Month: April 2025

Eclipsestore ist eine neue JVM-Speicherlösung. Wie sie die Datenverwaltung in Java-Anwendungen verändert und was sie besser macht als andere Frameworks. Ein Deep Dive von Sven Ruppert (Software, Programmiersprachen)

In den ersten 100 Tagen seiner Amtszeit hat US-Präsident Donald Trump die schlimmsten Befürchtungen übertroffen. Ein IMHO von Friedhelm Greis (Donald Trump, Elektroauto)

AI-generated computer code is rife with references to non-existent third-party libraries, creating a golden opportunity for supply-chain attacks that poison legitimate programs with malicious packages that can steal data, plant backdoors, and carry out other nefarious actions, newly published research shows.

The study, which used 16 of the most widely used large language models to generate 576,000 code samples, found that 440,000 of the package dependencies they contained were “hallucinated,” meaning they were non-existent. Open source models hallucinated the most, with 21 percent of the dependencies linking to non-existent libraries. A dependency is an essential code component that a separate piece of code requires to work properly. Dependencies save developers the hassle of rewriting code and are an essential part of the modern software supply chain.

Package hallucination flashbacks

These non-existent dependencies represent a threat to the software supply chain by exacerbating so-called dependency confusion attacks. These attacks work by causing a software package to access the wrong component dependency, for instance by publishing a malicious package and giving it the same name as the legitimate one but with a later version stamp. Software that depends on the package will, in some cases, choose the malicious version rather than the legitimate one because the former appears to be more recent.

Read full article

Comments

Monty Python and the Holy Grail is widely considered to be among the best comedy films of all time, and it's certainly one of the most quotable. This absurdist masterpiece sending up Arthurian legend turns 50 (!) this year.

It was partly Python member Terry Jones' passion for the Middle Ages and Arthurian legend that inspired Holy Grail and its approach to comedy. (Jones even went on to direct a 2004 documentary, Medieval Lives.) The troupe members wrote several drafts beginning in 1973, and Jones and Terry Gilliam were co-directors—the first full-length feature for each, so filming was one long learning process. Reviews were mixed when Holy Grail was first released—much like they were for Young Frankenstein (1974), another comedic masterpiece—but audiences begged to differ. It was the top-grossing British film screened in the US in 1975. And its reputation has only grown over the ensuing decades.

The film's broad cultural influence extends beyond the entertainment industry. Holy Grail has been the subject of multiple scholarly papers examining such topics as its effectiveness at teaching Arthurian literature or geometric thought and logic, the comedic techniques employed, and why the depiction of a killer rabbit is so fitting (killer rabbits frequently appear drawn in the margins of Gothic manuscripts). My personal favorite was a 2018 tongue-in-cheek paper on whether the Black Knight could have survived long enough to make good on his threat to bite King Arthur's legs off (tl;dr: no).

Read full article

Comments

Unter bestimmten Bedingungen ist Windows 7 anfangs sehr langsam gestartet. Die Erklärung dafür liegt etwa im Bitmap-Code. (Windows 7, Microsoft)

Noch vor der Markteinführung des HBO-Abos Max in Deutschland verlangt Warner einen Aufpreis, wenn ein Konto mit anderen geteilt wird. (Max, Streaming)

Das Kurbelradio von Mesqool bietet zuverlässige Energie und starken Empfang für Notfälle und im Alltag. (Technik/Hardware)

Cloudflare gewährt Einblicke in die DDoS-Attacken, die der Konzern im ersten Quartal 2025 abgewehrt hat. Ein Großteil davon war auf Deutschland gerichtet. (Cybercrime, Cyberwar)

Ein smartes Türschloss mit Fingerabdruck, Passwort, Alexa und vielen weiteren Zugangsoptionen gibt es bei Amazon zum Aktionspreis. (Türschloss, Homekit)

Der Esa-Satellit muss sich zudem eine Frequenz mit US-Militär-Satelliten teilen und sich deswegen regelmäßig abschalten. (ESA, Raumfahrt)