1 March 2024

Stackoverflow to charge for AI usage of its Q&A data

Stackoverflow will charge AI companies for usage of its data and will require attribution back when its answers are used.

More info...

23 February 2024

Switching from ts-node to tsx

 

JavaScript is a fast changing ecosystem. With so many new and old kids on the block there  are so many options that having them play nicely together is a challenge.

We're working with node.js 18 at the server side and have moved to using TypeScript (instead of JavaScript) and ES modules (instead of CommonJS modules).

We're using ts-node to feed node TypeScript, and added extra options to our tsconfig.json for this:

{
"extends": "@tsconfig/node-lts/tsconfig.json",
"compilerOptions": {
"module": "ESNext",
},
"ts-node": {
"esm": true,
"experimentalSpecifierResolution": "node"
}
}

We're using nodemon to restart node upon changes.  

This was giving us some problems when launching in debug mode, so we had to explictly pass the ES module loaders of node to nodemon. These are our commands in package.json

"scripts": {
"start": "nodemon index.ts",
"ts": "ts-node ",
"debug": "nodemon -x \"node --inspect --loader ts-node/esm \" "
}

For both npm run ts and npm run debug we're appending the ts file to be run.

We're testing with Jest and  again we needed some extra configuration to play nicely with Typescript and ES modules.

And then we moved to the Node.js 20 LTS release and things broke. It cannot even grok @tsconfig/node-lts/tsconfig.json (es2023 not supported).  You can get things going by also passing the esm loader when running the code normally, just as you do when you're debugging.

But really, not running with the LTS seemed a bit lame to me for a tool like ts-node. The 10.9 release dates from juli 2022, with only two bug fix releases since, and no sign of updates for new releases of underlying packages.

So, we took a stab at tsx as an alternative for ts-node. If you look at the comparison between the two (by tsx, but still informational), you see that tsx has less downloads (6M/month vs 94M/month), has a larger footprint (10 MB vs 2MB), has less github stars (7k vs 12k).

Trying out tsx we could reduce tsconfig.json to sensible defaults

{
"extends": "@tsconfig/node-lts/tsconfig.json"
}

Also, we did not need nodemon anymore, as tsx comes with a watcher. Our scripts commands in package.json have simplified to

"scripts": {
"start": "tsx watch index.ts",
"ts": "tsx ",
"debug": "tsx --inspect-brk "
},

I have not tried out (Jest) testing yet, but as for now, tsx looks like the way to go!



22 January 2024

Nightshade: protecting your images against usage for AI trraining

Nightshade is a tool built at the University of Chicago that tries to pick the part of the image that is described in the associated text and then blurs its boundaries. In this way AI training software has a hard time to find the subject in the downloaded image.

2 December 2023

LofgoFail: BIOS vendor logo loader vulnerability

 

Logofail, a vulnerability in the loading of vendor logo  image files from BIOS bypasses secure boot measures from all major BIOS vendors. 

More info...

9 October 2023

Negative news gets more clicks

A study in Nature Human Behaviour shows that people are more likely to pick negative news articles to read:

  • For every negative word in a news title the chance a user clicks on it increases by 2.3%.
  • For every positive word in a news title the chance a user clicks on it decreases by1%.

more...

26 September 2023

RSA and other encryption servers vulnerable to 25-year old Marvin attack

 Among others, popular OpenSSL and GnuTLS implementations are vulnerable.

The authors recommend to stop using RSA PKCS#1 v1.5 and switch to Elliptic curve Diffie-Hellman.

They suspect that any cryptographic library using general purpose integer implementations ( (default mode of OpenSSL's BIGNUM, Java's BigInteger, Python's int, Rust's apin...) is vulnerable.

What can the attackers gain?

  • The attacker is able to decrypt RSA ciphertexts and forge signatures.
  • For a TLS server that defaults to RSA encryption key exchanges, that means the attacker can record a session and decrypt it later.

more...

 

 

15 September 2023

When you can't pin a .exe to your windows 11 start menu

 I have a program on my new Windows 11 machine, for which I'd like to add the .exe to my start menu.

When I use the right click menu on the .exe to do this, nothing happens.

Here's how I solved the problem:

  1. Create a shortcut (myProgram.lnk) for the myProgram.exe
  2. Copy the shortcut to your desktop
  3. Use the right click menu on the shortcut to pin it to your start menu (now this works for me!)
  4. Throw away the shortcut on your desktop (if you don't like it there)