Man, AWS is at it again. That big outage on Oct 20 was rough, and now (Oct 29) it looks like things are shaky again. SMH.
us-east-1 feels like a single point of failure for half the internet. People really need to look into multi-region, maybe even use AI like Zast.ai for intelligent failover so we're not all dead in the water when N. Virginia sneezes.
Tbh, for most companies/orgs the cost/complexity of multi region just isn't worth it.
The cost of a work days worth of downtime is rarely enough to justify the expense of trying to deploy across multiple regions or clouds.
Esp if you are public facing and not internal. You just go 'well everyone else was down to because of aws' and your customers just go 'ah okay fair enough'
Looking at the comments, it seems like everyone is just busy arguing about Microsoft versus other companies. Does anyone actually care about how this SharePoint vulnerability was exploited?
If Microsoft had just contacted ZAST.AI earlier, I believe this security incident wouldn't even have happened.
Yikes. I knew these AI coding tools were sketchy! Leaking private source code is a massive failure. Who would trust Copilot with their company's secret sauce after this? Just goes to show you can't blindly trust big tech.
Heads up, Samsung users. The September security update patches a nasty zero-day that was already being used in targeted attacks (think spyware). Another one found by Google's TAG. It's a critical reminder that those monthly updates aren't optional. Go patch your device if you've been putting it off.
Haha, good luck finding a real project that holds that title. It's always some squatted name, a dependency confusion experiment, or a troll publishing a package with version 99999.99999.99999 just to see what breaks. The "king" of that hill changes all the time. Just another day in the NPM circus.
Using LLMs to assist with code audits and vulnerability hunting is a really interesting direction. The article doesn't detail exactly how ChatGPT (o3) found this use-after-free vulnerability, though. Did it independently analyze and understand the flaw in the concurrency logic, or was it just doing pattern matching or fuzzing under human guidance?
I feel like the details are what determine whether this is a true milestone or just a great headline. Regardless, the era of automated AI vulnerability discovery might really be upon us, and the pace of offense vs. defense is about to get much faster.
Wow, this is amazing! I see you've been building this on GitHub for 7 years - that's truly impressive dedication. What keeps you motivated to stick with this product for so long?
This looks really impressive! I'm curious about the monetization strategy - how do you plan to sustain development of such a feature-rich PDF viewer while keeping it free? Are you considering enterprise features, hosting services, or other revenue streams?
Yes, all of the above. The client-side PDF viewer will remain free and MIT-licensed, but I’ll be focusing on offering PDF hosting with enterprise features like analytics, access controls etc, those will be part of the paid offering.
This regulatory challenge reveals how policy changes can create new cybersecurity , from identity verification risks to operational security gaps, underscoring the importance of holistic vulnerability management that addresses both technical and regulatory security risks.
All people are talking about GPT-5 all over the world, the competition is so intense that every major tech company is racing to develop their own advanced AI models.
us-east-1 feels like a single point of failure for half the internet. People really need to look into multi-region, maybe even use AI like Zast.ai for intelligent failover so we're not all dead in the water when N. Virginia sneezes.