HackYourNews – AI summaries of the top HN stories (Mobile) |
1. NSO group iPhone zero-click, zero-day exploit captured in the wild (citizenlab.ca) |
695 points by ericzawo | 2023-09-07 20:21:01 | 420 comments Dehyped title: Apple Releases Update to Address Zero-Click Vulnerability Exploited by NSO Group’s Pegasus Spyware Summary: Apple issues update to fix zero-click vulnerability exploited by NSO Group’s Pegasus spyware. The exploit chain, known as BLASTPASS, targeted iPhones running the latest iOS version without user interaction. Citizen Lab discovered and disclosed the vulnerability to Apple, who issued two CVEs related to the exploit. Users are urged to update their devices immediately and consider enabling Lockdown Mode for added protection. The incident highlights the ongoing targeting of civil society organizations by sophisticated cyber threats. Apple’s response and collaboration with Citizen Lab are commended. Comments: The discussion revolves around the use of Lockdown Mode on iOS devices and its implications for security. Some users argue that Lockdown Mode should be used by everyone as it disables unnecessary features and potentially saves battery power. Others point out that it can make iOS slightly more inconvenient and reduce JavaScript performance in Safari. The conversation also touches on the security issues related to iMessage, with users expressing concerns about its confusing behavior and the fact that iMessage keys are backed up in iCloud, potentially compromising end-to-end encryption. Overall, the discussion highlights the trade-offs between convenience and security in using different modes on iOS devices. |
2. North Korean campaign targeting security researchers (blog.google) |
435 points by todsacerdoti | 2023-09-07 15:53:23 | 207 comments Dehyped title: North Korean Threat Actors Target Security Researchers in New Campaign Summary: Google’s Threat Analysis Group (TAG) has identified a new campaign by North Korean threat actors targeting security researchers. The actors use social media platforms to build relationships with their targets and then send malicious files containing 0-day exploits. TAG has discovered at least one actively exploited 0-day in the past few weeks. In addition, the threat actors have developed a Windows tool that can download and execute arbitrary code. TAG advises those who have downloaded or run this tool to take precautions. The vulnerability has been reported to the affected vendor and is being patched. Comments: GitHub repository containing a tool called ‘getsymbol’ has been found to have a backdoor that can download and execute arbitrary code from an attacker-controlled domain. The code itself appears relatively clean, but the binary releases and autoupdate binaries are suspected to be compromised. Several forks of the repository have been found, but they have also been disabled. GitHub has been notified and action has been taken to address the issue. This incident serves as a reminder that code hosted on GitHub may not always be trustworthy, and caution should be exercised when using software from unknown sources. |
3. Why isn’t chess popular in Japan? (lichess.org) |
24 points by cushpush | 2023-09-08 02:16:48 | 10 comments Dehyped title: Why Chess Isn’t Popular in Japan: The Dominance of Shōgi and Go Summary: Chess is not as popular in Japan compared to Shōgi (Japanese chess) and Go. Shōgi has been a part of Japanese culture for centuries and has a large base of enthusiasts. Go, on the other hand, is believed to have been invented over 2,500 years ago in China and has a higher game complexity. The lack of financial support for chess in Japan and the familiarity of Shōgi to the people through media are some reasons why chess hasn’t become popular. However, the Japan Chess Federation has been actively promoting chess in the country, leading to an increase in participation and growth of the game. While Japan doesn’t have any grandmasters yet, there are high hopes for the future of chess in the country. Comments: Chess is not popular in Japan because they have their own traditional games like Shogi, Go, and riichi mahjong that are preferred. Some argue that Shogi is superior to Chess because it is a longer game and pieces can change sides. Others believe that Go is the best game overall. Tic Tac Toe is mentioned as a comparison. The comments also provide links to websites where players can learn and play Shogi and other variants. Overall, the discussion revolves around the popularity and merits of different board games in Japan. |
4. A BERT for laptops, from scratch (github.com) |
113 points by samvher | 2023-09-07 20:30:27 | 23 comments Dehyped title: Code Repository for ‘bert-for-laptops’ Project Summary: The content is a code repository for a project called ‘bert-for-laptops’. The latest commit was made by a user named ‘samvher’. The file being worked on is ‘BERT_for_laptops.ipynb’. The file contains 2163 lines of code and is 157 KB in size. The content seems to be related to using BERT (Bidirectional Encoder Representations from Transformers) for laptops, although the details of the project are not provided in the given information. Comments: The author built and trained a BERT model on their gaming laptop, achieving 94% of BERT-base’s performance in 17 hours. The notebook covers the process of implementing and training a tokenizer, pretraining, and finetuning. One notable feature of this BERT model is the use of relative position embeddings. BERT is an encoder-only natural language model used to generate embeddings for input text, which can be used for predictive models like sentiment prediction. The discussion also touches on the differences between BERT and GPT, with BERT being bidirectional and able to consider tokens before and after, while GPT is decoder-only. The author shares their source code and offers assistance for running it on different systems. |
5. John McCarthy’s collection of numerical facts for use in elisp programs (www-formal.stanford.edu) |
170 points by chrchr | 2023-09-07 15:52:09 | 48 comments Dehyped title: Numerical Facts, Units Conversions, and Astronomical Data for Moving Mars Summary: This file contains a collection of numerical facts and units conversions, as well as astronomical data related to moving Mars to a different location. The file can be loaded into Emacs and used within the editor. It provides various units of measurement and constants, such as the gravitational constant, Avogadro number, and Planck’s constant. It also includes data on the masses, radii, densities, and orbital parameters of celestial bodies like Mercury, Venus, Earth, Mars, Jupiter, and the Moon. The file concludes with escape velocities and velocities of these celestial bodies. Comments: John McCarthy’s collection of numerical facts for use in elisp programs, including units conversions and astronomical facts, sparks a discussion on moving Mars and space mega-engineering. The conversation touches on topics such as disrupting a solar system with a small asteroid, the correlation between AI researchers and interest in space elevators, and the possibility of cooling Venus and terraforming it. The comments also mention McCarthy’s role as a pioneer in AI and the differences between symbolic and connectionist AI. Overall, the discourse explores various ideas related to space exploration and the future of AI. |
6. What’s new in Emacs 29.1 (www.masteringemacs.org) |
94 points by User23 | 2023-09-07 23:46:12 | 41 comments Dehyped title: What’s New in Emacs 29.1: Improved Code Parsing, Language Server Client, and More Summary: Emacs 29.1 introduces several new features and improvements, including official tree-sitter support for better code parsing and editing, the inclusion of EGlot as a language server client, the integration of use-package for easier configuration management, enhancements to long line support, native SQLite support for improved performance, the ability to change the init directory for multiple Emacs versions, and the addition of pixel-scroll-precision-mode for smoother scrolling. The release also includes changes to installation, such as ahead-of-time native compilation and built-in support for tree-sitter and SQLite. The article provides detailed explanations and instructions for each new feature. Comments: Emacs 29.1 introduces new features and improvements, including a starter kit called ‘Emacs bedrock’ that leverages built-in features. Users discuss their experiences with Emacs on different operating systems, with some noting that the Windows port is slower and the ecosystem is Unix-first. Others recommend using WSL for better performance. The discussion also touches on the use of evil mode to bring Vim bindings into Emacs, the performance of magit, and the benefits of using built-in features instead of external packages. Overall, users appreciate the updates and improvements in Emacs 29.1. |
7. Mullvad on Tailscale: Privately browse the web (tailscale.com) |
466 points by xd1936 | 2023-09-07 15:09:19 | 265 comments Dehyped title: Tailscale Partners with Mullvad to Offer Secure and Private Web Browsing Summary: Tailscale has partnered with Mullvad to offer its VPN servers to customers, allowing them to browse the web securely and privately. Mullvad is known for its commitment to user privacy and anonymity, and Tailscale helps users connect to services and people securely from anywhere. The partnership allows Tailscale users to access Mullvad’s global network of servers, bringing them into their personal private internet. Tailscale acts as a coordination layer between devices and Mullvad’s network edge, ensuring privacy and encryption. Users can now use Mullvad exit nodes to browse the web privately, protect themselves on public Wi-Fi, and connect to the internet from different locations. The partnership provides a combination of Tailscale’s privacy guarantees and Mullvad’s VPN infrastructure. Comments: The discussion on Hacker News revolves around the topic of VPNs and proxies, specifically focusing on the differences between them. One user highlights the historical evolution of VPNs and how they have transformed from being used for secure internet traffic to accessing corporate networks. Another user shares their experience with web proxies and the security risks associated with them. The conversation also touches upon the use of self-signed TLS certificates and the potential risks involved. Overall, the discussion provides insights into the various aspects of VPNs and proxies, their functionalities, and the potential privacy risks associated with them. |
8. Are any words the same in all languages? (blog.duolingo.com) |
139 points by spansoa | 2023-09-07 14:58:59 | 271 comments Dehyped title: The Shared Words in Almost Every Language: Coffee and Chocolate Summary: There are a few words that are shared across many languages, including words for tea, pineapple, and orange. However, the two words that are the same in almost every language are ‘coffee’ and ‘chocolate’. These words have spread across the globe and have been adopted by different languages with slight variations in pronunciation and spelling. The word for coffee originated from the Arabic word ‘qahwah’ and has been borrowed into many languages, while the word for chocolate is based on a Nahuatl word that was adopted by Spanish-speaking communities and then spread worldwide. Knowing these two words can make you feel connected to speakers of almost every language. Comments: Are any words the same in all languages? This discussion explores the similarities and differences in words for ‘mother’ and ‘father’ across various languages. While loan words like ‘robot’ and ‘computer’ are similar in many languages, the focus is on more ‘native’ words like ‘mama’ and ‘papa’. The conversation also touches on the evolution of languages and the concept of a common proto-language. Some interesting deviations from the pattern are noted, such as the Turkish word for ‘mother’ being ‘anne’ and the Georgian word for ‘father’ being ‘mama’. Overall, the discussion highlights the fascinating similarities and variations in words across different languages. |
9. Square is down (www.issquareup.com) |
39 points by philip1209 | 2023-09-07 18:39:15 | 30 comments Dehyped title: Degraded Performance and Disruptions in Square Services in the United States Summary: Square Services in the United States are experie |
Show comments (32)