Tootfinder

Here's what you need to know about the RCE flaw in the Cisco appliance software
Cisco: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-code-exec-WmfP3h3O
NCSC:

Free software communities offer ethical alternatives to the centralised platforms by the web giants:
It is possible to find trusted services that respect your privacy
https://degooglisons-internet.org/en/

De-google-ify Internet - Main Page
The web giants centralize our digital lives in exchange for their services The Free Software community offers alternative ethical services The Framasoft network intends to prove itby hosting them

Wow, this seems like a big deal - an RCE in some critical Cisco products that can be exploited by low-privilege users.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-code-exec-WmfP3h3O

Experience Deploying Containerized GenAI Services at an HPC Center
Angel M. Beltre, Jeff Ogden, Kevin Pedretti
https://arxiv.org/abs/2509.20603 https://arx…

Experience Deploying Containerized GenAI Services at an HPC Center
Generative Artificial Intelligence (GenAI) applications are built from specialized components -- inference servers, object storage, vector and graph databases, and user interfaces -- interconnected via web-based APIs. While these components are often containerized and deployed in cloud environments, such capabilities are still emerging at High-Performance Computing (HPC) centers. In this paper, we share our experience deploying GenAI workloads within an established HPC center, discussing the in…

Mastodon, the nonprofit behind the social network, plans to offer paid hosting, moderation, and support services for organizations joining the fediverse (Sarah Perez/TechCrunch)
https://techcrunch.com/2025/09/19/mast

Mastodon has a new plan to make money: Hosting and support services for the open social web | TechCrunch
Mastodon launches hosting and support services to generate revenue and expand the open social web.

The Atacama Cosmology Telescope: Release of A databaSe of millimeTeR ObservatioNs of Asteroids Using acT (ASTRONAUT)
Ricco C. Venterea, John Orlowski-Scherer, Nicholas Battaglia, Sigurd Naess, Steve K. Choi, Allen Foster, Joseph Golec, Bruce Patridge, Crist\'obal Sif\'on
https://arxiv.org/abs/2508.18300

The Atacama Cosmology Telescope: Release of A databaSe of millimeTeR ObservatioNs of Asteroids Using acT (ASTRONAUT)
We present A databaSe of millimeTeR ObservatioNs of Asteroids Using acT (ASTRONAUT) hosted on Amazon Web Services, Inc. (AWS) in the form of a public Amazon Simple Storage Service (S3) bucket. This bucket is an Amazon cloud storage database containing flux measurements for a group of asteroids at millimeter (mm) wavelengths. These measurements were collected by the Atacama Cosmology Telescope (ACT) from 2017 to 2021 in frequency bands centered near 90, 150, and 220 GHz. The ASTRONAUT database c…

Colt Technology Services has confirmed that data was stolen in a recent cyberattack that disrupted its operations.
The admission comes as the Warlock ransomware gang begins auctioning what it claims are over a million stolen documents on its dark web site.
https://www.computing.co.uk/news/202…

Colt confirms data theft
Colt Technology Services has confirmed that data was stolen in a recent cyberattack that disrupted its operations.

New today - #Apple #MacAdmins could previously restrict "my org's Managed Apple Accounts can -only- be used on org owned devices"
Today the converse is now available: You can enforce that on org devices, only your org's Managed Apple Accounts are allowed to sign into that device
https://support.apple.com/guide/apple-business-manager/customize-user-access-apps-services-axm53xk34bq/1/web/1#axmc181646cf

Building a robust OAuth token based API Security: A High level Overview
Senthilkumar Gopal
https://arxiv.org/abs/2507.16870 https://arxiv.org/pdf/2507.1687…

Building a robust OAuth token based API Security: A High level Overview
APIs (Application Programming Interfaces) or Web Services are the foundational building blocks that enable interconnected systems. However this proliferation of APIs has also introduced security challenges that require systematic and scalable solutions for secure authentication and authorization. This paper presents the fundamentals necessary for building a such a token-based API security system. It discusses the components necessary, the integration of OAuth 2.0, extensibility of the token arc…

https://blog.joinmastodon.org/2025/09/service-offerings-from-mastodon/

Service offerings from Mastodon
We're offering hosting, support and moderation services, to establish a more sustainable financial base while we continue to build a better social web.

Mastodon erhält neue Hosting- und Support-Angebote, die auf größere Organisationen und öffentliche Einrichtungen zugeschnitten sind. Diese ermöglichen es ihnen, ihre eigene soziale Identität auf ihrer eigenen Infrastruktur zu besitzen.
Ideal für Unis, Institute, Stiftungen oder NGOs um eine resiliente und kontrollierbare Kommunikation aufzubauen, unabhängig von BigTech.
Auch Schulen können eigene Instanzen für souveränes social media aufbauen.

Service offerings from Mastodon
We're offering hosting, support and moderation services, to establish a more sustainable financial base while we continue to build a better social web.

DBOS Network Sensing: A Web Services Approach to Collaborative Awareness
Sophia Lockton, Jeremy Kepner, Michael Stonebraker, Hayden Jananthan, LaToya Anderson, William Arcand, David Bestor, William Bergeron, Alex Bonn, Daniel Burrill, Chansup Byun, Timothy Davis, Vijay Gadepally, Michael Houle, Matthew Hubbell, Michael Jones, Piotr Luszczek, Peter Michaleas, Lauren Milechin, Chasen Milner, Guillermo Morales, Julie Mullen, Michel Pelletier, Alex Poliakov, Andrew Prout, Albert Reuther, A…

DBOS Network Sensing: A Web Services Approach to Collaborative Awareness
DBOS (DataBase Operating System) is a novel capability that integrates web services, operating system functions, and database features to significantly reduce web-deployment effort while increasing resilience. Integration of high performance network sensing enables DBOS web services to collaboratively create a shared awareness of their network environments to enhance their collective resilience and security. Network sensing is added to DBOS using GraphBLAS hypersparse traffic matrices via two a…

what a drag. i really enjoyed @… & @…. https://

Hahahahaha #sound
https://www.instagram.com/p/DNQGNrBM9aR/?utm_source=ig_web_copy_link

substance recordstore on Instagram: "THE SABRES OF PARADISE - ReIssues Remastered Reissues of the SABRESONIC (1993) & HAUNTED DANCEHALL (1994) albums by the trio of Andrew Weatherall, Jagz Kooner and Gary Burns. Unavailable on vinyl and CD since original release. Coming off the back of his work on the era-defining Screamadelica album by Primal Scream, not to mention groundbreaking remix work for the likes of New Order, My Bloody Valentine and the Happy Mondays, Weatherall was as revered by fans of indie guitar music as he was namechecked by hardcore ravers. The increasing demands on his services led to a studio partnership with Kooner and Burns, forming the production trio The Sabres Of Paradise (named after a 1960 book about a Muslim chieftain’s efforts to repel a Russian invasion). #thesabresofparadise #warp #warprecords #andrewweatherall #reissue #remastered #news #newreleaseseveryday #vinyl #records #recordstore #vienna #plattenladen #wien"
7 likes, 0 comments - substance_recordstore on August 12, 2025: "THE SABRES OF PARADISE - ReIssues Remastered Reissues of the SABRESONIC (1993) & HAUNTED DANCEHALL (1994) albums by the trio of Andrew Weatherall, Jagz Kooner and Gary Burns. Unavailable on vinyl and CD since original release. Coming off the back of his work on the era-defining Screamadelica album by Primal Scream, not to mention groundbreaking remix work for the likes of New Order, My Bloody Valentine and the Happy Mondays, We…

For those interested in local and self-hosting, gonna be running our monthly #libre/#FOSS catchup at https://meeting.iridescent.nz tonight at 20:00 NZST talking about migrating our *many* web services built with Doc…

Throttling Web Agents Using Reasoning Gates
Abhinav Kumar, Jaechul Roh, Ali Naseh, Amir Houmansadr, Eugene Bagdasarian
https://arxiv.org/abs/2509.01619 https://

Throttling Web Agents Using Reasoning Gates
AI web agents use Internet resources at far greater speed, scale, and complexity -- changing how users and services interact. Deployed maliciously or erroneously, these agents could overload content providers. At the same time, web agents can bypass CAPTCHAs and other defenses by mimicking user behavior or flood authentication systems with fake accounts. Yet providers must protect their services and content from denial-of-service attacks and scraping by web agents. In this paper, we design a fr…

Security smells in infrastructure as code: a taxonomy update beyond the seven sins
Aicha War, Serge L. B. Nikiema, Jordan Samhi, Jacques Klein, Tegawende F. Bissyande
https://arxiv.org/abs/2509.18761

Most #RESTful #APIs aren't really RESTful
https://florian-krae…

Instead of relying entirely on donations and grants as before,
Mastodon announced on Friday that it will now offer paid hosting, moderation, and support services for organizations that want to join the open social web.
That network, also called the fediverse, offers a way for individuals and organizations to set up their own servers that interconnect with others that run the same protocol, ActivityPub.
ActivityPub powers a number of different software applications, includin…

Mastodon - Decentralized social media
Learn more about Mastodon, the radically different, free and open-source decentralized social media platform.

Google Cloud has competed well against AWS in AI, attracting business from The Browser Company, Safe Superintelligence, Thinking Machines Lab, and OpenAI (Kevin McLaughlin/The Information)
https://www.theinformation.com/articles/google-finds-crack-amazons-c…

Google Finds a Crack in Amazon’s Cloud Dominance
Earlier this year, when The Browser Company was looking for a cloud provider to power the artificial intelligence features in a web browser it was developing, the startup’s leaders asked Amazon Web Services if it could handle the work. Winning this business was important to AWS. The Browser ...

I boosted this the other day:
https://w3c.social/@wai/115131341361675726
But I have not yet read the Accessibility Maturity Model Draft Note:
https:/…

Apologies for the downtime on phpc.social this morning. Restarted services a little too early. We're good to go now (indexing ElasticSearch items in the background for the rest of the day but the site is functional otherwise).
In related news, phpc.social is now running Mastodon 4.4.1, hence it looking a bit different from before if you're using the web UI.
#MastoAdmin

Fast and Interactive Byzantine Fault-tolerant Web Services via Session-Based Consensus Decoupling
Ahmad Zaki Akmal, Azkario Rizky Pratama, Guntur Dharma Putra
https://arxiv.org/abs/2507.08281

Fast and Interactive Byzantine Fault-tolerant Web Services via Session-Based Consensus Decoupling
Byzantine fault-tolerant (BFT) web services provide critical integrity guarantees for distributed applications but face significant latency challenges that hinder interactive user experiences. We propose a novel two-layer architecture that addresses this fundamental tension between security and responsiveness in BFT systems. Our approach introduces a session-aware transaction buffer layer (Layer 2) that delivers immediate feedback to users through consensus simulation, while periodically commit…

Artificial Intelligence in Rural Healthcare Delivery: Bridging Gaps and Enhancing Equity through Innovation
Kiruthika Balakrishnan, Durgadevi Velusamy, Hana E. Hinkle, Zhi Li, Karthikeyan Ramasamy, Hikmat Khan, Srini Ramaswamy, Pir Masoom Shah
https://arxiv.org/abs/2508.11738

Artificial Intelligence in Rural Healthcare Delivery: Bridging Gaps and Enhancing Equity through Innovation
Rural healthcare faces persistent challenges, including inadequate infrastructure, workforce shortages, and socioeconomic disparities that hinder access to essential services. This study investigates the transformative potential of artificial intelligence (AI) in addressing these issues in underserved rural areas. We systematically reviewed 109 studies published between 2019 and 2024 from PubMed, Embase, Web of Science, IEEE Xplore, and Scopus. Articles were screened using PRISMA guidelines and…

AI is flooding libraries with generated content just as budgets and staff are at their most precarious. This Thursday at 10am EDT my ASIS&T webinar asks if we need to ban it, label it, absorb it—or rethink the library itself.
https://www.asist.org/meetings-events/webi

MCPmed: A Call for MCP-Enabled Bioinformatics Web Services for LLM-Driven Discovery
Matthias Flotho (Chair for Clinical Bioinformatics, Center for Bioinformatics, Saarland University, Germany, Helmholtz Institute for Pharmaceutical Research Saarland), Ian Ferenc Diks (Chair for Clinical Bioinformatics, Center for Bioinformatics, Saarland University, Germany, Helmholtz Institute for Pharmaceutical Research Saarland), Philipp Flotho (Chair for Clinical Bioinformatics, Center for Bioinfor…

MCPmed: A Call for MCP-Enabled Bioinformatics Web Services for LLM-Driven Discovery
Bioinformatics web servers are critical resources in modern biomedical research, facilitating interactive exploration of datasets through custom-built interfaces with rich visualization capabilities. However, this human-centric design limits machine readability for large language models (LLMs) and deep research agents. We address this gap by adapting the Model Context Protocol (MCP) to bioinformatics web server backends - a standardized, machine-actionable layer that explicitly associates webse…

Well this is interesting...
#Linux

Linux Foundation Opens the Door to DocumentDB
Amazon Web Services and Microsoft will both work on the open source, document-oriented database system, per the annoucement at Open Source Summit Europe.

Enabling Content Management Systems as an Information Source in Model-driven Projects
Joan Giner-Miguelez, Abel G\'omez, Jordi Cabot
https://arxiv.org/abs/2508.19797 https:/…

Enabling Content Management Systems as an Information Source in Model-driven Projects
Content Management Systems (CMSs) are the most popular tool when it comes to create and publish content across the web. Recently, CMSs have evolved, becoming \emph{headless}. Content served by a \emph{headless CMS} aims to be consumed by other applications and services through REST APIs rather than by human users through a web browser. This evolution has enabled CMSs to become a notorious source of content to be used in a variety of contexts beyond pure web navigation. As such, CMS have become …

Amazon rarely publicly discusses take down or incident response actions, which I'd guess makes this noteworthy:
https://aws.amazon.com/blogs/security/amazon-disrupts-watering-hole-campaign-by-russias-apt29/

A little tip to all those folks using Amazon Web Services or Microsoft Azure or Google Cloud: you're paying ~ 20x more than you need to be paying. If you claim you're using 'special services only provided by __insert name of ripoff cloud provider here__' then you've got your organisation locked into a single provider with the inability to move to a better one. Consider your options very carefully & build vendor-agnostic systems. Dependence on

Cyber security of Mega Events: A Case Study of Securing the Digital Infrastructure for MahaKumbh 2025 -- A 45 days Mega Event of 600 Million Footfalls
Rohit Negi, Amit Negi, Manish Sharma, S. Venkatesan, Prem Kumar, Sandeep K. Shukla
https://arxiv.org/abs/2507.15660

Cyber security of Mega Events: A Case Study of Securing the Digital Infrastructure for MahaKumbh 2025 -- A 45 days Mega Event of 600 Million Footfalls
Mega events such as the Olympics, World Cup tournaments, G-20 Summit, religious events such as MahaKumbh are increasingly digitalized. From event ticketing, vendor booth or lodging reservations, sanitation, event scheduling, customer service, crime reporting, media streaming and messaging on digital display boards, surveillance, crowd control, traffic control and many other services are based on mobile and web applications, wired and wireless networking, network of Closed-Circuit Television (CC…

Crosslisted article(s) found for cs.OS. https://arxiv.org/list/cs.OS/new
[1/1]:
- DBOS Network Sensing: A Web Services Approach to Collaborative Awareness
Sophia Lockton, et al.

Uniting the World by Dividing it: Federated Maps to Enable Spatial Applications
Sagar Bharadwaj, Srinivasan Seshan, Anthony Rowe
https://arxiv.org/abs/2507.11437

Uniting the World by Dividing it: Federated Maps to Enable Spatial Applications
The emergence of the Spatial Web -- the Web where content is tied to real-world locations has the potential to improve and enable many applications such as augmented reality, navigation, robotics, and more. The Spatial Web is missing a key ingredient that is impeding its growth -- a spatial naming system to resolve real-world locations to names. Today's spatial naming systems are digital maps such as Google and Apple maps. These maps and the location-based services provided on top of these maps…

Source: Nvidia is scaling back DGX Cloud to primarily internal R&D use; DGX Cloud was initially envisioned to compete with major cloud providers like AWS (Anissa Gardizy/The Information)
https://www.theinformation.com/articles/nvidia-steps-back-cloud-ef…

Nvidia Steps Back From Cloud Effort to Compete with AWS
Nvidia is stepping back from its nascent cloud computing business, which had put it in quasi-competition with Amazon Web Services. It has lessened its efforts to attract businesses to the cloud service, dubbed DGX Cloud, said a person with direct knowledge of the situation. Instead, Nvidia plans ...

Are we decentralized yet? https://arewedecentralizedyet.online

SRWToolkit: An Open Source Wizard of Oz Toolkit to Create Social Robotic Avatars
Atikkhan Faridkhan Nilgar, Kristof Van Laerhoven, Ayub Kinoti
https://arxiv.org/abs/2509.04356 h…

SRWToolkit: An Open Source Wizard of Oz Toolkit to Create Social Robotic Avatars
We present SRWToolkit, an open-source Wizard of Oz toolkit designed to facilitate the rapid prototyping of social robotic avatars powered by local large language models (LLMs). Our web-based toolkit enables multimodal interaction through text input, button-activated speech, and wake-word command. The toolkit offers real-time configuration of avatar appearance, behavior, language, and voice via an intuitive control panel. In contrast to prior works that rely on cloud-based LLM services, SRWToolk…

Unveiling Usability Challenges in Web Privacy Controls
Rahat Masood, Sunday Oyinlola Ogundoyin, Muhammad Ikram, Alex Ye
https://arxiv.org/abs/2507.11908 ht…

Unveiling Usability Challenges in Web Privacy Controls
With the increasing concerns around privacy and the enforcement of data privacy laws, many websites now provide users with privacy controls. However, locating these controls can be challenging, as they are frequently hidden within multiple settings and layers. Moreover, the lack of standardization means these controls can vary widely across services. The technical or confusing terminology used to describe these controls further complicates users' ability to understand and use them effectively. …

Die Abhängigkeit Europas von ausländischer IT Tech ist groß und besteht schon lange. Der Großteil der staatlichen Dienstleistungen, der Gesundheitssysteme und der Infrastruktur des Privatsektors läuft auf Plattformen, die von Microsoft, Amazon Web Services (AWS) und Google kontrolliert werden
https://thenextweb.com/…

Reclaiming the stack: Europe’s bid for digital sovereignty
Gustaf Sahlman, CEO of Swedish ID management firm Curity, argues Europe must reclaim its tech stack to secure digital sovereignty.

Can Large Language Models Understand As Well As Apply Patent Regulations to Pass a Hands-On Patent Attorney Test?
Bhakti Khera, Rezvan Alamian, Pascal A. Scherz, Stephan M. Goetz
https://arxiv.org/abs/2507.10576

Can Large Language Models Understand As Well As Apply Patent Regulations to Pass a Hands-On Patent Attorney Test?
The legal field already uses various large language models (LLMs) in actual applications, but their quantitative performance and reasons for it are underexplored. We evaluated several open-source and proprietary LLMs -- including GPT-series, Anthropic, Deepseek and Llama-3, variants -- on parts of the European Qualifying Examination (EQE) for future European Patent Attorneys. OpenAI o1 led with 0.82 accuracy and 0.81 F1 score, whereas (Amazon Web Services) AWS Llama 3.1 8B lagged at 0.50 accura…

Quantum-Classical Auxiliary Field Quantum Monte Carlo with Matchgate Shadows on Trapped Ion Quantum Computers
Luning Zhao, Joshua J. Goings, Willie Aboumrad, Andrew Arrasmith, Lazaro Calderin, Spencer Churchill, Dor Gabay, Thea Harvey-Brown, Melanie Hiles, Magda Kaja, Matthew Keesan, Karolina Kulesz, Andrii Maksymov, Mei Maruo, Mauricio Mu\~noz, Bas Nijholt, Rebekah Schiller, Yvette de Sereville, Amy Smidutz, Felix Tripier, Grace Yao, Trishal Zaveri, Coleman Collins, Martin Roetteler, …

Quantum-Classical Auxiliary Field Quantum Monte Carlo with Matchgate Shadows on Trapped Ion Quantum Computers
We demonstrate an end-to-end workflow to model chemical reaction barriers with the quantum-classical auxiliary field quantum Monte Carlo (QC-AFQMC) algorithm with quantum tomography using matchgate shadows. The workflow operates within an accelerated quantum supercomputing environment with the IonQ Forte quantum computer and NVIDIA GPUs on Amazon Web Services. We present several algorithmic innovations and an efficient GPU-accelerated execution, which achieves a several orders of magnitude spee…

Sources: AWS is launching a marketplace for AI agents, with Anthropic as one of its partners, at the AWS Summit in NYC next week (Jagmeet Singh/TechCrunch)
https://techcrunch.com/2025/07/10/aws-is-launching-an-ai-ag…

AWS is launching an AI agent marketplace next week with Anthropic as a partner | TechCrunch
Amazon Web Services is launching an AI agent marketplace and Anthropic is one of its partners.

OASBuilder: Generating OpenAPI Specifications from Online API Documentation with Large Language Models
Koren Lazar, Matan Vetzler, Kiran Kate, Jason Tsay, David Boaz Himanshu Gupta, Avraham Shinnar, Rohith D Vallam, David Amid Esther Goldbraich, Guy Uziel, Jim Laredo, Ateret Anaby Tavor
https://arxiv.org/abs/2507.05316

OASBuilder: Generating OpenAPI Specifications from Online API Documentation with Large Language Models
AI agents and business automation tools interacting with external web services require standardized, machine-readable information about their APIs in the form of API specifications. However, the information about APIs available online is often presented as unstructured, free-form HTML documentation, requiring external users to spend significant time manually converting it into a structured format. To address this, we introduce OASBuilder, a novel framework that transforms long and diverse API d…

Crosslisted article(s) found for cs.DC. https://arxiv.org/list/cs.DC/new
[1/1]:
- DBOS Network Sensing: A Web Services Approach to Collaborative Awareness
Sophia Lockton, et al.

Breaking Obfuscation: Cluster-Aware Graph with LLM-Aided Recovery for Malicious JavaScript Detection
Zhihong Liang, Xin Wang, Zhenhuang Hu, Liangliang Song, Lin Chen, Jingjing Guo, Yanbin Wang, Ye Tian
https://arxiv.org/abs/2507.22447

Breaking Obfuscation: Cluster-Aware Graph with LLM-Aided Recovery for Malicious JavaScript Detection
With the rapid expansion of web-based applications and cloud services, malicious JavaScript code continues to pose significant threats to user privacy, system integrity, and enterprise security. But, detecting such threats remains challenging due to sophisticated code obfuscation techniques and JavaScript's inherent language characteristics, particularly its nested closure structures and syntactic flexibility. In this work, we propose DeCoda, a hybrid defense framework that combines large langu…

Using Containers to Speed Up Development, to Run Integration Tests and to Teach About Distributed Systems
Marco Mambelli, Bruno Moreira Coimbra, Namratha Urs, Ilya Baburashvili
https://arxiv.org/abs/2507.21464

Using Containers to Speed Up Development, to Run Integration Tests and to Teach About Distributed Systems
GlideinWMS is a workload manager provisioning resources for many experiments, including CMS and DUNE. The software is distributed both as native packages and specialized production containers. Following an approach used in other communities like web development, we built our workspaces, system-like containers to ease development and testing. Developers can change the source tree or check out a different branch and quickly reconfigure the services to see the effect of their changes. In this pape…

Trivial Trojans: How Minimal MCP Servers Enable Cross-Tool Exfiltration of Sensitive Data
Nicola Croce, Tobin South
https://arxiv.org/abs/2507.19880 https://

Trivial Trojans: How Minimal MCP Servers Enable Cross-Tool Exfiltration of Sensitive Data
The Model Context Protocol (MCP) represents a significant advancement in AI-tool integration, enabling seamless communication between AI agents and external services. However, this connectivity introduces novel attack vectors that remain largely unexplored. This paper demonstrates how unsophisticated threat actors, requiring only basic programming skills and free web tools, can exploit MCP's trust model to exfiltrate sensitive financial data. We present a proof-of-concept attack where a malicio…