Exploiting vulnerabilities in Johnson & Johnson web apps (6 minute read)
Two vulnerabilities were identified in Johnson & Johnson's web applications, one affecting a campus recruiting system that exposed nearly 1,000 students' details, and the other allowing administrative takeover of an internal audit system used by 20 companies. The campus recruiting vulnerability came from a simple misconfiguration where an API key was used instead of proper token authentication, while the audit system's flaw involved unauthenticated access to sensitive employee information through poorly secured APIs.
|
The annotated PyTorch training loop (31 minute read)
To build an effective training loop in PyTorch, it's necessary to understand the order and placement of various operations, as misplaced lines can lead to issues such as failed convergence or excessive memory usage. This includes setting up the model, loss function, optimizer, and data loader, followed by executing the training and validation phases while managing gradients through techniques like gradient clipping and learning rate scheduling.
|
|
You can't unit test for taste (12 minute read)
The development of the app "In the Long Run" allows runners to engage in virtual runs across popular global routes, tracking their progress on interactive maps. A key aspect of the app is improving these maps with points of interest, which led to the creation of a data processing pipeline that filters a dataset to identify and serve relevant landmarks based on user-defined parameters. However, it was challenging to automate aspects of taste and accuracy with AI.
|
The Coming Divide: AI-Native or Left Behind (4 minute read)
A divide is emerging between those who embrace AI technology and those who reject it, creating distinct experiences and opportunities for each group. Individuals who use AI tend to be much more productive and innovative, which exacerbates feelings of unfairness and frustration among those who remain skeptical or disengaged.
|
The AI era requires a different kind of experimentation (14 minute read)
The landscape of experimentation in product development has shifted a lot, requiring teams to abandon minor optimizations in favor of larger, more impactful changes. The accelerated pace of innovation, combined with the automatic personalization capabilities of AI, reduces the value of traditional A/B testing and calls for longer testing periods to capture true outcomes.
|
|
Web automation that actually works on real websites. (Sponsor)
Web automation broken? Agents hallucinating webpage content? The usual culprits: JavaScript-heavy pages, shifting layouts, anti-bot walls, multi-step forms. Ramp, Lovable and Deepmind use Browserbase to run web automation on production headless browsers. Self-healing when pages change, unfazed by auth or weird UI. Full session observability at 35M+ sessions a month. Get a Demo →
|
Open SEO (GitHub Repo)
OpenSEO is an open-source SEO tool designed as an alternative to platforms such as Semrush and Ahrefs. It provides various SEO workflows, including keyword research, rank tracking, and site audits, without requiring a subscription model, using a pay-as-you-go approach for connected DataForSEO APIs.
|
|
Every Team is Building the Same Cache (9 minute read)
Many companies working with cloud compute workloads repeatedly face the issue of unnecessary delays caused by slow data access, leading infrastructure teams to build caching solutions from scratch, even though these solutions ultimately converge on similar designs. The increasing reliance on ephemeral computing instances and the growing size of data make this problem worse, resulting in multiple teams devising their own proprietary caching methods without sharing them.
|
Scaling Laws, Carefully (25 minute read)
Scaling laws in deep learning show how training loss decreases predictably as model size, dataset size, and compute resources increase, typically following a power-law relationship. Empirical studies have shown that larger models and datasets lead to more efficient learning, with results suggesting the optimal allocation of resources between model size and dataset size to minimize generalization error.
|
The Unbearable Cheapness of Open Weight Models (4 minute read)
DeepSeek V4 offers lower pricing compared to Anthropic and OpenAI models, highlighting a nearly 50x price difference based on token usage. Concerns have come up regarding the high costs associated with AI models from major companies and whether they can effectively compete with more affordable open weight alternatives.
|
|
Persona (GitHub Repo)
Persona is a lightweight, themeable AI chat widget that easily integrates with websites.
|
the-stats-duck v0.6.0 (6 minute read)
The latest version of the-stats-duck extension for DuckDB introduces several new statistical functions and charting capabilities, allowing users to perform interesting new analyses, like regression analysis, directly in SQL without external programming languages.
|
|
Love TLDR? Tell your friends and get rewards! |
|
Share your referral link below with friends to get free TLDR swag!
|
|
|
|
| Track your referrals here. |
|
|
|
0 Comments