Been comparing the differences between publishing a library on Maven Central to publishing on NPM.
Minutes for NPM vs the multiple verification steps needed for Maven.
Starting to see why supply chain attacks are _much_ easier with NPM
#GPUHammer is the first attack to show #Rowhammer bit flips on #GPU memories, specifically on a GDDR6 memory in an #NVIDIA A6000 GPU. Our attacks induce bit flips across all tested DRAM banks, despite in-DRAM defenses like TRR, using user-level #CUDA #code. These bit flips allow a malicious GPU user to tamper with another user’s data on the GPU in shared, time-sliced environments. In a proof-of-concept, we use these bit flips to tamper with a victim’s DNN models and degrade model accuracy from 80% to 0.1%, using a single bit flip. Enabling Error Correction Codes (ECC) can mitigate this risk, but ECC can introduce up to a 10% slowdown for #ML #inference workloads on an #A6000 GPU.
I did another post on use with() and within() from Base R, simply because it bears repeating. I don't think it gets enough eyeballs.
Post: https://www.spsanderson.com/steveondata/posts/2025-07-14/index.html
JWTs Are Not Session Tokens , Stop Using Them Like One
When JSON Web Tokens (JWTs) hit the mainstream, they were hailed as the solution to everything wrong with session management. Stateless! Compact! Tamper-proof! Suddenly, everyone started stuffing them into every web app like ketchup on bad code.
AI coding tools make developers slower, study finds
Artificial intelligence coding tools are supposed to make software development faster, but researchers who tested these tools in a randomized, controlled trial found the opposite.
https://www.theregister.com/2025/07/11/ai_code_tools_slow_down/
https://www.europesays.com/2239905/ Maxi incidente a Jesolo: due motociclisti veneti sono morti, almeno tre i feriti #accaduto #AccadutoRotonda #AccadutoRotondaBennet #adriatico #Auto #Code #feriti #incidente #Italia #italy #jesolo #moto #motociclisti #notizie #rotonda #Traffico
PRIVACY FOLKS: Stop fucking forgetting about accessibility. People with disabilities deserve privacy too - and in fact probably need it more than you do.
Signed,
So fucking tired of not being able to use privacy focused alternatives to apple and google, their native aps for various things from email to navigation, and suchlike.
Heh, you can add emoji into #GitLab labels.
»Over 600 Laravel Apps Exposed to Remote Code Execution Due to Leaked APP_KEYs on GitHub:
Cybersecurity researchers have discovered a serious security issue that allows leaked Laravel APP_KEY's to be weaponized to gain remote code execution capabilities on hundreds of applications.«
Never store your access keys in Git, especially not in the code – do programmers need to be taught this?!??
https://thehackernews.com/2025/07/over-600-laravel-apps-exposed-to-remote.html
Interesting Git repos of the week:
Detection:
* https://github.com/telekom-security/tpotce - have some honey
Exploitation:
* https://github.com/tlsfuzzer/tlsfuzzer - fuzz TLS
* https://github.com/ShawnDEvans/smbmap - map SMB shares
* https://github.com/nccgroup/fuzzowski - another nice fuzzer
Data:
* https://github.com/sneakers-the-rat/gpu-free-ai - the AI implementation you don't want to use!
I know I'm late to the party on this, but when people say "headless CMS" do they kinda mean the database part of the "database publishing" of 20 years ago?
Like it is storing content separately from the HTML/CSS or app interface so one doesn't have to munge that stuff when making content, or munge content when making a site or app or something, right?
Or is there some new magic in "headless CMS" I'm missing?