Podcasts about Unicode

Character encoding standard

  • 288PODCASTS
  • 571EPISODES
  • 43mAVG DURATION
  • 1EPISODE EVERY OTHER WEEK
  • Jun 12, 2026LATEST

POPULARITY

20192020202120222023202420252026


Best podcasts about Unicode

Latest podcast episodes about Unicode

The Current
Got an idea for a new emoji? What it takes to make the cut

The Current

Play Episode Listen Later Jun 5, 2026 15:08


Unicode is taking pitches for emojis. Graphic designer Jennifer Daniel helps decide which ones make it. She says a successful emoji should have multiple meanings. Sorry aerial tramway ;)

Radio Russian Emirates
20260602-1 - Символ дирхама ОАЭ включили в Unicode 18.0 beta & Анкалаев проведет титульный бой UFC в Абу-Даби

Radio Russian Emirates

Play Episode Listen Later Jun 2, 2026 2:11


Новости на радио «Русские Эмираты» в Дубае:- Символ дирхама Объединенных Арабских Эмиратов внесли в бета-версию стандарта Unicode 18.0, регулирующего цифровые символы и эмодзи, что означает его скорое включение в клавиатуры компьютеров и смартфонов.- Бывший чемпион Абсолютного бойцовского чемпионата (UFC) в полутяжелом весе Магомед Анкалаев проведет бой с американцем Халилом Раунтри 25 июля в Абу-Даби.

The Current
Got an idea for a new emoji? What it takes to make the cut

The Current

Play Episode Listen Later Apr 23, 2026 15:28


Unicode is taking pitches for emojis. Graphic designer Jennifer Daniel helps decide which ones make it. She says a successful emoji should have multiple meanings. Sorry aerial tramway ;)

Hacker Public Radio
HPR4617: UNIX Curio #4 - Archiving Files

Hacker Public Radio

Play Episode Listen Later Apr 14, 2026


This show has been flagged as Clean by the host. This series is dedicated to exploring little-known—and occasionally useful—trinkets lurking in the dusty corners of UNIX-like operating systems. When you think about creating and managing archives on a UNIX system, tar is probably the utility that comes to mind. But this was not the first archiving program; ar was in First Edition UNIX 1 and cpio also pre-dates it, sort of 2 . According to the NetBSD manual page, cpio was developed within AT&T before tar , but did not get widely released until System III UNIX after tar was already well known from the earlier release of Seventh Edition UNIX (a.k.a. Version 7). You might think that ar and cpio are old and irrelevant these days, but these formats do live on. Each Debian package file 3 is an ar archive which in turn contains two tar files. On Red Hat, Fedora, SUSE, and some other distributions, each .rpm package file 4 contains a cpio payload. So these may very well still be in use on your modern Linux system. But let's get back to the subject of what you might want to use to create archives today. The tar utility has persisted in its popularity over the decades, and you most probably have a version installed on your UNIX-like systems. One of the problems with tar , however, is that it has not kept a consistent file format. Also, different implementations have used differing syntax at times. There are excellent reasons for the file format changing 5 . The names people give files have gotten longer over time, and the original Seventh Edition tar format could only handle a total pathname length of 100 bytes for each archive member. In addition, filenames were in ASCII format, and modern filesystems now accommodate richer encodings with characters that aren't in ASCII. The size of each archive member was limited to 8 gigabytes—unthinkably large back then, but not so big these days. User and group ownership could only be specified by numeric ID, which can vary from one system to another. Many other types of files and information simply couldn't be stored: block and character device nodes, FIFOs, sockets, extended attributes, access control lists, and SELinux contexts. As a result, the tar format had to evolve over the years. One important version was the ustar format, created for the 1988 POSIX standard. The POSIX committee wanted to try standardizing both the file format and syntax for the tar command. While the ustar format addressed some shortcomings, progress marched on. Filesystems started allowing filenames in different character sets and more types of information to be attached to files, so for the 2001 revision of POSIX they gave up on standardizing the tar utility and came up with a new format and utility, which is our actual UNIX Curio for this episode: pax 6 . Since the pax program didn't have historical baggage, they could specify its options, behavior, and file format and be sure everyone's implementation would match. Developers of different tar implementations had been reluctant to change away from their historical option syntax to the standard. The pax utility was also an attempt to avoid taking sides between those who advocated for tar and fans of cpio . The pax file format was an extension of ustar with the ability to add arbitrary new attributes tied to each archive member as UTF-8 Unicode. Some of these attribute names were standardized, but implementers could also define their own, making the format more future-proof. Older versions of tar that could handle the ustar format should still be able to process pax archives, but might not know what to do with the extra attributes. GNU tar developed its current archive format 7 alongside the standardization of the ustar format. The GNU format was based on an early draft which later underwent incompatible changes, so the two unfortunately are not interchangable. Unlike ustar , the GNU format has no limits on the size of files or the length of their names. In addition to its own format, GNU tar is able to detect and correctly process both ustar and pax archives. In situations where its native format can't store necessary information about a file (such as POSIX access control lists or extended attributes), GNU tar will automatically output the pax format instead (called "posix" in documentation). However, it still uses the GNU format by default, though the documentation has been threatening to move to the POSIX format for at least 20 years 8 . The good news is that the ustar , pax , GNU tar , and Seventh Edition tar formats are well documented and utilities across many UNIX-like systems 2,7,9,10,11 are able to handle these, depending on which formats existed when the utility was developed. While your system may not have pax itself installed, there are other archiving utilities that can read the file format, including GNU tar . (Somewhat amusingly, Debian and some other Free Software operating systems package a pax utility developed by MirBSD 12 which largely follows the POSIX-specified interface, but doesn't support reading or writing archives in pax format!) Look at the manual page for the tar , cpio , or pax utilities on your system to see if they can handle pax archives. Perhaps one aspect that has worked in favor of tar and other UNIX archive formats is that they only concern themselves with storing files and make no attempt at compression. Instead, it is common for a complete archive file to be compressed after creation; many utilities can be told to do this step for you, but it is not typically the default behavior. Therefore, if a better compression method comes along, the archive format doesn't need to change. If you do use compression, be careful to choose a method that is available on the destination system. Compressing files is a big enough subject to deserve its own episode, so we won't talk more about it here. So which format should you use when creating an archive? Unfortunately, there is no single answer that applies in all circumstances. The pax format is supported among modern UNIX-like systems and can represent all types of files and metadata. While other systems, their filesystems, and archive utilities might not be able to properly make use of all the metadata, they should at least be able to extract the data contained in files and, if Unicode is supported, give them appropriate filenames. If you intend to unpack the archive on an older system, more research might be needed to figure out what formats it is able to handle. The Seventh Edition tar format (often called "v7") is widely supported, including by older systems, but has limitations in what it can contain as described earlier. Moving beyond the UNIX world, things get even more complicated. Apple's macOS, with its FreeBSD underpinnings, easily handles tar files. However, when it comes to MS-DOS and Windows, it's a bit different. There, a multitude of archiving programs and formats arose, usually combining archiving with compression. PKZIP was probably the most popular of these and its .zip format became common in many places, helped by the fact that PKWARE openly published the specification. While there is only a single .zip format, it has many options, some proprietary, and different implementations have diverged in the way some aspects are handled (or not handled). An ISO/IEC standard for .zip 13 was published in 2015 giving a baseline profile, and sticking to it produces files that can be widely extracted successfully. Other file formats like OpenDocument use the .zip format and typically hew to the standardized profile. Windows' File Explorer, starting with Windows XP, can natively extract .zip files 14 . The Info-ZIP program 15 is a Free Software implementation for a wide variety of systems (even rather obscure ones); while it might not be installed on yours, if you're copying the archive file over, you can probably copy over its unzip utility at the same time to unpack it. So .zip probably has the broadest support, although it might not already be present on every system. However, as Klaatu points out in Hacker Public Radio episode 4557 16 , .zip files and applications handling them aren't always great at maintaining metadata about files. The .zip format doesn't seem to have any way to represent UNIX file permissions, and user/group ownership can only be included as numeric IDs. Other types of metadata on UNIX-like systems are not saved at all. This is probably not a problem in some cases, such as with a collection of photos, but for others it might be a concern. While pax as a utility does not seem to have gained much popularity or support, except on commercial UNIX systems where including it was required to conform to the POSIX standard, its file format has persisted. Free Software systems have generally avoided the pax interface, preferring to stick with the tar utility on the command line, but usually have good support for archive files in the pax format. Outside of UNIX-like systems, .zip seems to have become the most common file format, and support for it is also good in the UNIX world, though it might not be built in. References: Archive (library) file format https://man.cat-v.org/unix-1st/5/archive NetBSD 10.0 cpio manual page https://man.netbsd.org/NetBSD-10.0/cpio.1 Debian binary package format https://manpages.debian.org/trixie/dpkg-dev/deb.5.en.html RPM V6 Package format https://rpm.org/docs/6.0.x/manual/format_v6.html NetBSD 10.0 libarchive-formats manual page https://man.netbsd.org/NetBSD-10.0/libarchive-formats.5 Pax specification https://pubs.opengroup.org/onlinepubs/009695399/utilities/pax.html GNU tar manual https://www.gnu.org/software/tar/manual/tar.html GNU tar manual for version 1.15.90 https://web.cvs.savannah.gnu.org/viewvc/*checkout*/tar/tar/manual/tar.html?revision=1.3 FreeBSD 15.0 libarchive-formats manual page https://man.freebsd.org/cgi/man.cgi?query=libarchive-formats&sektion=5&apropos=0&manpath=FreeBSD+15.0-RELEASE+and+Ports OpenBSD 7.8 tar manual page https://man.openbsd.org/OpenBSD-7.8/tar HP-UX Reference (11i v3 07/02) - 1 User Commands N-Z (vol 2) https://support.hpe.com/hpesc/public/docDisplay?docId=c01922474&docLocale=en_US MirBSD pax(1) manual page http://www.mirbsd.org/htman/i386/man1/pax.htm#Sh.STANDARDS ISO/IEC 21320-1:2015 Information technology - Document Container File Part 1: Core https://www.iso.org/standard/60101.html Mastering File Compression on Windows https://windowsforum.com/threads/mastering-file-compression-on-windows-how-to-zip-and-unzip-files-effortlessly.369235/ About Info-ZIP https://infozip.sourceforge.net/ HPR4557::Why I prefer tar to zip https://hackerpublicradio.org/eps/hpr4557/index.html Provide feedback on this episode.

Radio Russian Emirates
20260318-2 - Символ дирхама появится на клавиатурах по всему миру & Власти Абу-Даби призвали строго реагировать на экстренные сирены

Radio Russian Emirates

Play Episode Listen Later Mar 18, 2026 2:39


Новости на радио «Русские Эмираты» в Дубае:- Символ дирхама ОАЭ появится на клавиатурах по всему миру в сентябре 2026 года. Консорциум Unicode подтвердил, что новый знак будет включен в обновление версии 18.0, которое выйдет этой осенью.- Власти Абу-Даби призвали жителей незамедлительно реагировать на экстренные сирены и строго соблюдать официальные инструкции по безопасности, подчеркнув, что первые минуты после получения предупреждения критически важны для снижения рисков.

Oracle University Podcast
Exploring the Oracle Analytics AI Assistant

Oracle University Podcast

Play Episode Listen Later Mar 17, 2026 17:43


Join hosts Lois Houston and Nikita Abraham for a special episode of the Oracle University Podcast as they explore the Oracle Analytics AI Assistant. In this episode, you'll discover how Oracle's AI-powered conversational tool empowers users of all backgrounds to interact with business data using simple, natural-language questions. Learn how the assistant interprets queries, surfaces visualizations, and delivers actionable insights in seconds, all within Oracle's secure analytics environment. The episode dives into best practices for data preparation, security and privacy safeguards, how to configure datasets for optimal AI performance, and tips for getting the most relevant results. You'll also hear how synonyms, column indexing, and user permissions make analytics more accessible and accurate.   Visualize Data with the Oracle Analytics AI Assistant: https://mylearn.oracle.com/ou/article-course/visualize-data-with-the-oracle-analytics-ai-assistant/156941/ Oracle University Learning Community: https://education.oracle.com/ou-community LinkedIn: https://www.linkedin.com/showcase/oracle-university/ X: https://x.com/Oracle_Edu   Special thanks to Arijit Ghosh, Anna Hulkower, Kris-Ann Nansen, and the OU Studio Team for helping us create this episode. -------------------------------------------------------   Episode Transcript:   00:00 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative podcasts, we'll bring you foundational training on the most popular Oracle technologies. Let's get started! 00:26 Lois: Hello and welcome to the Oracle University Podcast! I'm Lois Houston, Director of Communications and Adoption Programs with Customer Success Services, and with me is Nikita Abraham, Team Lead: Editorial Services with Oracle University. Nikita: Hi everyone! Today's episode is on the Oracle Analytics AI Assistant, which is all about making business data accessible and useful, no matter your background. Whether you're a seasoned pro or just starting out with Oracle Analytics, you'll want to stick around for this episode because we're covering everything you need to know to unlock powerful, intuitive, and secure data insights. 01:06 Lois: That's right. And full disclosure before we start. We're trying something a little different for this episode. Instead of a live guest, our expert will be an AI-generated voice sharing insights drawn directly from Oracle's official course materials. Think of it as getting a taste of what our training courses are like, with a little help from AI. So, with that, let's kick things off by taking a closer look at what the Oracle Analytics AI Assistant really is. Expert: The Oracle Analytics AI Assistant is an AI-powered tool that provides a conversational interface for data analysis. With this tool, data exploration becomes more intuitive and efficient, helping you access fast, personalized insights. The AI Assistant makes use of Generative AI to process queries, analyze indexed datasets, and create or refine relevant visualizations. It is fully integrated into the Oracle Analytics platform, complementing existing analytic and visualization capabilities. 02:13 Nikita: So, put simply, users have the ability to interact with their data in plain English and receive immediate, visual answers. Expert: Exactly! You can ask natural language questions, such as, "What were my sales in the United States last Tuesday?" or "Show me monthly sales for this year," and the assistant interprets the question, queries the right data, and generates the best visualization. 02:39 Lois: Before we dive deeper, let's ground ourselves in some of the core concepts behind this technology. Here's an overview of the AI technologies powering the assistant. Expert:  - Artificial Intelligence refers to systems or machines that perform tasks which typically require human intelligence, like reasoning, learning, perception, and language understanding. - Large Language Models or LLMs are AI programs trained on very large data sets. LLMs can generate human-like language and perform complex language tasks, such as writing emails or answering questions. - Generative AI is a branch of AI that can create new content, such as text, images, and audio. GenAI includes chatbots and virtual assistants capable of human-like conversations, answering questions, and creating content based on user prompts. - Natural Language Processing or NLP is a subfield of AI, targeting how computers understand and generate human language. 03:42 Lois: Now, let's look at what happens behind the scenes when someone interacts with the Oracle Analytics AI Assistant. Expert: Here is how the process works. You ask a question or make a request in natural language. Oracle Analytics Cloud identifies the most relevant dataset to answer that question, looking at metadata and attribute values. The platform prepares a prompt for the LLM that includes dataset metadata, column names, synonyms, and your question. The LLM and Natural Language Understanding interpret the question, and then translate it into a structured query. Oracle Analytics validates this query against your data model, and then queries your database. Based on the results, the AI Assistant creates the most appropriate visualization, like a chart, table, or similar format, and provides additional natural language insights. 04:36 Nikita: Security and privacy are top priorities for organizations using tools like this, so let's get into Oracle's approach to protecting user data. Expert: At Oracle, your data privacy and security are always top priorities. Specifically, your data is never shared with external model providers or other customers. Pre-trained generative AI models are accessed exclusively within Oracle's secure cloud infrastructure. No customer data is stored or retained by the AI models after processing, and prompt data is not used to train the models. And finally, all data processed is fully isolated and never combined or visible to anyone outside your organization. 05:20 Lois: In other words, users always remain in full control of their own data, with no risk of leakage or exposure to outside parties. Nikita: Yeah, this kind of reassurance is absolutely critical for enterprises. 05:32 Lois: That's right, Niki. Next, let's cover how to get the most accurate and relevant insights from the AI Assistant by following some best practices for prompting. Expert: To get the best answers, you need to be specific. Include key data points, timeframes, or filters. For example, something like: "Show total sales by country for Q2 2024." Keep questions focused, clear, and concise. Refine your request as needed. If you want different details or a simpler trend line, follow up with something like, "Show by quarter," or "Replace product category with customer segment." Avoid complex prompts, like highly nested or multi-step ones. Ask a series of concise questions instead. When typing column names or field values, pause briefly to let the Assistant suggest the correct field. This increases prompt accuracy. Consider the context of the conversation. Filters and refinements made in previous messages persist, so be aware that context builds over the conversation unless reset. 06:36 Nikita: So, you might start with something like, "Show me sales trends for the last 5 years," and then get more granular, like, "Include only technology products," or "Break the results down by product sub-category." Lois: But sometimes, you may just want to start from scratch, so let's discuss how you can reset your session with the AI Assistant. Expert: Just select the "Clear Assistant History" option and you can begin a new analysis. 07:03 Nikita: Language capabilities are another important consideration, so here's an overview of which languages the Assistant currently supports. Expert: Right now, English is the primary language supported. Simple questions in other languages may work, but with less accuracy and fewer features. Talk to your Oracle Analytics administrator if you have multilingual needs. 07:26 Lois: Let's clarify what kinds of questions are beyond the scope of the Assistant. Expert: The Assistant is built for business-oriented, goal-driven queries, not for technical schema questions or database logic. So, don't ask about dataset structures or technical metadata. But do ask about trends, comparisons, breakdowns, and summaries that relate to your business. 07:53 Do you want to fast-track your learning goals? Join us for live events hosted by Oracle expert instructors! Get certification exam tips, learn about new technology, and ask your questions in real time. Take charge of your learning. Visit mylearn.oracle.com and join a live event today!  08:13 Nikita: Welcome back! Now, let's discuss why configuring datasets is crucial for working effectively with the AI Assistant. Expert: Effectively indexing and configuring your dataset can make a huge difference when working with the AI Assistant. When you index a dataset, you're basically creating searchable references. This makes it easier for the AI Assistant to quickly locate the most relevant columns and give accurate responses to natural language questions.  It's important to know that you'll need to manually select which columns to index. For example, if your users are likely to ask about sales in the United States, you'll want to make sure that both the "Country" column and the "Sales" column are included when indexing. That way, the Assistant knows exactly where to look when someone asks a question about U.S. sales figures.  Another thing to remember is that you can make your analytics more user-friendly by resolving ambiguities and assigning synonyms to your dataset columns. For instance, if there's a generic "date" column, clarify whether that refers to the "order date" or the "ship date." It helps to add synonyms as well, so the assistant can handle different ways users might phrase their questions.  So, while it may take a little extra effort upfront, making your dataset easy to search and understand pays off. Your AI Assistant can respond quickly and accurately, and your users get the answers they're looking for with less hassle.  09:43 Lois: Next, we'll outline the steps for configuring and indexing datasets for optimal performance. Expert: First you need to confirm dataset access. You'll need read/write privileges to enable the AI Assistant and index the dataset. Then, on the Search tab, under "Index Dataset For," select "Assistant." Choose your language and, optionally, set an indexing schedule. Carefully pick columns users will likely question, like sales, region, or date. Avoid technical metadata, sensitive data, and high-cardinality columns like Customer IDs. Choose whether to index only column names or names plus data values. Including data values helps with typing suggestions and nuance. Avoid values no one will search on. Importantly, indexed dataset values are never sent to the LLM. They are retrieved from the dataset when visualizations are created. Assign synonyms to attribute names. Oracle Analytics suggests synonyms, but you can also add your own. Finally, save the changes and run indexing to make the dataset searchable by the Assistant. 10:50 Nikita: Now, let's look at how configuring subject areas can further tailor the experience. Expert: You'll need to navigate to the Search Index by going through the Console's Configuration and Settings. Choose your language and indexing schedule. Index folders relevant to business questions; avoid non-relevant or sensitive columns. Select the Index Type: "Index Metadata Only" for high-cardinality columns (like IDs); "Index" for columns and values that users reference. As with datasets, clarify column meanings with user-friendly synonyms. Finalize settings and run the index to prepare your subject area for AI-powered queries. Special care must be taken with date columns. Select and clearly identify the main business date so queries don't become ambiguous. 11:39 Lois: Synonyms play an important role in reducing ambiguity and enhancing results, so let's review the best practices for setting them up effectively. Expert: If your columns use abbreviations, acronyms, or codes—like "custNo" or "Pname"—it's a good idea to provide synonyms to clarify what those attributes actually mean. Think about how people typically refer to those columns in everyday language. So instead of just "custNo," add "Customer Number" as a synonym, and for "Pname," you would use "Product Name."  If you can, actually renaming the column is usually more effective than just adding a synonym. But if that's not possible for some reason, a synonym is the next best thing.  Dates can be another tricky area. Datasets often have several date columns, like "Ship Date," "Order Date," and "Invoice Date." If a user asks, "Show me revenue by date," the system has to decide which date column to use, and it may just pick one for you. If you definitely want "Order Date" to be considered the default date, make sure to assign "date" as a synonym specifically for that column.  There's also the situation where different tables have columns with the same name—like "name" from both a Product table and an Employee table. You'll want to use synonyms for these columns too, to make it clear what each one means.  Adding more than one synonym can help as well. For example, if you have a "Yield" column, maybe also specify "revenue" and "income" as synonyms, so users can ask questions however they naturally would.  Avoid using reserved words or special characters in your synonyms. This means words like "Count," "Year," or anything that's also a SQL function, plus characters like "@" or special symbols. Also, steer clear of Unicode characters and terms that are analytical functions or date formats.  The whole point is to make your columns easy for business users or anyone else to reference naturally, using the terms they're most likely to try in a search.  And finally, just a few rules of thumb: synonyms can be up to 50 characters long, you can use up to 20 synonyms for each column, and you don't need to worry about uppercase or lowercase; column names aren't case sensitive.  Besides the basic setup and using synonyms, you can really improve the quality of answers from the AI Assistant (and the LLM it uses) by prepping and enriching your data. It's easier for the AI to work with words than numbers. Try "binning" numerical values into simple categories people can understand. For instance, instead of showing a long list of sales amounts, split them into groups like "small," "medium," and "large."  LLMs handle words better than blanks. If your data has missing or null values, fill them in with something meaningful, like "Unknown," "Not specified," or "Not available." Skipping this step could cause errors in queries, such as reports missing customers because their country is blank. Incorrect averages or summaries, especially if missing values are ignored. Issues with forecasting, if data gaps throw off trends. The AI Assistant might skip important columns or even generate errors. Ambiguous or duplicate column names confuse both users and the LLM. Make your names clear and consistent.  You can use Oracle Analytics's Transform editor to add even more context. For example, you might extract the day of the week from a date, so you can easily ask, "Show sales for all Fridays in 2026."  By preparing your data with these steps, you help the AI Assistant give you more accurate and insightful answers, making data analysis a lot smoother! 15:27 Nikita: Finally, let's walk through the process of making the Oracle Analytics AI Assistant accessible to end users directly within their workbooks. Expert: Permissions are controlled through application roles. Your administrator must create a specific role enabling access to the AI Assistant. To enable consumer access, open your workbook in edit mode and select Present. From the Workbook tab, toggle it on in the Insights Panel section. Choose tabs like Watch Lists and Workbook Assistant. Decide which data sources in your workbook are available to the consumer. Save, and then use Preview to simulate the user experience. Consumers can access the AI Assistant by selecting Auto Insights at the top of the workbook. They can then type in natural language questions, review visualizations, and follow up. Repeat these steps for each workbook you wish to enable. 16:22 Lois: This really puts agile, self-service analytics at everyone's fingertips, all while keeping data security and integrity front and center. Nikita: And it's not just plug-and-play. To get the best results, you configure your data, enrich it, apply the right synonyms and permissions, and then your team can ask questions and visualize results just by using natural language. Lois: If you're ready to kickstart or deepen your journey with the Oracle Analytics AI Assistant, or you want to review the topics we covered in today's episode in even greater detail, visit mylearn.oracle.com. Nikita: That wraps up this episode. Thanks for spending time listening to us today. Join us next week for another episode of the Oracle University Podcast. Until then, this is Nikita Abraham… Lois: And Lois Houston, signing off! 17:14 That's all for this episode of the Oracle University Podcast. If you enjoyed listening, please click Subscribe to get all the latest episodes. We'd also love it if you would take a moment to rate and review us on your podcast app. See you again on the next episode of the Oracle University Podcast.  

DUBAI WORKS Business Podcast
Drones Strike Saudi Aramco & Qatar LNG | AWS Data Centres Hit Across the Gulf | UAE Dirham Gets Its Own Keyboard Symbol

DUBAI WORKS Business Podcast

Play Episode Listen Later Mar 3, 2026 5:31


In today's Smashi Business Show, we cover three major stories shaking the region. Saudi Aramco's Ras Tanura refinery — processing 550,000 barrels a day — has been shut down after a drone strike, as Qatar simultaneously halts LNG production following Iranian attacks on key energy facilities. Brent crude is already surging past $79. Amazon Web Services confirms drone strikes have damaged data centres in the UAE and Bahrain, disrupting cloud services and forcing warehouse closures across the Gulf. And on a lighter note, the UAE dirham is set to get its own Unicode symbol — coming to keyboards worldwide this September. Stay informed with us.Newsletter: https://lnkd.in/dAkTDhJ6WhatsApp: aug.us/40FdYLUInstagram: aug.us/4ihltzQTiktok: aug.us/4lnV0D8Smashi Business Show (Mon-Friday): aug.us/3BTU2MY

Talk Paper Scissors
Indigenous Type Perspectives with Leo Vicenti

Talk Paper Scissors

Play Episode Listen Later Feb 3, 2026 57:42


Send us a textThis is the first episode in a 3-part guest lecture series in GCM 230 Typography, speaking with design typography pros from across North America! This episode features type designer and educator at Emily Carr University of Art + Design in Vancouver, Leo Vicenti. In this conversation, you'll hear how Leo believes typography can support Indigenous language and culture, the ways in which typography isn't always necessary, Indigenization of digital spaces, and why fixed systems don't necessarily work (Unicode, for example). This episode was recorded as part of a guest lecture series in GCM 230 - Typography in fall 2025 at The Creative School at Toronto Metropolitan University. I'm all about interesting projects with interesting people! Let's Connect on the web or via Instagram. :)

Les Cast Codeurs Podcast
LCC 335 - 200 terminaux en prod vendredi

Les Cast Codeurs Podcast

Play Episode Listen Later Jan 16, 2026 103:16


De retour à cinq dans l'épisode, les cast codeurs démarrent cette année avec un gros épisode pleins de news et d'articles de fond. IA bien sûr, son impact sur les pratiques, Mockito qui tourne un page, du CSS (et oui), sur le (non) mapping d'APIs REST en MCP et d'une palanquée d'outils pour vous. Enregistré le 9 janvier 2026 Téléchargement de l'épisode LesCastCodeurs-Episode-335.mp3 ou en vidéo sur YouTube. News Langages 2026 sera-t'elle l'année de Java dans le terminal ? (j'ai ouïe dire que ça se pourrait bien…) https://xam.dk/blog/lets-make-2026-the-year-of-java-in-the-terminal/ 2026: Année de Java dans le terminal, pour rattraper son retard sur Python, Rust, Go et Node.js. Java est sous-estimé pour les applications CLI et les TUIs (interfaces utilisateur terminales) malgré ses capacités. Les anciennes excuses (démarrage lent, outillage lourd, verbosité, distribution complexe) sont obsolètes grâce aux avancées récentes : GraalVM Native Image pour un démarrage en millisecondes. JBang pour l'exécution simplifiée de scripts Java (fichiers uniques, dépendances) et de JARs. JReleaser pour l'automatisation de la distribution multi-plateforme (Homebrew, SDKMAN, Docker, images natives). Project Loom pour la concurrence facile avec les threads virtuels. PicoCLI pour la gestion des arguments. Le potentiel va au-delà des scripts : création de TUIs complètes et esthétiques (ex: dashboards, gestionnaires de fichiers, assistants IA). Excuses caduques : démarrage rapide (GraalVM), légèreté (JBang), distribution simple (JReleaser), concurrence (Loom). Potentiel : créer des applications TUI riches et esthétiques. Sortie de Ruby 4.0.0 https://www.ruby-lang.org/en/news/2025/12/25/ruby-4-0-0-released/ Ruby Box (expérimental) : Une nouvelle fonctionnalité permettant d'isoler les définitions (classes, modules, monkey patches) dans des boîtes séparées pour éviter les conflits globaux. ZJIT : Un nouveau compilateur JIT de nouvelle génération développé en Rust, visant à surpasser YJIT à terme (actuellement en phase expérimentale). Améliorations de Ractor : Introduction de Ractor::Port pour une meilleure communication entre Ractors et optimisation des structures internes pour réduire les contentions de verrou global. Changements syntaxiques : Les opérateurs logiques (||, &&, and, or) en début de ligne permettent désormais de continuer la ligne précédente, facilitant le style "fluent". Classes Core : Set et Pathname deviennent des classes intégrées (Core) au lieu d'être dans la bibliothèque standard. Diagnostics améliorés : Les erreurs d'arguments (ArgumentError) affichent désormais des extraits de code pour l'appelant ET la définition de la méthode. Performances : Optimisation de Class#new, accès plus rapide aux variables d'instance et améliorations significatives du ramasse-miettes (GC). Nettoyage : Suppression de comportements obsolètes (comme la création de processus via IO.open avec |) et mise à jour vers Unicode 17.0. Librairies Introduction pour créer une appli multi-tenant avec Quarkus et http://nip.io|nip.io https://www.the-main-thread.com/p/quarkus-multi-tenant-api-nipio-tutorial Construction d'une API REST multi-tenant en Quarkus avec isolation par sous-domaine Utilisation de http://nip.io|nip.io pour la résolution DNS automatique sans configuration locale Extraction du tenant depuis l'en-tête HTTP Host via un filtre JAX-RS Contexte tenant géré avec CDI en scope Request pour l'isolation des données Service applicatif gérant des données spécifiques par tenant avec Map concurrent Interface web HTML/JS pour visualiser et ajouter des données par tenant Configuration CORS nécessaire pour le développement local Pattern acme.127-0-0-1.nip.io résolu automatiquement vers localhost Code complet disponible sur GitHub avec exemples curl et tests navigateur Base idéale pour prototypage SaaS, tests multi-tenants Hibernate 7.2 avec quelques améliorations intéressantes https://docs.hibernate.org/orm/7.2/whats-new/%7Bhtml-meta-canonical-link%7D read only replica (experimental), crée deux session factories et swap au niveau jdbc si le driver le supporte et custom sinon. On ouvre une session en read only child statelesssession (partage le contexte transactionnel) hibernate vector module ajouter binary, float16 and sparse vectors Le SchemaManager peut resynchroniser les séquences par rapport aux données des tables Regexp dans HQL avec like Nouvelle version de Hibernate with Panache pour Quarkus https://quarkus.io/blog/hibernate-panache-next/ Nouvelle extension expérimentale qui unifie Hibernate ORM with Panache et Hibernate Reactive with Panache Les entités peuvent désormais fonctionner en mode bloquant ou réactif sans changer de type de base Support des sessions sans état (StatelessSession) en plus des entités gérées traditionnelles Intégration de Jakarta Data pour des requêtes type-safe vérifiées à la compilation Les opérations sont définies dans des repositories imbriqués plutôt que des méthodes statiques Possibilité de définir plusieurs repositories pour différents modes d'opération sur une même entité Accès aux différents modes (bloquant/réactif, géré/sans état) via des méthodes de supertype Support des annotations @Find et @HQL pour générer des requêtes type-safe Accès au repository via injection ou via le métamodèle généré Extension disponible dans la branche main, feedback demandé sur Zulip ou GitHub Spring Shell 4.0.0 GA publié - https://spring.io/blog/2025/12/30/spring-shell-4-0-0-ga-released Sortie de la version finale de Spring Shell 4.0.0 disponible sur Maven Central Compatible avec les dernières versions de Spring Framework et Spring Boot Modèle de commandes revu pour simplifier la création d'applications CLI interactives Intégration de jSpecify pour améliorer la sécurité contre les NullPointerException Architecture plus modulaire permettant meilleure personnalisation et extension Documentation et exemples entièrement mis à jour pour faciliter la prise en main Guide de migration vers la v4 disponible sur le wiki du projet Corrections de bugs pour améliorer la stabilité et la fiabilité Permet de créer des applications Java autonomes exécutables avec java -jar ou GraalVM native Approche opinionnée du développement CLI tout en restant flexible pour les besoins spécifiques Une nouvelle version de la librairie qui implémenter des gatherers supplémentaires à ceux du JDK https://github.com/tginsberg/gatherers4j/releases/tag/v0.13.0 gatherers4j v0.13.0. Nouveaux gatherers : uniquelyOccurringBy(), moving/runningMedian(), moving/runningMax/Min(). Changement : les gatherers "moving" incluent désormais par défaut les valeurs partielles (utiliser excludePartialValues() pour désactiver). LangChain4j 1.10.0 https://github.com/langchain4j/langchain4j/releases/tag/1.10.0 Introduction d'un catalogue de modèles pour Anthropic, Gemini, OpenAI et Mistral. Ajout de capacités d'observabilité et de monitoring pour les agents. Support des sorties structurées, des outils avancés et de l'analyse de PDF via URL pour Anthropic. Support des services de transcription pour OpenAI. Possibilité de passer des paramètres de configuration de chat en argument des méthodes. Nouveau garde-fou de modération pour les messages entrants. Support du contenu de raisonnement pour les modèles. Introduction de la recherche hybride. Améliorations du client MCP. Départ du lead de mockito après 10 ans https://github.com/mockito/mockito/issues/3777 Tim van der Lippe, mainteneur majeur de Mockito, annonce son départ pour mars 2026, marquant une décennie de contribution au projet. L'une des raisons principales est l'épuisement lié aux changements récents dans la JVM (JVM 22+) concernant les agents, imposant des contraintes techniques lourdes sans alternative simple proposée par les mainteneurs du JDK. Il pointe du doigt le manque de soutien et la pression exercée sur les bénévoles de l'open source lors de ces transitions technologiques majeures. La complexité croissante pour supporter Kotlin, qui utilise la JVM de manière spécifique, rend la base de code de Mockito plus difficile à maintenir et moins agréable à faire évoluer selon lui. Il exprime une perte de plaisir et préfère désormais consacrer son temps libre à d'autres projets comme Servo, un moteur web écrit en Rust. Une période de transition est prévue jusqu'en mars pour assurer la passation de la maintenance à de nouveaux contributeurs. Infrastructure Le premier intérêt de Kubernetes n'est pas le scaling - https://mcorbin.fr/posts/2025-12-29-kubernetes-scale/ Avant Kubernetes, gérer des applications en production nécessitait de multiples outils complexes (Ansible, Puppet, Chef) avec beaucoup de configuration manuelle Le load balancing se faisait avec HAProxy et Keepalived en actif/passif, nécessitant des mises à jour manuelles de configuration à chaque changement d'instance Le service discovery et les rollouts étaient orchestrés manuellement, instance par instance, sans automatisation de la réconciliation Chaque stack (Java, Python, Ruby) avait sa propre méthode de déploiement, sans standardisation (rpm, deb, tar.gz, jar) La gestion des ressources était manuelle avec souvent une application par machine, créant du gaspillage et complexifiant la maintenance Kubernetes standardise tout en quelques ressources YAML (Deployment, Service, Ingress, ConfigMap, Secret) avec un format déclaratif simple Toutes les fonctionnalités critiques sont intégrées : service discovery, load balancing, scaling, stockage, firewalling, logging, tolérance aux pannes La complexité des centaines de scripts shell et playbooks Ansible maintenus avant était supérieure à celle de Kubernetes Kubernetes devient pertinent dès qu'on commence à reconstruire manuellement ces fonctionnalités, ce qui arrive très rapidement La technologie est flexible et peut gérer aussi bien des applications modernes que des monolithes legacy avec des contraintes spécifiques Mole https://github.com/tw93/Mole Un outil en ligne de commande (CLI) tout-en-un pour nettoyer et optimiser macOS. Combine les fonctionnalités de logiciels populaires comme CleanMyMac, AppCleaner, DaisyDisk et iStat Menus. Analyse et supprime en profondeur les caches, les fichiers logs et les résidus de navigateurs. Désinstallateur intelligent qui retire proprement les applications et leurs fichiers cachés (Launch Agents, préférences). Analyseur d'espace disque interactif pour visualiser l'occupation des fichiers et gérer les documents volumineux. Tableau de bord temps réel (mo status) pour surveiller le CPU, le GPU, la mémoire et le réseau. Fonction de purge spécifique pour les développeurs permettant de supprimer les artefacts de build (node_modules, target, etc.). Intégration possible avec Raycast ou Alfred pour un lancement rapide des commandes. Installation simple via Homebrew ou un script curl. Des images Docker sécurisées pour chaque développeur https://www.docker.com/blog/docker-hardened-images-for-every-developer/ Docker rend ses "Hardened Images" (DHI) gratuites et open source (licence Apache 2.0) pour tous les développeurs. Ces images sont conçues pour être minimales, prêtes pour la production et sécurisées dès le départ afin de lutter contre l'explosion des attaques sur la chaîne logistique logicielle. Elles s'appuient sur des bases familières comme Alpine et Debian, garantissant une compatibilité élevée et une migration facile. Chaque image inclut un SBOM (Software Bill of Materials) complet et vérifiable, ainsi qu'une provenance SLSA de niveau 3 pour une transparence totale. L'utilisation de ces images permet de réduire considérablement le nombre de vulnérabilités (CVE) et la taille des images (jusqu'à 95 % plus petites). Docker étend cette approche sécurisée aux graphiques Helm et aux serveurs MCP (Mongo, Grafana, GitHub, etc.). Des offres commerciales (DHI Enterprise) restent disponibles pour des besoins spécifiques : correctifs critiques sous 7 jours, support FIPS/FedRAMP ou support à cycle de vie étendu (ELS). Un assistant IA expérimental de Docker peut analyser les conteneurs existants pour recommander l'adoption des versions sécurisées correspondantes. L'initiative est soutenue par des partenaires majeurs tels que Google, MongoDB, Snyk et la CNCF. Web La maçonnerie ("masonry") arrive dans la spécification des CSS et commence à être implémentée par les navigateurs https://webkit.org/blog/17660/introducing-css-grid-lanes/ Permet de mettre en colonne des éléments HTML les uns à la suite des autres. D'abord sur la première ligne, et quand la première ligne est remplie, le prochain élément se trouvera dans la colonne où il pourra être le plus haut possible, et ainsi de suite. après la plomberie du middleware, la maçonnerie du front :laughing: Data et Intelligence Artificielle On ne devrait pas faire un mapping 1:1 entre API REST et MCP https://nordicapis.com/why-mcp-shouldnt-wrap-an-api-one-to-one/ Problématique : Envelopper une API telle quelle dans le protocole MCP (Model Context Protocol) est un anti-pattern. Objectif du MCP : Conçu pour les agents d'IA, il doit servir d'interface d'intention, non de miroir d'API. Les agents comprennent les tâches, pas la logique complexe des API (authentification, pagination, orchestration). Conséquences du mappage un-à-un : Confusion des agents, erreurs, hallucinations. Difficulté à gérer les orchestrations complexes (plusieurs appels pour une seule action). Exposition des faiblesses de l'API (schéma lourd, endpoints obsolètes). Maintenance accrue lors des changements d'API. Meilleure approche : Construire des outils MCP comme des SDK pour agents, encapsulant la logique nécessaire pour accomplir une tâche spécifique. Pratiques recommandées : Concevoir autour des intentions/actions utilisateur (ex. : "créer un projet", "résumer un document"). Regrouper les appels en workflows ou actions uniques. Utiliser un langage naturel pour les définitions et les noms. Limiter la surface d'exposition de l'API pour la sécurité et la clarté. Appliquer des schémas d'entrée/sortie stricts pour guider l'agent et réduire l'ambiguïté. Des agents en production avec AWS - https://blog.ippon.fr/2025/12/22/des-agents-en-production-avec-aws/ AWS re:Invent 2025 a massivement mis en avant l'IA générative et les agents IA Un agent IA combine un LLM, une boucle d'appel et des outils invocables Strands Agents SDK facilite le prototypage avec boucles ReAct intégrées et gestion de la mémoire Managed MLflow permet de tracer les expérimentations et définir des métriques de performance Nova Forge optimise les modèles par réentraînement sur données spécifiques pour réduire coûts et latence Bedrock Agent Core industrialise le déploiement avec runtime serverless et auto-scaling Agent Core propose neuf piliers dont observabilité, authentification, code interpreter et browser managé Le protocole MCP d'Anthropic standardise la fourniture d'outils aux agents SageMaker AI et Bedrock centralisent l'accès aux modèles closed source et open source via API unique AWS mise sur l'évolution des chatbots vers des systèmes agentiques optimisés avec modèles plus frugaux Debezium 3.4 amène plusieurs améliorations intéressantes https://debezium.io/blog/2025/12/16/debezium-3-4-final-released/ Correction du problème de calcul du low watermark Oracle qui causait des pertes de performance Correction de l'émission des événements heartbeat dans le connecteur Oracle avec les requêtes CTE Amélioration des logs pour comprendre les transactions actives dans le connecteur Oracle Memory guards pour protéger contre les schémas de base de données de grande taille Support de la transformation des coordonnées géométriques pour une meilleure gestion des données spatiales Extension Quarkus DevServices permettant de démarrer automatiquement une base de données et Debezium en dev Intégration OpenLineage pour tracer la lignée des données et suivre leur flux à travers les pipelines Compatibilité testée avec Kafka Connect 4.1 et Kafka brokers 4.1 Infinispan 16.0.4 et .5 https://infinispan.org/blog/2025/12/17/infinispan-16-0-4 Spring Boot 4 et Spring 7 supportés Evolution dans les metriques Deux bugs de serialisation Construire un agent de recherche en Java avec l'API Interactions https://glaforge.dev/posts/2026/01/03/building-a-research-assistant-with-the-interactions-api-in-java/ Assistant de recherche IA Java (API Interactions Gemini), test du SDK implémenté par Guillaume. Workflow en 4 phases : Planification : Gemini Flash + Google Search. Recherche : Modèle "Deep Research" (tâche de fond). Synthèse : Gemini Pro (rapport exécutif). Infographie : Nano Banana Pro (à partir de la synthèse). API Interactions : gestion d'état serveur, tâches en arrière-plan, réponses multimodales (images). Appréciation : gestion d'état de l'API (vs LLM sans état). Validation : efficacité du SDK Java pour cas complexes. Stephan Janssen (le papa de Devoxx) a créé un serveur MCP (Model Context Protocol) basé sur LSP (Language Server Protocol) pour que les assistants de code analysent le code en le comprenant vraiment plutôt qu'en faisant des grep https://github.com/stephanj/LSP4J-MCP Le problème identifié : Les assistants IA utilisent souvent la recherche textuelle (type grep) pour naviguer dans le code, ce qui manque de contexte sémantique, génère du bruit (faux positifs) et consomme énormément de tokens inutilement. La solution LSP4J-MCP : Une approche "standalone" (autonome) qui encapsule le serveur de langage Eclipse (JDTLS) via le protocole MCP (Model Context Protocol). Avantage principal : Offre une compréhension sémantique profonde du code Java (types, hiérarchies, références) sans nécessiter l'ouverture d'un IDE lourd comme IntelliJ. Comparaison des méthodes : AST : Trop léger (pas de compréhension inter-fichiers). IntelliJ MCP : Puissant mais exige que l'IDE soit ouvert (gourmand en ressources). LSP4J-MCP : Le meilleur des deux mondes pour les workflows en terminal, à distance (SSH) ou CI/CD. Fonctionnalités clés : Expose 5 outils pour l'IA (find_symbols, find_references, find_definition, document_symbols, find_interfaces_with_method). Résultats : Une réduction de 100x des tokens utilisés pour la navigation et une précision accrue (distinction des surcharges, des scopes, etc.). Disponibilité : Le projet est open source et disponible sur GitHub pour intégration immédiate (ex: avec Claude Code, Gemini CLI, etc). A noter l'ajout dans claude code 2.0.74 d'un tool pour supporter LSP ( https://github.com/anthropics/claude-code/blob/main/CHANGELOG.md#2074 ) Awesome (GitHub) Copilot https://github.com/github/awesome-copilot Une collection communautaire d'instructions, de prompts et de configurations pour optimiser l'utilisation de GitHub Copilot. Propose des "Agents" spécialisés qui s'intègrent aux serveurs MCP pour améliorer les flux de travail spécifiques. Inclut des prompts ciblés pour la génération de code, la documentation et la résolution de problèmes complexes. Fournit des instructions détaillées sur les standards de codage et les meilleures pratiques applicables à divers frameworks. Propose des "Skills" (compétences) sous forme de dossiers contenant des ressources pour des tâches techniques spécialisées. (les skills sont dispo dans copilot depuis un mois : https://github.blog/changelog/2025-12-18-github-copilot-now-supports-agent-skills/ ) Permet une installation facile via un serveur MCP dédié, compatible avec VS Code et Visual Studio. Encourage la contribution communautaire pour enrichir les bibliothèques de prompts et d'agents. Aide à augmenter la productivité en offrant des solutions pré-configurées pour de nombreux langages et domaines. Garanti par une licence MIT et maintenu activement par des contributeurs du monde entier. IA et productivité : bilan de l'année 2025 (Laura Tacho - DX)) https://newsletter.getdx.com/p/ai-and-productivity-year-in-review?aid=recNfypKAanQrKszT En 2025, l'ingénierie assistée par l'IA est devenue la norme : environ 90 % des développeurs utilisent des outils d'IA mensuellement, et plus de 40 % quotidiennement. Les chercheurs (Microsoft, Google, GitHub) soulignent que le nombre de lignes de code (LOC) reste un mauvais indicateur d'impact, car l'IA génère beaucoup de code sans forcément garantir une valeur métier supérieure. Si l'IA améliore l'efficacité individuelle, elle pourrait nuire à la collaboration à long terme, car les développeurs passent plus de temps à "parler" à l'IA qu'à leurs collègues. L'identité du développeur évolue : il passe de "producteur de code" à un rôle de "metteur en scène" qui délègue, valide et exerce son jugement stratégique. L'IA pourrait accélérer la montée en compétences des développeurs juniors en les forçant à gérer des projets et à déléguer plus tôt, agissant comme un "accélérateur" plutôt que de les rendre obsolètes. L'accent est mis sur la créativité plutôt que sur la simple automatisation, afin de réimaginer la manière de travailler et d'obtenir des résultats plus impactants. Le succès en 2026 dépendra de la capacité des entreprises à cibler les goulots d'étranglement réels (dette technique, documentation, conformité) plutôt que de tester simplement chaque nouveau modèle d'IA. La newsletter avertit que les titres de presse simplifient souvent à l'excès les recherches sur l'IA, masquant parfois les nuances cruciales des études réelles. Un développeur décrit dans un article sur Twitter son utilisation avancée de Claude Code pour le développement, avec des sous-agents, des slash-commands, comment optimiser le contexte, etc. https://x.com/AureaLibe/status/2008958120878330329?s=20 Outillage IntelliJ IDEA, thread dumps et project Loom (virtual threads) - https://blog.jetbrains.com/idea/2025/12/thread-dumps-and-project-loom-virtual-threads/ Les virtual threads Java améliorent l'utilisation du matériel pour les opérations I/O parallèles avec peu de changements de code Un serveur peut maintenant gérer des millions de threads au lieu de quelques centaines Les outils existants peinent à afficher et analyser des millions de threads simultanément Le débogage asynchrone est complexe car le scheduler et le worker s'exécutent dans des threads différents Les thread dumps restent essentiels pour diagnostiquer deadlocks, UI bloquées et fuites de threads Netflix a découvert un deadlock lié aux virtual threads en analysant un heap dump, bug corrigé dans Java 25. Mais c'était de la haute voltige IntelliJ IDEA supporte nativement les virtual threads dès leur sortie avec affichage des locks acquis IntelliJ IDEA peut ouvrir des thread dumps générés par d'autres outils comme jcmd Le support s'étend aussi aux coroutines Kotlin en plus des virtual threads Quelques infos sur IntelliJ IDEA 2025.3 https://blog.jetbrains.com/idea/2025/12/intellij-idea-2025-3/ Distribution unifiée regroupant davantage de fonctionnalités gratuites Amélioration de la complétion des commandes dans l'IDE Nouvelles fonctionnalités pour le débogueur Spring Thème Islands devient le thème par défaut Support complet de Spring Boot 4 et Spring Framework 7 Compatibilité avec Java 25 Prise en charge de Spring Data JDBC et Vitest 4 Support natif de Junie et Claude Agent pour l'IA Quota d'IA transparent et option Bring Your Own Key à venir Corrections de stabilité, performance et expérience utilisateur Plein de petits outils en ligne pour le développeur https://blgardner.github.io/prism.tools/ génération de mot de passe, de gradient CSS, de QR code encodage décodage de Base64, JWT formattage de JSON, etc. resumectl - Votre CV en tant que code https://juhnny5.github.io/resumectl/ Un outil en ligne de commande (CLI) écrit en Go pour générer un CV à partir d'un fichier YAML. Permet l'exportation vers plusieurs formats : PDF, HTML, ou un affichage direct dans le terminal. Propose 5 thèmes intégrés (Modern, Classic, Minimal, Elegant, Tech) personnalisables avec des couleurs spécifiques. Fonctionnalité d'initialisation (resumectl init) permettant d'importer automatiquement des données depuis LinkedIn et GitHub (projets les plus étoilés). Supporte l'ajout de photos avec des options de filtre noir et blanc ou de forme (rond/carré). Inclut un mode "serveur" (resumectl serve) pour prévisualiser les modifications en temps réel via un navigateur local. Fonctionne comme un binaire unique sans dépendances externes complexes pour les modèles. mactop - Un moniteur "top" pour Apple Silicon https://github.com/metaspartan/mactop Un outil de surveillance en ligne de commande (TUI) conçu spécifiquement pour les puces Apple Silicon (M1, M2, M3, M4, M5). Permet de suivre en temps réel l'utilisation du CPU (E-cores et P-cores), du GPU et de l'ANE (Neural Engine). Affiche la consommation électrique (wattage) du système, du CPU, du GPU et de la DRAM. Fournit des données sur les températures du SoC, les fréquences du GPU et l'état thermique global. Surveille l'utilisation de la mémoire vive, de la swap, ainsi que l'activité réseau et disque (E/S). Propose 10 mises en page (layouts) différentes et plusieurs thèmes de couleurs personnalisables. Ne nécessite pas l'utilisation de sudo car il s'appuie sur les API natives d'Apple (SMC, IOReport, IOKit). Inclut une liste de processus détaillée (similaire à htop) avec la possibilité de tuer des processus directement depuis l'interface. Offre un mode "headless" pour exporter les métriques au format JSON et un serveur optionnel pour Prometheus. Développé en Go avec des composants en CGO et Objective-C. Adieu direnv, Bonjour misehttps://codeka.io/2025/12/19/adieu-direnv-bonjour-mise/ L'auteur remplace ses outils habituels (direnv, asdf, task, just) par un seul outil polyvalent écrit en Rust : mise. mise propose trois fonctions principales : gestionnaire de paquets (langages et outils), gestionnaire de variables d'environnement et exécuteur de tâches. Contrairement à direnv, il permet de gérer des alias et utilise un fichier de configuration structuré (mise.toml) plutôt que du scripting shell. La configuration est hiérarchique, permettant de surcharger les paramètres selon les répertoires, avec un système de "trust" pour la sécurité. Une "killer-feature" soulignée est la gestion des secrets : mise s'intègre avec age pour chiffrer des secrets (via clés SSH) directement dans le fichier de configuration. L'outil supporte une vaste liste de langages et d'outils via un registre interne et des plugins (compatibilité avec l'écosystème asdf). Il simplifie le workflow de développement en regroupant l'installation des outils et l'automatisation des tâches au sein d'un même fichier. L'auteur conclut sur la puissance, la flexibilité et les excellentes performances de l'outil après quelques heures de test. Claude Code v2.1.0 https://github.com/anthropics/claude-code/blob/main/CHANGELOG.md#210 Rechargement à chaud des "skills" : Les modifications apportées aux compétences dans ~/.claude/skills sont désormais appliquées instantanément sans redémarrer la session. Sous-agents et forks : Support de l'exécution de compétences et de commandes slash dans un contexte de sous-agent forké via context: fork. Réglages linguistiques : Ajout d'un paramètre language pour configurer la langue de réponse par défaut (ex: language: "french"). Améliorations du terminal : Shift+Enter fonctionne désormais nativement dans plusieurs terminaux (iTerm2, WezTerm, Ghostty, Kitty) sans configuration manuelle. Sécurité et correction de bugs : Correction d'une faille où des données sensibles (clés API, tokens OAuth) pouvaient apparaître dans les logs de débogage. Nouvelles commandes slash : Ajout de /teleport et /remote-env pour les abonnés claude.ai afin de gérer des sessions distantes. Mode Plan : Le raccourci /plan permet d'activer le mode plan directement depuis le prompt, et la demande de permission à l'entrée de ce mode a été supprimée. Vim et navigation : Ajout de nombreux mouvements Vim (text objects, répétitions de mouvements f/F/t/T, indentations, etc.). Performance : Optimisation du temps de démarrage et du rendu terminal pour les caractères Unicode/Emoji. Gestion du gitignore : Support du réglage respectGitignore dans settings.json pour contrôler le comportement du sélecteur de fichiers @-mention. Méthodologies 200 déploiements en production par jour, même le vendredi : retours d'expérience https://mcorbin.fr/posts/2025-03-21-deploy-200/ Le déploiement fréquent, y compris le vendredi, est un indicateur de maturité technique et augmente la productivité globale. L'excellence technique est un atout stratégique indispensable pour livrer rapidement des produits de qualité. Une architecture pragmatique orientée services (SOA) facilite les déploiements indépendants et réduit la charge cognitive. L'isolation des services est cruciale : un développeur doit pouvoir tester son service localement sans dépendre de toute l'infrastructure. L'automatisation via Kubernetes et l'approche GitOps avec ArgoCD permettent des déploiements continus et sécurisés. Les feature flags et un système de permissions solide permettent de découpler le déploiement technique de l'activation fonctionnelle pour les utilisateurs. L'autonomie des développeurs est renforcée par des outils en self-service (CLI maison) pour gérer l'infrastructure et diagnostiquer les incidents sans goulot d'étranglement. Une culture d'observabilité intégrée dès la conception permet de détecter et de réagir rapidement aux anomalies en production. Accepter l'échec comme inévitable permet de concevoir des systèmes plus résilients capables de se rétablir automatiquement. "Vibe Coding" vs "Prompt Engineering" : l'IA et le futur du développement logiciel https://www.romenrg.com/blog/2025/12/25/vibe-coding-vs-prompt-engineering-ai-and-the-future-of-software-development/ L'IA est passée du statut d'expérimentation à celui d'infrastructure essentielle pour le développement de logiciels en 2025. L'IA ne remplace pas les ingénieurs, mais agit comme un amplificateur de leurs compétences, de leur jugement et de la qualité de leur réflexion. Distinction entre le "Vibe Coding" (rapide, intuitif, idéal pour les prototypes) et le "Prompt Engineering" (délibéré, contraint, nécessaire pour les systèmes maintenables). L'importance cruciale du contexte ("Context Engineering") : l'IA devient réellement puissante lorsqu'elle est connectée aux systèmes réels (GitHub, Jira, etc.) via des protocoles comme le MCP. Utilisation d'agents spécialisés (écriture de RFC, revue de code, architecture) plutôt que de modèles génériques pour obtenir de meilleurs résultats. Émergence de l'ingénieur "Technical Product Manager" capable d'abattre seul le travail d'une petite équipe grâce à l'IA, à condition de maîtriser les fondamentaux techniques. Le risque majeur : l'IA permet d'aller très vite dans la mauvaise direction si le jugement humain et l'expérience font défaut. Le niveau d'exigence global augmente : les bases techniques solides deviennent plus importantes que jamais pour éviter l'accumulation de dette technique rapide. Une revue de code en solo (Kent Beck) ! https://tidyfirst.substack.com/p/party-of-one-for-code-review?r=64ov3&utm_campaign=post&utm_medium=web&triedRedirect=true La revue de code traditionnelle, héritée des inspections formelles d'IBM, s'essouffle car elle est devenue trop lente et asynchrone par rapport au rythme du développement moderne. Avec l'arrivée de l'IA ("le génie"), la vitesse de production du code dépasse la capacité de relecture humaine, créant un goulot d'étranglement majeur. La revue de code doit évoluer vers deux nouveaux objectifs prioritaires : un "sanity check" pour vérifier que l'IA a bien fait ce qu'on lui demandait, et le contrôle de la dérive structurelle de la base de code. Maintenir une structure saine est crucial non seulement pour les futurs développeurs humains, mais aussi pour que l'IA puisse continuer à comprendre et modifier le code efficacement sans perdre le contexte. Kent Beck expérimente des outils automatisés (comme CodeRabbit) pour obtenir des résumés et des schémas d'architecture afin de garder une conscience globale des changements rapides. Même si les outils automatisés sont utiles, le "Pair Programming" reste irremplaçable pour la richesse des échanges et la pression sociale bénéfique qu'il impose à la réflexion. La revue de code solo n'est pas une fin en soi, mais une adaptation nécessaire lorsque l'on travaille seul avec des outils de génération de code augmentés. Loi, société et organisation Lego lance les Lego Smart Play, avec des Brique, des Smart Tags et des Smart Figurines pour faire de nouvelles constructions interactives avec des Legos https://www.lego.com/fr-fr/smart-play LEGO SMART Play : technologie réactive au jeu des enfants. Trois éléments clés : SMART Brique : Brique LEGO 2x4 "cerveau". Accéléromètre, lumières réactives, détecteur de couleurs, synthétiseur sonore. Réagit aux mouvements (tenir, tourner, taper). SMART Tags : Petites pièces intelligentes. Indiquent à la SMART Brique son rôle (ex: hélicoptère, voiture) et les sons à produire. Activent sons, mini-jeux, missions secrètes. SMART Minifigurines : Activées près d'une SMART Brique. Révèlent des personnalités uniques (sons, humeurs, réactions) via la SMART Brique. Encouragent l'imagination. Fonctionnement : SMART Brique détecte SMART Tags et SMART Minifigurines. Réagit aux mouvements avec lumières et sons dynamiques. Compatibilité : S'assemble avec les briques LEGO classiques. Objectif : Créer des expériences de jeu interactives, uniques et illimitées. Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 14-17 janvier 2026 : SnowCamp 2026 - Grenoble (France) 22 janvier 2026 : DevCon #26 : sécurité / post-quantique / hacking - Paris (France) 28 janvier 2026 : Software Heritage Symposium - Paris (France) 29-31 janvier 2026 : Epitech Summit 2026 - Paris - Paris (France) 2-5 février 2026 : Epitech Summit 2026 - Moulins - Moulins (France) 3 février 2026 : Cloud Native Days France 2026 - Paris (France) 3-4 février 2026 : Epitech Summit 2026 - Lille - Lille (France) 3-4 février 2026 : Epitech Summit 2026 - Mulhouse - Mulhouse (France) 3-4 février 2026 : Epitech Summit 2026 - Nancy - Nancy (France) 3-4 février 2026 : Epitech Summit 2026 - Nantes - Nantes (France) 3-4 février 2026 : Epitech Summit 2026 - Marseille - Marseille (France) 3-4 février 2026 : Epitech Summit 2026 - Rennes - Rennes (France) 3-4 février 2026 : Epitech Summit 2026 - Montpellier - Montpellier (France) 3-4 février 2026 : Epitech Summit 2026 - Strasbourg - Strasbourg (France) 3-4 février 2026 : Epitech Summit 2026 - Toulouse - Toulouse (France) 4-5 février 2026 : Epitech Summit 2026 - Bordeaux - Bordeaux (France) 4-5 février 2026 : Epitech Summit 2026 - Lyon - Lyon (France) 4-6 février 2026 : Epitech Summit 2026 - Nice - Nice (France) 5 février 2026 : Web Days Convention - Aix-en-Provence (France) 12 février 2026 : Strasbourg Craft #1 - Strasbourg (France) 12-13 février 2026 : Touraine Tech #26 - Tours (France) 19 février 2026 : ObservabilityCON on the Road - Paris (France) 6 mars 2026 : WordCamp Nice 2026 - Nice (France) 18-19 mars 2026 : Agile Niort 2026 - Niort (France) 20 mars 2026 : Atlantique Day 2026 - Nantes (France) 26 mars 2026 : Data Days Lille - Lille (France) 26-27 mars 2026 : SymfonyLive Paris 2026 - Paris (France) 26-27 mars 2026 : REACT PARIS - Paris (France) 27-29 mars 2026 : Shift - Nantes (France) 31 mars 2026 : ParisTestConf - Paris (France) 1 avril 2026 : AWS Summit Paris - Paris (France) 2 avril 2026 : Pragma Cannes 2026 - Cannes (France) 9-10 avril 2026 : AndroidMakers by droidcon - Paris (France) 16-17 avril 2026 : MiXiT 2026 - Lyon (France) 22-24 avril 2026 : Devoxx France 2026 - Paris (France) 23-25 avril 2026 : Devoxx Greece - Athens (Greece) 24-25 avril 2026 : Faiseuses du Web 5 - Dinan (France) 6-7 mai 2026 : Devoxx UK 2026 - London (UK) 22 mai 2026 : AFUP Day 2026 Lille - Lille (France) 22 mai 2026 : AFUP Day 2026 Paris - Paris (France) 22 mai 2026 : AFUP Day 2026 Bordeaux - Bordeaux (France) 22 mai 2026 : AFUP Day 2026 Lyon - Lyon (France) 29 mai 2026 : NG Baguette Conf 2026 - Paris (France) 5 juin 2026 : TechReady - Nantes (France) 5 juin 2026 : Fork it! - Rouen - Rouen (France) 6 juin 2026 : Polycloud - Montpellier (France) 11-12 juin 2026 : DevQuest Niort - Niort (France) 11-12 juin 2026 : DevLille 2026 - Lille (France) 12 juin 2026 : Tech F'Est 2026 - Nancy (France) 17-19 juin 2026 : Devoxx Poland - Krakow (Poland) 17-20 juin 2026 : VivaTech - Paris (France) 2 juillet 2026 : Azur Tech Summer 2026 - Valbonne (France) 2-3 juillet 2026 : Sunny Tech - Montpellier (France) 3 juillet 2026 : Agile Lyon 2026 - Lyon (France) 2 août 2026 : 4th Tech Summit on Artificial Intelligence & Robotics - Paris (France) 4 septembre 2026 : JUG Summer Camp 2026 - La Rochelle (France) 17-18 septembre 2026 : API Platform Conference 2026 - Lille (France) 24 septembre 2026 : PlatformCon Live Day Paris 2026 - Paris (France) 1 octobre 2026 : WAX 2026 - Marseille (France) 1-2 octobre 2026 : Volcamp - Clermont-Ferrand (France) 5-9 octobre 2026 : Devoxx Belgium - Antwerp (Belgium) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via X/twitter https://twitter.com/lescastcodeurs ou Bluesky https://bsky.app/profile/lescastcodeurs.com Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/

netflix google guide secret service tech spring data evolution microsoft mit modern chefs class code skills web ga difficult lego construction base confusion ces oracle cons classic saas ia encourage excuses pattern react assistant gemini year in review openai cv faire maintenance combine distribution extension analyse blue sky correction validation rust api map acc qr conf puppets materials islands io sous elles python ui aws nouvelle expose nouveau toutes trois java minimal github quelques guillaume bonjour fork corrections workflow int distinction prometheus aur probl helm extraction alpine installation mole llm loom documentation exposition html macos aide kafka apache invent anthropic nouvelles gestion prod prise plein gpu wax changement cpu propose nouveaux gc els interface css vendredi dns adieu jars meilleure construire soc ide synth diagnostics objectif homebrew elegant dram docker bedrock node loi kubernetes utiliser sortie m2 tableau sdks offre m3 accepter cdi contrairement servo enregistr mcp pratiques mongodb changements approche m4 ci cd mistral tui json jira potentiel london uk cli permet paris france cve appr github copilot vim fonctionne limiter soa loc possibilit fonction ssh vs code utilisation m5 maintenir rfc visual studio apple silicon comparaison prompt engineering 7d jit lippe ingress kotlin oauth e s panache ansible avantage jvm vache debian unicode lsp hibernate affiche appliquer snyk jwt mixit garanti yaml objective c concevoir grafana cncf cgo pair programming changelog ajout tech summit gitops devcon kent beck technical product manager spring boot cleanmymac nice france gemini pro jdk lyon france intellij surveille raycast spring framework intellij idea base64 tuis provence france haproxy devoxx strasbourg france argocd lille france istat menus cannes france iterm2 daisydisk kafka connect regexp devoxx france appcleaner
ApfelNerds – Apple News, Gerüchte, Technik

In Folge 294 sprechen die ApfelNerds über einige Jubiläen, das Preview der neuen Emojis in Unicode 18, Anker hat den Anker Nano Charger (45W, Smart Display, 180° Foldable) vorgestellt, Apple hat sich für Google Gemini als AI-Backend entschieden, Thorsten stellt sein Daily Habit Tracker/Journal vor und es gibt Updates.

そんない理科の時間
第648回 コンピューターの中の2進数 byそんない理科の時間 @sonnaip

そんない理科の時間

Play Episode Listen Later Jan 8, 2026 53:26


■2進数・今年もよろしくお願いします・10進数・8進数・2進数・16進数 ■コンピューターの中の数字・ON/OFFの羅列に意味を持たせる・負の数をどうしよう・符号と絶対値表現や、2の補数表現・ビットの集まりを意味のあるデータとして扱う・画像は画素(ドット)ごとの色や明るさ・音は、音圧を1秒に40,000回くらいの頻度でデータ化している・文字コード・絵文字がUNICODEに入った・デジタルデータのメリット メールをお待ちしています rika@0438.jp質問や感想など気軽にお送りください! audiobook.jpで使える60日間無料聴き放題クーポン3MRU-RH46-RJ31-2GLQ

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
SANS Stormcast Thursday, November 20th, 2025: Unicode Issues; FortiWeb More Vulns; DLink DIR-878 Vuln; Operation WrtHug and ASUS Routers

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Play Episode Listen Later Nov 20, 2025 6:34


Unicode: It is more than funny domain names. Unicode can cause a number of issues due to odd features like variance selectors and text direction issues. https://isc.sans.edu/diary/Unicode%3A%20It%20is%20more%20than%20funny%20domain%20names./32472 FortiWeb Multiple OS command injection in API and CLI A second silently patched vulnerability in FortiWeb is already being exploited in the wild. https://fortiguard.fortinet.com/psirt/FG-IR-25-513 DLink DIR-878 Vulnerability DLink disclosed four different vulnerabilities in its popular DIR-878 router. The router is end-of-life and DLink will not release patches https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10475 Operation WrtHug, The Global Espionage Campaign Hiding in Your Home Router A new report, Operation WrtHug, has uncovered a massive, coordinated effort that has compromised thousands of ASUS routers worldwide. https://securityscorecard.com/blog/operation-wrthug-the-global-espionage-campaign-hiding-in-your-home-router/

Critical Thinking - Bug Bounty Podcast
Episode 149: DEFCON Debrief: AI Vulns, Unicode Weirdness, and Wild Vulnerability Chains

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Nov 20, 2025 62:33


Episode 149: In this episode of Critical Thinking - Bug Bounty Podcast The DEFCON videos are up, and Justin and Joseph talk through some of their favorites.Follow us on XGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== Resources ======Unicode surrogates conversionPrompt. Scan. ExploitBreaking into thousands of cloud based VPNs with 1 bugExamining Access Control Vulnerabilities in GraphQLSmart Bus Smart HackingPasskeys PwnedBypassing Intent Destination ChecksGemini Agents in Google CalendarExploitation of DOM Clobbering Vuln at ScaleTheHulkSmart Devices, Dumb ResetsMac PRT Cookie Theft====== Timestamps ======(00:00:00) Introduction(00:10:10) Prompt. Scan. Exploit(00:23:52) Breaking into thousands of cloud based VPNs with 1 bug(00:33:25) Access Control Vulns in GraphQL, Smart Bus Hacking, & Passkeys Pwned(00:44:10) Bypassing Intent Destination Checks & Invoking Gemini Agents(00:57:08) DOM Clobbering, Mac PRT Cookie Theft, & Smart Devices, Dumb Resets

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
SANS Stormcast Wednesday, October 29th, 2025: Invisible Subject Character Phishing; Tomcat PUT Vuln; BIND9 Spoofing Vuln PoC

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Play Episode Listen Later Oct 29, 2025 8:04


Phishing with Invisible Characters in the Subject Line Phishing emails use invisible UTF-8 encoded characters to break up keywords used to detect phishing (or spam). This is aided by mail clients not rendering some characters that should be rendered. https://isc.sans.edu/diary/A%20phishing%20with%20invisible%20characters%20in%20the%20subject%20line/32428 Apache Tomcat PUT Directory Traversal Apache released an update to Tomcat fixing a directory traversal vulnerability in how the PUT method is used. Exploits could upload arbitrary files, leading to remote code execution. https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog BIND9 DNS Spoofing Vulnerability A PoC exploit is now available for the recently patched BIND9 spoofing vulnerability https://gist.github.com/N3mes1s/f76b4a606308937b0806a5256bc1f918

Rustacean Station
What's New in Rust 1.81 through 1.84

Rustacean Station

Play Episode Listen Later Oct 29, 2025 123:14


Jon and Ben discuss the highlights of the 1.81 through 1.84 releases of Rust. This episode was recorded as part of a YouTube live stream on 2025-10-26, which you can still watch. Contributing to Rustacean Station Rustacean Station is a community project; get in touch with us if you'd like to suggest an idea for an episode or offer your services as a host or audio editor! Twitter: @rustaceanfm Discord: Rustacean Station Github: @rustacean-station Email: hello@rustacean-station.org Timestamps & referenced resources [@01:58] - Rust 1.81 [@02:05] - core::error::Error Tracking issue for generic member access build-std Rust project goal [@08:27] - New sort implementations PR implementing the change Repo with the research [@10:49] - #[expect(lint)] [@14:37] - Lint reasons [@16:18] - Stabilized APIs [@16:34] - Duration::abs_diff [@17:25] - hint::assert_unchecked [@22:36] - fs::exists [@25:37] - Compatibility notes [@20:40] - Split panic hook and panic handler arguments [@23:00] - Abort on uncaught panics in extern "C" functions [@27:01] - WASI 0.1 target naming changed [@30:10] - Fix for CVE-2024-43402 CVE announcement [@33:39] - Rust 1.82 [@33:39] - cargo info [@35:06] - Apple target promotions Platform support tiers [@40:10] - Precise capturing use syntax The Captures “trick” Talk on impl Trait [@47:24] - Native syntax for creating a raw pointer Pointers Are Complicated Pointers Are Complicated II Pointers Are Complicated III [@53:43] - Safe items with unsafe extern [@59:32] - Unsafe attributes [@1:03:44] - Omitting empty types in pattern matching The never type [@1:11:33] - Floating-point NaN semantics and const [@1:17:41] - Constants as assembly immediates [@1:19:06] - Safely addressing unsafe statics [@1:22:56] - Stabilized APIs [@1:23:03] - thread::Builder::spawn_unchecked [@1:25:10] - Working with MaybeUninit [@1:25:48] - Exposed SIMD intrinsics [@1:26:14] - Changelog deep-dive [@1:26:26] - Rewrite binary search implementation [@1:27:30] - Rust 1.83 [@1:27:55] - New const capabilities [@1:31:50] - Stabilized APIs [@1:32:06] - New io::ErrorKind variants [@1:33:10] - Option::get_or_insert_default [@1:34:56] - char::MIN [@1:35:48] - Changelog deep-dive [@1:35:48] - Unicode 16 Emoji [@1:39:51] - Sysroot trim-paths [@1:41:31] - cargo update informs of outdated versions [@1:42:43] - cargo --timings dark mode [@1:43:15] - Checksum-based freshness in Cargo nightly [@1:44:26] - Rust 1.84 [@1:44:40] - Cargo considers Rust version for dependency version selection [@1:49:03] - Migration to the new trait solver begins [@1:51:47] - Strict provenance APIs Pointers Are Complicated Pointers Are Complicated II Pointers Are Complicated III Rust has provenance Gankra's write-up on raw pointer design Strict provenance APIs tracking issue [@1:57:53] - Stabilized APIs [@1:57:58] - ::isqrt [@1:58:15] - core::ptr::dangling [@1:59:15] - Changelog deep-dive [@1:59:15] - Include Cargo.lock in published crates [@2:00:12] - wasm32-wasi target removed [@2:01:06] - &raw *invalid_ptr is fine Credits Intro Theme: Aerocity Audio Editing: synchis Hosting Infrastructure: Jon Gjengset Show Notes: Jon Gjengset Hosts: Jon Gjengset and Ben Striegel

The CyberWire
The SMB slip-up.

The CyberWire

Play Episode Listen Later Oct 21, 2025 28:59


CISA warns a Windows SMB privilege escalation flaw is under Active exploitation. Microsoft issues an out of band fix for a WinRE USB input failure. Nation state hackers had long term access to F5. Envoy Air confirms it was hit by the zero-day in Oracle's E-Business Suite. A nonprofit hospital system in Massachusetts suffers a cyberattack. Russian's COLDRiver group rapidly retools its malware arsenal. GlassWorm malware hides malicious logic with invisible Unicode characters. European authorities dismantle a large-scale Latvian SIM farm operation. Myanmar's military raids a notorious cybercrime hub. Josh Kamdjou, from Sublime Security discusses how teams should get ahead of Scattered Spider's next move. Eagle Scouts are soaring into cyberspace. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Josh Kamdjou, CEO and co-founder of Sublime Security and former DOD white hat hacker, is discussing how teams should get ahead of Scattered Spider's next move. Selected Reading CISA warns of active exploitation of Windows SMB privilege escalation flaw (Beyond Machines) Windows 11 KB5070773 emergency update fixes Windows Recovery issues (Bleeping Computer) Hackers Had Been Lurking in Cyber Firm F5 Systems Since 2023 (Bloomberg) Envoy Air (American Airlines) Confirms Oracle EBS 0-Day Breach Linked to Cl0p (Hackread) Cyberattack Disrupts Services at 2 Massachusetts Hospitals (BankInfo Security) Russian Coldriver Hackers Deploy New ‘NoRobot' Malware (Infosecurity Magazine) Self-spreading GlassWorm malware hits OpenVSX, VS Code registries (Bleeping Computer) Police Shutter SIM Farm Provider in Latvia, Bust 7 Suspects (Data Breach Today) Myanmar Military Shuts Down Major Cybercrime Center and Detains Over 2,000 People (SecurityWeek) Scouts will now be able to earn badges in AI and cybersecurity (CNN Business) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Real Estate Coaching Radio
9 Smart Ways Agents Use ChatGPT to Sell More Homes

Real Estate Coaching Radio

Play Episode Listen Later Aug 18, 2025 36:57


Welcome back to America's #1 Daily Podcast,  featuring America's #1 Real Estate Coaches and Top EXP Realty Sponsors in the World, Tim and Julie Harris. Ready to become an EXP Realty Agent and join Tim and Julie Harris?  Visit: https://whylibertas.com/harris or text Tim directly at 512-758-0206. ******************* 2025's Real Estate Rollercoaster: Dodge the Career-Killers with THIS Mastermind!

Critical Thinking - Bug Bounty Podcast
Episode 135: Akamai's Ryan Barnett on WAFs, Unicode Confusables, and Triage Stories

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Aug 14, 2025 86:21


Episode 135: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Ryan Barnett for a deep dive on WAFs. We also recap his Exploiting Unicode Normalization talk from DEFCON, and get his perspective on bug hunting from his time at Akamai. Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor - ThreatLocker. Checkout ThreatLocker Detect! https://www.criticalthinkingpodcast.io/tl-detectToday's Guest: https://x.com/ryancbarnett====== Resources ======Accidental Stored XSS Flaw in Zemanta 'Related Posts' Plugin for TypePadhttps://webappdefender.blogspot.com/2013/04/accidental-stored-xss-flaw-in-zemanta.htmlXSS Street-Fighthttps://media.blackhat.com/bh-dc-11/Barnett/BlackHat_DC_2011_Barnett_XSS%20Streetfight-Slides.pdfBlackhat USA 2025 - Lost in Translation: Exploiting Unicode Normalizationhttps://www.blackhat.com/us-25/briefings/schedule/#lost-in-translation-exploiting-unicode-normalization-44923====== Timestamps ======(00:00:00) Introduction(00:02:49) Accidental Stored XSS in Typepad Plugin (00:06:34) Chatscatter & Abusing third party Analytics(00:11:42) Ryan Barnett Introduction(00:21:11) Virtual Patching & WAF Challenges(00:40:39) AWS API Gateways & Whitelisting Bug Hunter Traffic(00:49:59) Lost in Translation: Exploiting Unicode Normalization(01:11:29) CSPs at the WAF level & 'Bounties for Bypass'

Software Defined Talk
Episode 530: His proper name is Sasquatch

Software Defined Talk

Play Episode Listen Later Jul 25, 2025 47:37


This week, we cover AI going rogue, Cloudflare declaring independence, and the secure container craze. Plus, Matt bravely judges 9 new emoji. Watch the YouTube Live Recording of Episode (https://www.youtube.com/live/lRlWChvJ_m8?si=cZJ-0kzBrEH5ERZh) 530 (https://www.youtube.com/live/lRlWChvJ_m8?si=cZJ-0kzBrEH5ERZh) Runner-up Titles VP of getting it on Neutral trombone Good Margin Independent from what? The New Benevolence I have plenty of cynicism for other things Rundown Emojis Australian Bigfoot (https://en.wikipedia.org/wiki/Yowie) Unicode's new emoji refuses to put respect on Bigfoot's name (https://www.engadget.com/mobile/unicodes-new-emoji-refuses-to-put-respect-on-bigfoots-name-184412935.html) Matt's Rankings: Hairy Creature Trombone Treasure Chest Fight Cloud Orca Landslide Apple Core Ballet Dancers Distorted Face AI coding platform goes rogue during code freeze and deletes entire company database — Replit CEO apologizes after AI engine says it 'made a catastrophic error in judgment' and 'destroyed all production data' (https://www.tomshardware.com/tech-industry/artificial-intelligence/ai-coding-platform-goes-rogue-during-code-freeze-and-deletes-entire-company-database-replit-ceo-apologizes-after-ai-engine-says-it-made-a-catastrophic-error-in-judgment-and-destroyed-all-production-data) Cloudflare Cloudflare 1.1.1.1 Incident on July 14, 2025 (https://blog.cloudflare.com/cloudflare-1-1-1-1-incident-on-july-14-2025/) Content Independence Day: no AI crawl without compensation! (https://blog.cloudflare.com/content-independence-day-no-ai-crawl-without-compensation/) Accidental Tech Podcast: 649: Prove It With Cameras (https://atp.fm/649) Anubis Web AI Firewall (https://github.com/TecharoHQ/anubis) Announcing Model Context Protocol (MCP) Server for AWS Price List (https://aws.amazon.com/about-aws/whats-new/2025/07/model-context-protocol-server-price-list/) Chainguard builds a market, everyone else wants in. (https://redmonk.com/jgovernor/2025/07/18/chainguard-builds-a-market-everyone-else-wants-in/) Bitnami Secure Images (https://github.com/bitnami/charts/issues/35164) Relevant to your Interests Browser extensions turn Trojan and infect 2.3 million Chrome and Edge users (https://cybernews.com/security/chrome-edge-hijacked-by-eighteen-malicious-extensions/) Code was the least interesting part of my multi-agent app, and here's what that means to me (https://seroter.com/2025/07/17/code-was-the-least-interesting-part-of-my-multi-agent-app-and-heres-what-that-means-to-me/) Dell employees are not OK (https://www.yahoo.com/news/dell-employees-not-ok-135038218.html) How Uber Became A Cash-Generating Machine (https://len-sherman.medium.com/how-uber-became-a-cash-generating-machine-ef78e7a97230) Clouded Judgement 7.18.25 - The Return of the Point Solution (https://cloudedjudgement.substack.com/p/clouded-judgement-71825-the-return?utm_source=post-email-title&publication_id=56878&post_id=168595292&utm_campaign=email-post-title&isFreemail=true&r=2l9&triedRedirect=true&utm_medium=email) Mid-Year 2025 CNCF Open Source Project Velocity (https://www.cncf.io/blog/2025/07/18/a-mid-year-2025-look-at-cncf-linux-foundation-and-the-top-30-open-source-projects/) new Date("wtf") (https://jsdate.wtf/) Intel axes Clear Linux, the fastest distribution on the market — company ends support, effective immediately (https://www.tomshardware.com/software/linux/intel-axes-clear-linux-the-fastest-distribution-on-the-market-company-ends-support-effective-immediately) The Epic Battle for AI Talent—With Exploding Offers, Secret Deals and Tears (https://www.wsj.com/tech/ai/meta-ai-recruiting-mark-zuckerberg-sam-altman-140d5861?st=pBmtib&reflink=article_copyURL_share) Cursor snaps up enterprise startup Koala in challenge to GitHub Copilot (https://techcrunch.com/2025/07/18/cursor-snaps-up-enterprise-startup-koala-in-challenge-to-github-copilot/) Lovable becomes a unicorn with $200M Series A just 8 months after launch (https://techcrunch.com/2025/07/17/lovable-becomes-a-unicorn-with-200m-series-a-just-8-months-after-launch/) Apple details how it trained its new AI models, see highlights (https://9to5mac.com/2025/07/21/apple-details-how-it-trained-its-new-ai-models-4-interesting-highlights/) Instacart's former CEO is taking the reins of a big chunk of OpenAI (https://www.theverge.com/openai/710836/instacarts-former-ceo-is-taking-the-reins-of-a-big-chunk-of-openai) The Enshittification of American Power (https://www.wired.com/story/enshittification-of-american-power/) Customer guidance for SharePoint vulnerability CVE-2025-53770 (https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/) Mike Lynch's Estate Ordered to Pay Hewlett Packard $945 Million (https://www.nytimes.com/2025/07/22/business/dealbook/mike-lynch-hp.html) OpenAI announces ChatGPT agent for web browsing (https://mashable.com/article/openai-announces-chatgpt-agent-web-browsing) OpenAI's new ChatGPT Agent can control an entire computer and do tasks for you (https://www.theverge.com/ai-artificial-intelligence/709158/openai-new-release-chatgpt-agent-operator-deep-research) ChatGPT Numbers (https://www.threads.com/@axios/post/DMXssSjuHax?xmt=AQF0UNyFv8CGZkBsSBbi7XWeXnW67U-Y-ZWQEwDod8lyhA) Move Mesos to the Attic (https://lists.apache.org/list.html?dev@mesos.apache.org) Anthropic hired back two of its employees — just two weeks after they left for a competitor. (https://www.theverge.com/ai-artificial-intelligence/708521/anthropic-hired-back-two-of-its-employees-just-two-weeks-after-they-left-for-a-competitor) Investors Float Deal Valuing Anthropic at More Than $100 Billion (https://www.theinformation.com/articles/investors-float-deal-valuing-anthropic-100-billion) Nonsense Coldplay's Kiss Cam Exposes Astronomer's CEO Andy Byron Alleged Affair With HR Chief Kristin Cabot (https://www.yahoo.com/entertainment/articles/coldplay-kiss-cam-exposes-astronomer-142620411.html) Unicode's new emoji refuses to put respect on Bigfoot's name (https://www.engadget.com/mobile/unicodes-new-emoji-refuses-to-put-respect-on-bigfoots-name-184412935.html) Atari Is Re-Releasing Its 2600+ To Celebrate Pac-Man's 45th Birthday (https://www.timeextension.com/news/2025/07/atari-is-re-releasing-its-2600plus-to-celebrate-pac-mans-45th-birthday) Conferences Sydney Wizdom Meet-Up (https://www.wiz.io/events/sydney-wizdom-meet-up-aug-2025), Sydney, August 7. Matt will be there. SpringOne (https://www.vmware.com/explore/us/springone?utm_source=organic&utm_medium=social&utm_campaign=cote), Las Vegas, August 25th to 28th, 2025. See Coté's pitch (https://www.youtube.com/watch?v=f_xOudsmUmk). Explore 2025 US (https://www.vmware.com/explore/us?utm_source=organic&utm_medium=social&utm_campaign=cote), Las Vegas, August 25th to 28th, 2025. See Coté's pitch (https://www.youtube.com/shorts/-COoeIJcFN4). Wiz Capture the Flag (https://www.wiz.io/events/capture-the-flag-brisbane-august-2025), Brisbane, August 26. Matt will be there. SREDay London (https://sreday.com/2025-london-q3/), Coté speaking, September 18th and 19th. Civo Navigate London (https://www.civo.com/navigate/london/2025), Coté speaking, September 30th. Texas Linux Fest (https://2025.texaslinuxfest.org), Austin, October 3rd to 4th. CFP closes August 3rd (https://www.papercall.io/txlf2025). CF Day EU (https://events.linuxfoundation.org/cloud-foundry-day-europe/), Frankfurt, October 7th, 2025. AI for the Rest of Us (https://aifortherestofus.live/london-2025), Coté speaking, October 15th to 16th, London. SDT News & Community Join our Slack community (https://softwaredefinedtalk.slack.com/join/shared_invite/zt-1hn55iv5d-UTfN7mVX1D9D5ExRt3ZJYQ#/shared-invite/email) Email the show: questions@softwaredefinedtalk.com (mailto:questions@softwaredefinedtalk.com) Free stickers: Email your address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) Follow us on social media: Twitter (https://twitter.com/softwaredeftalk), Threads (https://www.threads.net/@softwaredefinedtalk), Mastodon (https://hachyderm.io/@softwaredefinedtalk), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com) Watch us on: Twitch (https://www.twitch.tv/sdtpodcast), YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured), Instagram (https://www.instagram.com/softwaredefinedtalk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk) Book offer: Use code SDT for $20 off "Digital WTF" by Coté (https://leanpub.com/digitalwtf/c/sdt) Sponsor the show (https://www.softwaredefinedtalk.com/ads): ads@softwaredefinedtalk.com (mailto:ads@softwaredefinedtalk.com) Recommendations Brandon: Magic Keyboard with Touch ID and Numeric Keypad for Mac (https://www.apple.com/shop/product/MXK83LL/A/magic-keyboard-with-touch-id-and-numeric-keypad-for-mac-models-with-apple-silicon-usb-c-us-english-black-keys?fnode=9586aab2077eb774c28648c4795309d1121a0be316d0cef51e8ecb4f03f94a17a88ca466c99d3d3ce977c5a3933a01e4a9d465d8c36e6a9db43dcd2fdd97c814f69fee0a947209242f7e16f10d07223c5fa2dd831c66ffc4bca1a0c99c10f58ec0b7562aa4f1a834e276771b7ef3bfa8&fs=f%3Dkeyboard%26fh%3D36f4%252B4603) Matt: Spirited (https://www.imdb.com/title/tt1524415/) Photo Credits Header (https://unsplash.com/photos/a-statue-of-a-gorilla-sitting-on-top-of-a-wooden-bench-p9uwu_LDmoc)

Critical Thinking - Bug Bounty Podcast
Episode 132: Archive Testing Methodology with Mathias Karlsson

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Jul 24, 2025 109:32


Episode 132: In this episode of Critical Thinking - Bug Bounty Podcast, Justin Gardner is joined by Mathias Karlsson to discuss vulnerabilities associated with archives. They talk about his new tool, Archive Alchemist, and explore topics like the significance of Unicode paths, symlinks, and TAR before they end up talking about Charsets again..Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord!You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: ThreatLocker - Patch ManagementToday's Guest: Mathias Karlsson====== This Week in Bug Bounty ======Swiss Post's 2025 Public Intrusion Test starts on July 28Intigriti teams with NVIDIABugcrowd Ingenuity AwardsHack the Hacker Series - AI Vulnerabilities and Bug BountiesA Novel Technique for SQL Injection in PDO's Prepared StatementsHow We Accidentally Discovered a Remote Code Execution Vulnerability in ETQ Reliance====== Resources ======Archive AlchemistHacking Livestream #53: The ZIP file format====== Timestamps ======(00:00:00) Introduction(00:10:04) Archive Alchemist(00:36:05) Unicode Extensions, normalization, and confusion attacks on Zip parsers(00:48:44) Character Sets(01:01:49) 7zip & File Names (01:06:44) Path Traversal, Symlinks & Identifying Techniques(01:36:05) Hardlinks and TAR

Connected
562: Tech Boomers

Connected

Play Episode Listen Later Jul 23, 2025 79:25


Wed, 23 Jul 2025 20:15:00 GMT http://relay.fm/connected/562 http://relay.fm/connected/562 Tech Boomers 562 Federico Viticci, Stephen Hackett, and Myke Hurley With Beta 4, Liquid Glass is back in a big way, and the guys have feelings about it. With Beta 4, Liquid Glass is back in a big way, and the guys have feelings about it. clean 4765 With Beta 4, Liquid Glass is back in a big way, and the guys have feelings about it. This episode of Connected is sponsored by: Ecamm: Powerful live streaming platform for Mac. Get one month free. Links and Show Notes: Get Connected Pro: Preshow, postshow, no ads. Submit Feedback Deflexmobile Specialty License Plates in TN Opportunity Knocks – The Enthusiast The Unicode Blog:

Relay FM Master Feed
Connected 562: Tech Boomers

Relay FM Master Feed

Play Episode Listen Later Jul 23, 2025 79:25


Wed, 23 Jul 2025 20:15:00 GMT http://relay.fm/connected/562 http://relay.fm/connected/562 Federico Viticci, Stephen Hackett, and Myke Hurley With Beta 4, Liquid Glass is back in a big way, and the guys have feelings about it. With Beta 4, Liquid Glass is back in a big way, and the guys have feelings about it. clean 4765 With Beta 4, Liquid Glass is back in a big way, and the guys have feelings about it. This episode of Connected is sponsored by: Ecamm: Powerful live streaming platform for Mac. Get one month free. Links and Show Notes: Get Connected Pro: Preshow, postshow, no ads. Submit Feedback Deflexmobile Specialty License Plates in TN Opportunity Knocks – The Enthusiast The Unicode Blog:

Manzanas Enfrentadas
MI 142. Bombazo! Nuevos Emoji en iOS26 ;)

Manzanas Enfrentadas

Play Episode Listen Later Jul 18, 2025 6:15


En el Manzanas Informadas de hoy Viernes 18 de Julio, vamos a analizar las últimas noticias. Y las más importante con diferencia es el bombazo confirmado por Unicode. En iOS26 tendremos nuevos emojis.Junto a esta, otras noticias de menor calado, el futuro iPhold compartirá tecnología de pantalla con el próximo Samsung Fold 8. Un nuevo color desvelado para el futuro iPhone 17 Pro hará las delicias de los fan del Liquid Glass.Y para finalizar, una noticia para jugones. Cybepunk 2077 ya está disponible para Mac. Si bien la tendremos en disponible todos los Mac con Apple Silicon, será imprescindible que dispongan de un mínimo de 16gb de RAM.Finalizamos la semana de MI y rematamos el fin de semana con nuestro MERO y el Manzanas Enfrentadas 7 de /, lo tenemos!!!

GREY Journal Daily News Podcast
What Does Bigfoot Have to Do with Your Emoji Keyboard?

GREY Journal Daily News Podcast

Play Episode Listen Later Jul 17, 2025 2:29


The Unicode Consortium previewed new emoji, including a Bigfoot icon, set for release with Unicode 17.0 in spring 2026. The update will also add icons such as an apple core, ballet dancers, distorted face, fight cloud, orca, treasure chest, and trombone. The emoji creation process involves design reviews and technical assessments before approval. Apple launched an emoji word game for Apple News Plus subscribers, and Emojipedia relaunched EmojiTracker.com to track emoji usage. Businesses can use new emoji for digital engagement and marketing.Learn more on this news by visiting us at: https://greyjournal.net/news/ Hosted on Acast. See acast.com/privacy for more information.

apple businesses acast bigfoot emoji keyboard unicode emojipedia apple news plus unicode consortium
Hacker Public Radio
HPR4417: Newest matching file

Hacker Public Radio

Play Episode Listen Later Jul 8, 2025


This show has been flagged as Explicit by the host. Overview Several years ago I wrote a Bash script to perform a task I need to perform almost every day - find the newest file in a series of files. At this point I was running a camera on a Raspberry Pi which was attached to a window and viewed my back garden. I was taking a picture every 15 minutes, giving them names containing the date and time, and storing them in a directory. It was useful to be able to display the latest picture. Since then, I have found that searching for newest files useful in many contexts: Find the image generated by my random recipe chooser, put in the clipboard and send it to the Telegram channel for my family. Generate a weather report from wttr.in and send it to Matrix. Find the screenshot I just made and put it in the clipboard. Of course, I could just use the same name when writing these various files, rather than accumulating several, but I often want to look back through such collections. If I am concerned about such files accumulating in an unwanted way I write cron scripts which run every day and delete the oldest ones. Original script The first iteration of the script was actually written as a Bash function which was loaded at login time. The function is called newest_matching_file and it takes two arguments: A file glob expression to match the file I am looking for. An optional directory to look for the file. If this is omitted, then the current directory will be used. The first version of this function was a bit awkward since it used a for loop to scan the directory, using the glob pattern to find the file. Since Bash glob pattern searches will return the search pattern when they fail, it was necessary to use the nullglob (see references) option to prevent this, turning it on before the search and off afterwards. This technique was replaced later with a pipeline using the find command. Improved Bash script The version using find is what I will explain here. function newest_matching_file { local glob_pattern=${1-} local dir=${2:-$PWD} # Argument number check if [[ $# -eq 0 || $# -gt 2 ]]; then echo 'Usage: newest_matching_file GLOB_PATTERN [DIR]' >&2 return 1 fi # Check the target directory if [[ ! -d $dir ]]; then echo "Unable to find directory $dir" >&2 return 1 fi local newest_file # shellcheck disable=SC2016 newest_file=$(find "$dir" -maxdepth 1 -name "$glob_pattern" \ -type f -printf "%T@ %p\n" | sort | sed -ne '${s/.\+ //;p}') # Use printf instead of echo in case the file name begins with '-' [[ -n $newest_file ]] && printf '%s\n' "$newest_file" return 0 } The function is in the file newest_matching_file_1.sh , and it's loaded ("sourced", or declared) like this: . newest_matching_file_1.sh The '.' is a short-hand version of the command source . I actually have two versions of this function, with the second one using a regular expression, which the find command is able to search with, but I prefer this one. Explanation The first two lines beginning with local define variables local to the function holding the arguments. The first, glob_pattern is expected to contain something like screenshot_2025-04-*.png . The second will hold the directory to be scanned, or if omitted, will be set to the current directory. Next, an if statement checks that there are the right number of arguments, aborting if not. Note that the echo command writes to STDERR (using '>&2' ), the error channel. Another if statement checks that the target directory actually exists, and aborts if not. Another local variable newest_file is defined. It's good practice not to create global variables in functions since they will "leak" into the calling environment. The variable newest_file is set to the result of a command substitution containing a pipeline: The find command searches the target directory. Using -maxdepth 1 limits the search to the chosen directory and does not descend into sub-directories. The search pattern is defined by -name "$glob_pattern" Using -type f limits the search to files The -printf "%T@ %p\n" argument returns the file's last modification time as the number of seconds since the Unix epoch '%T@' . This is a number which is larger if the file is older. This is followed, after a space, by the full path to the file ( '%p' ), and a newline. The matching file names are sorted. Because each is preceded by a numeric time value, they will be sorted in ascending order of age. Finally sed is used to return the last file in the sorted list with the program '${s/.\+ //;p}' : The use of the -n option ensures that only lines which are explicitly printed will be shown. The sed program looks for the last line (using '$' ). When found the leading numeric time is removed with ' s/.\+ //' and the result is printed (with 'p' ). The end result will either be the path to the newest file or nothing (because there was no match). The expression '[[ -n $newest_file ]]' will be true if $newest_file variable is not empty, and if that is the case, the contents of the variable will be printed on STDOUT, otherwise nothing will be printed. Note that the script returns 1 (false) if there is a failure, and 0 (true) if all is well. A null return is regarded as success. Script update While editing the audio for this show I realised that there is a flaw in the Bash function newest_matching_file . This is in the sed script used to process the output from find . The sed commands used in the script delete all characters up to a space, assuming that this is the only space in the last line. However, if the file name itself contains spaces, this will not work because regular expressions in sed are greedy . What is deleted in this case is everything up to and including the last space. I created a directory called tests and added the following files: 'File 1 with spaces.txt' 'File 2 with spaces.txt' 'File 3 with spaces.txt' I then ran the find command as follows: $ find tests -maxdepth 1 -name 'File*' -type f -printf "%T@ %p\n" | sort | sed -ne '${s/.\+ //;p}' spaces.txt I adjusted the sed call to sed -ne '${s/[^ ]\+ //;p}' . This uses the regular expression: s/[^ ]\+ // This now specifies that what it to be removed is every non-space up to and including the first space. The result is: $ find tests -maxdepth 1 -name 'File*' -type f -printf "%T@ %p\n" | sort | sed -ne '${s/[^ ]\+ //;p}' tests/File 3 with spaces.txt This change has been propagated to the copy on GitLab . Usage This function is designed to be used in commands or other scripts. For example, I have an alias defined as follows: alias copy_screenshot="xclip -selection clipboard -t image/png -i \$(newest_matching_file 'Screenshot_*.png' ~/Pictures/Screenshots/)" This uses xclip to load the latest screenshot into the clipboard, so I can paste it into a social media client for example. Perl alternative During the history of this family of scripts I wrote a Perl version. This was originally because the Bash function gave problems when run under the Bourne shell, and I was using pdmenu a lot which internally runs scripts under that shell. #!/usr/bin/env perl use v5.40; use open ':std', ':encoding(UTF-8)'; # Make all IO UTF-8 use Cwd; use File::Find::Rule; # # Script name # ( my $PROG = $0 ) =~ s|.*/||mx; # # Use a regular expression rather than a glob pattern # my $regex = shift; # # Get the directory to search, defaulting to the current one # my $dir = shift // getcwd(); # # Have to have the regular expression # die "Usage: $PROG regex [DIR]\n" unless $regex; # # Collect all the files in the target directory without recursing. Include the # path and let the caller remove it if they want. # my @files = File::Find::Rule->file() ->name(qr/$regex/) ->maxdepth(1) ->in($dir); die "Unsuccessful search\n" unless @files; # # Sort the files by ascending modification time, youngest first # @files = sort {-M($a) -M($b)} @files; # # Report the one which sorted first # say $files[0]; exit; Explanation This is fairly straightforward Perl script, run out of an executable file with a shebang line at the start indicating what is to be used to run it - perl . The preamble defines the Perl version to use, and indicates that UTF-8 (character sets like Unicode) will be acceptable for reading and writing. Two modules are required: Cwd : provides functions for determining the pathname of the current working directory. File::Find::Rule : provides tools for searching the file system (similar to the find command, but with more features). Next the variable $PROG is set to the name under which the script has been invoked. This is useful when giving a brief summary of usage. The first argument is then collected (with shift ) and placed into the variable $regex . The second argument is optional, but if omitted, is set to the current working directory. We see the use of shift again, but if this returns nothing (is undefined), the '//' operator invokes the getcwd() function to get the current working directory. If the $regex variable is not defined, then die is called to terminate the script with an error message. The search itself is invoked using File::Find::Rule and the results are added to the array @files . The multi-line call shows several methods being called in a "chain" to define the rules and invoke the search: file() : sets up a file search name(qr/$regex/) : a rule which applies a regular expression match to each file name, rejecting any that do not match maxdepth(1) : a rule which prevents the search from descending below the top level into sub-directories in($dir) : defines the directory to search (and also begins the search) If the search returns no files (the array is empty), the script ends with an error message. Otherwise the @files array is sorted. This is done by comparing modification times of the files, with the array being reordered such that the "youngest" (newest) file is sorted first. The operator checks if the value of the left operand is greater than the value of the right operand, and if yes then the condition becomes true. This operator is most useful in the Perl sort function. Finally, the newest file is reported. Usage This script can be used in almost the same way as the Bash variant. The difference is that the pattern used to match files is a Perl regular expression. I keep this script in my ~/bin directory, so it can be invoked just by typing its name. I also maintain a symlink called nmf to save typing! The above example, using the Perl version, would be: alias copy_screenshot="xclip -selection clipboard -t image/png -i \$(nmf 'Screenshot_.*\.png' ~/Pictures/Screenshots/)" In regular expressions '.*' means "any character zero or more times". The '.' in '.png' is escaped because we need an actual dot character. Conclusion The approach in both cases is fairly simple. Files matching a pattern are accumulated, in the Bash case including the modification time. The files are sorted by modification time and the one with the lowest time is the answer. The Bash version has to remove the modification time before printing. This algorithm could be written in many ways. I will probably try rewriting it in other languages in the future, to see which one I think is best. References Glob expansion: Wikipedia article on glob patterns HPR shows covering glob expansion: Finishing off the subject of expansion in Bash (part 1) Finishing off the subject of expansion in Bash (part 2) GitLab repository holding these files: hprmisc - Miscellaneous scripts, notes, etc pertaining to HPR episodes which I have contributed Provide feedback on this episode.

Remote Ruby
Adventures with Puny Code and Other Programming Puzzles

Remote Ruby

Play Episode Listen Later Jun 27, 2025 46:47


In this episode of Remote Ruby, Chris and Andrew chat through everything from extreme summer heat, tornadoes, and driving habits, to browser quirks, Unicode bugs, Punycode, and the intricacies of building and maintaining rich text editors. Their conversation drifts into developer tools like Tiptap and Lexical, accessibility issues, browser rendering oddities, and even some personal stories involving cooking fails and skateboarding injuries. Hit download now to hear more! LinksJudoscale- Remote Ruby listener giftThe Sad Story Of The Unicode Snowman (Hacker News, Dec 23, 2010)TiptapLexicalPunycodeHoneybadgerHoneybadger is an application health monitoring tool built by developers for developers.JudoscaleMake your deployments bulletproof with autoscaling that just works.Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. Chris Oliver X/Twitter Andrew Mason X/Twitter Jason Charnes X/Twitter

Software Defined Talk
Episode 520: Excited is overused

Software Defined Talk

Play Episode Listen Later May 23, 2025 63:37


Excited is overused This week, we recap Microsoft Build, Google I/O, and Java turning 30. Plus, more Vegemite talk and a discussion on whether tech presenters really need to tell us they're “excited.” Watch the YouTube Live Recording of Episode (https://www.youtube.com/live/4ar2nzlx3gw?si=pee9R6HbHN06etA2) 520 (https://www.youtube.com/live/4ar2nzlx3gw?si=pee9R6HbHN06etA2) Runner-up Titles We all need choices Vegans are against everything The problem is you shouldn't be watching keynotes You're giving the black box too much responsibility What are you going to do? Some more stuff they announced that I don't want They're excited about that Hopefully people are excited about that I'm happy for you I want to like it Nerd famous Can you just fix calendaring? It's too much I'm not going back to Java Rundown Will Matt try marmalade with his Vegemite for the full PBJ analogue. (https://bsky.app/profile/thescarletmanuka.bsky.social/post/3lpdioobdek27) MSFT Build Microsoft Build 2025: news and announcements from the developer conference (https://www.theverge.com/news/669382/microsoft-build-2025-news-ai-agents) Microsoft announces over 50 AI tools to build the ‘agentic web' at Build 2025 (https://venturebeat.com/ai/microsoft-announces-over-50-ai-tools-to-build-the-agentic-web-at-build-2025/) Findings from Microsoft's 3-week study on Copilot use (https://newsletter.getdx.com/p/microsoft-3-week-study-on-copilot-impact) Microsoft open sources Windows Subsystem for Linux (https://www.theregister.com/2025/05/19/microsoft_wsl_open_source/) Google I/O Everything announced at the Google I/O 2025 keynote (https://www.engadget.com/ai/everything-announced-at-the-google-io-2025-keynote-171514495.html?guccounter=1&guce_referrer=aHR0cHM6Ly9uZXdzLmdvb2dsZS5jb20v&guce_referrer_sig=AQAAAIewjPeuiVydyPgPtFxJyD7lYSE7rAY-BFM7JxN5AHvJvH_NrHmCURfrSuBK4HmB700OTDoGERdfPyB77mCb8_225GPcoppCXG4dl_bgGOA9j4E5Fprl_nUD__-69yEG5-W7vmXISAdJC2kBU3MSZErnX1TuyR1_gKfb5Hx_OdRs) Android XR is getting stylish partners in Warby Parker and Gentle Monster (https://www.theverge.com/google-io/670013/android-xr-warby-parker-gentle-monster-smart-glassesi-io-2025) Jules - An Asynchronous Coding Agent (https://jules.google/) Google Embraces MCP (https://thenewstack.io/google-embraces-mcp/?link_source=ta_bluesky_link&taid=682cf46509703200019ca4f3&utm_campaign=trueanthem&utm_medium=social&utm_source=bluesky) iOS 19 Will Let Developers Use Apple's AI Models in Their Apps (https://www.macrumors.com/2025/05/20/ios-19-apple-ai-models-developers/) NEW Claude MCP AI Super Agents (https://x.com/juliangoldieseo/status/1924148362653348232?s=46&t=zgzybiDdIcGuQ_7WuoOX0A) AWS Launches Its Take on an Open Source AI Agents SDK (https://thenewstack.io/aws-launches-its-take-on-an-open-source-ai-agents-sdk/) Java at 30: The Genius Behind the Code That Changed Tech (https://thenewstack.io/java-at-30-the-genius-behind-the-code-that-changed-tech/) Relevant to your Interests If AI is so good at coding … where are the open source contributions? (https://pivot-to-ai.com/2025/05/13/if-ai-is-so-good-at-coding-where-are-the-open-source-contributions/) Y Combinator says Google is a ‘monopolist' that has ‘stunted' the startup ecosystem (https://techcrunch.com/2025/05/13/y-combinator-says-google-is-a-monopolist-that-has-stunted-the-startup-ecosystem) Coinbase says customers' personal information stolen in data breach (https://techcrunch.com/2025/05/15/coinbase-says-customers-personal-information-stolen-in-data-breach/) DataBricks interview about Neon (https://www.axios.com/newsletters/axios-pro-rata-a6f0b4f0-fe7f-412f-bf4b-5978de02d604.html?chunk=1&utm_term=emshare#story1) OpenAI launches Codex, an AI coding agent, in ChatGPT (https://techcrunch.com/2025/05/16/openai-launches-codex-an-ai-coding-agent-in-chatgpt/) CarPlay Ultra, the next generation of CarPlay, begins rolling out today (https://www.apple.com/newsroom/2025/05/carplay-ultra-the-next-generation-of-carplay-begins-rolling-out-today/) Meta argues enshittification isn't real in bid to toss FTC monopoly case (https://arstechnica.com/tech-policy/2025/05/meta-says-no-proof-of-monopoly-power-wants-ftc-case-dismissed-mid-trial/) When Open Source Isn't: How OpenRewrite Lost Its Way (https://medium.com/@jonathan.leitschuh/when-open-source-isnt-how-openrewrite-lost-its-way-642053be287d) Wiz 2.0? Cyera's meteoric $6B valuation is turning heads across the cyber world | CTech (https://www.calcalistech.com/ctechnews/article/shavjm2g2) Steve Langasek, One of Ubuntu Linux's Leading Lights, Has Died (https://thenewstack.io/steve-langasek-one-of-ubuntu-linuxs-leading-lights-has-died/) Python: The Documentary [OFFICIAL TRAILER] (https://www.youtube.com/watch?v=pqBqdNIPrbo) Spain Orders Airbnb to Take Down 66,000 Rental Listings (https://www.nytimes.com/2025/05/19/business/airbnb-listings-spain.html) Detecting malicious Unicode (https://daniel.haxx.se/blog/2025/05/16/detecting-malicious-unicode/) Former Apple Design Guru Jony Ive to Take Expansive Role at OpenAI (https://www.wsj.com/tech/ai/former-apple-design-guru-jony-ive-to-take-expansive-role-at-openai-5787f7da) Apple's Worldwide Developers Conference kicks off June 9 (https://www.apple.com/newsroom/2025/05/apples-worldwide-developers-conference-kicks-off-june-9/) Valkey Turns One: How the Community Fork Left Redis in the Dust - Momento (https://www.gomomento.com/blog/valkey-turns-one-how-the-community-fork-left-redis-in-the-dust/?ck_subscriber_id=512834888&utm_source=convertkit&utm_medium=email&utm_campaign=[Last%20Week%20in%20AWS]:%20Transform%20Away,%20as%20AWS%20Reverses%20Course%20-%2017665354) Nonsense Max (@StreamOnMax) on X (https://x.com/StreamOnMax/status/1922781490473034153) Uber to introduce fixed-route shuttles in major US cities designed for commuters (https://techcrunch.com/2025/05/14/uber-to-introduce-fixed-route-shuttles-in-major-us-cities-other-ways-to-save/) Conferences POST/CON 25 (https://postcon.postman.com/2025/), June 3-4, Los Angeles, CA, Brandon representing SDT. Register here for free pass (https://fnf.dev/43irTu1) using code BRANDON (https://fnf.dev/43irTu1) (limited to first 20 People) Contract-Driven Development: Unite Your Teams and Accelerate Delivery (https://postcon.postman.com/2025/session/3022520/contract-driven-development-unite-your-teams-and-accelerate-delivery%20%20%20%20%20%208:33) by Chris Chandler SREDay Cologne, June 12th, 2025 (https://sreday.com/2025-cologne-q2/#tickets) - Coté speaking, discount: CLG10, 10% off. SDT News & Community Join our Slack community (https://softwaredefinedtalk.slack.com/join/shared_invite/zt-1hn55iv5d-UTfN7mVX1D9D5ExRt3ZJYQ#/shared-invite/email) Email the show: questions@softwaredefinedtalk.com (mailto:questions@softwaredefinedtalk.com) Free stickers: Email your address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) Follow us on social media: Twitter (https://twitter.com/softwaredeftalk), Threads (https://www.threads.net/@softwaredefinedtalk), Mastodon (https://hachyderm.io/@softwaredefinedtalk), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com) Watch us on: Twitch (https://www.twitch.tv/sdtpodcast), YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured), Instagram (https://www.instagram.com/softwaredefinedtalk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk) Book offer: Use code SDT for $20 off "Digital WTF" by Coté (https://leanpub.com/digitalwtf/c/sdt) Sponsor the show (https://www.softwaredefinedtalk.com/ads): ads@softwaredefinedtalk.com (mailto:ads@softwaredefinedtalk.com) Recommendations Brandon: MurderBot (https://www.google.com/aclk?sa=L&ai=DChcSEwi286yM0KiNAxUELNQBHStVDhgYABABGgJvYQ&co=1&gclid=Cj0KCQjwxJvBBhDuARIsAGUgNfjytNAoEF2oBZYZixtUoB15h1o0UU1SJRQp-A-GFE_i0FGLHOE5wY8aAoFzEALw_wcB&cce=1&sig=AOD64_3mm-tO-giOK7S1lj45fNCC7pw-6w&q&adurl&ved=2ahUKEwiFq6eM0KiNAxXI4ckDHc0cBAMQ0Qx6BAg9EAE)

Paul's Security Weekly
Malware Laced Printer Drivers - PSW #875

Paul's Security Weekly

Play Episode Listen Later May 22, 2025 121:59


This week in the security news: Malware-laced printer drivers Unicode steganography Rhode Island may sue Deloitte for breach. They may even win. Japan's active cyber defense law Stop with the ping LLMs replace Stack Overflow - ya don't say? Aggravated identity theft is aggravating Ivanti DSM and why you shouldn't use it EDR is still playing cat and mouse with malware There's a cellular modem in your solar gear Don't slack on securing Slack XSS in your mail SIM swapping and the SEC Ivanti and libraries Supercomputers in space! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-875

Paul's Security Weekly TV
Malware Laced Printer Drivers - PSW #875

Paul's Security Weekly TV

Play Episode Listen Later May 22, 2025 121:59


This week in the security news: Malware-laced printer drivers Unicode steganography Rhode Island may sue Deloitte for breach. They may even win. Japan's active cyber defense law Stop with the ping LLMs replace Stack Overflow - ya don't say? Aggravated identity theft is aggravating Ivanti DSM and why you shouldn't use it EDR is still playing cat and mouse with malware There's a cellular modem in your solar gear Don't slack on securing Slack XSS in your mail SIM swapping and the SEC Ivanti and libraries Supercomputers in space! Show Notes: https://securityweekly.com/psw-875

Paul's Security Weekly (Podcast-Only)
Malware Laced Printer Drivers - PSW #875

Paul's Security Weekly (Podcast-Only)

Play Episode Listen Later May 22, 2025 121:59


This week in the security news: Malware-laced printer drivers Unicode steganography Rhode Island may sue Deloitte for breach. They may even win. Japan's active cyber defense law Stop with the ping LLMs replace Stack Overflow - ya don't say? Aggravated identity theft is aggravating Ivanti DSM and why you shouldn't use it EDR is still playing cat and mouse with malware There's a cellular modem in your solar gear Don't slack on securing Slack XSS in your mail SIM swapping and the SEC Ivanti and libraries Supercomputers in space! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-875

Paul's Security Weekly (Video-Only)
Malware Laced Printer Drivers - PSW #875

Paul's Security Weekly (Video-Only)

Play Episode Listen Later May 22, 2025 121:59


This week in the security news: Malware-laced printer drivers Unicode steganography Rhode Island may sue Deloitte for breach. They may even win. Japan's active cyber defense law Stop with the ping LLMs replace Stack Overflow - ya don't say? Aggravated identity theft is aggravating Ivanti DSM and why you shouldn't use it EDR is still playing cat and mouse with malware There's a cellular modem in your solar gear Don't slack on securing Slack XSS in your mail SIM swapping and the SEC Ivanti and libraries Supercomputers in space! Show Notes: https://securityweekly.com/psw-875

Value Inspiration Podcast
#362 – How Sharat Potharaju built a 50,000-customer business by saying "no" to endless opportunities

Value Inspiration Podcast

Play Episode Listen Later May 21, 2025 45:38


This podcast interview focuses on the entrepreneurial journey to discovering powerful strategic frameworks through trial and error. My guest is Sharat Potharaju, CEO of Unicode. Sharat is a serial entrepreneur with 15 years of experience. He navigated through a decade of ventures that didn't scale before founding Uniqode in 2019. His company has since grown to serve over 50,000 businesses worldwide, including Fortune 500 companies, by creating innovative technology that connects physical and digital worlds through mobile experiences. What makes Sharat's story remarkable is his methodical approach to business building, where he combines weekly deep strategic thinking with rapid experimentation frameworks, always maintaining that impact—both for employees and customers—is what drives his entrepreneurial energy. And this inspired me, and hence I invited Sharat to my podcast. We explore how an entrepreneur's decade of failures can become the foundation for remarkable success. Sharat challenges conventional wisdom by dedicating specific time each week for deep thinking about long-term strategy while handling day-to-day operations. He reveals why being selective about advice is crucial for maintaining entrepreneurial confidence, and how balancing luck with persistence creates the conditions for breakthrough success. His approach makes products dead-simple for users while sticking to strict testing methods to know what works. Here is a quote that captures one of Sharat's most striking business lessons: "It's important to love your product, but it's even more important to be obsessed about the problem that you're trying to solve. Because if you're not obsessed about the problem, eventually you'll just fall in love with your product and lose your focus on vision." By listening to this podcast you will learn: Why entrepreneurial success typically takes a decade, not overnight, and how to mentally prepare for this reality How to implement a "Wednesday deep thinking" practice that balances long-term vision with short-term execution The secret to filtering advice from well-meaning investors, mentors, and colleagues without losing your entrepreneurial confidence How to create frameworks for experimentation that prevent chaos while maximizing learning For more information about the guest from this week:  Guest: Sharat Potharaju  Website: uniqode.com Learn more about your ad choices. Visit megaphone.fm/adchoices

Late Night Linux Extra
Linux Dev Time – Episode 124

Late Night Linux Extra

Play Episode Listen Later May 18, 2025 20:51


It's another hot questions episode. Tabs vs spaces, whether we have imposter syndrome, why software keeps getting heavier, the correct length of functions and files, and what every programmer should know.   Some things we mentioned: Interesting Characters (UTF-16, utf-8, Unicode, encodings) Software Design is Knowledge Building The Absolute Minimum Every Software Developer Must Know... Read More

Late Night Linux All Episodes
Linux Dev Time – Episode 124

Late Night Linux All Episodes

Play Episode Listen Later May 18, 2025 20:51


It's another hot questions episode. Tabs vs spaces, whether we have imposter syndrome, why software keeps getting heavier, the correct length of functions and files, and what every programmer should know.   Some things we mentioned: Interesting Characters (UTF-16, utf-8, Unicode, encodings) Software Design is Knowledge Building The Absolute Minimum Every Software Developer Must Know... Read More

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
SANS Stormcast Tuesday, April 22nd: Phishing via Google; ChatGPT Fingerprint; Asus AI Cloud Vuln; PyTorch RCE

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Play Episode Listen Later Apr 22, 2025 5:35


It's 2025, so why are malicious advertising URLs still going strong? Phishing attacks continue to take advantage of Google s advertising services. Sadly, this is still the case for obviously malicious links, even after various anti-phishing services flag the URL. https://isc.sans.edu/diary/It%27s%202025...%20so%20why%20are%20obviously%20malicious%20advertising%20URLs%20still%20going%20strong%3F/31880 ChatGPT Fingerprinting Documents via Unicode ChatGPT apparently started leaving fingerprints in texts, which it creates by adding invisible Unicode characters like non-breaking spaces. https://www.rumidocs.com/newsroom/new-chatgpt-models-seem-to-leave-watermarks-on-text Asus AI Cloud Security Advisory Asus warns of a remote code execution vulnerability in its routers. The vulnerability is related to the AI Cloud feature. If your router is EoL, disabling the feature will mitigate the vulnerability https://www.asus.com/content/asus-product-security-advisory/ PyTorch Vulnerability PyTorch fixed a remote code execution vulnerability exploitable if a malicious model was loaded. This issue was exploitable even with the weight_only=True" setting selected https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6

Adafruit Industries
John Park's CircuitPython Parsec: Unicode Blocks

Adafruit Industries

Play Episode Listen Later Mar 21, 2025 5:30


#circuitpythonparsec How to use Unicode characters in the REPL. https://github.com/jedgarpark/parsec/blob/main/2025-03-20/code.py https://www.adafruit.com/product/6003 Learn about CircuitPython: https://circuitpython.org Visit the Adafruit shop online - http://www.adafruit.com ----------------------------------------- LIVE CHAT IS HERE! http://adafru.it/discord Subscribe to Adafruit on YouTube: http://adafru.it/subscribe New tutorials on the Adafruit Learning System: http://learn.adafruit.com/ -----------------------------------------

blocks unicode parsec repl adafruit john park circuitpython adafruit learning system
The Cybersecurity Defenders Podcast
#199 - Intel Chat: Lazarus Group, BadPilot, PAN-OS, emoji exfil, Kitty Stealer & PolarEdge

The Cybersecurity Defenders Podcast

Play Episode Listen Later Mar 7, 2025 36:13


In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.North Korea's state-backed Lazarus Group is believed to be responsible for the largest cryptocurrency heist ever recorded, stealing $1.5 billion from the Bybit exchange. The "BadPilot" hacking campaign has been linked to Russia's Sandworm threat group, a unit of the GRU known for cyber espionage and disruptive attacks. GreyNoise has observed active exploitation of CVE-2025-0108, a critical authentication bypass vulnerability in Palo Alto Networks' PAN-OS. Security researcher Paul Butler has demonstrated a novel technique for smuggling arbitrary data using emojis, leveraging the way modern text encoding and rendering systems handle Unicode characters.Kitty Stealer is a newly identified malware targeting macOS systems, designed to steal sensitive user data such as credentials, browser cookies, and cryptocurrency wallets.SEKOIA researchers have uncovered a previously unknown IoT botnet named PolarEdge, which has been operating covertly for an extended period.

The Cybersecurity Defenders Podcast
#195 - Intel Chat: APT tunnelling, BadPilot, CVE-2025-0108, emojis & Kitty Stealer (take 2)

The Cybersecurity Defenders Podcast

Play Episode Listen Later Feb 21, 2025 35:09


In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Network traffic tunneling is a technique used by attackers to bypass security controls and exfiltrate data or establish covert communication channels. Threat actors use various tunneling methods, including DNS tunneling, HTTP/S tunneling, and ICMP tunneling, each with its own advantages depending on the target environment.The "BadPilot" hacking campaign has been linked to Russia's Sandworm threat group, a unit of the GRU known for cyber espionage and disruptive attacks.GreyNoise has observed active exploitation of CVE-2025-0108, a critical authentication bypass vulnerability in Palo Alto Networks' PAN-OS. This vulnerability allows unauthenticated attackers to gain administrative access to affected firewall devices, posing a significant risk to organizations relying on PAN-OS for network security.Security researcher Paul Butler has demonstrated a novel technique for smuggling arbitrary data using emojis, leveraging the way modern text encoding and rendering systems handle Unicode characters.Kitty Stealer is a newly identified malware targeting macOS systems, designed to steal sensitive user data such as credentials, browser cookies, and cryptocurrency wallets.

Day[0] - Zero Days for Day Zero
Unicode Troubles, Bypassing CFG, and Racey Pointer Updates

Day[0] - Zero Days for Day Zero

Play Episode Listen Later Feb 4, 2025 41:29


On the web side, we cover a portswigger post on ways of abusing unicode mishandling to bypass firewalls and a doyensec guide to OAuth vulnerabilities. We also get into a Windows exploit for a use-after-free in the telephony service that bypasses Control Flow Guard, and a data race due to non-atomic writes in the macOS kernel. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/271.html [00:00:00] Introduction [00:00:22] Bypassing character blocklists with unicode overflows [00:06:53] Common OAuth Vulnerabilities [00:18:37] Windows Telephony Service - It's Got Some Call-ing Issues [CVE-2024-26230] [00:32:05] TRAVERTINE (CVE-2025-24118) Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

字谈字畅
#247:「我们可以再哭一把」

字谈字畅

Play Episode Listen Later Jan 14, 2025 90:35


2024 年终,W3C 发布了新版《中文排版需求》。这是该文档自发布以来,首次经历的大幅度结构调整。 2025 年伊始,我们有幸请到 W3C 国际化工作负责人、《中文排版需求》编辑薛富侨,向我们介绍文档的更新进展及逻辑框架;同时,也与我们分享 W3C 国际化工作的细节与愿景。 参考链接 W3C(World Wide Web Consortium,万维网联盟)于 2023 年正式转型成为公益性非营利组织 W3C 无障碍相关的标准及指南 W3C FAQ 之一「本地化与国际化有什么关系?」 Richard Ishida,国际化专家,前任 W3C 国际化标准工作负责人 W3C Requirements for Chinese Text Layout(中文排版需求) 字谈字畅 007:「通缉」中文字体排印事业的贡献者 字谈字畅 143:「中文电子书为什么还这么差?」 字谈字畅 144:CSS 中文排版的十年跬步 字谈字畅 186:《中文排版需求》的进展 薛富侨近期在 The Type 发布文章《新版〈中文排版需求〉:结构的统一与未来的可能性》,介绍《中文排版需求》的更新进展 W3C Patent Policy(专利政策) 语言文字矩阵(language matrix)是 W3C 推进国际化工作的重要框架之一 Safari 18.2 开始支持行内(字间)注音符号的排版,基于 CSS ruby-position 属性的 inter-character 值 Unicode 变体序列(variation sequence) Unicode Technical Report #59: East Asian Spacing 《中文排版需求》的 GitHub repo 嘉宾 薛富侨:W3C 国际化专家,致力于推动全球文字排版需求 主播 Eric:字体排印研究者,译者,The Type 执行编辑 蒸鱼:设计师,The Type 编辑 欢迎与我们交流或反馈,来信请致 podcast@thetype.com​。如果你喜爱本期节目,也欢迎用支付宝向我们捐赠:hello@thetype.com​。

Critical Thinking - Bug Bounty Podcast
Episode 103: Getting ANSI about Unicode Normalization

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Dec 26, 2024 60:30


Episode 103: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph delve into the vulnerabilities associated with ANSI codes and large language models (LLMs), as well as talk through some new research and the value of micro-blogging in general.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord!We offer Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Check out our new SWAG store!Join our Shift waitlist!Today's Sponsor - ThreatLocker. Check out their Elevation Control! https://www.criticalthinkingpodcast.io/tl-ecResources_json Juggling AttackCross-Site POST Requests Without a Content-Type HeaderWorst FitOrange Tsai on Worst FitHandling Cookies is a MinefieldTerminal DiLLMaXS-Leaking flags with CSS: A CTFd 0dayHacking Back the AI-HackerJohann Computer use demoHow I Became The Most Valuable HackerTimestamps(00:00:00) Introduction(00:01:39) _json Juggling Attack and Cross-Site POST Requests Without a Content-Type Header(00:10:55) Worst Fit and Unicode Mapping(00:20:08) Handling Cookies is a Minefield(00:28:11) Terminal DiLLMa & CTFd 0day(00:41:18) Hacking Back the AI-Hacker(00:47:30) Becoming Most Valuable Hacker

字谈字畅
#243:分分合合的摄氏度

字谈字畅

Play Episode Listen Later Nov 19, 2024 66:23


摄氏度符号是一个独立字符,还是由两个字符组合构成?——今天的话题,同样由一位听众的来信引出。本期节目,就让我们尝试从历史、技术与实践多个角度,来认识这个符号。 参考链接 铁宋 v1.0 版正式发布 蒙纳字库与上海印刷技术研究所,于 11 月 6 日对外发布达成战略合作 陈其瑞先生曾撰文《被遗忘的宋体》,提及「宋七体」,2013 年刊于 The Type 字谈字畅 038:一根藤上七朵花 字谈字畅 115:喜欢游乐园的字体设计师 2024 年「Hiii 国际创意月」于 11 月 16 日开启,由 Hiiibrand 主办 Unicode 文档对于兼容分解(compatibility decomposition)符号的定义 Unicode 码表帮助文档及相关链接 字谈字畅 052:Kerning Panic·字谈字串(五)规范化有四样形式,你知道么? UAX #15: Unicode Normalization Forms 摄氏度(degree Celsius) 安德斯·摄尔修斯(Anders Celsius,1701—1744),瑞典天文学家、物理学家、数学家;于 1742 年提出「摄氏温标」,后由植物学家卡尔·林奈反转温标,沿用至今 GB 3100—1993《国际单位制及其应用》 国际单位制(SI,International System of Units) 在 macOS 上可使用字符检视器输入特殊符号 主播 Eric:字体排印研究者,译者,The Type 执行编辑 蒸鱼:设计师,The Type 编辑 欢迎与我们交流或反馈,来信请致 podcast@thetype.com​。如果你喜爱本期节目,也欢迎用支付宝向我们捐赠:hello@thetype.com​。

The Daily Decrypt - Cyber News and Discussions
Unicode Obfuscation, OpenAI Malware Operations, and Urgent Patches for Mozilla and Fortinet

The Daily Decrypt - Cyber News and Discussions

Play Episode Listen Later Oct 11, 2024


Video Episode: https://youtu.be/igJqDBKj13o In today’s episode, we discuss a new cybercriminal campaign utilizing Unicode obfuscation to hide the Mongolian Skimmer on e-commerce platforms, aiming to steal sensitive data. OpenAI has reported disrupting over 20 malicious operations leveraging its technology for tasks including malware development and election-related misinformation. Additionally, we cover critical vulnerabilities in Firefox and Fortinet products, emphasizing the need for urgent updates to mitigate risks and ensure cybersecurity. References: 1. https://thehackernews.com/2024/10/cybercriminals-use-unicode-to-hide.html 2. https://thehackernews.com/2024/10/openai-blocks-20-global-malicious.html 3. https://www.helpnetsecurity.com/2024/10/10/cve-2024-9680/ 4. https://thehackernews.com/2024/10/cisa-warns-of-critical-fortinet-flaw-as.html Timestamps 00:00 – Introduction 01:12 – Fortinet Urgent Patch 02:12 – Firefox Zero-Day 03:14 – OpenAI blocks 20 abusive networks 05:04 – Unicode Obfuscation 1. What are today’s top cybersecurity news stories? 2. How is the Mongolian Skimmer using Unicode to hide its malware? 3. What actions has OpenAI taken against malicious operations using its platform? 4. What are the latest updates regarding the Firefox zero-day vulnerability CVE-2024-9680? 5. What critical vulnerabilities are impacting Fortinet and Palo Alto Networks? 6. How can ransomware be concealed with obfuscated scripts? 7. Which cybersecurity threats are currently being reported by CISA? 8. What steps should be taken to secure systems against the new vulnerabilities? 9. How are cyber actors leveraging generative AI for malicious purposes? 10. What recent updates have been made to safeguard web applications from skimmers? Unicode obfuscation, Mongolian Skimmer, malware, e-commerce, OpenAI, malware, misinformation, countermeasures, zero-day, Firefox, Mozilla, vulnerability, CISA, Fortinet, vulnerabilities, cyber threats

字谈字畅
#240:在第九年看二十年

字谈字畅

Play Episode Listen Later Oct 8, 2024 103:45


《字谈字畅》走过了九年,感谢听众一如既往的支持。本期节目将与大家分享 Eric 近期应邀撰稿的内容,回顾近二十年来中文字体产品的发展景象。 同时,感谢来自八岁半年轻听众的声音和祝福。 参考链接 字谈字畅 080:三周年庆特别节目 The Type 纪念 T 恤 Hiiibrand Awards 2024 设计竞赛开始征集作品,截止时日期为 2024 年 10 月 31 日(超级早鸟),11 月 30 日(早鸟),12 月 31 日(常规) 森泽字体设计竞赛作品征集已截止,评奖结果预计 2025 年 2 月发布 第十三届「方正奖」设计大赛启动,作品征集日期为 2024 年 9 月 21 日至 2026 年 2 月 28 日 TDC71 设计竞赛开始征集作品,截止日期为 2024 年 11 月 1 日(早鸟),2025 年 1 月 31 日(常规),2025 年 2 月 28 日(最终) Inscript Experimental Typography Festival 将于 10 月 16 至 20 日在线上举办 Unicode 16.0 于 9 月 10 日正式发布,新增 UAX #53 和 UAX #57,以及 Emoji v16.0 等;核心规范(Core Specification)部分同时以网页版形式发布 新出版的日文设计期刊 C-GRAPHIC INDEX 于今年 8 月面世,Eric 应邀发表文章《从二〇〇〇年代开始的汉字设计风景》(二〇〇〇年代からの漢字デザイン風景) Unicode 3.0 于 2000 年发布 GB 18030—2000《信息技术 信息交换用汉字编码字符集 基本集的扩充》 谭沛然所撰《参数化设计与字体战争:从 OpenType 1.8 说起》,2016 年刊于 The Type 方正铁筋隶书,朱志伟设计,2003 年发布 方正兰亭黑,齐立设计,2006 年发布 方正雅宋,朱志伟设计,2007 年发布 冬青黑体(简体中文版),字游工房设计,2007 年发布 方正静蕾体,徐静蕾设计,2007 年发布 方正金陵(简体中文版),今田欣一设计,2016 年发布 华康翩翩体,华康字型出品,2012 年发布 信黑体,柯炽坚设计,2011 年发布 汲古书体,应永会设计,2017 年发布 字谈字畅 047:汲古新字 空明朝体,许瀚文设计,2022 年发布 汉仪尚巍手书,尚巍设计,2016 年发布 锦华明朝体,薛天盟设计,2023 年发布 字谈字畅 176:茉莉芬芳沁锦华 思源黑体,Adobe、Google 合作设计出品,2014 年发布 杜甫所作七言律诗《至日遣兴奉寄北省旧阁老两院故人二首》 汉仪杰龙桃花源,张杰龙设计,2022 年发布 主播 Eric:字体排印研究者,译者,The Type 执行编辑 蒸鱼:设计师,The Type 编辑 欢迎与我们交流或反馈,来信请致 podcast@thetype.com​。如果你喜爱本期节目,也欢迎用支付宝向我们捐赠:hello@thetype.com​。

Topic Lords
257. Stinky Judo

Topic Lords

Play Episode Listen Later Sep 23, 2024 74:40


Lords: * Nathan * https://store.steampowered.com/app/2976260/ChainStaff/ * Tom Topics: * During the summer olympics, France introduced breakdancing as an event, which was invented in America. They stole it from us! What new event should we steal from another country when the Olympics comes to LA in 2028? * https://en.wikipedia.org/wiki/Izzy_(mascot) * Getting to an age where media is good: the writers are your contemporaries so their work doesn't feel stodgy anymore. * How are you saying goodbye to trigraphs? * Rain by Raymond Carver * https://readalittlepoetry.com/2012/12/13/rain-by-raymond-carver/ * Jumping levels of abstraction while explaining computery things, how to pronounce angle brackets and command-line flags * 3rd tetris playtest developed ("rolling"), ponder an entirely new approach to a game (or medium, or problem) that comes nearly 40 years later. * https://www.youtube.com/watch?v=iV5DIZyqsaw Microtopics: * Whether the chain staff is also the grappling hook. * How all games ought to be made. * Using an ancient alien artifact as an immersion blender. * Getting the steamer arm upgrade before you can steam the milk. * Space Opera by Catherynne Valente. * Books where you read a couple paragraphs and you're done for the day. * A sport where if you reach just a little bit further maybe you can touch your opponent's face with your foot. * Stealing cheese rolling from France at the 2028 Olympics. * Hosting the Olympics: a huge money-loser. * Shouldering the terrible burden of hosting the 2028 Olympics. * Aging up the 1996 Olympics mascot so they'll be the right age for the 2028 Olympics. * The Chinese Olympics mascot Jim keeps confusing for Tingle. * Olympic announcers just assuming everyone knows what a "B-Boy" is. * This right here is a horse. * Arranging a competition as bracket of 1v1 matches when it could just as easily be individually scored performances. * Gymnasts all over the world chalking their hands because humans are more alike than they are different. * Running fast at the Olympics. * Hiring Topic Lords as Olympic announcers. * Synchronized swimming except you need to synchronize with all your competitors. * Getting out the shotgun mics to televise basketball players trash talking each other. * Liking television alongside people who share your generational values. * Enjoying being part of a target demographic until you get too old. * Making an effort to appreciate new art more. * The inexhaustible supply of old movies you haven't seen. * What is lost and what is gained now that we're not all watching exactly the same TV shows every night. * Realizing your social values match the media you're consuming because you didn't roll your eyes at the Very Special Episode. * All the video games where you build a bionic arm for an NPC. * Two guys in a missile silo arguing to keep trigraphs in the C standard. * Boring programming situations where memory leaks are impossible. * A guy drinking a beer looking over your shoulder while you program who says "yep" whenever you do something he approves of. * Compiling C++ to a web site. * Writing a web assembly program by typing opcodes into a Javascript string. * What website people are into. * Music that plays while you're waiting for a game to load. * Loading the loading screen. * Some things are being destroyed and other things rebuilt. * Waking up and it's raining. * Saying you have no regrets when of course you have regrets – everyone has regrets, fool! * What cities were destroyed in December 2012? * Scraping information so you can stick it in a file system. * Complete List of Destroyed Cities. * How grumpy Raymond Carver was as a six year old. * How to communicate about what you want someone to type. * What they call curly braces in other countries. * Smooth brackets. * How Mandarin speakers write C code. * Drawing weird shit with Unicode glyphs, making it your URL, printing it on the side of a bus and making people figure out how to type it. * Mathematicians giving all their variables single letter names. * Embarrassing yourself by begging the compiler to not reformat your code. * Choosing to do the easy part of your job right now. * How to play Tetris faster. * Strumming arcade buttons to press them faster. * Weird ways of holding the NES controller to move Tetris pieces faster. * A new way to interact with this piece of plastic. * Turning the back of the controller into a giant button. * What high jump competitors thought the first time they saw the Fosbury Flop. * Learning to do close-up magic and getting frustrated because you can't literally make the card vanish. * Funding a weird game and finding out later if it ever ships. * Whether the folks who made ZPF considered any better names.

DOU Podcast
Новий реліз від Apple | Портрет

DOU Podcast

Play Episode Listen Later Sep 16, 2024 29:22


Lingthusiasm - A podcast that's enthusiastic about linguistics

When you order a kebab and they ask you if you want everything on it, you might say yes. But you'd probably still be surprised if it came with say, chocolate, let alone a bicycle...even though chocolate and bicycles are technically part of "everything". That's because words like "everything" and "all" really mean something more like "everything typical in this situation". Or in linguistic terms, we say that their scope is ambiguous without context. In this episode, your hosts Lauren Gawne and Gretchen McCulloch get enthusiastic about how we can think about ambiguity of meaning in terms of scope. We talk about how humour often relies on scope ambiguity, such as a cake with "Happy Birthday in red text" written on it (quotation scope ambiguity) and the viral bench plaque "In Memory of Nicole Campbell, who never saw a dog and didn't smile" (negation scope ambiguity). We also talk about how linguists collect fun examples of ambiguity going about their everyday lives, how gesture and intonation allow us to disambiguate most of the time, and using several scopes in one sentence for double plus ambiguity fun. Read the transcript here: https://lingthusiasm.com/post/748141442230272000/transcript-episode-91-scope Announcements: In this month's bonus episode we get enthusiastic about the forms that our thoughts take inside our heads! We talk about an academic paper from 2008 called "The phenomena of inner experience", and how their results differ from the 2023 Lingthusiasm listener survey questions on your mental pictures and inner voices. We also talk about more unnerving methodologies, like temporarily paralyzing people and then scanning their brains to see if the inner voice sections still light up (they do!). Join us on Patreon now to get access to this and 80+ other bonus episodes. You'll also get access to the Lingthusiasm Discord server where you can chat with other language nerds. You can find us at patreon.com/lingthusiasm Also: Join at the Ling-phabet tier and you'll get an exclusive “Lingthusiast – a person who's enthusiastic about linguistics,” sticker! You can stick it on your laptop or your water bottle to encourage people to talk about linguistics with you. Members at the Ling-phabet tier also get their very own, hand-selected character of the International Phonetic Alphabet – or if you love another symbol from somewhere in Unicode, you can request that instead – and we put that with your name or username on our supporter Wall of Fame! Check out our Supporter Wall of Fame and become a Ling-phabet patron here: patreon.com/lingthusiasm For links to things mentioned in this episode: https://lingthusiasm.com/post/748139974576275456/lingthusiasm-episode-91-scoping-out-the-scope-of