GitLab and others are affected. The blame lies in the SAML specification, and in credulous engineers that implement it. CVE-2024-45409 was published on September 10, 2024. It’s yet another XML signature wrapping attack, this time affecting the main Ruby implementation of SAML. The vuln allows an attacker log in as any arbitrary user of the affected system. This attack keeps coming up again and aga
Introducing Spectrum 2: Our vision for the future of Adobe experience design
Introducing Spectrum 2: Our vision for the future of Adobe experience design A preview of the comprehensive update coming to Adobe's design system Imagine you’re designing a house. Your first step might be to draw a picture. To turn that picture into a house would require the input of many experts—architects, engineers, and builders—and would involve planning, teamwork, and time with each collabor
Functional Semantics in Imperative Clothing There's an old joke about programming with pure functions: “Eventually you have to do some effects. Otherwise you're just heating up the CPU.” I've always wanted the purely functional Roc programming language to be delightful for I/O-heavy use cases. But when I recently sat down to port an I/O-heavy shell script from Bash to Roc, I wasn't happy with how
Name: Divij Singh Title: Data Science Engineer Organization: Rakuten Symphony, Japan Hometown: New Delhi, India Living in Japan: Since January 2021 LinkedIn: https://www.linkedin.com/in/divijsingh This is the 15th interview in the “Interviews with Foreign Information Technology Engineers in Japan” series. “ EJable.com’s Ryoko Nagai talks to Divij Singh of Rakuten Symphony, Japan. Transcript of Div
The Japanese kanji meaning “go” is 行. This Kanji for “go” also means “to carry out”. The kun’yomi (Japanese reading) pronunciations of the Kanji 行 are “i-ku” (い-く), “yu-ku” (ゆ-く), and “okona-u” (おこな-う). The on’yomi (Chinese reading) pronunciations of 行 are “ko” (コウ), “gyo” (ギョウ), and “an” (アン). The Kanji 行, for “go“, appears in 1,722 Japanese names, and in that case, it is pronounced as “yuki” (ゆき
The Spring Lisp Game Jam 2024 ended one week ago. 48 games were submitted, a new record for the jam! This past week has been a time for participants to play and rate each other’s games. As I explored the entries, I noticed two distinct meta-patterns in how people approached building games with Lisp. I think these patterns apply more broadly to all applications of Lisp. Let’s talk about these patte
Negative Pressure Wound Therapy Market Worth USD 3.67 Billion by 2030 at 6.1% CAGR – Report by Market Research Future (MRFR)
Negative Pressure Wound Therapy Market Competitive Landscape: The affluent firms in the negative pressure wound therapy market include ACELITY L. P. Inc.Cardinal HealthConvaTec Group Plc.DeRoyal Industries Inc.Smith & NephewLohmann & Rauscher International GmbH & Co. KgTalley GroupMedelaGenadyneMölnlycke Health Care AB Negative Pressure Wound Therapy Market USP Covered: Market Drivers: Negative pr
Author: Jurgen Appelo In the Agile community, there’s a common misconception that agility exclusively involves iterative, incremental delivery, and anything else is dismissed as “waterfall.” However, my Agile Quadrants picture shows a broader spectrum of agility. While not strictly adhering to “hard agile” principles, many products employ “soft agile” approaches, involving feedback cycles through
サイバーパンク桃太郎【電子特典付き】 (バンチコミックス) 作者:Rootport 新潮社 Amazon It is with great honor that I have been named to the TIME100 Most Influential People in AI. Below is the full text of the interview. time.com 1. How did AI help you create "Cyberpunk: Peach John"? Can you explain the process? In a collection of essays I published in 2019, I wrote the following story: Since 1997, when the supercomputer Deep Blue
Runtime code generation and execution in Go: Part 1Part 1 of the introduction to the weird world of runtime code generation and execution in Go May 19, 2024 Disclaimer: I won’t expand on why/when you want to do this kind of hack, and you should not do this unless you know exactly what you are doing. Everything I talk about here is completely unsafe and might not be accurate for the future Go versi
Join Honeycomb for part two of our roadshow: London, Amsterdam, NYC, and SF.Learn more Naming things, and specifically consistently naming things, is still one of the most useful pieces of work you can do in telemetry. It’s often overlooked as something that will just happen naturally and won’t cause too much of an issue—but it doesn’t happen naturally, it does cause issues, and you end up having
What do Switzerland, the US, Sweden, the UK, and the Netherlands have in common? They are all rich, protestant, relatively cold countries where a big part of the population consists of (former) immigrants. They also form the top 5 of the Global Innovation Index. These countries invest greatly in R&D, infrastructure, regulations (and intellectual property protection) and education. The countries ar
research!rsc: Hash-Based Bisect Debugging in Compilers and Runtimes
Setting the Stage Does this sound familar? You make a change to a library to optimize its performance or clean up technical debt or fix a bug, only to get a bug report: some very large, incomprehensibly opaque test is now failing. Or you add a new compiler optimization with a similar result. Now you have a major debugging job in an unfamiliar code base. What if I told you that a magic wand exists
Motivation I started working with language models five years ago when I led the team that created CodeSearchNet, a precursor to GitHub CoPilot. Since then, I’ve seen many successful and unsuccessful approaches to building LLM products. I’ve found that unsuccessful products almost always share a common root cause: a failure to create robust evaluation systems. I’m currently an independent consultan
TechScape: How cheap, outsourced labour in Africa is shaping AI English
Some of the tells are obvious. The fawning obsequiousness of a wild language model hammered into line through reinforcement learning with human feedback marks chatbots out. Which is the right outcome: eagerness to please and general optimism are good traits to have in anyone (or anything) working as an assistant. Similarly, the domains where the systems fear to tread mark them out. If you ever won
Why I like Tcl
In this blurb, I'll try to convince you that Tcl isn't just an old clunky language for contrarian weirdos and that it is in fact (well, has become) a hidden gem for the power-hungry hacker who wants a simple (but not barren!) glue language, like a mix of sh and Scheme. Pros §Extremely consistent and elegant syntax described in 12 rules fitting in a short man page and no reserved keyword, nearing a
Gentoo goes Binary! Dec 29, 2023 You probably all know Gentoo Linux as your favourite source-based distribution. Did you know that our package manager, Portage, already for years also has support for binary packages, and that source- and binary-based package installations can be freely mixed? To speed up working with slow hardware and for overall convenience, we’re now also offering binary package
Developing a hierarchical model for unraveling conspiracy theories - EPJ Data Science
Research Open access Published: 16 April 2024 Developing a hierarchical model for unraveling conspiracy theories Mohsen Ghasemizade ORCID: orcid.org/0009-0008-5758-16581 & Jeremiah Onaolapo1 EPJ Data Science volume 13, Article number: 31 (2024) Cite this article A conspiracy theory (CT) suggests covert groups or powerful individuals secretly manipulate events. Not knowing about existing conspiracy
Rust panics under the hood, and implementing them in .NET
Rust panics under the hood, and implementing them in .NET I am currently working on a Rust to .NET compiler, rustc_codegen_clr. To get it to work, I need to implement many Rust features using .NET APIs. One of such features is panicking and unwinding. This article is the first one in a series about Rust panics, unwinding, and my implementation of them in .NET. In this part, I will look at unwindin
Reimagining China in Tokyo
A new community of expats is opening bookstores, attending lectures, and imagining alternatives to Xi from the relative safety of Japan. As a teacher in his early twenties, Zhang felt the premonition of a crisis. The new millennium had dawned, and Zhang (who asked that I use only his last name, for fear of government retaliation) was living in a middling city in central China drilling vocabulary t
Photo by Simon Kadula on UnsplashAs the story of C’s birth goes hand in hand with the creation of Unix, the first C compiler can be traced back to the early 1970’s. I've detailed the history of C in my previous article Tracing the Lines: From the Telephone to Unix, which includes a brief summary of this history. Around 1971, Ken decided that Unix needed to be ported to a higher level language. Den
Cochlear Implants Market Leaders Size and Share Expected to Touch USD 3203.8 Mn by 2023 – Market Research Future
Cochlear Implants Market Leaders Size and Share Expected to Touch USD 3203.8 Mn by 2023 – Market Research Future The Global Cochlear Implants Market is set to reach a size of USD 3203.8 Million by 2023 owing to developments in cochlear implants. Advances in these medical devices can boost assisted technology for hearing-impaired. August 20, 2018 19:00 ET | Source: Market Research Future Pune, Indi
A History of Source Control Systems: SCCS and RCS (Part 1)
April 5, 2024 · 15 min · 3194 words · David Soria Parra Updates#April 7th, 2024#I received an email from Marc Rochkind. He recounts some details of the creation of SCCS. I attached the email at the end of the article and made corrections inside the article. Most importantly, check out Marc’s original paper. Thank you all for the kind comments and interesting discussion Hacker News and Lobste.rs. H
Enteral Feeding Devices Market Size, Share, Forecast 2032
Enteral Feeding Devices Market Research Report: Information By Product (Enteral Feeding Tubes, Enteral Feeding Pumps, Enteral Syringes, Administration Sets, Consumables), By Age Group (Pediatrics And Adults), By End-User (Hospitals, Ambulatory Surgery Centers, Home Care Settings), By Indication (Diabetes, Cancer, Gastrointestinal diseases, Hypermetabolism), And By Region (North America, Europe, As
The final version of ECMAScript 2024 Language Specification was approved on the 26th of June. The list of new JavaScript features is now confirmed, and to keep my annual tradition, I am publishing this yearly recap for you and my future self. For curious ones, here are the posts from the past years: 2023, 2022, 2021, 2020, 2019, 2018, 2017 and 2016. A few handy features became part of the specific
Kanji for "Jade," "Jewel" and Sometimes "Ball": 玉 (Tama, Gyoku)
In Japanese, the Kanji for “jade” is 玉. The Kunyomi, or the Japanese, pronunciation of the Kanji 玉 is tama (たま), and the Onyomi (Chinese) pronunciation is gyoku (ギョク) or goku (ゴク). However, there’s another less common Kanji 瑚 (ko), which can refer to “coral” and is sometimes associated with precious stones like jade in a broader sense. 瑚, in specific contexts, it may imply a precious stone similar
The Japanese kanji 高 means “High,” “Tall,” or “Expensive.” The kun’yomi (Japanese reading) pronunciation of the Kanji 高 is “taka” (たか) as in the words taka-i (たか-い), taka-maru (たか-まる), and taka-meru (たか-める). The on’yomi (Chinese reading) pronunciation of 高 is “ko” (コウ). The Kanji 高 for “tall” or “high” frequently appears in Japanese names, and in that case, it is pronounced as “ka” (か), “ko” (こ),
【エッセイ#14】優しくない世界にあなたは優しい人になれ(JPN/ENG) - Kamakura Yuuki's Talks
優しくない世界にあなたは優しい人になれ The world is kind to those who are being kind 文字数 3,392字 「『冷たい人』は彼らが優しさを知らないより、スイッチがあるように、便利に相手によるとその優しさを付けたり消したりできて、機械か人間かわからない意味です」 こんにちは、アップしたときはもうすぐ春本番ですね! Hi everyone! Well, I think that the spring is coming by the time I post this essay! 寒さがちょっと苦手なので、少し暖かくなるのは嬉しいです(笑) As for myself who does not like the cold much, I’m glad that it gets a bit warmer now…! はい、今回の話題はタイトル通りでな
Maybe Getting Rid of Your QA Team was Bad, Actually.
Over many years, “DevOps” practitioners applied Theory Of Constraints to our problems, ruthlessly optimizing our delivery pipelines and practices. Manual release management? Hell no, automate that. Deployment? Automate that too. Image management? 🔨 No thanks. Rolling back after we trebuchet a flaming dumpster into production? Automated. Whatever low value activity we could find in the process of
Jimmy MillerBeing Raised by the Internet I grew up relatively poor. I was fortunate enough to have a roof over my head, clean water, electricity, a computer, internet, and cable tv. But food was often harder to come by. This may seem like a contradiction, but when your mom has left to marry her uncle and your dad has schizophrenia, you aren’t really in charge of how the money is spent. Starting at
AWS claims its cloud faces competition from on-premises IT
Cloud behemoth AWS says it is facing stiff competition from on-premises infrastructure, which is a turnaround from its once-proud boast that all workloads would eventually move to the cloud. In a summary of evidence given to UK watchdog, the Competition and Markets Authority (CMA), AWS denies that customers face any difficulty in switching from its platform. And to demonstrate this, AWS lists exam
Quickly understand inscrutable LLM frameworks by intercepting API calls. Background There are many libraries that aim to make the output of your LLMs better by re-writing or constructing the prompt for you. These libraries purport to make the output of your LLMs: safer (ex: guardrails) deterministic (ex: guidance) structured (ex: instructor) resilient (ex: langchain) … or even optimized for an arb
For years, the people building powerful artificial intelligence systems have used enormous troves of text, images and videos pulled from the internet to train their models. Now, that data is drying up. Over the past year, many of the most important web sources used for training A.I. models have restricted the use of their data, according to a study published this week by the Data Provenance Initia
Why philosophers should worry about cancel culture
Over the past few years I have been surprised and disappointed by the number of my colleagues in philosophy who have been willing to jump on various online bandwagons, attempting to punish or intimidate members of the profession for speaking their minds on different subjects. At the risk of sounding a bit supercilious, I must admit to finding this sort of behaviour particularly surprising coming f
As part of my PhD studies, I’m working on a distributed task runtime called HyperQueue. Its goal is to provide an ergonomic and efficient way to execute task graphs on High-Performance Computing (HPC) distributed clusters, and one of its duties is to be able to spawn a large amount of Linux processes efficiently. HyperQueue is of course written in Rust1, and it uses the standard library’s Command
Tipping in Japan: Insights, Tips, and More for Foreigners | MailMate
Overall rule: tipping is not expected in Japan In Japan, tipping isn't customary. No need to tip in Japan. At restaurants, bars, and cafes in Japan, you pay for your meal at the register. You can try to tip by leaving it at the table or paying at the register. But in these situations, the staff will give you your money back or politely decline it. Another common place where you can try to tip is i
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
Ruby-SAML pwned by XML signature wrapping attacks | SSOReady
Functional Semantics in Imperative Clothing
Interview with Divij Singh of Rakuten Symphony, Japan
Kanji for "To Go": 行 (i-ku / yu-ku / okona-u)
Lisp: Icing or Cake? — dthompson
Hard Agile, Soft Agile, and Not Agile — unFIX
Now is the TIME to make mangas with AIs. - デマこい!
Runtime code generation and execution in Go: Part 1
OpenTelemetry Best Practices #1: Naming
Risk tolerance: why some countries prefer more complex UIs
Your AI Product Needs Evals –
Gentoo goes Binary! – Gentoo Linux
Compiling History: A brief tour of C compilers
What's new in ECMAScript 2024 | pawelgrzybek.com
Kanji for High, Tall, Expensive: 高 (Taka-i)
Being Raised by the Internet
Fuck You, Show Me The Prompt. –
The Data That Powers A.I. Is Disappearing Fast
Process spawning performance in Rust