Aggregator

xAI has launched Grok 3, the latest iteration of its large language model, alongside new capabilities for its iOS and web applications. The model has been trained on approximately 200,000 GPUs in a Memphis data center, representing what CEO Elon Musk claims is a tenfold increase in computing power compared to its predecessor. The new release introduces two specialized variants: Grok 3 Reasoning and Grok 3 mini Reasoning, designed to methodically analyze problems similar to OpenAI's o3-mini and DeepSeek's R1 models. According to xAI's benchmarks, Grok 3 outperforms GPT-4o on several technical evaluations, including AIME for mathematical reasoning and GPQA for PhD-level science problems. A notable addition is the DeepSearch feature, which combs through web content and X posts to generate research summaries. The platform will be available through X's Premium+ subscription and a new SuperGrok tier ($30/month or $300/year), with the latter offering enhanced reasoning capabilities and unlimited image generation. To prevent knowledge extraction through model distillation -- a technique recently attributed to DeepSeek's alleged copying of OpenAI's models -- xAI has implemented measures to obscure the reasoning models' thought processes in the Grok app. The company plans to release the Grok 2 model as open source once Grok 3 achieves stability.

Read more of this story at Slashdot.

Customers told to pay up, quit, or wait for promised alternative ‘innovation’ coming real soon now

Avaya has advised customers and resellers of a planned “evolution” of its products that starts with a requirement to license at least 200 seats worth of its SaaS-y contact center wares by June 30, 2025.…

She has tragically had several miscarriages throughout her life

While the teen has previously sported a colorful buzzcut, on Sunday Fin styled their slightly longer hair into pigtails with bangs.

Lively, 37, broke cover to attend Sunday night's SNL50: The Anniversary Special with her husband, 48, marking her first major event since she filed a lawsuit against her It Ends With Us costar, 41.

Gretchen saw this line in the front-end code for their website and freaked out:

let bucket = new AWS.S3({ params: { Bucket: 'initech-logos' } });

This appeared to be creating an object to interact with an Amazon S3 bucket on the client side. Which implied that tokens for interacting with S3 were available to anyone with a web browser.

Fortunately, Gretchen quickly realized that this line was commented out. They were not hosting publicly available admin credentials on their website anymore.

.comment { border: none; }

They used to, however, and the comments in the code made this a bit more clear:

// inside an angular component: uploadImage(): void { const uniqueName = `${this.utils.generateUUID()}_${this.encrDecSrvc.getObject(AppConstants.companyID)}_${this.file.name}` /*; @note: Disable usage of aws credential, transfer flow to the backend. @note; @disable-aws-credential */ /*; AWS.config.region = 'us-east-1' let bucket = new AWS.S3({ params: { Bucket: 'initech-billinglogos' } }); */ const bucket = ( AWSBucketMask ); const params = { Bucket: 'initech-logos', Key: 'userprofilepic/' + uniqueName, ACL: "public-read", Body: this.file }; const self = this; bucket.upload( params, function (err, data) { if (err) { console.log("error while saving file on s3 server", err); return; } self.isImageUrl = true; self.imageUrl = data.Location; self.myProfileForm.controls['ProfilePic'].setValue(self.imageUrl); self.encrDecSrvc.addObject(AppConstants.imageUrl, self.imageUrl); self.initechAPISrvc.fireImageView(true); self.saveProfileData(); self.fileUpload.clear() }, self.APISrvc ); }

Boy, this makes me wonder what that AWSBucketMask object is, and what its upload function does.

export class AWSBucketMask { public static async upload( option, callback, service ){ const fileReader = new FileReader( ); fileReader.onloadend = ( ( ) => { const dataURI = ( `${ fileReader.result }` ); const [ entityType, mimeType, baseType, data ] = ( dataURI.split( /[\:\;\,]/ ) ); option.ContentEncoding = baseType; option.ContentType = mimeType; option.Body = data; service.awsBucketMaskUpload( option ) .subscribe( function( responseData ){ callback( null, responseData.data ); }, function( error ){ callback( error ); } ); } ); fileReader.readAsDataURL( option.Body ); } public static async deleteObject( option, callback, service ){ service.awsBucketMaskDeleteObject( option ) .subscribe( function( responseData ){ callback( null, responseData ); }, function( error ){ callback( error ); } ); } public static async deleteObjects( option, callback, service ){ service.awsBucketMaskDeleteObjects( option ) .subscribe( function( responseData ){ callback( null, responseData ); }, function( error ){ callback( error ); } ); } public static async getSignedUrl( namespace, option, callback, service ){ service.awsBucketMaskGetSignedUrl( namespace, option ) .subscribe( function( responseData ){ callback(null, responseData.data); }, function( error ){ callback( error ); } ); } }

The important thing to notice here is that each of the methods here invokes a web service service.awsBucketMaskUpload, for example. Given that nothing actually checks their return values and it's all handled through callback hell, this is a clear example of async pollution- methods being marked async without understanding what async is supposed to do.

But that's not the real WTF. You may notice that these calls back to the webservice are pretty thin. You see, here's the problem: originally, they just bundled the S3 into the client-side, so the client-side code could do basically anything it wanted to in S3. Adding a service to "mask" that behavior would have potentially meant doing a lot of refactoring, so instead they made the service just a dumb proxy. Anything you want to do on S3, the service does for you. It does no authentication. It does no authorization. It runs with the admin keys, so if you can imagine a request you want to send it, you can send it that request. But at least the client doesn't have access to the admin keys any more.

This is an accounting application, so some of the things stored in S3 are confidential financial information.

Gretchen writes:

We have to take cybersecurity courses every 3 months, but it seems like this has no effect on the capabilities of my fellow coworkers.

You can lead a programmer to education, but you can't make them think.

[Advertisement] Plan Your .NET 9 Migration with Confidence
Your journey to .NET 9 is more than just one decision.Avoid migration migraines with the advice in this free guide. Download Free Guide Now!

SanDisk aims to produce petabyte-scale SSDs through its new UltraQLC platform, though the company has not specified a release timeline. The technology, it said, combines SanDisk's BICS 8 QLC 3D NAND with a proprietary 64-channel controller featuring hardware accelerators that offload storage functions from firmware to reduce latency and improve reliability. The initial UltraQLC drives will use 2Tb NAND chips to reach 128TB capacities, with future iterations targeting 256TB, 512TB, and eventually 1PB as higher-density NAND becomes available. The controller dynamically adjusts power based on workload and employs an advanced bus multiplexer to handle increased data loads from high-density QLC stacks, the company said.

Read more of this story at Slashdot.

LIVE UPDATES: A Delta plane crash-landed at Toronto's Pearson international airport on Monday injuring at least eight people.

Patrick Schwarzenegger is reveling in the social media frenzy surrounding his jaw-dropping debut on The White Lotus. Patrick, clearly enjoying the buzz, gleefully reshared several tweets.

A new move by New Zealand to attract Aussie tourists has led to mockery on both sides of the ditch.

Penguin Emperor's weekly State Of The Kernel post went astray

Next time autocomplete takes over and you accidentally send an email to the wrong person or group, perhaps it will be a little solace to know that one of the world’s most accomplished technologists – Linux kernel boss Linus Torvalds – just made that same mistake.…

Bosses have said they are aware of the works needed at the Tube station

Caroline Kennedy is expected to meet with President Trump regarding his dramatic overhaul of the Kennedy Center for Performing Arts, DailyMail.com has learned. 

Devices containing crypto wallets tracked online, then in the real world

Indian authorities seize loot from BitConnect crypto-Ponzi scheme Devices containing crypto wallets tracked online, then in the real world India’s Directorate of Enforcement has found and seized over $200 million of loot it says are the proceeds of the BitConnect crypto-fraud scheme.…

JEMIMA CAINER: The Sun enters Pisces today while the Moon moves into Scorpio. This intensely emotional energy is disrupted a little by Venus making a minor aspect to Uranus.

IAN HERBERT: It was the casual way Arne Slot threw out Mohamed Salah's name in the Anfield press conference room early on Sunday evening which screamed his significance.

Inhaling the bacteria could produce symptoms like abdominal cramps, nausea, diarrhoea, and vomiting. But there is one thing you can do in the bathroom to stop these nasty effects.

Their performances have earned them a reputation as one of the most authentic and exhilarating Muse tribute acts.

A family from Mersea are appearing in George Clarke’s Building Home programme after a “fascinating journey” into the history of their property.

They flocked to the town for its affordability and quietness - but it's the 'friendly' community that really stands out