PEAKS Newsletter No. 4

Hey there!

It's been a while since I last wrote here. I've been through a busy period with many ups and downs, but things are starting to settle down. Now, I'm back with a new issue that covers the most important security events, awesome tools, technological advancements, and more. Let's dive in!

🛡️ Security & Privacy

  • DigitalOcean launches the paid bug bounty program. They will pay up to $8,000 for critical issues and spent $63,787 in bounty rewards over the last 12 month. More here.
  • Proton Drive added new sharing features including automatic photo and video backup for iOS. I will definitely try that. More here.
  • Apple Intelligence was announced at WDDC 2024. As with any AI model it has to be trained. However, Apple ensures that it does not use customers’ private data for this purpose. This is also true for ChatGPT usage from Siri. In contrast, OpenAI uses your ChatGPT session to train its models. More here.
  • Incogni is a service that removes your personal information automatically by contacting data brokers and request data removal on your behalf. More here.
  • CVE-2024-1086 is a new Linux kernel vulnerability in netfiler, which allows privilege escalation. It is explained with details here. Moreover, Crowdstrike detected the attempts to leverage this vulnerability in the wild. Details here.
  • Use Secure Code Game from GitHub to learn to find and fix security issues.
  • This is a detailed article about possible C++ safety features that developers can rely on without compromising efficiency, ultimately enhancing code robustness and developer productivity.
  • The undersea cables, which carry almost all the international data traffic, need high-priority protection. More hereand here.
  • Microsoft delays the availability of Recall feature for their Copilot Plus PCs due to privacy and security concerns. More here and here.
  • Internet Archive was under DDoS attack. More here.
  • A subset of Boost C++ libraries were audited. Five low to medium security issues were reported. More here.
  • Here is an explanation of a new bug in Chrome's JavaScript engine that enables remote code execution (RCE).
  • This post provides technical details about a use-after-free vulnerability in the Android Binder device driver that can be exploited to gain root privileges.

🛠️ Tools

  • ScrapeGraphAI is a web scrapping tool that uses LLM that helps you to extract meaningful information from web. It can use LLM APIs or local models through Ollama. I’m wondering how this tool enhances the information gathering process.
  • Cybersectools is a huge collection of utilities and resources that will help you to enhance your security practices.
  • Uizard & Visily: AI-based tools that allows you to create UI in minutes.
  • VMware Fusion Pro 13 is free now for personal use. Details here.
  • Make is a no-code workflow automation tool that allow you to create new processes inside your organization. I think this may be useful for personal use too. I will give it a try. They have free version as well.
  • Plaud, AI powered voice recorder. This is a physical product that records, transcribes and summarises your conversations by using ChatGPT. It comes in credit card form factor and it’s promoted as an AI business companion that will boost your productivity and creativity. It’s eye catching, definitely and pretty useful in certain contexts. However, in the last period there was a bunch of AI products that don’t performed well. Moreover, recently I found this video that debates if AI is a feature or a product. So, I’m wondering if Plaud will compete with new AI features introduced in iOS 18.
  • NocoBase is an open-source, no-code platform, oriented on scalability. I didn’t use no-code tools until now, but I would like to try. They should be handy at least for prototyping.
  • amber - a programming languages that is compiled to Bash. And is type-safe and runtime-safe. Wow. It’s on my list.
  • ptcpdump - a tcpdump implementation using eBPF. This is awesome because you have access to a lot of contextual information for every single packet, by leveraging eBPF. And they used this to add process info for each packet. From my working experience, this is not easy.
  • Threshold is an online content filtering tool powered by AI, designed to display only the content that meets your quality standards. Cool!

🤖 Tech

  • The scientist from European Space Agency explored the idea to create LEGO bricks from meteorite dust. And yes, they managed to 3D-print some pieces which click and snap together. This approach may help them in the future to build structures on the Moon by using lunar materials. More details here.
  • Ilya Sutskever starts a new AI company, Safe Superintelligence Inc. (SSI), which is aims to build a safe and powerful AI system. More here.
  • Anthropic released an article detailing how millions of concepts are represented within Claude Sonnet, the company’s large language model. More here.
  • If you are curious how to use cryptographic signatures for products distributed as zip files read this article from Red Hat.
  • Flow Computing is a start-up focused on enhancing CPU performance by introducing a back-end processing unit that offloads tasks from the standard front-end CPU. More here.
  • The EU has introduced new legislation aimed at regulating AI. More here.
  • Some thoughts about GitHub Copilot and productivity.
  • For eBPF enthusiasts, here is a site that provides a lot of technical documentation.
  • The partnership between OpenAI and Stack Overflow prompted protests from some members, resulting in account suspensions. More here.
  • RISC-V performance benchmarks on Ubuntu 22.04 here.
  • A new format to store the data in order to be read and modified by humans, software and NN. More details here.
  • The key to success in SRE: keep it simple. More here.

🏆 Misc

  • Every technical person needs creativity to discover the best solutions for everyday problems. Here’s a useful resource to boost your creativity.
  • Victorinox will launch a new range of pocket tools without blades. More here.
  • Avi Wigderson, a pioneer in complexity theory, won the Turing Award for his contributions to theoretical computer science. His work has significantly advanced understanding in areas such as randomness, cryptography, and computational complexity, influencing both theory and practical applications in computer science.

📩 Please feel free to share this article with colleagues and friends who will find it valuable.

Thanks for reading!

Have a great day!
Bogdan