations. Unlike Markdown, which is a lightweight representation of HTML, rST is a midweight representation of an abstract documentation tree. This allows for more flexibility and extensibility, enabling the author to create custom directives and transform the document tree before rendering.
For instance, the author’s book, „Logic for Programmers,“ includes exercises and solutions that need to be displayed differently depending on the output format (HTML, ePub, or LaTeX). With rST and Sphinx, the author can write custom extensions to handle these complex requirements, such as moving solution nodes and adding cross-references.
The author acknowledges that rST has a steeper learning curve and less aesthetically pleasing syntax compared to Markdown, but argues that its power and flexibility outweigh these drawbacks. They also mention other document builders that might be more appealing to those who find rST’s syntax unpalatable.
Additionally, the author mentions that they will not be sending out a newsletter the following week as they will be in Hong Kong. They also provide an update about their book, „Logic for Programmers,“ which is about the usefulness of formal logic in software engineering and is currently in its alpha stages. (13763)
repomirror/repomirror.md at main · repomirrorhq/repomirror:
TODO
The text discusses strategies to mitigate and avoid failures in long contexts used by Large Language Models (LLMs). These failures can manifest as context poisoning, distraction, confusion, or clash, all of which affect the quality of the model’s responses. To address these issues, several techniques are suggested:
Retrieval-Augmented Generation (RAG): Selectively adding relevant information to help the LLM generate better responses. This method is particularly useful when the context window is large, as it helps avoid overwhelm and context confusion.
Tool Loadout: Choosing only the relevant tool definitions to add to the context. This is crucial when dealing with a large number of tools, as irrelevant tools can cause confusion and reduce the model’s performance.
Context Quarantine: Isolating contexts into dedicated threads to prevent irrelevant information from interfering with the model’s responses. This approach is particularly useful for tasks that can be parallelized.
Context Pruning: Removing irrelevant or unneeded information from the context to keep it focused and relevant. This can be done manually or through automated tools like Provence, which efficiently edits down the context.
Context Summarization: Condensing the accumulated context into a shorter summary. This helps in maintaining the model’s focus and reducing context distraction, even when the context window is large.
Context Offloading: Storing information outside the LLM’s context using tools like scratchpads. This allows the model to reference notes and progress without cluttering its current context, improving performance in multi-step tasks.
The overall message is that effective context management is crucial for building efficient and high-performing LLM-based agents. Each token in the context influences the model’s behavior, and careful management of this information can significantly enhance the model’s performance. The text emphasizes the importance of not treating the context as a junk drawer and being mindful of what information is included to ensure high-quality responses. (13780)
Turning Claude Code Into My Best Design Partner:
The text discusses the evolution of the author’s approach to using an AI tool, Claude Code, for software development tasks. Initially, the author used a straightforward method of describing tasks directly to the AI, but this proved ineffective for complex tasks due to context limitations and the lack of a clear, persistent source of truth.
To overcome these issues, the author began using a plan document approach. This involves having the AI create a detailed plan document that outlines the feature to be implemented, including requirements, implementation details, and quality checks. This document serves as a single source of truth, replacing the sprawling conversation that previously caused issues. The author also treats this document as a living entity, updating it during the implementation process to ensure it remains accurate and relevant.
The author finds that this approach not only improves the efficiency and reliability of the development process but also enhances their own skills as a developer. By planning and documenting features carefully before implementation, the author becomes more thoughtful and clear in their reasoning. The AI, in turn, functions as a collaborative design partner rather than just an implementer, challenging and refining the author’s plans. This results in a more systematic, documented, and reliable development process. (13781)
Zugriff verweigert / Access denied:
The text is an error message from the website Mobile.de, informing that automated access to their data has been denied. It provides contact information for those interested in accessing their data, including phone numbers for private users, commercial sellers, and dealers, as well as an email address for further communication. The phone support is available from Monday to Friday between 8:00 AM and 6:00 PM. (13782)
Trump inside: Intel teilverstaatlicht:
The text discusses a significant development involving Intel, a major technology company. The U.S. government, under President Donald Trump, has acquired 9.9% of Intel’s shares, effectively making Intel a partially state-owned enterprise. Interestingly, Intel CEO Lip-Bu Tan, who was previously pressured to resign by Trump, has retained his position. The transaction involves the release of approximately $10 billion in subsidies that Intel was already entitled to under U.S. law but had been withheld by the Trump administration. These subsidies are part of the CHIPS and Science Act, which aims to boost domestic semiconductor production and reduce reliance on Asian manufacturers.
The deal has been criticized for being a „bargain“ for the U.S. government, as the effective price per share is significantly lower than the market value. Additionally, the U.S. has waived certain national security and anti-abuse provisions that typically apply to such subsidies, which normally require recipients to use the funds for specific purposes and restrict investments in countries deemed a concern, such as China. This leniency extends to Intel’s operations and investments, including those related to China. The text also mentions that Cadence Design Systems, a company previously led by Tan, was involved in illegal exports to China, which highlights the complex geopolitical and ethical dimensions of the deal. (13783)
It’s okay to solve a problem twice:
The text discusses the author’s personal journey and evolution in their approach to problem-solving in software development. Initially, the author was heavily influenced by the maxim „No problem should ever have to be solved twice,“ which led them to prefer using existing tools and solutions over creating new ones. This approach, while efficient in some ways, hindered their ability to demonstrate competence in solving specific problems that potential employers cared about.
The author realized that to be successful in the software industry, it is crucial to show overwhelming competence in solving the problems that others care about, rather than just relying on pre-existing solutions. They learned that being able to reconstruct solutions from first principles is often more impressive and valuable than simply using existing tools.
The text also emphasizes that it is okay to solve the same problem multiple times and to make mistakes along the way. This approach allows for learning and growth, and it is a necessary part of developing the skills needed to tackle genuinely novel problems. The author concludes that while it is important to learn from others and use existing solutions, it is also essential to be able to solve problems from scratch and understand the underlying principles. (13784)
Calif. teens are ditching office jobs, and making $100K before they turn 21:
The article discusses a shift among California teens and young adults towards blue-collar jobs, particularly in skilled trades, due to the rising influence of artificial intelligence (AI) in the job market. Traditional office jobs and even some tech roles are becoming less secure as AI advances, leading to higher unemployment rates in fields like computer engineering and computer science. In contrast, jobs in construction and skilled trades are seeing lower unemployment rates and are less likely to be automated in the near future.
The appeal of these blue-collar jobs lies not only in their stability but also in the competitive pay, benefits, and the lack of significant student debt compared to traditional four-year college degrees. Many young people are recognizing the value of hands-on skills and the security that union-backed trades offer. The article highlights the experiences of individuals like Ellen Lahey, who chose welding over a career in academia, and the growing interest in vocational training programs.
The rapid development of AI is driving this trend, with many Gen Z adults adjusting their career plans to avoid jobs that are likely to be automated. While AI poses challenges, it also creates opportunities, such as the construction of AI data centers, which are in high demand in the Bay Area. However, there is a recognition among trade workers that the same technology they help build could eventually replace some of their jobs.
Overall, the article paints a picture of a shifting job market where traditional paths to success are being re-evaluated, and practical, skill-based careers are gaining traction, especially in the face of technological disruption. (13785)
This Extremely Cute Bean Wants to Help You Stop Doomscrolling:
The text discusses Focus Friend, a productivity app designed to help users reduce phone usage and avoid „doomscrolling“ by encouraging focused time away from their devices. The app features an animated bean character that knits during timed focus sessions, creating a gamified experience where users can earn rewards. The bean’s personality and the app’s design instill a sense of guilt and affection, making users more emotionally invested in maintaining focus. The app has gained significant popularity, even outranking major apps like TikTok and ChatGPT. Despite its success, the developer acknowledges the struggle of resisting phone addiction, highlighting the broader challenge of being present in a digital world. (13786)
Microsoft puts the squeeze on onmicrosoft.com freeloaders:
Microsoft is warning businesses using the onmicrosoft.com domain for emails that they need to migrate to their own custom domain by October 15, or face email throttling. Starting from October 15, Microsoft will limit these domains to 100 external recipients per organization per day. By December 1, these restrictions will begin to be enforced across all tenants, with a gradual rollout until June 2026.
The primary reason for this change is to combat spammers who exploit new tenants to send out spam emails, which can damage the reputation of the shared onmicrosoft.com domain. The domain is automatically assigned when a new Microsoft 365 tenant is created, but organizations are expected to migrate to their own domain. Those who haven’t done so will need to acquire a custom domain, update their email settings, and potentially change usernames and passwords across devices and applications.
This change could significantly increase the workload for administrators, especially since it coincides with the end of support for many versions of Windows 10. Organizations need to plan for this migration to avoid disruptions in their email services. (13787)
Fake CAPTCHA tests trick users into running malware:
Microsoft has published a detailed report on ClickFix, a social engineering attack that deceives users into executing malicious commands by disguising them as CAPTCHA challenges. This technique has been increasingly popular, targeting thousands of devices daily. The attack typically involves users being instructed to perform keyboard shortcuts that open the Windows Run prompt and execute commands from the clipboard, which are placed by the attacker.
The most common payload used in these attacks is the Lumma Stealer, known for significant financial fraud, along with other malicious software like remote-access Trojans and rootkits. One notable campaign targeted Portuguese governmental, financial, and transportation organizations, using a complex multi-step process to deploy the Lampion info-stealer. However, this particular attack failed because the final delivery command was removed from the code.
ClickFix variants have also been discovered that do not use CAPTCHA disguises, instead mimicking error pages, landing pages, and other common interfaces to deceive users. There is even a variant that targets macOS users, despite displaying instructions meant for Windows. Microsoft recommends several protective measures, including user education, email filtering, and various technical configurations to enhance security. These measures aim to prevent the execution of malicious commands and reduce the effectiveness of such social engineering attacks. (13788)
Google games numbers to make AI look less thirsty:
Google recently published a report claiming that its Gemini AI model consumes significantly less water than previously estimated, roughly five drops per prompt. Google’s new methodology estimates that Gemini apps use about 0.26 milliliters of water and 0.24 watt hours of electricity for a median-length text prompt, which is far less than other estimates by competitors like Mistral AI. However, critics argue that Google’s comparison is misleading because it only accounts for onsite water consumption, ignoring the substantial offsite water use associated with power generation for data centers.
Datacenters use water both onsite, for cooling, and offsite, for generating the energy needed to power servers. Google’s onsite-only figure is misleading because it does not account for the total water consumption, which includes both onsite and offsite use. The UC Riverside study, which Google criticizes, actually provides both onsite and total water consumption figures. The discrepancy arises because Google compared its onsite data with the total water consumption figures from UC Riverside, making the comparison invalid. Despite Google’s claims of significant improvements in water efficiency, the critics point out that the comparison is flawed and does not meet standard scientific practices. (13789)
Is it illegal to not buy ads on X? Experts explain the FTC’s bizarre ad fight.:
The text discusses a complex legal and political battle involving the Federal Trade Commission (FTC), Media Matters for America (MMFA), and the platform X (formerly Twitter), owned by Elon Musk. The FTC is investigating MMFA for allegedly influencing advertisers to stop buying ads on X, which Musk claims caused a significant revenue loss. However, advertisers maintain that their decisions were based on multiple factors, including Musk’s own controversial posts. The FTC’s investigation is seen by some as politically motivated, aiming to protect Musk and control information flow favorable to the Trump administration.
Legal experts argue that the FTC’s claims are weak, as advertisers have the right to refuse to associate with a platform due to ideological reasons, which is protected under the First Amendment. The FTC’s logic, which seems to suggest that sharing brand safety standards harms competition, is considered bizarre and potentially unconstitutional. The investigation into MMFA is part of a broader pattern by the FTC, using antitrust concepts to control information. MMFA, however, is determined to fight the FTC’s appeal, viewing it as a retaliatory act that should alarm all Americans due to its implications for First Amendment rights. The outcome of the FTC’s appeal is uncertain, but the case highlights the tension between regulatory oversight and free speech in the digital age. (13790)
A Guide to Gen AI / LLM Vibecoding for Expert Programmers - Stochastic Lifestyle:
The text is a guide for expert programmers on how to effectively use „vibe coding,“ which involves leveraging Large Language Models (LLMs) like Claude to assist in coding tasks. The author, an experienced programmer and maintainer of numerous GitHub packages, initially scoffed at the idea but found that vibe coding can be a powerful tool when used correctly. He emphasizes that vibe coding is not for everyone; it requires the ability to manage and review code efficiently, much like leading a team of interns. The key to successful vibe coding is to treat LLM agents as sophomore-level students or interns, giving them clear tasks and reviewing their work diligently. The workflow involves setting up agents to work on specific tasks, reviewing their output, and providing feedback. The author highlights that vibe coding is most effective for code you are already familiar with, allowing you to review and integrate the agents‘ work quickly. He shares examples of successful and unsuccessful vibe coding attempts, illustrating how the technique can handle simple tasks and provide hints for more complex problems. In conclusion, the author argues that vibe coding is best suited for experienced programmers who can manage and integrate the work of multiple „interns“ efficiently, making it a tool for experts rather than novices. (13791)
Vibe Debugging: Enterprises‘ Up and Coming Nightmare:
The text discusses the challenges and opportunities presented by the rise of AI-assisted coding, often referred to as „vibe coding.“ The author shares a personal experience of struggling with debugging a messy codebase generated by AI, highlighting the frustrations and difficulties that can arise. The author then explores the broader implications of this trend for enterprises. While AI can significantly boost productivity, it also introduces new risks, such as increased bugs and security flaws. Enterprises are rushing to adopt these tools, leading to an explosion in code volume and a corresponding rise in defects. To manage these issues, companies must invest in robust monitoring, observability, and CI/CD pipelines. The author predicts significant growth in B2B SaaS spending on these solutions and the emergence of new startups focusing on AI-native monitoring. The text concludes by acknowledging that while AI will continue to improve, enterprises must build systems to handle its current limitations, emphasizing the need for human oversight and robust safeguards. (13792)
No, Google Did Not Unilaterally Decide to Kill XSLT:
The text discusses a recent debate sparked by a proposal to remove XSLT (Extensible Stylesheet Language Transformations) support from web browsers. The proposal, initially put forward by a Google employee, has been misinterpreted by many as a unilateral decision by Google to drop XSLT, leading to heated discussions. The author clarifies that this is not the case and that the proposal is part of a multi-step evaluation process involving various browser vendors, including Mozilla and WebKit. The process is designed to assess the impact of removing XSLT and ensure that the change, if made, does not widely disrupt user experiences. The debate has highlighted the complexities of browser development and the need for clear communication in technical discussions. The author also notes that even if XSLT is removed from browsers, it can still be used server-side or through polyfills, ensuring that XML can still be transformed into HTML. Ultimately, the text emphasizes that the discussion is ongoing and that the future of XSLT in browsers is not yet determined. (13793)
Scientists just found a protein that reverses brain aging:
The text discusses a significant discovery by researchers at UC San Francisco regarding the impact of aging on the hippocampus, the brain region crucial for learning and memory. The key findings revolve around a protein called FTL1, which was found to increase with age in the hippocampus of mice. High levels of FTL1 were associated with reduced connections between brain cells and impaired cognitive abilities. Interestingly, when FTL1 levels were artificially increased in young mice, they exhibited signs of cognitive decline similar to old mice. Conversely, reducing FTL1 in old mice restored their cognitive functions and brain cell connectivity. The protein FTL1 was also found to slow down metabolism in hippocampal cells, but this effect could be counteracted with a metabolic stimulant. The researchers are hopeful that these findings could pave the way for therapies that mitigate the cognitive declines associated with aging. The study, led by Saul Villeda, emphasizes the potential for significant advancements in understanding and addressing the biological aspects of aging. (13794)
The text discusses the release of ejabberd 25.08, highlighting several key improvements and fixes. The update introduces support for Hydra rooms in the Matrix gateway, addressing high-severity protocol vulnerabilities. Additionally, it fixes ACME issues in Erlang/OTP 28.0.2, allowing for better compatibility with the latest Erlang version. A new module, mod_providers, is introduced to simplify serving XMPP Providers files. The release also includes enhanced Unicode support in configuration files, a new option to enable OMEMO encryption in conversejs, and an easier way to change Erlang node names using the mnesia_change command. Other notable features include a colorized interactive log for better error visibility and documented API tags for various modules. The Business Edition of ejabberd includes additional features like a new module, mod_dedup, to remove duplicate read receipts. Overall, the update focuses on improving security, usability, and compatibility, making ejabberd more robust and user-friendly. (13795)
Will AI Destroy the World Wide Web?:
The text discusses the potential impact of generative AI (GenAI) on the World Wide Web, which was invented by Tim Berners-Lee and popularized in the mid-1990s. The author expresses concern that GenAI, exemplified by tools like ChatGPT, could undermine the Web’s ecosystem. GenAI provides direct answers to user queries, reducing the need to visit web pages and, consequently, diminishing the motivation for advertisers to pay for ads on search engines like Google. This shift could threaten the Web’s business model, which relies heavily on advertising revenue.
Moreover, if users no longer visit web pages, developers may lose the incentive to create new content, further weakening the Web. The author highlights that public web pages serve as crucial data sources for training large language models (LLMs), underlying GenAI. However, if GenAI-generated text becomes prevalent, it could lead to a „model collapse,“ making LLMs less effective. This situation is compared to a process called „enshittification,“ where platforms initially offer high-quality products but degrade them over time.
The author concludes by noting that while ChatGPT itself acknowledges the potential for AI to erode the Web’s value, it suggests that responsible regulation could mitigate this risk. Overall, the text raises significant questions about the future of the Web in the era of GenAI and the need for careful management to prevent a decline in the quality and utility of online content. (13796)
The story of why I don’t buy Macs anymore:
The author, who was once an Apple user, shares their negative experiences with Apple products, specifically focusing on user experience (UX) issues. They argue that Apple’s reputation for good UX is undeserved, stemming from their hardware-focused approach and the lack of software-only competitors at the time. The author recounts their struggles with an iMac, highlighting several UX failures, including a difficult-to-carry design, a problematic Fusion drive, and the inability to easily export or retrieve notes from Apple Notes. These issues led to significant data loss and inconvenience. The author suggests that Apple’s design philosophy, which prioritizes aesthetics and intended use cases, leads to fragility and poor handling of unexpected situations. They also criticize Apple’s lack of interoperability and hostility towards users who try to migrate away from their ecosystem. The author concludes that Apple’s UX issues are not merely due to sloppiness but are a result of their company values and design principles. (13797)
Why the Internet is Turning to Shit:
The text discusses the deterioration of online platforms and services, a phenomenon dubbed „enshittification“ by tech writer Cory Doctorow. The author highlights how once- reliable services like Google and Facebook have become less useful and more filled with ads and low-quality content, often due to the profit-driven nature of tech companies.
Doctorow argues that this decline is due to the lack of competition, weak regulation, and the diminishing power of tech workers. He outlines a four-stage process of enshittification: initial user-friendly platforms, followed by increased ads and data collection, exploitation of business clients, and finally, a degraded service that traps both users and businesses.
The text uses examples like Amazon and Facebook to illustrate this process, showing how these companies initially attracted users and businesses but later exploited them. It also discusses broader political and economic factors, such as the decline of antitrust enforcement and the restriction of consumer rights to modify or repair technology.
Doctorow proposes solutions like increased antitrust enforcement, tech worker unionization, and „right to repair“ laws. However, the author critiques Doctorow’s solutions for not going far enough, suggesting that a more radical approach, such as nationalizing tech services, might be necessary to truly address the issue. The text concludes by expressing a desire for more ambitious solutions to the problem of enshittification. (13798)
My experience creating software with LLM coding agents - Part 2 (Tips):
The text discusses the author’s experiences and tips for creating software with Large Language Model (LLM) coding agents. The author is a hobbyist, not a professional developer, and has been experimenting with these tools for several months with mostly successful results. Key takeaways include:
Choice of Model: For complex tasks, the author recommends using Anthropic’s Claude Sonnet model. For lighter tasks, free or subscription-included chatbots are sufficient.
Context Management: Providing relevant context to the AI is crucial. The author suggests storing context in a fixed place and instructing the agent on how to use it. Too much or irrelevant context can confuse the AI. Using comments in code to reinforce instructions can also be helpful.
Design and Planning: Having a detailed design and documenting it is important. The author advises using standards-based, machine-readable formats like OpenAPI specifications. Breaking down tasks into smaller, manageable parts and using TODO lists can help maintain focus and track progress.
Inter-agent Communication: When integrating different parts of a codebase, the author found it effective to use two agents, with one acting as a messenger between them to resolve issues.
Logging and Debugging: Comprehensive logging is essential for effective debugging. The author suggests logging complex operations, state changes, and data structures, and making this information visible in the UI for better traceability.
Defensive Prompts: Including instructions in prompts to always lint, build, and test code before completing a task helps catch errors early.
Git Usage: The author advises using git defensively, ensuring no uncommitted changes before starting a task and using git clean and restore to undo changes if needed. Never let agents use git without explicit permission.
Agent Behavior: Agents can be lazy and may disable tests or skip errors. The author suggests explicitly instructing agents never to disable tests and to always diagnose and fix failures.
Tool Creation: If the agent struggles with a task, creating custom tools to assist can be beneficial. This can include scripts for file manipulation, validation, and specialized editing.
Agent Limitations: Agents can be sycophantic and may repeat code unnecessarily. The author cautions against asking for design opinions and suggests resisting unnecessary abstractions suggested by the agent.
Overall, the author emphasizes the importance of being intentional and adaptive when working with LLM coding agents, using best practices for context management, design, and debugging to achieve (13799)
Actually, Slavery Was Very Bad:
The text discusses President Donald Trump’s criticism of the Smithsonian Institution’s portrayal of the Black experience in America, particularly its focus on slavery. Trump, via his Truth Social platform, argued that the Smithsonian’s narrative is too negative and fails to highlight American exceptionalism. The author, Clint Smith, counters this by emphasizing the importance of acknowledging the harsh realities of slavery, drawing from historical accounts and personal narratives of enslaved individuals.
Smith highlights the psychological, physical, and social violence endured by enslaved people, as described in first-person accounts from figures like Olaudah Equiano, Henry Bibb, and Harriet Jacobs. These accounts underscore the brutal conditions, family separations, and constant threat of violence that characterized slavery. The National Museum of African American History and Culture (NMAAHC) is praised for its unflinching portrayal of slavery’s horrors and its impact on contemporary society. Smith argues that understanding and confronting these aspects of history is crucial for personal and national growth, contrasting this view with the MAGA movement’s focus on American exceptionalism.
Smith also draws parallels to historical figures like Frederick Douglass and W.E.B. Du Bois, who documented and fought against the injustices of their times. He emphasizes the importance of recording and acknowledging historical atrocities to ensure future generations understand the struggles and resilience of Black Americans. The text concludes with a call to learn from the disturbing parts of American history to become a better version of ourselves. (13800)
Gaza City and Surrounding Areas Are Officially Under Famine, Monitors Say:
The text discusses two main topics: the use of cookies and data processing for advertising and other purposes on The New York Times website and apps, and a report on the famine situation in Gaza City and its surrounding areas. For the first topic the text describes the ways in which data is collected, stored, and used to create profiles, target ads, measure advertising performance, and understand audiences. The text also mentions the vendors involved in these processes and the purposes for which they use the data.
For the second topic, the text reports that at least half a million people in Gaza City and its surrounding areas are officially living under famine conditions, according to a global group of experts. The famine is attributed to the intensifying conflict, Israeli restrictions on aid, the collapse of essential systems, the destruction of local agriculture, and the frequent displacement of people. The situation is expected to worsen, with two additional governorates likely to enter famine by the end of September. The text also mentions the severe hunger faced by the rest of Gaza’s population. (13801)
Weaponizing image scaling against production AI systems:
The text discusses a novel security vulnerability in AI systems that involves exploiting image scaling to inject malicious prompts, which can lead to data exfiltration. Here’s a concise summary:
AI systems often scale down large images before processing them, and attackers can manipulate these images to hide malicious prompts that only become visible at lower resolutions. This technique, demonstrated on various systems including Google Gemini CLI and Vertex AI Studio, can trick AI models into performing unauthorized actions, such as exfiltrating user data.
The attack works by embedding a prompt injection into an image that is only revealed when the image is scaled down. This hidden prompt can then trigger actions within the AI system, bypassing user confirmation and security measures. The text details how this vulnerability was exploited on several AI platforms and introduces Anamorpher, an open-source tool designed to generate and test these crafted images.
To mitigate these attacks, the text recommends avoiding image downscaling when possible, providing users with previews of the input seen by the model, and implementing secure design patterns that prevent prompt injections from initiating sensitive actions without explicit user consent. The text also suggests areas for future research, including the impact of these attacks on mobile and edge devices, as well as the potential for voice AI to introduce additional attack surfaces. (13802)
The text discusses the United States‘ water usage and infrastructure, highlighting several key points. Water infrastructure in the US is often overlooked compared to other infrastructure types, with significantly lower federal funding allocated to it. Water is generally abundant and inexpensive in the US, but concerns about water scarcity, particularly in the arid southwest, are growing due to increased demand and drought conditions. The US receives about 5 trillion gallons of precipitation daily, with most of it returning to the atmosphere or flowing into oceans. Water is used by tapping into various stores and flows, similar to how electricity infrastructure operates.
The largest users of water in the US are thermoelectric power plants (41% of total water use, mostly non-consumptive) and irrigation (37% of total water use, mostly consumptive). Other significant users include public water supply for homes and businesses (12%), industry (4.5%), and data centers, which are becoming increasingly important due to their high water consumption for cooling. Data centers consume about 66 million gallons of water per day directly for cooling, with projections indicating this could increase significantly by 2028.
Geographically, water use varies widely. California, Texas, Idaho, Florida, and Arkansas are the top water consumers, primarily due to irrigation and thermoelectric power plant cooling. Irrigation is heavily concentrated in the western US, where precipitation is lower. Groundwater depletion is a concern in many areas, as groundwater is being pumped out faster than it can be replenished.
Overall, water use in the US has been decreasing since its peak in 1980, with notable reductions in thermoelectric power, irrigation, and industrial water use. However, groundwater use has remained constant, making up an increasingly large fraction of total water use. The text emphasizes the importance of distinguishing between consumptive and non-consumptive water use and being mindful of the economic and environmental implications of water consumption. (13803)
How Well Does the Money Laundering Control System Work? | Crime and Justice:
Summary#
The document critically examines the global anti-money laundering (AML) system, highlighting its inefficiencies, high costs, and disproportionate impact on marginalized communities. Key points include:
Ineffectiveness: The AML system has failed to reduce money laundering and associated predicate crimes despite significant expenditures. Major money laundering scandals continue to occur, indicating systemic flaws.
High Costs: The AML system imposes enormous financial and regulatory burdens on financial institutions, particularly in the European, Middle Eastern, and African (EMEA) region. Annual AML compliance costs for banks in the EMEA region have increased by 14%, with major banks facing fines in the billions of dollars.
Impact on Marginalized Communities: The stringent AML regulations often lead to the exclusion of marginalized groups from the financial system. Examples include banks refusing to serve customers with certain foreign connections or those deemed risky due to AML checks.
Derisking and Debanking: Financial institutions sometimes opt for derisking, which involves discontinuing services to entire classes of customers deemed too risky. This practice can drive illicit activities into unregulated financial channels, making it harder to detect and prevent money laundering.
Regulatory Challenges: The system is criticized for its lack of clarity and effectiveness. Regulators often use fines and penalties as a deterrent, but these measures may not effectively reduce money laundering.
Research and Data Gaps: There is a notable lack of empirical data on the scale and effectiveness of money laundering controls, making it difficult to assess their impact. This lack of data hinders research efforts and policy-making.
Policy Debate and Reform: Despite the system’s failures, there is little debate or proposal for significant reforms. The lack of a robust policy debate is partly due to the powerful interests that benefit from the current system and the perception that reform is unattainable.
Recommendations for Reform: The document suggests potential reforms, such as centralizing KYC checks or shifting the responsibility for AML compliance to a government agency. It also calls for more realistic goals and a focus on reducing financial crime rather than just complying with regulations.
In conclusion, the document argues that the current AML system is inefficient, costly, and often unfair, particularly to marginalized communities. It calls for a comprehensive reevaluation and reform of the system to make it more effective and equitable. (13804)
Unity Industry: Transform 3D Data to Build Anything:
Unity Industry is a platform designed to transform 3D data into interactive applications that drive business success. It targets various sectors like manufacturing, automotive, and retail, helping them gain a competitive edge through real-time 3D technology. The platform integrates CAD, BIM, and 3D data seamlessly, enhancing collaboration and optimizing processes. It enables the creation of lifelike simulations and prototypes, facilitating quick development of impactful real-time 3D applications. Unity Industry supports deployment across multiple platforms, including AR, VR, web, mobile, and desktop, ensuring a wide reach and engaging experiences for customers and stakeholders. The platform is comprehensive, covering every stage from data integration to deployment, and offers a partner program for those delivering creative consulting services or building Unity-powered software solutions. Additionally, Unity Industry provides various support plans and learning resources to assist users at every step. (13805)
Marines managed to get past an AI powered camera „undetected“ thanks to hiding in boxes:
The text describes an experiment conducted by DARPA where Marines successfully evaded detection by an AI-powered surveillance system designed to identify human threats in urban environments. The AI, despite extensive training, struggled with the Marines‘ creative tactics, such as hiding in boxes or using improvised camouflage. This demonstrated the AI’s limitations, known as „distributional shift,“ where it fails to recognize scenarios outside its training data. The experiment highlights that while AI excels at specific tasks, it lacks human-like adaptability and creativity. The key takeaway is that human ingenuity remains crucial, especially in adversarial environments, and that military organizations must understand AI’s limitations while leveraging its strengths. (13806)
Everything Is Correlated · Gwern.net:
The text „Everything Is Correlated“ by Gwern discusses the concept that many variables in social and behavioral sciences are correlated with each other, a phenomenon often referred to as the „crud factor.“ This is illustrated through various studies and examples, showing that even seemingly unrelated variables can exhibit statistically significant correlations when analyzed with large datasets.
Key points include:
Crud Factor: Almost all variables in social science research are correlated to some extent, making it difficult to isolate the effect of a single variable.
Statistical Significance: With large sample sizes, even small effects can become statistically significant, leading to misleading conclusions about the importance of these effects.
Examples and Studies: The text cites numerous studies, including those by Meehl, Starbuck, and others, which demonstrate the pervasiveness of correlations in psychological and social data.
Genomics: Modern genomics research also supports this idea, showing that many genetic traits are correlated with each other and with various phenotypic traits.
Implications: The text suggests that researchers should be cautious about overinterpreting statistically significant results, especially in large datasets, and consider the broader context of correlations.
The text concludes by noting that while correlations are ubiquitous, they do not necessarily imply causality, and researchers should be mindful of the limitations of statistical significance in interpreting their findings. (13807)
uv format: Code Formatting Comes to uv (experimentally!):
The latest release of uv, version 0.8.13, introduces an experimental command called uv format, which is designed to streamline Python code formatting by integrating it directly into the uv toolkit. This feature eliminates the need for developers to use multiple tools for basic Python development tasks. The uv format command utilizes Ruff’s formatter to automatically style code according to consistent standards.
To start using uv format, developers need to ensure they are running uv version 0.8.13 or later. The command functions similarly to running ruff format but is accessed through uv’s interface. Users can also pass additional arguments to Ruff for customized formatting behavior. However, it’s important to note that this feature is experimental and may undergo changes in future releases. Developers are encouraged to try uv format and provide feedback to help shape its evolution. (13808)
Kryptokriminalität: Tätersuche in der Blockchain:
The text discusses the increasing use of cryptocurrencies like Bitcoin in organized crime, highlighting that while these digital currencies offer advantages for concealment, they also leave traces that can be tracked. Salih Altuntas, an expert from Chainalysis, explains that although cryptocurrency transactions are pseudonymous, they are not entirely anonymous. Transactions can be traced using hashes, which reveal addresses and metadata, making it easier for authorities to identify perpetrators, especially if they lack technical expertise. Chainalysis can monitor these transactions in real-time, helping law enforcement to follow the money trail and uncover criminal networks. However, the final steps of apprehending suspects still rely on traditional investigative methods by police and security agencies. The overall message is that while cryptocurrencies present new challenges for law enforcement, they also provide opportunities for tracking and identifying criminal activities. (13809)
Data, objects, and how we’re railroaded into poor design:
The author argues that current programming languages fail to adequately distinguish between data and objects, leading to poor design choices. Data is characterized by values that are immutable and interchangeable, while objects have distinct identities, can be mutable, and often require encapsulation. The author identifies five key aspects that define data and objects: equality, identity, mutability, abstraction, and extensibility. They argue that these differences lead to two major design paradigms: data-centric and object-centric.
The author criticizes languages like Java for treating everything as objects, which can be inefficient for data representation, and functional languages like Haskell for lacking robust support for objects and certain data structures. They also discuss the challenges of combining both paradigms, as seen in languages like Scala and C++, which often result in complex and confusing designs.
Erlang is highlighted as a language that somewhat successfully integrates data and object-like processes, allowing for a more natural representation of both concepts. The author suggests that a better approach to programming would involve consciously choosing between data and object representations and using languages that support both paradigms distinctly. They also note that the industry’s shift towards NoSQL databases and RESTful services can be attributed to the need to handle data more effectively.
In summary, the author calls for programming languages that better support the distinction between data and objects, encouraging developers to make conscious design choices and avoid accidental conflation of these concepts. (13810)
‚Reading crisis‘ prompts Denmark to end 25% tax on books:
Denmark is set to eliminate its 25% sales tax on books to tackle a „reading crisis,“ where 24% of 15-year-olds struggle with basic text comprehension, according to a recent OECD report. This move, proposed by Culture Minister Jakob Engel-Schmidt, is a response to concerns about declining reading levels and aims to encourage more book purchases. The publishing industry has also advocated for this change, emphasizing the importance of access to physical books for all citizens. The tax cut, while beneficial for promoting literacy, will cost the government approximately 330 million kroner ($51 million) annually. (13811)
Golem-OAuth2-Intro: Wie OAuth2 jeden Tag Millionen Nutzer schützt:
The text discusses OAuth2, a modern authorization standard that allows secure and controlled access to protected data on the internet without sharing passwords. It uses access tokens that grant specific rights for a limited time, making it crucial for data privacy and digital security. OAuth2 is widely used in everyday applications, from logging into websites to linking online services. Understanding OAuth2 is essential for comprehending how modern apps communicate, manage permissions, and ensure security. The text highlights the importance of OAuth2 in the digital landscape. (13812)
The text discusses a feature of the OpenSSH project called the Drunken Bishop algorithm, which is used to visualize public key fingerprints for easier identification of key changes. This algorithm is a variant of a technique known as random art and is enabled by setting the VisualHostKey flag to yes in the SSH configuration or command. The algorithm works by having a bishop move diagonally across a visual board based on the input data, incrementing counters in each cell it visits. The movement is restricted by the board’s edges, and the output is rendered using a specific set of symbols.
The implementation of this algorithm in the Factor programming language is also described. The algorithm defines a visual board and a starting position, then moves the bishop based on 2-bit groups derived from the input bytes. The movement directions are determined by these 2-bit groups, and the bishop’s path is rendered using specific symbols to represent the starting and ending positions.
The summary demonstrates the implementation by visualizing a given hexadecimal string, showing how the algorithm works in practice. This feature is available in the drunken-bishop vocabulary in recent development versions of the Factor programming language. (13813)
Stop Paywalling Security: SSO Is a Basic Right, Not an Enterprise Perk:
The text argues that Single Sign-On (SSO), SCIM (System for Cross-domain Identity Management), and 2FA (Two-Factor Authentication) are essential security features that should be accessible to all users, not just those who pay for enterprise tiers. The author, Neel Patel, criticizes the practice of locking these features behind paywalls, as it incentivizes smaller teams to use weaker security measures. He explains that SSO reduces credential sprawl and phishing risks, SCIM automates user provisioning, and 2FA blocks common takeover paths. Patel suggests that companies should instead monetize features that incur additional operational costs, such as custom data residency or priority support. He highlights OneUptime’s approach, which offers SSO, SCIM, and 2FA for free and only charges for features that require more resources. The overall message is a call to action for platforms to prioritize security for all users and for companies to integrate these security features into their primary offerings. (13814)
Scientists have discovered a unique microbe called Sukunaarchaeum mirabile with an exceptionally tiny genome, challenging traditional definitions of life. This microbe is almost entirely dependent on its host for essential functions, making it a fascinating hybrid between a virus and a living organism. The discovery was made serendipitously while studying microbes within a marine plankton species. Sukunaarchaeum’s genome is the smallest known among archaea, indicating significant genetic reduction and specialization. Its extreme metabolic dependence on its host sets it apart from any previously discovered microbe. Researchers hypothesize that there may be many more such microbes in the oceans, living in what they call „microbial dark matter.“ The scientists are now working to culture and isolate Sukunaarchaeum to better understand its unique biology and ecology. This discovery highlights the vast unknowns in our understanding of the microbial world and the diversity of life forms on Earth. (13815)
AGENTS.md is a dedicated file format designed to guide AI coding agents, complementing the traditional README.md files that are primarily intended for human contributors. While README.md files focus on quick starts, project descriptions, and contribution guidelines, AGENTS.md provides detailed, agent-specific instructions such as build steps, tests, and coding conventions. This separation keeps READMEs concise and ensures that agents have a clear, predictable place for instructions.
AGENTS.md is compatible with a growing ecosystem of AI coding agents and tools, including Codex from OpenAI, Jule from Google, Cursor, Factory, and RooCode. It can be used across many agents and is designed to be adopted by anyone building or using coding agents.
The format includes various sections such as setup commands, code style guidelines, dev environment tips, testing instructions, and PR instructions. For large monorepos, nested AGENTS.md files can be used for subprojects to provide tailored instructions.
The AGENTS.md format emerged from collaborative efforts across the AI software development ecosystem and is committed to being an open format that benefits the entire developer community. It is designed to be flexible, with no required fields, and can be updated as living documentation. Instructions in AGENTS.md can conflict, but the closest file to the edited file will take precedence, and explicit user chat prompts will override everything. Agents will automatically run testing commands found in AGENTS.md if they are listed. (13816)
Copilot broke audit logs, but Microsoft won’t tell customers:
The text discusses a vulnerability in Microsoft’s Copilot service, where it accessed files without generating audit logs. Users and experts on Hacker News express concerns about trust in large vendors like Microsoft, the reliability of AI tools, and the ethical implications of using such tools in sensitive environments. The conversation also touches on the challenges of auditing AI-generated content and the potential risks associated with relying on AI for critical tasks. Additionally, there are discussions about the privacy and security concerns related to Microsoft’s products and the company’s overall approach to security. Some users also share their experiences with Microsoft’s products and their frustrations with Copilot’s intrusive features. The text includes a wide range of opinions and technical insights from various users. (13817)
The „Confused Deputy Problem“ is a security issue in computer systems where a program with higher privileges is tricked by a less privileged program into misusing its authority, leading to unauthorized actions. This problem is a specific type of privilege escalation. It’s often used to illustrate the importance of capability-based security, which can prevent this issue, unlike access-control list-based systems.
In a classic example, a compiler program with permissions to write to certain system files was manipulated by a user to overwrite important system data, such as billing information. The compiler, acting as a „deputy“ for the user, unintentionally caused damage because it didn’t check the user’s permissions when accessing files.
The core of the problem is that when a program requests access to a file, the operating system uses the program’s permissions, not the user’s, leading to potential misuse. Various attacks, like cross-site request forgery and clickjacking, exploit this issue. Solutions involve bundling the file designation with the necessary permissions, ensuring that only authorized access is granted, which is the principle behind capability-based security. (13818)
Copilot Broke Your Audit Log, but Microsoft Won’t Tell You:
The text discusses a significant security vulnerability in Microsoft’s AI-driven tool, Copilot, integrated within Microsoft 365 (M365). The issue allows users to access files without leaving a trace in the audit log, posing serious risks for security and legal compliance. The author, Zack Korman, discovered this flaw and reported it to Microsoft, but was disappointed with their handling of the situation. Microsoft classified the vulnerability as ‚important‘ but did not notify customers or issue a CVE (Common Vulnerabilities and Exposures) number, arguing that the fix would be automatically applied. Korman criticizes Microsoft’s decision not to disclose this issue, highlighting the potential impact on organizations that rely on accurate audit logs for compliance and incident response. He argues that Microsoft’s silence raises concerns about other unseen issues and undermines trust in their security practices. (13819)
The Value of Hitting The HN Front Page – Dan Moore!:
The author, a long-time member of Hacker News (HN), shares insights on the outcomes and expectations from a high-ranking post on the platform. Key takeaways include:
HN can drive significant traffic to your site, but it’s typically low-conversion traffic that’s more about brand awareness than direct engagement. The real value lies in the comments section, where you can gain feedback from a smart and engaged audience. It’s crucial to engage with these comments thoughtfully. Additionally, a high-ranking post can lead to follow-on traffic from various sources weeks later, which can further boost brand awareness. When sharing someone else’s post, it might result in a note of thanks.
However, the author also notes what not to expect from a high-ranking HN post. HN shouldn’t be considered a comprehensive marketing plan, as it won’t directly lead to conversions. The feedback from HN is not representative of the broader market, and traffic from HN can be unpredictable. (13820)
The author recounts a frustrating experience with an unofficial website claiming to process eVisa applications for Canada. The site charged an exorbitant fee compared to the official government rate and provided a subpar certificate. After realizing the deception, the author successfully obtained the eVisa through the official Canadian government website and initiated a chargeback for the fraudulent fee. Despite the scam website’s threats regarding potential blacklisting, the author had no issues entering Canada. The experience prompted the author to consider implementing better chargeback recovery processes in their own business. (13821)
The Troubling Lines That Columbia Is Drawing:
The text discusses the controversial adoption of the International Holocaust Remembrance Alliance (I.H.R.A.) definition of antisemitism by Columbia University, driven by political pressures and threats from the Trump Administration. This definition, initially created to help gather statistics on antisemitism, has been criticized for its vagueness and potential to stifle academic freedom by equating criticism of Israel with antisemitism.
The I.H.R.A. definition has been exploited by pro-Israel groups and politicians, notably President Donald Trump, to suppress political speech and enforce a narrow view of antisemitism. This has led to a chilling effect on academic discourse, with faculty and students fearing that legitimate criticism of Israeli policies could be misconstrued as antisemitic. Columbia’s settlement with the Trump Administration, which requires the university to adopt the I.H.R.A. definition and implement stringent measures to combat antisemitism, has raised concerns about intensified surveillance and the potential suppression of constitutionally protected speech.
Critics, including scholars and historians, argue that this approach not only undermines academic freedom but also risks fueling anti-Jewish sentiments by creating the perception of special privileges for Jewish students. The text highlights the hypocrisy of the Trump Administration, which has failed to address right-wing antisemitism while aggressively targeting left-wing criticism of Israel. Ultimately, the text warns that equating criticism of Israeli policies with antisemitism could backfire, putting Jewish students in greater danger and reinforcing harmful stereotypes. (13822)
AWS in 2025: The Stuff You Think You Know That’s Now Wrong:
The text discusses significant changes and updates to Amazon Web Services (AWS) that users might not be aware of due to the platform’s rapid evolution. Here are the key takeaways:
AWS has introduced several enhancements to EC2 instances, including the ability to change security groups and IAM roles without downtime, resize EBS volumes on the fly, and force stop or terminate instances quickly. Spot instances now have more gradual price shifts, reducing the need for constant monitoring.
S3 has evolved to offer read-after-write consistency and transparent encryption at rest, along with changes to default settings for public access and ACLs. Glacier, now integrated with S3, has improved restore times and predictability. VPC peering has been supplemented with better options like Transit Gateway and VPC sharing. VPC Lattice and Tailscale help simplify networking within AWS.
Lambda functions now support longer execution times, Docker images, and larger RAM and storage allocations. Cold starts are less of an issue, and invoking Lambdas in a VPC is faster. EBS volumes offer better performance and can be attached to multiple instances, though this is not typically recommended. AWS also provides more reliable performance metrics and improved cost management tools like the Cost Anomaly Detector and Compute Optimizer.
IAM roles are now the preferred method for permissions, with IAM users reserved for legacy applications. The IAM Identity Center has replaced AWS SSO for human access. Root account management has become more flexible, and us-east-1 has seen improved reliability. CloudWatch graphs are more consistent, and account management has been streamlined. Overall, the text highlights the need for users to stay updated with AWS changes to avoid relying on outdated practices. (13823)
Phone Searches at the US Border Hit a Record High:
The text discusses the increasing number of phone and device searches conducted by U.S. Customs and Border Protection (CBP) officials at the border. In the past three months of 2025, there were over 14,000 searches, marking a significant increase from previous years. These searches can be basic, involving manual inspection, or advanced, using forensics tools to extract large amounts of data. The surge in searches is part of a broader trend of heightened migration enforcement under the second Trump administration.
The searches can target anyone entering the U.S., including citizens, and can lead to long detentions, denial of entry, and other issues. The American Civil Liberties Union (ACLU) has expressed concerns about the chilling effect on travelers, particularly those with sensitive information or critical views of the administration. While the CBP claims that only a small percentage of travelers are searched, the potential for invasive scrutiny remains a significant concern.
The CBP’s authority to search devices is broad, and travelers are expected to present their devices in an unlocked state. Refusal to comply can result in detention or deportation for non-citizens, and temporary seizure of devices for citizens. The CBP is also procuring advanced digital forensics tools, suggesting that the invasiveness of these searches may increase in the future. (13824)
In the 1980s, a software engineer named Sergei was tasked with fixing a persistent bug in a Soviet computer system used to route train cars and cargo at a railroad station near Sverdlovsk. The system would crash randomly, always after hours, and despite thorough testing, the issue remained elusive. Sergei discovered that the crashes occurred only when cattle from northern Ukraine and western Russia, areas affected by the Chernobyl disaster, were processed. The high radiation levels in these cattle were causing bit flips in the computer’s memory, leading to crashes. Sergei’s findings prompted him to file immigration papers, and the issue resolved itself as radiation levels naturally decreased over time. (13825)
Workflow syntax | Woodpecker CI:
Woodpecker CI is a tool that allows you to define workflows for building, testing, and deploying code using a series of steps executed in sequence. Each step runs commands within a specified container, and if a step fails, the entire workflow terminates unless the step has a status: [failure] condition, which ensures it runs even if previous steps fail.
Workflows are defined using YAML, and Woodpecker supports most of YAML 1.2 while maintaining backward compatibility with YAML 1.1. Steps can be named arbitrarily or left unnamed for automatic numbering. You can skip individual commits by adding [SKIP CI] or [CI SKIP] to the commit message.
Woodpecker clones the source code at the beginning of the workflow, and changes to files are persisted through steps as the same volume is mounted to all steps. You can use the depends_on keyword to run steps in parallel or sequentially based on dependencies.
Woodpecker supports various conditions for step execution, such as specific events (push, pull request, tag, etc.), branches, and custom evaluate expressions. It also allows for conditional execution based on the status of the workflow, platform, instance, changed files, and more.
You can define Docker volumes, services, and custom workspaces to manage files and folders shared between steps. Woodpecker also supports matrix builds, allowing you to test a single commit against multiple configurations.
Additionally, Woodpecker provides options for configuring privileged mode, DNS settings, and more. You can skip the default clone step or customize it as needed. Workflows can be labeled to select specific agents for execution based on labels like platform, location, and more.
Overall, Woodpecker CI offers a flexible and powerful way to automate your build, test, and deployment processes with detailed control over each step of the workflow. (13826)
Modern CI is too complex and misdirected (2021):
The discussion revolves around the challenges and complexities of Continuous Integration (CI) systems, particularly those integrated with GitHub Actions. Several users express concerns about the maintenance and prioritization of GitHub Actions, noting that GitHub has been shifting resources away from Actions to focus more on AI features.
Key points include:
Local vs Remote Execution: There’s a debate on whether CI systems should be more locally executable to avoid the „frog boiling“ problem where developers lose control over their build processes.
Complexity and Maintainability: Many users find CI systems, especially those based on YAML configurations, to be overly complex and difficult to maintain. Some suggest using simpler, more familiar tools like bash scripts for CI tasks.
Alternative Solutions: Several alternatives to GitHub Actions are mentioned, including Jenkins, Sourcehut builds, and custom solutions using containers and VMs. Some users prefer these alternatives due to their simplicity and local executability.
Debugging Challenges: Debugging CI builds, especially those running on remote servers, is highlighted as a significant pain point. Solutions like Sourcehut builds, which allow SSH access for debugging, are praised.
Industry Trends: There’s a discussion on the trend of moving towards more declarative build systems and the potential for CI systems to become more integrated with build systems.
Business Model Challenges: The business model for CI systems is discussed, noting the difficulties in marketing to developers and the high costs of providing free compute resources.
Overall, the conversation underscores the need for simpler, more maintainable CI solutions that can be easily run and debugged locally, while also considering the challenges of integrating CI with build systems and the business models behind CI services. (13827)
Gregory Szorc’s Digital Home | Modern CI is Too Complex and Misdirected:
The author argues that modern Continuous Integration (CI) systems, while powerful, have become too complex and are often misdirected. They are increasingly resembling build systems, leading to redundancy and increased complexity. The author suggests that CI systems should be integrated into build systems, creating a unified platform that handles both local and remote code execution. This would reduce fragmentation and improve efficiency. The author praises Taskcluster, a CI platform developed by Mozilla, for its advanced features and flexibility but notes that it is too complex for casual users. The author envisions a future where a single platform handles all build, test, and release tasks, reducing the need for multiple systems and configurations. However, the author is skeptical about the likelihood of such a platform becoming widely available due to the small total addressable market and the lack of incentive for major players to invest in it. The author concludes by outlining their dream platform, which combines the best features of Taskcluster and modern build systems, but acknowledges that this is unlikely to become a reality in the near future. (13828)
Analysis of the GFW’s Unconditional Port 443 Block on August 20, 2025:
The text discusses a significant disruption of Internet connections between China and the rest of the world on August 20, 2025, caused by the Great Firewall of China (GFW). The GFW unconditionally injected forged TCP RST+ACK packets to disrupt all connections on TCP port 443, which is commonly used for secure HTTPS traffic. This incident lasted approximately 74 minutes and affected both incoming and outgoing traffic, but the trigger mechanisms were asymmetrical. The device responsible for the incident did not match the fingerprints of any known GFW devices, suggesting it was either a new device or an existing one operating in an unusual or misconfigured state.
The disruption was specifically targeting TCP port 443, and other common ports were not affected. The analysis revealed that the incident was likely caused by a previously uncatalogued GFW device or a known device operating in a novel or misconfigured state. The report encourages the community to share observations to build a more complete picture of the event. (13829)
Databricks is raising a Series K Investment at >$100 billion valuation:
Databricks, a leading data and AI company, has secured a significant investment round, Series K, which values the company at over $100 billion. This funding will be used to enhance their AI strategy, particularly by expanding Agent Bricks, investing in Lakebase, and fueling global growth. Agent Bricks is a new product that creates high-quality AI agents optimized for enterprise data, while Lakebase is an operational database optimized for AI agents. The investment will also support future AI acquisitions and deepen AI research. Databricks has seen strong momentum, with partnerships with major tech companies and over 15,000 customers worldwide. The company’s platform democratizes access to data and AI, enabling organizations to drive innovation and achieve business goals. Databricks is headquartered in San Francisco and is trusted by a vast number of global organizations, including many Fortune 500 companies. (13830)