1. Big data is dead (2023)
Total comment counts : 57
Summary
The article argues that the era of Big Data is over and that data size is not the main problem in gaining actionable insights. The author, who was a founding engineer on Google BigQuery, explains that despite the hype around Big Data and the need for new technology to handle massive scale, most users do not actually have Big Data. Traditional data management systems with traditional architectures, such as SQLite, Postgres, and MySQL, are growing strongly, while NoSQL and NewSQL systems are stagnating. The author concludes that we should focus on how to use data to make better decisions rather than worrying about its size.
Top 1 Comment Summary
The author talks about their experience hiring data scientists and their favorite tricky question about what stack/architecture the candidate would build for 6 TiB of data. They mention that many candidates provided complex solutions with high costs, but the winner understood that 6 TiB is a small amount that can be stored on a smartphone or an inexpensive enterprise HDD and easily processed with awk scripts. The author emphasizes the importance of understanding the scale of “real” big data when hiring.
Top 2 Comment Summary
The author of the article agrees with some aspects but has a few points to consider. They argue that using MongoDB as a reference point is not adequate, as PostgreSQL performs better in most cases. They emphasize the importance of planning for success and scalability, especially in achieving unicorn status. Additionally, they mention that most data is not big and can easily be stored in a modest device. They also note that the majority of queries are small and data needs to be reduced before processing. Finally, the author mentions that data costs are increasing due to regulatory factors.
2. A 1.3B-light-year-across ring of galaxies has confounded astronomers
Total comment counts : 33
Summary
Astronomers have discovered a massive and unusual ring of galaxies 9.2 billion light-years away from Earth. This structure, known as the “Big Ring,” is 1.3 billion light-years across and does not match any known formation mechanism. It challenges current cosmological theories and may upend our understanding of the universe. The discovery was presented at the 243rd meeting of the American Astronomical Society and is detailed in a pre-print paper. This is the second giant structure found by a team led by astronomer Alexia Lopez. The first was a giant arc of galaxies unveiled in 2022, which is 3.3 billion light-years across and appears in the same region of the sky as the Big Ring. Both structures are difficult to explain within our current understanding of the universe. Possible explanations include Baryonic Acoustic Oscillations (BAOs) and cosmic strings, but neither fully account for the size and shape of these structures. The Big Ring and the Giant Arc challenge the Cosmological Principle, which assumes that matter is evenly distributed everywhere in space when viewed on a large scale. The discovery of these structures is fascinating and raises important questions about the nature of the universe.
Top 1 Comment Summary
The article provides links to three different videos featuring conference talks and a BBC Four documentary by Alexia López. Although the video quality is said to be poor, the content provides an introduction to her work, including the Big Ring discovery and her findings on the Giant Arc in the Sky.
Top 2 Comment Summary
The article discusses a paper about the alignment of stars and whether they are on a plane or appear as a ring from our perspective. The author questions if this information is included in the paper and expresses doubts about structures appearing in the data when observing the universe at a large scale. The author acknowledges their lack of scientific knowledge and seeks the opinions of those more informed.
3. Instead of “auth”, we should say “permissions” and “login”
Total comment counts : 72
Summary
This article discusses the confusion and ambiguity surrounding the term “auth” in computer systems, which can refer to both authentication and authorization. The author argues that using the terms “authn” and “authz” as solutions is not satisfactory and instead suggests using clearer terms like “login” for authentication and “permissions” for authorization. The author emphasizes that authentication and authorization are fundamentally different problems and should be treated as such. Using clear and distinct terms not only improves communication but also helps in designing stronger software systems.
Top 1 Comment Summary
The article discusses the words “authorize” and “authenticate” and their historical origins and meanings. It emphasizes that although these terms are well-known, their usage in cryptographic systems can be confusing and subtle. The author doubts that changing the words would resolve this confusion. Additionally, the article mentions the saying “Don’t roll your own crypto,” which highlights the complexities of trust and verification in cryptography.
Top 2 Comment Summary
The author of the article questions the need to rename two similar terms, “authn” and “authz,” despite confusion among non-experts. They argue that the confusion does not pose significant harm and may stem from personal experiences. The article suggests using the longer words, “authentication” and “authorization,” as a solution instead of renaming them.
4. Rete algorithm
Total comment counts : 19
Summary
The Rete algorithm is a pattern matching algorithm used to implement rule-based systems. It efficiently applies rules or patterns to objects in a knowledge base to determine which rules should fire. Developed by Charles L. Forgy, it builds a network of nodes where each node corresponds to a pattern in a rule. New facts are propagated through the network, causing nodes to be annotated when a fact matches a pattern. When all patterns for a rule are satisfied, the corresponding rule is triggered. The Rete algorithm has been widely used in rule engines and expert systems. It sacrifices memory for increased speed and has characteristics such as being a directed acyclic graph and performing projections, selections, and joins. Other algorithms have been designed to address memory and server consumption issues in large expert systems. Overall, the Rete algorithm provides a logical description of matching functionality in pattern-matching engines.
Top 1 Comment Summary
The article discusses a well-documented implementation of the Rete algorithm, which is available on GitHub. The algorithm allows for O(1) incremental pattern matching, but it requires O(npattern * nitems) memory usage. The author mentions their intention to use it for pattern matching within a compiler but was unable to pursue it due to personal reasons.
Top 2 Comment Summary
The author describes their experience of developing a LEAPS (Large Extensible Active Picket) based rules engine for managing business rules in order packing across multiple warehouses. They also created a heuristic for solving the 3-dimensional bin packing problem and a visualizer to demonstrate solutions. The engine ensured that certain items, such as bowling balls and ceramic dolls, would not be packed together, and that potentially dangerous goods wouldn’t be mixed. The author considers this project to be a fun endeavor.
5. PcTattletale leaks victims’ screen recordings to entire Internet
Total comment counts : 15
Summary
The article discusses a vulnerability in a stalkerware app called PCTattletale. The app allows users to record the screen of targeted Android and Windows devices and view the recordings online. However, the article discovered a serious vulnerability in the app’s API that allows attackers to obtain the most recent screen capture from any device with PCTattletale installed. The author attempted to contact the app developers, but they ignored the notifications. The article advises individuals who suspect they may be victims of stalkerware to run antivirus scans and seek advice from the Coalition Against Stalkerware.
Top 1 Comment Summary
The article discusses concerns around mass surveillance solutions that have the potential to access large amounts of data. It emphasizes that all these solutions are a few steps away from having access to vast amounts of recordings, which has happened in the past. The article suggests that the best way to ensure safety is to not retain such data in the first place. Additionally, the article mentions the discovery of a file that allows arbitrary PHP code execution by setting a cookie. This file, which has been present since at least December 2011, indicates that a surveillance software called pcTattletale has been backdoored for a long time, potentially leading to data exfiltration by external actors.
Top 2 Comment Summary
The article discusses a wild story involving the defacement of a website. It took the owner, Fleming, over 20 hours to take the defaced website offline. Despite his attempts to restore the site, he was unable to do so, as recorded by his own spyware. The website remained down for a few hours while screenshots were still being sent to an s3 bucket. Fleming’s AWS account was eventually locked down by Amazon.
6. My new PSU burns out – I fix it, and torture it by cracking water
Total comment counts : 13
Summary
The author describes their experience with their newly designed and built power supply unit (PSU). After several months of trouble-free operation, they detect a burning smell and discover that a PCB track has been badly burned. Despite this failure, the other components on the PCB appear to be undamaged. The author speculates that the failure may be due to inadequate clearance between the tracks, and later finds that the required safety distances for conductors are larger than they had anticipated. They conclude that the rest of the PCB is intact, except for the positive-side outboard pass transistor.
Top 1 Comment Summary
The article gives several pieces of advice to the designer of a PSU (power supply unit). Firstly, the article recognizes that the design is not bad, but suggests that it falls short of professional standards. Secondly, it advises using separate schematic pages for different components of the PSU and including comments on each block explaining their purpose and potential alternative options. Thirdly, it recommends learning proper decoupling techniques, rather than relying on 0.1uF 0805s. Fourthly, it suggests clearly marking the mains on the schematics. Lastly, it questions the capacitance capacity of high voltage MLCCs in the design.
Top 2 Comment Summary
The article discusses the issue of insufficient clearance between VIN+ and ground, causing a potential danger of voltage discharge. The author points out that the 8-mil clearance is inadequate and could lead to various risks such as loose metal fragments causing damage. The author suggests that mains power supply units often have slots in critical areas to prevent this kind of issue.
7. Old dogs, new CSS tricks
Total comment counts : 20
Summary
The article discusses the slow adoption of new CSS features despite their usefulness. The author identifies our own habits and thinking patterns as the biggest barriers to adoption. They mention that browser support and the fear of breaking site layout in older browsers discourages developers from using new features. Additionally, the article notes that some new features, such as container queries, might not have clear use-cases or are born out of specific design trends that may fade by the time the feature is implemented. The author suggests that showing concrete real-world use cases can help generate excitement and encourage adoption of new CSS features. Overall, our reliance on familiar patterns and the lack of urgency to switch to new features contribute to the slow adoption.
Top 1 Comment Summary
The article discusses why container queries, a highly requested feature by front-end developers, are not used as much now that they are available. Several factors contribute to this. Firstly, when people ask for something, they often need it immediately, so releasing it a year later may not be useful for them. Secondly, the new features offered are not simple to implement, unlike the basic features that were requested in the past. Thirdly, most existing websites were styled before these new features came out, and redesigns are infrequent, so it takes time for the features to be adopted. Lastly, many websites use frameworks, making it more challenging to incorporate new features. Despite these challenges, the CSS industry is moving towards the stage of dreaming up new possibilities.
Top 2 Comment Summary
The author of the article expresses frustration with blog posts that claim certain features are available, when in reality they may only be available in certain browsers or still in development. They point out that even this particular blog post falls into the same trap, as there is not good cross-browser support for view transitions or anchor positioning despite being listed as available.
8. Stark Industries Solutions: An Iron Hammer in the Cloud
Total comment counts : 4
Summary
Stark Industries Solutions, a mysterious new Internet hosting firm, has emerged as the center of massive distributed denial-of-service (DDoS) attacks on government and commercial targets in Ukraine and Europe. Investigations reveal that Stark Industries is being used as a global proxy network, concealing the true source of cyberattacks and disinformation campaigns against Russia’s enemies. A pro-Russia group called “NoName057(16)” has gamified DDoS attacks, recruiting members via Telegram and offering cash prizes for the most attacks. Stark Industries hosts dozens of proxy services and free virtual private networking (VPN) services, which can be used to hide cybercrime activity. The company is also home to numerous VPN and proxy services, some of which operate through malicious software or allow users to rent out their Internet connections. Security experts consider Stark Industries to be one of the worst hosting providers due to its involvement in flooding networks with traffic and scanning services at an alarming rate.
Top 1 Comment Summary
The person is praising Krebs, a reporter who covers cyber matters, and expresses interest in subscribing to a newspaper that reports on such matters with the same level of rigor and thoroughness as Krebs.
Top 2 Comment Summary
The article discusses the issue of blocking AS44477, a network that is known to originate a significant number of attacks. It suggests that blocking this network could help mitigate such attacks.
9. Low-latency scripting for game engines
Total comment counts : 8
Summary
The article discusses the use of the libriscv emulator in game engines for scripting purposes. The author explains that using C++ for scripting is not as difficult as it may seem and provides examples of how to use the emulator with C++. The article also mentions the usage of other languages like Lua, C, Nelua, and Nim for scripting. The process of importing a CMake library, building and linking on different platforms, and setting up the runtime environment for Linux/POSIX programs is also explained. The article concludes with an example of building and running a simple hello world program using the emulator.
Top 1 Comment Summary
The author expresses concern about the current state of game development. They believe that developers have veered off track by creating complex toolchains instead of focusing on simplifying game scripting and AI. The author argues that this shift in focus has led to increased expenses in game development.
Top 2 Comment Summary
The article discusses two points about Lua. Firstly, it mentions that if you forget to use the “return” instruction in a function, the return value will be that of the last expression. However, this seems to have been changed in Lua 3.0 and onwards, where if a function reaches its end without a return instruction, it returns with no results. Secondly, the article compares the use of an emulator for scripting, similar to WebAssembly, and cites benchmarks that show the emulator outperforming luajit and wasm3 in certain tests. The article provides links to the Lua manual and the benchmarks for further reference.
10. Is regulated BGP security coming?
Total comment counts : 12
Summary
The Internet Society (ISOC) and the Global Cyber Alliance (GCA) have expressed concern about the US Federal Communications Commission’s (FCC) intention to regulate Border Gateway Protocol (BGP) security. While telecommunications has traditionally been regulated, ISOC argues that the risks to the integrity of the Internet are real and require basic standards of hygiene and documentation for BGP configuration. Currently, some countries require ISPs to report significant routing state changes or cyber threats. The ISOC/GCA stance aligns with industry organizations’ usual preference for self-regulation, but the potential risks may necessitate government intervention. The FCC has released a fact sheet suggesting actions to mitigate BGP risk for US ISPs.
Top 1 Comment Summary
The article argues that the FCC’s involvement in issues related to RPKI and social security is seen as a dangerous power grab. It suggests that the FCC should step back and allow the multi-stakeholder models to handle these matters.
Top 2 Comment Summary
The article points out that the internet community has had ample time to establish effective security measures. The need for security has been acknowledged for a long time, and it is understandable that authorities are growing impatient. While it would be preferable for the industry to take voluntary action in this regard, if they fail to do so, it may be justified for them to face regulations.