Assorted links for Friday, July 26:
Assorted links for Thursday, July 25:
OpenSLO is a service level objective (SLO) language that declaratively defines reliability and performance targets using a simple YAML specification.
Assorted links for Wednesday, July 24:
Assorted links for Tuesday, July 23:
Maestro is a general-purpose, horizontally scalable workflow orchestrator designed to manage large-scale workflows such as data pipelines and machine learning model training pipelines. It oversees the entire lifecycle of a workflow, from start to finish, including retries, queuing, task distribution to compute engines, etc.
Assorted links for Monday, July 22:
Today is (Un)Happy Crowdstrike Day! Assorted links for Friday, July 19:
My immediate thoughts are as follows:
Assorted links for Wednesday, July 17:
Assorted links for Tuesday, July 16:
Assorted links for Monday, July 15:
-fomit-frame-pointer anymore.
Assorted links for Friday, July 12:
Assorted links for Thursday, July 11:
Assorted links for Wednesday, July 10:
Assorted links for Tuesday, July 9:
Assorted links for Monday, July 8:
Assorted links for Friday, July 5:
Assorted links for Thursday, July 4:
Assorted links for Wednesday, July 3:
SLICK can help us locate metric and performance data regarding the reliability of a specific service just by knowing its name. It does this by building an index of onboarded services that link to dashboards with standard visualizations to analyze and assess the service reliability. So, with a single click, it becomes possible to know whether a service currently meets or doesn’t meet user expectations. We can then start asking why.
Assorted links for Tuesday, July 2:
Key DevSecOps metrics:
- Number of security vulnerabilities over time
- Compliance with security policies
According to the RMIT researchers, “Brick kilns worldwide consume 375 million tonnes (~340 million metric tons) of coal in combustion annually, which is equivalent to 675 million tonnes of CO2 emission (~612 million metric tons).” This exceeds the combined annual carbon dioxide emissions of 130 million passenger vehicles in the US.
In the new paper, titled “Scalable MatMul-free Language Modeling,” the researchers describe creating a custom 2.7 billion parameter model without using MatMul ([matrix multiplication]) that features similar performance to conventional large language models (LLMs). They also demonstrate running a 1.3 billion parameter model at 23.8 tokens per second on a GPU that was accelerated by a custom-programmed FPGA chip that uses about 13 watts of power (not counting the GPU’s power draw). The implication is that a more efficient FPGA “paves the way for the development of more efficient and hardware-friendly architectures,” they write.
We implemented a concurrency limiter within PlayAPI that prioritizes user-initiated requests over prefetch requests without physically sharding the two request handlers. This mechanism uses the partitioning functionality of the open source Netflix/concurrency-limits Java library.
Assorted links for Monday, July 1:
Most engineers reach for atomic operations in an attempt to produce some lock-free mechanism. Furthermore, programmers enjoy the intellectual puzzle of using atomic operations. Both of these lead to clever implementations which are almost always ill-advised and often incorrect.
sched_extallows you to write and run your custom process scheduler optimized for your target workloads and hardware architectures using BPF programs.
We’ve streamlined our investigations through a combination of heuristic-based retrieval and large language model (LLM)-based ranking to provide AI-assisted root cause analysis. During backtesting, this system has achieved promising results: 42% accuracy in identifying root causes for investigations at their creation time related to our web monorepo.
Assorted links for Friday, June 28:
IncludeOS is a minimal unikernel operating system for C++ services running in the cloud and on real hardware. Starting a program with
#include <os>will include a tiny operating system into your service during link-time.
Assorted links for Thursday, June 27:
Assorted links for Wednesday, June 26:
In this section, we generalize the techniques we developed for binary search to static B-trees and accelerate them further using SIMD instructions. In particular, we develop two new implicit data structures:
- The first is based on the memory layout of a B-tree, and, depending on the array size, it is up to 8x faster than
std::lower_boundwhile using the same space as the array and only requiring a permutation of its elements.- The second is based on the memory layout of a B+ tree, and it is up to 15x faster than
std::lower_boundwhile using just 6-7% more memory — or 6-7% of the memory if we can keep the original sorted array.
Assorted links for Tuesday, June 25:
Pluvicto and Lutathera are both built around small protein sequences, known as peptides. These peptides specifically bind to target receptors on cancer cells—PSMA in the case of prostate cancer and somatostatin receptors in the case of Lutathera—and deliver radiation through the decay of unstable lutetium.
Administered via infusion into the bloodstream, these drugs circulate throughout the body until they firmly attach to the surfaces of tumor cells they encounter. Anchored at these target sites, the lutetium isotope then releases two types of radiation that aid in cancer treatment. The primary emission consists of beta particles, high-energy electrons capable of penetrating tumors and surrounding cells, tearing into DNA and causing damage that ultimately triggers cell death.
Back in 2019 after various speculation-based CPU vulnerabilities began coming to light, Amazon engineers proposed process-local memory allocations for hiding KVM secrets. They were striving for an alternative mitigation for vulnerabilities like L1TF by essentially providing some memory regions for kernel allocations out of view/access from other kernel code. Amazon engineers this week laid out a new proposal after five years of ongoing Linux kernel improvements for MM-local memory allocations for dealing with current and future speculation-based cross-process attacks.
Assorted links for Monday, June 24:
We introduce a novel framework, Video Annotator (VA), which leverages active learning techniques and zero-shot capabilities of large vision-language models to guide users to focus their efforts on progressively harder examples, enhancing the model’s sample efficiency and keeping costs low.
VA seamlessly integrates model building into the data annotation process, facilitating user validation of the model before deployment, therefore helping with building trust and fostering a sense of ownership. VA also supports a continuous annotation process, allowing users to rapidly deploy models, monitor their quality in production, and swiftly fix any edge cases by annotating a few more examples and deploying a new model version.
Parameter vulnerability factor (PVF) is a novel metric we’ve introduced with the aim to standardize the quantification of AI model vulnerability against parameter corruptions.
…[T]he researchers focus on what they call semantic entropy. This evaluates all the statistically likely answers evaluated by the LLM and determines how many of them are semantically equivalent. If a large number all have the same meaning, then the LLM is likely uncertain about phrasing but has the right answer. If not, then it is presumably in a situation where it would be prone to confabulation and should be prevented from doing so.
Assorted links for Friday, June 21:
After nearly two years of active development and testing, we are proud to announce Meta Low Bitrate audio codec, aka MLow, which achieves two-times-better quality than Opus (POLQA MOS 1.89 vs 3.9 @ 6kbps WB). Even more importantly, we are able to achieve this great quality while keeping MLow’s computational complexity 10 percent lower than that of Opus.
To make the most of their unstructured data, development teams are turning to retrieval-augmented generation, or RAG, a method for customizing large language models (LLMs). They can use RAG to keep LLMs up to date with organizational knowledge and the latest information available on the web. They can also use RAG and LLMs to surface and extract insights from unstructured data.
LXC is not typically used for application development but for scenarios requiring full OS functionality or direct hardware integration. Its ability to provide isolated and secure environments with minimal overhead makes it suitable for infrastructure virtualization where traditional VMs might be too resource-intensive.
Docker’s utility in supporting rapid development cycles and complex architectures makes it a valuable tool for developers aiming to improve efficiency and operational consistency in their projects.
Clean architecture is a widely adopted opinionated way to structure your code and to separate the concerns of the application into layers. The main idea is to separate the business logic from the infrastructure and presentation layers.
Assorted links for Thursday, June 20:
A push triggers a Kafka event, which is fanned out via independent consumers to many isolated jobs that can process the event without worrying about any other consumers.
Rust’s ownership model is a fundamental feature that enhances both speed and safety. Every value in Rust has a unique owner, responsible for its cleanup when it’s no longer needed. This eliminates the need for a garbage collector and ensures efficient memory management. The ownership rules are enforced at compile time, which means there’s no runtime overhead.
Outside of special cases, Meta maintains its fleet of clusters using a technique called maintenance trains. This is used for all capacity, including compute and storage capacity. A small number of servers are taken out of production and maintained with all applicable upgrades. Trains provide the guarantee that all capacity minus one maintenance domain is up and running 24/7, thus providing capacity predictability. This is mandatory for all capacity that is used for online and recurring training.
Assorted links for Wednesday, June 19:
Developers can now take advantage of Arm-based hardware hosted by GitHub to build and deploy their release assets anywhere Arm architecture is used. Best of all, these runners are priced at 37% less than our x64 Linux and Windows runners.
Assuming an 8-hour workday and considering 260 workdays per year brings the annual energy cost of one person’s hour of daily work to around 6 kWh[a].
Now for the energy cost of running an LLM. We have set a target of 250 words in an hour. LLMs generate tokens, parts of words, so if we use the standard ratio (for English) of 0.75 words per token, our target for one hour of work is around 333 tokens. Measurements with Llama 65B reported around 4 Joules per output token [4]. This leads to 1,332 Joules for 333 tokens, about 0.00037 kWh.
Microsoft’s upcoming Recall feature in Windows 11 has generated a wave of controversy this week following early testing that revealed huge security holes. The initial version of Recall saves screenshots and a large plaintext database tracking everything that users do on their PCs, and in the current version of the feature, it’s trivially easy to steal and view that database and all of those screenshots for any user on a given PC, even if you don’t have administrator access. Recall also does little to nothing to redact sensitive information from its screenshots or that database.
First and most significantly, the company says that Recall will be opt-in by default, so users will need to decide to turn it on. It may seem like a small change, but many users never touch the defaults on their PCs, and for Recall to be grabbing all of that data by default definitely puts more users at risk of having their data stolen unawares.
The company also says it’s adding additional protections to Recall to make the data harder to access. You’ll need to enable Windows Hello to use Recall, and you’ll need to authenticate via Windows Hello (whether it’s a face-scanning camera, fingerprint sensor, or PIN) each time you want to open the Recall app to view your data.
Assorted links for Tuesday, June 18:
By providing a reusable, state-of-the-art execution engine that is engine- and dialect-agnostic (i.e, it can be integrated with any data system and extended to follow any SQL-dialect semantic), Velox quickly received attention from the open-source community. Beyond our initial collaborators from IBM/Ahana, Intel, and Voltron Data, today more than 200 individual collaborators from more than 20 companies around the world participate in Velox’s continued development.
A team of physicists has discovered that it’s possible to build a real, actual, physical warp drive and not break any known rules of physics. One caveat: the vessel doing the warping can’t exceed the speed of light, so you’re not going to get anywhere interesting any time soon. But this research still represents an important advance in our understanding of gravity.
Windows 11 24H2 includes an updated compiler, kernel, and scheduler, all lower-level system changes made at least in part to better support Arm-based PCs. Existing Windows-on-Arm systems should also see a 10 or 20 percent performance boost when using x86 applications, thanks to improvements in the translation layer (which Microsoft is now calling Prism).
There are more user-visible changes, too. 24H2 includes Sudo for Windows, the ability to create TAR and 7-zip archives from the File Explorer, Wi-Fi 7 support, a new “energy saver” mode, and better support for Bluetooth Low Energy Audio. It also allows users to run the Copilot AI chatbot in a regular resizable window that can be pinned to the taskbar instead of always giving it a dedicated strip of screen space.
Minnesota this week eliminated two laws that made it harder for cities and towns to build their own broadband networks. The state-imposed restrictions were repealed in an omnibus commerce policy bill signed on Tuesday by Gov. Tim Walz, a Democrat.
Minnesota was previously one of about 20 states that imposed significant restrictions on municipal broadband. The number can differ depending on who’s counting because of disagreements over what counts as a significant restriction. But the list has gotten smaller in recent years because states including Arkansas, Colorado, and Washington repealed laws that hindered municipal broadband.
The Minnesota bill enacted this week struck down a requirement that municipal telecommunications networks be approved in an election with 65 percent of the vote. The law is over a century old, the Institute for Local Self-Reliance’s Community Broadband Network Initiative wrote yesterday.
Assorted links for Monday, June 17:
.NET Aspire brings together tools, templates, and NuGet packages that help you build distributed applications in .NET more easily.
Here’s a look at our updates & announcements:
- Artificial Intelligence: End-to-end scenarios for building AI-enabled applications, embracing the AI ecosystem, and deep integration with cloud services.
- .NET Aspire: for building cloud-native distributed applications, releasing today.
- C# 13: Improvements to much loved C# features to make them even better for you.
- Performance: Reducing memory and execution time with critical benchmarks.
- Enhancements to .NET libraries and frameworks including ASP.NET Core, Blazor, .NET MAUI, and more.
A new study by researchers at the UK’s University of Leeds, however, suggests that … renewables already produce more net energy than the fossil fuels they’re displacing. The key to understanding why is that it’s much easier to do useful things with electricity than it is with a hunk of coal or a glob of crude oil.
We recently launched a new tool to enhance Docker documentation: an AI-powered documentation assistant incorporating kapa.ai. Docker Docs AI is designed to get you the information you need by providing instant, accurate answers to your Docker-related questions directly within our documentation pages.
With making use of multiple queues, the VirtIO-FS file-system code can be up to 5~5.5x faster for read and write performance.
Assorted links for Friday, June 14:
It’s like magic with one line of code changed in the Linux kernel that Intel is reporting up to 19% performance improvement for Intel Core Ultra “Meteor Lake” and up to an 11% improvement in performance per Watt. Or in another EPP mode, the power consumption during video playback can be reduced by 52%!
Light painting is a technique used in both art and science that involves taking long-exposure photographs while moving some kind of light source—a small flashlight, perhaps, or candles or glowsticks—to essentially trace an image with light. A UK collaboration of scientists and artists has combined light painting with low-cost air pollution sensors to visualize concentrations of particulate matter (PM) in select locations in India, Ethiopia, and Wales. The objective is to creatively highlight the health risks posed by air pollution, according to a new paper published in the journal Nature Communications.
There were significant differences in SI between psychologists and AI’s ChatGPT-4 and Bing. ChatGPT-4 exceeded 100% of all the psychologists, and Bing outperformed 50% of PhD holders and 90% of bachelor’s holders. The differences in SI between Google Bard and bachelor students were not significant, whereas the differences with PhDs were significant; Where 90% of PhD holders excel on Google Bird.
NYTimes: Since 2020, California has installed more giant batteries than anywhere in the world apart from China. They can soak up excess solar power during the day and store it for use when it gets dark.
Those batteries play a pivotal role in California’s electric grid, partially replacing fossil fuels in the evening. Between 7 p.m. and 10 p.m. on April 30, for example, batteries supplied more than one-fifth of California’s electricity and, for a few minutes, pumped out 7,046 megawatts of electricity, akin to the output from seven large nuclear reactors.
Assorted links for Thursday, June 13:
Windows Subsystem for Linux is now automatically releasing stored memory in WSL back for use by Windows. This automatic memory reclaim support is a great addition and makes Windows behave better especially for systems with limited amounts of RAM. Without this support in memory hungry situations like with Docker it was possible for WSL2 to exhaust all of the system’s physical memory.
Windows Subsystem for Linux has also enabled DNS tunneling by default for improved network support.
Meanwhile in experimental form is support for automatic disk reclaim and a new mirrored networking mode that provides for features like IPv6 support.
For nearly two hours, Berkshire Hathaway’s Class A shares were listed as trading at just $185.10 — a price that would represent a loss of 99.97%. Berkshire closed at $627,400 on Friday.
NYSE announced it has decided to “bust,” or cancel, all “erroneous” trades for Berkshire between 9:50 am ET and 9:51 am ET at or below $603,718.30. The exchange said that ruling is not eligible for appeal and indicated it could cancel other trades.
Azure Linux 3.0 shifts from the aging Linux 5.15 kernel to the newer Linux 6.6 LTS kernel as well as significant updates to OpenSSL, systemd, Runc, and other components. Azure Linux 3.0 is also now defaulting to SELinux’s enforcing mode by default.
Today, the OpenAI team released their first beta, version 2.0.0-beta.1, of the official OpenAI library for .NET. Features include:
- Support for the entire OpenAI API, including Assistants v2 and Chat Completions
- Support for GPT-4o, OpenAI’s latest flagship model
- Extensibility to enable the community to build libraries on top
- Sync and async APIs for ease of use and efficiency
- Access to streaming completions via
IAsyncEnumerable<T>
Yesterday, the European Union’s Copernicus Earth-monitoring service announced that we’ve now gone a full year where every single month has been the warmest version of that month since we’ve had enough instruments in place to track global temperatures.
Assorted links for Wednesday, June 12:
A study from researchers at the National Energy Technology Laboratory shows the wastewater produced by Pennsylvania’s unconventional wells could contain enough lithium to meet 38 to 40 percent of current domestic consumption.
During the initial deployment of a Google Cloud VMware Engine (GCVE) Private Cloud for the customer using an internal tool, there was an inadvertent misconfiguration of the GCVE service by Google operators due to leaving a parameter blank. This had the unintended and then unknown consequence of defaulting the customer’s GCVE Private Cloud to a fixed term, with automatic deletion at the end of that period. The incident trigger and the downstream system behavior have both been corrected to ensure that this cannot happen again.
In a series of experiments for a new study, Kovács found that a panel of human testers was unable to distinguish between reviews written by humans and those written by GPT-4, the LLM powering the latest iteration of ChatGPT. In fact, they were more confident about the authenticity of AI-written reviews than they were about human-written reviews.
Assorted links for Tuesday, June 11:
BuildKit is a toolkit for converting source code to build artifacts (like container images) in an efficient, expressive, and repeatable manner.
On Monday, OpenAI announced the formation of a new “Safety and Security Committee” to oversee risk management for its projects and operations. The announcement comes as the company says it has “recently begun” training its next frontier model, which it expects to bring the company closer to its goal of achieving artificial general intelligence (AGI), though some critics say AGI is farther off than we might think. It also comes as a reaction to two weeks of public setbacks for the company.
“Flamenco is a CLI tool that helps toolchain developers manage many different package versions and releases from a single debian folder source tree.”
Together, we’ve built an integration that includes intuitive navigation and traceability between source code and binaries, CI/CD with GitHub Actions and JFrog Artifactory, and a unified view of security findings across the software supply chain. By providing full control and visibility across the entire software supply chain, we are accelerating our joint vision of making developers’ lives easier and happier.
A massive uptick in traffic to Fedora’s package mirrors is causing problems for the Linux distribution. Some five million additional systems have started putting additional strain on Fedora’s mirror resources since March and appear to be coming from Amazon’s cloud.
Assorted links for Monday, June 10:
The vulnerability, tracked as CVE-2024-1086 and carrying a severity rating of 7.8 out of a possible 10, allows people who have already gained a foothold inside an affected system to escalate their system privileges. It’s the result of a use-after-free error, a class of vulnerability that occurs in software written in the C and C++ languages when a process continues to access a memory location after it has been freed or deallocated. Use-after-free vulnerabilities can result in remote code or privilege escalation.
The vulnerability, which affects Linux kernel versions 5.14 through 6.6, resides in the NF_tables, a kernel component enabling the Netfilter, which in turn facilitates a variety of network operations, including packet filtering, network address [and port] translation (NA[P]T), packet logging, userspace packet queueing, and other packet mangling. It was patched in January, but as the CISA advisory indicates, some production systems have yet to install it. At the time this Ars post went live, there were no known details about the active exploitation.
Here we see the fundamental flaw of the system: “AI Overviews are built to only show information that is backed up by top web results.” The design is based on the false assumption that Google’s page-ranking algorithm favors accurate results and not SEO-gamed garbage. Google Search has been broken for some time, and now the company is relying on those gamed and spam-filled results to feed its new AI model.
Internet surveillance, and the resultant loss of privacy, is following the same trajectory. Just as certain fish populations in the world’s oceans have fallen 80 percent, from previously having fallen 80 percent, from previously having fallen 80 percent (ad infinitum), our expectations of privacy have similarly fallen precipitously. The pervasive nature of modern technology makes surveillance easier than ever before, while each successive generation of the public is accustomed to the privacy status quo of their youth. What seems normal to us in the security community is whatever was commonplace at the beginning of our careers.
Recall that in the Danish system each mortgage is backed by a matching bond. As a consequence, mortgage holders have two ways to pay a mortgage: 1) hold the mortgage and pay the monthly payments or 2) buy the matching bond and, in effect, extinguish the mortgage. The latter option is valuable because when interest rates rise, the price of mortgages fall.
…Danish sellers are able to earn a profit when they trade in their low mortgage rates for more-expensive ones, making it easier to move even when rates rise.
In all, it’s a bleak finding that bodes poorly for the collective health of Americans, who are now seeing rises in cases of measles and other vaccine-preventable illnesses. Additional surveys by the APPC in 2021, 2022, and 2023 identified a slight increase in the number of survey takers who specifically believe, falsely, that the MMR (measles, mumps, and rubella) vaccine causes autism. In 2021, 9 percent of respondents falsely indicated that MMR vaccine causes autism, responding that the statement was “definitely true” (2 percent) or “probably true” (7 percent). In 2023, 12 percent of respondents fell into those categories, 2 percent for “definitely true” and 10 percent for “probably true.”
Since the start of 2024, the US has seen a steady march of measles infections nationwide. As of May 31, the CDC has recorded 146 cases across 21 states. Of those cases, 64 were part of a large outbreak in Chicago, which was declared over on May 30.
Assorted links for Wednesday, May 22:
Assorted links for Tuesday, May 21:
Assorted links for Monday, May 20:
std::string
Assorted links for Friday, May 10:
Assorted links for Thursday, May 9:
Regulators strongly prefer that deposits stay within the regulated banking sector. The single largest reason is that they’re worried that households’ immediately accessible stored funds stay safe and accessible. A major follow-up reason, less understood by non-specialists, is that regulated banks are bound to a long list of consumer protection items on the transaction level, not the institution level. A lot of the abuse in the economy happens in $50 and $5,000 increments, rather than multi-billion dollar increments. Regulators sleep happier knowing that this abuse happens at companies with teams of operators standing. Those operators will groan and chalk a disputed transaction, instance of fraud, or glitch in the matrix up to the operational losses budget rather than sticking a user with it.
Assorted links for Wednesday, May 8:
run0 As sudo Alternative: From what I can tell from the summary, run0 should be more secure than sudo
Assorted links for Tuesday, May 7:
final Keyword: tl;dr, final isn’t always faster, and modern CPU performance defies intuition so always test & measure.
Assorted links for Monday, May 6:
Assorted links for Friday, April 26:
Assorted links for Thursday, April 25:
Assorted links for Wednesday, April 24:
Assorted links for Tuesday, April 23:
Assorted links for Monday, April 22:
Assorted links for Friday, April 19:
Assorted links for Thursday, April 18:
Assorted links for Wednesday, April 17:
Assorted links for Tuesday, April 16:
Assorted links for Monday, April 15:
Assorted links for Friday, April 12:
Assorted links for Thursday, April 11:
The email your manager received and forwarded to you was something completely innocent, such as a potential customer asking a few questions. All that email was supposed to achieve was being forwarded to you. However, the moment the email appeared in your inbox, it changed. The innocent pretext disappeared and the real phishing email became visible. A phishing email you had to trust because you knew the sender and they even confirmed that they had forwarded it to you.
Assorted links for Wednesday, April 10:
Assorted links for Tuesday, April 9:
Assorted links for Monday, April 8:
As chief AI officers, appointees will serve as senior advisers on AI initiatives, monitoring and inventorying all agency uses of AI. They must conduct risk assessments to consider whether any AI uses are impacting “safety, security, civil rights, civil liberties, privacy, democratic values, human rights, equal opportunities, worker well-being, access to critical resources and services, agency trust and credibility, and market competition,” OMB said.
[W]hat sets this Oregon law apart from the other three states is that is bans “parts pairing,” a term that describes when companies prevent unauthorized parts from functioning in their devices.
Assorted links for Friday, April 5:
Assorted links for Thursday, April 4:
Assorted links for Wednesday, April 3:
Assorted links for Tuesday, April 2:
Assorted links for Monday, April 1:
include
Assorted links for Friday, March 29:
Assorted links for Thursday, March 28:
Assorted links for Wednesday, March 27:
Assorted links for Tuesday, March 26:
Assorted links for Monday, March 25:
Assorted links for Friday, March 22:
Assorted links for Thursday, March 21:
Assorted links for Wednesday, March 20:
Assorted links for Tuesday, March 19:
Assorted links for Monday, March 18:
Assorted links for Friday, March 15:
Assorted links for Thursday, March 14:
Assorted links for Wednesday, March 13:
Assorted links for Tuesday, March 12:
Assorted links for Monday, March 11:
Assorted links for Friday, March 8:
Assorted links for Thursday, March 7:
Assorted links for Wednesday, March 6:
Assorted links for Tuesday, March 5:
Assorted links for Monday, March 4:
Assorted links for Friday, March 1:
Assorted links for Thursday, February 29:
Assorted links for Wednesday, February 28:
Assorted links for Tuesday, February 27:
Assorted links for Monday, February 26: