Author: tongwing

Categories
security

“Apple patches 17th zero-day of 2023”

Some people are alarmed when they read headlines like these. They may be wondering why Apple’s devices seem to be plagued by so many “security issues.” In fact, if you compare the number of CVEs (which, in layman’s terms, are security bugs) for Apple iOS versus Android, you will find that Android fares much worse in this aspect.

Google » Android : Vulnerability Statistics
Apple » Iphone Os : Vulnerability Statistics

Android has 429 vulnerabilities reported for 2023 as of today, compared to 38 for Apple iOS – more than 10 times as much.

The reality is that all complex software is prone to bugs, and these bugs may or may not be exploitable. Further complicating the issue is that software is not a monolith; rather, it’s composed of numerous parts that are constantly changing due to upgrades, bug fixes, and other developments.

I’ve often said that maintaining running software is like paying a tax, even if “the specs are frozen” and “nothing is changed.” The fact is, things are constantly changing in the software world. New vulnerabilities are discovered in code or libraries, operating system updates roll out regularly, and the threat landscape evolves continuously.

So, why does it seem like Apple is frequently in the spotlight when it comes to security vulnerabilities? There are several reasons for this perception:

  • Popularity and Visibility: Apple’s products, especially iPhones and Macs, are immensely popular worldwide. With a large user base, any security issue that does arise tends to receive significant media attention.
  • Intensive Scrutiny: Apple’s closed ecosystem and stringent control over its hardware and software mean that security researchers and hackers alike often target the company’s products. The more scrutiny a system undergoes, the more vulnerabilities are likely to be discovered.
  • Responsiveness: Apple takes security seriously and is quick to release patches and updates to address vulnerabilities when they are discovered. While this is a proactive approach, it also means that security issues might come to light more frequently.
  • Zero-Day Vulnerabilities: Some vulnerabilities are so new and unexploited that they are termed “zero-day vulnerabilities.” These are often discovered in various software systems, including Apple’s. However, Apple’s high-profile status means that these vulnerabilities gain significant attention.
  • User Expectations: Users of Apple products often have high expectations when it comes to security. Any perceived lapse or vulnerability can generate headlines and discussions.

In reality, all major operating systems, including iOS, Android, Windows, and macOS, face security challenges. The key is how these companies respond to these challenges and their ability to provide timely security updates to protect their users.

To stay safe in the digital age, it’s crucial to keep your devices and software up to date with the latest security patches. Additionally, practicing good cybersecurity habits, such as using strong, unique passwords, enabling two-factor authentication, and being cautious about the apps you download and the websites you visit, can go a long way in protecting your digital life. As technology continues to advance, so do the efforts of those seeking to exploit it. By staying informed and taking proactive security measures, we can all play a role in mitigating the risks associated with our ever-evolving digital landscape.

Source: Apple patches 17th zero-day of 2023

Categories
cloud

Announcing Amazon Managed Service for Apache Flink Renamed from Amazon Kinesis Data Analytics | AWS News Blog

It seems like AWS is renaming some of their services to refer to the underlying open-source software by name. This makes sense when AWS is just running the underlying software for the customer without too much changes, like Amazon Managed Grafana, Amazon Managed Streaming for Apache Kafka.

https://aws.amazon.com/blogs/aws/announcing-amazon-managed-service-for-apache-flink-renamed-from-amazon-kinesis-data-analytics/

Today we are announcing the rename of Amazon Kinesis Data Analytics to Amazon Managed Service for Apache Flink, a fully managed and serverless service for you to build and run real-time streaming applications using Apache Flink.

Categories
internet

Introducing the 100-Year Plan: Secure Your Online Legacy for a Century – WordPress.com News

Do you want to leave your digital content behind for a long time? Like a really long time? WordPress launched a 100-year plan just for that and it will cost you USD 38,000.

I don’t know how to feel about WordPress’s latest offering. On one hand, it seems like a convenient way to leave your digital content behind for at least 100 years. On the other hand, there are so many problems with the proposition. Will WordPress still be around in 100 years? 50 years? And what form the “web” will take? Will we still have written content? Is going online still going to be a thing? We have no idea and it seems almost silly to imagine things will be the same for such a long time.

An exceptional new plan for those who want to secure their online legacy for a lifetime—and then some.

Source: Introducing the 100-Year Plan: Secure Your Online Legacy for a Century – WordPress.com News

Categories
cloud

“Amazon accounts”

As a long time Amazon and AWS user, I have accumulated more than a few Amazon-related accounts. Recently I also had to work with other colleagues who are not so familiar with the Amazon services and accounts ecosystem. Here is an attempt to make sense of it all:

 AmazonAWSAPNSSOAdhoc
RetailAmazon.com
Amazon Prime		Y
CloudAWS ConsoleY
EducationAWS AcademyY
TrainingAWS Training and CertificationYYY
TrainingSkill BuilderYYY
EventAWS JAMYYY
Mapping of services to accounts

Hopefully it helps someone who’s figuring out which account to login to which service.

Categories
3D

Viewer Feature: Selective Loading | Autodesk Platform Services

Autodesk has recently launched the latest version of APS Viewer, previously known as Autodesk Forge Viewer, introducing an impressive feature called selective loading. This feature addresses one of the major challenges in managing BIM, which is the immense size of the model. In practical construction projects, an Autodesk Revit file can easily reach terabytes in size. Even after converting the model into SVF/SVF2 format, the data volume that needs to be transmitted to the client remains in the range of hundreds of megabytes or gigabytes. With selective loading, users now have the ability to filter and display only the specific parts of the model they wish to see. This filtering occurs on the server side, resulting in a significant reduction in the amount of data transmitted.

Using this feature you can improve the performance of your application since the model loading time will be significantly faster, or you can implement “saved views” feature, allowing your users to load just a subset of their designs based on previously stored filters.​

Source: Viewer Feature: Selective Loading | Autodesk Platform Services

Categories
ai

A Man Sued Avianca Airline. His Lawyer Used ChatGPT. – The New York Times

This is what happens when somebody uses ChatGPT as if it’s a search engine. People are so used to precise and deterministic output from programs that it’s hard for them to imagine one that not only fabricates truths, but also does so convincingly.

The lawyer who created the brief, Steven A. Schwartz of the firm Levidow, Levidow & Oberman, threw himself on the mercy of the court on Thursday, saying in an affidavit that he had used the artificial intelligence program to do his legal research — “a source that has revealed itself to be unreliable.”

Source: A Man Sued Avianca Airline. His Lawyer Used ChatGPT. – The New York Times

Categories
ai

ChatGPT Prompt Engineering for Developers – DeepLearning.AI

For a limited time only, this free course by Isa Fulford and Andrew Ng (Coursera, DeepLearning.ai), called ChatGPT Prompt Engineering for Developers, is available for anyone looking to expand their development skills. The course is an excellent opportunity for developers who want to learn how to use a large language model (LLM) to create powerful applications in a cost-effective and time-efficient way.

Throughout the course, Isa Fulford and Andrew Ng explain the workings of LLMs and provide best practices for prompt engineering. You’ll be able to learn how to use the OpenAI API to build capabilities that can automatically summarize user reviews, classify sentiment, extract topics, translate text, and even write emails. Additionally, you’ll learn how to build a custom chatbot and use two key principles for writing effective prompts.

What I appreciate about this course is the hands-on experience provided in the Jupyter notebook environment. You’ll be able to play with numerous examples and systematically engineer good prompts. This makes it easy to put the concepts learned in the course into practice in your own projects.

So, if you’re looking for an opportunity to upskill and learn how to build innovative applications that were once impossible or highly technical, I highly recommend taking this course. Don’t miss out on the chance to learn from experts and expand your skill set for free.

ChatGPT Prompt Engineering for Developers is beginner-friendly. Only a basic understanding of Python is needed. But it is also suitable for advanced machine learning engineers wanting to approach the cutting-edge of prompt engineering and use LLMs.

Source: ChatGPT Prompt Engineering for Developers – DeepLearning.AI

Categories
cloud programming

Web Push for Web Apps on iOS and iPadOS | WebKit

This is good news as it further expands the capabilities of web apps. This addresses a longstanding request for web apps to deliver notifications. Note that web push only works if the web app is added to Home Screen. It is to limit web apps that aggressively ask for too many permissions.

With iOS and iPadOS 16.4 beta 1 comes support for Web Push for Home Screen web apps, Badging API, Manifest ID, and more.

Source: Web Push for Web Apps on iOS and iPadOS | WebKit

Categories
cloud sysadmin

New – Visualize Your VPC Resources from Amazon VPC Creation Experience | AWS News Blog

Finally. Amazon Web Services has released a new feature called Amazon Virtual Private Cloud (VPC) resource map, which simplifies the VPC creation experience in the AWS sonsole. This feature displays existing VPC resources and their routing visually on a single page, allowing users to quickly understand the architectural layout of the VPC.

The new VPC creation experience streamlines the process of creating and connecting VPC resources with just one click, even across multiple Availability Zones (AZs). The VPC resource map also allows users to quickly understand the architectural layout of the VPC, including the number of subnets, which subnets are associated with the public route table, and which route tables have routes to the NAT Gateway. Additionally, users can customize a Name tag per resource in the preview and easily change the default CIDR value and subnet mask. The Amazon VPC resource map is now available in all AWS Regions where Amazon VPC is available.

Categories
ai

ChatGPT limitations

People are often amused or surprised when ChatGPT fails to give a correct response for seemingly simple questions (eg. multiply two numbers), yet is able to answer very complex ones.

The way to think about ChatGPT and other LLM tools is that they are simply an assistant and not an oracle.

AI tools like ChatGPT have a mental model of the world, and try to imagine what would be the best answer for any given prompt. But they may not get it right all the time, and in times when they don’t have an answer they will try their best anyway (ie. fabricate one).

An assistant make mistakes, that’s why you should expect ChatGPT’s output to have mistakes.

That said, ChatGPT is really good in areas that don’t require precision (eg. creative writing).

Update (2023-02-01): ChatGPT has released a newer version that is supposed to have improved factuality and mathematical capabilities. Well, didn’t work for me.

The answer is 10365