跳至主要内容

2023-03-25

GitHub Updates RSA SSH Host Key Following Exposure

  • GitHub updates RSA SSH host key after private key exposed in public repository
  • Customers using ECDSA or Ed25519 keys do not need to take action, but those using RSA need to update their ~/.ssh/known_hosts file
  • GitHub has yet to introduce a mechanism for revoking SSH keys, which could be a potential issue if compromised
  • Having a real-world risk/threat model is crucial for building reasonable security controls
  • Git authors should sign their commits with their own private key for code integrity, rather than trusting hosting providers
  • GitHub accidentally published its key, undermining the principle of trust and leaving all communications since its inception compromised
  • GitHub is encouraging improvements to certificates used for logging into code repositories
  • GitHub and GitLab both support two-factor authentication (2FA) via their command line interfaces (CLI)
  • The recent incident highlights potential security flaws in many fintech companies, including blind trust in GitHub host keys
  • GitHub briefly exposed a private key due to an accident, but took proactive measures to revoke and redeploy new keys and certificates, and implement enhanced controls.
  • Discuss on Discussion Service or Read Original Text.

US Court Bans Internet Archive's Book Lending Program

  • Internet Archive (IA) violated copyright law in lending digital copies of copyrighted books without permission according to a US judge ruling
  • IA argued it was exempt due to "fair use" but the judge found nothing transformative about their copying and lending of books
  • IA has been ordered to stop distribution of copyrighted books without permission
  • Court case brought by Hachette, HarperCollins, and Penguin Random House publishers against IA's scanning and digital lending practice
  • IA will comply with court's order and end lending program
  • Decision likely to impact users who rely on IA for access to texts unavailable elsewhere, particularly those who find traditional libraries inaccessible.
  • Discuss on Discussion Service or Read Original Text.

Police Sue Rapper Afroman for Invasion of Privacy in Music Videos

  • Police officers who conducted a botched raid of rapper Afroman's home are suing him for invasion of privacy and emotional distress after he used footage of it in his music videos.
  • Afroman used footage recorded by his wife and house cameras as part of several music videos which were released online and posted content from the raid to his social media accounts.
  • The police officers allege that Afroman's actions were "willful, wanton, malicious, and done with conscious or reckless disregard" and claim that they have been subject to ridicule by the public.
  • Each officer is seeking damages of $25,000 per four counts.
  • Discuss on Discussion Service or Read Original Text.

UK Food Inflation Reaches Highest Rate Since 1977, Sparking Concerns

  • Food inflation in the UK rose to 18.2% in February, the highest rate since 1977 due to higher vegetable costs, rising price of grains, certain proteins, eggs and oil.
  • UK supermarkets are struggling with food scarcity, high energy costs and global supply chain issues, leading to empty shelves and price hikes.
  • Inflation in food prices is causing concern for vulnerable groups, with some people struggling to buy enough food.
  • Rising energy costs and supply chain disruptions are among the factors cited as pressing inflationary pressures causing food prices to rise in many countries.
  • The root cause of inflation is elevated energy prices, as energy affects the production and transportation, which affects the price of groceries.
  • Discuss on Discussion Service or Read Original Text.

Framework Launches High-Performance, Customizable Laptop with Upgradeable Graphics

  • Framework releases their new product, the Framework Laptop 16, which features upgradeable graphics and a customizable input deck.
  • The input deck allows for the hot-swapping of input modules in three sizes: Small, Medium (Numpad Modules), and Large (Keyboard Modules) with various customization options for each.
  • The Expansion Bay system enables upgradeable graphics while also providing immense design flexibility to handle future changes in mechanical, thermal, and electrical requirements for GPUs.
  • The PCIe x8 interface on the Expansion Bay allows for high-power, high-speed use cases like a dual M.2 SSD card that can add 16TB of storage or other modules created by developers.
  • The Framework Laptop 16 also features the Expansion Card system from the Framework Laptop 13, allowing users to choose which ports they'd like on each side along with adding other functionality like high-speed storage.
  • Developer documentation for all three systems: Input Modules, Expansion Bay Modules, and Expansion Cards, is available on GitHub, with the Framework Marketplace to open to third party module makers in the future.
  • The Framework Laptop 16 is built to be customized to the user's needs, whether for gaming, development, Linux use, or other performance-demanding work.
  • Discuss on Discussion Service or Read Original Text.

OpenAI Gives Bing Search Boost Against Google

  • Microsoft-owned Bing search engine has seen a 15.8% rise in page visits since the integration of OpenAI's technology, while Google experienced a near 1% decline.
  • The figures suggest an early lead for Microsoft in the race with Google for generative AI dominance.
  • Bing's recently improved AI integration also resulted in an eight-fold increase in app downloads globally, according to Data.ai.
  • Google has dominated the search market for decades, with over 80% market share, but Bing is likely to gain market share in the coming months, especially if Google delays its AI integration.
  • Discuss on Discussion Service or Read Original Text.

Databricks Introduces Democratizing LLM Dolly to Build Customized Models

  • Databricks introduces Dolly, a LLM that can generate human-like text and be created on a single machine using open-source code and high-quality training data.
  • Dolly democratizes LLMs, making them accessible to companies that couldn't afford them in the past, allowing organizations to own and customize their models and improve their products.
  • OpenAI's DALL-E 2 model can create high-quality images from text prompts, and Databricks fine-tuned it for chatbot-style interfaces with high accuracy.
  • OpenAI faces pricing competition with other AI models hitting the market, and its success relies on keeping up with competitors.
  • Alpaca developed by OpenAI is being used to teach a smaller, more efficient LLM that can be used for specific tasks in combination with other specialist AI models, democratizing data and LLMs.
  • Discuss on Discussion Service or Read Original Text.

Issues & Solutions for Phone-Free Events: Trust, Efficiency, and Preferences

  • Clearspace, a YCombinator W23 startup, conducted a phone-free event, with attendees leaving their devices with the startup
  • Tipping practices in the US spark debate on workers' rights and fair compensation
  • Stolen modern phones are valuable for their data, despite factory locks and newer phone security measures
  • Discussions on the use of Faraday cages and lockable pouches to prevent phone usage in secure locations or social events
  • Conversation on the benefits of no cell reception or Wi-Fi at gatherings, with some suggesting the use of Faraday cages to block signals
  • Criticisms and solutions discussed for the use of phone lock pouches during comedy shows and events
  • Discussion on personal information requirements and alternatives for phone usage control
  • Wider debate on people's dependency on mobile devices, with suggestions for alternative communication methods and concern for phone security.
  • Discuss on Discussion Service or Read Original Text.

Docker Reverses Free Plan Decision, Offers Refunds

  • Docker reverses decision to end its Free Team plan following community feedback and offers refunds for those who upgraded within that period.
  • Customers who migrated to a Personal or Pro plan can return to their former Free Team plan or request a new Personal or Pro account through Docker's website.
  • Docker's decision to end free support for Docker Desktop app on macOS and Windows has also been reversed and some code has been open-sourced.
  • Changes to Docker's terms of service have raised concerns about anti-competitive tactics, but others argue it's necessary for business models.
  • Microsoft's support for backwards compatibility is noted compared to other companies, and some developers have moved to GitHub Container Registry or Quay.io as an alternative to Docker.
  • Docker's recent backtrack on limiting free account usage come as a result of community feedback, but resentment may remain.
  • A conversation on Hacker News highlights the tension between corporate interests and consumer expectations in addressing negative feedback.
  • Docker will retain its free version of Docker Teams after previously announcing they would make it a chargeable model.
  • Discuss on Discussion Service or Read Original Text.

OpenAI's ChatGPT and GPT-3 Experience Data Exposure and Breach

  • OpenAI's ChatGPT experienced a data exposure incident, allowing users to see sensitive data of other users and payment-related information of 1.2% of ChatGPT Plus subscribers during a 9-hour window.
  • The bug was caused by a faulty Redis-py library and the incident highlights the challenges of relying on third-party software in mission-critical systems.
  • OpenAI also suffered a security breach that exposed customer data, including first and last names, email addresses, and API usage preferences.
  • Some users have reported issues with OpenAI's bug reporting channels, and the incident raises concerns about the use of Redis as a primary database and the reliability of OpenAI's infrastructure from a security and support perspective.
  • Developers and programmers are discussing the responsibility of ensuring the quality and safety of code in open-source libraries, and the incident highlights the importance of testing external dependencies thoroughly.
  • OpenAI has taken measures to address the incidents, including patching the bug in the Redis client library, improving their systems, changing all API keys and tokens, and improving testing, assertions, log alerting, and debugging processes.
  • Discuss on Discussion Service or Read Original Text.