クラウドストレージサービスの「MEGA」は、ユーザーがアップロードしたファイルをエンドツーエンドで暗号化しており、たとえ何者かにインフラストラクチャー全体が押収されてもファイルを復号できないと主張しています。ところが、スイス・チューリッヒ工科大学の研究チームが発表した調査結果によると、MEGAには暗号化されたファイルを復号したり、悪意のあるファイルを勝手にアップロードしたりできる脆弱性(ぜいじゃくせい)があるとのことです。 MEGA: Malleable Encryption Goes Awry https://mega-awry.io/ Mega says it can’t decrypt your files. New POC exploit shows otherwise | Ars Technica https://arstechnica.com/information-techn
July 16, 2020 生物学者は「自然主義的誤謬」概念をどう使ってきたか 最近発表された人間行動進化学会の声明の中で、「自然主義的誤謬」という哲学由来の概念が使われていた。 そこでは、自然主義的誤謬が、「「自然の状態」を「あるべき状態だ」もしくは「望ましい状態だ」とする自然主義的誤謬と呼ばれる「間違い」」という言い方で紹介されている。これを倫理学者が聞いたなら「いや、自然主義的誤謬はそういう意味じゃないんだけどなあ」と言いたくなるところであろう。しかし、進化生物学者と「自然主義的誤謬」という概念の付き合いはかなり長く、それなりの経緯がある。本稿の目的はとりあえずその経緯を追うことで、「自然主義的誤謬」という概念の適切な用法とはなんだろうかということを考えることである。 最初に断っておくが、本稿はいかなる意味でも体系的なサーベイとはなっていない。どちらかといえば、目立つ事例いくつかをつ
The key to achieving world-class expertise in any skill, is to a large extent, a matter of practicing the correct way, for a total of around 10,000 hours — Malcolm Gladwell in OutliersI'm certainly not a world-class expert, but I have put my 10,000 hours of deliberate practice into programming. Here are 31 of my reflections on programming. These are reflections only about pure coding — no lessons
Relearn CSS layout
Already purchased Every Layout, but lost your access? No worries. Add the email address that you used to purchase Every Layout and we’ll re-send your access link. Every Layout has helped thousands of developers and companies simplify CSS layout in their projects Employing algorithmic layout design means doing away with @media breakpoints, “magic numbers”, and other hacks, to create context-indepen
Changes at Basecamp
At Basecamp, we treat our company as a product. It's not a rigid thing that exists, it's a flexible, malleable idea that evolves. We aren't stuck with what we have, we can create what we want. Just as we improve products through iteration, we iterate on our company too. Recently, we've made some internal company changes, which, taken in total, collectively feel like a full version change. It deser
Historical expertise provided by Jerry Beck, Amelia Cook, Jason DeMarco, Maureen Furniss, Monique Henry-Hudson, Willow Catelyn Maclay, Linda Simensky, Koji Yamamura Entries by Rebecca Alter, Elly Belle, Kambole Campbell, Jen Chaney, Amelia Cook, Alex Costello, Marley Crusch, Toussaint Egan, Christopher L. Inoa, Genevieve Koski, Willow Catelyn Maclay, Rafael Motamayor, Sammy Nickalls, Joshua Rivera
The values of Emacs, the Neovim revolution, and the VSCode gorilla
In 2018 Bryan Cantrill gave a brilliant talk where he shared his recent experiences with the Rust programming language. More profoundly, he explored a facet of software that is oftentimes overlooked: the values of the software we use. To paraphrase him slightly: Values are defined as expressions of relative importance. Two things that we're comparing could both be good attributes. The real questio
Powerlessness and the Politics of Blame - ABC Religion & Ethics
Martha C. Nussbaum is the Ernst Freund Distinguished Service Professor of Law and Ethics at the University of Chicago. She is a recipient of the 2016 Kyoto Prize in Arts and Philosophy and has been named the 2017 Jefferson Lecturer in the Humanities. When people feel themselves powerless, out of control of their own lives, and fearful for themselves and their loved ones, it is all too easy to conv
The Joe Rogan Experience #1509 - Abigail Shrier ジョー・ローガン✕アビゲイル・シュライアー The Joe Rogan Experience ポッドキャスト#1509翻訳 URL: https://open.spotify.com/episode/4SIh4Pt39AtGQYzMJMNkv1?si=55240bc2547d45b7 Description: Abigail Shrier is an author, journalist, and writer for the Wall Street Journal. Her new book “Irreversible Damage: The Transgender Craze Seducing Our Daughters” is available now. 公開日: 2020年7月 概要:
“Yay, Juan. You GO, guy! …a great example of malleable software (and a clever mind) at work.” Dan Ingalls “I like it… It’s nice and clean and simple and pretty. Nice stuff!” Alan Kay “I think you have a very elegant design aesthetic.” John Maloney Cuis is a free Smalltalk-80 environment with a specific set of goals: being simple and powerful. It is also portable to any platform, fast and efficient
CUPID—the back story
“If you had to offer some principles for modern software development, which would you choose?” At a recent Extreme Tuesday Club (XTC) virtual meet-up, we were discussing whether the SOLID principles are outdated. A while ago I gave a tongue-in-cheek talk on the topic, so ahead of the meet-up one of the organisers asked what principles I would replace SOLID with since I disagreed with them. I have
Cobalt Strike解析&チュートリアル: Cobalt Strikeによるメタデータの暗号化と復号
By Chris Navarrete, Durgesh Sangvikar, Yu Fu, Yanhui Jia and Siddhart Shibiraj July 13, 2022 at 7:40 PM Category: Tutorial Tags: C2, Cobalt Strike, Cobalt Strike Series, evasion, post-exploitation This post is also available in: English (英語) 概要 Cobalt Strikeは商用の脅威エミュレーションソフトウェアで、ネットワークに長期的にひそむアクターをエミュレートします。Beaconと呼ばれるこのアクターは外部TeamServerと通信してコマンド&コントロール(C2)トラフィックを模倣します。汎用性が高く、レッドチームの正規ツールとしてよく利用され
Octoverse Spotlight 2021: The Good Day Project—Personal analytics to make your work days better
CommunityCompanyOctoverse Spotlight 2021: The Good Day Project—Personal analytics to make your work days betterTable of contents Executive summary Key findings Key takeaways for developers and software teams About the study What we found Interruptions and meetings have a large influence on our days… Table of contents Executive summary Key findings Key takeaways for developers and software teams Ab
If you're a UI/UX or Product Designer like I am, you probably get bogged down with all of the data and notes that you have to collect and analyze during your user research and user experience design process, whether you're designing a digital product or app of your own or working with a team or client. I've used a lot different solutions over the years, like Asana, Trello and Evernote for keeping
Typed Lisp, A Primer
Typed Lisp, A Primer ⟨ Read as PDF or See the source ; Last modified on 2019-08-21 ⟩ Abstract Let's explore Lisp's fine-grained type hierarchy! We begin with a shallow comparison to Haskell, a rapid tour of type theory, try in vain to defend dynamic approaches, give a somewhat humorous account of history, note that you've been bamboozled —type's have always been there—, then go into technical deta
ソフトウェアは社会を変えない
Basecamp で従業員の大量離職騒動が起きていた。原因は社内で社会問題についての議論を禁止するという制度変更への反発。 Changes at Basecamp At Basecamp, we treat our company as a product. It's not a rigid thing that exists, it's a flexible, malleable idea that evolves. We aren't stuck with what we have, we can create what we want. Just as we improve products through iteration, we iterate on our company too. Recently, we've made some internal company chan
What is SAML? Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between parties. Source: Wikipedia SAML is often used for single-sign on (“Sign in with Google”, “Sign in with Twitter” etc.). It means when you want to log in to example.com, example.com can trust & use an external authentication provider to assert the user’s identity f
When I tell people around the world that I've been living in Japan for over a decade, many look both impressed and mystified at once. The place has a good reputation. Some folks are in awe at the temples and the gardens, others at the nature or the food. The extreme tidiness and civility of the local culture are the target of universal admiration. But many of those same people see the local langua
Finished software
One of the driving aspirations behind once.com is the notion that not all software needs to evolve forever. We’ve become so used to digital services being malleable that we’ve confused the possibility of software updates with their necessity. Some software can simply be finished, and a lot would be better if it were. That’s basically the antithesis of SaaS. Which relies on the pitch that the syste
Top 10 Python libraries of 2019
We hope you enjoy it as much as we did creating it, so here we go! 1. HTTPXAs a die-hard Python fan who usually interacts with APIs, you are probably familiar with the requests library. However, requests will do no good for you if you are using the async paradigm, which is increasingly common in high performance modern applications. To solve this, the awesome Tom Christie and collaborators bring u
BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech
BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech This post is also available in: 日本語 (Japanese) Executive Summary Highly malleable, highly sophisticated and over 10,000 bytes of machine code. This is what Unit 42 researchers were met with during code analysis of this “bear” of a file. The code behavior and features strongly correlate with that of the WaterBear malware
Visiteurs depuis le 26/01/2019 : 5808 Connectés : 1 Record de connectés : 16 GSpot gets a acteck drivers that will expect you cheating what got you have and whether it is designed. I do K-Lite as just, designed using it for willing little works. But I have to put Stavros' acteck drivers in the luck. To learn your unlimited computer, it saves about containing because you are also improve the XVID c
25 November 2023 Native Emacs/macOS UX integrations via Swift modules Once you learn a little elisp, Emacs becomes this hyper malleable editor/platform. A live playground of sorts, where almost everything is up for grabs at runtime. Throw some elisp at it, and you can customize or extend almost anything to your heart's content. I say almost, as there's a comparatively small native core, that would
YAGNI exceptions
I'm essentially a believer in You Aren't Gonna Need It – the principle that you should add features to your software – including generality and abstraction – when it becomes clear that you need them, and not before. However, there are some things which really are easier to do earlier than later, and where natural tendencies or a ruthless application of YAGNI might neglect them. This is my collecti
For almost a complete decade—starting with discovering Haskell in about 2009 and right up until switching to a job where I used primarily Ruby and C++ in about 2019—I would have called myself first and foremost a Haskell programmer. Not necessarily a dogmatic Haskeller! I was—and still am—proudly a polyglot who bounces between languages depending on the needs of the project. However, Haskell was m
‘At first I thought, this is crazy’: the real-life plan to use novels to predict the next war
As the car with the blacked-out windows came to a halt in a sidestreet near Tübingen’s botanical gardens, keen-eyed passersby may have noticed something unusual about its numberplate. In Germany, the first few letters usually denote the municipality where a vehicle is registered. The letter Y, however, is reserved for members of the armed forces. Military men are a rare, not to say unwelcome, sigh
From Common Lisp to Julia
This post explains my reasoning for migrating from Common Lisp to Julia as my primary programming language, after a few people have asked me to elaborate. This article is the product of my experiences and opinions, and may not reflect your own. Both languages are very well designed, and work well, so I encourage you to do your own research and form your own opinions about which programming languag
The Chinese surveillance state proves that the idea of privacy is more “malleable” than you’d expect プライバシーの概念変えた 世界一の監視国家・中国 なぜ成功できたのか? 監視テクノロジーで国民を管理しようとする中国政府の方針は、新型コロナのパンデミックでさらに加速した。最近、中国の監視体制について書籍にまとめたウォール・ストリート・ジャーナル紙の記者と、中国におけるプライバシーの概念や監視テクノロジーの広がりについて聞いた。 by Zeyi Yang2022.10.20 4 9 バイデン政権は10月5日に、米国のテック企業との取引を禁止する中国軍需企業のリストを更新した。その際、ダーファ(Dahua)がこのリストに加えられたことに驚きはない。ハイクビジョン(Hikvision)に次ぐ世界
I’m proud of finally announcing the beta release of Pijul, after a bit more than a year of alpha. Sorry for the long post, and Happy New Year! 53 versions of Libpijul 1.0.0-alpha Pijul has come a long way since the initial alpha release, in terms of performance, stability and features. Here are the most notable achievements since the 1.0.0-alpha release in November 2020: A redesign of our backend,
10 Things Software Developers Should Learn about Learning – Communications of the ACM
The dashed box on the left contains exactly the same information as the awkward textual description in the dashed box on the right. But if a developer only received one of the two to create an SQL database, they are likely to find the diagram easier than the text. We say that the text here has a higher extraneous cognitive load. When faced with a task that seems beyond a person’s abilities, it is
At Paste, we believe there’s an anime for everyone. With lists like this, diverse demographics are often left unconsidered, effectively sidelining female and LGBT viewers. Hobbyists and fandoms have long had distinctive, individualized communities, lively groups that often do not intersect except, maybe, at anime conventions, given over half of North America’s attendees are female. So why is it th
Ruscism - Wikipedia
Ruscism, also known as Rashism,[a] Russism,[b] or Russian fascism,[c] is a term used by a number of scholars, politicians and publicists[5][6] to describe the political ideology and the social practices of the Russian state in the late 20th and early 21st centuries, especially during the rule of Vladimir Putin. "Ruscism" and "Russism" are portmanteaus which combine the words 'Russian' and 'fascism
Turing Pi 2: 4 Raspberry Pi nodes on a mini ITX board | Jeff Geerling
Last year I spent a bit of time building a Kubernetes cluster with the original Turing Pi. It was fun, and interesting, but ultimately the performance of the Compute Module 3+ it was designed around led me to running my homelab off some newer Pi 4 model B computers, which are at least twice as fast for almost everything I run on them. So this year, I was excited when the folks at Turing Pi sent me
Build images on GitHub Actions with Docker layer caching—Martian Chronicles, Evil Martians’ team blog
Save hours of googling and learn how to build images on GitHub Actions with proper Docker layer caching. With Docker’s BuildKit capabilities (now easy to set up on GitHub’s CI runners) you can use the native caching mechanism of Actions to keep your image layers neatly tucked in between the builds. We’ve got examples of a run-of-the-mill Rails application with single and multi-stage production Doc
A simple file encryption tool & format Filippo Valsorda (@FiloSottile) — Ben Cartwright-Cox (@Benjojo12) Designed at the Recurse Center during NGW 2019 This is a superseded design document, retained for historical reasons. You can find the v1 specification at https://age-encryption.org/v1. This is a design for a simple file encryption CLI tool, Go library, and format. It’s meant to replace the use
Cobalt Strike Infrastructure Changing infrastructure will always be inconvenient for the threat actors, but it is not a difficult task. Additionally, Cobalt Strike is able to make use of “redirectors.” Therefore, some of these servers could be a redirector instead of the actual Cobalt Strike C2 server. Redirectors are hosts that do what the name implies, redirect traffic to the real C2 server. Thr
Analysts at Zone.eu, one of the leading domain registrars and web hosting providers in Europe, have observed a vulnerability affecting the global e-mail ecosystem, stemming from unaddressed warnings in the DomainKeys Identified Mail (DKIM) standard that puts billions of users in risk. This is not an issue in a particular software product but rather a vulnerability resulting from loose interpretati
The DFIR Report Real Intrusions by Real Attackers, The Truth Behind the Intrusion Our previous report on Cobalt Strike focused on the most frequently used capabilities that we had observed. In this report, we will focus on the network traffic it produced, and provide some easy wins defenders can be on the look out for to detect beaconing activity. We cover topics such as domain fronting, SOCKS pro
January 2023 For your next side project, make a browser extension Reflections on the benefits of tweaking an existing app, instead of starting from scratch. In a previous post I’ve written about why browser extensions are an amazing platform for customizing existing software. Because the browser DOM can be hacked in open-ended ways, it’s possible to build extensions that modify the behavior of an
74 Evolution of Emacs Lisp STEFAN MONNIER, Université de Montréal, Canada MICHAEL SPERBER, Active Group GmbH, Germany Shepherd: Brent Hailpern, IBM Research, USA While Emacs proponents largely agree that it is the world’s greatest text editor, it is almost as much a Lisp machine disguised as an editor. Indeed, one of its chief appeals is that it is programmable via its own programming language. Em
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
大手クラウドストレージサービス「MEGA」のファイル暗号化を破る手法が発見される
Daily Life:生物学者は「自然主義的誤謬」概念をどう使ってきたか
Reflections on 10,000 Hours of Programming
The 100 Most Influential Sequences in Animation History
2020年7月アビゲイル・シュライアー インタビュー翻訳途中まで|feministabolishnistjp
Cuis-Smalltalk
Notion for UI/UX and Product Designers
SAML is insecure by design
The Beautiful Dissociation of the Japanese Language
Acteck Drivers Agj 3300 For Mac
Native Emacs/macOS UX integrations via Swift modules
Leaving Haskell behind
プライバシーの概念変えた 世界一の監視国家・中国 なぜ成功できたのか?
Pijul - Announcing Pijul 1.0 beta
The 35 Best Anime of All Time
age — A simple file encryption tool & format
Cobalt Strike, a Defender's Guide
BIMI and DMARC Can't Save You: The Overlooked DKIM Exploit
Cobalt Strike, a Defender’s Guide - Part 2
For your next side project, make a browser extension
[PDF] Evolution of Emacs Lisp