Hasty Briefsbeta

Bilingual

Self-hosting email the hard way from your own routable IPv4 block up
8 hours ago
- The author updated their self-hosted email infrastructure, including obtaining a dedicated IPv4 allocation.
- Self-hosting email is educational and important for data sovereignty, as email is central to digital lives.
- Setting up email involves configuring IP reputation, using RBLs, greylisting, and content filtering with rspamd and ClamAV.
- Email delivery uses LMTP and Sieve for filtering, with Maildir for durable storage and Flatcurve for full-text indexing.
- Sending email reliably requires SPF, DKIM, DMARC, and SRS to avoid spam filters and ensure deliverability.
- User email access is provided via Dovecot IMAP and Roundcube webmail, both secured with TLS.
- Remaining tasks include implementing MTA-STS, DANE, DNSSEC, and possibly a JMAP proxy in OCaml.
- Despite complexity, self-hosting email is a valuable learning experience and maintains user agency over digital lives.
Woman Gets on Route 66. Then She Starts Hearing Music Coming from Her Tires
2 hours ago
- A musical road on Route 66 in Springfield, Missouri, plays 'America the Beautiful' through tire vibrations when driven at exactly 30 mph.
- The road uses 2,309 thermoplastic strips over 855 feet, producing a 19.45-second rendition of the song via precise spacing for specific musical notes.
- Musical roads exist globally, with origins in Denmark (1995), Japan's 'Melody Roads' since 2007, and other U.S. versions in states like Oklahoma and Arizona.
- Springfield's installation, opened in April 2026, is 'Centennial Certified' for Route 66's 100th anniversary, with strips placed along the right edge of the lane for passenger-side sound.
- The road has drawn over 4.4 million views via a Facebook reel by Cave Guide Corey, sparking online discussions about the song, safety, and local noise impacts.
- Historically, some musical roads were paved over due to neighbor complaints about noise, raising questions about the longevity of Springfield's installation.
- Comments humorously note faster speeds would produce a 'chipmunks' version or a ticket, while some residents report the song is audible inside nearby businesses.
EU Says Decision Not to Launch Siri AI in Europe Is Apple's Alone
8 hours ago
- Apple decided not to launch Siri AI in the EU, with the European Commission stating this was solely Apple's choice.
- The Commission claims Apple failed to create interoperability solutions meeting EU privacy and security standards and instead sought an exemption from obligations.
- Apple blamed EU regulators for not engaging constructively, while the Commission asserts Apple requested a blanket exemption rather than negotiating compliance.
- Siri AI and its new features will be unavailable in the EU with the release of iOS 27 and other updates this year, though Apple hopes to eventually bring it to the region.
Proton Drive CLI: Use Drive from Your Terminal
5 hours ago
- Proton Drive CLI is now available for Windows, macOS, and Linux, offering command-line access to Proton Drive's cloud storage with end-to-end encryption.
- The CLI is built on the Proton Drive SDK and integrates with scripts, backups, and deployment pipelines without requiring code, complementing but not replacing the full desktop app.
- Key features include file and folder management (upload/download, trash), sharing and invitations, and support for machine-friendly JSON output for automation.
- Typical use cases include automated uploads after builds, scheduled backups, and access management, making it ideal for terminal users and team workflows.
- Future updates will add support for photos/albums, secure public links, and multi-account functionality, with the long-term goal of matching app capabilities on the command line.
- Users can download pre-built binaries or build from source using TypeScript and Bun, with secure browser-based sign-in and OS-managed session storage.
He Profits Off Raw Milk That's Making People Sick
4 hours ago
- Raw milk consumption in the U.S. is rising due to wellness trends, political support, and distrust in institutions, despite known health risks.
- Mark McAfee, the founder of Raw Farm, has built a large raw milk business despite multiple outbreaks linked to his farm, relying on claims of health benefits and safety through testing.
- Raw milk poses inherent risks of contamination from pathogens like E. coli and salmonella, leading to illnesses and outbreaks, yet regulatory enforcement has been inconsistent.
- Political figures, including former President Donald Trump and Robert F. Kennedy Jr., have supported raw milk, influencing government responses and reducing regulatory pressure.
- McAfee uses loopholes and defenses against regulations, such as diverting contaminated milk to cheese production, which may still pose health risks.
- Outbreaks linked to Raw Farm have sickened hundreds, including severe cases in children, but McAfee often disputes government findings and maintains a loyal consumer base.
- Despite ongoing outbreaks and recalls, demand for raw milk remains high, driven by influencers and consumer beliefs in its natural and therapeutic properties.
Devs know AI code is riddled with holes, but ship it anyway
3 hours ago
- Events section highlights topics like data sovereignty trade-offs, consumption-based models for market volatility, LLM-driven API attacks, enterprise data services for Kubernetes, security beyond Microsoft 365, ransomware recovery simulations, and Zero Trust/Agentic AI.
- AI section covers Apple's iOS 27 agentic features for compromised passwords, Neo4j's GraphAware acquisition as a Palantir alternative, LibreOffice's critique of Euro-Office and Microsoft lock-in, devs shipping insecure AI code despite risks, and Signal's opposition to UK device scanning plans.
- FOSS (Free and Open Source Software) section repeats Neo4j's GraphAware acquisition, LibreOffice's digital sovereignty concerns, devs' AI code security issues, Signal's device scanning warnings, Chrome's zero-day vulnerabilities, and France's government messaging platform compromise.
Apple's AI Can Now Change Your Passwords. What Could Possibly Go Wrong?
3 hours ago
- Apple announced an AI-driven feature in its Passwords app that automatically changes weak or compromised passwords on websites, aiming to improve security by addressing user inaction.
- Security risks include prompt injection from malicious web content, potential account lockouts due to workflow failures, and the high-impact nature of granting AI authority over credentials.
- Key concerns involve the AI's exposure to passwords, the need for strict origin validation, user consent for changes, and ensuring robust failure handling to prevent disruptions.
- The feature requires clear security boundaries, such as isolating credentials from the AI model, enforcing user approval, and maintaining detailed audit trails for accountability.
- While automation can enhance security by reducing password reuse and exposure time, it amplifies risks if devices are compromised or if the AI misinterfaces with untrusted web environments.
- Apple is urged to document and test controls like credential isolation, action scoping, and independent adversarial testing before the public release to ensure safe implementation.
How we run untrusted customer code at scale
7 hours ago
- Nango is a code-first platform for building product API integrations, handling over 150 million functions monthly across on-demand actions, long-running syncs, and bursty webhooks.
- Running untrusted customer code required strong isolation from internal systems, between tenants, and between executions to ensure security and fairness.
- Initial use of the in-process Node.js sandbox vm2 was abandoned in 2023 due to sandbox-escape vulnerabilities, shifting to a runner model for better isolation by separating execution into dedicated services.
- The runner model faced issues with resource fairness and observability, leading to a move to AWS Lambda in late 2025 for hardware-virtualized microVM isolation per execution and improved debugging.
- To handle Lambda's 15-minute time limit for long syncs, Nango implemented a 10-minute cap per run with checkpoints for resumable executions, enhancing reliability over long jobs.
- Tenant isolation on Lambda was achieved by pinning each customer's executions to their own Lambda functions, preventing cross-customer environment reuse and reducing security risks, though this increased cold starts to around 9%.
- Internal debates highlighted trade-offs: per-customer functions require warming mechanisms for cold starts, vs. building stronger sandboxes to eliminate the need for tenant isolation; incremental security improvements were prioritized.
- Comparison with other platforms (e.g., E2B, Fly, Modal) shows a trend toward hardware-level isolation (microVMs, gVisor) for untrusted code, while solutions like Cloudflare Workers' V8-isolate were deemed unsuitable for Nango's npm packages.
- Key lessons include distrusting in-process sandboxes as true isolation, aligning security boundaries with product needs, adapting runtimes to workloads with clear workarounds, and preferring resumable, short jobs over long-running ones for resilience.
- Future steps aim for tighter isolation per code function within Lambda, and Nango remains open-source and hiring for roles focused on secure code execution at scale.
Flat Datacenter Networks at Scale at Amazon
18 hours ago
- Random graphs were theorized as optimal expanders, inspiring networks with simple random wiring for strong connectivity.
- Fat-tree topology became the industry standard in data centers, using randomization in traffic but retaining hierarchical structure.
- The Jellyfish proposal connected random graphs to data center networks, but unresolved issues like routing and cabling persisted.
- AWS researchers developed RNG, overcoming key challenges with Spraypoint routing, ShuffleBox cabling, and operational models.
- RNG outperforms fat-trees in resilience, efficiency, and scalability, with successful deployment in Amazon data centers by 2026.
- RNG has limitations in operational complexity and stochastic guarantees, mitigated through specialized tools and explicit design.
Test-case reducers are underappreciated debugging tools
11 hours ago
- Test-case reducers are tools that automatically reduce the size of a failing input while preserving the error through an 'interestingness test'.
- They are not magic; a simple reducer can be written in Python to iteratively remove parts of the input and check if the error persists with a shell script.
- Reducers like Shrink Ray are more advanced, using clever techniques (e.g., removing comments, reducing integers) and parallelism for efficient reduction.
- Interestingness tests must be precise to avoid over-reduction, fast to speed up the process, and handle issues like nondeterminism and timeouts.
- Reducers can be abused to reduce more than just input length, such as by using a global counter to minimize trace size or error frequency.
- For nondeterministic bugs, test-case reducers can increase error frequency or determinism by adjusting interestingness tests to run inputs multiple times.
- Test-case reducers are valuable for debugging beyond compilers, making bugs easier to understand by producing minimal, focused inputs.
What it feels like to work with Mythos
5 hours ago
- Claude 5 Fable represents a significant leap over previous AI models, indicating a drastic change in human-AI relationships.
- Fable excels across diverse tasks, from academic papers to creative projects, often requiring minimal human input.
- It autonomously handled complex projects like an isochrone map and a data analysis tool, leveraging multiple AI agents for research, coding, and verification.
- Human involvement is limited to high-level instructions and feedback, turning users into patrons rather than active participants.
- Challenges include high token usage, strict guardrails that can revert to less powerful models, and a lack of transparency in AI decision-making.
- Future software development may increasingly depend on capital-intensive AI token usage, potentially sidelining individual human contributions.
Ultrafast machine learning on FPGAs via Kolmogorov-Arnold Networks
3 hours ago
- Master's thesis explores hardware architectures for ultrafast inference and online learning using Kolmogorov-Arnold Networks (KANs) on FPGAs.
- KANs replace learnable weights and fixed activation functions in MLPs with learnable univariate activation functions, offering potential improvements in scaling and parameter efficiency.
- Fixed-point quantization is used to encode real numbers as bitstrings, enabling neural networks to be implemented as digital logic on FPGAs with minimal approximation error.
- KANs are naturally suited for lookup-table neural networks (LUT-NNs) due to their univariate activations, avoiding exponential scaling issues of multivariate LUTs and enabling efficient pruning.
- For inference, KAN activations are stored as LUTs on FPGAs, achieving a 2700x speedup over prior implementations and surpassing state-of-the-art FPGA accelerators in latency and resource usage.
- Online learning on FPGAs is enabled by storing B-spline basis functions in LUTs and updating coefficients in real-time, leveraging locality and boundedness for stable, sub-microsecond gradient updates.
- B-spline locality ensures only a small subset of basis functions are active per input, scaling hardware logic with polynomial order rather than grid size, improving expressivity without resource overhead.
- Stable fixed-point training in KANs is achieved because activations and gradients are bounded within coefficient ranges, reducing quantization error and enhancing learning stability compared to MLPs.
- Implementation demonstrates KAN-based online learners can handle over 100,000 parameters with sub-microsecond latency, showing better hardware scaling and convergence on benchmarks like function approximation and quantum control.
- Conclusion highlights that KAN properties, such as activation mapping to LUTs and B-spline characteristics, are highly advantageous for custom hardware accelerators, enabling nanosecond-latency inference and efficient real-time learning.
GPT-2: Too Dangerous To Release (2019)
4 hours ago
- GPT-2 is a scaled-up version of GPT-1 with more parameters and training data.
- OpenAI initially withheld the full 1.5B-parameter model due to concerns about misuse.
- GPT-1 demonstrated zero-shot task effectiveness, showing pre-training encodes task knowledge.
- Both GPT-1 and GPT-2 share the same transformer decoder architecture.
- GPT-2's large model has 1.5B parameters, 10 times more than GPT-1.
- OpenAI released GPT-2 fully after a nine-month delay, citing monitored risks.
- Key findings include output being convincing, misuse potential, detection difficulties, and bias concerns.
- GPT-2's risks seem less severe today with the rise of more advanced models like ChatGPT.
- Despite improvements, misuse prevention (e.g., academic cheating) with AI like ChatGPT remains challenging.
Social Security funds could run short by 2032, program's Trustees warn
4 hours ago
- Social Security trust fund projected to run out by 2032, three months earlier than last year's forecast.
- Without congressional action, automatic benefit cuts of 22% would occur, averaging $500 per month.
- Key challenges include declining birth rates, reduced immigration, and tax cuts, despite some offset from productivity gains.
- Demographic shift: Baby boomers retiring faster with fewer younger workers supporting the system.
- Potential solutions involve raising taxes, reducing benefits, or a combination, to avoid automatic cuts.
Datacenter boom keeps dirty coal plants alive in the US
4 hours ago
- Events highlight data sovereignty, market volatility, API attacks, enterprise data services for Kubernetes, and cyber recovery simulations.
- AI-related topics include agentic AI features in iOS 27, graph database acquisitions for governments, and AI code security risks.
- Security issues cover UK device scanning plans, Chrome zero-day vulnerabilities, and government messaging platform breaches.
- FOSS developments involve alternatives to Palantir, critiques of Euro-Office undermining digital sovereignty, and AI-driven code deployment pressures.
BofA Warns Investors Should Take Profits Now in US Equities
4 hours ago
- Bank of America warns that 7 out of 10 bear market indicators have been triggered, suggesting investors take profits before a pullback.
- High P/E stocks leading low P/E stocks indicates excessive speculation, and lofty long-term growth expectations make equities vulnerable to disappointment.
- The S&P 500 is expensive on most metrics, and tech sector performance dispersion is at its widest since February 2000, signaling instability.
- Tech fundamentals are healthier than pre-dot-com bubble but worsening, with cash flow conversion flat, credit supply up, and buybacks slowing.
- Opportunities exist in individual S&P 500 stocks, but not the cap-weighted index overall, with a year-end target set below current levels.
Anthropic Kept Every Promise It Could Afford
4 hours ago
- Anthropic's Responsible Scaling Policy originally included a binding commitment to pause development if models became too unsafe.
- In February 2026, version 3.0 replaced this binding 'brake' with voluntary safety roadmaps and self-grading goals.
- Anthropic's chief science officer stated the change was due to competitive pressures; unilateral pauses were deemed ineffective.
- Anthropic's valuation surged from $4 billion to $965 billion, alongside policy changes and steps toward an IPO.
- Mythos, a model deemed too dangerous for public release, leaked shortly after limited deployment, undermining safety claims.
- A report co-authored by Jack Clark advocated for slowing AI development, but only if competitors do so verifiably.
- The author argues that financial incentives eroded safety commitments, irrespective of the company's initial sincerity.
- The sequence of events suggests growth and competition outweighed prior ethical promises.
Brexit Ten Years On: The Economy
3 hours ago
- Brexit involved a trade-off: sacrificing deep EU integration for more domestic control over migration, regulation, and trade policy, inevitably incurring economic costs.
- The economic impact has been a gradual, cumulative drag on the UK economy, reducing GDP, trade, investment, and productivity, rather than causing an immediate collapse.
- The Trade and Cooperation Agreement avoided tariffs but introduced customs checks, rules of origin, and regulatory barriers, increasing costs for trade with the EU, the UK's largest partner.
- Estimates suggest UK GDP is several percentage points lower than it would have been without Brexit, with productivity reduced by around 4% due to lower trade intensity.
- Goods trade underperformed, with exports and imports roughly 10-15% lower than expected, while services trade showed mixed results, with sectoral losses in regulated industries like finance and law.
- Brexit reduced investment by increasing uncertainty and lowering expected returns, compounding the UK's pre-existing weak productivity growth since the financial crisis.
- Migration changed compositionally: EU migration fell sharply, but non-EU migration increased, offsetting the decline overall, with ambiguous effects on GDP per head.
- Brexit exacerbated existing economic challenges, including low investment, strained public finances, and regional inequalities, limiting fiscal room for improvement.
- Gains from autonomy, such as regulatory divergence and new trade deals, have been economically limited so far, with benefits small compared to costs from reduced EU integration.
- Future agreements, like the May 2025 UK-EU 'Common Understanding', may reduce some costs but cannot replicate the economic value of single market membership.
Two vendors run 91% of the secure email gateway market for US public companies
10 hours ago
- Public MX records analysis of 2,584 SEC EDGAR-linked entities revealed a dominant duopoly in the secure email gateway market, with Proofpoint and Mimecast accounting for 91.4% of non-mailbox vendor matches.
- Microsoft 365 is the most prevalent mailbox platform at 43.6% among identified entities, aligning with expectations for large US organizations, but the gateway layer shows high concentration in just two vendors.
- When isolating the secure email gateway market, excluding mailbox platforms like Microsoft and Google, the combined share of Proofpoint and Mimecast rises to 92.4% among the top three pure gateway vendors.
- Comparison with a broader tracked population shows the gateway duopoly is more concentrated in SEC-linked entities, with Proofpoint and Mimecast shares roughly doubling, indicating enterprise-focused sales strategies.
- The high concentration at the MX layer implies vendor incidents at Proofpoint or Mimecast can impact a large share of US public-company email simultaneously, creating shared dependencies and structural risks.
- Additional analysis of DMARC reporting and SPF layers reveals different vendor concentrations, dominated by Salesforce, Amazon SES, dmarcian, and DMARC Analyzer, showing weaker concentration compared to the MX layer.
- The methodology uses suffix-based MX hostname matching for vendor attribution, providing auditable results, but it only captures public MX layers, not integrated cloud email security or hidden gateways.

first prev0next

About|Login

Hasty Briefsbeta

Self-hosting email the hard way from your own routable IPv4 block up

Woman Gets on Route 66. Then She Starts Hearing Music Coming from Her Tires

EU Says Decision Not to Launch Siri AI in Europe Is Apple's Alone

Proton Drive CLI: Use Drive from Your Terminal

He Profits Off Raw Milk That's Making People Sick

Devs know AI code is riddled with holes, but ship it anyway

Apple's AI Can Now Change Your Passwords. What Could Possibly Go Wrong?

How we run untrusted customer code at scale

Flat Datacenter Networks at Scale at Amazon

Test-case reducers are underappreciated debugging tools

What it feels like to work with Mythos

Ultrafast machine learning on FPGAs via Kolmogorov-Arnold Networks

GPT-2: Too Dangerous To Release (2019)

Social Security funds could run short by 2032, program's Trustees warn

Datacenter boom keeps dirty coal plants alive in the US

BofA Warns Investors Should Take Profits Now in US Equities

Anthropic Kept Every Promise It Could Afford

Brexit Ten Years On: The Economy

Two vendors run 91% of the secure email gateway market for US public companies