Bogdan Deac

PEAKS Newsletter No. 4

Bogdan Deac -

Hey there!

It's been a while since I last wrote here. I've been through a busy period with many ups and downs, but things are starting to settle down. Now, I'm back with a new issue that covers the most important security events, awesome tools, technological advancements, and more. Let's dive in!

šŸ›”ļøĀ Security & Privacy

  • DigitalOcean launches the paid bug bounty program. They will pay up to $8,000 for critical issues and spent $63,787 in bounty rewards over the last 12 month. MoreĀ here.
  • Proton Drive added new sharing features including automatic photo and video backup for iOS. I will definitely try that. MoreĀ here.
  • Apple Intelligence was announced at WDDC 2024. As with any AI model it has to be trained. However, Apple ensures that it does not use customersā€™ private data for this purpose. This is also true for ChatGPT usage from Siri. In contrast, OpenAI uses your ChatGPT session to train its models. MoreĀ here.
  • IncogniĀ is a service that removes your personal information automatically by contacting data brokers and request data removal on your behalf. MoreĀ here.
  • CVE-2024-1086 is a new Linux kernel vulnerability in netfiler, which allows privilege escalation. It is explained with detailsĀ here. Moreover, Crowdstrike detected the attempts to leverage this vulnerability in the wild. DetailsĀ here.
  • UseĀ Secure Code GameĀ from GitHub to learn to find and fix security issues.
  • ThisĀ is a detailed article about possible C++ safety features that developers can rely on without compromising efficiency, ultimately enhancing code robustness and developer productivity.
  • The undersea cables, which carry almost all the international data traffic, need high-priority protection. MoreĀ hereandĀ here.
  • Microsoft delays the availability of Recall feature for their Copilot Plus PCs due to privacy and security concerns. MoreĀ hereĀ andĀ here.
  • Internet Archive was under DDoS attack. MoreĀ here.
  • A subset of Boost C++ libraries were audited. Five low to medium security issues were reported. MoreĀ here.
  • HereĀ is an explanation of a new bug in Chrome's JavaScript engine that enables remote code execution (RCE).
  • ThisĀ post provides technical details about a use-after-free vulnerability in the Android Binder device driver that can be exploited to gain root privileges.

šŸ› ļøĀ Tools

  • ScrapeGraphAIĀ is a web scrapping tool that uses LLM that helps you to extract meaningful information from web. It can use LLM APIs or local models through Ollama. Iā€™m wondering how this tool enhances the information gathering process.
  • CybersectoolsĀ is a huge collection of utilities and resources that will help you to enhance your security practices.
  • UizardĀ &Ā Visily: AI-based tools that allows you to create UI in minutes.
  • VMware Fusion Pro 13 is free now for personal use. DetailsĀ here.
  • MakeĀ is a no-code workflow automation tool that allow you to create new processes inside your organization. I think this may be useful for personal use too. I will give it a try. They have free version as well.
  • Plaud, AI powered voice recorder. This is a physical product that records, transcribes and summarises your conversations by using ChatGPT. It comes in credit card form factor and itā€™s promoted as an AI business companion that will boost your productivity and creativity. Itā€™s eye catching, definitely and pretty useful in certain contexts. However, in the last period there was a bunch of AI products that donā€™t performed well. Moreover, recently I found this video that debates if AI is a feature or a product. So, Iā€™m wondering if Plaud will compete with new AI features introduced in iOS 18.
  • NocoBaseĀ is an open-source, no-code platform, oriented on scalability. I didnā€™t use no-code tools until now, but I would like to try. They should be handy at least for prototyping.
  • amberĀ - a programming languages that is compiled to Bash. And is type-safe and runtime-safe. Wow. Itā€™s on my list.
  • ptcpdumpĀ - a tcpdump implementation using eBPF. This is awesome because you have access to a lot of contextual information for every single packet, by leveraging eBPF. And they used this to add process info for each packet. From my working experience, this is not easy.
  • ThresholdĀ is an online content filtering tool powered by AI, designed to display only the content that meets your quality standards. Cool!

šŸ¤–Ā Tech

  • The scientist from European Space Agency explored the idea to create LEGO bricks from meteorite dust. And yes, they managed to 3D-print some pieces which click and snap together. This approach may help them in the future to build structures on the Moon by using lunar materials. More detailsĀ here.
  • Ilya Sutskever starts a new AI company, Safe Superintelligence Inc. (SSI), which is aims to build a safe and powerful AI system. MoreĀ here.
  • Anthropic released an article detailing how millions of concepts are represented within Claude Sonnet, the companyā€™s large language model. MoreĀ here.
  • If you are curious how to use cryptographic signatures for products distributed as zip files readĀ thisĀ article from Red Hat.
  • Flow Computing is a start-up focused on enhancing CPU performance by introducing a back-end processing unit that offloads tasks from the standard front-end CPU. MoreĀ here.
  • The EU has introduced new legislation aimed at regulating AI. MoreĀ here.
  • Some thoughtsĀ about GitHub Copilot and productivity.
  • For eBPF enthusiasts,Ā hereĀ is a site that provides a lot of technical documentation.
  • The partnership between OpenAI and Stack Overflow prompted protests from some members, resulting in account suspensions. MoreĀ here.
  • RISC-V performance benchmarks on Ubuntu 22.04Ā here.
  • A new format to store the data in order to be read and modified by humans, software and NN. More detailsĀ here.
  • The key to success in SRE: keep it simple. MoreĀ here.

šŸ†Ā Misc

  • Every technical person needs creativity to discover the best solutions for everyday problems.Ā Hereā€™sĀ a useful resource to boost your creativity.
  • Victorinox will launch a new range of pocket tools without blades. MoreĀ here.
  • Avi Wigderson, a pioneer in complexity theory, won the Turing Award for his contributions to theoretical computer science. His work has significantly advanced understanding in areas such as randomness, cryptography, and computational complexity, influencing both theory and practical applications in computer science.

šŸ“© Please feel free to share this article with colleagues and friends who will find it valuable.

Thanks for reading!

Have a great day!
Bogdan