Tootfinder

Setting humane goals for #BigTech
https://www.wired.com/story/big-interview-event-techdirt-mike-masnick-common-tools-alex-komoroske/

Cracking CodeWhisperer: Analyzing Developers' Interactions and Patterns During Programming Tasks
Jeena Javahar, Tanya Budhrani, Manaal Basha, Cleidson R. B. de Souza, Ivan Beschastnikh, Gema Rodriguez-Perez
https://arxiv.org/abs/2510.11516

Cracking CodeWhisperer: Analyzing Developers' Interactions and Patterns During Programming Tasks
The use of AI code-generation tools is becoming increasingly common, making it important to understand how software developers are adopting these tools. In this study, we investigate how developers engage with Amazon's CodeWhisperer, an LLM-based code-generation tool. We conducted two user studies with two groups of 10 participants each, interacting with CodeWhisperer - the first to understand which interactions were critical to capture and the second to collect low-level interaction data using…

SCOOP'D: Learning Mixed-Liquid-Solid Scooping via Sim2Real Generative Policy
Kuanning Wang, Yongchong Gu, Yuqian Fu, Zeyu Shangguan, Sicheng He, Xiangyang Xue, Yanwei Fu, Daniel Seita
https://arxiv.org/abs/2510.11566

SCOOP'D: Learning Mixed-Liquid-Solid Scooping via Sim2Real Generative Policy
Scooping items with tools such as spoons and ladles is common in daily life, ranging from assistive feeding to retrieving items from environmental disaster sites. However, developing a general and autonomous robotic scooping policy is challenging since it requires reasoning about complex tool-object interactions. Furthermore, scooping often involves manipulating deformable objects, such as granular media or liquids, which is challenging due to their infinite-dimensional configuration spaces and…

PhysToolBench: Benchmarking Physical Tool Understanding for MLLMs
Zixin Zhang, Kanghao Chen, Xingwang Lin, Lutao Jiang, Xu Zheng, Yuanhuiyi Lyu, Litao Guo, Yinchuan Li, Ying-Cong Chen
https://arxiv.org/abs/2510.09507

PhysToolBench: Benchmarking Physical Tool Understanding for MLLMs
The ability to use, understand, and create tools is a hallmark of human intelligence, enabling sophisticated interaction with the physical world. For any general-purpose intelligent agent to achieve true versatility, it must also master these fundamental skills. While modern Multimodal Large Language Models (MLLMs) leverage their extensive common knowledge for high-level planning in embodied AI and in downstream Vision-Language-Action (VLA) models, the extent of their true understanding of phys…

'Don't even consider' Microsoft?
To digital natives, Microsoft's IT stack makes Google's look like a model of sanity. A millennial does battle with Redmond's enterprise tools and comes away reeling.
[…] Probably the single most common argument against switching to Linux is the absolute non-negotiable requirement of many organizations to have Microsoft Exchange. […]
🤦

To digital natives, Microsoft's IT stack makes Google's look like a model of sanity
Comment: A millennial does battle with Redmond's enterprise tools and comes away reeling

Systematic Assessment of Cache Timing Vulnerabilities on RISC-V Processors
C\'edrick Austa, Jan Tobias M\"uhlberg, Jean-Michel Dricot
https://arxiv.org/abs/2510.08272 h…

Systematic Assessment of Cache Timing Vulnerabilities on RISC-V Processors
While interest in the open RISC-V instruction set architecture is growing, tools to assess the security of concrete processor implementations are lacking. There are dedicated tools and benchmarks for common microarchitectural side-channel vulnerabilities for popular processor families such as Intel x86-64 or ARM, but not for RISC-V. In this paper we describe our efforts in porting an Intel x86-64 benchmark suite for cache-based timing vulnerabilities to RISC-V. We then use this benchmark to eva…

This phishing content hosting technique described by Barracuda is very clever. I find that the anti-analysis features are especially so: "it prevents right-clicking the mouse, blocks the keyboard’s F12 key (used for developer tools), and prevents common keyboard shortcuts like Ctrl/Cmd and Ctrl/Cmd Shift."
Regardless, the standard phishing prevention techniques of strong technical controls combined with end-user training (don't click on links in unexpected email messages…

Threat Spotlight: Introducing GhostFrame, a new super stealthy phishing kit
Barracuda threat analysts have spotted a deceptively simple phishing-as-service kit called GhostFrame that’s already launched a million attacks.

What if we viewed AI notetaking not as a solution but as a symptom of deeper workplace dysfunction?
(👆an AI assisted post ;-)
https://www.careful.industries/blog/2025-11-nine-risks-caused-by-ai-notetakers

Nine risks caused by AI notetakers — Careful Industries
AI transcription tools are not currently mature or reliable enough to be regarded as an always on, single-source of truth for meeting notes. Nine common risks, and six possible mitigations.

{nplyr} has helper functions to work on nested dataframes: #rstats #datascience

A Grammar of Nested Data Manipulation
Provides functions for manipulating nested data frames in a list-column using dplyr syntax. Rather than unnesting, then manipulating a data frame, nplyr allows users to manipulate each nested data frame directly. nplyr is a wrapper for dplyr functions that provide tools for common data manipulation steps: filtering rows, selecting columns, summarising grouped data, among others.

In between his highly publicized designation of Antifa as a domestic terror organization
and his indictmentof former FBI Director James Comey,
Donald Trump signed
"The National Security Presidential Memorandum 7" (NSPM-7) titled
“Countering Domestic Terrorism and Organized Political Violence,”
that gives law enforcement new tools to target his critics.
It mandates a “national strategy to investigate and disrupt networks, entities, and organization…

Underreported Memo Is 'Declaration of War' Against Trump Opponents | Common Dreams
"By targeting beliefs and protest activity, the directive positions dissent itself as a potential crime," one news organization said.

AI – I am here to help; would you like to chat?
 
 
Artificial Intelligence (AI) of one type of another is now a part of most of the applications and services we use on the Internet. In spite of AI’s helpful features, there are hidden dangers in most of the common AI applications and services. Most people are not aware that AI is not just being helpful – it is recording, storing and sharing information about our activities. This information can be helpful to autocrats in their…

The European Union Agency for Cybersecurity (ENISA) is now a Common Vulnerabilities and Exposures (CVE) Program-Root, thus becoming a central point of contact within the CVE program for national/EU authorities, EU CSIRTs network members, and cooperative partners falling under ENISA’s mandate.
htt…

GM3: A General Physical Model for Micro-Mobility Vehicles
Grace Cai, Nithin Parepally, Laura Zheng, Ming C. Lin
https://arxiv.org/abs/2510.07807 https://ar…

GM3: A General Physical Model for Micro-Mobility Vehicles
Modeling the dynamics of micro-mobility vehicles (MMV) is becoming increasingly important for training autonomous vehicle systems and building urban traffic simulations. However, mainstream tools rely on variants of the Kinematic Bicycle Model (KBM) or mode-specific physics that miss tire slip, load transfer, and rider/vehicle lean. To our knowledge, no unified, physics-based model captures these dynamics across the full range of common MMVs and wheel layouts. We propose the "Generalized Micro-…

Eye-Tracking and BCI Integration for Assistive Communication in Locked-In Syndrome: Pilot Study with Healthy Participants
Ana Patr\'icia Pinto, Rute Bettencourt, Urbano J. Nunes, Gabriel Pires
https://arxiv.org/abs/2509.23518

Eye-Tracking and BCI Integration for Assistive Communication in Locked-In Syndrome: Pilot Study with Healthy Participants
Patients with Amyotrophic Lateral Sclerosis (ALS) progressively lose voluntary motor control, often leading to a Locked-In State (LIS), or in severe cases, a Completely Locked-in State (CLIS). Eye-tracking (ET) systems are common communication tools in early LIS but become ineffective as oculomotor function declines. EEG-based Brain-Computer Interfaces (BCIs) offer a non-muscular communication alternative, but delayed adoption may reduce performance due to diminished goal-directed thinking. Thi…

Multiscale 2-Mapper -- Exploratory Data Analysis Guided by the First Betti Number
Halley Fritze
https://arxiv.org/abs/2509.22816 https://arxiv.org/pdf/2509…

Multiscale 2-Mapper -- Exploratory Data Analysis Guided by the First Betti Number
The Mapper algorithm is a fundamental tool in exploratory topological data analysis for identifying connectivity and topological clustering in data. Derived from the nerve construction, Mapper graphs can contain additional information about clustering density when considering the higher-dimensional skeleta. To observe two-dimensional features, and capture one-dimensional topology, we construct 2-Mapper. A common issue in using Mapper algorithms is parameter choice. We develop tools to choose 2-…

In-Transit Data Transport Strategies for Coupled AI-Simulation Workflow Patterns
Harikrishna Tummalapalli, Riccardo Balin, Christine M. Simpson, Andrew Park, Aymen Alsaadi, Andrew E. Shao, Wesley Brewer, Shantenu Jha
https://arxiv.org/abs/2509.19150

HTML Structure Exploration in 3D Software Cities
Malte Hansen, David Moreno-Lumbreras, Wilhelm Hasselbring
https://arxiv.org/abs/2510.00004 https://arxiv.o…

HTML Structure Exploration in 3D Software Cities
Software visualization, which uses data from dynamic program analysis, can help to explore and understand the behavior of software systems. It is common that large software systems offer a web interface for user interaction. Usually, available web interfaces are not regarded in software visualization tools. This paper introduces additions to the web-based live tracing software visualization tool ExplorViz: We add an embedded web view for instrumented applications in the 3D visualization to ease…

Container Orchestration Patterns for Optimizing Resource Use
Diogo Maia, Filipe Correia, Andr\'e Restivo, Paulo Queiroz
https://arxiv.org/abs/2510.00197 https://

Container Orchestration Patterns for Optimizing Resource Use
Service-based architectures provide substantial benefits, yet service orchestration remains a challenge, particularly for newcomers. While various resources on orchestration techniques exist, they often lack clarity and standardization, making best practices difficult to implement and limiting their adoption within the software industry. To address this gap, we analyzed existing literature and tools to identify common orchestration practices. Based on our findings, we define three key orchest…

Flying Drones to Locate Cyber-Attackers in LoRaWAN Metropolitan Networks
Matteo Repetto, Enrico Cambiaso, Fabio Patrone, Sandro Zappatore
https://arxiv.org/abs/2509.15725 https:…

Flying Drones to Locate Cyber-Attackers in LoRaWAN Metropolitan Networks
Today, many critical services and industrial systems rely on wireless networks for interaction with the IoT, hence becoming vulnerable to a broad number of cyber-threats. While detecting this kind of attacks is not difficult with common cyber-security tools, and even trivial for jamming, finding their origin and identifying culprits is almost impossible today, yet indispensable to stop them, especially when attacks are generated with portable or self-made devices that continuously move around. …

New on my #Gentoo blog: One #jobserver to rule them all
"""
A common problem with running Gentoo builds is concurrency. Many packages include extensive build steps that are either fully serial, or cannot fully utilize the available CPU threads throughout. This problem becomes less pronounced when running building multiple packages in parallel, but then we are risking overscheduling for packages that do take advantage of parallel builds.
Fortunately, there are a few tools at our disposal that can improve the situation. Most recently, they were joined by two experimental system-wide jobservers: #guildmaster and #steve. In this post, I’d like to provide the background on them, and discuss the problems they are facing.
"""
https://blogs.gentoo.org/mgorny/2025/11/30/one-jobserver-to-rule-them-all/

Okay, so please correct me if I'm wrong about the state of #OpenPGP right now.
So first there's the former #RFC4880bis which is now pursued as "#LibrePGP", used by #GnuPG (and #rnp?), with a "v5" key format, that everyone else seem to looks "politely" at.
Then there's #RFC9580 with a "v6" key format, used by #OpenPGPjs, #SequoiaPGP (and more) but explicitly rejected by GnuPG. However, it seems to be pushed forward under the assumption that GnuPG will yield to pressure.
So we effectively have two incompatible standards, with a "common denominator" of ancient #RFC4880, some tools pursuing one of them with disregard for the other, and a few supporting both for the sake of the users. And #Gentoo is effectively stuck with whatever GnuPG supports, because we need working crypto on all supported platforms, not just the "Rust subset".
https://bugs.gentoo.org/963069