Podcasts about xor

Topics covered in this episode: PEP 772 – Packaging governance process Official Django MongoDB Backend Now Available in Public Preview Developer Philosophy Python 3.13.2 released Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: PEP 772 – Packaging governance process draft, created 21-Jan, by Barry Warsaw, Deb Nicholson, Pradyun Gedam “As Python packaging has matured, several interrelated problems with the current way of managing the technical development, decision making and processes have become apparent.” “This PEP proposes a Python Packaging Council with broad authority over packaging standards, tools, and implementations. Like the Python Steering Council, the Packaging Council seeks to exercise this authority as rarely as possible; instead, they use this power to establish standard processes.” PEP discusses PyPA, Packaging-WG, Interoperability Standards, Python Steering Council, and Expectations of an elected Packaging Council A specification with Composition: 5 people Mandate, Responsibilities, Delegations, Process, Terms, etc. Michael #2: Official Django MongoDB Backend Now Available in Public Preview Over the last few years, Django developers have increasingly used MongoDB, presenting an opportunity for an official MongoDB-built Python package to make integrating both technologies as painless as possible. Features The ability to use Django models with confidence. Developers can use Django models to represent MongoDB documents, with support for Django forms, validations, and authentication. Django admin support. The package allows users to fire up the Django admin page as they normally would, with full support for migrations and database schema history. Native connecting from settings.py. Just as with any other database provider, developers can customize the database engine in settings.py to get MongoDB up and running. MongoDB-specific querying optimizations. Field lookups have been replaced with aggregation calls (aggregation stages and aggregate operators), JOIN operations are represented through $lookup, and it's possible to build indexes right from Python. Limited advanced functionality. While still in development, the package already has support for time series, projections, and XOR operations. Aggregation pipeline support. Raw querying allows aggregation pipeline operators. Since aggregation is a superset of what traditional MongoDB Query API methods provide, it gives developers more functionality. Brian #3: Developer Philosophy by qntm Intended as “advice for junior developers about personal dev philosophy”, I think these are just great tips to keep in mind. The items Avoid, at all costs, arriving at a scenario where the ground-up rewrite starts to look attractive This is less about “don't do rewrites”, but about noticing the warning signs ahead of time. Aim to be 90% done in 50% of the available time Great quote: “The first 90% of the job takes 90% of the time. The last 10% of the job takes the other 90% of the time.” Automate good practices Think about pathological data “Nobody cares about the golden path. Edge cases are our entire job.” Brian's note: But also think about the happy path. Documenting and testing what you think of as the happy path is a testing start and helps others understand your idea of how things are supposed to work. There's usually a simpler way to write it Write code to be testable It is insufficient for code to be provably correct; it should be obviously, visibly, trivially correct Brian's note: Even if it's obviously, visibly, trivially correct, it will still break. So test it anyway. Michael #4: Python 3.13.2 released Python 3.13's second maintenance release. About 250 changes went into this update Also Python 3.12.9, Python 3.12's ninth maintenance release already. Just 180 changes for 3.12, but it's still worth upgrading. For us, it's simply rebuilding our Docker base (i.e. —no-cache) with these lines: RUN curl -LsSf https://astral.sh/uv/install.sh | sh RUN --mount=type=cache,target=/root/.cache uv venv --python 3.13 /venv Extras Brian: Still thinking about pytest plugins a lot. The top pytest plugin list Has been updated for Feb Is starting to include things without “pytest” in the name, like Hypothesis and Syrupy. Eventually I'll have to add “looking at trove classifiers” as part of the search, but for now, let me know if you're favorite is missing. Includes T&C podcast episode links if I've covered it on the show. There's 2 so far Michael: There's a new release of PyScript out. All the details are here: Highlight is new PyGame-CE support. Go play! PEP 2026 – Calendar versioning for Python rejected. :( PEP 759 – External Wheel Hosting withdrawn Joke: Pride Versioning

* Ransomware Gang Exploits AWS Feature to Encrypt and Hold Data Hostage* Phishing Texts Trick iMessage Users into Disabling Security* Fake CrowdStrike Job Offers Used to Distribute Cryptominer* Stealthy WordPress Skimmers Infiltrate Database Tables* A New AI-Driven Ransomware Group Blurs the Lines Between Hacktivism and CybercrimeRansomware Gang Exploits AWS Feature to Encrypt and Hold Data Hostagehttps://www.halcyon.ai/blog/abusing-aws-native-services-ransomware-encrypting-s3-buckets-with-sse-cA new ransomware campaign leverages Amazon Web Services' (AWS) Server-Side Encryption with Customer Provided Keys (SSE-C) to encrypt victims' data stored in S3 buckets. This tactic, discovered by cybersecurity firm Halcyon, sees threat actors, such as the group dubbed "Codefinger," infiltrate AWS accounts and utilize the SSE-C feature with their own encryption keys.The campaign hinges on the fact that AWS does not store these customer-provided keys. This makes data recovery impossible for victims even if they report the incident to Amazon. After encrypting the data, attackers set a seven-day file deletion policy and leave ransom notes demanding Bitcoin payments in exchange for the decryption key.Halcyon advises AWS customers to implement strict security protocols, including disabling unused keys, regularly rotating active keys, and minimizing account permissions. They also recommend setting policies that restrict the use of SSE-C on S3 buckets where possible.This incident highlights the critical need for robust security measures within cloud environments, emphasizing the importance of secure key management and vigilant monitoring for unauthorized activity.Phishing Texts Trick iMessage Users into Disabling Securityhttps://www.bleepingcomputer.com/news/security/phishing-texts-trick-apple-imessage-users-into-disabling-protection/Cybercriminals are employing a new tactic in their smishing (SMS phishing) campaigns: tricking Apple iMessage users into replying to texts, thereby disabling the platform's built-in phishing protection.iMessage automatically disables links in messages from unknown senders as a security measure. However, replying to such a message or adding the sender to your contacts list will enable these links.Recent smishing attacks, such as those mimicking USPS shipping issues or unpaid road tolls, instruct recipients to reply with "Y" to enable a disabled link. This plays on the common user behavior of replying to texts to confirm appointments or opt-out of services.By replying, users inadvertently disable iMessage's security for that specific text, potentially exposing themselves to malicious links and scams. Even if the user doesn't click the enabled link, their response signals to attackers that they are susceptible to phishing attempts.Security experts advise against replying to texts with disabled links from unknown senders. Instead, users should contact the purported sender directly to verify the message's legitimacy.Fake CrowdStrike Job Offers Used to Distribute Cryptominerhttps://www.crowdstrike.com/en-us/blog/recruitment-phishing-scam-imitates-crowdstrike-hiring-process/Cybercriminals are targeting developers with a new phishing campaign that impersonates CrowdStrike, a cybersecurity company. The campaign tricks victims into downloading a malicious application that installs a cryptominer on their devices.Here's how the scam works:* Phishing Email: The attacker sends a phishing email that appears to be from a CrowdStrike recruiter. The email congratulates the recipient on being shortlisted for a junior developer position and asks them to schedule an interview.* Malicious Link: The email contains a link that takes the victim to a fake website that looks like a legitimate CrowdStrike domain.* Fake CRM Application: The website prompts the victim to download a "customer relationship management (CRM)" application to schedule the interview. However, this application is actually malware.* Cryptominer Download: Once downloaded and installed, the malware downloads and installs a cryptominer on the victim's device. Cryptominers use the victim's device to mine cryptocurrency for the attacker.This is a sophisticated phishing campaign that leverages the credibility of a well-known company. Here are some tips to avoid falling victim to this scam:* Be wary of unsolicited emails: Don't click on links or download attachments from emails from unknown senders.* Verify the sender's email address: If you receive an email from a recruiter, carefully check the email address to make sure it's legitimate.* Don't download software from untrusted sources: Only download software from the official website of the company.* Be suspicious of urgent requests: If an email asks you to take immediate action, it's probably a scam.Stealthy WordPress Skimmers Infiltrate Database Tableshttps://blog.sucuri.net/2025/01/stealthy-credit-card-skimmer-targets-wordpress-checkout-pages-via-database-injection.htmlCybersecurity researchers have uncovered a new wave of credit card skimmers targeting WordPress e-commerce sites. This campaign injects malicious JavaScript into the wp_options table of the WordPress database, making it difficult to detect with traditional scanning tools.How the Skimmer Works* Database Injection: The skimmer code is injected into the wp_options table disguised as a widget block.* Checkout Page Activation: The malicious code springs into action only on checkout pages.* Fake Payment Form: The skimmer either hijacks existing payment fields or injects a fraudulent payment form that mimics legitimate processors like Stripe.* Data Theft: The form captures credit card details, including numbers, expiration dates, CVV codes, and billing information. The stolen data is then encoded to evade detection and sent to attacker-controlled servers.Campaign Similarities to Previous AttacksThis campaign shares similarities with a previous attack discovered by Sucuri in December 2024. That attack also used JavaScript to create fake payment forms or steal data from legitimate forms on checkout pages. However, the stolen data was obfuscated differently, using a combination of JSON encoding, XOR encryption, and Base64 encoding.These recent discoveries highlight the evolving tactics of cybercriminals. E-commerce website owners should stay updated on the latest threats and implement robust security measures, including regular vulnerability scanning and database backups. Also users should be cautious about entering payment information on unfamiliar websites and look for signs of a secure connection (HTTPS).A New AI-Driven Ransomware Group Blurs the Lines Between Hacktivism and Cybercrimehttps://research.checkpoint.com/2025/funksec-alleged-top-ransomware-group-powered-by-ai/FunkSec, a recently emerged ransomware group, has taken the cybersecurity world by storm with its aggressive tactics and claims of over 85 victims in just a month. However, a closer look reveals a more complex story.Key Points:* Rapid Rise: FunkSec emerged in late 2024 and quickly gained notoriety for its high number of claimed victims.* Low Expertise: Despite their claims, FunkSec appears to be run by inexperienced actors, with the malware riddled with redundancies and the group recycling leaked data from other sources.* AI-Assisted Development: The group leverages AI tools to enhance their capabilities, including generating code comments and potentially aiding in ransomware development.* Hacktivist Leanings: FunkSec aligns itself with hacktivist causes and targets specific countries, but the legitimacy of these connections remains unclear.* Blurred Lines: FunkSec's activities blur the line between hacktivism and cybercrime, raising questions about their true motivations.Motives and MethodsFunkSec uses a combination of data theft and encryption (double extortion) to pressure victims into paying ransoms. They offer their custom ransomware, DDoS tools, and password generation utilities. Interestingly, their ransomware demands are unusually low, sometimes as little as $10,000, and they also sell stolen data to third parties.Technical AnalysisThe FunkSec ransomware is written in Rust and exhibits several peculiarities. The code contains redundancies, with functions being called repeatedly. Additionally, the malware leverages AI-generated comments, suggesting a reliance on AI tools for development.Uncertainties and ChallengesFunkSec's true expertise and motivations remain unclear. Their use of recycled data casts doubt on the authenticity of their leaks, and their connection to hacktivism is questionable. This case highlights the evolving threat landscape where even less-skilled actors can leverage AI and readily available tools to cause significant disruption.The FutureFunkSec serves as a wake-up call for the cybersecurity community. We need to develop better methods for assessing ransomware threats and be wary of groups that rely on self-promotion and manipulation. As AI becomes more accessible, it's crucial to stay ahead of its potential misuse by malicious actors. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com

Welcome to Doctor 3 a Hearthstone podcast dedicated to giving you explosive growth in  climbing the standard ranked ladder. Hosted by Katrina, dragonrider, and sendmeyourarms (smarms).   NEWS:  The Great Dark Beyond expansion launches November 5, 2024, with 145 new cards. New minion type: Draenei. Introduces the Starship keyword, allowing players to build and upgrade Starships using minions. Six classes will feature dedicated Starship cards. Spellburst keyword returns, triggering effects when a spell is cast. Pre-release Tavern Brawl from October 29 to November 5. Pre-purchase bundles offer exclusive packs, legendaries, and hero skins. Patch 30.6 introduces The Great Dark Beyond expansion on November 5, 2024. Players can log in now to receive the Nexus-Prince Shaffar Legendary card for free. Prince Renathal returns to Standard and Wild until November 5. A special in-game event, Darkmoon Faire's Frightful Fantasy, runs from October 17 to November 5. Battlegrounds receives updates with new and removed minions, and changes to mechanics. Various bug fixes and game improvements across different modes. 11 minions have been removed from the Minion Pool; 6 minions have been added to the Minion Pool; 1 minion has been added to the Duos-only Minion Pool; 13 minions have been returned to the Minion Pool; and 1 Tavern spell has been returned to the Spell Pool. See all the updates in our dedicated Battlegrounds Blog. Trinkets that trigger at the Start of Combat now trigger earlier (at the same time as Quest Rewards, which is earlier than any other Start of Combat triggers). Beasts and Dragons can now be in the same games again.   Main Topic Card discussion about Xor'toth Breaker of Stars, Starlight Reactor, Exarch Othaar, Distress Signal, Arkwing Pilot, Ingenious Artificer, Foreboding Flame, Black Hole, Archimonde, Arkonite Defense Crystal, Dimensional Core, Velen Leader of the Exiled, Relentless Wrathguard, Nexus-Prine Shaffar, Starlight Wanderer, and The Ceaseless Expanse.   Next Poll Question How excited are you for the theme of the Great Dark Beyond? All the Hype! Pretty excited Neutral Not interested   *We'll talk about the results on next week's show* *And speaking of the show, you can find us:*   Where can we find you? Doctor 3 Twitter: https://twitter.com/Doctor3HS Email us: doctor3hs@gmail.com Discord - https://discord.com/invite/qY8SxKJ   Kat - https://twitter.com/Alkaline_Kat, https://www.twitch.tv/AlkalineKat Dragon - https://twitter.com/dawniedk , https://www.twitch.tv/dragonriderTCCG Smarms - https://twitter.com/sendmeyourarms https://www.twitch.tv/sendmeyourarms & Blizzlet podcast   You've Been listening to Doctor3   *BOOM*

- Powell cuts rates for first time in four years - Trump visits pubkey https://primal.net/e/note1qlwr9379g8dc345p5sw438fn4xg4dmczklpkd3sqst5thrq6us9q85jjte - Free Samourai: 8TB+ of Discovery, Motion to Dismiss Charges, Rodriguez's Bail Modifications Denied https://www.nobsbitcoin.com/free-samourai-8tb-of-discovery-motion-to-dismiss-charges-rodriguezs-bail-modifications-denied/ - Kingdom of Bhutan Holds 13,029 BTC from Bitcoin Mining Operations https://www.nobsbitcoin.com/bhutan-holds-13029-btc/ - HRF Bitcoin Development Fund Grants 10 BTC to 20 Projects Worldwide https://www.nobsbitcoin.com/hrf-bitcoin-development-fund-grants-10-btc-to-20-projects-worldwide/ - First Maelstrom Bitcoin Developer Grant Awarded to Rkrux https://www.nobsbitcoin.com/first-maelstrom-bitcoin-developer-grant-awarded-to-rkrux/ - OpenSats Grants Long-Term Support for WireGuard Creator Jason Donenfeld https://opensats.org/blog/jason-donenfeld-lts-grant - OpenSats Announces Long-Term Support for Mike Dilger https://opensats.org/blog/mike-dilger-receives-lts-grant - Human Rights Foundation Story of the Week - Sparrow Wallet v2.0.0: SLIP39 Shares Recovery, New Hardware Wallets & More https://www.nobsbitcoin.com/sparrow-wallet-v2-0-0-slip39-shares-recovery-new-hardware-wallets-more/ - COLDCARD Mk4 v5.4 & Q v1.3: XOR from Seed Vault, Optimizations & More https://www.nobsbitcoin.com/coldcard-mk4-v5-4-q-v1-3/ - Liana v7.0: Liana Connect, Electrum Support & More https://www.nobsbitcoin.com/liana-v7-0/ - RoboSats v0.7.0-alpha: Desktop App, Nostr Orderbook & More https://www.nobsbitcoin.com/robosats-v0-7-0-alpha/ - LNbits v0.12.11: Fixes, Refactors, UI Improvements, New Funding Sources https://www.nobsbitcoin.com/lnbits-v0-12-11/ - BlueWallet v7.0.4: Advanced Mode Unleashed https://www.nobsbitcoin.com/bluewallet-v7-0-4-advanced-mode-unleashed/ - Dana Wallet: Mobile Silent Payments Wallet for Bitcoin Donations https://www.nobsbitcoin.com/dana-wallet-v0-1-0-alpha/ - Blitz Wallet v0.2.7-beta: Ecash Integration https://www.nobsbitcoin.com/blitz-wallet-v0-2-7-beta/ - Keeper Desktop v0.1.1: Cross-platform Support https://www.nobsbitcoin.com/keeper-desktop-v0-1-1-cross-platform-support/ - Amethyst v0.91.0: Edge to Edge Feeds https://www.nobsbitcoin.com/amethyst-v0-91-0/ - Keychat App v1.19.7: nSec Login, Medium Groups https://www.nobsbitcoin.com/keychat-app-v1-19-7/ - ARK 21 Shares ETF Diversifies Bitcoin Custodians with Anchorage Digital and BitGo https://www.nobsbitcoin.com/ark-21-shares-etf-diversifies-custodians/ - 10101 to Wind Down Operations by November 3rd https://www.nobsbitcoin.com/10101-to-wind-down-operations-by-november-3rd/ - Nayuta Wallet Is Shutting Down https://www.nobsbitcoin.com/nayuta-wallet-is-shutting-down/ 2:52 - Trump at Pubkey 9:18 - Second assassination attempt 10:24 - Samourai update 26:56 - Stak 28:13 - Rate cut 36:28 - Bhutan hodling 13k btc 46:08 - HRF dev grants 47:46 - Pager bombs 58:49 - Maelstrom grant 1:00:32 - OpenSats 1:04:56 - Deepfakes and free speech 1:19:21 - Trump shitcoin 1:21:01 - HRF Story of the Week 1:25:08 - Saylor on bitcoin yield 1:40:43 - Boosts 1:44:36 - Software updates 1:56:18 - ARK 21 Shares ETF 2:00:51 - 10101 and and Nayuta shut down 2:04:08 - Jay Varma Covid orgies 2:08:23 - Sleepy Joe 2:09:35 - Fire safety tips Shoutout to our sponsors: Unchained Capital https://unchained.com/concierge/ Coinkite https://coinkite.com/ TFTC Merch is Available: Shop Now https://merch.tftc.io/ Join the TFTC Movement: Main YT Channel https://www.youtube.com/c/TFTC21/videos Clips YT Channel https://www.youtube.com/channel/UCUQcW3jxfQfEUS8kqR5pJtQ Website https://tftc.io/ Twitter https://twitter.com/tftc21 Instagram https://www.instagram.com/tftc.io/ Follow Marty Bent: Twitter https://twitter.com/martybent Newsletter https://tftc.io/martys-bent/ Podcast https://tftc.io/podcasts/ Follow Odell: Nostr https://primal.net/odell Newsletter https://discreetlog.com/ Podcast https://citadeldispatch.com/

Pizza Time goes bust, Amiga announces a computer & Nintendo launches the VS   These stories and many more on this episode of the VGNRTM!   This episode we will look back at the biggest stories in and around the video game industry in March 1984. As always, we'll mostly be using magazine cover dates, and those are of course always a bit behind the actual events.   Alex Smith of They Create Worlds is our cohost.  Check out his podcast here: https://www.theycreateworlds.com/ and order his book here: https://www.theycreateworlds.com/book   Get us on your mobile device: Android:  https://www.google.com/podcasts?feed=aHR0cHM6Ly92aWRlb2dhbWVuZXdzcm9vbXRpbWVtYWNoaW5lLmxpYnN5bi5jb20vcnNz iOS:  https://podcasts.apple.com/de/podcast/video-game-newsroom-time-machine   And if you like what we are doing here at the podcast, don't forget to like us on your podcasting app of choice, YouTube, and/or support us on patreon! https://www.patreon.com/VGNRTM   Send comments on Mastodon @videogamenewsroomtimemachine@oldbytes.space Or twitter @videogamenewsr2 Or Instagram https://www.instagram.com/vgnrtm Or videogamenewsroomtimemachine@gmail.com   Links: If you don't see all the links, find them here: https://www.patreon.com/posts/march-1984-104469980   7 Minutes in Heaven: Dolphin's Rune/Dolphin's Pearl Video Version:  https://www.patreon.com/posts/104389483     https://www.mobygames.com/game/21190/the-dolphins-pearl/     Game Manual: https://archive.org/details/c64man_dolphins-rune     Ecco the Dolphin 7 Minutes in Heaven: https://www.patreon.com/posts/7-minutes-in-80192007 Corrections: February 1984 Ep - https://www.patreon.com/posts/february-1984-102404099 Ethan's fine site The History of How We Play: https://thehistoryofhowweplay.wordpress.com/     https://www.newspapers.com/article/the-san-francisco-examiner-la-pinball-or/145438040/     https://www.newspapers.com/article/the-san-francisco-examiner-san-francisco/145438150/     https://en.wikipedia.org/wiki/Capacitance_Electronic_Disc     https://www.mobygames.com/game/38079/cosmic-chasm/     https://www.mobygames.com/game/82890/cube-quest/     https://en.wikipedia.org/wiki/Tomy_Tutor     https://retrocomputing.stackexchange.com/a/15340     https://en.wikipedia.org/wiki/Intel_80186#In_personal_computers   1974: Atari introduces Gran Track 10     https://archive.org/details/cashbox35unse_37/page/58/mode/1up?view=theater         https://archive.org/details/cashbox35unse_38/page/54/mode/1up?view=theater     https://archive.org/details/cashbox35unse_36/page/52/mode/2up     https://www.youtube.com/watch?v=KYcNvAAeu6k     https://www.facebook.com/100057102354061/videos/1111919918819701/   Wurlitzer ends manufacturing     https://archive.org/details/cashbox35unse_37/page/59/mode/1up?view=theater     https://archive.org/details/cashbox35unse_35/page/44/mode/1up?view=theater     https://en.wikipedia.org/wiki/Wurlitzer   1984: Laserdisc games galore!     https://archive.org/details/198403VideoGamesExpress/mode/1up        Play Meter 15th, 1984, pg. 56     Replay March 1984, pg. 10     https://www.dragons-lair-project.com/games/   Centuri turns it around     No Headline In Original, PR Newswire, March 14, 1984, Wednesday, Dateline: HIALEAH, Fla., March 14   The battle begins with Sente vs. VS!     Replay March 1984, pg. 10     https://sergiostuff.com/category/nintendo-vs-dualsystem/     https://www.arcade-museum.com/Videogame/punch-out   Exidy goes interchangeable     Replay March 1984, pg. 10     https://en.wikipedia.org/wiki/Exidy#First_Star_Software_games     https://www.classicarcademuseum.org/exidy-max-a-flex-system     https://www.arcade-museum.com/Videogame/boulder-dash--data   Bills pile up at Pizza Time     Company Deferring Some Debts, The Associated Press, March 9, 1984, Friday, PM cycle, Section: Business News, Byline: By LORETTA NOFFSINGER, Associated Press Writer         Bankruptcy Threat Issued, The Associated Press, March 16, 1984, Friday, AM cycle   Pizza Time Theater enters Chapter 11     Curtains for the Pizza Time Theatre, Financial Times (London,England), March 30, 1984, Friday, Section: SECTION I; Pg. 18, Byline: By Louise Kehoe in San Francisco     Joneva Barry - Chuck E. Cheese, Kadabrascope - https://www.patreon.com/posts/joneva-barry-e-101938460     Roger Hector - Atari, Disney, Sega, Namco, Sente - https://www.patreon.com/posts/72058794     Owen Rowley - Chuck E Cheese, Autodesk - https://www.patreon.com/posts/owen-rowley-88533133   Bally buys Sente     BALLY-MANUFACTURING; Acquires Sente Technologies Division of Pizza Time Theatre Inc., Business Wire, March 29, 1984, Thursday   Chip shortage looms     Play Meter March 1st, 1984, pg. 16         Jay Balakrishnan - HESWare, Radical, Dynamics, Solid State Software - https://www.patreon.com/posts/jay-balakrishnan-103071267   Goldman Sachs quantifies the Crash     https://archive.org/details/computer-entertainer-2-12/page/182/mode/1up?view=theater      Battle for Warner is over...     Warner buys back Murdoch's stake with aid from Chris-Craft, Financial Times (London,England),  March 19, 1984, Monday, Section: SECTION I; Pg. 16, Byline: BY WILLIAM HALL IN NEW YORK     https://archive.org/details/masterofgamestev00bruc   Atari cuts another 200     Atari cuts jobs in restructuring, Financial Times (London,England), March 21, 1984, Wednesday, Section: SECTION II; International Companies; Pg. 19, Byline: BY LOUISE KEHOE IN SAN FRANCISCO     A Year After Layoffs, Atari Foresees Better Times in '84, The Associated Press, March 11, 1984, Sunday, BC cycle   Coleco losses dwarf expectations     COLECO LOSES $35 MILLION IN QUARTER, The New York Times, March 8, 1984, Thursday, Late City Final Edition, C, Section: Section D; Page 1, Column 3; Financial Desk, Byline: By DAVID E. SANGER         https://www.nytimes.com/1984/03/08/business/coleco-loses-35-million-in-quarter.html   Coleco announces massive layoffs     No Headline In Original, The Associated Press, March 28, 1984, Wednesday, AM cycle, Section: Business News, Byline: By S.W. BELL, AP Business Writer, Dateline: AMSTERDAM, N.Y.   Massive losses can't bring Mattel's spirits down     Mattel, Despite $171 Million Loss, Optimistic About Future, The Associated Press, March 15, 1984, Thursday, AM cycle, Byline: By ROGER GILLOTT, AP Business Writer        Mattel reaches new financing agreement with creditor banks, Financial Times (London,England), March 15, 1984, Thursday, Section: SECTION II; International Companies; Pg. 27, Byline: BY PAUL TAYLOR IN NEW YORK   Intellivision reborn!     https://archive.org/details/computer-entertainer-2-12/page/179/mode/1up?view=theater     https://en.wikipedia.org/wiki/Revco     https://en.wikipedia.org/wiki/Intellivision#INTV_Corporation_(1984%E2%80%931990)   2600 goes to Turkey     ATARI; Signs agreement with Turkish firm to manufacture and distribute video game products in Turkey, Business Wire, March 20, 1984, Tuesday  https://www.reddit.com/r/TheCinemassacre/comments/1afkuz2/the_first_atari_2600_commercial_in_turkey_80s/        http://www.atariboxed.com/index.php?go=output&sort=T1.Modul_Complete_Title,%20T1.Modul_Complete_Model,%20T1.Modul_Complete_TV,%20T1.Modul_Complete_Label&dir=DESC&rows_per_page=50&select_system=1&select_company=49   Odyssey RIP     Pioneer Home Video Game Is Dropped, The Associated Press, March 20, 1984, Tuesday, AM cycle, Byline: By TOM EBLEN, Associated Press Writer First Home Video-Game Maker Calling It Quits, The Associated Press, March 21, 1984, Wednesday, PM cycle, Byline: By TOM EBLEN, Associated Press Writer   Nintendo may show off console at summer CES     https://archive.org/details/computer-entertainer-2-12/page/182/mode/1up?view=theater      Goodbye Video Game Update including Computer Entertainer...     https://archive.org/details/computer-entertainer-2-12/mode/1up?view=theater     https://archive.org/details/electronic-fun-with-computers-and-games-volume-2-number-5-march-1984/page/4/mode/1up?view=theater     https://archive.org/details/Electronic_Games_Volume_02_Number_12_1984-03_Reese_Communications_US/page/n5/mode/2up     Julian 'Jaz' Rignall - Computer and Video Games, ZZAP!64, Mean Machines, Future Publishing, Virgin, IGN  - https://www.patreon.com/posts/julian-jaz-and-97565043     Jerry Wolosenko - Synapse - https://www.patreon.com/posts/42014024   Amiga announces 68000 based home computer     Infoworld March 26, 1984, pg. 13     Infoworld March 19, 1984 pg. 20     https://www.landley.net/history/mirror/atari/museum/mickey.html     https://theretrohour.com/amstrad-cpc-40th-anniversary-with-roland-perry-pt-1-the-retro-hour-ep425/   Mac distribution widens     Infoworld March 26, 1984, pg. 11     Infoworld March 26, 1984, pg. 16   Apple IIx rumors begin     https://archive.org/details/computer-entertainer-2-12/page/184/mode/1up?view=theater         https://en.wikipedia.org/wiki/Apple_IIGS     https://archive.org/details/Creative_Computing_1984-03/page/n43/mode/2up   Intel licenses chip designs to Sanyo     BOTH 8- AND 16-BIT MODELS; Tokyo Sanyo will make Intel-compatible MPUs, The Japan Economic Journal, March 13, 1984, Section: ELECTRICALS & ELECTRONICS; Pg. 9   Commodore and IBM become Intel licensees     https://www.nytimes.com/1984/03/10/business/ibm-is-licensed-to-makeintel-chip.html?searchResultPosition=1   https://archive.org/details/popular-computing-weekly-1984-03-15/mode/1up?view=theater     Don Greenbaum - Commodore - https://www.patreon.com/posts/don-greenbaum-67077078   Commodore goes brit     https://archive.org/details/popular-computing-weekly-1984-03-29/page/n4/mode/1up?view=theater         https://www.youtube.com/watch?v=sHJ6vVxJLlQ   IBM slashes PC prices in Europe     Infoworld March 26, 1984, pg. 11     Creative Computing reviews the TS 2068         https://archive.org/details/Creative_Computing_1984-03/page/n93/mode/2up   Timex calls it quits     https://archive.org/details/popular-computing-weekly-1984-03-01/mode/1up?view=theater        InfoWorld March 19, 1984 pg. 16   Sinclair admits QL is a mess     https://archive.org/details/popular-computing-weekly-1984-03-08/mode/1up?view=theater        https://archive.org/details/popular-computing-weekly-1984-03-15/page/n4/mode/1up?view=theater        https://archive.org/details/popular-computing-weekly-1984-03-29/page/n31/mode/1up?view=theater     https://archive.org/details/popular-computing-weekly-1984-03-22/page/n4/mode/1up?view=theater   QL peripheral makers multiply     https://archive.org/details/popular-computing-weekly-1984-03-29/page/n4/mode/1up?view=theater   Developers abandon QL for CPC     https://archive.org/details/popular-computing-weekly-1984-03-15/mode/1up?view=theater   Sir Clive's portable TV impresses     https://archive.org/details/popular-computing-weekly-1984-03-29/page/n15/mode/1up?view=theater        https://en.wikipedia.org/wiki/TV80   Sinclair EV to be made by Hoover     https://archive.org/details/popular-computing-weekly-1984-03-08/page/n4/mode/1up?view=theater   Imagine begins Bandersnatch and Psyclapse ad blitz     https://archive.org/details/computer-and-videogames-029/page/n153/mode/2up   Imagine bungles deal     https://archive.org/details/popular-computing-weekly-1984-03-08/mode/1up?view=theater        http://redparsley.blogspot.com/2016/08/input-magazine-retrospective.html        https://archive.org/details/Input_Vol_1_No_01_1997_Marshall_Cavendish_GB      Imagine announces price cut     https://archive.org/details/popular-computing-weekly-1984-03-08/page/n2/mode/1up?view=theater       https://archive.org/details/Big_K_Issue_03_1984_Jun/page/n15/mode/2up   Bug Byte won't give up on Miner Willie     https://archive.org/details/popular-computing-weekly-1984-03-22/page/n4/mode/1up?view=theater        https://www.gamesthatwerent.com/gtw64/mattie-goes-mining/   Novotrade details     First All-Hungarian Stock Corporation Ventures Into Video Gaming, The Associated Press, March 3, 1984, Saturday, BC cycle, Byline: By ROLAND PRINZ, Associated Press Writer     https://www.stayforever.de/2024/04/ddr-computer-sft-14/     https://www.ddr-museum.de/de/blog/2020/genex-geschenkdienst     https://de.wikipedia.org/wiki/Genex     https://archive.org/details/genexhauptkatalog1986   Hudsonsoft goes Speccy     https://archive.org/details/popular-computing-weekly-1984-03-29/mode/1up?view=theater        https://www.mobygames.com/game/company:1360/platform:zx-spectrum/sort:-date/page:1/     https://www.mobygames.com/game/19608/cannon-ball/   Geoff Crammond takes to the skies     https://archive.org/details/popular-computing-weekly-1984-03-29/page/n6/mode/1up?view=theater        https://www.youtube.com/watch?v=MVNAippFbAs     https://www.mobygames.com/person/6244/geoffrey-j-crammond/   Mythos puts Karsten Köper on the map     https://archive.org/details/atari-club-magazin-1984-3/page/6/mode/2up        https://archive.org/details/atari-club-magazin-1984-3/page/10/mode/2up        http://thethalionsource.w4f.eu/Artikel/Mythos.htm   XOR brings Football Manager to the gridiron     Infoworld March 12, 1984, pg. 22        https://www.mobygames.com/company/1848/xor-corporation/   Palace software to leverage movie licenses     https://archive.org/details/home-computing-weekly-052   Enter the 'bookware'     https://archive.org/details/Acorn_User_Number_020_1984-03_Adn-Wesley_GB/page/n7/mode/2up     https://worldofspectrum.net/publisher/11213/        https://archive.org/details/popular-computing-weekly-1984-03-08/page/n4/mode/1up?view=theater   Addison-Wesley launches line of games for girls     Infoworld March 26, 1984, pg. 20        https://www.youtube.com/watch?v=fsgYqUjtPj8        https://www.mobygames.com/company/23943/rhiannon-software/        https://www.wearelivinginthefuture.com/p/space-girls-gaming-obsolescence        https://archive.org/details/wozaday_Lauren_of_the_25th_Century   Angelsoft founded     https://archive.org/details/computer-entertainer-2-12/page/190/mode/1up?view=theater        https://www.mobygames.com/company/1107/angelsoft-inc/   Synergistic abandons publishing     https://archive.org/details/Electronic_Games_Volume_02_Number_12_1984-03_Reese_Communications_US/page/n13/mode/2up   Lotus goes for integration     https://archive.org/details/byte-magazine-1984-03/page/n10/mode/1up?view=theater        https://en.wikipedia.org/wiki/Lotus_Symphony_(MS-DOS)     http://oldvcr.blogspot.com/2021/08/the-commodore-plus4-3-plus-1-and.html        https://archive.org/details/Ahoy_Issue_03_1984-03_Ion_International_US/page/n9/mode/2up   Egghead Softwear is slashing prices     https://archive.org/details/Creative_Computing_1984-03/page/n205/mode/2up   Comptiq brings US games to Japan     Comptique will market U.S.-made game packages, The Japan Economic Journal, March 13, 1984, Section: SPECIAL U.S. SECTION; Pg. 13         https://www.mobygames.com/company/6942/comptiq/        https://en.wikipedia.org/wiki/Comptiq   MSX looks to be a dud     https://archive.org/details/home-computing-weekly-052/page/n31/mode/2up   Sega to export 70,000 SC300's     Personal computers, The Japan Economic Journal, March 6, 1984, Section: NEWS PACKAGE; Pg. 18   MAX RIP     Commodore withdraws from toy business, The Japan Economic Journal, March 13, 1984, Section: SERVICE/LEISURE/FOOD; Pg. 18   Robotron ships with dual controller holder     https://archive.org/details/computer-entertainer-2-12/page/184/mode/1up?view=theater        https://forums.atariage.com/topic/166814-robotron-dual-controller-holder/   Violence in Gaming debate comes to the C64     https://archive.org/details/Video_Games_Volume_2_Number_06_1984-03_Pumpkin_Press_US/page/n77/mode/2up         https://www.youtube.com/watch?v=tqPymlvBrSA      Alladin's Castle finally beats Mesquite     Play Meter 15th, 1984, pg. 13   Computer hacking laws proposed     https://archive.org/details/home-computing-weekly-053/page/n15/mode/2up   Piracy has Apple in a tizzy     No Headline In Original, United Press International, March 10, 1984, Saturday, PM cycle   Japanese Industry backs MITI     KEIDANREN SUPPORTS MITI'S SOFTWARE PROTECTION BILL, Copyright 1984 Jiji Press Ltd.Jiji Press Ticker Service, MARCH 13, 1984, TUESDAY        https://www.keidanren.or.jp/en/profile/pro001.html   Video Nasties Bill gets games amendment     https://archive.org/details/popular-computing-weekly-1984-03-22/page/n4/mode/1up?view=theater        https://en.wikipedia.org/wiki/Video_Recordings_Act_1984   UK Libraries clash with software publishers     https://archive.org/details/popular-computing-weekly-1984-03-29/mode/1up?view=theater      Are computer graphics art?     https://www.nytimes.com/1984/03/27/science/colorful-graphics-aren-t-for-everybody.html        https://blisscast.wordpress.com/2023/10/17/mindset-computer-vyper-game/         https://en.wikipedia.org/wiki/Mindset_(computer)   Smart devices invade homes     A Year After Layoffs, Atari Foresees Better Times in '84, The Associated Press, March 11, 1984, Sunday, BC cycle       https://www.nytimes.com/1984/03/08/garden/the-digital-revolution-breeds-smart-new-appliances.html   Seiko introduces the smartwatch     https://archive.org/details/byte-magazine-1984-03/page/n10/mode/1up?view=theater        https://www.namokimods.com/en-eu/blogs/namokitimes/seiko-originals-the-uc-2000-a-smartwatch-from-1984   RIP Mike Kogan     Replay March 1984, pg. 10     https://en.wikipedia.org/wiki/Michael_Kogan Recommended Links:   The History of How We Play: https://thehistoryofhowweplay.wordpress.com/ Gaming Alexandria: https://www.gamingalexandria.com/wp/ They Create Worlds: https://tcwpodcast.podbean.com/ Digital Antiquarian: https://www.filfre.net/ The Arcade Blogger: https://arcadeblogger.com/ Retro Asylum: http://retroasylum.com/category/all-posts/ Retro Game Squad: http://retrogamesquad.libsyn.com/ Playthrough Podcast: https://playthroughpod.com/ Retromags.com: https://www.retromags.com/ Games That Weren't - https://www.gamesthatwerent.com/ Sound Effects by Ethan Johnson of History of How We Play. Copyright Karl Kuras   chuck e cheese   atari   commodore   commodore 64   ecco   dolphin's pearl   dolphin's rune   nintendo   nes   famicom   vs   amiga   appleii   palace   retro   video games   alladins castle   robotron   commodore max   addison-wesley   rhiannon software   bookware   thalion   geoff crammond   novotrade   hudsonsoft   spectrum   ql   amstrad   imagine   sinclair   timex   intel   pc clones   odyssey   magnavox   coleco   intellivision   exidy   laserdisc   dragon's lair

Bienvenidos a Cepeceros, un podcast en Mode 0 para amantes del píxel ladrillo. En esta ocasión nos acompaña Pachecus, con quien repasamos dos clasicazos como Xor y Miami Vice. Conoceremos la relación personal de nuestro invitado con ambos juegos y que recuerdos y sensaciones le despierta. Toda la info sobre los juegos y nuestro invitado en nuestra web: https://www.cepeceros.com Ven a charlar con nosotros: https://bit.ly/Cepecerostelegran Ko-fi: https://ko-fi.com/cepecerospodcast

It's been a busy week at FMFShow towers, and a crazy week in the world of Football Manager.Before it gets patched (presuming it gets patched anyway), we put the latest 'no money down' transfer moves into play to see if you really can lure some of the biggest players in the game to greener shores for little to no cash. We've got two must-win games in the Premier League, Ken's off to the Amex to take on Brighton in the FA Cup and we're cracking into the last 16 of the Champions League with a super-tasty draw made off the back of the competition's new format.And just how magical are Jack Grealish's calves? We'll find out in this week's episode of The Football Manager Football Show!Follow Ken on XFollow Shane on XFollow the podcast on XOr get in touch via email to podcast@fmfshow.comContains strong language.

Crossposted from the AI Alignment Forum. May contain more technical jargon than usual.Thanks to Clément Dumas, Nikola Jurković, Nora Belrose, Arthur Conmy, and Oam Patel for feedback.In the comments of the post on Google Deepmind's CCS challenges paper, I expressed skepticism that some of the experimental results seemed possible. When addressing my concerns, Rohin Shah made some claims along the lines of “If an LLM linearly represents features a and b, then it will also linearly represent their XOR, _aoplus b_, and this is true even in settings where there's no obvious reason the model would need to make use of the feature _aoplus b._”For reasons that I'll explain below, I thought this claim was absolutely bonkers, both in general and in the specific setting that the GDM paper was working in. So I ran some experiments to prove Rohin wrong.The result: Rohin was right and [...]--- First published: January 3rd, 2024 Source: https://www.lesswrong.com/posts/hjJXCn9GsskysDceS/what-s-up-with-llms-representing-xors-of-arbitrary-features --- Narrated by TYPE III AUDIO.

Welcome to The Nonlinear Library, where we use Text-to-Speech software to convert the best writing from the Rationalist and EA communities into audio. This is: What's up with LLMs representing XORs of arbitrary features?, published by Sam Marks on January 3, 2024 on The AI Alignment Forum. Thanks to Clément Dumas, Nikola Jurković, Nora Belrose, Arthur Conmy, and Oam Patel for feedback. In the comments of the post on Google Deepmind's CCS challenges paper, I expressed skepticism that some of the experimental results seemed possible. When addressing my concerns, Rohin Shah made some claims along the lines of "If an LLM linearly represents features a and b, then it will also linearly represent their XOR, ab, and this is true even in settings where there's no obvious reason the model would need to make use of the feature ab."[1] For reasons that I'll explain below, I thought this claim was absolutely bonkers, both in general and in the specific setting that the GDM paper was working in. So I ran some experiments to prove Rohin wrong. The result: Rohin was right and I was wrong. LLMs seem to compute and linearly represent XORs of features even when there's no obvious reason to do so. I think this is deeply weird and surprising. If something like this holds generally, I think this has importance far beyond the original question of "Is CCS useful?" In the rest of this post I'll: Articulate a claim I'll call "representation of arbitrary XORs (RAX)": LLMs compute and linearly represent XORs of arbitrary features, even when there's no reason to do so. Explain why it would be shocking if RAX is true. For example, without additional assumptions, RAX implies that linear probes should utterly fail to generalize across distributional shift, no matter how minor the distributional shift. (Empirically, linear probes often do generalize decently.) Present experiments showing that RAX seems to be true in every case that I've checked. Think through what RAX would mean for AI safety research: overall, probably a bad sign for interpretability work in general, and work that relies on using simple probes of model internals (e.g. ELK probes or coup probes) in particular. Make some guesses about what's really going on here. Overall, this has left me very confused: I've found myself simultaneously having (a) an argument that AB, (b) empirical evidence of A, and (c) empirical evidence of B. (Here A = RAX and B = other facts about LLM representations.) The RAX claim: LLMs linearly represent XORs of arbitrary features, even when there's no reason to do so To keep things simple, throughout this post, I'll say that a model linearly represents a binary feature f if there is a linear probe out of the model's latent space which is accurate for classifying f; in this case, I'll denote the corresponding direction as vf. This is not how I would typically use the terminology "linearly represents" - normally I would reserve the term for a stronger notion which, at minimum, requires the model to actually make use of the feature direction when performing cognition involving the feature[2]. But I'll intentionally abuse the terminology here because I don't think this distinction matters much for what I'll discuss. If a model linearly represents features a and b, then it automatically linearly represents ab and ab. However, ab is not automatically linearly represented - no linear probe in the figure above would be accurate for classifying ab. Thus, if the model wants to make use of the feature ab, then it needs to do something additional: allocate another direction[3] (more model capacity) to representing ab, and also perform the computation of ab so that it knows what value to store along this new direction. The representation of arbitrary XORs (RAX) claim, in its strongest form, asserts that whenever a LLM linearly represents features a and b, it will also linearly represent ab. Concretely, this might look something like: in layer 5, the model computes and linearly r...

Welcome to The Nonlinear Library, where we use Text-to-Speech software to convert the best writing from the Rationalist and EA communities into audio. This is: Some negative steganography results, published by Fabien Roger on December 9, 2023 on LessWrong. Disclaimer: These are negative results and this post is below the normal quality bar I usually use. These were quick experiments (a couple of days of work) and I don't have much expertise in RL. They don't provide strong evidence about the natural emergence of steganography. People speculate that LLMs might learn to do steganography, and I've shown that you can teach LLMs to implement a specific steganography scheme that RLHF could in principle incentivize. But even if incentivized, are current RL methods powerful enough to teach LLMs how to do steganography? Here are two negative results, which provide some evidence that hidden 1-bit communication is relatively hard for RL to learn. I don't claim that RL can't teach LLMs to do steganography - it's very likely that better RL setups (e.g. the ones labs use for instruction tuning or setups that simply have better hyperparameters or more training time) would teach model how to subtly communicate 1-bit of information. The takeaways are rather: If you see someone without much RL experience trying to do a similar experiment, they are likely to get negative results. 1-bit steganography is not as easy as simple RL tasks. An analogy: DNNs can learn the XOR function, but it's much easier for them to learn linear functions - DNNs don't use XOR-like features unless they have to and you optimize hard enough. Experiment 1: PPO on GPT2-large The setup: Fine-tune gpt2-large with supervised fine-tuning on "This review is {red/blue}. {review}.", where the color is randomly selected and reviews are short imdb reviews. Simultaneously fine-tune for: A bert-base-uncased model to predict whether a review is red or blue (reviews completed by the model trained with RL - but without the prefix saying if the review is blue or red). It is trained for 10 supervised learning steps for each step of PPO. The fine-tuned gpt2-large model with PPO to complete "This review is {red/blue}. {start of review}.", using as reward the accuracy of the classifier at knowing if "{start of the review}{completion}" is red or blue. (I've also tried using BERT's logits). Result: the classifier never had a >50% accuracy at knowing whether the RLed reviews were red or blue. Controls: If in the initial supervised fine-tuning, I sometimes randomly insert words related to blue/red depending on the color of the review, then the models learn to use those more often and the classifier correctly learns to rely on those to predict the color of the review. If I use "positive sentiment" as a reward for the PPO model, it very quickly produces more positive review completions. Hyperparameters: 200 steps, batch size 128, with LoRA rank 16 and a learning rate of 3e-5. The other parameters are the default ones from the trl PPOTrainer. I tried reducing the KL-penalty and changing the number of BERT training steps per epoch, and found the same results. Experiment 2: poor-man's RL on GPT-3.5-Turbo Ran by Ryan Greenblatt. The setup (roughly): Generate completions to "I am {under/over} 40 years old. {instruction}". Using the data from step 1, fine-tune GPT-3.5-Turbo on "{instruction} {completion}. Is the user over 40 years old?" "{yes/no}" (500 samples, 3 epochs, using the OpenAI API). Fine-tune GPT-3.5-Turbo on good completions: Select the completions from step 1 where the fine-tuned model was correct and where no obvious hint about the age was present in the completion (as judged by regular GPT-4-Turbo), and fine-tune the model on "I am {under/over} 40 years old. {instruction}" "{completion}" (500 samples, 3 epochs, using the OpenAI API). Repeat 1-3 multiple times until convergence (in practice, performance plateaued at after 6 iterations). Results: the classifier never had significantly >5...

Link to original articleWelcome to The Nonlinear Library, where we use Text-to-Speech software to convert the best writing from the Rationalist and EA communities into audio. This is: Some negative steganography results, published by Fabien Roger on December 9, 2023 on LessWrong. Disclaimer: These are negative results and this post is below the normal quality bar I usually use. These were quick experiments (a couple of days of work) and I don't have much expertise in RL. They don't provide strong evidence about the natural emergence of steganography. People speculate that LLMs might learn to do steganography, and I've shown that you can teach LLMs to implement a specific steganography scheme that RLHF could in principle incentivize. But even if incentivized, are current RL methods powerful enough to teach LLMs how to do steganography? Here are two negative results, which provide some evidence that hidden 1-bit communication is relatively hard for RL to learn. I don't claim that RL can't teach LLMs to do steganography - it's very likely that better RL setups (e.g. the ones labs use for instruction tuning or setups that simply have better hyperparameters or more training time) would teach model how to subtly communicate 1-bit of information. The takeaways are rather: If you see someone without much RL experience trying to do a similar experiment, they are likely to get negative results. 1-bit steganography is not as easy as simple RL tasks. An analogy: DNNs can learn the XOR function, but it's much easier for them to learn linear functions - DNNs don't use XOR-like features unless they have to and you optimize hard enough. Experiment 1: PPO on GPT2-large The setup: Fine-tune gpt2-large with supervised fine-tuning on "This review is {red/blue}. {review}.", where the color is randomly selected and reviews are short imdb reviews. Simultaneously fine-tune for: A bert-base-uncased model to predict whether a review is red or blue (reviews completed by the model trained with RL - but without the prefix saying if the review is blue or red). It is trained for 10 supervised learning steps for each step of PPO. The fine-tuned gpt2-large model with PPO to complete "This review is {red/blue}. {start of review}.", using as reward the accuracy of the classifier at knowing if "{start of the review}{completion}" is red or blue. (I've also tried using BERT's logits). Result: the classifier never had a >50% accuracy at knowing whether the RLed reviews were red or blue. Controls: If in the initial supervised fine-tuning, I sometimes randomly insert words related to blue/red depending on the color of the review, then the models learn to use those more often and the classifier correctly learns to rely on those to predict the color of the review. If I use "positive sentiment" as a reward for the PPO model, it very quickly produces more positive review completions. Hyperparameters: 200 steps, batch size 128, with LoRA rank 16 and a learning rate of 3e-5. The other parameters are the default ones from the trl PPOTrainer. I tried reducing the KL-penalty and changing the number of BERT training steps per epoch, and found the same results. Experiment 2: poor-man's RL on GPT-3.5-Turbo Ran by Ryan Greenblatt. The setup (roughly): Generate completions to "I am {under/over} 40 years old. {instruction}". Using the data from step 1, fine-tune GPT-3.5-Turbo on "{instruction} {completion}. Is the user over 40 years old?" "{yes/no}" (500 samples, 3 epochs, using the OpenAI API). Fine-tune GPT-3.5-Turbo on good completions: Select the completions from step 1 where the fine-tuned model was correct and where no obvious hint about the age was present in the completion (as judged by regular GPT-4-Turbo), and fine-tune the model on "I am {under/over} 40 years old. {instruction}" "{completion}" (500 samples, 3 epochs, using the OpenAI API). Repeat 1-3 multiple times until convergence (in practice, performance plateaued at after 6 iterations). Results: the classifier never had significantly >5...

Blog: https://medium.com/asecuritysite-when-bob-met-alice/a-bluffers-guide-to-symmetric-key-encryption-modes-f7882881f6d Symmetric key encryption involves a single key to encrypt and decrypt and where Bob and Alice can use the same encryption key. The two most popular symmetric key methods are AES — Advanced Encryption Standard — and ChaCha20. Along with this, we either have a block cipher or a stream cipher. With a block cipher, we process a number of bytes at a time with our ciphering process. With AES, we have a 128-bit block size, and thus process 16 bytes for each block. For a stream cipher, we generate a pseudo infinitely long key stream from a passphrase or random value, and then just XOR this with the plaintext. The size of the key stream is match to the number of bytes in the plaintext. To decrypt, we just generate the same key stream, and XOR it with the ciphertext to recover the plaintext. I am often surprised by how little care many companies have in their encryption process and do not review the fundamental weaknesses of using symmetric key encryption. For many, it is a tick-box approach, where an auditor just asks if they are using encryption or not. It should not be, and there are many weaknesses that need to be taken into account. So, here's the bluffer's guide to modes in AES: ECB (Electronic Code Book). This is the fastest mode and should NEVER be used, as there is no salt (IV) used in the ciphering process. This mode is only used for academic purposes to show what can go wrong if salt is not added to the encryption process. With this, the ciphertext will always be the same for the same plaintext, and it is possible to easily crack by looking at patterns in the data. All of the other modes have a salt (IV or nonce) value: CTR (Counter). This is an excellent mode which has a counter for each block, and then converts to a stream cipher. It is nearly as fast as ECB, and can be processed in parallel. It can be played back in a different session and can have little in the way to integrity check, and where Eve can flip bits and change the plaintext from the ciphertext. We need all the ciphertext before we can use the plaintext. A demo of breaking CTR is: https://billatnapier.medium.com/can-i-break-aes-encryption-yes-31bdf539aba0 GCM (Galois/Counter Mode). This is almost the same as CTR and is a stream cipher, but slower than CTR (but still relatively fast overall. It has the advantage of adding additional data, such as for a session ID, and thus protects against playback. GCM (Galois/Counter Mode). The main change from CTR is to add a MAC, and so the bit-flipping method would be near impossible to implement. This mode implements AEAD (Authenticated Encryption with Additional Data), and is useful in defending against playback attacks. It can suffer from nonce reuse, though. CBC (Cipher Block Chain). This is a block mode which thus requires padding before encryption and after decryption. While achieving the same speeds as ECB for a small amount of data, it slows down with larger amounts — because of the block-chaining process. It is seen to be a little cumbersome and has a few issues with security. CCM (counter with cipher block chaining message authentication code; counter with CBC-MAC). This is a stream cipher mode and has a similar performance to CBC. It integrates better integrity checks with a MAC (message authentication code). ChaCha20. It is not AES — which can be a good thing. Along with this, it is a stream cipher (and so fast in its operation). It is typically not as fast at CTR and GCM, but faster than CBC. Overall, AES tends to be accelerated for its processing on x64/x86 chips, but not for ChaCha20. As with AES GCM mode, ChaCha20 implements AEAD (Authenticated Encryption with Additional Data) and is useful in defending against playback attacks. There are other modes, such as OFB (Output Feedback) and CFB (Cipher Feedback), but these are not used that much. For this in the finance industry, you might also be using 3DES, and which has not been broken, but is much slower than AES and ChaCha20. Here are some performance tests [here]: Generally, the stream ciphers can struggle against nonce reuse, and if the same nonce is used, it can be possible to break AES by XOR'ing cipher streams. And to show the breaking of the integrity of AES: Can You Trust AES Encryption? In this article, I will not break the AES method (as it has yet to be broken), but breach its integrity. This is… billatnapier.medium.com   But, it's NIST defined! There is no guarantee that because NIST defines something as a standard that it will be secure, as it all depends on the implementation. ECDSA and EdDSA are NIST standards but have been easily broken in the past with poor implementations. We have seen that CTR mode is weak against bit-flipping, and where GCM creates a MAC to defend against this. While it is nearly impossible to flip the bits of the cipher and of the MAC, and for them to tie-up, it is certainly possible to recreate a valid MAC and replace it, when a nonce is reused. So, companies who take security seriously should understand their risks, and test accordingly. Those involved in areas of high risk, such as dealing with financial data and PII, should understand the risks in the methods they implement and not just tick a box to say that they have encrypted the data. I have seen many examples of companies ploughing on with the same old encryption methods — even though they have significant weaknesses.

Blog: https://medium.com/asecuritysite-when-bob-met-alice/lesson-1-in-secure-programming-dont-reuse-your-ivs-5666ddfa9a1c I wrote up an article on a recent Samsung vulnerability [here], and one comment said … “it's an old bug, reuse of IV (Initialisation Vectors) seem a very basic problem”. On the face of it, the comment perhaps doesn't go into enough detail, so I'll try and explain the “bug” and hopefully show that it is shockingly bad coding … almost negligent in terms of protection, and could even be seen as an intentional backdoor. And for a “very basic problem”, it should perhaps be “extremely bad coding”, and this “bug” should never, ever be seen within trusted environments. It shows an almost complete lack of knowledge in how cryptography works, with a novice vulnerability. The paper is here [1]: In fact, it's like WEP all over again, and where the WEP Wifi method had a small IV (Initialisation Vector), and when it rolled out, it was possible to just XOR cipher streams, and discover the plaintext. The asleep program could crack any Cisco access point in less than a day. Luckily we now use WPA-2, and which does not have the reuse of the IV. I hope to show that we should be worried if code such as this ever gets near a user's device. In fact, if there was ever a back door in a mobile phone, it could be this one. If you want to read about the “bug”, try here: Crypto Bug in Samsung Galaxy Devices: Breaking Trusted Execution Environments (TEEs) If you use an Apple Macbook, it's likely that you have a secret enclave for important secrets — such as your encryption… medium.com   A bad “bug” Now, I will explain how bad this “bug” is. If you are into cybersecurity, you should hopefully know that AES GCM is a stream cipher. With this, we take a secret key value and a salt value (an IV — Initialisation Vector) and generate a pseudo infinite keystream. Our plaintext is then simply XOR-ed with the keystream to produce our ciphertext: The salt value should then always be random, as a fixed salt value will always produce the same keystream for the same plaintext, and where we can reveal the keystream by XOR-ing cipher streams, and eventually revealing the plaintext. In the case of the key wrapping, the plaintext is an encryption key, and thus the encryption key used by the TEE will be revealed. If we reuse IVs, Eve will be able to XOR cipher streams together and reveal the keystream (K). From there she can decrypt every cipher stream, but simply XOR-ing the cipher stream with K. Coding AES GCM (Galois Counter Mode) is a stream cipher mode for AES. It is based on the CTR mode but converts to a stream cipher. This provides low latency in the encryption/decryption process and is fast to process. Along with this, it integrates AEAD mode for authentication. But as GCM is a stream cipher mode, it is open to a reuse IV attack. With this, the IV (Initialization Vector) of the cipher is the same for two cipher messages. We can then XOR to the two cipher streams together to reveal the cipher stream key (K). We can then reveal the plaintext by XOR-ing any cipher stream with K. So, let's try some code to do this. In this case, I will use Golang to show the basic principles of the method. I will use a static key in this case (as this would not change within the TEE) of “0123456789ABCDEF” (16 bytes — 128-bit key), and a static nonce of “0123456789AB” (12 bytes — 96 bits) [here]: package mainimport ( "crypto/aes" "crypto/cipher" "fmt" "os")func xor(a, b []byte, length int) []byte { c := make([]byte, len(a)) for i := 0; i < length; i++ { c[i] = a[i] ^ b[i] } return (c)}func main() { nonce := []byte("0123456789AB") key := []byte("0123456789ABCDEF") block, err := aes.NewCipher(key) if err != nil { panic(err.Error()) } msg1 := "hello" msg2 := "Hello" argCount := len(os.Args[1:]) if argCount > 0 { msg1 = (os.Args[1]) } if argCount > 1 { msg2 = (os.Args[2]) } plaintext1 := []byte(msg1) plaintext2 := []byte(msg2) aesgcm, err := cipher.NewGCM(block) if err != nil { panic(err.Error()) } ciphertext1 := aesgcm.Seal(nil, nonce, plaintext1, nil) ciphertext2 := aesgcm.Seal(nil, nonce, plaintext2, nil) xor_length := len(ciphertext1) if len(ciphertext1) > len(ciphertext2) { xor_length = len(ciphertext2) } ciphertext_res := xor(ciphertext1, ciphertext2, xor_length) fmt.Printf("Message 1:t%sn", msg1) fmt.Printf("Message 2:t%sn", msg2) fmt.Printf("Cipher 1:t%xn", ciphertext1) fmt.Printf("Cipher 2:t%xn", ciphertext2) fmt.Printf("Key:tt%xn", key) fmt.Printf("Nonce:tt%xn", nonce) fmt.Printf("XOR:tt%xn", ciphertext_res) plain1, _ := aesgcm.Open(nil, nonce, ciphertext1, nil) plain2, _ := aesgcm.Open(nil, nonce, ciphertext2, nil) fmt.Printf("Decrypted:t%sn", plain1) fmt.Printf("Decrypted:t%sn", plain2)} When we run with “hello” and “Hello” we get [here]: Message 1: helloMessage 2: HelloCipher 1: 7fcbe7378c2b87a5dfb2803d4fcaca8d5cde86dbfaCipher 2: 5fcbe7378cf8c68b82a2b8d705354e8d6c0502cef2Key: 30313233343536373839414243444546Nonce: 303132333435363738394142XOR: 2000000000d3412e5d1038ea4aff840030db841508Decrypted: helloDecrypted: Hello If we try “hello” and “Cello”, we can see that there's a variation in the first byte of the cipher stream: Message 1: helloMessage 2: CelloCipher 1: 7fcbe7378c2b87a5dfb2803d4fcaca8d5cde86dbfaCipher 2: 54cbe7378c5638db82df34a46172abed62b887aa48Key: 30313233343536373839414243444546Nonce: 303132333435363738394142XOR: 2b000000007dbf7e5d6db4992eb861603e660171b2Decrypted: helloDecrypted: Cello The “bug” allowed a user program to request their own IV, which meant that a cracker would continually request the same IV, and then break the cipher, and reveal the encryption key used. This is because the TEE (Trusted Execution Environment) uses key wrapping to encrypt the encryption key with AES GCM, so a cracker can request these wrapped keys, but with their own IV. This then reveals the key that the TEE is using. This is extremely bad coding! Conclusion This is extremely bad coding, and I would not expect this level of implementation from a new graduate. If a development team creating code within a TEE doesn't understand a reuse IV attack, they need to go on a secure coding training course before they ever touch any more trusted code. If this was an intentional backdoor, that's a whole other story. I hope, it was just a bug, but we really need to improve our knowledge in the creation of TEEs, as these also run within Cloud-based systems. Reference [1] Shakevsky, A., Ronen, E., & Wool, A. (2022). Trust Dies in Darkness: Shedding Light on Samsung's TrustZone Keymaster Design. Cryptology ePrint Archive.

Related blog post: https://billatnapier.medium.com/cryptography-fundamentals-commutative-encryption-19ba4c4c2173 Introduction What's at the core of cryptography? Well, the simple EX-OR holds a special place, as we can do not lose any information when we apply it. For a bitwise operation of 0 EXOR 0 gives 0, 0 EXOR 1 gives 1, 1 EXOR 0 gives 1, and 1 EXOR 1 gives 0.  And, so, cryptographers dream of the perfect cipher. And that cipher is a one-time pad. Basically, we generate a one-time use key for our plaintext, and then EX-OR them together, and then just EX-OR again with the same key and we will get our plaintext back. Unfortunately, we can only use it once and need to generate another one. So, let's see if we can generate something similar but just use the simple XOR method for our encryption and decryption. In the Tor (The Onion Router) network, data is encrypted with a key from each of the Tor routing nodes. Thus, if we have three nodes of A, B and C, with A as the entry node and C as the exit node. For this, the user will generate a separate key for each node to use and encrypt with the key of A, then the key of B, and then the key of C. The encrypted data is passed to A, and which will decrypt with its key, and pass the encrypted data onto B, and who will decrypt with its key. Finally, C will decrypt with its key, and the data will be decrypted. This protects the data as it is routed. But we have to remove the keys in the reverse order they were applied. One way to do this is with commutative encryption. Using a hasp When I worked as an electrical engineer, we had a hasp to isolate the electric power on a device we were working on: With this, each person who was working on the equipment, would put on their own padlock, and where we could not put the power back on, until all the padlocks had been taken off. The padlocks could be put on in any order, and taken off in any order, but there was no way to putting the power back on, until everyone had taken their padlock off. So how could we do this with data. Let's say that Bob, Alice and Carol want to apply their “data hasp”, so that the data cannot be revealed until they have all taken off their padlock. Well, with symmetric key block ciphers, such as AES, we cannot do this, as we must decrypt in the reverse order of they keys being applied: To encrypt: Bob → Alice → Carol … and then to decrypt: Carol → Alice →Bob There are ways to do it with RSA, such as with SRA [here], but these methods significantly reduce the security of the process. The solution is to use a stream cipher, as we basically just X-OR the data when we are encrypting, and then X-OR again with the same key when we decrypt. We can apply multiple keys to the data, and in any order and it will always decrypt properly once we have applied all the keys. What we need with commutative encryption is to have an encryption string which is the same length as the data string. To make the encryption string, we can use an XOF (eXtendable-Output Functions) and where we can create a hash value of a given size. For this, rather than the fixed hash of SHA-3, we can use the SHAKE. Or with With BLAKE2b we have an XOF of BLAKE2XB, and for BLAKE2s we have an XOF of BLAKE2XS. We can then basically have a secret passphrase, and which generates an output which matches the length of the plaintext. Another method we can use, is to generate an pseudo infinitely long encryption key which is the same length as the plaintext — in the same way that a stream cipher works. A simple application: Booking a ticket With the ever increasing number of breaches, we are moving to a world where companies should not hold any personally sensitive information, as it is just too risky. So how could we create a trustworthy system, where someone can show up with a ticket, and where we can trust it, without actually revealing any personal information about where the person has booked their seat? So how can we generate a receipt of the booking, but not give away your identity, or the details of the booking? Let's take an example of booking a seat in a theatre at the festival, and how your privacy can be respected, but where the theatre will trust the ticket. Let's say there are 100 seats in a theatre, and I want to book one of them, but I don't want the theatre company to know which seat I've booked, or my identity. I also want a receipt of purchase that they can verify my booking. One way would be to get a trusted agent to look after the bookings, but I don't trust them either. So how can we do this? Well it can be done with commutative encryption. The steps would be: Initially the theatre company generates 100 receipts for each of the seats, and then encrypts them with its public key. Next when I want to make a booking they send me the encrypted receipts that they have left, and I select one at random, and then encrypt it with my public key. I send them all back, including the one I've encrypted. The theatre checks to see which one has been changed, and then decrypts it with its private key, and sends it back to me. I decrypt with my private key, and I can now view the receipt for my booking, and the theater company cannot determine which seat I have, but I will have the receipt of my booking. So here is an example where the theatre encrypts all the seats with its key, the person then selects one, and encrypts with their key, and sends them all back again. Then the theater decrypts the one that has changed, and sends it back for the person to decrypt, and we have a booking. The theatre thus does not know who has booked the seat: Commutative encryption using ChaCha20 ChaCha20 is a stream cipher, and where we created pseudo infinitely long encryption key, and the just XOR it with the plain text. With commutative encryption, we can decrypt with the keys in any order. Normally we would encrypt with Bob's key and then encrypt with Alice's key, and then we must decrypt with Alice's key and then Bob's. In commutative encryption, we can decrypt in any order. With a stream cipher, we can automatically apply commutative as we basically just EX-OR with the key stream. In the following we use Go code, and where Bob encrypts, Alice encrypts, Bob decrypts, and then Alice decrypts [here]. And a sample run [here]: Input text: HelloBob passphrase: qwertyAlice passphrase: 123456Input text: HelloBob keygen: 65e84be33532fb784c48129675f9eff3a682b27168c0ea744b2cf58ee02337c5Alice keygen: 8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92Cipher after Bob encrypt: d9eef8ecdcCipher after Alice encrypt: 7a5dcd0f43Cipher after Bob decrypt: ebd6598ff0Cipher after Alice decrypt: 48656c6c6fDecrypted text: Hello We can easily extend the method to Carol, Trent, and so on. In my simple example I have used the same nonce for Bob and Alice, but in real life they would use different values, and these would be random for every transaction. Commutative encryption using SHAKE-128 NIST chose Keccak as the standard for SHA-3. But, it's all a bit confusing, as there are two main versions of this: Keccak and SHA-3. Many systems, such as Ethereum have adopted Keccak, while others go for SHA-3. The only real difference between them is a difference in the padding of data. An eXtendable-Output Function (XOF) produces a bit string that can be of any length. In fact, we can create an infinitely long bit string, if required. The main methods are SHAKE128, SHAKE256, BLAKE2XB and BLAKE2XS. With the SHA-3 hashing method, we have four different cryptographic hashing methods (SHA3–224, SHA3–256, SHA3–384, and SHA3–512) and two XOF functions (SHAKE128 and SHAKE256).  With commutative encryption, we can decrypt with the keys in any order. Normally we would encrypt with Bob's key and then encrypt with Alice's key, and then we must decrypt with Alice's key and then Bob's. In commutative encryption, we can decrypt in any order. While our symmetric key block ciphers cannot be made commutative, we can use stream ciphers, as they perform an EX-OR function. In this example we will use the SHAKE128 or SHAKE256, and generate Bob and Alice's key. https://asecuritysite.com/commul/comm_stream Communicative encryption using SRA With maths, operators such as multiplication are commutative, such as: 3 x 5 x 4 = 4 x 5 x 3 In encryption, most operations are non-commutative, so we need to modify the methods. One way is to use RSA, but generate two keys which have shared p, q and N values. So we generate Bob and Alice's keys using the same two prime numbers (p and q), so that they share the same N value (modulus). So let's start with Bob: Let's select: P=7, Q=13 The calculation of n and PHI is: N = 7 x 13 = 91 PHI = (P-1)(Q-1) = 72 We need to make sure that our encryption key (e) does not share any factors with PHI (gcd(PHI,e)=1). We can select e as: e = 5 Next we can calculate d from: (d x 5) mod (72) = 1 The answer is 29 [Solve] d= 29, e=5, N=91Encryption key [91,5]Decryption key [91,29] Now for Alice. We have: N = 7 x 13 = 91PHI = (P-1)(Q-1) = 72 We can select e as (and should not share any factors with PHI): e = 7 Now we must solve: (7 x d) mod (72) = 1 For this we get 31 [Solve] Alice's keys are then: d= 31, e=7, N=91Encryption key [91,7]Decryption key [91,31] An example of this is here: https://asecuritysite.com/commul/comm2 Commutative encryption using Massey-Omura  As we have seen, commutative encryption allows us to decrypt in any order. For this we can use Massey–Omura Cryptosystem and generate encryption keys which share a prime number. One classic patent for commutative encryption was written by James Massey and Jim K. Omura created the Massey–Omura Cryptosystem in 1982 [1]. It took over three years to be assigned and was assigned to Omnet Associates [here]: It uses exponentiation in the Galois field GF(2^n) for both the encryption and decryption functions. In this, if we have a message of M, the encryption is: and This are operated on with the Galois field. For this we define e within: and we make sure that e does not share a factor with 2^n-1 using: The decryption exponent d is defined as: This works because the multiplicative group of the Galois field GF(2^n) has order 2^n−1, and where Lagrange's theorem defines that m^{de}=m for all the values of m in GF(2^n). The coding is here [link]: import libnumimport randomimport sysfrom Crypto.Util.number import getPrimefrom Crypto.Random import get_random_bytesdef chunkstring(string, length): return (string[0+i:length+i] for i in range(0, len(string), length)) def generate_keys(prime): while True: e = random.randint(0, prime-2) if libnum.gcd(e, prime-1) == 1 and e > 2: break d = libnum.invmod(e, prime-1) return e,ddef crypt(chunk, key,prime ): num = 0 for c in chunk: num *= 256 num += ord(c) res = pow(num, key, prime) vect = [] for i in range(0, len(chunk)): vect.append(chr(res%256)) res = res // 256 return "".join(reversed(vect))primebits=64msg = "HellHe"if (len(sys.argv)>1): primebits=int(sys.argv[1])if (len(sys.argv)>2): msg=(sys.argv[2])FRAGMENT_SIZE = primebits//8msg = msg + " "*((FRAGMENT_SIZE - (len(msg)%FRAGMENT_SIZE))%FRAGMENT_SIZE)res=chunkstring(msg,FRAGMENT_SIZE)PRIME = getPrime(primebits, randfunc=get_random_bytes)e,d = generate_keys(PRIME)vect=[]for elem in res: enc=str(crypt(elem, e,PRIME)) vect.append(enc)enc="".join(vect)dec=[]for elem in chunkstring(enc, FRAGMENT_SIZE): dec.append(crypt(elem, d,PRIME))print (f"Msg={msg}")print (f"e={e}, d={d}")print("Decrypted: " + "".join(dec)) A sample run is [link]: Msg=Hello e=16153579288865179167, d=10300837874192230633Decrypted: Hello One of the advantages of the Massey–Omura Cryptosystem is that we can apply commutative encryption. In this way, Bob may have keys of (e_b,d_b) and Alice has keys of (e_a,d_a). We can then apply the keys in any order, such as encrypting with e_a and then encrypting with e_b, and where we can then decrypt with d_a and then decrypt with d_b, or decrypt with d_b first and then decrypt with d_a (as we would normally do). To encrypt: Cipher=E(a_b,E(e_a,M))=E(e_a,E(e_b,M)) To decrypt: E(d_b,E(d_a,Cipher))=E(d_a,E(d_b,Cipher)) Here is an example: https://asecuritysite.com/commul/massey2 Conclusions Communative encryption is a great way of applying multiple keys to encryption data, and then for them to be removed in any order that is required. It is a little like how data is encrypted in the Tor network, but that requires the keys to be removed in the reverse order they were applied. In a future podcast, I will explain how the Tor network works.

Link to bioRxiv paper: http://biorxiv.org/cgi/content/short/2023.04.24.538054v1?rss=1 Authors: Wojcik, M. J., Stroud, J. P., Wasmuht, D. F., Kusunoku, M., Kadohisa, M., Myers, N. E., Hunt, L. T., Duncan, J., Stokes, M. G. Abstract: The relationship between the geometry of neural representations and the task being performed is a central question in neuroscience. The primate prefrontal cortex (PFC) is a primary focus of inquiry in this regard, as under different conditions, PFC can encode information with geometries that either rely on past experience or are experience agnostic. One hypothesis is that PFC representations should evolve with learning from a format that supports exploration of all possible task rules to a format that minimises metabolic cost and supports generalisation. Here we test this idea by recording neural activity from PFC when learning a new rule (XOR rule) from scratch. We show that PFC representations progress from being high dimensional and randomly mixed to low dimensional and rule selective, consistent with predictions from metabolically constrained optimised neural networks. We also find that this low-dimensional representation facilitates generalisation of the XOR rule to a new stimulus set. These results show that previously conflicting accounts of PFC representations can be reconciled by considering the adaptation of these representations across learning in the service of metabolic efficiency and generalisation. Copy rights belong to original authors. Visit the link for more info Podcast created by Paper Player, LLC

MEP EP#357: Seventh Annual MacroFab Star Wars Christmas Special – We're the Rebel Codebreakers!Spoilers for recent Star Wars shows like Andor included for free! This Year's Guests Josh Rozier A business intelligence and data analytics professional for a large, east-coast insurance monolith. In his spare time, Roz spends his time building and tweaking guitar amplifiers and pedals. Co-owner of Empire Engineering with Stephen. Chris Kraft A tinkerer currently working as a software engineer in the financial services industry. Extensive background in 3d printing and building anything that seems interesting. Hyr0n A systems engineer. Hardware hacker of AND!XOR, a group that builds electronic badges for conferences and designs embedded system puzzles. Topics Latest in Star Wars Media What has been released since last year's Star Wars podcast episode 307? The Book of Boba Fett Obi-wan Kenobi Andor The High Republic Stephen's Topic A hammerhead corvette was able to move an entire star destroyer in Rogue 1. Is this even possible? Given the movie footage, are the acceleration and velocity values reasonable? Does the corvette have the thrust to do this? What does this mean for other battles? Hyr0n's, Roz's, and Chris' Topic Andor Widget Productivity analysis. The Andor Post Credit scene… we see what those racks (parabolic facet joints) are for. How many Superlaser Focus Lens facet joints are needed for Death Star? How long would it take Narkina 5 prisoners to produce that many? Parker Star Wars Episode: ai Using ChatGPT3 to write a better Star Wars Movie than Disney can Will have an opening crawl and 4 acts Each person will have a roll in the script

Scott Aaronson is a professor of computer science at University of Texas at Austin and director of its Quantum Information Center. Previously he received his PhD at UC Berkeley and was a faculty member at MIT in Electrical Engineering and Computer Science from 2007-2016. Scott has won numerous prizes for his research on quantum computing and complexity theory, including the Alan T Waterman award in 2012 and the ACM Prize in Computing in 2020. In addition to being a world class scientist, Scott is famous for his highly informative and entertaining blog Schtetl Optimized, which has kept the scientific community up to date on quantum hype for nearly the past two decades.   In this episode, Scott Aaronson gives a crash course on quantum computing, diving deep into the details, offering insights, and clarifying misconceptions surrounding quantum hype.   Part I. Introduction (Personal) 00:00: Biography 01:02: Shtetl Optimized and the ways of blogging 09:56: sabattical at OpenAI, AI safety, machine learning 10:54: "I study what we can't do with computers we don't have" Part II. Introduction (Technical) 22:57: Overview 24:13: SMBC Cartoon: "The Talk". Summary of misconceptions of the field 33:09: How all quantum algorithms work: choreograph pattern of interference 34:38: Outline Part III. Setup 36:10: Review of classical bits 40:46: Tensor product and computational basis 42:07: Entanglement 44:25: What is not spooky action at a distance 46:15: Definition of qubit 48:10: bra and ket notation 50:48: Superposition example 52:41: Measurement, Copenhagen interpretation Part IV. Working with qubits 57:02: Unitary operators, quantum gates 59:03: Hadamard gate 1:03:34: Philosophical aside: How to "store" 2^1000 bits of information. 1:08:34: CNOT operation 1:09:45: quantum circuits 1:12:43: circuit notation, XOR notation 1:14:55: Subtlety on preparing quantum states 1:16:32: Building and decomposing general quantum circuits: Universality 1:21:30: Complexity of circuits vs algorithms 1:28:45: How quantum algorithms are physically implemented 1:31:55: Equivalence to quantum Turing Machine Part V. Quantum Speedup 1:35:48: Query complexity (black box / oracle model) 1:39:03: Objection: how is quantum querying not cheating? 1:42:51: Defining a quantum black box 1:45:30: Efficient classical f yields efficient U_f 1:47:26: Toffoli gate 1:50:07: Garbage and quantum uncomputing 1:54:45: Implementing (-1)^f(x)) 1:57:54: Deutsch-Jozsa algorithm: Where quantum beats classical 2:07:08: The point: constructive and destructive interference Part VI. Complexity Classes 2:08:41: Recap. History of Simon's and Shor's Algorithm 2:14:42: BQP 2:18:18: EQP 2:20:50: P 2:22:28: NP 2:26:10: P vs NP and NP-completeness 2:33:48: P vs BQP 2:40:48: NP vs BQP 2:41:23: Where quantum computing explanations go off the rails   Part VII. Quantum Supremacy 2:43:46: Scalabe quantum computing 2:47:43: Quantum supremacy 2:51:37: Boson sampling 2:52:03: What Google did and the difficulties with evaluating supremacy 3:04:22: Huge open question   Further Reading: Scott Aaronson's Lecture Notes: https://www.scottaaronson.com/qclec.pdf Scott Aaronson's Blog: https://scottaaronson.blog Nielsen & Chuang. Quantum Computation and Quantum Information   Twitter: @iamtimnguyen   Webpage: http://www.timothynguyen.org   If you would like to support this series and future such projects: Paypal: tim@timothynguyen.org Bitcoin: 33thftjoPTHFajj8wJFcCB9sFiyQLFVp8S Ethereum: 0x166a977F411d6f220cF8A56065D16B4FF08a246D

Connect The World EP046 | Lisa Neigut aka Nifty | Blockstream | Base58 | Texas USA "Edward and Stef talk to Nifty (Lisa Neigut), a Lightning Protocol Engineer at Blockstream and co-founder of Base58! Nifty has been working more than 4 years on Lightning protocol improvements for Blockstream and she started Base58 to offer a developer-oriented Bitcoin transaction class. She also runs a blog site, Basic Bitch Software. They talk about her current work on the newest version of CLN and the updates of her implementation of the dual-funding spec to match up with what the ACINQ team shipped. And she shares her long-term goal with Base58 to try and become a high signal recruiting platform! Are you curious about her love letter to XOR?

Link to bioRxiv paper: http://biorxiv.org/cgi/content/short/2022.10.04.510801v1?rss=1 Authors: Karami, B., Schwiedrzik, C. M. Abstract: Visual objects are often defined by multiple features. Therefore, learning novel objects entails learning conjunctions. Visual cortex is organized into separate compartments, each of which is devoted to processing a single feature. A prime example of this is are neurons purely selective to color and orientation, respectively. However, neurons that jointly encode multiple features (mixed selectivity) also exist across the brain and play critical roles in a multitude of tasks. Here, we sought to uncover the optimal policy that our brain adapts to achieve conjunction learning using these available resources. 59 human subjects practiced orientation-color conjunction learning in four psychophysical experiments designed to nudge the visual system towards using one or the other resource. We find that conjunction learning is possible by linear mixing of pure color and orientation information, but that more and faster learning takes place when pure and mixed selectivity neurons are involved. We also find that learning with mixed selectivity confers advantages in performing an untrained 'exclusive or' (XOR) task several months after learning the original conjunction task. This study sheds light on possible mechanisms underlying conjunction learning and highlights the importance of learning by mixed selectivity in such accounts. Copy rights belong to original authors. Visit the link for more info Podcast created by PaperPlayer

MEP EP#342: Hackery ExpertsHyR0n Mathematician Computer Scientist AND!XOR employee of the month Working on badges and things Hackery Previous Podcast Episodes Incognito Mode episode number 69 Arduino, The Gateway Drug To #BadgeLife episode number 109 Espress-ify? Designing Products Around the ESP-32 Platform episode number 144 Feel the Hum episode number 183 Better Encryption than Zoom, Firmware Stacks episode number 238 And a couple of the Starwars Specials DEFCON 30 AND!XOR Badge Its a watch, with some watch things, hacker apps (TV B Gone, BLE Interrogator), Games, & Challenge Give them away for free at DEF CON following sponsorship from companies and philanthropists. Off the shelf device with hacked firmware LilyGo T-Watch 2020 V3 But how did we get there? A story of supply chain woes Original Watch idea - supply chain issues and crazy costs / quantity buy requirements Look at consumer watches we could hack (PineTime, then LilyGo) It wasnt just software, a true micropython implementation was done for firmware Always interested in python We always lived in a C world Makes hacking it easier for end user Micropython vs Circuit Python The Hacking Challenge - BENDER Flashing Party - Things you should think about - i.e. Design for Drunk Hacker Production You're going to do the same thing thousands of times, what do we automate? Loop script for provisioning Push bare minimum over serial, then use wifi to complete Turning screen green once flash done and charge at 100% Other thoughts? Really different than what we do, was really fun People like bling more than function, but …

In the month of January 1988 many games were released for the Commodore 64. In episode seventy-five of Zapped to the Past, we conclude our look at some of those games, including the spacey Star Wars, the risky R.I.S.K., and the scabby Sky Twice, and wonder who exactly would want a certificate and badge to prove they are a Master of Xor…? Games covered in this episode: Spore Western Games Madballs Kromazone Star Wars Sky Twice Rampage Xor Risk Find us here: https://zappedtothepast.com/ Please visit the Manscaped website - our fabulous new show sponsor: https://www.manscaped.com Please visit the website of David Hearne Writer - our amazing show sponsor: https://www.davidhearnewriter.com/ If you would like to help us out and join our Patreon, find it here: https://www.patreon.com/zappedtothepast Additional links mentioned in the Podcast: https://archive.org/details/western-games/Western%20Games%20en/page/n1/mode/2up https://www.the-numbers.com/movie/Predator#tab=summary

Episode 19 of Feel Free to Deviate Features Thomas Margolf. Some know him as chip music artist firestARTer, or as Frau Holle, but now he is mostly know as the owner and proprietor of XOR Electronics and maker of NerdSeq. What is that, you ask? As the XOR website says, it “is a tracker based cv and trigger sequencer module (32HP) for Eurorack systems.” It doesn't matter if you don't know what that means. All you need to know is that Thomas quit his day job to design and manufacture electronic music equipment, which is an act that requires a great deal of bravery and confidence. We talk about his early days experimenting with electronics, chip music, and what it's like to be the guy behind NerdSEQ. You can find Thomas's company and Nerdseq at the XOR Electronics website https://xor-electronics.com/. He's also on social media: https://www.instagram.com/thomasmargolf/
https://www.instagram.com/xorelectronics/ 
https://www.facebook.com/xorelectronics
 https://www.facebook.com/Nerdseq/ For the old school blippity chip music flavor check out http://www.firestarter-music.de/

 Feel Free to Deviate is the podcast about people, their careers, and their relationships with success. My name is Jim Turbert, and I am the host. Find Free to Deviate on your favorite podcast app, and new episodes are released every other Thursday. Visit https://feelfreetodeviate.com for more information. Feel Free to Deviate and host Jim Turbert can also be found on Instagram and Facebook @feelfreetodeviate.  https://instagram.com/feelfreetodeviate https://jtfanclub.com https://jimturbert.com https://www.linkedin.com/in/turbert/ Feel free to send inquiries to mail@feelfreetodeviate.com Sound editing and post production by Ed Mubarek at https://boomkaas.com

Laurent et Roy s'apprêtent à lancer Xor.Art une nouvelle plateforme d'art et pour leur lancement ils ont choisi l'artiste Chanoir qui a créée une collection NFT spécialement pour l'occasion...Dans cette room, Laurent Cohen et Roy Halfon, les cofondateurs de Xor.Art reviennent sur la genèse de ce projet qu’ils portent depuis presque un an, leurs passions pour l’art et les nouvelles technologies et sur leur collaboration avec l’artiste Chanoir.L’idée de Xor.art étant justement de mettre à l’honneur un artiste à la fois en lui consacrant une exposition.De son côté le street artist Chanoir est revenu sur son parcours, sa découverte des NFT et cette collection, qu’il a lancé tel un condensé de ses 25 ans de carrière avec une collection de 6268 chats, 111 GIFs , 50 vidéos 2D et 10 vidéos 3D.Pour aller plus loin:- Site web de Xor.Art- Site web de l’artiste Chanoir- Compte Twitter de Xor.Art Subscribe at www.nftmorning.com

MEP EP#288: We have clearance, ClarencePCB design rules for clearances Stephen's favorite calculator Clearance and creepage According to the IEC (international electrotechnical commission) a global standards organization Clearance - The shortest path between two conductive parts, or between a conductive part and the bounding surface of the equipment, measured through air Creepage - The shortest path between two conductive parts, or between a conductive part and the bounding surface of the equipment, measured along the surface of the insulation IEC/UL 60950-1 Safety standards - has more in depth information on spacing and how to handle mains IPC2221 generic pcb design rules - Has simple information on spacing vs voltage The creepage requirements depend on insulation material group Comparative Tracking Index (CTI) is used to measure the electrical breakdown (tracking) properties of an insulating material. Tracking is an electrical breakdown on the surface of an insulating material wherein an initial exposure to electrical arcing heat carbonizes the material. The carbonized areas are more conductive than the pristine insulator, increasing current flow, resulting in increased heat generation, and eventually the insulation becomes completely conductive. I 600V II 400 to 600V IIIa 175 to 400V IIIb 100 to 175V pollution degree Degree 1 - no pollution Degree 2 - non-conductive contamination that might temporarily become conductive due to condensation Degree 3 applies to conductive pollution, or to dry non-conductive one which could become conductive due to condensation working voltage Altitude and elevation - Multiply by 1.48 Appliance insulation class Functional Basic Supplementary Double Insulation - Double the creepage Reinforced - Double the creepage IPC2221 requirements - Actually tend to be larger External Internal Coated Stephen's thoughts on the AND!XOR hardware puzzle

話したネタ ゼロから作る時系列データベースエンジン 時系列データとは何か？ RDBで時系列データを扱う場合の課題とは？ 時系列データの特徴とは？ イミュータブルなデータとは？ influxDB Timescale DB VictoriaMetrics M3DB 時系列DBにおけるカーディナリティの高さとは？ tstorage なぜ時系列DBを自分で実装したのか？ ali gosivy tstorageの設計概要は？ パーティショニングのメリットとは？ Write Amplificatonとは？ Bloom Filter LSM Treeとは？ 34. NewSQLとは w/ tzkb メモリパーティションの特徴とは？ 時系列データをソート済みにする工夫 QuestDB パーティションをフラッシュするタイミングは？ Write Ahead Log データ量を削減する工夫は？ Gorilla: A Fast, Scalable, In-Memory Time Series Database タイムスタンプとデータを分けて符号化する delta encoding と delta-of-delta encoding データ側はXORで符号化する tstorageのdisadvantageは？ tstorageの今後の開発方針 YAGNI原則 【メディア事業部】サーバーサイドエンジニア（基盤） 宣伝 fukabori.fm の個人スポンサー募集中

We sat down with Ralf Jung who is, at the time of this recording, a post-doctoral researcher at the Max Planck Institute for Software Systems (MPI-SWS). Ralf is part of the RustBelt project, which seeks to define and develop rigorous formal foundations for the Rust programming language. We talked with Ralf about GhostCell, a technique for separating permissions from data in Rust that opens up possibilities and alternative strategies when it comes to working around Rust's "aliasing XOR mutability" rules, why there seems to be such a large gap between academic programming languages and "mainstream" programming languages, as well as what makes for a good PL researcher. Ralf blogs about Rust, and other topics, at https://www.ralfj.de/blog/. matthieu-m's Ghost Collections crate is referenced during the show and can be found at https://github.com/matthieu-m/ghost-collections. Send us an email at buildingwithrust@gmail.com to suggest cool people or projects in the Rust ecosystem you'd like us to have on the show!

Thoughts on Sora (XOR). XOR to go as high as Uniswap (UNI)? Sign up for Token Metrics at https://tokenmetrics.com Token Metrics Media LLC is a regular publication of information, analysis and commentary focused especially on blockchain technology and business, cryptocurrency, blockchain-based tokens, market trends, and trading strategies. Like the podcast to let us know you like the content!

Thoughts on Sora (XOR). XOR to go as high as Uniswap (UNI)? Sign up for Token Metrics at https://tokenmetrics.com Token Metrics Media LLC is a regular publication of information, analysis and commentary focused especially on blockchain technology and business, cryptocurrency, blockchain-based tokens, market trends, and trading strategies. Like the podcast to let us know you like the content!

Tênis All-star com salto alto, tênis com salto interno, franja descolorida da Ginger Spice, penteado à la Xitão e Xoró, top de crochê da Mariah Carey, tamanco da Babalu, cabelo dos Backstreet Boys, calça de cintura baixa da Xtina e calça cargo da Britney... Quer mais exemplos? Vamos lá: lenço palestino, luzes na franja, baby look masculina, cabelo solto de prancha da Avril Lavigne, jaqueta do Hard Rock Café, moletom do Taz e, febre de 2020: O ONIPRESENTE TIE-DYE. Você usou algum (ou mais) desses, que a gente sabe — e tá tudo certo. Então, clica aê e vem relembrar seus momentos fashion com a gente!

This episode is sponsored by Cronofy, the scheduling platform for business and HR professionals. Don’t let impersonal and lengthy interview scheduling stop you from acquiring top talent! Transform your interview scheduling by offering slots based on real-time availability while staying in control of who can book times in your calendar. https://www.cronofy.com/rectech   Recruiting Technology headlines   Reminder the Virtual Job fair technology expo happens on Wednesday nov 18th at 2pm ---compare and contract 6 different job fair platforms including Brazen, ecareerfairs, Xor, Recruitology, Premier Virtual and RecruitVirtual.   Register for free at rectechlive.com https://www.crowdcast.io/e/virtual-job-fair SmartRecruiters announced the acquisition of Berlin based jobpal, an enterprise-grade chatbot technology, to take recruitment efficiency to the next level. The move enters SmartRecruiters into the rapidly growing recruitment process automation (RPA) market, where the future of recruiting prioritizes human interactions and automates repetitive, time consuming tasks. In a world where TA leaders receive 4X the candidate volume but have half the resources on their team, automation is the only way to keep up and continue to offer great experiences to everyone. As the leading talent acquisition suite, automation will be deeply embedded into every step of SmartRecruiters’ recruiting workflow engine to unlock massive efficiencies for hiring teams.  The feature will be rebranded as “SmartPal”   “jobpal is where automation meets individualization,” shares Florian Schrodt, Head of Employer Branding at Zurich Public Transport. “The technology helps us improve thousands of candidate communications every month. With nearly 80% automated answers, our hiring teams are saving hundreds of hours that we can now dedicate to the most important task: relationship building and adding value to our candidates.” The companies’ existing partnership and integrated technologies means new products are available now. SmartRecruiters is excited to introduce SmartPal, a family of recruiting chatbots that put repetitive interactions on autopilot and drive meaningful candidate conversations throughout the entire recruitment lifecycle to accelerate Hiring Success. By embedding a conversational layer on top of SmartRecruiters’ core workflow engine, SmartPal converts candidates 3x better, saves time, and enables recruiters to focus on more strategic tasks. https://hrtechfeed.com/smartrecruiters-acquires-jobpal-chatbot/   Metaview, the Interview Intelligence Platform, today announced the launch of Interview Metrics, a new product that focuses on accessing data on job interviews to make them fairer and more effective. By recording and automatically analysing interviews, Metaview’s Interview Metrics enables organizations to access empirical data on how consistent and rigorous their hiring processes are for the first time. This launch is a major step for Metaview on their mission to reimagine how exceptional organizations build teams. Metaview was founded by team-builders from Palantir and Uber after they observed first-hand that interviews are the most outcome-defining step in any recruitment process. Despite commonly being cited as subjective and bias-prone, they determine who joins a team, and who doesn’t. Additionally, growing organizations spend thousands of people hours per year on conducting interviews. Metaview has recorded, transcribed, and analyzed over ten thousand hours of interviews in the last 18 months since raising a round of funding from Fly Ventures in Berlin, Seedcamp in London, and Village Global and Garuda Ventures in San Francisco. They count high-growth companies such as Bulb, AngelList, Careem, Wave, and Stedi among their customers. “Metaview was already the most effective tool for improving individual interviewers at Bulb. Now, Interview Metrics tells me more about the health of the interview process at large than it was ever possible to know previously. With this, I can ensure hiring managers and interviewers are getting the support they need to conduct great interviews, and candidates get the high-quality, fair interview process they deserve,” says Michael Laws, Head of Recruitment at Bulb. https://hrtechfeed.com/introducing-interview-metrics-measuring-what-matters-for-growing-organizations/   Remote, an HR technology platform for international payroll, benefits and compliance, today announced that it has secured $35 million in Series A funding led by Index Ventures and joined by Sequoia Capital, with additional participation from angel investors including Aaron Levie, Zach Weinberg, and Kevin and Julia Hartz. Previous investors General Catalyst and Two Sigma Ventures are also participating.This funding empowers Remote to further its position as the industry’s most compliant and competitive solution helping companies of all sizes employ global teams. Remote has raised $46 million to date. Since its public launch earlier this year and its $11 million seed funding round in April, Remote has been approached by thousands of companies seeking to take advantage of its unique employment model and global network of legal entities, including customers GitLab, Loom, Cargo One, Whereby and Phaidra. Remote has doubled its customer base every month since the start of the year. Remote is the only global employment provider with its own legal infrastructure in every country where it operates. This provides customers with absolute security for IP and invention rights, guarantees international compliance, and enables Remote to offer the industry’s most competitive and flexible pricing. With millions of companies worldwide shifting to remote work and adapting to evolving visa requirements, Remote has become the new standard solution for organizations looking to hire and retain the best global talent. Remote’s platform includes its global employer of record services, covering international payroll, benefits, taxes, and visa and immigration services, as well as a free platform for global contractor management and payments. https://hrtechfeed.com/remote-com-secures-35-million-in-series-a-funding/   Top Echelon Software, the leading provider of recruiting software for people who build teams, is pleased to announce its acquisition of CATS Software, a leading applicant tracking system (ATS) designed specifically for professional recruiters who help companies from all over the world fill their hiring needs. This acquisition combines two best-of-breed ATS companies to address the complex and evolving challenges in the war for talent. CATS serves more than 1,800, predominantly mid-sized professional recruiting and operating companies, including tools for resume import and parse, job application collection, resume search, comprehensive reports, job board publication, and analytics. The acquisition expands Top Echelon’s customer and revenue base and strengthens its software offering. Top Echelon will continue to support new and existing CATS customers, as well as expand its market reach to mid-sized businesses both domestically and globally. According to Top Echelon Software CEO Mark Demaree, this merger represents the opportunity to combine the resources and experience of both companies to become the leading provider of applicant tracking and CRM software to serve and support their customers at an unparalleled level. “We are constantly seeking ways to improve,” said Demaree. “We look forward to the opportunity that this merger offers to provide even more value to our customers in the form of additional features and enhanced functionality.” https://hrtechfeed.com/top-echelon-acquires-cats-software/   Drafted, the network recruiting startup out of Boston, announced a new app called Scouted to add a layer of network intelligence to applicant screening. Scouted automatically parses applicant resumes and uses artificial intelligence to find current employees who can add context about the applicant’s work experience. Here’s how it works..., if an applicant worked in marketing at Pinterest and applied to work at Etsy, Scouted finds current relevant employees at Etsy who previously worked in marketing at Pinterest and collects their input. Engaging employees early in the hiring process is known to be beneficial for hiring quality, speed, and diversity. More data leads to better outcomes and faster hires. “Scouted can help you speed up your candidate screening process while improving the quality of your applicants,” says Vinayak Ranade, CEO at Drafted. “There’s a current employee somewhere in your org, who has overlapping experience with the applicant, who can give you incredibly valuable data to inform screening decisions. It’s almost like a post-application referral.” Scouted integrates with Greenhouse ATS and Slack. The company is offering free access to any Greenhouse ATS customers until Dec 31, 2020. Those interested can sign up at scouted.to. https://hrtechfeed.com/scouted-launches-to-find-missed-connections-between-employees-and-applicants/ ##########

This week, Apple brings in M1, YouTube had a global outage and a customer had a sideways misfortune with T-Mobile Show Notes: Apple M1 Event YouTube outage T-Mobile customer shares frustration Google Photos is updating its storage policy Amazon recalls Ring doorbells Broadband power users explode Hasan Minhaj joins The Morning Show AMC launches private theater rentals Xor's new luxury smartphone

Grant Gurtin is a 4 time founder and the youngest VC in his portfolio's history, investing in 25 unique startups to date. His focus has now shifted to full time investing and coaching other founders in his fund. Rachel Sipperley and Grant discuss changing trends for investing during COVID, What you will learn in this episode ✧ How Covid has accelerated deals and why investing looks different in 2020 compared to 2019✧ The number one reason startups fail and how founders can avoid this pitfall✧ The interesting way Grant is compiling insights for founders and portfolios to improve the startup ecosystem Tangible Tips✧ The importance of self reflection to learn lessons and improve ✧ When to pivot, pause, and persevere through the next funding round✧ Why founders self sabotage and how to stop itRecommended Resources ✧ Texas Startups: Fund + Accelerator: https://www.capitalfactory.com/More about Grant Gurtin and Beta BusinessGrant Gurtin is General Partner at Gurtin Ventures, an investor in early stage startups. The fund has invested in over 20 companies including Fight Camp, Swag.com, and XOR.ai. Grant also has experience as an entrepreneur. His first company Fanium was acquired by CBSSports in 2015. After leaving CBS, Grant co-founded Trend.io, a marketplace for social media influencers to connect with brands that want to promote their products.Beta Business provides the ultimate content for first time tech entrepreneurs. Information, interviews, and advice packed into a powerful few minutes to give you the knowledge needed to help you defy the odds. Podcast launching in 2021.You can learn more, connect and follow along with Grant here:https://www.linkedin.com/in/grantgurtinhttps://www.instagram.com/betabusinesspod/https://twitter.com/grantgurtinFor questions, comments, or to stay in touch please check out Thefemalefounderpodcast.com or email rachel@thefemalefounderpodcast.com

During this episode, Aida and I talk about how practitioners make the business case or the use case for purchasing XOR. Aida is an expert in pairing today's most popular communication channels with automation to create a competitive hiring advantage for her clients. Her expertise and passion come through during the podcast. 

On this episode of The AIE Podcast... AIE is showing off our ships! SO… Many… Addons… to update This Friday is going to be Mega! This the time of the Mad King! And, Abovan is here to talk to us about AIE in FFXIV All that and more coming up right now... Podcast Audio Raw Video http://youtu.be/5gUdZTJxL74 Open Welcome to episode #354 of the podcast celebrating you, the Alea Iacta Est gaming community, the die has been podcast. This is Mkallah: To my left is Tetsemi: - (catch phrase here). And to my right is Mewkow: (catch phrase here). This week we are joined by special guests Abovan who is here to talk to us about AIE in FFXIV Welcome! Ok, we'll be digging into FFXIV shortly, but first, let's cover this week's news.. AIE News Community Mandatory Fun Nights Where the fun is mandatory but the attendance is not. Sunday - STO 8:30 pm Eastern Monday - GW2 9:30 pm Eastern Tuesday - SWTOR 9 pm Eastern Wednesday - FFXIV 9 pm Eastern Friday - ESO 9 pm Eastern Friday - FFXIV(Late Night) 11 pm Eastern Saturday - LotRO 8:30 pm Eastern Saturday - FFXIV (Maps) 9:30 pm Eastern Saturday - Noob Raid (WoW) 11 pm Eastern Streaming and Guild Podcast News Star Trek Online Fleet Action Report Ep 13 The Dominion and the Jem'hadar https://www.youtube.com/watch?v=CkOouTmCX_M Nikodas and Grebog welcome you to another episode of Fleet Action Report. This time we go into playing as the Dominion and Jem'hadar. We cover the basics and how far you need to go before you become a Dominion representative for either The United Federation of Planets or the Klingon Fleet Action Report Ep 14 Crafting and Tribulations https://www.youtube.com/watch?v=neEbBnz-XLg Grebog and Nikodas take you through the Research and Development system and end with cover the long lost art of tribble breeding. SWTOR SWTOR Escape Pod Cast 356: The HK-51 Companion http://www.newoverlords.com/swtor-escape-pod-cast-356-the-hk-51-companion/ If you don't yet have it, the HK-51 companion is still in the game and we talk about how to get it. Working Class Nerds Episode 84: It's Beginning to Look a Lot Like New Game Season! https://www.buzzsprout.com/143519/5812885-episode-84-it-s-beginning-to-look-a-lot-like-new-game-season.mp3?blob_id=23917714 Nick and Marcus look ahead to the games and nerdy media content that they're looking forward to coming out just before the end of 2020! NOMADS Dual Universe Update AIE in Dual Universe has been participating in the Ship Expo this weekend showing off a few of our shiny ships we've been busy building in the game for others to see and experience. Testing of our latest ship designs continues as we work to constantly improve them. Check out the Recent Blog post Max wrote up recently on aie-guild.org for a bit more in depth information about what Dual Universe is, what we're up to and a few pictures of just some of our ships. Mining trips continue as we work towards building Anti-Grav technology. Some of the more rare materials still elude our grasps, but we hope to soon find them. AIE is looking into sponsoring a racer for the upcoming Hover Race leagues which are forming. So if you are a speed demon who enjoys the thrill of white knuckle close to ground high speed flying let Catavarie know. As the game is still in Beta there are constant improvements, perhaps the most exciting recent addition is a few additional logic gate elements including the Nand, Nor, and the ever loved XOR gates. The Organization is in need of Coal and Carbon. So if you are sitting on a large hoard then feel free to drop these off for project use. WoW The new co-guild for invites is Fortuna! (best subguild) If you are making a new alt that isn't an allied race, DK, or DH, make sure you check out Exile's Reach. The story is solid, and the quest/level pacing is really well done. Update your addons, you may need to switch to Alpha builds until things get sorted out, but most addons have updated. If they haven't, check the comments on the addon website,

En un intento de ver cómo hacer un bypass de WAF (Web Application Firewall), surge XORpass un codificador para omitir filtros WAF mediante operaciones XOR. Descubre XORpass de la mano de su desarrollador Daniel Púa en esta charla ofrecida en la comunidad Hack&Beers. Más información disponible en: https://www.yolandacorral.com/herramienta-xorpass Daniel Púa (https://twitter.com/devploit) es investigador de ciberseguridad. Cuenta con varias certificaciones en materia de seguridad ofensiva (CEH, OSCE, ...) y participa habitualmente en competiciones CTF tanto a nivel individual como en equipo. XORpass: https://github.com/devploit/xorpass ____________________________________________ Sigue Palabra de hacker tu canal de #ciberseguridad de tú a tú: 🔴 Canal de YouTube, suscríbete para no perderte ningún vídeo: https://www.youtube.com/c/Palabradehacker-ciberseguridad 🎙 Suscríbete y escucha todos los podcasts en: ✔️ Ivoox: http://www.ivoox.com/podcast-palabra-hacker_sq_f1266057_1.html ✔️ iTunes: https://itunes.apple.com/es/podcast/palabra-de-hacker/id1114292064 ✔️ Spotify: https://open.spotify.com/show/1xKmNk9Gk5egH6fJ9utG86 ✔️ Google Podcast: https://podcasts.google.com/?feed=aHR0cDovL3d3dy5pdm9veC5jb20vcGFsYWJyYS1oYWNrZXJfZmdfZjEyNjYwNTdfZmlsdHJvXzEueG1s - Toda la información en la web https://www.yolandacorral.com/palabra-de-hacker - Canal en Telegram: t.me/palabradehacker - Twitter: https://twitter.com/palabradehacker - Facebook: https://www.facebook.com/Palabradehacker

Technology is evolving, teams are sprinting, excitement is building, features are launching, and nobody notices... (waa waa) which is why Chad & Cheese cooked-up FeatuRama, a brand new competition which pits 4 companies against one-another, but only one can win and emerge with the BadAss Belt of Technology. Contestants will receive 2-minutes to pitch their new feature and the remaining 13-minutes will be spent with rapid fire Q&A. This Chad and Cheese FeatuRama episode features XOR's founder & CEO, Aida Fazylova. Chad & Cheese came equipped with questions, bourbon and snark, luckily Comuno's Cindy Songne, who was available to step in and inject brains into this judging panel... Enjoy while Aida pitches XOR's newest feature.

Link to bioRxiv paper: http://biorxiv.org/cgi/content/short/2020.07.21.213660v1?rss=1 Authors: Schubert, F., Gros, C. Abstract: Recurrent cortical network dynamics plays a crucial role for sequential information processing in the brain. While the theoretical framework of reservoir computing provides a conceptual basis for the understanding of recurrent neural computation, it often requires manual adjustments of global network parameters, in particular of the spectral radius of the recurrent synaptic weight matrix. Being a mathematical and relatively complex quantity, the spectral radius is not readily accessible to biological neural networks, which generally adhere to the principle that information about the network state should either be encoded in local intrinsic dynamical quantities (e.g. membrane potentials), or transmitted via synaptic connectivity. We present two synaptic scaling rules for echo state networks that solely rely on locally accessible variables. Both rules work online, in the presence of a continuous stream of input signals. The first rule, termed flow control, is based on a local comparison between the mean squared recurrent membrane potential and the mean squared activity of the neuron itself. It is derived from a global scaling condition on the dynamic flow of neural activities and requires the separability of external and recurrent input currents. We gained further insight into the adaptation dynamics of flow control by using a mean field approximation on the variances of neural activities that allowed us to describe the interplay between network activity and adaptation as a two-dimensional dynamical system. The second rule that we considered, variance control, directly regulates the variance of neural activities by locally scaling the recurrent synaptic weights. The target set point of this homeostatic mechanism is dynamically determined as a function of the variance of the locally measured external input. This functional relation was derived from the same mean-field approach that was used to describe the approximate dynamics of flow control. The effectiveness of the presented mechanisms was tested numerically using different external input protocols. The network performance after adaptation was evaluated by training the network to perform a time delayed XOR operation on binary sequences. As our main result, we found that flow control can reliably regulate the spectral radius under different input statistics, but precise tuning is negatively affected by interneural correlations. Furthermore, flow control showed a consistent task performance over a wide range of input strengths/variances. Variance control, on the other side, did not yield the desired spectral radii with the same precision. Moreover, task performance was less consistent across different input strengths. Given the better performance and simpler mathematical form of flow control, we concluded that a local control of the spectral radius via an implicit adaptation scheme is a realistic alternative to approaches using classical "set point" homeostatic feedback controls of neural firing. Copy rights belong to original authors. Visit the link for more info

Digital data has many benefits, but what happens if it's in error? Moreover, how can we tell if a bit has been flipped? Our discussion begins with parity.

Welcome to Death Match, North America 2020, GRAND CHAMPION EDITION which took place at TAtech on May 19. For all of you NOOBS who have never experienced Death Match - Death Match is a competition which pits 4 innovative, early-stage companies against one-another, only one can win and emerge with the coveted Death Match Chain of Champions. This Chad and Cheese Death Match episode features Aida Fazylova founder and CEO at XOR that's X-O-R people. COVID-19 might've locked us all in our homes but never fear! The home bars are always stocked, pints were flowing and Chad and Cheese questions and slurring snark was flying. Luckily Joveo's CEO, KJ, stepped in to provide a smart and sensible judging voice to this TAtech event... Enjoy while Aida reaches down deep for her inner Ivan Drago pitches XOR, then ducks, bobs, weaves and lands a knock performance during this virtual Death Match event. 

Having learned how to program bitwise operations, it is now time to flex our bit bashing muscles by investigating some creative ways to perform common programming functions.

Inverting or flipping the bits of an integer is the third and last method of "bit bashing" we will discuss. There are two ways to invert bits: either flip all of them at once or use a mask to identify which bits to flip and which to leave alone.

This special AI edition of the CandEs Shop Talk Podcast welcomes Aida Fazylova, CEO and founder at XOR, recruiting automation software platform with an AI chatbot, host virtual career fairs, send text recruiting campaigns, and video interview to recruit more efficiently— and a proud Candidate Experience Awards sponsor. Listen in on how improving candidate experience impacts recruiting and the business bottom line.

The ability to set bits may not seem important at first, but many algorithms in computing depend on just that. Join us as we control bits and build integers from scratch using the bitwise-OR.

Discussing how to use bitwise operations to manipulate the bits of an integer would be academic if we couldn't perform the operations in our code. The good news is that we can!

All areas of computing, from data compression to web design, from networking to digital image storage, from system administration to high-performance computing, benefit from bit manipulation.

Andy and Dave discuss a new White House proposal on Principles for AI Regulation. A NIST study examines the effects of race, age, and sex on recognition software and identifies a variety of troubling issues. Facebook removes hundreds of accounts with AI-generated fake profile photos, and Facebook also bans the posting of deepfake videos (with some caveats). And Finland is making its online AI course available for the rest of the world. In research, Uber AI Labs offers a novel approach to accelerating neural architectural search by learning to generate synthetic training data; but the scientific community doesn’t think the findings are quite yet ready for publishing. Researchers at Korea University create an Evolvable Neural Unit (ENU) as a way to approximate the function of an individual neuron and synapse. And researchers at Charite in Berlin show that a single human biological neuron can compute XOR, previously thought not possible. Human-Centered AI at Standard University releases 2019 Annual Report on its AI Index, examining various trends and research in AI in 2019. The Center for a New American Security releases its full report on A Blueprint for Action in AI. Rafael Irizarry provides an Introduction to Data Science. And the video of the week is the debate between Yoshua Bengio and Gary Marcus on the current and future state of research in AI.  

Spoiler Alert: This podcast contains HEAVY SPOILERS for Star Wars Episode 9 and The Madalorian series up to Episode 7. If you do not want spoilers turn back now. Josh Rozier By day, Roz is a spreadsheet slinger for the Umbrella Corporation When he is not wasting way too much time playing Star Wars RPG with your gracious hosts, he is typically doing his best not to burn down his shed with whatever project his ADHD allows him to focus on Hyr0n From 9 to 5 Hyr0n is security researcher, systems engineer, and corporate advisor of First Order security policy via Corellian power points From 5 to 9 he is a hardware hacker, designer of AND!XOR embedded system puzzles, and Shyriiwookian voice over of droid holiday VR porn Topics Episode 9 Thoughts This became the majority of the podcast somehow Why does it seem that all the power in the ship flows through the control panels? When ships get damaged, control panels explode This is more obvious in Star Trek if anything Lack of proper human to machine isolation Poor supply chain risk management Hardware hacking C3-PO Does StarWars have HeathKits for droids? Anakin supposedly built C3PO but there are lots of protocol droids like him so is C3PO a kit? C3PO is a protocol Droid, essentially a logic analyzer with ML The Mandalorian What are your thoughts so far (Storyline, length, fan service)? IG11 vs IG88 Fan Service Differences Thoughts on manufacturing Mandalorian Armor Mando Rifle Scope Data Pad Security Resistance Reborn book New Disney EU meant to bridge EP8 and EP9 The Energy of a Lightsaber How much total energy does the power source in the hilt need to hold? How fast does the energy need to be delivered (what is the wattage)? What is the total energy needed to cut darth maul in half?

Because many students have trouble when trying to simplify Boolean expressions, we're going to dedicate another episode to examples of simplification. We're also going to show how sometimes, there's more than one way to crack an egg.

Contact: matt@metashift.co.uk One of the ongoing themes of the podcast in 2019 has been my quest to cut through the hype and find out to what extent employers are automating aspects of their recruiting process. I've spoken to several practitioners and look at the automation debate for a few different angles. So I thought it was high time that I talked to a recruiting technology vendor about the art of the possible in recruiting automation and the benefits they are seeing their clients get from it. My guest this week is Aida Fazylova, founder and CEO of XOR, an automated communication platform for recruiting. Aida started her career as a recruiter and has some great insights to share into both the current and future capabilities of recruiting automation. In the interview, we discuss: • The amount of time wasted on repetitive tasks in recruiting • The evolving sophistication of chatbots • Natural language recognition and intent analysis • Do candidates like interacting with chatbots? • What areas of the recruiting can be automated now and how much could be automated in the future • Humans versus machines Aida also talks about the results and benefits employers are getting from recruiting automation as well her predictions for the marketing int he next 12 months. Subscribe to this podcast in Apple Podcasts  

In this episode, we take a break from proving identities of Boolean algebra and start applying them. Why? Well, so we can build our Boolean logic circuits with fewer gates. That means they'll be cheaper, smaller, and faster. That's why.

In this episode, we add one more tool to our Boolean algebra toolbox: DeMorgan's Theorem. We then use it, along with some of our other tools, to modify an expression down to its simplest form.

We are familiar with algebraic laws such as multiply zero by anything, and we get zero. In this episode, we see how a Boolean expression containing a constant, a duplicated signal, or a signal being combined with its inverse will simplify...always.

In this episode, we bring together our knowledge of logic operations, truth tables, and Boolean expressions to prove some basic properties of Boolean algebra.

Truth tables and circuit diagrams fall short in many ways including their abilities to evaluate and manipulate combinational logic. By using algebraic methods to represent logic expressions, we can apply properties and identities to improve performance.

The simplest combinational logic circuits are made by inverting the output of a fundamental logic gate. Despite this simplicity, these gates are vital. In fact, we can realize any truth table using a circuit made only from AND gates with inverted outputs.

Individual logic gates are not very practical. Their power comes when you combine them to create combinational logic. This episode takes a look at combinational logic by working through an example in order to generate its truth table.

In this episode, we introduce one of the most important tools in the description of logic operations: the truth table. Not only do truth tables allow us to describe a logic operation, they provide a means for us to prove logical equivalence.

Logic gates are the fundamental building blocks of digital circuits. In this episode, we take a look at the four most basic gates: AND, OR, exclusive-OR, and the inverter, and show how an XOR gate can be used to compare two digital values.

RigUp Gets $300 Million https://recruitingheadlines.com/energy-job-market-rigup-raises-300-million-series-c/ Lattice Raises $25m Series C https://recruitingheadlines.com/lattice-raises-25m-series-c/ TMP Worldwide Acquires Social Media Firm https://recruitingheadlines.com/tmp-worldwide-acquires-social-media-firm/ Talroo Launches Talroo Events™ to Drive Attendance to In-Person Hiring Events https://blog.talroo.com/talroo-launches-events Xor raises $8.4 million for AI-powered job candidate recruitment and screening https://venturebeat.com/2019/10/11/xor-raises-8-4-million-for-ai-powered-job-candidate-recruitment-and-screening/ Join the RecTech Media Insider Program! https://www.rectechmedia.com/insider Follow Recruiting Headlines on social media: @recheadlines on Twitter Facebook Linkedin

Congratulations Geeks Geezers and Googlization. To celebrate Season 2, my co-host Keith Campagna is live on the floor of #HRTechConf 2019. Keith’s observation: Technology is ubiquitous. Automation is not only inevitable but integral to HR’s survival. The crescendo of AI-driven technologies is only adding fuel to unprecedented transformation and disruption. HR technology is pushing everyone into uncharted territory, a world of unknown unknowns. The future will be transformative, different, scary, and even weird.  Listen now as Ira and Keith discuss what's going on in the world of HR technology and recap a year of conversations that included interviews with thought leaders about technology, artificial intelligence, education, mindfulness, marketing, the future of work, and lots of disruption. (You can listen all our shows here or on your favorite podcast.) We're also excited to welcome XOR as our newest sponsor. Check them out here.

Fredrik och Tobias värmer upp med blandade känslor efter semestern, men huvudämnet är Apollo guidance computer - datorn som tog människor till månen - och hur datorer egentligen fungerar på lägsta möjliga nivå. Det blir både historielektion och en lektion i datorers grundstenar. Hade du kunnat skriva program för att landa på månen med tio instruktioner? Innan huvudämnet några snabba nyheter: För det första kommer Kodsnacks spelsylt för upptagna tillbaka igen 7 september! Gör ett spel på två veckor som på något sätt knyter an till temat “under vatten”. Verktyget är precis som i första sylten Love2d, och nytt för denna gång är att du även är varmt välkommen att skapa andra konstnärliga bidrag än spel om du så vill. För det andra ska Tobias arrangera ett hackathon och vill mer än gärna ha in åsikter och tankar från lyssnarna kring vad ett bra hackathon ska tänka på. För det tredje ska Fredrik lite till sin egen förvåning öppningstala på Day of the programmer i Jönköping den tionde september. Ett stort tack till Cloudnet som sponsrar vår VPS! Har du kommentarer, frågor eller tips? Vi är @kodsnack, @tobiashieta, @iskrig, och @bjoreman på Twitter, har en sida på Facebook och epostas på info@kodsnack.se om du vill skriva längre. Vi läser allt som skickas. Gillar du Kodsnack får du hemskt gärna recensera oss i iTunes! Du kan också stödja podden genom att ge oss en kaffe (eller två!) på Ko-fi. Länkar Skuleberget Höga kusten Jona Kodsnacks spelsylt för upptagna, tredje upplagan Hackathon Day of the programmer - 10 september i Jönköping Venn-diagram Månlandningen Apollo guidance computer Command module Lunar module Saturn V Apple II Logic gates Relä AND-gate OR-gate NOR- och NAND-gate XOR-gate Full adder Register Register i Apollo guidance computer Margret Hamilton med utskrifterna Rope memory Saturn V-datorn Youtubeserien om restaureringen av den sista Apollo guidance computer Curious Mark Smarter every day om Saturn V-datorn Intervjun med Margret Hamilton The charming genius of the Apollo guidance computer AGC-källkoden Den virtuella AGC Titlar Du är helt säker på alla de här måtten? Ett hackathon i Gävle De flesta som lever på internet Extremt banbrytande på den tiden Just att hamna på månen är en av de svåraste sakerna Den rör sig fruktansvärt snabbt En tid då datorerna var stora som rum Det kommer inte att finnas en programmerare ombord Det som växte upp och blev datorerna idag Vad en transistor är Ett väldigt tydligt relä Ström eller inte ström När något blir två Stoppa 22 i ett register Alltid nästa grej Vi har tio instruktioner Verifiera att du har rätt Definitivt bisarrt, och roligt

MEP EP#177: Leeroy Jenkins TransistorCheck out our new MacroFab Design Contest: Useless Machine Sponsored by Mouser Electronics! Parker APA-102C-NEW-260 Tested DOOM SAO in production ST7789 LCD Works correctly Type-C works well Got the ATSAMD21 I2C EEPROM interface working SOON to be public Github repo Preorder on the AND!XOR website Atmel SWD to Tag Connect adapter works! ICE ICE BABY SOICBITE Stephen MacroAmp Rev 2: Sponsored by Mouser Electronics Schematic is complete Only grounds left to run and to do a review Completely rethought design Simulated power supplies uTracer data gathering for everything Gain calcs - one or two nutube? Coarse and fine volume controls PCB mounted Tube sockets Terminal blocks for easy assembly Wants to do something not audio related for next project R.F.O. Non-destructive banana ripeness determination using a neural network-based electronic nose Follow up from last weeks discussion with Nick Chelyapov Accuracy of 90.3% was reached using an “electronic nose” Sensors are sensitive to ethylene (the ripening hormone in climacteric fruit, such as apples, peaches, bananas, etc.) Buzzfeed for Electronics? Need More Energy Storage? Just Hit 'Print' Lords call for evidence on impact of digital tech Organic Semiconductors: One Transistor for All Purposes Renewable Energy Won't Make Bitcoin 'Green,' but Tweaking Its Mining Mechanism Might Powering Devices -- With a Desk Lamp? Beyond 1 and 0: Engineers boost potential for creating successor to shrinking transistors A multi-value logic transistor based on zinc oxide Zinc oxide combined to form a composite nanolayer, which is then incorporated with layers of other materials in a superlattice Visit our Public Slack Channel and join the conversation in between episodes!

Brian first told us about his very first Apple E computer and his journey up to college when he learned electrical engineering before switching major to computer science. He spoke about his first startup and his learnings, being a software engineer during the "DotCom Era". Brian then told us about the job where he learned most about teamwork and then about scaling applications. And we completed this very logical buildup by talking about the companies he created.Brian studied computer engineering at the University of Colorado. After graduating, he solved complex technology challenges for companies like Orbitz, BEA, US Freightways, XOR and Texturemedia. Brian is a technology entrepreneur who bootstrapped both his companies FusionAuth and CleanSpeak where he currently focuses on solving login, registration, and user management challenges.Here are the links of the show:https://twitter.com/bpontarellihttps://fusionauth.iohttps://www.linkedin.com/in/voidmainhttps://fusionauth.iohttps://cleanspeak.comhttps://blog.codinghorror.com/the-magpie-developerCreditsMusic Aye by Yung Kartz is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License.Your hostSoftware Developer‘s Journey is hosted and produced by Timothée (Tim) Bourguignon, a crazy frenchman living in Germany who dedicated his life to helping others learn & grow. More about him at timbourguignon.fr.Want to be next?Do you know anyone who should be on the podcast? Do you want to be next? Drop me a line: info@devjourney.info or via Twitter @timothep.Gift the podcast a ratingPlease do me and your fellow listeners a favor by spreading the good word about this podcast. And please leave a rating (excellent of course) on the major podcasting platforms, this is the best way to increase the visibility of the podcast:Apple PodcastsStitcherGoogle PlayThanks!Support the show (http://bit.ly/2yBfySB)

Mike Cook founded XOR with more than 25 years of experience building data sharing solutions for risk, operational efficiencies and compliance.In 2002, Cook co-founded ID Analytics, building it from concept stage into a high-growth, profitable company serving more than 280 enterprise clients, including 5 million consumers.Positive Phil Podcast is a daily podcast hosted by Positive Phil. Our popular growing podcast currently airs on iTunes, TuneIn, Stitcher, Spreaker, Soundcloud, on our official website, RSS feeds globally, and many more digital platforms!If you are looking for another way to stay motivated in life, be sure to subscribe to our episodes.www.positivephil.com

Mike Cook founded XOR with more than 25 years of experience building data sharing solutions for risk, operational efficiencies and compliance.In 2002, Cook co-founded ID Analytics, building it from concept stage into a high-growth, profitable company serving more than 280 enterprise clients, including 5 million consumers.Positive Phil Podcast is a daily podcast hosted by Positive Phil. Our popular growing podcast currently airs on iTunes, TuneIn, Stitcher, Spreaker, Soundcloud, on our official website, RSS feeds globally, and many more digital platforms!If you are looking for another way to stay motivated in life, be sure to subscribe to our episodes.www.positivephil.com

MEP EP#173: Sidecreeping GyrationsParker DOOM SAO ATSAMD21G18 Will be Arduino compatible Break out the majority of the I/O ST7789 LCD 1.3” 240x240 resolution SPI USB Type-C EEPROM AND!XOR for SAO reference designs Designed some arduino shields boards for the “smart LEDs” for testing PinoTaur update Software for the ATSAMD21G18 going well Lots of SPI and DMA going on to control the shift registers Stephen Macro Amp Differences Surface mount tech with high voltage Wilkinson Audio Fredman Clip Test recording Gyrator - Simulated Inductor R.F.O. Glass Enterprise Edition 2: faster and more helpful Industrial Augmented Reality Safety Glasses Styled Kit converts Raspberry Pi into Alexa-type home automation system They can be understood by anyone, says the Geek Shop, regardless of education or training. Direct link A One-Page Guide to Fixing Radiated Emissions FCC/CE testing for PCBs. Find the Aggressor! Nash Reilly Visit our Public Slack Channel and join the conversation in between episodes!

ROAR Conference 2019 + Spencer Sunshine on Fascism This week on the show, we feature two segments. First up, an organizer with the Revolutionary Organizing Against Racism, or ROAR Conference shares perspectives on the upcoming conference, May 18 & 19, 2019 on stolen Ohlone land in the so-called Bay Area. More info on ROAR Conference at roar-conference.com Then I spoke with journalist and anti-racist activist Spencer Sunshine about various far right and racist tendencies such as traditionalism and third-positionism, in relation to the current landscape of anti-fascist struggle in Turtle Island and in particular tendencies suspected in relation to the demolition of a building at the Highlander Education and Research Center in New Market, TN at the end of March, 2019. More writings by Spencer can be found at spencersunshine.com, at his fedbook author page or on twitter by searching the username @transform6789. The essay that Spencer mentioned, 40 Ways to Fight Nazis can be found here: https://spencersunshine.com/2018/08/10/40-ways-to-fight-nazis/ Announcements Atlanta Solidarity On Friday, April 12th at 8pm there was a ruckus noise demo outside the Dekalb County Jail where prisoners had been able to get out word of physical violence out of camera-view by guards, black mold conditions and more against the mostly indigent, mostly POC prisoner population in this Atlanta Jail. You can hear an interview with the mother of two prisoners mistreated in that jail who got the word out about conditions on IGD's This Is America #68 from April 12, 2019. At the noise demo, at least two people were arrested and there's a fundraiser up to help cover legal costs. You can find that fundraiser and kick in by visiting atlsolidarity.org Immigrant Solidarity Rally, Asheville Listeners in the Asheville area, on Monday April 15th there'll be a demonstration in front of the Federal Building at 115 Patton Ave in downtown to mark the year anniversary of the 2018 ICE raids against our communities. The demo will be organized by CIMA, or Companeros Inmigrantes de las Montanas en Accion, and will focus on the continued danger faced by our undocumented loved ones, friends and families. This is also in opposition to HB370 currently in process at the state level that would force collaboration between sheriff departments and Immigration and Customs Enforcement. CIMA urges people to show up in force. Asheville Black Mama Bail Out Benefit Also, on Saturday, April 27th at show o'clock at The Bottle Shop next to Firestorm Books, Blue Ridge ABC will be hosting a benefit for Black Mama Bail Out efforts organized by Southerners On New Ground. The show will feature performances by XOR, Kangarot, Nomadic War Machine and more. Check out the flyer and more up at brabc.blackblogs.org . ... . .. Show playlist.

Our guest today is Spandan Sharma from MaidSafe. We go over the results of the second community testing of Crust, the automated peer-to-peer connection library being developed by MaidSafe for the SAFE Network, and available for open source use by other P2P projects as they find useful. In looking at all that the upper network layer needs the Crust connection level to do, we take a peek into the Routing level, which is the heart of the SAFE Network structure. Enjoy. MUSIC Music for this episode: Safe Crossroads Beta, an original piece composed and performed by Nicholas Koteskey of Two Faced Heroes LINKS [MaidSafe](http://maidsafe.net) [safenetwork.tech](https://safenetwork.tech) [SAFE Network School episode breaking down the XOR function, and a lot more related to the Routing level of the SAFE Network](https://safecrossroads.net/podcasts/episode-21-class-iv-reaching-bedrock/) [Medium article: Why the Internet Needs Evolution (Again)](https://medium.com/safenetwork/why-the-internet-needs-to-evolve-again-88b13bd5a58a) [Proposal for Public Name System using RDF on the SAFE Network](https://github.com/joshuef/rfcs/blob/PnsAndResolveableMap/text/0000-RDF-for-public-name-resolution/0000-RDF-for-public-name-resolution.md)

Espress-ify? Designing Products Around the ESP-32 Platform. Guests Zapp Chief Bling Officer (CBO) at AND!XOR During his limited free time he writes vulnerable C code, dabbles in Kicad, and trolls Arduino bot accounts on Twitter Never been seen at the same time and place as Batman...But then again, neither has Stephen Hyr0n A button pusher, easily replaced by a thousand monkeys with a thousand laptops, but manages to crank out firmware and hacker puzzles If you’re reading this statement, he already has root access to your computer We have had Zapp and Hyr0n on the podcast before. Check out MEP EP#69: Incognito Mode and MEP EP#109 Arduino, The Gateway Drug To #BadgeLife. Topics Hyr0n’s Theremin Arduino bot accounts? Quick Recap on DEF CON 26 and the Bender AND!XOR Badge Engineering Process behind badge design idea -> thing Come up with all the ideas and Venn Diagram the hardware needed to enable those ideas Espressif ESP32 Pushing it to the limit Spec sheet thots "oh shit, nice, lots of ram" Developer after math "oh shit, xtensa sdk blows, it needs all that RAM" Pros and Cons Hardware and software interactions are interesting and poorly documented Erratas? SD Card failures? Hackaday Badge and Hackaday Super Conference Zapp and Hyr0n are giving a talk about lulzcode and hardware puzzles Lulzcode docs Visit our Slack Channel and join the conversation in between episodes and please review us, wherever you listen (PodcastAddict, iTunes). It helps this show stay visible and helps new listeners find us.Tags: AND!XOR, Arduino Bot Accounts, Bender, DEF CON 26, electronics podcast, ESP-32, ESP32, Espressif, Hackaday, HyR0n, Lulzcode, MacroFab, macrofab engineering podcast, MEP, Super Con, Theremin, WROVER, Zapp

Sponsored by WorkHere.com and Hiretual The world of employer branding is becoming an increasingly important part in the war for talent. Over the past few years many tools and services have emerged for this part of talent attraction. From video tools to review sites, maintaining and improving your company's reputation is easier with the players listed below. VIDEO TOOLS & SERVICES   Ripl (marketing app in your pocket) SparcStart Monster Studios (app) AltruLabs (new startup) VideoMyJob (mobile app) Ongig Digi-Me (give them a job description they create video) Magisto (online video maker) JobStories (webinars for jobs)   ON SITE VIDEO SERVICES   SkillScout Stories Inc JobViddy (UK) The Muse   REVIEW SITES   Glassdoor Indeed Reviews Kununu FairyGodBoss (company reviews for women) Ratedly (aggregates reviews)   EMPLOYEE ADVOCACY TOOLS   FirmPlay LinkedIn Elevate Sociabble (communications, advocacy, social selling) Dynamic Signal (employee content and communication) Everyone Social Bambu (from SproutSocial)   CAREER SITES/JOB DESCRIPTIONS   ViziRecruiter (visual job pages) TMP Advanced Job Descriptions NextWave Hire (talent communities, microsites) Clinch Talent (CRM - career sites) Ruutly (visual job descriptions) CareerSiteCloud (career site and analytics) Job Page Grader (see how your posting ranks) Textio (augmented job writing tool) TapRecruit (team based job ad writing)   CANDIDATE EXPERIENCE TOOLS   Great Hires (interview experience tool) HelloHire (candidate experience audit) Survale (candidate survey tool) Rejobify (rejection email templates) Canvas (text interviewing chatbot) GoHire (chatbot) AllyO (virtual recruiter technology) Job Pal (chatbot) Hire Humanly (chatbot) Paradox/Olivia (chatbot) RoboRecruiter (chatbot) Wade&Wendy (chatbot) XOR (chatbot) Emerson/SmashFly (chatbot)  

Előző részeg tartalmából: yaaaay 10. adás yaaay - Ninja mikrofonja + Mosquito attack // http://bit.ly/2ps7nmG - Ninja bankot rabolt - Béla és a MediaMarkt security - XOR.DDoS - No more ransom // http://bit.ly/2FOp5vL PATREON: http://patreon.com/hackeslangos WEB: https://hackeslangos.show Telegram: http://t.me/hackeslangos Mail: hackeslangos@protonmail.com Twitter: @hackeslangos @elektr0ninja @anternna

Arduino, The Gateway Drug To #BadgeLifeAND!XOR Check out the previous MEP EP#69 Incognito Mode for the last time the AND!XOR group was on the podcast Bitstr3m Did the Android mobile application for the DEFCON 25 badge Zapp Does the hardware design. HyR0n Embedded software, puzzles, ect DEFCON 25 RECAP Last years badge details Hunter S Thompson as Bender, bender on a bender Botnet Changing voltage regulators mid manufacturing run QFN design on PCB Iterative prototyping HotFix to patch BLE exploit Hacking IoT Vodka Badge Sales DEFCON 26 new Badge details Hardware or Software secrets? Double down on botnet Lessons learned to apply to the new badge? WS2812Bs do not reflow well QFN design on PCB is critical Implement OTA updates Iterative prototyping I2C Looking forward to this year? Not flashing badges three times Going to hacker jeopardy Want to see more people hacking badges Visit our Slack Channel and join the conversation in between episodes and please review us, wherever you listen (PodcastAddict, iTunes). It helps this show stay visible and helps new listeners find us.Tags: electronics podcast, MacroFab, macrofab engineering podcast, MEP, Podcast

Fala galera, tudo bem? Apresentamos o primeiro episódio do ParódiaCast, onde nós do TestCast iremos gravar paródias de músicas famosas no contexto de teste e qualidade de software e TI em geral. E dessa vez, a música escolhida foi Evidências, do Chitãozinho e Xoróró

The Q&A EpisodeIris Weeden MacroFab's Marketing Director Award-winning marketer with ten years of experience Native Houstonian and lover of music, dogs, and beers Episode 100!!!!!! The Q&A Episode Thanks to our listeners who submitted questions through email and our Slack channel Questions Brandon Drury How in the hell does one survive engineering school? What should a person expect to get from a bachelor's degree in electrical engineering? What's the dumbest/smartest thing a person can do with shift registers? What's a good resource for learning how to prototype? My wires are always a mess. I have no idea what kind of box can hold panel-style outlets. I'm looking for a resource that will improve my ability to take a circuit that works into a form factor, that will allow it to be tested in a halfway reliable way. Emmett Naughton What's the best way to get a electrical engineering job? Mostly for somebody with a degree but who doesn't have job experience in the field. Stephen Newberry What is the best method for us hardware engineers to monetize our side projects? I personally don't have the time to handle manufacturing or customer support in the long term. I've considered contacting companies to sell a design for a lump sum or royalty based model, but I've never gone through with it. What are your suggestions on what will or won't work best? Tom Anderson I would like to hear the story behind: What is the worst electrical shock that (one of the guys) has ever had? From Episode #85 Hyr0n of the AND!XOR team What is the difference between a duck? All of a sudden one of the following two things no longer exists: Craft Beer OR Lead-Alloy Solder. Which do you pick? Zapp of the AND!XOR team Would you rather assemble 1,000 duck sized horse PCBs or 1 horse sized duck PCB?Tags: 1000 Duck sized Horse PCBs, electronics podcast, MacroFab, macrofab engineering podcast, MEP, PCB material, Podcast, Question and Answer

We explore whether a BSD can replicate Cisco router performance; RETGUARD, OpenBSDs new exploit mitigation technology, Dragonfly's HAMMER2 filesystem implementation & more! This episode was brought to you by Headlines Can a BSD system replicate the performance of a Cisco router? (https://www.reddit.com/r/networking/comments/6upchy/can_a_bsd_system_replicate_the_performance_of/) Short Answer: No, but it might be good enough for what you need Traditionally routers were built with a tightly coupled data plane and control plane. Back in the 80s and 90s the data plane was running in software on commodity CPUs with proprietary software. As the needs and desires for more speeds and feeds grew, the data plane had to be implemented in ASICs and FPGAs with custom memories and TCAMs. While these were still programmable in a sense, they certainly weren't programmable by anyone but a small handful of people who developed the hardware platform. The data plane was often layered, where features not handled by the hardware data plane were punted to a software only data path running on a more general CPU. The performance difference between the two were typically an order or two of magnitude. source (https://fd.io/wp-content/uploads/sites/34/2017/07/FDioVPPwhitepaperJuly2017.pdf) Except for encryption (e.g. IPsec) or IDS/IPS, the true measure of router performance is packets forwarded per unit time. This is normally expressed as Packets-per-second, or PPS. To 'line-rate' forward on a 1gbps interface, you must be able to forward packets at 1.488 million pps (Mpps). To forward at "line-rate" between 10Gbps interfaces, you must be able to forward at 14.88Mpps. Even on large hardware, kernel-forwarding is limited to speeds that top out below 2Mpps. George Neville-Neil and I did a couple papers on this back in 2014/2015. You can read the papers (https://github.com/freebsd-net/netperf/blob/master/Documentation/Papers/ABSDCon2015Paper.pdf) for the results. However, once you export the code from the kernel, things start to improve. There are a few open source code bases that show the potential of kernel-bypass networking for building a software-based router. The first of these is netmap-fwd which is the FreeBSD ip_forward() code hosted on top of netmap, a kernel-bypass technology present in FreeBSD (and available for linux). Full-disclosure, netmap-fwd was done at my company, Netgate. netmap-fwd will l3 forward around 5 Mpps per core. slides (https://github.com/Netgate/netmap-fwd/blob/master/netmap-fwd.pdf) The first of these is netmap-fwd (https://github.com/Netgate/netmap-fwd) which is the FreeBSD ip_forward() code hosted on top of netmap (https://github.com/luigirizzo/netmap), a kernel-bypass technology present in FreeBSD (and available for linux). Full-disclosure, netmap-fwd was done at my company, Netgate. (And by "my company" I mean that I co-own it with my spouse.). netmap-fwd will l3 forward around 5 Mpps per core. slides (https://github.com/Netgate/netmap-fwd/blob/master/netmap-fwd.pdf) Nanako Momiyama of the Keio Univ Tokuda Lab presented on IP Forwarding Fastpath (https://www.bsdcan.org/2017/schedule/events/823.en.html) at BSDCan this past May. She got about 5.6Mpps (roughly 10% faster than netmap-fwd) using a similar approach where the ip_foward() function was rewritten as a module for VALE (the netmap-based in-kernel switch). Slides (https://2016.eurobsdcon.org/PresentationSlides/NanakoMomiyama_TowardsFastIPForwarding.pdf) from her previous talk at EuroBSDCon 2016 are available. (Speed at the time was 2.8Mpps.). Also a paper (https://www.ht.sfc.keio.ac.jp/~nanako/conext17-sw.pdf) from that effort, if you want to read it. Of note: They were showing around 1.6Mpps even after replacing the in-kernel routing lookup algorithm with DXR. (DXR was written by Luigi Rizzo, who is also the primary author of netmap.) Not too long after netmap-fwd was open sourced, Ghandi announced packet-journey, an application based on drivers and libraries and from DPDK. Packet-journey is also an L3 router. The GitHub page for packet-journey lists performance as 21,773.47 mbps (so 21.77Gbps) for 64-byte UDP frames with 50 ACLs and 500,000 routes. Since they're using 64-byte frames, this translates to roughly 32.4Mpps. Finally, there is recent work in FreeBSD (which is part of 11.1-RELEASE) that gets performance up to 2x the level of netmap-fwd or the work by Nanako Momiyama. 10 million PPS: Here (http://blog.cochard.me/2015/09/receipt-for-building-10mpps-freebsd.html) is a decent introduction. But of course, even as FreeBSD gets up to being able to do 10gbps at line-rate, 40 and 100 gigabits are not uncommon now Even with the fastest modern CPUs, this is very little time to do any kind of meaningful packet processing. At 10Gbps, your total budget per packet, to receive (Rx) the packet, process the packet, and transmit (Tx) the packet is 67.2 ns. Complicating the task is the simple fact that main memory (RAM) is 70 ns away. The simple conclusion here is that, even at 10Gbps, if you have to hit RAM, you can't generate the PPS required for line-rate forwarding. There is some detail about design tradeoffs in the Ryzen architecture and how that might impact using those machines as routers Anyway... those are all interesting, but the natural winner here is FD.io's Vector Packet Processing (VPP). Read this (http://blogs.cisco.com/sp/a-bigger-helping-of-internet-please) VPP is an efficient, flexible open source data plane. It consists of a set of forwarding nodes arranged in a directed graph and a supporting framework. The framework has all the basic data structures, timers, drivers (and interfaces to both DPDK and netmap), a scheduler which allocates the CPU time between the graph nodes, performance and debugging tools, like counters and built-in packet trace. The latter allows you to capture the paths taken by the packets within the graph with high timestamp granularity, giving full insight into the processing on a per-packet level. The net result here is that Cisco (again, Cisco) has shown the ability to route packets at 1 Tb/s using VPP on a four socket Purley system There is also much discussion of the future of pfSense, as they transition to using VPP This is a very lengthy write up which deserves a full read, plus there are some comments from other people *** RETGUARD, the OpenBSD next level in exploit mitigation, is about to debut (https://marc.info/?l=openbsd-tech&m=150317547021396&w=2) This year I went to BSDCAN in Ottawa. I spent much of it in the 'hallway track', and had an extended conversation with various people regarding our existing security mitigations and hopes for new ones in the future. I spoke a lot with Todd Mortimer. Apparently I told him that I felt return-address protection was impossible, so a few weeks later he sent a clang diff to address that issue... The first diff is for amd64 and i386 only -- in theory RISC architectures can follow this approach soon. The mechanism is like a userland 'stackghost' in the function prologue and epilogue. The preamble XOR's the return address at top of stack with the stack pointer value itself. This perturbs by introducing bits from ASLR. The function epilogue undoes the transform immediately before the RET instruction. ROP attack methods are impacted because existing gadgets are transformed to consist of " RET". That pivots the return sequence off the ROP chain in a highly unpredictable and inconvenient fashion. The compiler diff handles this for all the C code, but the assembly functions have to be done by hand. I did this work first for amd64, and more recently for i386. I've fixed most of the functions and only a handful of complex ones remain. For those who know about polymorphism and pop/jmp or JOP, we believe once standard-RET is solved those concerns become easier to address seperately in the future. In any case a substantial reduction of gadgets is powerful. For those worried about introducing worse polymorphism with these "xor; ret" epilogues themselves, the nested gadgets for 64bit and 32bit variations are +1 "xor %esp,(%rsp); ret", +2 "and $0x24,%al; ret" and +3 "and $0xc3,%al; int3". Not bad. Over the last two weeks, we have received help and advice to ensure debuggers (gdb, egdb, ddb, lldb) can still handle these transformed callframes. Also in the kernel, we discovered we must use a smaller XOR, because otherwise userland addresses are generated, and cannot rely on SMEP as it is really new feature of the architecture. There were also issues with pthreads and dlsym, which leads to a series of uplifts around _builtinreturn_address and DWARF CFI. Application of this diff doesn't require anything special, a system can simply be built twice. Or shortcut by building & installing gnu/usr.bin/clang first, then a full build. We are at the point where userland and base are fully working without regressions, and the remaining impacts are in a few larger ports which directly access the return address (for a variety of reasons). So work needs to continue with handling the RET-addr swizzle in those ports, and then we can move forward. You can find the full message with the diff here (https://marc.info/?l=openbsd-tech&m=150317547021396&w=2) *** Interview - Ed Maste, Charlie & Siva - @ed_maste (https://twitter.com/ed_maste), @yzgyyang (https://twitter.com/yzgyyang) & @svmhdvn (https://twitter.com/svmhdvn) Co-op Students for the FreeBSD Foundation *** News Roundup Next DFly release will have an initial HAMMER2 implementation (http://lists.dragonflybsd.org/pipermail/users/2017-August/313558.html) The next DragonFly release (probably in September some time) will have an initial HAMMER2 implementation. It WILL be considered experimental and won't be an installer option yet. This initial release will only have single-image support operational plus basic features. It will have live dedup (for cp's), compression, fast recovery, snapshot, and boot support out of the gate. This first H2 release will not have clustering or multi-volume support, so don't expect those features to work. I may be able to get bulk dedup and basic mirroring operational by release time, but it won't be very efficient. Also, right now, sync operations are fairly expensive and will stall modifying operations to some degree during the flush, and there is no reblocking (yet). The allocator has a 16KB granularity (on HAMMER1 it was 2MB), so for testing purposes it will still work fairly well even without reblocking. The design is in a good place. I'm quite happy with how the physical layout turned out. Allocations down to 1KB are supported. The freemap has a 16KB granularity with a linear counter (one counter per 512KB) for packing smaller allocations. INodes are 1KB and can directly embed 512 bytes of file data for files 512 bytes. The freemap is also zoned by type for I/O locality. The blockrefs are 'fat' at 128 bytes but enormously powerful. That will allow us to ultimately support up to a 512-bit crypto hash and blind dedup using said hash. Not on release, but that's the plan. I came up with an excellent solution for directory entries. The 1KB allocation granularity was a bit high but I didn't want to reduce it. However, because blockrefs are now 128 byte entities, and directory entries are hashed just like in H1, I was able to code them such that a directory entry is embedded in the blockref itself and does not require a separate data reference or allocation beyond that. Filenames up to 64 bytes long can be accomodated in the blockref using the check-code area of the blockref. Longer filenames will use an additional data reference hanging off the blockref to accomodate up to 255 char filenames. Of course, a minimum of 1KB will have to be allocated in that case, but filenames are

The Greek Tragedy of ADCs Parker With the success of the Raspberry Pi Compute Module LVDS test board. I started putting together the PinHeck REV8 board More Python and OpenCV work (fun!) Have the webcam taking pictures Auto Crops and records all the images of parts Looking into a higher resolution camera, more info on that later Stephen Parts for the filter finally shipped! Started putting together the boards Like the multi colored jumpers Veroboard - Strip Board Mouser Part Number 854-ST2 80 x 100 mm with mounting holes Use a 7/32" drill bit and a jeweler's drill to cut traces and brillow pad to clean up Going to add a tube preamp to the synth output Already have the preamp built. Just need to connect it. Schematic Tritrix speakers and the nutube amp. Kicking up the nutube amp again The speakers are almost built just need to paint and finish 3d printed a plate for soldering the crossover to Pick Of the Week (POW) Nuvoton NAU7802 - found on the Nice Chips Subreddit Precision low-power 24-bit ADC , with an onboard low-noise PGA, onboard oscillator, and a precision 24-bit sigma-delta ADC . Capable of up to 23-bit ENOB (Effective Number Of Bits) performance. SOP-16 or DIP-16 I2C $2.22 in singles Gotcha @10SPS, PGA=1 Rapid Fire Opinion (RFO) At Last, (Almost) A Cellphone With No Batteries! - HackADay University of Washington The first-ever battery free cell phone, able to make calls by scavenging ambient power. Not really a cellphone. Its really a remote handset for a base station. 3.5 microwatts and transmits 31 ft away. Evaluation boards for USB type-C power delivery - Electronics Weekly Rohm has announced USB Power Delivery (USBPD) transmitter/receiver evaluation boards. 15 to 100WTags: 854-ST2, AND!XOR, BM92A21MWV-EVK-001, Click Bait, MacroFab, macrofab engineering podcast, MEP, NAU7802, Nuvoton, OpenCV, pinheck pinball system, Podcast, Python, RPI3 CM, Tritrix Speakers, Tube Preamp, USB Type-C, Veroboard

Obfuscating Without XOR https://isc.sans.edu/forums/diary/Obfuscating+without+XOR/22544/ Airbnb OAUTH Token Theft https://www.arneswinnen.net/2017/06/authentication-bypass-on-airbnb-via-oauth-tokens-theft/ Critical Drupal Vulnerablity https://www.drupal.org/SA-CORE-2017-003 Auditing Docker Containers https://www.sans.org/reading-room/whitepapers/auditing/checklist-audit-docker-containers-37437

Obfuscating Without XOR https://isc.sans.edu/forums/diary/Obfuscating+without+XOR/22544/ Airbnb OAUTH Token Theft https://www.arneswinnen.net/2017/06/authentication-bypass-on-airbnb-via-oauth-tokens-theft/ Critical Drupal Vulnerablity https://www.drupal.org/SA-CORE-2017-003 Auditing Docker Containers https://www.sans.org/reading-room/whitepapers/auditing/checklist-audit-docker-containers-37437

Incognito Mode HyR0n Mathematician, Computer Scientist, & Systems Engineer making the world a better place with homebrew booze and electronic bling. Zapp Has been writing software since age 8. Eventually making a career in developing for Java systems. He has since been promoted away from they keyboard and his life is now MS Office and meetings. Didn’t know how to solder before DC23 . Arduino was his gateway drug - all 15 projects of the starter kit in a few days. Defcon Badges Official badge has a deep puzzle - other badges filled with goo and mechanical. Becomes part of the culture. And!xor - is unique - most people are hacking badges. Way more to their badges. Ways to hack between badges. Taco Town Defcon Event Hack everything from cryptography, cars, voting machines, bluetooth, lock picking villages, people will teach you if you’re willing to learn. Social engineering is a big village Villages - way bigger than booths 2k sf each, have their own badges, demos, hands on events, IoT village 20K - 30K Defcon for newbies - don’t bring a phone, no wireless, bluetooth, no photos. Just go, have fun and learn. Cash only. New Defcon Badge HackADay.io Page KickStarter Page Specs Rigado BMD-300 SoC Based on the Nordic NRF52 BLE SoC ARM Cortex M4F 512kb flash 64kb rom 15 x WS2812B LEDs 5 buttons Tilt switch LED used for ambient light sensing Standard SWD 10-pin mini header Exposed GPIO MicroSD w/ 2GB card included 128x128 16-bit color display (ST7735) SECRET COMPONENT Has a Chip-8 emulator Can run Tclish scripting code Has built in games like Ski Free where Man Bear Pig chases you BOM and Gerbers might be open after Defcon. Bender has a 6502 as a brain/cpu Hack defcon with beer - bring your own bottled corona, so you don’t have to spend $9 / bottle Hacking aka counterfeiting? Special thanks to whixr over at Tymkrs for the intro and outro!Tags: 6502, AND!XOR, Bender, BMD-300, Defcon 25, HyR0n, MacroFab, macrofab engineering podcast, MEP, NRF52, Podcast, Rigado, Taco Town, WS2812B, Zapp

Feed Forward Neural Networks In a feed forward neural network, neurons cannot form a cycle. In this episode, we explore how such a network would be able to represent three common logical operators: OR, AND, and XOR. The XOR operation is the interesting case. Below are the truth tables that describe each of these functions. AND Truth Table Input 1 Input 2 Output 0 0 0 0 1 0 1 0 0 1 1 1 OR Truth Table Input 1 Input 2 Output 0 0 0 0 1 1 1 0 1 1 1 1 XOR Truth Table Input 1 Input 2 Output 0 0 0 0 1 1 1 0 1 1 1 0 The AND and OR functions should seem very intuitive. Exclusive or (XOR) if true if and only if exactly single input is 1. Could a neural network learn these mathematical functions? Let's consider the perceptron described below. First we see the visual representation, then the Activation function , followed by the formula for calculating the output.         Can this perceptron learn the AND function? Sure. Let and What about OR? Yup. Let and An infinite number of possible solutions exist, I just picked values that hopefully seem intuitive. This is also a good example of why the bias term is important. Without it, the AND function could not be represented. How about XOR? No. It is not possible to represent XOR with a single layer. It requires two layers. The image below shows how it could be done with two laters.     In the above example, the weights computed for the middle hidden node capture the essence of why this works. This node activates when recieving two positive inputs, thus contributing a heavy penalty to be summed by the output node. If a single input is 1, this node will not activate. Universal approximation theorem tells us that any continuous function can be tightly approximated using a neural network with only a single hidden layer and a finite number of neurons. With this in mind, a feed forward neural network should be adaquet for any applications. However, in practice, other network architectures and the allowance of more hidden layers are empirically motivated. Other types neural networks have less strict structal definitions. The various ways one might relax this constraint generate other classes of neural networks that often have interesting properties. We'll get into some of these in future mini-episodes.   Check out our recent blog post on how we're using Periscope Data cohort charts. Thanks to Periscope Data for sponsoring this episode. More about them at periscopedata.com/skeptics

This week on BSDNow, reports from AsiaBSDcon, TrueOS and FreeBSD news, Optimizing IllumOS Kernel, your questions and more. This episode was brought to you by Headlines AsiaBSDcon Reports and Reviews () AsiaBSDcon schedule (https://2017.asiabsdcon.org/program.html.en) Schedule and slides from the 4th bhyvecon (http://bhyvecon.org/) Michael Dexter's trip report on the iXsystems blog (https://www.ixsystems.com/blog/ixsystems-attends-asiabsdcon-2017) NetBSD AsiaBSDcon booth report (http://mail-index.netbsd.org/netbsd-advocacy/2017/03/13/msg000729.html) *** TrueOS Community Guidelines are here! (https://www.trueos.org/blog/trueos-community-guidelines/) TrueOS has published its new Community Guidelines The TrueOS Project has existed for over ten years. Until now, there was no formally defined process for interested individuals in the TrueOS community to earn contributor status as an active committer to this long-standing project. The current core TrueOS developers (Kris Moore, Ken Moore, and Joe Maloney) want to provide the community more opportunities to directly impact the TrueOS Project, and wish to formalize the process for interested people to gain full commit access to the TrueOS repositories. These describe what is expected of community members and committers They also describe the process of getting commit access to the TrueOS repo: Previously, Kris directly handed out commit bits. Now, the Core developers have provided a small list of requirements for gaining a TrueOS commit bit: Create five or more pull requests in a TrueOS Project repository within a single six month period. Stay active in the TrueOS community through at least one of the available community channels (Gitter, Discourse, IRC, etc.). Request commit access from the core developers via core@trueos.org OR Core developers contact you concerning commit access. Pull requests can be any contribution to the project, from minor documentation tweaks to creating full utilities. At the end of every month, the core developers review the commit logs, removing elements that break the Project or deviate too far from its intended purpose. Additionally, outstanding pull requests with no active dissension are immediately merged, if possible. For example, a user submits a pull request which adds a little-used OpenRC script. No one from the community comments on the request or otherwise argues against its inclusion, resulting in an automatic merge at the end of the month. In this manner, solid contributions are routinely added to the project and never left in a state of “limbo”. The page also describes the perks of being a TrueOS committer: Contributors to the TrueOS Project enjoy a number of benefits, including: A personal TrueOS email alias: @trueos.org Full access for managing TrueOS issues on GitHub. Regular meetings with the core developers and other contributors. Access to private chat channels with the core developers. Recognition as part of an online Who's Who of TrueOS developers. The eternal gratitude of the core developers of TrueOS. A warm, fuzzy feeling. Intel Donates 250.000 $ to the FreeBSD Foundation (https://www.freebsdfoundation.org/news-and-events/latest-news/new-uranium-level-donation-and-collaborative-partnership-with-intel/) More details about the deal: Systems Thinking: Intel and the FreeBSD Project (https://www.freebsdfoundation.org/blog/systems-thinking-intel-and-the-freebsd-project/) Intel will be more actively engaging with the FreeBSD Foundation and the FreeBSD Project to deliver more timely support for Intel products and technologies in FreeBSD. Intel has contributed code to FreeBSD for individual device drivers (i.e. NICs) in the past, but is now seeking a more holistic “systems thinking” approach. Intel Blog Post (https://01.org/blogs/imad/2017/intel-increases-support-freebsd-project) We will work closely with the FreeBSD Foundation to ensure the drivers, tools, and applications needed on Intel® SSD-based storage appliances are available to the community. This collaboration will also provide timely support for future Intel® 3D XPoint™ products. Thank you very much, Intel! *** Applied FreeBSD: Basic iSCSI (https://globalengineer.wordpress.com/2017/03/05/applied-freebsd-basic-iscsi/) iSCSI is often touted as a low-cost replacement for fibre-channel (FC) Storage Area Networks (SANs). Instead of having to setup a separate fibre-channel network for the SAN, or invest in the infrastructure to run Fibre-Channel over Ethernet (FCoE), iSCSI runs on top of standard TCP/IP. This means that the same network equipment used for routing user data on a network could be utilized for the storage as well. This article will cover a very basic setup where a FreeBSD server is configured as an iSCSI Target, and another FreeBSD server is configured as the iSCSI Initiator. The iSCSI Target will export a single disk drive, and the initiator will create a filesystem on this disk and mount it locally. Advanced topics, such as multipath, ZFS storage pools, failover controllers, etc. are not covered. The real magic is the /etc/ctl.conf file, which contains all of the information necessary for ctld to share disk drives on the network. Check out the man page for /etc/ctl.conf for more details; below is the configuration file that I created for this test setup. Note that on a system that has never had iSCSI configured, there will be no existing configuration file, so go ahead and create it. Then, enable ctld and start it: sysrc ctld_enable=”YES” service ctld start You can use the ctladm command to see what is going on: root@bsdtarget:/dev # ctladm lunlist (7:0:0/0): Fixed Direct Access SPC-4 SCSI device (7:0:1/1): Fixed Direct Access SPC-4 SCSI device root@bsdtarget:/dev # ctladm devlist LUN Backend Size (Blocks) BS Serial Number Device ID 0 block 10485760 512 MYSERIAL 0 MYDEVID 0 1 block 10485760 512 MYSERIAL 1 MYDEVID 1 Now, let's configure the client side: In order for a FreeBSD host to become an iSCSI Initiator, the iscsd daemon needs to be started. sysrc iscsid_enable=”YES” service iscsid start Next, the iSCSI Initiator can manually connect to the iSCSI target using the iscsictl tool. While setting up a new iSCSI session, this is probably the best option. Once you are sure the configuration is correct, add the configuration to the /etc/iscsi.conf file (see man page for this file). For iscsictl, pass the IP address of the target as well as the iSCSI IQN for the session: + iscsictl -A -p 192.168.22.128 -t iqn.2017-02.lab.testing:basictarget You should now have a new device (check dmesg), in this case, da1 The guide them walks through partitioning the disk, and laying down a UFS file system, and mounting it This it walks through how to disconnect iscsi, incase you don't want it anymore This all looked nice and easy, and it works very well. Now lets see what happens when you try to mount the iSCSI from Windows Ok, that wasn't so bad. Now, instead of sharing an entire space disk on the host via iSCSI, share a zvol. Now your windows machine can be backed by ZFS. All of your problems are solved. Interview - Philipp Buehler - pbuehler@sysfive.com (mailto:pbuehler@sysfive.com) Technical Lead at SysFive, and Former OpenBSD Committer News Roundup Half a dozen new features in mandoc -T html (http://undeadly.org/cgi?action=article&sid=20170316080827) mandoc (http://man.openbsd.org/mandoc.1)'s HTML output mode got some new features Even though mdoc(7) is a semantic markup language, traditionally none of the semantic annotations were communicated to the reader. [...] Now, at least in -T html output mode, you can see the semantic function of marked-up words by hovering your mouse over them. In terminal output modes, we have the ctags(1)-like internal search facility built around the less(1) tag jump (:t) feature for quite some time now. We now have a similar feature in -T html output mode. To jump to (almost) the same places in the text, go to the address bar of the browser, type a hash mark ('#') after the URI, then the name of the option, command, variable, error code etc. you want to jump to, and hit enter. Check out the full report by Ingo Schwarze (schwarze@) and try out these new features *** Optimizing IllumOS Kernel Crypto (http://zfs-create.blogspot.com/2014/05/optimizing-illumos-kernel-crypto.html) Sašo Kiselkov, of ZFS fame, looked into the performance of the OpenSolaris kernel crypto framework and found it lacking. The article also spends a few minutes on the different modes and how they work. Recently I've had some motivation to look into the KCF on Illumos and discovered that, unbeknownst to me, we already had an AES-NI implementation that was automatically enabled when running on Intel and AMD CPUs with AES-NI support. This work was done back in 2010 by Dan Anderson.This was great news, so I set out to test the performance in Illumos in a VM on my Mac with a Core i5 3210M (2.5GHz normal, 3.1GHz turbo). The initial tests of “what the hardware can do” were done in OpenSSL So now comes the test for the KCF. I wrote a quick'n'dirty crypto test module that just performed a bunch of encryption operations and timed the results. KCF got around 100 MB/s for each algorithm, except half that for AES-GCM OpenSSL had done over 3000 MB/s for CTR mode, 500 MB/s for CBC, and 1000 MB/s for GCM What the hell is that?! This is just plain unacceptable. Obviously we must have hit some nasty performance snag somewhere, because this is comical. And sure enough, we did. When looking around in the AES-NI implementation I came across this bit in aes_intel.s that performed the CLTS instruction. This is a problem: 3.1.2 Instructions That Cause VM Exits ConditionallyCLTS. The CLTS instruction causes a VM exit if the bits in position 3 (corresponding to CR0.TS) are set in both the CR0 guest/host mask and the CR0 read shadow. The CLTS instruction signals to the CPU that we're about to use FPU registers (which is needed for AES-NI), which in VMware causes an exit into the hypervisor. And we've been doing it for every single AES block! Needless to say, performing the equivalent of a very expensive context switch every 16 bytes is going to hurt encryption performance a bit. The reason why the kernel is issuing CLTS is because for performance reasons, the kernel doesn't save and restore FPU register state on kernel thread context switches. So whenever we need to use FPU registers inside the kernel, we must disable kernel thread preemption via a call to kpreemptdisable() and kpreemptenable() and save and restore FPU register state manually. During this time, we cannot be descheduled (because if we were, some other thread might clobber our FPU registers), so if a thread does this for too long, it can lead to unexpected latency bubbles The solution was to restructure the AES and KCF block crypto implementations in such a way that we execute encryption in meaningfully small chunks. I opted for 32k bytes, for reasons which I'll explain below. Unfortunately, doing this restructuring work was a bit more complicated than one would imagine, since in the KCF the implementation of the AES encryption algorithm and the block cipher modes is separated into two separate modules that interact through an internal API, which wasn't really conducive to high performance (we'll get to that later). Anyway, having fixed the issue here and running the code at near native speed, this is what I get: AES-128/CTR: 439 MB/s AES-128/CBC: 483 MB/s AES-128/GCM: 252 MB/s Not disastrous anymore, but still, very, very bad. Of course, you've got keep in mind, the thing we're comparing it to, OpenSSL, is no slouch. It's got hand-written highly optimized inline assembly implementations of most of these encryption functions and their specific modes, for lots of platforms. That's a ton of code to maintain and optimize, but I'll be damned if I let this kind of performance gap persist. Fixing this, however, is not so trivial anymore. It pertains to how the KCF's block cipher mode API interacts with the cipher algorithms. It is beautifully designed and implemented in a fashion that creates minimum code duplication, but this also means that it's inherently inefficient. ECB, CBC and CTR gained the ability to pass an algorithm-specific "fastpath" implementation of the block cipher mode, because these functions benefit greatly from pipelining multiple cipher calls into a single place. ECB, CTR and CBC decryption benefit enormously from being able to exploit the wide XMM register file on Intel to perform encryption/decryption operations on 8 blocks at the same time in a non-interlocking manner. The performance gains here are on the order of 5-8x.CBC encryption benefits from not having to copy the previously encrypted ciphertext blocks into memory and back into registers to XOR them with the subsequent plaintext blocks, though here the gains are more modest, around 1.3-1.5x. After all of this work, this is how the results now look on Illumos, even inside of a VM: Algorithm/Mode 128k ops AES-128/CTR: 3121 MB/s AES-128/CBC: 691 MB/s AES-128/GCM: 1053 MB/s So the CTR and GCM speeds have actually caught up to OpenSSL, and CBC is actually faster than OpenSSL. On the decryption side of things, CBC decryption also jumped from 627 MB/s to 3011 MB/s. Seeing these performance numbers, you can see why I chose 32k for the operation size in between kernel preemption barriers. Even on the slowest hardware with AES-NI, we can expect at least 300-400 MB/s/core of throughput, so even in the worst case, we'll be hogging the CPU for at most ~0.1ms per run. Overall, we're even a little bit faster than OpenSSL in some tests, though that's probably down to us encrypting 128k blocks vs 8k in the "openssl speed" utility. Anyway, having fixed this monstrous atrocity of a performance bug, I can now finally get some sleep. To made these tests repeatable, and to ensure that the changes didn't break the crypto algorithms, Saso created a crypto_test kernel module. I have recently created a FreeBSD version of crypto_test.ko, for much the same purposes Initial performance on FreeBSD is not as bad, if you have the aesni.ko module loaded, but it is not up to speed with OpenSSL. You cannot directly compare to the benchmarks Saso did, because the CPUs are vastly different. Performance results (https://wiki.freebsd.org/OpenCryptoPerformance) I hope to do some more tests on a range of different sized CPUs in order to determine how the algorithms scale across different clock speeds. I also want to look at, or get help and have someone else look at, implementing some of the same optimizations that Saso did. It currently seems like there isn't a way to perform addition crypto operations in the same session without regenerating the key table. Processing additional buffers in an existing session might offer a number of optimizations for bulk operations, although in many cases, each block is encrypted with a different key and/or IV, so it might not be very useful. *** Brendan Gregg's special freeware tools for sysadmins (http://www.brendangregg.com/specials.html) These tools need to be in every (not so) serious sysadmins toolbox. Triple ROT13 encryption algorithm (beware: export restrictions may apply) /usr/bin/maybe, in case true and false don't provide too little choice... The bottom command lists you all the processes using the least CPU cycles. Check out the rest of the tools. You wrote similar tools and want us to cover them in the show? Send us an email to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) *** A look at 2038 (http://www.lieberbiber.de/2017/03/14/a-look-at-the-year-20362038-problems-and-time-proofness-in-various-systems/) I remember the Y2K problem quite vividly. The world was going crazy for years, paying insane amounts of money to experts to fix critical legacy systems, and there was a neverending stream of predictions from the media on how it's all going to fail. Most didn't even understand what the problem was, and I remember one magazine writing something like the following: Most systems store the current year as a two-digit value to save space. When the value rolls over on New Year's Eve 1999, those two digits will be “00”, and “00” means “halt operation” in the machine language of many central processing units. If you're in an elevator at this time, it will stop working and you may fall to your death. I still don't know why they thought a computer would suddenly interpret data as code, but people believed them. We could see a nearby hydropower plant from my parents' house, and we expected it to go up in flames as soon as the clock passed midnight, while at least two airplanes crashed in our garden at the same time. Then nothing happened. I think one of the most “severe” problems was the police not being able to open their car garages the next day because their RFID tokens had both a start and end date for validity, and the system clock had actually rolled over to 1900, so the tokens were “not yet valid”. That was 17 years ago. One of the reasons why Y2K wasn't as bad as it could have been is that many systems had never used the “two-digit-year” representation internally, but use some form of “timestamp” relative to a fixed date (the “epoch”). The actual problem with time and dates rolling over is that systems calculate timestamp differences all day. Since a timestamp derived from the system clock seemingly only increases with each query, it is very common to just calculate diff = now - before and never care about the fact that now could suddenly be lower than before because the system clock has rolled over. In this case diff is suddenly negative, and if other parts of the code make further use of the suddenly negative value, things can go horribly wrong. A good example was a bug in the generator control units (GCUs) aboard Boeing 787 “Dreamliner” aircrafts, discovered in 2015. An internal timestamp counter would overflow roughly 248 days after the system had been powered on, triggering a shut down to “safe mode”. The aircraft has four generator units, but if all were powered up at the same time, they would all fail at the same time. This sounds like an overflow caused by a signed 32-bit counter counting the number of centiseconds since boot, overflowing after 248.55 days, and luckily no airline had been using their Boing 787 models for such a long time between maintenance intervals. The “obvious” solution is to simply switch to 64-Bit values and call it day, which would push overflow dates far into the future (as long as you don't do it like the IBM S/370 mentioned before). But as we've learned from the Y2K problem, you have to assume that computer systems, computer software and stored data (which often contains timestamps in some form) will stay with us for much longer than we might think. The years 2036 and 2038 might be far in the future, but we have to assume that many of the things we make and sell today are going to be used and supported for more than just 19 years. Also many systems have to store dates which are far in the future. A 30 year mortgage taken out in 2008 could have already triggered the bug, and for some banks it supposedly did. sysgettimeofday() is one of the most used system calls on a generic Linux system and returns the current time in form of an UNIX timestamp (timet data type) plus fraction (susecondst data type). Many applications have to know the current time and date to do things, e.g. displaying it, using it in game timing loops, invalidating caches after their lifetime ends, perform an action after a specific moment has passed, etc. In a 32-Bit UNIX system, timet is usually defined as a signed 32-Bit Integer. When kernel, libraries and applications are compiled, the compiler will turn this assumption machine code and all components later have to match each other. So a 32-Bit Linux application or library still expects the kernel to return a 32-Bit value even if the kernel is running on a 64-Bit architecture and has 32-Bit compatibility. The same holds true for applications calling into libraries. This is a major problem, because there will be a lot of legacy software running in 2038. Systems which used an unsigned 32-Bit Integer for timet push the problem back to 2106, but I don't know about many of those. The developers of the GNU C library (glibc), the default standard C library for many GNU/Linux systems, have come up with a design for year 2038 proofness for their library. Besides the timet data type itself, a number of other data structures have fields based on timet or the combined struct timespec and struct timeval types. Many methods beside those intended for setting and querying the current time use timestamps 32-Bit Windows applications, or Windows applications defining _USE32BITTIMET, can be hit by the year 2038 problem too if they use the timet data type. The _time64t data type had been available since Visual C 7.1, but only Visual C 8 (default with Visual Studio 2015) expanded timet to 64 bits by default. The change will only be effective after a recompilation, legacy applications will continue to be affected. If you live in a 64-Bit world and use a 64-Bit kernel with 64-Bit only applications, you might think you can just ignore the problem. In such a constellation all instances of the standard time_t data type for system calls, libraries and applications are signed 64-Bit Integers which will overflow in around 292 billion years. But many data formats, file systems and network protocols still specify 32-Bit time fields, and you might have to read/write this data or talk to legacy systems after 2038. So solving the problem on your side alone is not enough. Then the article goes on to describe how all of this will break your file systems. Not to mention your databases and other file formats. Also see Theo De Raadt's EuroBSDCon 2013 Presentation (https://www.openbsd.org/papers/eurobsdcon_2013_time_t/mgp00001.html) *** Beastie Bits Michael Lucas: Get your name in “Absolute FreeBSD 3rd Edition” (https://blather.michaelwlucas.com/archives/2895) ZFS compressed ARC stats to top (https://svnweb.freebsd.org/base?view=revision&revision=r315435) Matthew Dillon discovered HAMMER was repeating itself when writing to disk. Fixing that issue doubled write speeds (https://www.dragonflydigest.com/2017/03/14/19452.html) TedU on Meaningful Short Names (http://www.tedunangst.com/flak/post/shrt-nms-fr-clrty) vBSDcon and EuroBSDcon Call for Papers are open (https://www.freebsdfoundation.org/blog/submit-your-work-vbsdcon-and-eurobsdcon-cfps-now-open/) Feedback/Questions Craig asks about BSD server management (http://pastebin.com/NMshpZ7n) Michael asks about jails as a router between networks (http://pastebin.com/UqRwMcRk) Todd asks about connecting jails (http://pastebin.com/i1ZD6eXN) Dave writes in with an interesting link (http://pastebin.com/QzW5c9wV) > applications crash more often due to errors than corruptions. In the case of corruption, a few applications (e.g., Log-Cabin, ZooKeeper) can use checksums and redundancy to recover, leading to a correct behavior; however, when the corruption is transformed into an error, these applications crash, resulting in reduced availability. ***

XOR Data Exchange Founder and CEO Mike Cook, and Zoot Enterprises SVP of Sales and Marketing Travis Tuss discuss: the founding of XOR (1:36), the concept of data exchange (3:25), the experience of impacted consumers (5:19), Zoot as the “on-ramp” of the financial services ecosystem (6:35), smart fraudsters (9:20), methods for obtaining compromised data (10:41), the challenge of leaked passwords (13:00), the similarities between frauders and good customers (14:10), and the economic impact of fraudsters (19:00).

This week on BSDNow, we're going to be leading off with the latest news about Wayland and Xorg support on FreeBSD, then a look at OpenBSD ARM64 This episode was brought to you by Headlines Wayland is now in the FreeBSD Ports tree (https://svnweb.freebsd.org/ports?view=revision&revision=432406) This commit brings Wayland, the new windowing system, into the FreeBSD ports tree “This port was first created by Koop Mast (kwm@) then updated and improved by Johannes Lundberg” “Wayland is intended as a simpler replacement for X, easier to develop and maintain. GNOME and KDE are expected to be ported to it.” Wayland is designed for desktop and laptop use, rather than X, which was designed for use over the network, where clients were not powerful enough to run the applications locally. “Wayland is a protocol for a compositor to talk to its clients as well as a C library implementation of that protocol. The compositor can be a standalone display server running on Linux kernel modesetting and evdev input devices, an X application, or a wayland client itself. The clients can be traditional applications, X servers (rootless or fullscreen) or other display servers.” “Please report bugs to the FreeBSD bugtracker!” It is good to see this project progressing, as it seems in a few generations, high performance graphics drivers may only be actively developed for Wayland. *** Call For Testing: xorg 1.18.4 and newer intel/ati DDX (https://lists.freebsd.org/pipermail/freebsd-x11/2017-January/018738.html) Baptiste Daroussin, and the FreeBSD X11 team, have issued a call for testing for the upgrade to Xorg 1.18.4 Along with it comes newer ATI/AMD and Intel drivers “Note that you will need to rebuild all the xf86-* packages to work with thatnewer xorg (hence the bump of the revision)” “Do not expect newer gpu supported as this is not the kernel part”, it only provides the newer Xorg driver, not the kernel mode setting driver (this is a separate project) “If you experience any issue with intel or radeon driver please try to use the new modesetting driver provided by xorg directly (note that fedora and debian recommend the use of the new driver instead of the ati/intel one)” *** Error handling in C (http://www.tedunangst.com/flak/post/to-errno-or-to-error) “Unlike other languages which have one preferred means of signalling an error, C is a multi error paradigm language. Error handling styles in C can be organized into one of several distinct styles, such as popular or correct. Some examples of each.” “One very popular option is the classic unix style. -1 is returned to indicate an error.” “Another option seen in the standard C library is NULL for errors.” “The latter has the advantage that NULL is a false value, which makes it easier to write logical conditions. File descriptor 0 is valid (stdin) but false, while -1 is invalid but true.” “And of course, there's the worst of both worlds approach requiring a special sentinel that you'll probably forget to use” “Other unix functions, those that don't need to return a file descriptor, stick to just 0 and -1” “Of course, none of these functions reveal anything about the nature of the error. For that, you need to consult the errno on the side” The article goes on to describe different ways of dealing with the issue, and return values. There is also coverage of more complex examples and involve a context that might contain the error message It is really interesting to see the differences, and the pitfalls of each approach *** Fixing POSIX Filenames (http://www.dwheeler.com/essays/fixing-unix-linux-filenames.html) “Traditionally, Unix/Linux/POSIX pathnames and filenames can be almost any sequence of bytes. A pathname lets you select a particular file, and may include zero or more “/” characters. Each pathname component (separated by “/”) is a filename; filenames cannot contain “/”. Neither filenames nor pathnames can contain the ASCII NUL character (), because that is the terminator.” “This lack of limitations is flexible, but it also creates a legion of unnecessary problems. In particular, this lack of limitations makes it unnecessarily difficult to write correct programs (enabling many security flaws). It also makes it impossible to consistently and accurately display filenames, causes portability problems, and confuses users.” “This article will try to convince you that adding some tiny limitations on legal Unix/Linux/POSIX filenames would be an improvement. Many programs already presume these limitations, the POSIX standard already permits such limitations, and many Unix/Linux filesystems already embed such limitations — so it'd be better to make these (reasonable) assumptions true in the first place. This article will discuss, in particular, the three biggest problems: control characters in filenames (including newline, tab, and escape), leading dashes in filenames, and the lack of a standard character encoding scheme (instead of using UTF-8). These three problems impact programs written in any language on Unix/Linux/POSIX system. There are other problems, of course. Spaces in filenames can cause problems; it's probably hopeless to ban them outright, but resolving some of the other issues will simplify handling spaces in filenames. For example, when using a Bourne shell, you can use an IFS trick (using IFS=printf 'nt') to eliminate some problems with spaces. Similarly, special metacharacters in filenames cause some problems; I suspect few if any metacharacters could be forbidden on all POSIX systems, but it'd be great if administrators could locally configure systems so that they could prevent or escape such filenames when they want to. I then discuss some other tricks that can help.” “After limiting filenames slightly, creating completely-correct programs is much easier, and some vulnerabilities in existing programs disappear. This article then notes some others' opinions; I knew that some people wouldn't agree with me, but I'm heartened that many do agree that something should be done. Finally, I briefly discuss some methods for solving this long-term; these include forbidding creation of such names (hiding them if they already exist on the underlying filesystem), implementing escaping mechanisms, or changing how tools work so that these are no longer problems (e.g., when globbing/scanning, have the libraries prefix “./” to any filename beginning with “-”). Solving this is not easy, and I suspect that several solutions will be needed. In fact, this paper became long over time because I kept finding new problems that needed explaining (new “worms under the rocks”). If I've convinced you that this needs improving, I'd like your help in figuring out how to best do it!” “Filename problems affect programs written in any programming language. However, they can be especially tricky to deal with when using Bourne shells (including bash and dash). If you just want to write shell programs that can handle filenames correctly, you should see the short companion article Filenames and Pathnames in Shell: How to do it correctly (http://www.dwheeler.com/essays/filenames-in-shell.html).” Imagine that you don't know Unix/Linux/POSIX (I presume you really do), and that you're trying to do some simple tasks. For our purposes we will create simple scripts on the command line (using a Bourne shell) for these tasks, though many of the underlying problems affect any program. For example, let's try to print out the contents of all files in the current directory, putting the contents into a file in the parent directory: cat * > ../collection # WRONG cat ./* > ../collection # CORRECT cat find . -type f > ../collection # WRONG ( set -f ; for file in find . -type f ; do # WRONG cat "$file" done ) > ../collection ( find . -type f | xargs cat ) > ../collection # WRONG, WAY WRONG Just think about trying to remove a file named: -rf / *** News Roundup OpenBSD ARM64 (https://www.openbsd.org/arm64.html) A new page has appeared on the OpenBSD website, offering images for ARM64 “The current target platforms are the Pine64 and the Raspberry Pi 3.” “OpenBSD/arm64 bundles various platforms sharing the 64-bit ARM architecture. Due to the fact that there are many System on a Chips (SoC) around, OpenBSD/arm64 differentiates between various SoCs and may have a different level of support between them” The page contains a list of the devices that are supported, and which components have working drivers At the time of recording, the link to download the snapshots did not work yet, but by time this airs a week from now, it should be working. *** The design of Chacha20 (http://loup-vaillant.fr/tutorials/chacha20-design) Seems like every few episodes we end up discussing Ciphers (With their o-so amusing naming) and today is no exception. We have a great writeup on the D & I of the ‘chacha20' cipher written by “Loup Vaillant” First of all, is this story for you? Maybe the summary will help make that call: “Quick summary: Chacha20 is ARX-based hash function, keyed, running in counter mode. It embodies the idea that one can use a hash function to encrypt data.” If your eyes didn't glaze over, then you are cleared to proceed. Chacha20 is built around stream ciphers: While Chacha20 is mainly used for encryption, its core is a pseudo-random number generator. The cipher text is obtained by XOR'ing the plain text with a pseudo-random stream: ciphertext = plaintext XOR chacha_stream(key, nonce) Provided you never use the same nonce with the same key twice, you can treat that stream as a one time pad. This makes it very simple: unlike block ciphers, you don't have to worry about padding, and decryption is the same operation as encryption: plaintext = ciphertext XOR chacha_stream(key, nonce) Now we just have to get that stream. The idea that the streams can mimic the concept of a one-time pad does make chacha20 very attractive, even to a non-crypto guy such as myself. From here the article goes into depth on how the cipher scrambles 512bit blocks using the quarter-round method (A forth of a block or 4 32bit numbers) Some ascii art is used here to help visualize how this done, in the quarter round-phase, then to the complete block as the 4 quarters are run in parallel over the entire 512 bit block. From here the article goes more into depth, looking at the complete chacha block, and the importance of a seemingly unnecessary 32byte constant (Hint: it's really important) If crypto is something you find fascinating, you'll want to make sure you give this one a full read-through. *** CyberChef - Coming to a FreeBSD Ports tree near you (https://twitter.com/DLangille/status/823915729430913025) Dan Langille tweets that he will be creating a port of GCHQ's CyberChef tool “CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include creating hexdumps, simple encoding like XOR or Base64, more complex encryption like AES, DES and Blowfish, data compression and decompression, calculating hashes and checksums, IPv6 and X.509 parsing, and much more.” “The tool is designed to enable both technical and non-technical analysts to manipulate data in complex ways without having to deal with complex tools or algorithms. It was conceived, designed, built and incrementally improved by an analyst in their 10% innovation time over several years. Every effort has been made to structure the code in a readable and extendable format, however it should be noted that the analyst is not a professional developer and the code has not been peer-reviewed for compliance with a formal specification.” Some handy functions, beyond stuff like base64 encoding: Network Enumeration (CIDR to list of IPS) (https://gchq.github.io/CyberChef/?recipe=%5B%7B%22op%22%3A%22Parse%20IP%20range%22%2C%22args%22%3A%5Btrue%2Ctrue%2Cfalse%5D%7D%5D&input=MTcyLjIxLjAuMzIvMjcK) Browser User Agent Parser (what browser is that, based on your HTTP logs) XOR Brute Force: enter some XOR'd text, and try every possible key to find plaintext. Optionally give it a regex of known plaintext to find the right key. Calculate the “Shannon Entropy” of the input (how random is this data) It also has a number of built in regular expressions for common things, very useful The project is up on github if you want to play with the code *** Building Electron and VSCode in FreeBSD11 (https://gist.github.com/prash-wghats/89be1ee069d2acf23c289e9c606616e1) A patch and set of instructions for building Electron and VSCode on FreeBSD “Visual Studio Code is a source code editor developed by Microsoft for Windows, Linux and macOS. It includes support for debugging, embedded Git control, syntax highlighting, intelligent code completion, snippets, and code refactoring. It is also customizable, so users can change the editor's theme, keyboard shortcuts, and preferences. It is free and open-source, although the official download is under a proprietary license.” “Visual Studio Code is based on Electron, a framework which is used to deploy Node.js applications for the desktop running on the Blink layout engine. Although it uses the Electron framework, the software is not a fork of Atom, it is actually based on Visual Studio Online's editor (codename "Monaco")” It would be interesting to see official support for VSCode on FreeBSD Has anyone tried VSCode on the FreeBSD Code base? *** Beastie Bits Soft Label Keys (http://roy.marples.name/blog/blog/soft-label-keys) WPA1 (TKIP) disabled by default (OpenBSD) (https://www.mail-archive.com/source-changes@openbsd.org/msg84599.html) Cool but obscure unix tools (https://kkovacs.eu/cool-but-obscure-unix-tools) KDE Frameworks and Plasma on FreeBSD (http://euroquis.nl/bobulate/?p=1521) Initiative to migrate OpenBSD mirrors to HTTPS (https://www.mail-archive.com/source-changes@openbsd.org/msg84904.html) That moment you realize FreeBSD has got some Star Wars fans (http://i.imgur.com/dC7c1y4.png) Pagelink (https://wiki.freebsd.org/PortsSubversionPrimer)

Somebody once told me the following on a podcast: Somewhere a moth is happily driving a car around a room, hunting for things that smell nice. Something deep in a crocodile whispers "you could have been a bird." Somehow these are the things that interest us. Hey, everyone needs a hobby. Discussed: The Idle Thumbs Podcast, Mouth Moods/Mouth Sounds, the evolution of dinosaurs and birds, Jurassic Park III, Jurassic World, cyborg moth cars, Bubble Tape, XOR, hobbies, cooking, cocktails, Dark Souls 2

Новости: Scala 2.12 Cats 0.8.0 и 0.8.1 - Xor and XorT are gone Where is right-biased Either? Sbt 0.13.13 - sbt new Freek v0.6.5 w/ first support for scala 2.12.0 based on cats 0.8.0 FPConf 3 декабря Темы: Кого и как нанимают компании в которых мы работаем. Как прокачивать новичков Видеоролики: Gabriele Petronella - Monad Transformers: just why? Describe and Conquer (and &Freek) by Pascal Voitot Пример использования transpiler Typelevel Scala Rebooted by Miles Sabin Полезняшки: pureconfig ficus sri - native cross platform (web,ios,android) apps using scalajs and react, react-native Functional Geekery Episode 73 – Jonas Bonér TechCast: James Roper - tech lead of Lagom Adriaan Moors - Scala Tech Lead at Lightbend Heather Miller - Scala team's 2-year plan, Scala Center Li Haoyi Scala Scripting Scala development with GNU Emacs Ведущие: Алексей Фомкин, Вадим Челышов, Алексей Романчук, Евгений Токарев

This week on the show, we have all the latest news and stories! Plus an interview with BSD developer Alfred Perlstein, that you This episode was brought to you by Headlines The May issus of BSDMag is now out (https://bsdmag.org/download/reusing_openbsd/) GhostBSD Reusing OpenBSD's arc4random in multi-threaded user space programs Securing VPN's with GRE / Strongswan Installing XFCE 4.12 on NetBSD 7 Interview with Fernando Rodriguez, the co-founder of KeepCoding *** A rundown of the FPTW^XEXT.1 security reqiurement for General Purpose Operating Systems by the NSA (http://blog.acumensecurity.net/fpt_wx_ext-1-a-rundown/) NIST/NSA Validation Scheme Report (https://www.commoncriteriaportal.org/files/ppfiles/pp_os_v4.1-vr.pdf) The SFR or Security Functional Requirement requires that; "The OS shall prevent allocation of any memory region with both write and execute permissions except for [assignment: list of exceptions]." While nearly all operating systems currently support the use of the NX bit, or the equivalent on processors such as SPARC and ARM, and will correctly mark the stack as non-executable, the fact remains that this in and of itself is deemed insufficient by NIST and NSA. OpenBSD 5.8, FreeBSD, Solaris, RHEL, and most other Linux distro have failed. HardenedBSD passes all three tests out of the box. NetBSD will do so with a single sysctl tweak. Since they are using the PaX model, anything else using PaX, such as a grsecurity-enabled Linux distribution pass these assurance activities as well. OpenBSD 5.9 does not allow memory mapping due to W^X being enforced by the kernel, however the kernel will panic if there are any attempts to create such mappings. *** DistroWatch reviews new features in FreeBSD 10.3 (https://distrowatch.com/weekly.php?issue=20160516#freebsd) DistroWatch did a review of FreeBSD 10.3 They ran into a few problems, but hopefully those can be fixed An issue with beadm setting the canmount property incorrectly causing the ZFS BE menu to not work as expected should be resolved in the next version, thanks to a patch from kmoore The limitations of the Linux 64 support are what they are, CentOS 6 is still fairly popular with enterprise software, but hopefully some folks are interested in working on bringing the syscall emulation forward In a third issue, the reviewer seemed to have issues SSHing from inside the jail. This likely has to do with how they got a console in the jail. I remember having problems with this in the past, something about a secure console. *** BSD Unix: Power to the people, from the code (https://www.salon.com/2000/05/16/chapter_2_part_one/) Salon.com has a very long article, chronicling much of the history behind BSD UNIX. It starts with detailing the humble origins of BSD, starting with Bill Joy in the mid-70's, and then goes through details on how it rapidly grew, and the influence that the University of Berkeley had on open-source. “But too much focus on Joy, a favorite target for business magazine hagiography, obscures the larger picture. Berkeley's most important contribution was not software; it was the way Berkeley created software. At Berkeley, a small core group — never more than four people at any one time — coordinated the contributions of an ever-growing network of far-flung, mostly volunteer programmers into progressive releases of steadily improving software. In so doing, they codified a template for what is now referred to as the “open-source software development methodology.” Put more simply, the Berkeley hackers set up a system for creating free software.” The article goes on to talk about some of the back and forth between Linux and BSD, and why Linux has captured more of the market in recent years, but BSD is far from throwing in the towel. “BSD patriots argue that the battle is far from over, that BSD is technically superior and will therefore win in the end. That's for the future to determine. What's indisputable is BSD's contribution in the past. Even if, by 1975, Berkeley's Free Speech Movement was a relic belonging to a fast-fading generation, on the fourth floor of Evans Hall, where Joy shared an office, the free-software movement was just beginning.” An excellent article (If a bit long), but well worth your time to understand the origins of what we consider modern day BSD, and how the University of Berkley helped shape it. *** iXsystems (http://ixsystems.com) #ServerEnvy: It's over 10,000 Terabytes! (https://www.ixsystems.com/blog/serverenvy-10000-terabytes/) *** Interview - Alfred Perlstein - alfred@freebsd.org (mailto:alfred@freebsd.org) / @splbio (https://twitter.com/splbio) Using BSD for projects *** News Roundup .NET framework ported to NetBSD (https://github.com/dotnet/coreclr/pull/4504/files) This pull request adds basic support for the .NET framework on NetBSD 7.x amd64 It includes documentation on how to get the .NET framework installed It uses pkgsrc to bootstrap the required tools pkgsrc-wip is used to get the actual .NET framework, as porting is still in progress The .NET Core-CLR is now available for: FreeBSD, Linux, NetBSD, and OS X *** OpenBSD SROP mitigation – call for testing (https://marc.info/?l=openbsd-tech&m=146281531025185&w=2) A new technique for exploiting flaws in applications and operating systems has been developed, called SROP “we describe Sigreturn Oriented Programming (SROP), a novel technique for exploits and backdoors in UNIX-like systems. Like return-oriented programming (ROP), sigreturn oriented programming constructs what is known as a ‘weird machine' that can be programmed by attackers to change the behavior of a process. To program the machine, attackers set up fake signal frames and initiate returns from signals that the kernel never really delivered. This is possible, because UNIX stores signal frames on the process' stack.” “Sigreturn oriented programming is interesting for attackers, OS developers and academics. For attackers, the technique is very versatile, with pre-conditions that are different from those of existing exploitation techniques like ROP. Moreover, unlike ROP, sigreturn oriented programming programs are portable. For OS developers, the technique presents a problem that has been present in one of the two main operating system families from its inception, while the fixes (which we also present) are non-trivial. From a more academic viewpoint, it is also interesting because we show that sigreturn oriented programming is Turing complete.” Paper describing SROP (http://www.cs.vu.nl/~herbertb/papers/srop_sp14.pdf) OpenBSD has developed a mitigation against SROP “Utilizing a trick from kbind(2), the kernel now only accepts signal returns from the PC address of the sigreturn(2) syscall in the signal trampoline. Since the signal trampoline page is randomized placed per process, it is only known by directly returning from a signal handler.” “As well, the sigcontext provided to sigreturn(2) now contains a magic cookie constructed from a per-process cookie XOR'd against the address of the signal context.” This is just a draft of the patch, not yet considered production quality *** Running Tor in a NetBSD rump unikernel (https://github.com/supradix/rumprun-packages/tree/33d9cc3a65a39e32b4bc8034c151a5d7e0b89f66/tor) We've talked about “rump” kernels before, and also Tor pretty frequently, but this new github project combines the two! Specifically, this set of Makefile and scripts will prep a system to run Tor via the Unikernel through Qemu. The script mainly describes how to do the initial setup on Linux, using iptables, but could easily be adapted to a BSD if somebody wants to do so. (Send them a pull request with the instructions!) All in all, this is a fascinating way to run a Tor node or relay, in the most minimal operating environment possible. *** An update on SSH protocol 1 ("we're most of the way towards fully deprecating SSH protocol 1" (http://lists.mindrot.org/pipermail/openssh-unix-dev/2016-May/035069.html) Damien Miller has given us an update on the status of the “SSH protocol 1”, and the current plans to deprecate it in an upcoming version of openssh. “We've had this old protocol in various stages of deprecation for almost 10 years and it has been compile-time disabled for about a year. Downstream vendors, to their credit, have included this change in recent OS releases by shipping OpenSSH packages that disable protocol 1 by default and/or offering separate, non-default packages to enable it. This seems to have proceeded far more smoothly than even my most optimistic hopes, so this gives us greater confidence that we can complete the removal of protocol 1 soon. We want to do this partly to hasten the demise of this cryptographic trainwreck, but also because doing so removes a lot of legacy code from OpenSSH that inflates our attack surface. Having it gone will make our jobs quite a bit easier as we maintain and refactor.” The current time-line looks like removing server-size protocol 1 support this August after OpenSSH 7.4 is released, leaving client-side disabled. Then a year from now (June 2017) all protocol 1 code will be removed. Beastie Bits Last day to get your BSDNow Shirts! Order now, wear at BSDCan! (https://teespring.com/bsdnow) Move local government (Austin TX) from Microsoft Windows (incl. Office) to Linux and/or PC-BSD (https://github.com/atxhack4change/2016-project-proposals/issues/15) Plan9 boot camp is back... and already at capacity. Another opportunity may come in September (http://lists.nycbug.org/pipermail/talk/2016-May/016642.html) Smaller is better - building an openbsd based router (https://functionallyparanoid.com/2016/04/22/smaller-is-better/) Baby Unix (https://i.redditmedia.com/KAjSscL9XOUdpIEWBQF1qi3QMr7zWgeETzQM6m3B4mY.jpg?w=1024&s=e8c08a7d4c4cea0256adb69b1e7c1887) Security Update for FreeBSD (https://security.freebsd.org/advisories/FreeBSD-SA-16:19.sendmsg.asc) & Another security update for FreeBSD (https://security.freebsd.org/advisories/FreeBSD-SA-16:18.atkbd.asc) Feedback/Questions Eric - The iX experience (http://pastebin.com/ZknTuKGv) Mike - Building Ports (http://pastebin.com/M760ZmHQ) David - ZFS Backups (http://pastebin.com/Pi0AFghV) James - BSD VPS (http://pastebin.com/EQ7envez) Rich - ZFS Followup (http://pastebin.com/p0HPDisH) ***

DJ set recorded live during a psychedelic lego party in Philadelphia, July 2015. Laurie Anderson "So Happy Birthday" Alexander Robotnick "Problèmes d'amour" A Number Of Names "Share Vari" Mark Verbos "Start Up Drive" Percy Jones "Cape Catastrophe" Gesloten Circel "Zombie Machine (acid)" Chris + Cosey "Voodo" Chris + Cosey " Driving Blind" Andy Stott "Posers" Laurie Anderson "O Superman" Monolake "XOR" Rhythm and Sound "Jah Version" PJ Harvey "Catherine" Scientist "Dark Side" Porter Ricks "Ionic" Basic Channel "Recall" Prince Far-I "Plant Up" Objekt "Ganzfeld" Prince "Erotic City" Mark Verbos "In the Back Room" Tanya "Darladi Ladada" Mr Fox "Party Track"

Welcome to Monday, May 20th 2013 as James and I discuss the last 2 weeks' worth of Information Security news and relate it (attemptively) to your enterprise day-job. This week was a bit on the lighter side, with the quote of the year (as far as I'm concerned) winner going to the Washington State Administrative Office of the Court for ...well, you'll just have to read the rest of the show notes and listen to the podcast. Also ... we are now on the Zune store. So ...to the 2 new Zune listeners - HELLO! Topics Covered Researches at Trend Micro uncover new cyberespionage campaign call it SafeNet (in unrelated news SafeNet the security company had nothing to do with this...). Yet another cyberespionage campaign targeting users with revolutionary new technique called "phishing", and using a vulnerability in Microsoft software patched in April 2012, originating from ... China! -  http://www.computerworld.com/s/article/9239342/Researchers_uncover_SafeNet_a_new_global_cyberespionage_operation Domain registrar, Name.com hacked, customer information including potentially usernames, email addresses, encrypted passwords (just how encrypted are we talking here? ROT13? double-XOR?), and encrypted (same question as before) credit card information potentially stolen. Again, the vector of choice is this revolutionary new tequnique called ... phishing - http://www.pcworld.com/article/2038263/namecom-forces-customers-to-reset-passwords-following-security-breach.html Godzilla hacked EC-Council (this needs no explanation) - http://www.esecurityplanet.com/hackers/ec-council-hacked.html Four former LulzSec members (former?) sentenced for their roles in the 2011 attacks on companies such as Sony, Nintendo, News Corp, the CIA and many others. Sentences range from a 30-month prison term for "Kayla" to 200 hours of community services for T-Flow. Justice? Interested to hear what you think - http://www.computerworld.com/s/article/9239302/Four_former_LulzSec_members_sentenced_to_prison_in_the_UK Washington State's court system has been compromised, exposing 160,000 social security numbers and a million drivers' license numbers - basically everything you'd ever need to steal someone's identity. Luckily officials have determined that only 94 of those were definitely obtained by the attacker (what?!). Also, ridiculous quote of the year honors go to the "officials" for this: ".. officials at first believed no confidential information was leaked even though a large amount of data was downloaded from the website, the Washington State Administrative Office of the Courts said." - http://tech2.in.com/news/general/up-to-160000-social-security-numbers-exposed-in-washington-state-court-hack/872700

"Thomas Ptacek and Dave Goldsmith present the results of Matasano Security's research into the resilience of Enterprise Agents: the most dangerous programs you've never heard of, responsible for over $2B a year in product revenue, running on the most critical enterprise servers from app servers to mainframes. WHY THIS TALK? 1. Enterprise Agents are their own worms, preinstalled for the convenience of attackers. We found critical, show-stopping vulnerabilities in every system we looked at. 2. It's a whirlwind tour of the landscape of internal security. We reversed proprietary binaries, deciphered custom protocols, and cracked encryption algorithms. 3. It's a call to arms. Applications running behind the firewall aren't getting audited. While vulnerability research talent fights over the scraps of Windows OS security, hundreds of thousands of machines remain vulnerable to attacks most people thought were eliminated in the early '90s For the past 12 months, Matasano Security has conducted a research project into the security of internal applications. Our theory? That any code which doesn't run in front of a firewall, exposed to Internet hackers, is unaudited, wide open-fertile ground for ever-adapting attackers. Our findings? Tens of applications reversed, proprietary protocols deciphered, "state-of-the-art" XOR encryption algorithms cracked, and it's worse than we thought. Perhaps more than any other software, save the operating system itself, insecure systems management applications pose a grave threat to enterprise security. They're the Agobot that your administrators installed for you. Internal security is a nightmare, and things are going to get worse before they get horrible. "

Thomas Ptacek and Dave Goldsmith present the results of Matasano Security's research into the resilience of Enterprise Agents: the most dangerous programs you've never heard of, responsible for over $2B a year in product revenue, running on the most critical enterprise servers from app servers to mainframes. WHY THIS TALK? 1. Enterprise Agents are their own worms, preinstalled for the convenience of attackers. We found critical, show-stopping vulnerabilities in every system we looked at. 2. It's a whirlwind tour of the landscape of internal security. We reversed proprietary binaries, deciphered custom protocols, and cracked encryption algorithms. 3. It's a call to arms. Applications running behind the firewall aren't getting audited. While vulnerability research talent fights over the scraps of Windows OS security, hundreds of thousands of machines remain vulnerable to attacks most people thought were eliminated in the early '90s For the past 12 months, Matasano Security has conducted a research project into the security of internal applications. Our theory? That any code which doesn't run in front of a firewall, exposed to Internet hackers, is unaudited, wide open-fertile ground for ever-adapting attackers. Our findings? Tens of applications reversed, proprietary protocols deciphered, "state-of-the-art" XOR encryption algorithms cracked, and it's worse than we thought. Perhaps more than any other software, save the operating system itself, insecure systems management applications pose a grave threat to enterprise security. They're the Agobot that your administrators installed for you. Internal security is a nightmare, and things are going to get worse before they get horrible. "

2024-03-11 sändningen nyheter med svensk synt från Ruin, Optic, Motormännen och Waveshaper. Internationellt från XOR, Noromakina, T-4-2 och NovaKill.