I've been using Revue for my 123dev newsletter and wanted an easier way to save URLs to include in future emails.
If you're not familiar with it, Revue has a chrome extension so you can send URLs to a queue which shows up next to the editor.
It's a really handy feature and I wanted to use it without the extension.
Ideally, I could send these URL Read Full Article ...
I planned on getting this finished earlier in the week but ended up shearing some of our sheep 🐑. A few days late, whatever, let's get cracking.
In this post you're going to learn about each of the 5 SOLID Principles. I've included some code examples to make them a bit more real. I've also added some thought exercises / mental models that helped me understand these principles in the hope that they'll help you too.
These principles are a subset of the principles Read Full Article ...
In this interview, we delve into details about the WebAssembly (WASM) format and Kubernetes with Matt Butcher, co-founder and CEO of Fermyon. Butcher is passionate about WebAssembly, distributed systems, and artificial intelligence.
Butcher is one of the original creators, or had a hand in the creation of Helm, Brigade, Cloud Native Application Bundles, Open Application Model, Glide and Krustlet. He has written/co-written many books including “Learning Helm” and “Go in Practice.”
In this interview, Butcher talks about the motivation and evolution of serverless functions and how Read Full Article ...
Imagine this: you are working in a company named DonutGPT as Head of Platform Engineering, and you sell millions of donuts online every year with AI-generated recipes. You need to make your critical services available to hundreds of resellers through secured APIs. Since nobody on earth wants to see his donut order fail, your management is putting on the pressure to ensure a highly available service.
Your current production environment consists mostly of VMs, but you are in the process of progressively migrating to a cloud native platform. Most of the production services Read Full Article ...
Platform engineering involves creating a supportive, scalable and efficient infrastructure that allows developers to focus on delivering high-quality software quickly. Many of us have been doing this approach for years, just without a proper name tied to it.
To get platform engineering right, many have turned to the concept of platforms as products (PaaP), where you put the emphasis on the user experience of the developers themselves and view your internal developers as customers. This implies platforms should have a clear value proposition, a roadmap and dedicated resources so that our internal Read Full Article ...
The ECMAScript standard for JavaScript continues to add new language features in a deliberate way. This year there’s a mix of APIs that standardize common patterns that developers have been writing by hand or importing from third-party libraries — including some aimed specifically at library authors — plus improvements in string handling, regular expressions, multithreading and WebAssembly interoperability.
Meanwhile, the TC39 committee that assesses proposals is also making progress on some of the much larger proposals, like the long-awaited Temporal and Decorators that may be ready for ECMAScript 2025, Ecma vice president Daniel Read Full Article ...
Generative AI is booming as industries and innovators look for ways to transform digital experiences. From AI chatbots to language translation tools, people are interacting with a common set of AI/ML models, known as language models in everyday scenarios. As a result, new language models have developed rapidly in size, performance and use cases in recent years.
As an application developer, you may want to integrate a high-performance model by simply making a REST call and pointing your app to an inferencing endpoint for options like Falcon, Mistral, Phi and other Read Full Article ...
Artificial intelligence is in the middle of a perfect storm in the software industry, and now Mark Zuckerberg is calling for open sourced AI.
Three powerful perspectives are colliding on how to control AI:
In the first part of this series, I introduced the idea of federated language models, where we take advantage of a capable cloud-based large language model (LLM) and a small language model (SLM) running at the edge. To recap, an agent sends the user query (1) along with the available tools (2) to a cloud-based LLM to map the prompt into a set of functions and arguments (3). It then executes the functions to generate appropriate context from a database (4a). If there are no tools involved, it leverages the simple RAG mechanism Read Full Article ... Cybersecurity researchers have uncovered security shortcomings in SAP AI Core cloud-based platform for creating and deploying predictive artificial intelligence (AI) workflows that could be exploited to get hold of access tokens and customer data. The five vulnerabilities have been collectively dubbed SAPwned by cloud security firm Wiz. "The vulnerabilities we found could have allowed attackers to access customers' data and contaminate internal artifacts – spreading to related services and other customers' environments," security researcher Hillai Ben-Sasson said in a report shared with The Read Full Article ... SolarWinds has addressed a set of critical security flaws impacting its Access Rights Manager (ARM) software that could be exploited to access sensitive information or execute arbitrary code. Of the 13 vulnerabilities, eight are rated Critical in severity and carry a CVSS score of 9.6 out of 10.0. The remaining five weaknesses have been rated High in severity, with four of them having a CVSS score of 7.6 and one scoring 8.3. The most severe of the flaws are listed below -
The JavaScript downloader malware known as SocGholish (aka FakeUpdates) is being used to deliver a remote access trojan called AsyncRAT as well as a legitimate open-source project called BOINC. BOINC, short for Berkeley Open Infrastructure Network Computing Client, is an open-source "volunteer computing" platform maintained by the University of California with an aim to carry out "large-scale distributed high-throughput computing" using participating home computers on which the app is installed. "It's similar to a cryptocurrency Read Full Article ... Organizations in Taiwan and a U.S. non-governmental organization (NGO) based in China have been targeted by a Beijing-affiliated state-sponsored hacking group called Daggerfly using an upgraded set of malware tools. The campaign is a sign that the group "also engages in internal espionage," Symantec's Threat Hunter Team, part of Broadcom, said in a new report published today. "In the attack on this organization, the attackers exploited a vulnerability in an Apache HTTP server to deliver their MgBot malware." Daggerfly, also known by the names Bronze Read Full Article ... The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities are listed below - CVE-2012-4792 is a decade-old Read Full Article ... A now-patched security flaw in the Microsoft Defender SmartScreen has been exploited as part of a new campaign designed to deliver information stealers such as ACR Stealer, Lumma, and Meduza. Fortinet FortiGuard Labs said it detected the stealer campaign targeting Spain, Thailand, and the U.S. using booby-trapped files that exploit CVE-2024-21412 (CVSS score: 8.1). The high-severity vulnerability allows an attacker to sidestep SmartScreen protection and drop malicious payloads. Microsoft addressed this issue as part of Read Full Article ... The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could be exploited to trigger a denial-of-service (DoS) condition. "A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition," the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in an advisory. The list of four vulnerabilities is listed below - Docker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep authorization plugins (AuthZ) under specific circumstances. Tracked as CVE-2024-41110, the bypass and privilege escalation vulnerability carries a CVSS score of 10.0, indicating maximum severity. "An attacker could exploit a bypass using an API request with Content-Length set to 0, causing the Docker daemon to forward the request without the body to the AuthZ plugin, which might approve the request incorrectly," the Moby Read Full Article ... Cybersecurity researchers have disclosed a privilege escalation vulnerability impacting Google Cloud Platform's Cloud Functions service that an attacker could exploit to access other services and sensitive data in an unauthorized manner. Tenable has given the vulnerability the name ConfusedFunction. "An attacker could escalate their privileges to the Default Cloud Build Service Account and access numerous services such as Cloud Build, storage (including the source code of other functions), artifact registry and container registry," the exposure management company said in a statement.
Cybersecurity researchers have uncovered security shortcomings in SAP AI Core cloud-based platform for creating and deploying predictive artificial intelligence (AI) workflows that could be exploited to get hold of access tokens and customer data. The five vulnerabilities have been collectively dubbed SAPwned by cloud security firm Wiz. "The vulnerabilities we found could have allowed attackers to access customers' data and contaminate internal artifacts – spreading to related services and other customers' environments," security researcher Hillai Ben-Sasson said in a report shared with The Read Full Article ... Cybersecurity researchers are sounding the alarm over an ongoing campaign that's leveraging internet-exposed Selenium Grid services for illicit cryptocurrency mining. Cloud security firm Wiz is tracking the activity under the name SeleniumGreed. The campaign, which is targeting older versions of Selenium (3.141.59 and prior), is believed to be underway since at least April 2023. "Unbeknownst to most users, Selenium WebDriver API enables full interaction with the machine itself, including reading and downloading files, and running remote commands," Wiz researchers Avigayil Mechtinger, Read Full Article ... The Secure Shell (SSH) isn’t just about allowing you to remote into servers to tackle admin tasks. Thanks to this secure networking protocol, you can also mount remote directories with the help of the SSH File System (SSHF). SSHFS uses SFTP (SSH File Transfer Protocol) to mount remote directories to a local machine using secure encryption, which means the connection is far more secure than your standard FTP. As well, once a remote directory is mounted, it can be used as if it was on the local machine. Are smartphones less secure than PCs? The answer to that is, they’re different. They face different security threats. Yet they certainly share one thing in common — they both need protection. So, what makes a smartphone unique when it comes to security? And how do you go about protecting it? We’ll cover both here. Several facts of life about smartphones set them apart when it comes to keeping your devices Read Full Article ... Microsoft’s response to a distributed denial-of-service (DDoS) attack appears to have caused Azure service outages that impacted many customers. Microsoft explained on its Azure status page that a “subset of customers” experienced issues connecting to services such as Azure App Services, Application Insights, Azure IoT Central, Azure Log Search Alerts, and Azure Policy, as well as the Azure portal and some Microsoft 365 and Purview services. According to the BBC, the outage, which lasted roughly 10 hours, impacted water utilities, Read Full Article ... The bald figure of $4.88 million tells us little about the state of security. But the detail contained within the latest IBM Cost of Data Breach Report highlights areas we are winning, areas we are losing, and the areas we could and should do better. “The real benefit to industry,” explains Sam Hector, IBM’s cybersecurity global strategy leader, “is that we’ve been doing this consistently over many years. It allows the industry to build up a picture over time of the changes that are happening in the threat landscape and the Read Full Article ... DigiCert has started revoking thousands of certificates impacted by a recently discovered verification issue, but some customers in critical infrastructure and other sectors are asking for more time. The certificate authority (CA) informed customers on July 29 of an incident related to domain validation, saying that it needs to revoke some certificates within 24 hours due to strict CA/Browser Forum (CABF) rules. The company initially said roughly 0.4% of applicable domain validations were impacted. A DigiCert representative clarified in discussions with stakeholders that 83,267 Read Full Article ... The European Union’s world-first artificial intelligence law formally took effect on Thursday, marking the latest milestone in the bloc’s efforts to regulate the technology. Officials say the Artificial Intelligence Act will protect the “fundamental rights” of citizens in the 27-nation bloc while also encouraging investment and innovation in the booming AI industry. Years in the making, the AI Act is a comprehensive rulebook for governing AI in Europe, but it could also act as a guidepost for other governments still scrambling to draw up guardrails for Read Full Article ... Threat actors have hijacked more than 35,000 registered domains in so-called Sitting Ducks attacks that allow claiming a domain without having access to the owner's account at the DNS provider or registrar. In a Sitting Ducks attack, cybercriminals exploit configuration shortcomings at the registrar level and insufficient ownership verification at DNS providers. Researchers at DNS-focused security vendor Infoblox and at firmware and hardware protection company Eclypsium discovered that there are more than a million domains that can be hijacked every day via the Sitting Ducks attacks.
Privacy-focused search engine DuckDuckGo has been blocked in Indonesia by its government after citizens reportedly complained about pornographic and online gambling content in its search results. The government's choice to block DuckDuckGo isn't surprising considering the cultural and religious context, with Indonesia being a Muslim country where gambling is prohibited and porn is viewed as morally unacceptable. In January 2024, Indonesia announced it blocked nearly 600,000 online gambling portals and took action against 5,000 bank accounts that engaged with them. Cybersecurity company CrowdStrike has been sued by investors who say it provided false claims about its Falcon platform after a bad security update led to a massive global IT outage causing the stock price to tumble almost 38%. The plaintiffs claim that the massive IT outage that occurred on July 19, 2024, proves CrowdStrike's claims that their cybersecurity platform is thoroughly tested and validated are false. As a result of this incident and its aftermath, CrowdStrike's stock price has tumbled almost 38% from $343 on July 18 Read Full Article ... A Facebook malvertising campaign targets users searching for AI image editing tools and steals their credentials by tricking them into installing fake apps that mimic legitimate software. The attackers exploit the popularity of AI-driven image-generation tools by creating malicious websites that closely resemble legitimate services and trick potential victims into infecting themselves with information stealer malware, as Trend Micro researchers who analyzed the campaign found. The attacks start with phishing messages sent to Facebook page owners or administrators, which will send them to fake account Read Full Article ...How To Run an Agent on Federated Language Model Architecture
SAP AI Core Vulnerabilities Expose Customer Data to Cyber Attacks
SolarWinds Patches 8 Critical Flaws in Access Rights Manager Software
SocGholish Malware Exploits BOINC Project for Covert Cyberattacks
Chinese Hackers Target Taiwan and U.S. NGO with MgBot and MACMA Malware
CISA Adds Twilio Authy and IE Flaws to Exploited Vulnerabilities List
Microsoft Defender Flaw Exploited to Deliver ACR, Lumma, and Meduza Stealers
CISA Warns of Exploitable Vulnerabilities in Popular BIND 9 DNS Software
Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins
Researchers Reveal ConfusedFunction Vulnerability in Google Cloud Platform
SAP AI Core Vulnerabilities Expose Customer Data to Cyber Attacks
Ongoing Cyberattack Targets Exposed Selenium Grid Services for Crypto Mining
Linux: Mount Remote Directories With SSHFS
Are Mobile Devices Less Secure than PCs?
Apps, spam texts, and other smartphone vulnerabilities
Microsoft Says Azure Outage Caused by DDoS Attack Response
Cost of Data Breach in 2024: $4.88 Million, Says Latest IBM Study
DigiCert Revoking 83,000 Certificates of 6,800 Customers
The European Union’s World-First Artificial Intelligence Rules Are Officially Taking Effect
Sitting Ducks DNS attacks let hackers hijack over 35,000 domains
DuckDuckGo blocked in Indonesia over porn, gambling search results
CrowdStrike sued by investors over massive global IT outage
Fake AI editor ads on Facebook push password-stealing malware