Article note: In everything.
The incentive structures around research and research careers virtually guarantee a degree of successful fraud-or-fraud-adjacent behavior, which has been steadily growing to dominate as it tends to be locally incentivized.
This study found 19% of medical publications on chronic stress in rats tripped a trivial, long-established standard for likely manipulation looking only at images in the paper. They also found that papers with the features were neither penalized nor localized... and that the garbage level is high enough to change the results of systematic reviews.
(Also, I find the method of looking for duplicated/tampered images interesting - magnified insets are pretty standard in image processing research and would show up as suspicious. The benign reasons doing so is common is largely that we still pretend meaningful publications have to be printed on 8.5x11 offset printing, so any image you want to intelligible _has_ to be tampered... once again, let's burn the publishers to the ground and start over on that front.)
Article note: Ever wilder: it now appears the call interception is setting up an RCE for the holder of a specific private key, because login attempts with a specific RSA key would result in the next part of the packet being executed by the sshd process via system().
That's _real_ bad nation-state actor type shit.
Article note: I have a _very_ "all of this has happened before and all of this will happen again" attitude about VCS and especially VCS hosting.
Don't get attached, the tools are all awful and the hosts are perfectly situated middlemen to abusively enshittify (like Sourceforge eventually did with bundled crapware).
Article note: This shit is subtle and scary.
Supply chain attack on xz's liblzma (compression tool + library) which is linked by libsystemd, which is linked by openssh, putting it in the same namespace so it can intercept some function calls from openssh to open a backdoor.
Injected into the release tarball (not in git), activated by the build scripts (such that it will typically only exhibit if a deb or rpm is the target), with various obfuscations to make it evade common instrumentation.
By a moderately prolific and established contributor to a number of high-profile projects.
Discovered because it caused a noticeable performance regression because of Debian's build time tweaks.
Article note: Because our whole culture had to grapple with discovering that present-ism not just useless but harmful?
Because we've discovered that the highly gamified, bureaucratized, one-size-fits-all education model we've converged on doesn't appear to be be working?
Not coming to school (or work) sick is a _good_ thing. We should be trying to find avenues for students not served by the sit-quietly-and-be-academic model; we've just demonstrated that a small-but-substantial subset of students are _much_ better served by more individual and self-paced education model than sitting in class (and a larger set cannot handle that environment and _do_ need more structure), and long known (and apparently partially forgotten in the quest for faux equality) that by the time you hit secondary ed many students would be better served by at least partially hands on/vocational programs or the like than acting like we're preparing the lower quartile to drop out of college with a bunch of debt after two semesters.
Article note: I've had "Play with Proxmox and XCP-ng on some spare boxes" on my list forever, one of these days I'll get the time.
Broadcom has made sweeping changes to VMware's business since acquiring the company in November 2023, killing off the perpetually licensed versions of VMware's software and instituting large-scale layoffs. Broadcom executives have acknowledged the "unease" that all of these changes have created among VMware's customers and partners but so far haven't been interested in backtracking.
Among the casualties of the acquisition is the free version of VMware's vSphere Hypervisor, also known as ESXi. ESXi is "bare-metal hypervisor" software, meaning that it allows users to run multiple operating systems on a single piece of hardware while still allowing those operating systems direct access to disks, GPUs, and other system resources.
One alternative to ESXi for home users and small organizations is Proxmox Virtual Environment, a Debian-based Linux operating system that provides broadly similar functionality and has the benefit of still being an actively developed product. To help jilted ESXi users, the Proxmox team has just added a new "integrated import wizard" to Proxmox that supports importing of ESXi VMs, easing the pain of migrating between platforms.
Article note: Because the web is fucking intolerable without.
We're dreaming of a white list, because we're just like the ones you used to know
More than half of Americans are using ad blocking software, and among advertising, programming, and security professionals that fraction is more like two-thirds to three-quarters.…
Article note: That's a wild little passion project.
The ST isn't Atari ST, it's the author's initials. They've built their own substantially enhanced MS-DOS-like with a bunch of POSIX-isms and TCP/IP, and a multitasking graphical shell for it, and ...
Article note: Generally a really good article to show to folks who imagine ISAs still matter much.
I'm disappointed to not see the any direct discussion about the "You can't statically schedule dynamic behavior" issue in it, but it _does_ discuss all the ways in which modern pipes, regardless of the exposed ISA, work around it (they're re-flowing execution activity in a window of instructions, not executing instructions, in-order or otherwise, and they get to change the decomposition properties generation-to-generation without breaking compatibility with the existing software stack).
Also interesting that it sets up the arguments for and against the x86-S legacy-free proposal but doesn't name it.
Article note: I have some reserved hope that "not a subscription as differentiator" is a market signal away from the infinite rent-seeking trend.
They could be lying, it could be irrelevant because of larger network effects, etc. but at least it's something else.
Online graphic design platform provider Canva announced its acquisition of Affinity on Tuesday. The purchase adds tools for creative professionals to the Australian startup's repertoire, presenting competition for today's digital design stronghold, Adobe.
The companies didn't provide specifics about the deal, but Cliff Obrecht, Canva's co-founder and COO, told Bloomberg that it consists of cash and stock and is worth "several hundred million pounds."
Canva, which debuted in 2013, has made numerous acquisitions to date, including Flourish, Kaleido, and Pixabay, but its purchase of Affinity is its biggest yet—by both price and headcount (90). Affinity CEO Ashley Hewson said via a YouTube video that Canva approached Affinity about a potential deal two months ago.
Civilized life has altogether grown too tame, and, if it is to be stable, it must provide a harmless outlets for the impulses which our remote ancestors satisfied in hunting.