Superworms could replace beetles for cleaning skeletal remains
An optimal ratio of 10-15 grams of larvae per gram of specimen minimized cleaning time with no bone damage.
找到 48 篇相关文章
An optimal ratio of 10-15 grams of larvae per gram of specimen minimized cleaning time with no bone damage.
The EU wants Google to share search data with competitors and open up AI on Android, but Google alleges major privacy risks.
But the system would require a massive leap from any of its existing hardware.
CSS has always had pseudo-classes that style things when baed on user interactions. Recent features, however, are blurring the line between what CSS "listens" for and how they are alternatives to what Javascript typically listens for. The Shifting Line Between CSS States and JavaScript Events originally handwritten and published with love on CSS-Tricks . You should really get the newsletter as well.
Quando comecei a trabalhar com aplicações descentralizadas há mais de uma década, lembro bem da frustração de pagar US$ 50 em taxas de transação para mover alguns tokens na rede Ethereum durante um pico de congestionamento. Era um problema técnico que ameaçava inviabilizar todo o ecossistema. Hoje, observo com entusiasmo profissional como as soluções de Layer 2 transformaram radicalmente esse cenário, abrindo portas para casos de uso que antes eram economicamente impraticáveis — especialmente aqui no Brasil, onde a tokenização de ativos e os pagamentos em stablecoins crescem em ritmo acelerado. O problema fundamental: o trilema da escalabilidade Para entender por que as soluções de segunda camada são tão importantes, precisamos compreender o trilema da blockchain proposto por Vitalik Buterin. Uma rede precisa equilibrar três pilares: descentralização, segurança e escalabilidade. O Ethereum, em sua arquitetura original, priorizou os dois primeiros, processando apenas cerca de 15 a 30 transações por segundo (TPS) na camada base. Para se ter dimensão, redes de pagamento tradicionais como a Visa processam milhares de transações por segundo. Quando o DeFi explodiu em 2020 e 2021, e novamente com o boom dos NFTs, a rede simplesmente não dava conta da demanda. As taxas de gas dispararam, e usuários comuns foram literalmente expulsos pelo custo. Em meus projetos de consultoria, atendi empresas brasileiras que desistiram de iniciativas Web3 justamente porque os custos operacionais inviabilizavam o modelo de negócio. A pergunta que sempre me faziam era: "Como cobrar R$ 5 de um cliente se a taxa da transação custa R$ 30?". A resposta estava — e está — nas camadas de segunda geração. Como funcionam as soluções de Layer 2 O conceito central das soluções de Layer 2 é elegante: em vez de processar todas as transações diretamente na blockchain principal (Layer 1), executamos a maior parte do processamento "fora da cadeia" e depois enviamos apenas uma prova compacta de volta para o
Summary NFS shares exposed the target's home directory and PostgreSQL backups. The user's psql history contained an MD5 hash that cracked to service . SSH with that account drops you immediately (shell is /bin/false ), but port forwarding still works - so we tunneled straight to the Postgres Unix socket and connected as the superuser. From there, COPY FROM PROGRAM gave us RCE as postgres. We injected our SSH key and got a shell. For root, a cron job running as root copies the entire Postgres data directory - which postgres owns. We dropped a SUID bash there, waited for the cron to fire, and root handed us a root shell. Chain: NFS leak → MD5 crack → SSH tunnel → Postgres RCE → SSH key injection → postgres shell → SUID bash via cron → root Recon nmap -A -Pn 10.129.234.160 -oA nmap PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.9p1 Ubuntu 3ubuntu0.13 111/tcp open rpcbind 2-4 (RPC #100000) 2049/tcp open nfs_acl 3 (RPC #100227) NFS on 2049 is immediately interesting. We check what's exported: showmount -e 10.129.234.160 Export list for 10.129.234.160: /var/backups * /home * Both shares open to everyone ( * ). We mount them and enumerate: mkdir -p /mnt/home /mnt/backups mount -t nfs 10.129.234.160:/home /mnt/home mount -t nfs 10.129.234.160:/var/backups /mnt/backups find /mnt/backups -maxdepth 3 -ls # → several archive-*.zip files (~4.5MB each, created every minute) find /mnt/home -maxdepth 3 -ls # → /mnt/home/service (UID 1337, permission denied) We can't read the service home directory yet because our local UID doesn't match. We use NetExec to enumerate properly - it also detects a root escape vulnerability on the NFS server: nxc nfs 10.129.234.160 --enum-shares NFS 10.129.234.160 [*] Supported NFS versions: (3, 4) (root escape:True) NFS 10.129.234.160 [+] /var/backups NFS 10.129.234.160 0 r-- 4.5MB /var/backups/archive-2026-06-28T0446.zip NFS 10.129.234.160 [+] /home NFS 10.129.234.160 1337 r-- 90B /home/service/.bash_history NFS 10.129.234.160 1337 r-- 326B /hom
It's a stretch to think that the continent can build a top-tier model, but it has an advantage: Donald Trump.
What began as a “flamingo revolution” to protest the $1.4 billion development on Sazan Island has spiraled into mass protests against a ruling party that thousands now want out.
Europeans are baking under their second heat wave of the summer.
Sometime in 2024 I had a Coinbase wallet on my laptop. I had created the wallet some months back, backed up and all, and just sent very little amount of $ETH to the wallet. Then in 2024 I was paid $100 for a gig which I sent to this wallet, I also sent another $650 worth of cryto as "savings". The next morning I decided to check my "savings", wallet was empty. At first I didn't believe that I was hacked, because I had some $1.50 or so worth of $ETH in the wallet for months and it was safe, so what happened? I traced the transaction history and there was the full detail of how someone sent some $ETH to the wallet, then moved out my "savings" and afterwards also took back the remaining $ETH from the one they had sent in for the attack. I checked on Twitter and saw many other posts of people who had experienced the same exploit, exactly the same pattern... and some of the people who lost their funds were experienced blockchain developers and crypto guys. I made a post about it, told my friends to avoid the wallet and tried to forget about the experience. Blockchain hit instant PMF for many, especially people in parts of the world where there are crazy high fees and bank charges. The moment people tried sending crypto and for a few cents in gas fees, there was no going back for them. The only issue has always been how to secure users' funds, desperate people will always find a way no matter how complex the UX was. After losing my savings I stopped using self custodial wallets and only used Centralized Exchanges for a while. I thought, even though that was a non-custodial wallet, the builders still should have ensured strong security and secure backups, so users don't lose funds unnecessarily. This happened to me when AI and LLMs were still at their early development stages. You can only imagine how sophiscated the attacks have gotten, now that AI and LLMs are very advanced and more capable. To put things in perspective, more than $640 million was lost to deFi hacks and
Coherence Neuro has started testing a brain-computer interface that could one day use electrical stimulation to prevent tumors from growing.
When we open sourced Neural Inverse Cloud, the easiest choice would have been MIT. Most developers like MIT. It's short, permissive, and widely adopted. If you've released an open-source project before, MIT is probably the first license you considered. We didn't choose it. We chose AGPL. Not because we dislike permissive open source. Not because we want to restrict users. We chose it because infrastructure software plays by different rules. The Infrastructure Problem MIT works incredibly well for libraries. You publish code, developers use it, and occasionally improvements flow back into the project. Nobody is forced to contribute, but community norms often make it happen anyway. Infrastructure software is different. Cloud IDEs, databases, developer platforms, deployment systems, and backend services can be monetized without ever distributing the source code. A company can: Fork your project Add proprietary features Launch a hosted version Build a competitive advantage on top of community work Never contribute anything back The original project does all the R&D. The fork captures the value. We've seen this pattern repeatedly across open-source infrastructure over the last decade. Why AGPL Exists AGPL closes a loophole that traditional open-source licenses leave open. With GPL, if you distribute modified software, you must publish your changes. But what if you never distribute the software? What if you simply run it as a hosted service? That's where AGPL comes in. If you modify AGPL software and provide it to users over a network, you must also provide the source code for those modifications. That applies to everyone. Including us. If we improve Neural Inverse Cloud, those improvements stay open. If someone else builds a SaaS business on top of it, their modifications stay open too. Why This Matters for Users We wanted users to have guarantees. With AGPL: You can self-host the latest version Community improvements remain accessible No company can create a permanently
The Disinformation Supply Chain: How Coordinated Influence Campaigns Are Built Before They Go Viral Article from Digital HUMINT Series, For better understanding read the full report Right now, somewhere on X/forum people are fighting about a post that feels real raw, emotional, perfectly worded to hit a nerve. It has the right language, the right anger, the right timing. It sounds like someone who thinks exactly the way you do, or exactly the way you hate. It wasn't written there. It wasn't written today. And the person who wrote it doesn't care about the issue at all. That post was created two or three days earlier, on a hidden forum or a private chat group, following a set of instructions that described who to target, what emotions to trigger, which platform to use, and how much the job pays. By the time you see it, the operation has already worked. You engaging with it for or against is the whole point. I've spent almost two decades watching these hidden spaces where online manipulation is planned. What I've learned isn't that fake content exists everyone knows that by now. What most people don't realize is that it works like a factory. There's a production line. There are workers, managers, and paychecks. And just like any factory, if you know where to look, you can see the product being assembled before it ever reaches the shelf. It Works Like Any Other Business We talk about "disinformation campaigns" as if they're political movements. Some are. But more and more, what you're actually looking at is a business with four steps, each handled by different people, often in different countries. Step 1 — Someone writes the plan. A person with a goal and a budget writes a document that says: push this story, target these kinds of people, make them feel this emotion, use this language, post it on these platforms. These plans used to appear on hidden internet forums. Many have moved to private Telegram groups, but the structure hasn't changed since I first saw it in 201
I have built 114 Claude Code skills. Most of them are engineering plumbing. But five of them exist for one reason only: my executive function has specific, repeatable holes, and I got tired of falling into the same ones. These five are not productivity hacks. Each one maps to a named ADHD deficit, and each one fills it the same way every time so I do not have to re-improvise around my own brain at 2pm. If you want the broader system this sits inside, start with my Claude Code ADHD workflow and the CLAUDE.md guide . This post is the skills layer specifically. What Is a Claude Code Skill? A skill is a named, repeatable workflow you invoke with a slash command. Instead of re-prompting Claude Code from a blank slate every time ("okay, help me figure out what to work on, here is my situation again..."), you type /adhd-task-triage and it runs the same defined steps it ran yesterday. For an ADHD brain, that determinism is the feature. The skill does not depend on me remembering how to drive it. It just runs. Custom skills live in a .claude/skills/<name>/SKILL.md file that describes what the skill does and when it should fire. You can build one for any gap you fall into more than twice. 1. adhd-task-triage: Energy-Based Prioritization The gap it fills: task initiation paralysis. Standard task managers sort by priority or deadline. That assumes you can act on the top item by willpower. ADHD does not work that way. The top-priority task and the task you can actually start right now are often different tasks, and trying to force the high-priority one when your initiation circuit is offline produces zero output and a guilt spiral. adhd-task-triage sorts by available energy , not importance. You tell it where you are (wired, foggy, depleted), it looks at the work in front of you, and it hands back the task that matches the state you are actually in, not the one you wish you were in. /adhd-task-triage Why it helps specifically: it removes the moral framing. The question stops bei
Isar Aerospace is not hurting for money, but it is sorely lacking in the currency of flight experience.
Most token scam detectors, including the one I work on, share one implicit assumption: the contract you analyze at launch is the contract people will trade. Read the source, simulate a buy and a sell, cluster the deployer, score it, done. That is a snapshot. And a snapshot is exactly what a patient scammer plays against. Two token designs pass every launch-time check and then turn hostile later. This is how they work, and the two on-chain techniques we shipped this week to catch them. Design 1: the delayed honeypot A honeypot is a token you can buy but cannot sell. The classic version is non-sellable from block one, so a buy-then-sell simulation catches it instantly. The patient version is sellable at launch. Early buyers sell fine, the chart looks healthy, the token earns a clean verdict from every checker that judged it at T0. Then, days later, the operator flips a switch: a timed blacklist that rejects transfers after a block height or timestamp, a setTrading(false) / pause() kill switch pulled once liquidity has accumulated, a fee setter cranked to 100% on sells. From that moment it is a honeypot. But the only verdict on record is the clean one from launch day. The detection ran once, at the worst possible time to run it. Fix: re-simulate at J7 We keep post-launch snapshots of every token at J0, J7 and J30 (originally to catch slow rugs: volume collapse, late LP burns). The new piece re-runs the full buy/sell honeypot simulation at J7, but only for tokens that were genuinely sellable at J0. A clean-to-honeypot flip is the signal: // Only for tokens sellable + tradable at J0 - a clean->honeypot flip is the point. // Bounded per run because it is RPC-heavy. const eligible = ! j0 . risk_flags . some (( f ) => J0_SKIP_RESIM_FLAGS . has ( f )); if ( rpc && eligible && resims < resimLimit ) { const isNowHoneypot = await detectLateHoneypot ( rpc , tokenAddress ); if ( isNowHoneypot ) flags . push ( " late_honeypot " ); // +40 risk at J7 } One rule we hold to: an RPC hi
The ruling holds that a company that designs, trains, operates, and manages an AI system must assume legal liability for any damages caused by the responses it generates.
It isn't the only startup tackling physical AI, but it's one of the best-funded.
After Elon Musk and Tommy Robinson stoked anger over a horrific knife attack in Belfast, a youth group linked to a global neo-Nazi movement quietly orchestrated anti-immigrant riots.
Our ancestors' genomes were built through successive waves of gene transfers.