2023-04-02
Amazon Echo Devices Store WiFi Passwords in Plain Text, Making Them Vulnerable to Physical Access Attack
Alexa, what is my wifi password? Amazon Echo devices store WiFi passwords in plaintext, allowing attackers with physical access to extract network passwords with relative ease. This poses a major security risk for hotels or businesses using the devices on their internal or private wireless networks, giving attackers access to any other equipment on the network, potentially breaching the Data Protection Act. Hashing passwords is an industry standard, and for a company that has sold their hardware to millions, it is completely unacceptable to not encrypt this data. The device does not encrypt the API keys for Spotify zeroconf and eSDK APIs. Physical security is essential when designing embedded hardware, and Amazon needs to address this issue to prevent future security breaches. Discussion Service, Article.
Google Drive imposes file limits, potentially cuts off paying customers
Google Drive does a surprise rollout of file limits, locking out some users. Google Drive has imposed a file limit without warning, potentially cutting off paying customers who are locked out of new file uploads; Reddit users have already complained about this issue over the past two months. The sudden rollout of a file limit is not listed on either the Google One or Google Workspace plan pages or mentioned in support documents. It has also prevented users from utilizing the storage they purchased, since the limit prevents them from using the space. Google Drive's 5 million-file limit is considered neither acceptable nor reasonable by many users since it is not documented anywhere, and the cost of using Google Workspace's storage plan is considered exorbitant. Google argues that the limit is a safeguard to prevent system misuse that might affect its stability and safety, yet such customer communication is considered poor. Discussion Service, Article.
Guide to Logical Clock Designs for Reliable Event Ordering in Distributed Systems
Clocks and Causality – Ordering Events in Distributed Systems (2022). Logical clocks are essential in ordering events in distributed systems, with Lamport and vector clocks being popular designs. Lamport clocks provide increasing numbers within a node, while vector clocks track node IDs and respective event IDs for concurrent event comparisons. Dotted Vector Clock and Vector Timestamps optimize timestamp checks and allow for event ordering across nodes. Version vectors track data versions in multi-leader storage nodes. Lamport Causal Clock captures causality but requires more space and time complexity. Total Order requires sequential ordering based on temporal and causal relationships. Logical clocks are crucial in collaborative editing applications. Azure Time Sync uses PTP, while AWS and Google Cloud use NTP. The article notes the limitations of trying to consider time as absolute and highlights the importance of event ordering in banking transactions. Discussion Service, Article.
France's 3034 km HexaTrek Trail Open for Thru-Hiking
Hexatrek: The long distance thru hike in France. France's 3034 km HexaTrek trail is now open for thru-hiking, connecting 14 national parks and crossing Romania's Via Transilvanica trail. Discussion Service, Article.
Developer Raph Levien moves from Rust to C++
Moving from Rust to C++. Developer Raph Levien announces the decision to move from Rust to C++ due to the limitations of the former, such as lack of build system choices and slow innovation progress, despite its safety guarantees. Levien believes that he can avoid safety issues and that memory safety bugs aren't significantly more harmful than other bugs, and that C++ is evolving rapidly to become safer. Levien emphasizes the importance of community, voicing concerns about discrimination policies and seemingly overbearing Rust advocates. However, the article is satirical, and some readers express interest in C++ over Rust. Discussion Service, Article.
Coursemate: Connecting Self-Learners Worldwide for Collaborative Online Learning
Coursemate – connect with other self learners. Coursemate is a platform for self-learners to connect and collaborate on online courses with peers in their country or around the world. The platform can integrate with users' favorite online courses and take less than a minute to setup. Some users suggest that Coursemate could benefit from more specific learning objectives beyond the current focus on frontend and backend topics. Additionally, users would like to see more community examples and mentorship opportunities. Some users also suggest expanding beyond filtering by age and country to allow filter by interest. Despite some critiques, the website is well-executed and straightforward. Some users express a desire for a platform to connect with experts who can help explain specific course content. Discussion Service, Article.
Plants emit sounds when stressed, opening new doors for understanding
Sounds emitted by plants under stress are airborne and informative. Plants can emit informative airborne sounds when under stress, opening avenues for understanding their interactions with the environment. This new field of plant bioacoustics introduced the potential for acoustic communication of plants, which can be detected by machine learning models and may impact agriculture beyond traditional cues. Discussion Service, Article.
Simulating Underground BBS System from 1987: Chat, Games, & Email
ChatGPT simulates 1987 BBS System. The article discusses simulating a BBS system from 1987, including chat, games, and email. Users can create an account, read news and documentation, view text files, and communicate with other users. Castle Quest, a text-based game, can be played on the system. ShareGPT allows sharing code snippets in conversations. The historical accuracy of ChatGPT's output is questionable but interesting. A user suggests simulating a 1987 BBS with additional features. The article provides a nostalgic look at the technology of the past. Discussion Service, Article.
Google delays turning off Manifest V2 for Chrome extensions
Pausing Manifest V2 phase-out changes. Google has postponed any January experiments to turn off Manifest V2 in pre-release channels of Chrome and changes to the featured badge in the Chrome Webstore, and it will evaluate all downstream milestones. Developers will be given sufficient time to update and test their extensions after the launch of these new capabilities before turning off Manifest V2. Google's commitment to rollout Manifest V3 is expected to improve security, privacy, and performance for their users. There were developer community feedback on the difficulty in using Manifest V3, some of which has been addressed, but there are still improvements to be made, and Google remains committed to the transition. Discussion Service, Article.
Wine 8.5: Improved vkd3d, WinRT Theme, & Bug Fixes
Wine 8.5. Wine release 8.5 comes with improved vkd3d, WinRT Theme, and bug fixes, including better error reporting in IDL compiler, support for UIA_IsOffscreenPropertyId to MSAA providers, and fully initializing i386 FPU context on ARM64. Binary packages available for various distributions, and source available directly from git repository. Bug fixes include mscoree, imm32, and LDAP bind. Discussion Service, Article.
Resume-First Hiring Process: Exploitative & Ineffective
He who submits a resume has already lost. The traditional resume-first hiring process is exploitative and ultimately ineffective, with employers using it mainly to save time and cut costs at the applicant's expense. Resumes can be disregarded, and personal recommendations and networking are more effective methods for securing a job, bypassing the flawed and unfair process. Academic hiring is incredibly demoralizing and nepotism may create ethical issues. Job seekers must do what they can to circumvent the system, but taking resumes seriously is still necessary. The post offers tools for job seekers to stand out, including writing a cover letter or using an AI tool to write it in two minutes. Discussion Service, Article.
Ex-SpaceX Staff Found Dozens of Space Startups, Raise $3.6B
SpaceX alums are branching out and shaping the startup economy. Former SpaceX employees found dozens of space startups, raising $3.6B to drive innovation in Low-Earth Orbit navigation and payload delivery services. Co-founders benefit from the community and high-risk tolerance established at SpaceX, with launch services also aiding tech prototypes, machinery, and navigation satellites' sending. Software-as-a-service industry grows, serving the space startup ecosystem. The pace of NASA and Boeing could benefit from fostering a startup culture as legacy code and cruft hold incumbents back. Opportunities in space exploration provide liquidity in the market, and investors receive millions for risky moonshots. Some comments suggest the article feels like a press release. Discussion Service, Article.
SpaceX's Starship moves to launch site, liftoff possibly on April 10
SpaceX moves Starship to launch site, and liftoff could be just days away. SpaceX has shifted their Starship to a launch site in South Texas, which could be ready for liftoff as soon as April 10, pending FAA licensing. The giant, Super Heavy rocket is intended to serve NASA as a lunar lander for the Artemis Moon missions. SpaceX has invested over $1 billion in its launch-and-catch tower to support its Starship and Super Heavy, which it has moved more cautiously in developing at its South Texas facility. If successful, this could make low earth orbit more readily available to professionals. Discussion Service, Article.
'ccurl.sh' enables cURL to utilize Chrome cookies in a concise way
Use cookies from Chrome (CDP) in cURL without copy pasting. 'ccurl.sh' is a bash script that allows cURL to use Chrome cookies without the need for a GUI tool like Postman, using the Chrome DevTools protocol to dump cookies from a specific tab of the local Chrome instance into the header of a cURL command, and avoiding cookie leakage into the shell history file; the script requires bash, websocat, and jq to run, and a tab with the cookies to be used to be opened in Chrome, which should be launched with "google-chrome-stable --remote-debugging-port=9222", and can be installed by copying the script to "/usr/bin/ccurl" and making it executable. Discussion Service, Article.
MIT's Course on RNNs & Transformers for Deep Learning
MIT 6.S191: Recurrent Neural Networks, Transformers, and Attention. MIT's 6.S191 course covers recurrent neural networks (RNNs), transformers, and attention for deep learning, as shown on YouTube. Comments on the video range from questioning the parameter naming conventions to asking for recommendations on where to learn neural networks and deep learning basics. The course's use of TensorFlow and the uploading of the videos to individual staff member YouTube channels are also discussed. Discussion Service, Article.