Feed aggregator

Article URL: https://www.bloomberg.com/features/2024-dutch-hacking-spree/

Comments URL: https://news.ycombinator.com/item?id=42071990

Points: 2

# Comments: 1

Article URL: https://isomorphism.xyz/blog/2024/car-free-houston/

Comments URL: https://news.ycombinator.com/item?id=42071953

Points: 1

# Comments: 0

Article URL: https://unsloth.ai/

Comments URL: https://news.ycombinator.com/item?id=42071936

Points: 2

# Comments: 0

Article URL: https://news.mit.edu/2024/nanoscale-transistors-could-enable-more-efficient-electronics-1104

Comments URL: https://news.ycombinator.com/item?id=42071930

Points: 2

# Comments: 0

I started building muGen about four months ago and it's now stable enough for me to share.

muGen is a microframework for prototyping and deploying multi-modal/multi-channel (3MC) generative AI applications. Written in Python, it aims to have a simple, lean, and extensible codebase that allows developers to mix and match technologies and vendors—such as LLMs, vector storage, and communication platforms—to get from zero to deployment quickly.

NB: muGen currently supports AWS Bedrock, Groq, and SambaNova as completion backends so you'll need to have credentials for one of these APIs to try it. I will add support for more vendors as I get the time.

Comments URL: https://news.ycombinator.com/item?id=42071898

Points: 2

# Comments: 0

Article URL: https://github.com/apache/opendal

Comments URL: https://news.ycombinator.com/item?id=42071872

Points: 1

# Comments: 0

Article URL: https://archive.org/details/on-tyranny-twenty-lessons-from-the-twentieth-century-by-timothy-snyder-z-lib.org

Comments URL: https://news.ycombinator.com/item?id=42071791

Points: 2

# Comments: 0

Article URL: https://www.consumerreports.org/cars/car-maintenance/how-to-protect-your-car-from-rodents-a5816950285/

Comments URL: https://news.ycombinator.com/item?id=42071728

Points: 2

# Comments: 0

Article URL: https://jetelina.org/im-happy-you-wanna-know-me-more/

Comments URL: https://news.ycombinator.com/item?id=42071681

Points: 1

# Comments: 0

Article URL: https://transactional.blog/how-to-learn/disk-io

Comments URL: https://news.ycombinator.com/item?id=42071625

Points: 2

# Comments: 0

Article URL: https://www.thestar.com/life/heres-why-you-might-want-to-stop-making-your-bed-in-the-morning/article_d8dae31e-afd7-11ee-a132-eb2ab5d66531.html

Comments URL: https://news.ycombinator.com/item?id=42071586

Points: 5

# Comments: 0

Article URL: https://github.com/nim-lang/Nim/wiki/Nim-for-Python-Programmers

Comments URL: https://news.ycombinator.com/item?id=42071580

Points: 1

# Comments: 0

Article URL: https://www.uib.no/en/michaelsarscentre/173833/young-again-study-shows-comb-jellies-can-age-reverse

Comments URL: https://news.ycombinator.com/item?id=42071576

Points: 2

# Comments: 0

Article URL: https://www.win-rar.com/singlenewsview.html?&L=0

Comments URL: https://news.ycombinator.com/item?id=42071562

Points: 1

# Comments: 0

A Facebook friend request leads to arrest, Twitter scams ride again via promoted ads, and adult websites expose their members. Oh, and Graham finds out what Rule 34 is. All this and more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.

<p>A vulnerability in the access control list (ACL) programming of Cisco Nexus 3550-F Switches could allow an unauthenticated, remote attacker to send traffic that should be blocked to the management interface of an affected device.&nbsp;</p> <p>This vulnerability exists because ACL deny rules are not properly enforced at the time of device reboot. An attacker could exploit this vulnerability by attempting to send traffic to the management interface of an affected device. A successful exploit could allow the attacker to send traffic to the management interface of the affected device.</p> <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p> <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3550-acl-bypass-mhskZc2q">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3550-acl-bypass-mhskZc2q</a></p> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2024-20371

<p>A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device.</p> <p>This vulnerability is due to improper storage of sensitive information within the web UI of Session Initiation Protocol (SIP)-based phone loads. An attacker could exploit this vulnerability by browsing to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information, including incoming and outgoing call records.</p> <p><strong>Note:</strong> Web Access is disabled by default.</p> <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p> <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-infodisc-sbyqQVbG">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-infodisc-sbyqQVbG</a></p> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2024-20445

<p>A vulnerability in a REST API endpoint and <span class="more">web-based management interface o</span>f Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with <em>read-only</em> privileges to execute arbitrary SQL commands on an affected device.</p> <p>This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a specific REST API endpoint or <span class="more">web-based management interface</span>. A successful exploit could allow the attacker to read, modify, or delete arbitrary data on an internal database, which could affect the availability of the device.&nbsp;</p> <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p> <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-sqli-CyPPAxrL">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-sqli-CyPPAxrL</a><br><br></p> <br/>Security Impact Rating: High <br/>CVE: CVE-2024-20536

<p>Multiple vulnerabilities in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks against users.</p> <p>These vulnerabilities exist because the web UI of an affected device does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.</p> <p><strong>Note: </strong>To exploit these vulnerabilities, Web Access must be enabled on the phone and the attacker must have <em>Admin </em>credentials on the device. Web Access is disabled by default.</p> <p>Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.</p> <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mpp-xss-8tAV2TvF">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mpp-xss-8tAV2TvF</a></p> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2024-20533,CVE-2024-20534