Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "researchers"
-
So a group of 'researchers' (you'll get later why I call them 'researchers') conducted research to find the most secure browser.
Their result is Google Chrome!
Few minor details:
- THE WHOLE FUCKING RESEARCH THINGY WAS (mostly?) SPONSORED BY GOOGLE.
- THEY COMPARED IT MOSTLY TO INTERNET FUCKING EXPLORER AND EDGE.
Are they fucking retarded or something?! Yeah if it's going to go like that, Google Chrome will certainly become the winner/number 1.
Mother of fucking god.65 -
A group of Security researchers has officially fucked hardware-level Intel botnet officially branded as "Intel Management Engine" they did so by gathering it all the autism they were able to get from StackOverflow mods... though they officially call it a Buffer Overflow.
On Wednesday, in a presentation at Black Hat Europe, Positive Technologies security researchers Mark Ermolov and Maxim Goryachy plan to explain the firmware flaws they found in Intel Management Engine 11, along with a warning that vendor patches for the vulnerability may not be enough.
Two weeks ago, the pair received thanks from Intel for working with the company to disclose the bugs responsibility. At the time, Chipzilla published 10 vulnerability notices affecting its Management Engine (ME), Server Platform Services (SPS), and Trusted Execution Engine (TXE).
The Intel Management Engine, which resides in the Platform Controller Hub, is a coprocessor that powers the company's vPro administrative features across a variety of chip families. It has its own OS, MINIX 3, a Unix-like operating system that runs at a level below the kernel of the device's main operating system.
It's a computer designed to monitor your computer. In that position, it has access to most of the processes and data on the main CPU. For admins, it can be useful for managing fleets of PCs; it's equally appealing to hackers for what Positive Technologies has dubbed "God mode."
The flaws cited by Intel could let an attacker run arbitrary code on affected hardware that wouldn't be visible to the user or the main operating system. Fears of such an attack led Chipzilla to implement an off switch, to comply with the NSA-developed IT security program called HAP.
But having identified this switch earlier this year, Ermolov and Goryachy contend it fails to protect against the bugs identified in three of the ten disclosures: CVE-2017-5705, CVE-2017-5706, and CVE-2017-5707.
The duo say they found a locally exploitable stack buffer overflow that allows the execution of unsigned code on any device with Intel ME 11, even if the device is turned off or protected by security software.
For more of the complete story go here:
https://blackhat.com/eu-17/...
https://theregister.co.uk/2017/12/...
I post mostly daily news, commentaries and such on my site for anyone that wish to drop by there19 -
"Pre-Installed Malware Found On 5 Million Popular Android Phones"
"added somewhere along the supply chain"
See below how to check if it's installed
Sources:
- (new) https://thehackernews.com/2018/03/...
- (new) https://research.checkpoint.com/rot...
- (old relevant news) https://thehackernews.com/2017/03/...
---
"Rottensys" a malware which covers devices from: Honor, Huawei, Xiaomi, OPPO, Vivo, Samsung and GIONEE
---
"According to our findings, the RottenSys malware began propagating in September 2016. By March 12, 2018, 4,964,460 devices were infected by RottenSys," researchers said.
"At this moment, the massive malware campaign pushes an adware component to all infected devices that aggressively displays advertisements on the device’s home screen, as pop-up windows or full-screen ads to generate fraudulent ad-revenues."
---
If you have one of the affected devices, here's how I checked mine:
1. Install ADB (Windows: https://forum.xda-developers.com/sh...)
2. Connect your device in USB-debugging mode
3. execute "adb shell 'pm list packages -f' > output.txt" (On windows navigate to C:\adb and replace "adb" with ".\adb.exe")
4. open the now created output.txt
5. search for any of those:
com.android.yellowcalendarz (每日黄历)
com.changmi.launcher (畅米桌面)
com.android.services.securewifi (系统WIFI服务)
com.system.service.zdsgt19 -
Microsoft brute-forces password-protected archives in OneDrive.
“Microsoft will decrypt, open, and scan protected Zip archives uploaded to the company's cloud servers in search of potential computer threats. Security researcher Andrew Brandt recently discovered the issue while trying to share malware samples with other researchers through SharePoint.”
This is when I encrypt my archives, I use _very_ long passwords generated by Bitwarden. Like this: qkYdE5i@27yHTTj8YsMDKQ9^mo$j@!P^M4qA95Y5VqR*53otAMuMv$9sdxtF4HAuNdAYoW9RPVxucJ3
Good luck bruteforcing that, Microsoft!
https://techspot.com/news/...14 -
We are devs right?
We have cpus and gpus lying around right?
We are still alive... right? 🤔
How about we do our part and utilise our PCs for helping with COVID-19 research.
I've stumbled across this little tool that not only keeps me warm at night but helps researchers with several diseases.
https://foldingathome.org/iamoneina...
It's like a a bitcoin miner but for research purposes, no it's not a dodgy bitcoin miner.
Oh and feel free to keep yourself anonymous as there are stats that will identify your username - when they work.
There are installers for windows, Mac, and linux distros so everyone can get involved.29 -
Not to get political, but apparently the political climate in the world leads to the following situation.
"I'm being a fucking evil lying asshole. But I'm actually a good guy, because I'm doing it as pseudo-scientific research to show how easy it is to be evil and dishonest"
https://zdnet.com/article/...
("Researchers" with an anti-FOSS motive attempting software supply chain attacks on Linux kernel)
What's next? "Scientists" killing puppies to show that, if someone was inclined to be that evil, puppies are weak and their necks snap easily?16 -
---WiFi Vision: X-Ray Vision using ambient WiFi signals now possible---
“X-Ray Vision” using WiFi signals isn’t new, though previous methods required knowledge of specific WiFi transmitter placements and connection to the network in question. These limitations made WiFi vision an unlikely security breach, until now.
Cybersecurity researchers at the University of California and University of Chicago have succeeded in detecting the presence and movement of human targets using only ambient WiFi signals and a smartphone.
The researchers designed and implemented a 2-step attack: the 1st step uses statistical data mining from standard off-the-shelf smartphone WiFi detection to “sniff” out WiFi transmitter placements. The 2nd step involves placement of a WiFi sniffer to continuously monitor WiFi transmissions.
Three proposed defenses to the WiFi vision attack are Geofencing, WiFi rate limiting, and signal obfuscation.
Geofencing, or reducing the spatial range of WiFi devices, is a great defense against the attack. For its advantages, however, geofencing is impractical and unlikely to be adopted by most, as the simplest geofencing tactic would also heavily degrade WiFi connectivity.
WiFi rate limiting is effective against the 2nd step attack, but not against the 1st step attack. This is a simple defense to implement, but because of the ubiquity of IoT devices, it is unlikely to be widely adopted as it would reduce the usability of such devices.
Signal obfuscation adds noise to WiFi signals, effectively neutralizing the attack. This is the most user-friendly of all proposed defenses, with minimal impact to user WiFi devices. The biggest drawback to this tactic is the increased bandwidth of WiFi consumption, though compared to the downsides of the other mentioned defenses, signal obfuscation remains the most likely to be widely adopted and optimized for this kind of attack.
For more info, please see journal article linked below.
https://arxiv.org/pdf/...9 -
"Ad targeters are pulling data from your browser’s password manager"
---
Well, fuck.
"It won't be easy to fix, but it's worth doing"
Just check for visibility or like other password managers handle it iirc: assign a unique identifier based on form content and fill that identifier only.
---
"Nearly every web browser now comes with a password manager tool, a lightweight version of the same service offered by plugins like LastPass and 1Password. But according to new research from Princeton's Center for Information Technology Policy, those same managers are being exploited as a way to track users from site to site.
The researchers examined two different scripts — AdThink and OnAudience — both of are designed to get identifiable information out of browser-based password managers. The scripts work by injecting invisible login forms in the background of the webpage and scooping up whatever the browsers autofill into the available slots. That information can then be used as a persistent ID to track users from page to page, a potentially valuable tool in targeting advertising."
Source: https://theverge.com/2017/12/...14 -
My old job was almost perfect. I was a systems engineer for a research network. My duties were to configure, build, install, secure, manage and repair Linux hosts used for research on projects so advanced/cutting edge that I could spend days just listening to researchers explaining them and I honestly loved it! I understood less than half of the projects but just seeing how motivated and excited the researchers are made the job my favourite. Unfortunately I had to leave and get a job closer to my house because having a 2 hour (one way) commute for two years was killing me :-/ relocation wasn't an option and still isn't but I'd be lying to myself if I tried to say I wouldn't go back as soon as I could.2
-
I like the idea of Machine Learning in JS simply because I think it is way to fascinating to see what people are doing with JS.
Some programming languages tend to a attract very peculiar crowds. Some are even famous for the type of people they attract. Python is highly regarded as a language for scientists and researchers as well as beginners in development due to how simple and expressive it is. So you normally tend to see that kind ok f people in it(and before you bitch about it....no....it is not an all inclusive statement, hold your cock holster)
Whereas JS seems to have people from all backgrounds. It really is the language of the internet and as such the people around the internet have tried hard to make it better. So this can be considered an experiment regarding the way people collaborate with one another and I dig it.
Its all about working together ma ninjas.
Still a pretty funny language sometimes tho
1 + "1" = "11"
1 - "1" = 0
I still love it.27 -
Google researchers breaks SHA-1. Next 90 days they will release the code that was used to break this encryption.
Are we fucked?5 -
So I found this consulting job a while ago thinking that some extra cash while studying would be nice to have.
I meet with the guy, a researcher trying to start a business up, good for him I think, maybe we'll hit it off, continue working, why not? Except he has no clue how to write working code, all he ever did was writing matlab scripts he says, thats why he hired me he says.
Okay, fine, you do your job I do mine.
He hands me the contract, its about comparing two libraries, finding out which one is better suited for his job, cool, plots and graphs everywhere.
Except this is an unpaid job. YOU WHAT?! It's a test job. FINE. At least it'll look good on my resume.
We talk about the paid part where I'm supposed to scale the two libraries, looks good, as expected from an ML engineering perspective. It comes to payment. The dude has no idea how taxes work, says he has a set amount to pay and not a penny more. I explain with examples how taxes are paid, how you get reimbursed for them and so on. Won't budge. Screws me over.
Opens the door for other jobs I think, he'll learn next time I think and take the job.
Fast forward a month, 90% of the job done, he adds a third thing to compare. Gives a github link to a repo with 2 authors, last commit a year ago. There are links to a 404, claiming compiled jars. Fuck.
Not my first rodeo, git clone that shit, make compile, the works. The thing uses libs that ain't in no repo, that would be too easy. Run, error, find lib, remake all the things, rinse repeat.
The scripts they got have hardcoded paths and filenames for 2 year old binaries, remake that shit.
It works, at least I get a prompt now. Try the example files they got, no luck, some missing unlinked binary somewhere, but not a name mentioned. Cross reference the shit outta the libs mentioned on readme, find the missing shit, down it.
Available versions are too new, THE MOLDING NUTCRACKER uses some bug in an old version of the lib.
I give up. Fuck this. This ain't worth the money OR time. Wanker... -
As usual a rather clickbait title, because only the chrome extensions (as always) seem to be vulnerable:
"Warning – 3 Popular VPN Services Are Leaking Your IP Address"
"Researchers found critical vulnerabilities in three popular VPN services that could leak users' real IP addresses and other sensitive data."
"VPN Mentor revealed that three popular VPN service providers—HotSpot Shield, PureVPN, and Zenmate"
"PureVPN is the same company who lied to have a 'no log' policy, but a few months ago helped the FBI with logs that lead to the arrest of a Massachusetts man in a cyberstalking case."
"Hijack all traffic (CVE-2018-7879) "
"DNS leak (CVE-2018-7878)"
"Real IP Address leak (CVE-2018-7880)"7 -
Does anyone else here hate people who use numpy panda and tensorflow and call themselves data scientists ??
Cuz I hate 'em. There are so many researchers who work day and night to figure out the math and algos which go into these libraries. These researchers are real data scientists.
If computerss sciemce would have been a religion, then just using these stupid libraries and claiming you are a data scientist would be blasphemy.7 -
TL;DR: academic survey over devRant, 5-7 minutes https://forms.gle/do2KK8cGfv5w6cjY9
We are a group of researchers from Canada, Italy, and the Netherlands, studying communication between software developers. We would like to understand the role devRant plays in developers' professional life and the perceived advantages and disadvantages of the platform.
To this end we created an overview of the topics discussed. The purpose of this survey is to get your opinion on the overview. The results of the survey will be reported in a research manuscript, which will be submitted for a peer-reviewed publication.
The survey will take 5-7 minutes. The collection and analysis of the data are governed by a strict privacy policy in both North America and Europe. As such, your responses will be anonymized and any personally identifying information will be removed. While the survey has been approved by @dfox individual answers will not be shared with him or any other party not directly involved in the research.
Survey: https://forms.gle/do2KK8cGfv5w6cjY9
We thank you for your participation.
Foutse Khomh, Nicole Novielli, Moses Openja, Alexander Serebrenik, Gias Uddin27 -
Researchers were able to store 3 bits of data per cell in phase-change memory, beating the previous limit of 1 bit per cell, IBM said. PCM competes with dynamic random-access memory.
5/19/2016.2 -
Get ready for a awesome conspiracy theory/ WhatsApp forward :D i like how people are coming with new stuff every minute of their boredom . Makes you ponder:
====================================
🔥🔥🔥🔥🔥🔥
How to dominate the world quickly?
THE GREAT CHINESE STAGE
1. Create a virus and the antidote.
2. Spread the virus.
3. A demonstration of efficiency, building hospitals in a few days. After all, you were already prepared, with the projects, ordering the equipment, hiring the labor, the water and sewage network, the prefabricated building materials and stocked in an impressive volume.
4. Cause chaos in the world, starting with Europe.
5. Quickly plaster the economy of dozens of countries.
6. Stop production lines in factories in other countries.
7. Cause stock markets to fall and buy companies at a bargain price.
8. Quickly control the epidemic in your country. After all, you were already prepared.
9. Lower the price of commodities, including the price of oil you buy on a large scale.
10. Get back to producing quickly while the world is at a standstill. Buy what you negotiated cheaply in the crisis and sell more expensive what is lacking in countries that have paralyzed their industries.
After all, you read more Confucius than Karl Marx.
PS: Before laughing, read the book by Chinese colonels Qiao Liang and Wang Xiangsui, from 1999, “Unrestricted Warfare: China’s master plan to destroy America”, on Amazon, then we talk. It's all there.
🔥🔥🔥🔥🔥🔥🔥🔥
Worth pondering..
Just Think about this...
How come Russia & North Korea are totally free of Covid- 19? Because they are staunch ally of China. Not a single case reported from this 2 countries. On the other hand South Korea / United Kingdom / Italy / Spain and Asia are severely hit. How come Wuhan is suddenly free from the deadly virus?
China will say that their drastic initial measures they took was very stern and Wuhan was locked down to contain the spread to other areas. I am sure they are using the Anti dode of the virus.
Why Beijing was not hit? Why only Wuhan? Kind of interesting to ponder upon.. right? Well ..Wuhan is open for business now. America and all the above mentioned countries are devastated financially. Soon American economy will collapse as planned by China. China knows it CANNOT defeat America militarily as USA is at present
THE MOST POWERFUL country in the world. So use the virus...to cripple the economy and paralyse the nation and its Defense capabilities. I'm sure Nancy Pelosi got a part in this. . to topple Trump. Lately President Trump was always telling of how GREAT American economy was improving in all fronts. The only way to destroy his vision of making AMERICA GREAT AGAIN is to create an economic havoc. Nancy Pelosi was unable to bring down Trump thru impeachment. ....so work along with China to destroy Trump by releasing a virus. Wuhan,s epidemic was a showcase. At the peak of the virus epidemic. ..
China's President Xi Jinping...just wore a simple RM1 facemask to visit those effected areas. As President he should be covered from head to toe.....but it was not the case. He was already injected to resist any harm from the virus....that means a cure was already in place before the virus was released.
Some may ask....Bill Gates already predicted the outbreak in 2015...so the chinese agenda cannot be true. The answer is. ..YES...Bill Gates did predict. .but that prediction is based on a genuine virus outbreak. Now China is also telling that the virus was predicted well in advance. ....so that its agenda would play along well to match that prediction. China,s vision is to control the World economy by buying up stocks now from countries facing the brink of severe ECONOMIC COLLAPSE. Later China will announce that their Medical Researchers have found a cure to destroy the virus. Now China have other countries stocks in their arsenal and these countries will soon be slave to their master...CHINA.
Just Think about it ...
The Doctor Who declared this virus was also Silenced by the Chinese Authorities...15 -
Http/2 server push is really cool. Like, really fucking cool. Those researchers at google really got this right. I hate how they handle their users but I have to say they really make good use of the money they get by selling us for kettle.2
-
Data Scientists/Researchers
Stop building libraries.
You can't build libraries.
You're not software engineers.
Write your script as plainly as possible.
Why?
Cus for every fucking paper that has code associated with it, unless it's from Meta or Google, I'm having to edit to make shit work.
Stop over-engineering shit.
Write your model and fuck off.12 -
I basically need a select few contributors to speed up the development process. Python3 developers, testers and researchers are all welcome6
-
Many years ago, when I moved from a semi-experienced developer to an absolute beginner project manager at another company, my very first project was an absolute clusterfuck.
The customer basically wanted to scrape signups to their EventBrite events into their CRM system. The fuckery began before the project even started, when I was told my management that we HAD to use BizTalk. It didn't matter that we had zero experience with BizTalk, or that using BizTalk for this particular project was like using a stealth bomber to go down to the shops for a bottle of tequila (that's one for fans of Last Man on Earth). It's designed to be used by an experienced team of developers, not a small inexperienced 1-person dev team I had. The reason was for bullshit political reasons which I wasn't really made clear on (I suspect that our sales team sold it to them for a bazillion pounds, and they weren't using it for anything, so we had to justify us selling it to them by doing SOMETHING with it). And because this was literally my first project, I was young and not confident at all, and I wanted to be the guy who just got shit done, I didn't argue.
Inevitably, the project was a turd. It went waaay over budget and time, and didn't work very well. I remember one morning on my way to work seriously considering ploughing my car into a ditch, so that I had a good excuse not to go into work and face that bullshit project.
The good thing is that I learned a lot from that. I decided that kind of fuckery was never going to happen again.
A few months later I had an initial meeting with a potential customer (who I was told would be a great customer to have for bullshit political reasons) - I forget the details but they essentially wanted to build a platform for academic researchers to store data, process it using data processing plugins which they could buy, and commersialise it somehow. There were so many reasons why this was a terrible idea, but when they said that they were dead set on using SharePoint (SharePoint!!!) as the base of the platform, I remembered my first project and what happened.
I politely explained my technical and business concerns over the idea, and reasons why SharePoint was not a good fit (with diagrams and everything), suggested a completely different technology stack, and scheduled another meeting so they could absorb what I had said and revisit. I went to my sales and head of development and basically told them to run. Run fast, and run far, because it won't work, these guys are having some kind of fever dream, it's a clusterfuck in the making, and for some reason they won't consider not using SP.
I never heard from them again, so I assume we dropped them as a potential client. It felt amazing. I think that was the single best thing I did for that company.
Moral of the story: when technology decisions are made which you know are wrong, don't be afraid to stand up and explain why.3 -
Doing research at my school over summer. Talk to some other researchers from other departments (chem, english, bio, etc). Tell them all about the cool work I do in robotics (I program them, not build them). One by one they proceed to ask me to make them a website/app since I know how to code. *Faceplam*3
-
Sooooo ok ok. Started my graduate program in August and thus far I have been having to handle it with working as a manager, missing 2 staff member positions at work, as well as dealing with other personal items in my life. It has been exhausting beyond belief and I would not really recommend it for people working full time always on call jobs with a family, like at a..
But one thing that keeps my hopes up is the amount of great knowledge that the professors pass to us through their lectures. Sometimes I would get upset at how highly theoretical the items are, I was expecting to see tons of code in one of the major languages used in A.I(my graduate program has a focus in AI, that is my concentration) and was really disappointed at not seeing more code really. But getting the high level overview of the concepts has been really helpful in forcing me to do extra research in order to reconnect with some of the items that I had never thought of before.
If you follow, for example, different articles or online tutorials representing doing something simple like generating a simple neural network, it sometimes escapes our mind how some of the internal concepts of the activity in question are generated, how and why and the mathematical notions that led researchers reach the conclusions they did. As developers, we are sometimes used to just not caring about how sometimes a thing would work, just as long as it works "we will get back to this later" is a common thing in most tutorials, such as when I started with Java "don't worry about what public static main means, just write it up for now, oh and don't worry about what System.out.println() is, just know that its used to output something into bla bla bla" <---- shit like that is too common and it does not escape ML tutorials.
Its hard man, to focus on understanding the inner details of such a massive field all the time, but truly worth it. And if you do find yourself considering the need for higher education or not, well its more of a personal choice really. There are some very talented people that learn a lot on their own, but having the proper guidance of a body of highly trained industry professionals is always nice, my professors take the time to deal with the students on such a personal level that concepts get acquired faster, everyone in class is an engineer with years of experience, thus having people talk to us at that level is much appreciated and accelerates the process of being educated.
Basically what I am trying to say is that being exposed to different methodologies and theoretical concepts helps a lot for building intuition, specially when you literally have no other option but to git gud. And school is what you make of it, but certainly never a waste.2 -
What is it about robot collected data that makes researchers so anal? Like, dude, it's not even personal data. It's literally robot's joint motor recordings. It's not nuclear data, so why the fuck do you protect it like your life and your country depend on it?
I hope you get fisted by that data every night and how it will end up in oblivion sooner because you didn't publish it. You asshole.8 -
New Phrack article. Given they release like one a year, figured it warranted posting a link.
Title : Hypervisor Necromancy; Reanimating Kernel Protectors
Author: Aris Thallas
Date: 2020 Feb 14
"In this (rather long) article we will be investigating methods to emulate proprietary hypervisors under QEMU, which will allow researchers to interact with them in a controlled manner and debug them. Specifically, we will be presenting a minimal framework developed to bootstrap Samsung S8+
proprietary hypervisor as a demonstration, providing details and insights on key concepts on ARM low level development and virtualization extensions for interested readers to create their own frameworks and Actually Compile And Boot them ;). Finally, we will be investigating fuzzing implementations under this setup."
http://phrack.org/papers/...2 -
This semester, we have a lecture called IT Security by a guy, who absolutely know his subject.
Nevertheless, he wanted to show us that sha256 is broken by an existing collision. (Google that, fellow ranters!)
There are two pdf files by google researchers, that show the caption „SHAttered“ both on different backgrounds, although they give the same SHA-hash.
He then tried to share us these two files by moodle and wondered, why he uploaded the same file twice.
Guess what happened? The moodle backend checks new uploaded files for their ... hash ... and then decides, weather to upload or the file is already existing. So, it did just a new symlink to the old file.
Ironic, that an exercise, that should show us sha collision failures on sha collision 😃5 -
Hahaha ahah ahaha ahha haha ha :') does saying that its a solo project and throwing me into a team of incompetent researchers count? Does specifying a python-ish stack and giving me c++ and fortran code count? Does not fucking paying me until i threatened to leave the job and delete everything i wrote for them count? Does speaking to 9billion people to get the same job as fulltime because i spent 8 hours working for them anyway count?
-
!rant
This is more of a thought-related post. In the morning I stumbled across an article about artificial intelligence and the research from Facebook. I couldn't get around the thought of Elon Musk warning the people about uncontrolled developing of AI. The article was written about the experiment of Facebook, where two bots (Bob and Alice) were told to communicate with each other. As the developers "forgot" to implement a reward for using the English language, the bots started to change the grammar and spelling. They invented their own english-styled language, removing words that were too complex in their opinion. As soon as this happened, the researchers stopped the experiment, stating that they "couldn't follow what the bots were saying".
I wouldn't call myself a neural network expert, but I can understand why the bots could have behaved like that. But: Imagine that we invent an artificial intelligence with greater responsibility and just "forget" the reward for a specific task. If the AI will then try to increase it's own efficiency, I believe that we will be in alot of trouble.
Any thoughts on this are highly appreciated, as I think that this is a topic we should all look into (especially on a platform for developers).
Original article (german): http://gamestar.de/artikel/...3 -
If our company wants to outsource us to other clients then why don't we just resign and directly work there instead!!!!
Seriously we apply here as developers not consultants/analysts/researchers2 -
I wonder a time will come when we as software developers will be on streets protesting to the government to ban use of Artificial Intelligence for writing software.
We are digging our own grave.
Full Story - https://thenextweb.com/artificial-i... -
Follow-up on https://devrant.com/rants/5001553/...
How the fuck are Jupyter notebooks so popular in research? Like some dude had an idea to take perfectly good markdown and python code, add a whole lot of transitional properties to make version control impossible, encode it as JSON on the assumption that a human could somehow look at it and make sense of countless escaped characters and base64 encoded data, create dedicated software people need to install in order to read what used to be simple plain text, and think "This. This is what 99% of data researchers will use from now on." And somehow, overwhelming majority of researchers agreed that this extremely inefficient data format is the best there is and they should develop all their tools around it.11 -
https://news.mit.edu/2022/...
"Based on the patterns of brain activity that were observed, the group could tell whether someone was evaluating a piece of code involving a loop or a branch. The researchers could also tell whether the code related to words or mathematical symbols, and whether someone was reading actual code or merely a written description of that code."1 -
Is anyone here using Mastodon or anything else from the Fediverse network?
I really want to change from using twitter to mastodon but I can't find all the security researchers and devs and generally cool people on mastodon.
Who are you guys and gals following? Are you using it exclusively or in addition to twitter?2 -
Learning to tech to speed up learning.
Using a new cooperative learning technique, AI Lab researchers cut by half the time it took a pair of robot agents to learn to maneuver to opposite sides of a virtual room.
A combination of deep learning and reinforcement learning algorithms are responsible for computers achieving dominance at challenging board games like chess and Go, a growing number of video games, including Ms. Pac-Man, and some card games, including poker. But for all the progress, computers still get stuck the closer a game resembles real life, with hidden information, multiple players, continuous play, and a mix of short and long-term rewards that make computing the optimal move hopelessly complex.
Image: Dong-ki Kim1 -
I feel so lost all the time Everytime I think about the future. How are you all going forward?
- What should i be doing ? I used to like computer science when it was taught with lots of simplification and abstraction (in the school level). Now i know there are a 100+ research areas/work areas/branches in it, and i am an average in all of them.
I like most of them more or less, and won't mind giving away my years of life working/learning them. But for what and why?
-- Money? Every profile turns into a decent salary after a certain time. This means i can ride any boat i want.
-- Passion/interest? Now what exactly is this?as i said everything feels doable, given enough time to get a hang of it.
-- Fame? Its rare the developes, testers or other individuals in computer science ever gets a solo credit. Most of the time its either the ceos, the researchers or the company itself. So i guess getting a fame is equal to burning your neighbors by flaunting your cash for most ppl
-- Happy life? Meh, this point is affected by a lot of other factors. Would come back to this point later
- everyday in my feed, there are people showing 6, 7 sometimes even 8 figure salaries. Other people would get inspired with those, but i feel very weird about these.
I never see myself earning those, idk why. Why would someone give me those huge amounts?
How do you find yourself deserving for ythat big ass money? At what point you hit that realisation? Here is a small story :
I did an Android dev course around 2.5 years ago. There was a guy there an year older than me. He was very bad in this, i tell you. Most of the time, i was explaining the concepts to him after class.so last year he graduated, and took a job, We both used to expect a decent salary amount, say x (with me having a little ego that i expect certainly more than him, say x+20% ), but he took a job for half that number , say x/2.
After 1 increment and 1 job shift in 1.5 years, he has now successfully achieved package greater than x. I on the other hand, being still at college and with a lot of bad internship experiences now feel that i won't be getting even x/3 at my start no matter what.
- There is also this thing about people going into more of a management and other non tech roles once they start growing in this field. Why? What did they realized? I am sure not everyone of them would have hit this realization that tech is not what they want to do (which i can't understand why). Maybe its the money and/or happy life expectations?
i have started to feel dumb for not being able to think innovative new ideas and being an average mind :/
And about the happy life, so far its not much happiness for me, and am confused.
I am grateful about the usual things i have (healthy middle class parents, working body, roof , food,etc) , unhappy about the things i don't and see with others (more money, materialistic assets, confidence, siblings, social life, love life, etc) and that's it.
From what i understood of 21 years on this earth is that everyone is running to achieve that list of their desires and wants to move them from todo to done, like trello task. If you can't then keep fighting to achieve or grudgingly accept the fact that you couldn't and be happy about it.
So is that it? That's your happy life goals?2 -
The hype of Artificial Intelligence and Neutral Net gets me sick by the day.
We all know that the potential power of AI’s give stock prices a bump and bolster investor confidence. But too many companies are reluctant to address its very real limits. It has evidently become a taboo to discuss AI’s shortcomings and the limitations of machine learning, neural nets, and deep learning. However, if we want to strategically deploy these technologies in enterprises, we really need to talk about its weaknesses.
AI lacks common sense. AI may be able to recognize that within a photo, there’s a man on a horse. But it probably won’t appreciate that the figures are actually a bronze sculpture of a man on a horse, not an actual man on an actual horse.
Let's consider the lesson offered by Margaret Mitchell, a research scientist at Google. Mitchell helps develop computers that can communicate about what they see and understand. As she feeds images and data to AIs, she asks them questions about what they “see.” In one case, Mitchell fed an AI lots of input about fun things and activities. When Mitchell showed the AI an image of a koala bear, it said, “Cute creature!” But when she showed the AI a picture of a house violently burning down, the AI exclaimed, “That’s awesome!”
The AI selected this response due to the orange and red colors it scanned in the photo; these fiery tones were frequently associated with positive responses in the AI’s input data set. It’s stories like these that demonstrate AI’s inevitable gaps, blind spots, and complete lack of common sense.
AI is data-hungry and brittle. Neural nets require far too much data to match human intellects. In most cases, they require thousands or millions of examples to learn from. Worse still, each time you need to recognize a new type of item, you have to start from scratch.
Algorithmic problem-solving is also severely hampered by the quality of data it’s fed. If an AI hasn’t been explicitly told how to answer a question, it can’t reason it out. It cannot respond to an unexpected change if it hasn’t been programmed to anticipate it.
Today’s business world is filled with disruptions and events—from physical to economic to political—and these disruptions require interpretation and flexibility. Algorithms alone cannot handle that.
"AI lacks intuition". Humans use intuition to navigate the physical world. When you pivot and swing to hit a tennis ball or step off a sidewalk to cross the street, you do so without a thought—things that would require a robot so much processing power that it’s almost inconceivable that we would engineer them.
Algorithms get trapped in local optima. When assigned a task, a computer program may find solutions that are close by in the search process—known as the local optimum—but fail to find the best of all possible solutions. Finding the best global solution would require understanding context and changing context, or thinking creatively about the problem and potential solutions. Humans can do that. They can connect seemingly disparate concepts and come up with out-of-the-box thinking that solves problems in novel ways. AI cannot.
"AI can’t explain itself". AI may come up with the right answers, but even researchers who train AI systems often do not understand how an algorithm reached a specific conclusion. This is very problematic when AI is used in the context of medical diagnoses, for example, or in any environment where decisions have non-trivial consequences. What the algorithm has “learned” remains a mystery to everyone. Even if the AI is right, people will not trust its analytical output.
Artificial Intelligence offers tremendous opportunities and capabilities but it can’t see the world as we humans do. All we need do is work on its weaknesses and have them sorted out rather than have it overly hyped with make-believes and ignore its limitations in plain sight.
Ref: https://thriveglobal.com/stories/...6 -
Theres a method for speeding up diffusion generation (things like stablediffusion) by several orders of magnitude. It's related to particle physics simulations.
I'm just waiting for the researchers to figure it out for themselves.
it's like watching kids break toys.6 -
Next time you think you’re failing at a new open source venture, remember the stories of your UNIX ancestors (eunuchs ancestors?) ;)
Unix at 50: How the OS that powered smartphones started from failure
Today, Unix powers iOS and Android—its legend begins with a gator and a trio of researchers.
https://arstechnica.com/gadgets/...2 -
An open science. Or is there already one? I want to make it mainstream. I want collaboration for scientists, researchers and engineers. The right mix of stackoverflow and collaborizm.
-
"...researchers have delved into "the dark side" of inviting rubber ducks and other flexible plastic toys into our tubs. "
https://medicalxpress.com/news/...
Be careful playing around with you devDucks xD1 -
"Senior men have no monopoly on great ideas. Nor do creative people. Some of the best ideas come from account executives, researchers and others. Encourage this, you need all the ideas you can get." - David Ogilvy1
-
Google researchers have exposed details of multiple security flaws in Safari web browser that allowed user's browsing behavior to be tracked.
According to a report : The flaws which were found in an anti-tracking feature known as Intelligent Tracking Prevention, were first disclosed by Google to Apple in August last year. In a published paper, researchers in Google's cloud team have identified five different types of attacks that could have resulted from the vulnerabilities, allowing third parties to obtain "sensitive private information about the user's browsing habits."
Apple rolled out Intelligent Tracking Prevention in 2017, with the specific aim of protecting Safari browser users from being tracked around the web by advertisers and other third-party cookies.2 -
Things I say to my clients when I know that a reboot is required to fix their issue but I don't have enough evidence to prove it to them :
"... On any computing platform, we noted that the only solution to infinite loops (and similar behaviors) under cooperative preemption is to reboot the machine. While you may scoff at this hack, researchers have shown that reboot (or in general, starting over some piece of software) can be a hugely useful tool in building robust systems.
Specifically, reboot is useful because it moves software back to a known and likely more tested state. Reboots also reclaim stale or leaked resources (e.g., memory) which may otherwise be hard to handle. Finally, reboots are easy to automate. For all of these reasons, it is not uncommon in large-scale cluster Internet services for system management software to periodically reboot sets of machines in order to reset them and thus obtain the advantages listed above.
Thus, when you indeed perform a reboot, you are not just enacting some ugly hack. Rather, you are using a time-tested approach to improving the behavior of a computer system."
😎1 -
Hello everyone!
Together with colleagues from Eindhoven University of Technology, Sandia National Laboratories, and Microsoft we want to better understand experiences of LGBTIQ+ software managers and engineers related to mentoring.
During the study we want to ask you a few questions on what mentorship means to you, and whether you have any experiences to share as a mentor, mentee, or both. Through this research, we seek to identify effective mentorship practices and to develop methods to help policy-makers and team leads promote a more inclusive workplace culture.
Participants must be 18+. Your participation in this study is voluntary and confidential. Only the researchers involved in this study will see your responses. If you are interested in participating, you can click the link below to schedule a time slot for an interview; when you book an interview with us, we'll contact you to set up a video conferencing solution.
Book a slot for an interview https://mentorshipstudy.youcanbook.me/...2 -
Rarely do I find well-organized code written by researchers. Well, it runs, so reproduction is possible, but when it comes to actually change something in the code, it's as messy as it can get.
And THEN, I look into the paper so that, hopefully, I can make sense of what is going on. Turns out, the documentation on the paper is also poor.
F*<k. My. Life. -
We don't talk enough about type 2 error! So many papers everywhere are just pure trash because they don't account for it, and people are so fucking oblivious about it, they don't even catch the obvious ones. Even researchers and publications which are supposed to properly review their articles simply fail to ask the obvious "Did you measure the segment which doesn't fit either of your variables?"8
-
Some time ago, I gave a tutorial and wrote page with some brief instructions for configuring and start using git for a team of researchers. A few day later I came back to check how they were doing and I found that following my instructions, several people were committing as:
John Doe <john.doe@example.com>
Perfect! I don't think that there is anything else I can do to help them. -
With the current economy in its rocky state, it is no surprise that firing levels have reached new highs in the world. According to a recent study conducted in the UK, former managers and workers who lost their lifelong jobs were able to get past their problems simply by keeping a positive attitude in mind. The theory of “mind over matter” is more applicable here than it is in many other situations as workers strive to get back a life they once had. If you have recently lost your job, you may want to focus on getting your spirits up, for instance, you can ask for help with resume writing services such as this one https://resumebros.com/, rather than spiraling into depression. By separating yourself from your former life, you may be able to see better success.
This study was published in “Organization Studies,” a journal that circulates in the UK. Researchers found that people who were able to see their job loss as a new start in life were much more capable of moving on and seeing success again. These patients viewed the change as a way to become self-employed or an excuse to volunteer and better their lives. Taking on a positive step led them to a reduced amount of trauma when compared to those that dwelled on the job loss.
The study consisted of men and women between the ages of 49 and 62 who were once senior workers in their industries with highly successful careers before them. I realize that most of the people reading this will be younger than that, but the theories from the study can resonate in any age group. The men and women in the study all suffered devastation after being laid off, and they coped with that devastation in different ways. Those that were able to separate themselves from their old jobs found it much easier to separate themselves from the pain of the loss.
All of these participants were enrolled in a program for older managers that recently encountered unemployment. The program was government funded and designed to allow out of work individuals to pick up with their lives and start again. The participants that were least successful with the program were the ones that saw their job loss as the end of their working time altogether, as if it was going to be the sole destruction of their lives. They did not handle emergency management well. Their negative attitudes forced them to cope worse than the positive attitudes of other participants.
As a whole, the study aimed to show that coaching, over the course of time, can help unemployed men and women find ways to get past their financial stumbles and get back into the work force again. Those who are willing to embrace the coaching can find themselves back into a state of financial success much faster than those who wallow in their situation. As long as these individuals can see themselves as capable, driven, and intelligent people who happen to be unemployed, they are usually able to make it back to where they need to be in life.
You can apply all of this to your own life and your path toward the future. If you lose a job that you assumed would help you after graduation, move on to something else. You may end up in a better place in the end. I recently lost a huge client of mine that paid me roughly $4,000 a month. I was devastated and a little panic stricken after the loss, but that allowed me to apply for new work with new clients. I now make twice the money from about half the work, all because I wasn’t reaching out to all my opportunities in the past. You may experience the same revelation if you keep a positive attitude. -
I have a platform idea, I need feedback
Problem statement: it’s hard to find researchers of specific area, which discourages students to even start looking for research opportunities. The reason for that is because people often look into their own academic circle, and the resource available is simply not enough.
Solution: by scraping Google scholar, generate detailed tag of sub areas for each professors, make a search system for that which will display the most important works of a researcher and what they are working on recently. If possible, invite the researchers to use the platform to add tags of traits they are looking for in students.
I have quite polarized feedback right now, one is the subarea tagging is really useful and academic circle is a problem, other is this is completely useless.
Please let me know what you think.4 -
REMINDER TL;DR: academic survey over devRant, 10-15 minutes https://forms.gle/do2KK8cGfv5w6cjY9
We are a group of researchers from Canada, Italy, and the Netherlands, studying communication between software developers. We would like to understand the role devRant plays in developers' professional life and the perceived advantages and disadvantages of the platform.
To this end we created an overview of the topics discussed. The purpose of this survey is to get your opinion on the overview. The results of the survey will be reported in a research manuscript, which will be submitted for a peer-reviewed publication.
The survey will take 10-15 minutes. The collection and analysis of the data are governed by a strict privacy policy in both North America and Europe. As such, your responses will be anonymized and any personally identifying information will be removed. While the survey has been approved by @dfox individual answers will not be shared with him or any other party not directly involved in the research.
Survey: https://forms.gle/do2KK8cGfv5w6cjY9
We thank you for your participation.
Foutse Khomh, Nicole Novielli, Moses Openja, Alexander Serebrenik, Gias Uddin3 -
I was talking to some post doc researchers today about a complex logic problem and a fresher interrupted and said, I think you can do that with objects... (The logic problem didn't depend on how the solution is modelled)
-
Two security researchers have published details about a vulnerability in the Windows Printing Service which impacts all Windows versions.
According to a Report of ZDNet : The vulnerability codenamed 'PrintDemon' which is located in Windows Print Spooler (Windows component responsible for managing print operations). The service sends data to be printed to a USB port for physically connected printers. In a report published, security researchers Alex Ionescu & Yarden Shafir said they found a bug in this old component that can be abused to hijack the Printer Spooler internal mechanism. The bug can not be used to break into a Windows client remotely over the internet, so it's not something that could be exploited to hack Windows systems over the internet.4 -
Friend showed me some video about some researchers being able to extract fingerprints of people from their pictures (like when you pose with the peace sign). Thinking about it, it's quite possible with the clarity of today's ordinary phone cameras and image enhancement. Thoughts about this?2
-
https://researchgate.net/figure/...
I think this model discounts the idea of "representations regressing to the world as ground truth" or the "world as its own best model" in research related to embodied intelligence. I just think researchers tend to overlook state-free approaches because everything is DNN now.
I can't pretend to understand everything they're talking about, and AI winter may be coming eventually, but its still well worth the read simply because of the approach they take merging neurobiology with ideas from computational intelligence.1 -
Can anyone suggest me a github link for GAN in deep learning for generation of new images which is mostly used by the researchers
-
Turning to Devrant to search for researchers because THEY ARE NOWVERE TO BE FOUND!
Like i think research is cool, researchers create the stuff that developers will use later, but unlike them, there isn't any community or even indian tutorials.
As a new research student myself i'm both delighted and terrified.2 -
Devs and security researchers out there!!
I had a doubt regarding subdomain takeover vulnerability.
How to find where a site is hosted on heroku or AWS or heroku or more?
I was trying to write a script for it.
Any expertise will be welcomed.2 -
Reminder: the academic survey over devRant is still open, 5-7 minutes https://forms.gle/do2KK8cGfv5w6cjY9
We are a group of researchers from Canada, Italy, and the Netherlands, studying communication between software developers. We would like to understand the role devRant plays in developers' professional life and the perceived advantages and disadvantages of the platform. There are no commercial parties involved and results of the study will be shared on devRant. -
Technology Acceptance Model "has diverted researchers" attention away from other important research issues and has created an illusion of progress in knowledge accumulation