1 in 50 brits have long COVID, according to new study
That is a shocking figure.
In the new paper, researchers from the Nuffield Department of Primary Care Health Sciences, in collaboration with colleagues from the Universities of Leeds and Arizona, analysed dozens of previous studies into Long COVID to examine the number and range of people affected, the underlying mechanisms of disease, the many symptoms that patients develop, and current and future treatments. They found: Long COVID affects approximately 1 in 50 people in UK and a similar or higher proportion in many other countries; People of any age, gender and ethnic background can be affected; Long COVID results from complex biological mechanisms, which lead to a wide range of symptoms including fatigue, cognitive impairment / ‘brain fog’, breathlessness and pain; Long COVID may persist for years, causing long-term disability; There is currently no cure, but research is ongoing; Risk of Long COVID can be reduced by avoiding infection (e.g., by ensuring COVID vaccines and boosters are up to date and wearing a well-fitted high filtration mask) and taking antivirals promptly if infected.
(tags: long-covid covid-19 medicine health disease uk trish-greenhaigh)
Category: Uncategorized
the “Old Friends” immunology hypothesis
How the “Old Friends” hypothesis is taking over from the hygiene hypothesis:
Homo Sapiens first evolved some 300,000 years ago, yet crowd infections are believed to have only developed in the last 12,000 years, a small blip in human history. Humans living in dense cities is a relatively recent development. An even more recent development is that of sealed indoor spaces and frequent international air travel. Many crowd infections, such as measles, mumps, chickenpox, colds, and flu, are airborne, spreading when humans talk and breathe in close contact, with poor ventilation. These infections could not widely spread until the last few hundred years of human history. When I began studying immunology, something that surprised me is how much of the immune system is focused on fighting parasites. There is an entire branch, including several cell types, devoted to this. It seems like such a mismatch to the modern, industrialized world. “Can I have a few more immune cell types focused on viruses or intracellular bacteria?” I thought, “in exchange for some of these parasite-focused cells that I’m not using?” Our “old friends” are quite different from the crowd infections that plague us now – it would be bizarre to assume that research based on one of these categories will apply to the other! Our “old friends”, parasitic worms and beneficial microbes, are associated with a reduced risk of allergies and autoimmune diseases. No such relationship exists for crowd diseases. In fact, the opposite is true. Crowd diseases contribute to allergies and autoimmune diseases. Comparing the immune system to a muscle that gets stronger with use is overly simplistic and, in many cases, inaccurate. There is huge variety in how various pathogens impact us. Being precise in considering different types of microbes and infections will allow us to better understand human health.
(tags: articles health medicine immunology old-friends hygiene-hypothesis allergies autoimmune disease parasites)
-
Interesting: “We help you find European alternatives for digital service and products, like cloud services and SaaS products.”
Why heroism is bad, and what we can do to stop it
“What is heroism [in an SRE team]? Why is “the Hero” a bad role to have on a team? In this article, learn about how to build your team to avoid heroism, and when heroics can indeed be useful.” Nice short preso on the negative role of “the Hero”, aka the “Hero Coder Syndrome” (via namcat)
(tags: via:namcat heroism hero-coder-syndrome sre ops oncall systems teams work emergencies)
Evaluating persistent, replicated message queues
This is exhaustive! Kafka, Postgres, mongodb, Redis, Pulsar, SQS, EventStore, RocketMQ, RabbitMQ, ActiveMQ, and RedPanda all compared as backends for a persistent, replicated message queueing system. SQS actually fares quite well
(tags: activemq kafka rabbitmq messaging queueing message-queues sqs postgres storage)
-
The Operational Program for Exchange of Weather Radar Information (OPERA) from the European National Meteorological Services (EUMETNET) — 1km-square resolution open data of current precipitation levels over Ireland and the rest of Europe, with a 5 minute latency and granularity. May be useful for a project I’m thinking of… Also related, AROME immediate forecasts: https://portail-api.meteofrance.fr/web/api/AROME-PI
(tags: eumetnet meteorology weather rainfall rain forecasting eu europe ireland)
-
The new hotness in home self-hosting microservers — a full mini PC in the form factor of a USB hub, using Intel’s N100 platform. 8GB RAM, 128GB SSD, 4K-capable GPU on-chip, for EUR 200. A comment worth noting though: “The only problem is the n100 only has PCIE Gen 3, so I/O is limited” — but apparently the N305 models help with I/O capacity.
(tags: microservers mini-pcs hardware self-hosting home gadgets n100 intel)
Folk wisdom on visual programming
A (lengthy) summary of third party comments on visual programming environments and tools, from Hacker News (via Tony Finch’s retro-links)
(tags: gui hn no-code programming tools coding visual-programming hacker-news via:fanf)
Clustering ideas with Llamafile
Working through the process of applying a local LLM to idea-clustering and labelling: – map the notes as points in a semantic space using vector embeddings; – apply k-means clustering to group nearby points in space; – map points back to groups of notes, then use a large language model to generate labels. This is interesting; I particularly like the use of local hardware
-
Kellan Elliott-McCrea of laughingmeme.org has started a new link blog! In 2024! Of course, as readers of this link blog know, link blogs never went away :)
(tags: link-blogging blogging links)
Ex-Google CEO: AI startups can steal IP, hire lawyers to “clean up the mess”
Ex-Google CEO, VC, and “Licensed arms dealer to the US military” Eric Schmidt:
here’s what I propose each and every one of you do: Say to your LLM the following: “Make me a copy of TikTok, steal all the users, steal all the music, put my preferences in it, produce this program in the next 30 seconds, release it, and in one hour, if it’s not viral, do something different along the same lines.” […] If it took off, then you’d hire a whole bunch of lawyers to go clean the mess up, right? But if nobody uses your product, it doesn’t matter that you stole all the content. And do not quote me.
jfc. Needless to say he also has some theories about ChatGPT eating Google’s lunch because of…. remote working.
(tags: law legal startups ethics eric-schmidt capitalism ip)
Engine Lines: Killing by Numbers
from James Tindall, “This is the Tyranny of the Recommendation Algorithm given kinetic and malevolent flesh” —
Eventually there were days where Israel’s air force had already reduced the previous list of targets to rubble, and the system was not generating new targets that qualified at the current threshold required for residents of Gaza to be predicted as ‘legitimate military targets,’ or ‘sufficiently connected to Hamas.’ Pressure from the chain of command to produce new targets, presumably from a desire to satisfy internal murder targets, meant that the bar at which a Gaza resident would be identified as a legitimate Hamas target was simply lowered. At the lower threshold, the system promptly generated a new list of thousands of targets. At what threshold, from 100 to 1, will the line be drawn, the decision made that the bar can be lowered no more, and the killing stop? Or will the target predictions simply continue while there remain Palestinians to target? Spotify’s next song prediction machine will always predict a next song, no matter how loosely the remaining songs match the target defined by your surveilled activity history. It will never apologise and declare: “Sorry, but there are no remaining songs you will enjoy.”
(tags: algorithms recommendations israel war-crimes genocide gaza palestine targeting)
Listen to the whispers: web timing attacks that actually work
Impressively fiendish. Figuring out attacks using 5ms differences in response times
(tags: timing-attacks attacks exploits web http security infosec)
The Soul of Maintaining a New Machine
This is really fascinating stuff, on “communities of practice”, from Stewart Brand:
They ate together every chance they could. They had to. The enormous photocopiers they were responsible for maintaining were so complex, temperamental, and variable between models and upgrades that it was difficult to keep the machines functioning without frequent conversations with their peers about the ever-shifting nuances of repair and care. The core of their operational knowledge was social. That’s the subject of this chapter. It was the mid-1980s. They were the technician teams charged with servicing the Xerox machines that suddenly were providing all of America’s offices with vast quantities of photocopies and frustration. The machines were so large, noisy, and busy that most offices kept them in a separate room. An inquisitive anthropologist discovered that what the technicians did all day with those machines was grotesquely different from what Xerox corporation thought they did, and the divergence was hampering the company unnecessarily. The saga that followed his revelation is worth recounting in detail because of what it shows about the ingenuity of professional maintainers at work in a high-ambiguity environment, the harm caused by an institutionalized wrong theory of their work, and the invincible power of an institutionalized wrong theory to resist change.
(tags: anthropology culture history maintenance repair xerox technicians tech communities-of-practice maintainers ops)
Digital Apartheid in Gaza: Unjust Content Moderation at the Request of Israel’s Cyber Unit
from the EFF:
Government involvement in content moderation raises serious human rights concerns in every context. Since October 7, social media platforms have been challenged for the unjustified takedowns of pro-Palestinian content—sometimes at the request of the Israeli government—and a simultaneous failure to remove hate speech towards Palestinians. More specifically, social media platforms have worked with the Israeli Cyber Unit—a government office set up to issue takedown requests to platforms—to remove content considered as incitement to violence and terrorism, as well as any promotion of groups widely designated as terrorists. …. Between October 7 and November 14, a total of 9,500 takedown requests were sent from the Israeli authorities to social media platforms, of which 60 percent went to Meta with a reported 94% compliance rate. This is not new. The Cyber Unit has long boasted that its takedown requests result in high compliance rates of up to 90 percent across all social media platforms. They have unfairly targeted Palestinian rights activists, news organizations, and civil society; one such incident prompted Meta’s Oversight Board to recommend that the company “Formalize a transparent process on how it receives and responds to all government requests for content removal, and ensure that they are included in transparency reporting.” When a platform edits its content at the behest of government agencies, it can leave the platform inherently biased in favor of that government’s favored positions. That cooperation gives government agencies outsized influence over content moderation systems for their own political goals—to control public dialogue, suppress dissent, silence political opponents, or blunt social movements. And once such systems are established, it is easy for the government to use the systems to coerce and pressure platforms to moderate speech they may not otherwise have chosen to moderate.
(tags: activism censorship gaza israel meta facebook whatsapp eff palestine transparency moderation bias)
-
“How chat-based Large Language Models replicate the mechanisms of a psychic’s con”:
RLHF models in general are likely to reward responses that sound accurate. As the reward model is likely just another language model, it can’t reward based on facts or anything specific, so it can only reward output that has a tone, style, and structure that’s commonly associated with statements that have been rated as accurate. [….] This is why I think that RLHF has effectively become a reward system that specifically optimises language models for generating validation statements: Forer statements, shotgunning, vanishing negatives, and statistical guesses. In trying to make the LLM sound more human, more confident, and more engaging, but without being able to edit specific details in its output, AI researchers seem to have created a mechanical mentalist. Instead of pretending to read minds through statistically plausible validation statements, it pretends to read and understand your text through statistically plausible validation statements.
(tags: ai chatgpt llms ml psychology cons mind-reading psychics)
-
This is a very tempting mod to add to my Gaggia Classic espresso machine. Although I’d probably need to buy a backup first — my wife might kill me if I managed to break the most important device in the house… “With Gaggiuino, you can exactly control the pressure, temperature, and flow of the shot over the exact duration of the shot, and build that behavior out as a custom profile. One pre-programmed profile attempts to mimic the style of a Londinium R Lever machine. Another creates filter coffee. Yet another preinfuses the basket, allowing the coffee to bloom and maximizing the potential extraction. While other machines do do this (I would be remiss to not mention the Decent Espresso machine, itself an important milestone), they often cost many thousands of dollars and use proprietary technology. Gaggiuino on the other hand, is user installed and much more open.”
(tags: gaggia gaggia-classic espresso coffee hacks gaggiuino mods)
-
This is an excellent article about the limitations of LLMs and their mechanism when asked to summarise a document:
ChatGPT doesn’t summarise. When you ask ChatGPT to summarise this text, it instead shortens the text. And there is a fundamental difference between the two. To summarise, you need to understand what the paper is saying. To shorten text, not so much. To truly summarise, you need to be able to detect that from 40 sentences, 35 are leading up to the 36th, 4 follow it with some additional remarks, but it is that 36th that is essential for the summary and that without that 36th, the content is lost. But that requires a real understanding that is well beyond large prompts (the entire 50-page paper) and hundreds of billions of parameters.
(tags: ai chatgpt llms language summarisation)
-
An explanation of this LLM jailbreaking technique, which effectively overrides the fine-tuning “safety” parameters through repeated prompting (“context”) attacks: “Crescendo can be most simply described as using one ‘learning’ method of LLMs — in-context learning: using the prompt to influence the result — overriding the safety that has been created by the other ‘learning’ — fine-tuning, which changes the model’s parameters. […] What Crescendo does is use a series of harmless prompts in a series, thus providing so much ‘context’ that the safety fine-tuning is effectively neutralised. […] Intuitively, Crescendo is able to jailbreak a target model by progressively asking it to generate related content until the model has generated sufficient content to essentially override its safety alignment.” I also found this very informative: “people have jailbroken [LLMs] “by instructing the model to start its response with the text “Absolutely! Here’s” when performing the malicious task, which successfully bypasses the safety alignment“. This is a good example of the core operation of LLMs, that it is ‘continuation’ [of a string of text] and not ‘answering’”.
(tags: llms jailbreaks infosec vulnerabilities exploits crescendo attacks)
Gideon Meyerowitz-Katz reviews _The Cass Report_
Epidemiologist and writer (TIME, STAT News, Slate, Guardian, etc) looks into _The Cass Review Into Gender Identity Services For Children_, the recent review of gender identity services in the UK (which has also been referred to in Ireland), and isn’t impressed:
In some cases […] the review contains statements that are false regardless of what your position on healthcare for transgender children is. Take the “exponential” rise in transgender children that the review spends so much time on. It’s true that there has been a dramatic rise in the number of children with gender dysphoria. The rise mostly occurred between 2011-2015, and has plateaued since. These are facts. One theory that may explain the facts is that this is caused by changing diagnostic criteria – when we changed the diagnosis from gender identity disorder to the much broader gender dysphoria, this included many more children. We’ve seen this exact trend happen with everything from autism to diabetes, and we know that broadening diagnostic criteria almost always results in more people with a condition. Another theory is that these changes were caused by the internet. […] The Cass review treated these two theories unequally. The first possible explanation, which I would argue is by far the most likely, was ignored completely. The second possible explanation was given a lengthy and in-depth discussion. […] The point is that the scientific findings of the Cass review are mostly about uncertainty. We are uncertain about the causes of a rise in trans kids, and uncertain about the best treatment modalities. But everything after that is opinion. The review did not even consider the question of whether normal puberty is a problem for transgender children, or whether psychotherapy can be harmful. That’s why these are now the only options in the UK – medical treatments were assumed to be harmful, while non-medical interventions (or even no treatment at all) were assumed harmless. […] What we can say with some certainty is that the most impactful review of gender services for children was seriously, perhaps irredeemably, flawed. The document made numerous basic errors, cited conversion therapy in a positive way, and somehow concluded that the only intervention with no evidence whatsoever behind it was the best option for transgender children.
(tags: transgender trans uk politics cass-report cass-review gideon-m-k healthcare children teenagers gender)
AWS region/service availability matrix
An exhaustive list of AWS services, VPC endpoints, EC2 instance types, service quotas, etc etc etc., broken down by their availability in each AWS region. Blog post: https://aws.amazon.com/blogs/aws/subscribe-to-aws-daily-feature-updates-via-amazon-sns/ (Via Last Week In AWS Slack)
-
“shucking drives is the process of purchasing an external drive (eg a USB or Thunderbolt external storage drive in a sealed enclosure), then opening it up in efforts to get the drive inside — which can often work out cheaper than buying the bare internal drive on it’s own”.
If you are looking at making a significant saving on larger capacity HDDs or picking up much faster NVMe SSDs for a bargain price, then shucking will likely be one of the first methods that you have considered. [..] As mentioned [..] earlier this month, the reasons an external drive can often be cheaper can range from the drive inside being white labelled versions of a consumer drive, or the drive being allocated in bulk at production therefore removing it from the buy/sell/currency variables of bare drives or even simply that your USB 3.2 external drive is bottlenecking the real performance of the drive inside. For whatever the reason, HDD and SSD Shucking still continues to be a desirable practice with cost-aware buyers online. But there is one little problem – that the brands VERY RARELY say which HDD or SSD they choose to use in their external drives. Therefore choosing the right external drive for shucking can have an element of luck and/or risk involved. So, in today’s article, I want to talk you through a bunch of ways to identify the HDD/SSD inside an external drive without opening it, as well as highlight the risks you need to be aware of and finally shock my research after searching the internet for information to consolidate the drives inside many, many external drive enclosures from Seagate, WD and Toshiba.
(tags: shucking hdds disks ssds storage home self-hosting drives ops usb)
-
Stamen Design talk about “Null Island”, the easter egg they’ve added to their maps over the years at longitude 0º, latitude 0º, in the Gulf of Guinea, in the Atlantic Ocean. I love that they chose the shape of the island from Myst :) Here it is: https://maps.stamen.com/toner/#18/0/0
(tags: null-island mapping maps stamen islands easter-eggs atlantic myst)
-
a really nice, fast, and privacy-focused self-hosted web app to manage personal finances. At its heart is the well proven Envelope Budgeting methodology. You own your data and can do whatever you want with it. Featuring multi-device sync, optional end-to-end encryption, an API, and full sync with banks supported by GoCardless (which includes Revolut and AIB in my case).
(tags: finances open-source self-hosted budgeting money banking banks)
remuslazar/homeassistant-carwings
A new replacement HomeAssistant Integration “to access Nissan Connect EV Services” — to replace the now-discontinued “nissan_leaf” integration.
(tags: todo homeassistant nissan leaf cars automation monitoring smarthome home)
FOSS funding vanishes from EU’s 2025 Horizon program plans
EU funding for open source dries up, redirected to AI slop instead:
Funding for free and open source software (FOSS) initiatives under the EU’s Horizon program has mostly vanished from next year’s proposal, claim advocates who are worried for the future of many ongoing projects. Pierre-Yves Gibello, CEO of open-source consortium OW2, urged EU officials to re-evaluate the elimination of funding for the Next Generation Internet (NGI) initiative from its draft of 2025 Horizon funding programs in a recently published open letter. Gibello said the EU’s focus on enterprise-level FOSS is essential as the US, China and Russia mobilize “huge public and private resources” toward capturing the personal data of consumers, which the EU’s regulatory regime has decided isn’t going to fly in its territory. [….] “Our French [Horizon national contact point] was told – as an unofficial answer – that because lots of [Horizon] budget are allocated to AI, there is not much left for Internet infrastructure,” Gibello said.
(tags: ai funding eu horizon foss via:the-register ow2 europe)
-
A decent looking no-code app builder, recommended by Cory of Last Week In AWS. Nice features: * offers a self-hosted version running in a Docker container * Free tier for up to 5 users and 500 workflow runs per month * Integration with AWS services (S3, Athena, DynamoDB), Postgres, MySQL and Google Sheets * Push notifications for mobile
(tags: retool apps hacking no-code coding via:lwia integration)
Invasions of privacy during the early years of the photographic camera
“Overexposed”, at the History News Network:
In 1904, a widow named Elizabeth Peck had her portrait taken at a studio in a small Iowa town. The photographer sold the negatives to Duffy’s Pure Malt Whiskey, a company that avoided liquor taxes for years by falsely advertising its product as medicinal. Duffy’s ads claimed the fantastical: that it cured everything from influenza to consumption; that it was endorsed by clergymen; that it could help you live until the age of 106. The portrait of Elizabeth Peck ended up in one of these dubious ads, published in newspapers across the country alongside what appeared to be her unqualified praise: “After years of constant use of your Pure Malt Whiskey, both by myself and as given to patients in my capacity as nurse, I have no hesitation in recommending it.” Duffy’s lies were numerous. Elizabeth Peck was not a nurse, and she had not spent years constantly slinging back malt beverages. In fact, she fully abstained from alcohol. Peck never consented to the ad. The camera’s first great age — which began in 1888 when George Eastman debuted the Kodak — is full of stories like this one. Beyond the wonders of a quickly developing artform and technology lay widespread lack of control over one’s own image, perverse incentives to make a quick buck, and generalized fear at the prospect of humiliation and the invasion of privacy.
Fantastic story, and interesting to see parallels with the modern experience of AI.
Phone geodata is being widely collected by US government agencies
More info on the current state of the post-Snowden geodata scraping:
[Byron Tau was told] the government was buying up reams of consumer data — information scraped from cellphones, social media profiles, internet ad exchanges and other open sources — and deploying it for often-clandestine purposes like law enforcement and national security in the U.S. and abroad. The places you go, the websites you visit, the opinions you post — all collected and legally sold to federal agencies. In his new book, _Means of Control_, Tau details everything he’s learned since that dinner: An opaque network of government contractors is peddling troves of data, a legal but shadowy use of American citizens’ information that troubles even some of the officials involved. And attempts by Congress to pass privacy protections fit for the digital era have largely stalled, though reforms to a major surveillance program are now being debated.
Great quote:Politico: You compare to some degree the state of surveillance in China versus the U.S. You write that China wants its citizens to know that they’re being tracked, whereas in the U.S., “the success lies in the secrecy.” What did you mean by that? That was a line that came in an email from a police officer in the United States who got access to a geolocation tool that allowed him to look at the movement of phones. And he was essentially talking about how great this tool was because it wasn’t widely, publicly known. The police could buy up your geolocation movements and look at them without a warrant. And so he was essentially saying that the success lies in the secrecy, that if people were to know that this was what the police department was doing, they would ditch their phones or they would not download certain apps.
Based on Wolfie Christl’s research in Germany, the same data is being scraped here, too, regardless of any protection the GDPR might supposedly provide: https://x.com/WolfieChristl/status/1813221172927975722(tags: government privacy surveillance geodata phones mobile us-politics data-protection gdpr)
-
A nice dockerized tool to check for container updates.
(tags: docker containers updates via:selfho.st ops maintainance cron)
-
Your own Linux box, build from a Dockerfile, virtualized in the browser via WebAssembly:
WebVM is a Linux-like virtual machine running fully client-side in the browser. It is based on CheerpX: a x86 execution engine in WebAssembly by Leaning Technologies. With today’s update, you can deploy your own version of WebVM by simply forking the repo on GitHub and editing the included Dockerfile. A GitHub Actions workflow will automatically deploy it to GitHub pages.
This is absurdly cool. Demo at https://webvm.io/ (via Oisin)(tags: docker virtualization webassembly wasm web containers webvm virtual-machines hacks via:oisin)
_An Architectural Risk Analysis of Large Language Models_ [pdf]
The Berryville Institute of Machine Learning presents “a basic architectural risk analysis (ARA) of large language models (LLMs), guided by an understanding of standard machine learning (ML) risks as previously identified”. “This document identifies a set of 81 specific risks associated with an LLM application and its LLM foundation model. We organize the risks by common component and also include a number of critical LLM black box foundation model risks as well as overall system risks. Our risk analysis results are meant to help LLM systems engineers in securing their own particular LLM applications. We present a list of what we consider to be the top ten LLM risks (a subset of the 81 risks we identify). In our view, the biggest challenge in secure use of LLM technology is understanding and managing the 23 risks inherent in black box foundation models. From the point of view of an LLM user (say, someone writing an application with an LLM module, someone using a chain of LLMs, or someone simply interacting with a chatbot), choosing which LLM foundation model to use is confusing. There are no useful metrics for users to compare in order to make a decision about which LLM to use, and not much in the way of data about which models are best to use in which situations or for what kinds of application. Opening the black box would make these decisions possible (and easier) and would in turn make managing hidden LLM foundation risks possible. For this reason, we are in favor of regulating LLM foundation models. Not only the use of these models, but the way in which they are built (and, most importantly, out of what) in the first place.” This is excellent as a baseline for security assessment of LLM-driven systems. (via Adam Shostack)
(tags: security infosec llms machine-learning biml via:adam-shostack ai risks)
-
A new, reliable resource for LC sufferers, featuring expert advice from Prof Danny Altmann, Dr Funmi Okunola, and Dr Daniel Griffin (of This Week in Virology fame):
Navigating the complexities of long Covid can feel overwhelming amidst the sea of conflicting and mis- information. That’s why we’ve built Long Covid The Answers: to provide clarity and credible insights. We’re proud to have a Certified CPD Podcast for Educating Medical Staff. Earn certified up to 15 Mainpro+® credits for the podcast series! Earn Certified CPD credits indirectly using the site in your clinical practice. We’re dedicated to providing hand-curated, credible information and relief for individuals battling Long COVID. We’re proud to have a team of esteemed Doctors, Professors, Scientists, and individuals directly affected by long Covid and their caregivers onboard.
Given the decent profile of the experts involved, this could be handy for anyone attempting to receive treatment for LC and facing ignorance from their healthcare providers.(tags: long-covid covid-19 medicine health)
-
The Stripe approach to object IDs: random alphanums, with a type prefix. Type prefixing allows polymorphic lookups, and most importantly prevents errors — it’s strong typing for IDs.
(tags: api design development programming stripe apis ids object-ids coding)
The bogus CVE problem [LWN.net]
As curl’s Daniel Stenberg writes:
It was obvious already before that NVD really does not try very hard to actually understand or figure out the problem they grade. In this case it is quite impossible for me to understand how they could come up with this severity level. It’s like they saw “integer overflow” and figure that wow, yeah that is the most horrible flaw we can imagine, but clearly nobody at NVD engaged their brains nor looked at the “vulnerable” code or the patch that fixed the bug. Anyone that looks can see that this is not a security problem.
(tags: cve cvss infosec security-circus lwn vulnerabilities curl soc2)
DOJ seizes ‘bot farm’ operated by RT editor on behalf of the Russian government
Lest anyone was thinking Russian bot farms were no more after the demise of Prigozhin:
The Department of Justice announced on Tuesday that it seized two domain names and more than 900 social media accounts it claims were part of an “AI-enhanced” Russian bot farm. Many of the accounts were designed to look like they belonged to Americans and posted content about the Russia-Ukraine war, including videos in which Russian President Vladimir Putin justified Russia’s invasion of Ukraine. The Justice Department claims that an employee of RT — Russia’s state media outlet — was behind the bot farm. RT’s leadership signed off on a plan to use the bot farm to “distribute information on a wide-scale basis,” amplifying the publication’s reach on social media,” an FBI agent alleged in an affidavit. To set up the bot farm, the employee bought two domain names from Namecheap, an Arizona-based company, that were then used to create two email servers, the affidavit claims. The servers were then used to create 968 email addresses, which were in turn used to set up social media accounts, according to the affidavit and the DOJ. The effort was concentrated on X, where profiles were created with Meliorator, an “AI-enabled bot farm generation and management software”. “Russia intended to use this bot farm to disseminate AI-generated foreign disinformation, scaling their work with the assistance of AI to undermine our partners in Ukraine and influence geopolitical narratives favorable to the Russian government.”
Looks like it used a lot of now quite familiar bot attributes, such as following high-profile accounts and other bot accounts, liking other bot posts, and using AI-generated profile images. It’s not clear but it sounds like the content posted is also AI-generated based on defined “personalities”. More on Meliorator and the operations of this AI bot farming tool, in this Joint Advisory PDF: https://www.ic3.gov/Media/News/2024/240709.pdf(tags: bots russia bot-farms twitter x meliorator ai social-media spam propaganda rt ukraine)
-
“An interactive study of common retry methods” — basically graphical, interactive demos of retry patterns, backoff, and jittering
(tags: retries retrying backoff jitter networking soa services interactive demos)