Tootfinder

I found this today when messing around with lifting-bits/sleigh build options and got a build error. Very interesting! Dynamic p-code shenanigans!
“TLDR: there is a (undocumented and disabled by default) feature in the Ghidra decompiler that lets you create your own decompiler passes, using a custom DSL. I leverage it to write a deobfuscation rule for a simple obfuscation technique.”
Thanks you @…

lowkey wish i had an eye in my hand. but with better (on-by-default) natural cover than eyelids. it'd be an absolute bitch to keep safe the way it's always depicted in art

Cloudflare will now block AI crawlers by default
The internet architecture provider will also let some publishers make known AI scrapers pay to crawl their sites
https://www.theverge.com/news/695501/cloudflare-block-ai-crawlers-default

Cloudflare will now block AI crawlers by default
Cloudflare has announced that it will now block AI web crawlers by default for new customers. It’s also introducing a new “Pay Per Crawl” fee that will let some publishers make AI companies pay to scrape their content.

Energy-Optimized Scheduling for AIoT Workloads Using TOPSIS
Preethika Pradeep, Eyhab Al-Masri
https://arxiv.org/abs/2506.04902 https://

Energy-Optimized Scheduling for AIoT Workloads Using TOPSIS
AIoT workloads demand energy-efficient orchestration across cloud-edge infrastructures, but Kubernetes' default scheduler lacks multi-criteria optimization for heterogeneous environments. This paper presents GreenPod, a TOPSIS-based scheduler optimizing pod placement based on execution time, energy consumption, processing core, memory availability, and resource balance. Tested on a heterogeneous Google Kubernetes cluster, GreenPod improves energy efficiency by up to 39.1% over the default Kuber…

OpenAI updates its coding agent Codex with internet access, turned off by default, and expands availability to ChatGPT Plus users (Simon Willison/Simon Willison's Weblog)
https://simonwillison.net/2025/Jun/3/codex-agent-internet-access/

Codex agent internet access
Sam Altman, [just now](https://twitter.com/sama/status/1930006856019390521): > codex gets access to the internet today! it is off by default and there are complex tradeoffs; people should read about the risks carefully and …

👀
https://www.theverge.com/news/695501/cloudflare-block-ai-crawlers-default

Cloudflare will now block AI crawlers by default
Cloudflare has announced that it will now block AI web crawlers by default for new customers. It’s also introducing a new “Pay Per Crawl” fee that will let some publishers make AI companies pay to scrape their content.

My JS Krups is resisting netbooting. I see it doing a DHCP discover, and I see Kea responding with an offer, but then it just sends another Discover. Hmph. I can get to the serial console and doing boot net from there doesn't help; none of the keyboard shortcuts for network diag etc seem to work (except the one that displays the help for it...). So I took the flash SIM out and now it boots to Net rather than flash by default; alas with the same DHCP behaviour. Time to try isc-dhcp.…

https://www.wired.com/story/cloudflare-blocks-ai-crawlers-default/

Cloudflare Is Blocking AI Crawlers by Default
The age of the AI scraping free-for-all may be coming to an end. At least if Cloudflare gets its way.

🚨 Encryption isn’t optional anymore. In EdTechSR Episode 342: Jason & I discuss why the FBI wants you on Signal, Google’s antitrust headaches, and AI tools that’ll blow your mind.
🎙️ https://edtechsr.com/2025/05/30/edtechsr-ep-342-encrypted-by-default/

EdTechSR Ep 342 Encrypted by Default
where technology news meets educational analysis Welcome to episode 342 (“Encrypted by Default”) of the EdTech Situation Room from December 18, 2024, where technology news meets educational analysis. This week, Dr. Jason Neiffer (aicentrist.com) and Dr. Wesley Fryer (wesfryer.com) unpacked the FBI’s unprecedented advice urging Americans to use encrypted messaging apps like Signal and WhatsApp, discussing the implications for personal privacy, national security, and school digital literacy…

Asymmetry by Design: Boosting Cyber Defenders with Differential Access to AI
Shaun Ee, Chris Covino, Cara Labrador, Christina Krawec, Jam Kraprayoon, Joe O'Brien
https://arxiv.org/abs/2506.02035

Asymmetry by Design: Boosting Cyber Defenders with Differential Access to AI
As AI-enabled cyber capabilities become more advanced, we propose "differential access" as a strategy to tilt the cybersecurity balance toward defense by shaping access to these capabilities. We introduce three possible approaches that form a continuum, becoming progressively more restrictive for higher-risk capabilities: Promote Access, Manage Access, and Deny by Default. However, a key principle across all approaches is the need to prioritize defender access, even in the most restrictive scen…

Oh, I see now how quote posting is going to be processed around here...
Not a bad system at all, although I do have my doubts it'll work well when the quoted posts are coming from networks where this kind of approval is tacitly given by default, such as Bluesky, like in this case.
#Mastodon #QuotePosting

@… Sorry, I overlooked the mention.
I forked the Crystal-lang relay that was once maintained on Mastodon, and added the ability to set conditions for the Activity to be relayed. By default, it only relays Notes with a ha…

I recently discovered a cool #firefox add-on called Auto Tab Discard.
It automatically unloads tabs after a certain period of time by default. Discard time is configurable, and you can also choose to discard only certain websites under certain conditions. You can also manually select tabs to keep or discard.
I started searching for a plugin for this because I had a lot of tabs ope…

Turns out #synology 's home folders are set to chmod 777 by default!
https://blog.aaronlenoir.com/2018/05/06/ssh-into-synology-nas-with-ssh-key/

Public Service Announcement: If you've worked in the UK, and you've changed the UK number that you use for accessing Gov.UK services, it is impossible to restore access because the default recovery workflow requires UK-issued photo ids: either a UK passport, or a UK driving license, are mandatory, even if you never had one or provided one in the first place.
Happily enough, as long as you keep your National Insurance Number, you can create a new Gateway ID, but this time follow…

the3million | Proving identity on Government websites with a non-UK passport | Giving a voice to EU citizens in the UK
HMRC, DWP and other government services have changed the way in which people sign in to access these services. This is a step-by-step guide for EU citizens and other non-UK passport holders to be able to access the Government Gateway, to see your tax records, pension records and other finance information, even if you do not have a British passport.

@… @… TIL about `expect(1)` which seems to be able to do all this too, and has one cool advantage which is that it ships by default.

So #Gentoo #Python eclasses are pretty modern, in the sense that they tend to follow the best practices and standards, and eventually deal with deprecations. Nevertheless, they have a long history and carry quite some historical burden, particularly regarding to naming.
The key point is that the eclasses were conceived as a replacement for the old eclasses: "distutils" and "python". Hence, much like we revision ebuilds, I've named the matching eclasses "distutils-r1" and "python-r1". For consistency, I've also used the "-r1" suffix for the remaining eclasses introduced at the time: "python-any-r1", "python-single-r1" and "python-utils-r1" — even though there were never "r0"s.
It didn't take long to realize my first mistake. I've made the multi-impl eclass effectively the "main" eclass, probably largely inspired by the previous Gentoo recommendations. However, in the end I've found out that for the most use cases (i.e. where "distutils-r1" is not involved), there is no real need for multi-impl, and it makes things much harder. So if I were naming them today, I would have named it "python-multi", to indicate the specific use case — and either avoid designating a default at all, or made "python-single" the default.
What aged even worse is the "distutils-r1" eclass. Admittedly, back when it was conceived, distutils was still largely a thing — and there were people (like me) who avoided unnecessary dependency on setuptools. Of course, nowadays it has been entirely devoured by setuptools, and with #PEP517 even "setuptools" wouldn't be a good name anymore. Nowadays, people are getting confused why they are supposed to use "distutils-r1" for, say, Hatchling.
Admittedly, this is something I could have done differently — PEP517 support was a major migration, and involved an explicit switch. Instead of adding DISTUTILS_USE_PEP517 (what a self-contradictory name) variable, I could have forked the eclass. Why didn't I do that? Because there used to be a lot of code shared between the two paths. Of course, over time they diverged more, and eventually I've dropped the legacy support — but the opportunity to rename was lost.
In fact, as a semi-related fact, I've recognized another design problem with the eclass earlier — I should have gone for two eclasses rather than one: a "python-phase" eclass with generic sub-phase support, and a "distutils" (or later "python-pep517") implementing default sub-phases for the common backends. And again, this is precisely how I could have solved the code reuse problem when I introduced PEP517 support.
But then, I didn't anticipate how the eclasses would end up looking like in the end — and I can't really predict what new challenges the Python ecosystem is going to bring us. And I think it's too late to rename or split stuff — too much busywork on everyone.

Watch Github for what happens for companies that go all-in on AI.
Notice all the details that are wrong now. Notice the docs. Notice the confusion between different interfaces. Notice the UI jank in new places. This is what happens when engineering decisions are made by default instead of discussion and planning. This is what happens when writing (already easier than editing) becomes even easier without improving editing.

Goodmorning! Today I will be working with #kasten backup and creating some #kanister #blueprints
*

Snaps: Bloated and Outdated?
Jukka Ruohonen, Qusai Ramadan
https://arxiv.org/abs/2507.00786 https://arxiv.org/pdf/2507.00786

Snaps: Bloated and Outdated?
Snap is an alternative software packaging system developed by Canonical and provided by default in the Ubuntu Linux distribution. Given the heterogeneity of various Linux distributions and their various releases, Snap allows an interoperable delivery of software directly to users. However, concerns and criticism have also been frequently expressed. Regarding this criticism, the paper shows that currently distributed snap packages are indeed on average bloated in terms of their sizes and outdate…

So, EU users get the more open iOS now than the rest of the world?
Apple Is Working to Permit Other Default Virtual Assistants on iOS, but Only in the E.U. – Pixel Envy https://pxlnv.com/linklog/ios-default-virtual-assistants/

Cloudflare launches Pay per Crawl, a marketplace letting sites charge AI crawlers per crawl; new sites set up with Cloudflare will block AI crawlers by default (Maxwell Zeff/TechCrunch)
https://techcrunch.com/2025/07/01/clou

Cloudflare launches a marketplace that lets websites charge AI bots for scraping | TechCrunch
Cloudflare is launching a new marketplace that reimagines the relationship between publishers and AI companies.

This week I've learned that "per-connection randomized MAC" – while being great for privacy – can be an issue for login-based WiFi networks. First of all it requires you to login again every time you reconnect, but you may also get issues with let's say hotel WiFis that limit the number of devices on one account 😅
I think this is mostly an issue caused by the captive portal implementation.
CC @…

Microsoft announces new Windows changes in response to the DMA for EEA users, including Edge not prompting users to set it as the default unless it is opened (Richard Lawler/The Verge)
https://www.theverge.com/news/678350/microsoft-dma-windows-10-11-bing…

Microsoft will finally stop bugging Windows users about Edge — but only in Europe
Microsoft’s changes to Windows 10 and 11 in countries covered by the EU’s Digital Markets Act will make Bing less annoying and let you ditch the Microsoft Store

If you look at the organizations standing up for students being targeted by US immigration, the unions are really leading the way. A huge thanks to the AAUP for it's leadership in this:
https://www.aaup.org/sites/default/files/2025.04.07-AAUP-Letter-to-GCs-corrected.pdf
https://www.aaup.org/sites/default/files/Faculty_Association_Amicus_Brief.pdf

"...'Without press, we by default have to assume that our government relaying information to us, is true,' Cuccia wrote, calling that attitude 'the antithesis of what we believe in.'..."
She's just soooo close to finally get it... 🤞
It is surprising, but some Magas really seem to have a small sense of ethics and really want to advance the country and not the cult (although the exact arguments/means are still disputable).
🤔

Rather surprised to see the performance scaling of nftables is so bad compared to iptables, especially as many distros switched to nftables by default some time ago.
I do understand that synthetic benchmarks of firewalls are difficult, and that you are supposed to use the advanced features of nftables (e.g. sets, maps) to express the same filter in fewer rules.
h…

I don't recall seeing much measurement research on mobile carrier identification from client traffic. Didn't find much in a cursory search.
Does this exist? Is it feasible, particularly with branded devices like this?
Can classification be done by address pools unique, IDs, MACs, user agent strings, default start-up apps, default DNS queries/settings, etc.?
Clue, ideas, and pointers wanted.

Steve Herman (@w7voa@journa.host)
Attached: 1 image CNBC - A company owned by President Trump announces it own branded Trump Mobile cell phone service and will sell a "T1" smartphone, featuring gold-colored metal case etched with an American flag. https://www.cnbc.com/2025/06/16/trump-mobile-phone-plan.html

Cloudflare launches Pay per Crawl, a marketplace letting sites charge AI crawlers per crawl; new sites set up with Cloudflare will block AI crawlers by default (Maxwell Zeff/TechCrunch)
https://techcrunch.com/2025/07/01/clou

Cloudflare launches a marketplace that lets websites charge AI bots for scraping | TechCrunch
Cloudflare is launching a new marketplace that reimagines the relationship between publishers and AI companies.

Did the Trump regime really just say that judges who try to stop the executive from abusing their authority are actually the ones abusing their authority?
I suppose the rubber/glue principle is probably the default in a regime run by a man with the mind of a 12 year old...

The full formula for the probability of "success" is:
p = {
1/(2^(-n 1)) if n is negative, or
1 - (1/(2^(n 1))) if n is zero or positive
}
(Both branches have the same value when n is 0, so the behavior is smooth around the origin.)
How can we tweak this?
First, we can introduce fixed success and/or failure chances unaffected by level, with this formula only taking effect if those don't apply. For example, you could do 10% failure, 80% by formula, and 10% success to keep things from being too sure either way even when levels are very high or low. On the other hand, this flattening makes the benefit of extra advantage levels even less exciting.
Second, we could allow for gradations of success/failure, and treat the coin pools I used to explain that math like dice pools a bit. An in-between could require linearly more success flips to achieve the next higher grade of success at each grade. For example, simple success on a crit role might mean dealing 1.5x damage, but if you succeed on 2 of your flips, you get 9/4 damage, or on 4 flips 27/8, or on 7 flips 81/16. In this world, stacking crit levels might be a viable build, and just giving up on armor would be super dangerous. In the particular case I was using this for just now, I can't easily do gradations of success (that's the reason I turned to probabilities in the first place) but I think I'd favor this approach when feasible.
The main innovation here over simple dice pools is how to handle situations where the number of dice should be negative. I'm almost certain it's not a truly novel innovation though, and some RPG fan can point out which system already does this (please actually do this, I'm an RPG nerd too at heart).
I'll leave this with one more tweak we could do: what if the number 2 in the probability equation were 3, or 2/3? I think this has a similar effect to just scaling all the modifiers a bit, but the algebra escapes me in this moment and I'm a bit lazy. In any case, reducing the base of the probability exponent should let you get a few more gradations near 50%, which is probably a good thing, since the default goes from 25% straight to 50% and then to 75% with no integer stops in between.

Rather surprised to see the performance scaling of nftables is so bad compared to iptables, especially as many distros switched to nftables by default some time ago.
I do understand that synthetic benchmarks of firewalls are difficult, and that you are supposed to use the advanced features of nftables (e.g. sets, maps) to express the same filter in fewer rules.
h…

@… @… What if you defined a new Fin which used a binary construction for n, rather than the default Nat?
Then dividing by 2 is generally pretty easy.

What has ... DRM (?!) ever done for us?
https://infosec.exchange/@dangoodin/114546912959367470

Elliptic flow of charged hadrons in d Au collisions at $\sqrt{s_{NN}} =$ 200 GeV using a multi-phase transport model
Jaideep Tanwar, Ishu Aggarwal, Vipul Bairathi, Lokesh Kumar, Sonia Kabana
https://arxiv.org/abs/2506.22721

Elliptic flow of charged hadrons in d+Au collisions at $\sqrt{s_{NN}} =$ 200 GeV using a multi-phase transport model
This study presents a comprehensive analysis of the elliptic flow coefficient, $v_2$, for charged hadrons at mid-rapidity in d+Au collisions at $\sqrt{s_{\mathrm{NN}}} = 200\mathrm{~GeV}$. Utilizing the AMPT model in both default and string melting modes, we examine the dependence of $v_2$ on transverse momentum, collision centrality, and particle type. Furthermore, we present $v_2$ scaled by participant eccentricity, which indicates a similar level of collectivity across different centrality i…

What can I use to make this? Hopefully easily (as in, the lines all move in a group if I need to reposition), but honestly I don't care if not — I just want it to know about curves and gaps, positioning nicely by default.
#maps #diagram

#Linux tip for people running Rocky Linux #VFX workstations (or Alma or RHEL I guess) who are looking for a solution to the system locking up once you're running out of memory: install systemd-oomd - the out of memory killer daemon. It's not enabled by default but I think it is on distributions that…

A comparative analysis of machine learning algorithms for predicting probabilities of default
Adrian Iulian Cristescu, Matteo Giordano
https://arxiv.org/abs/2506.19789

A comparative analysis of machine learning algorithms for predicting probabilities of default
Predicting the probability of default (PD) of prospective loans is a critical objective for financial institutions. In recent years, machine learning (ML) algorithms have achieved remarkable success across a wide variety of prediction tasks; yet, they remain relatively underutilised in credit risk analysis. This paper highlights the opportunities that ML algorithms offer to this field by comparing the performance of five predictive models-Random Forests, Decision Trees, XGBoost, Gradient Boosti…

In a letter to CEO Aravind Srinivas, the BBC says it has evidence Perplexity's default model used its content and seeks "a proposal for financial compensation" (Financial Times)
https://www.ft.com/content/b743d401-dc5d-44b8-9987-825a4ffcf4ca

BBC threatens legal action against AI start-up Perplexity over content scraping
British broadcaster makes first move to clamp down on alleged infringement of copyright by tech groups

The SagbiHomotopy.jl package for solving polynomial systems
Barbara Betti, Viktoriia Borovik
https://arxiv.org/abs/2506.06264 https://

The SagbiHomotopy.jl package for solving polynomial systems
We present the Julia package SagbiHomotopy.jl for solving systems of polynomial equations using numerical homotopy continuation. The package introduces an optimal choice of a start system based on SAGBI homotopies. For square horizontally parameterized systems, where each equation is a linear combination of a given set of polynomials, SAGBI homotopies significantly reduce the number of solution paths to track compared to polyhedral homotopies currently used by default in most software for numer…

deepSURF: Detecting Memory Safety Vulnerabilities in Rust Through Fuzzing LLM-Augmented Harnesses
Georgios Androutsopoulos, Antonio Bianchi
https://arxiv.org/abs/2506.15648

deepSURF: Detecting Memory Safety Vulnerabilities in Rust Through Fuzzing LLM-Augmented Harnesses
Although Rust ensures memory safety by default, it also permits the use of unsafe code, which can introduce memory safety vulnerabilities if misused. Unfortunately, existing tools for detecting memory bugs in Rust typically exhibit limited detection capabilities, inadequately handle Rust-specific types, or rely heavily on manual intervention. To address these limitations, we present deepSURF, a tool that integrates static analysis with Large Language Model (LLM)-guided fuzzing harness generat…

This https://arxiv.org/abs/2505.13185 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_qfi…

Filtering in a hazard rate change-point model with financial and life-insurance applications
This paper develops a continuous-time filtering framework for estimating a hazard rate subject to an unobservable change-point. This framework arises naturally in both financial and insurance applications, where the default intensity of a firm or the mortality rate of an individual may experience a sudden jump at an unobservable time, representing, for instance, a shift in the firm's risk profile or a deterioration in an individual's health status. By employing a progressive enlargement of filt…

Filtering in a hazard rate change-point model with financial and life-insurance applications
Matteo Buttarazzi, Claudia Ceci
https://arxiv.org/abs/2505.13185

Filtering in a hazard rate change-point model with financial and life-insurance applications
This paper develops a continuous-time filtering framework for estimating a hazard rate subject to an unobservable change-point. This framework arises naturally in both financial and insurance applications, where the default intensity of a firm or the mortality rate of an individual may experience a sudden jump at an unobservable time, representing, for instance, a shift in the firm's risk profile or a deterioration in an individual's health status. By employing a progressive enlargement of filt…

In other news, I've sent a few fun patches to improve epytest in #Gentoo.
This includes forcing short summaries, creating junit .xml for machine processing, and most importantly, EPYTEST_PLUGINS to handle specifying the plugins to load. The goal is to eventually move away from plugin autoloading by default.
#PyTest #Python