Hasnain says:

“All of the experts I spoke with suggest people avoid storing and heating food in plastics altogether. “Without testing the entire landscape of these products, it is hard to really know” if any of them are truly safe, says Rogers.”

Hasnain says:

“"Now hold up there Herman! Won't this be triggered by valid users?" you say.

Perhaps, but it's fairly unlikely. In my tests I haven't managed to trigger it without explicitly performing a dodgy action. On top of that, it's been running in production for the past 3 months and I've only had one user report this as an issue. He was advertising online casinos.

Did it stop the spammers?

Yes!”

Hasnain says:

“The lack of available technical information from the vendors here made verification challenging, and it's questionable who this really benefits. Attackers are clearly highly motivated to track and exploit N-day vulnerabilities, and the lack of technical details being released won't significantly slow them down. On the other hand, very few defenders are resourced to be able to perform the type of technical analysis I've shared today. It's counter-intuitive, but withholding basic technical details about how these attacks are working in an asymmetry that mostly benefits attackers -- you quickly end up in a situation where attackers have access to insights about the vulnerability/exploit that defenders don't have.

This bug also shows that we have an over-reliance on fuzzing for security assurance of complex parser code. Fuzzing is great, but we know that there are many serious security issues that aren't easy to fuzz. For sensitive attack surfaces like image decoding (zero-click remote exploit attack surface), there needs to 1) be a bigger investment in proactive source code reviews, and 2) a renewed focus on ensuring these parsers are adequately sandboxed.”

Hasnain says:

At some point I need to sit down and write a database. This was an exciting read.

“As the DuckDB team points out, vectorized interpretation or JIT compilation seem like the future for database expression execution. These strategies seem particularly important for analytics or time-series workloads. But vectorized interpretation seems to make the most sense for column-wise storage engines. And column-wise storage normally only makes sense for analytics workloads. Still, TiDB and Cockroach are transactional databases that also vectorize execution.

And while SQLite and PostgreSQL use the virtual machine model, it's possible databases with tree-walking interpreters like Scylla and MySQL/MariaDB have decided there is not significant enough gains to be had (for transactional workloads) to justify the complexity of moving to a compiler + virtual machine architecture.”

Hasnain says:

The moves this guy has been orchestrating are amazing.

“The strategy the UAW is currently employing is led by the union’s new militant president, Shawn Fain. He was elected in March after the UAW changed its election process from a delegate system to one member, one vote in the most recent leadership election. He has assumed a new posture for the union’s leadership: for example, refusing to endorse Joe Biden for president until he supports the UAW’s efforts to unionize electric vehicle facilities, and rejecting a ceremonial handshake with auto manufacturer bosses before the start of contract negotiations.”

Hasnain says:

I’ve started playing it and liking it so far. Wish I had more time/energy to sink into it.

“In hindsight, Microsoft made a big oopsie; Baldur’s Gate 3 has no exclusivity tied to it, so its exclusion from the Xbox console was noticeable. In February, Larian Studios explained why Baldur’s Gate 3 didn’t have a planned Xbox release at the time. Vincke said on X — then Twitter — that Baldur’s Gate 3’s split-screen co-op didn’t work on Xbox Series S, Microsoft’s lower-priced console. Microsoft requires games to have feature parity across Xbox Series X and Series S, which held up the launch. By Aug. 24, after Baldur’s Gate 3’s major successes, Microsoft made a concession to let Baldur’s Gate 3 launch without split-screen co-op on Xbox Series S.

Baldur’s Gate 3 is now expected to arrive on Xbox later this year.”

Hasnain says:

"An early win is a well-documented technique known among gambling researchers and clinicians as a catalyst for addictive play, because it creates an early dopamine hit that gamblers are then eager to recreate, even as their subsequent losses mount.

A gambling operator that orchestrated this outcome would probably lose their licence to operate in Britain but there is no clear disincentive for gaming firms.

Gambling tends to spur much greater ethical concern and regulatory scrutiny, yet overlap – in practice and even game design – is becoming increasingly evident."

Hasnain says:

Chock full of amazing advice. I'm aiming to revisit this one periodically.

"“It’s about asking the right questions, the ones that keep you focused on growth and learning, not on moving up. My best teammates have been the ones who constantly pushed themselves to identify their weaknesses, systematically learn from their mistakes and get better,” she says."

Hasnain says:

This has been a glory to watch. still surprised the PR team let the CEO on TV to do that massive bungle earlier this week.

“But there’s something else, something maybe even more significant. While the Big 3 automakers have helped make this a pivotal moment, because fighting them means fighting corporate America in so many ways, the workers have also turned this into a crucial fight, because they embody our hope. Not only is the union explicitly fighting for the working class, they’re open about the class war nature of this struggle. UAW president Shawn Fain was recently asked about corporations and pundits accusing him of engaging in class war, to which he replied, “It's hard when I hear that not to just die laughing because the truth is the working class in this country has been under attack in a one-sided class war for decades.” And it’s true. What else could you call the CEO raises and the investor paychecks, when you stack them up next to the stagnant wages of workers? Not to mention the stripping of pensions, the creation of tiers where newer workers get screwed, labeling workers as temporary employees for years and years, and so much more.”

Hasnain says:

“The big solution? Remember at all times what our core mission is: to communicate truthfully, keeping top of mind that we have a public service mission to inform the electorate and hold powerful people to account. If that’s our north star, as it should be, every editorial judgment will reflect that.”