Feed aggregator

Article URL: https://slack.com/blog/news/the-fall-2024-workforce-index-shows-ai-hype-is-cooling?nojsmode=1

Comments URL: https://news.ycombinator.com/item?id=42120331

Points: 8

# Comments: 0

Hey, I was watching that! If you've ever been annoyed by the app yanking away the first video it showed you, this is good news.

I was tired of major job boards like LinkedIn/Indeed/Glass Door having spammy, promotions, and irrelevant job postings. Especially in ML where it was a pain to find MLE roles specializing in Computer Vision.

So I built Rocket Jobs. It looks at your resume and then uses semantic search to match you to relevant job postings based on your actual work experience. I spent a lot of time improving this "RAG" system by trying different embedding vendors and techniques to improve retrieval quality.

I intend to keep this 100% free. I'm able to run it for $0 rn. I'm also parsing 2M tokens a day all for free because I'm just using a 8B param llama for free rn from cerebras, groq, and together.ai. I plan to migrate to gemini later.

Also getting free postgres from aiven.io and free hosting from heroku student discount valid for 2 years

Link: https://www.rocketjobs.app/

Comments URL: https://news.ycombinator.com/item?id=42120323

Points: 3

# Comments: 0

Article URL: https://heather-buchel.com/blog/2024/11/carving-space/

Comments URL: https://news.ycombinator.com/item?id=42120313

Points: 3

# Comments: 0

Article URL: https://www.jeffgeerling.com/blog/2024/m4-mac-minis-efficiency-incredible

Comments URL: https://news.ycombinator.com/item?id=42120311

Points: 89

# Comments: 20

Article URL: https://chromewebstore.google.com/detail/mailmeteor-ai-email-write/loclkojldkjladfhbngilnhbeffbkgdm

Comments URL: https://news.ycombinator.com/item?id=42120307

Points: 2

# Comments: 0

Article URL: https://krebsonsecurity.com/2024/11/microsoft-patch-tuesday-november-2024-edition/

Comments URL: https://news.ycombinator.com/item?id=42120284

Points: 2

# Comments: 0

Article URL: https://konradkruk.com/blog/why-i-switched-to-aerospace-tiling-window-management-made-easy-on-macos

Comments URL: https://news.ycombinator.com/item?id=42120281

Points: 1

# Comments: 0

Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. November’s patch batch includes fixes for two zero-day vulnerabilities that are already being exploited by attackers, as well as two other flaws that were publicly disclosed prior to today.

The zero-day flaw tracked as CVE-2024-49039 is a bug in the Windows Task Scheduler that allows an attacker to increase their privileges on a Windows machine. Microsoft credits Google’s Threat Analysis Group with reporting the flaw.

The second bug fixed this month that is already seeing in-the-wild exploitation is CVE-2024-43451, a spoofing flaw that could reveal Net-NTLMv2 hashes, which are used for authentication in Windows environments.

Satnam Narang, senior staff research engineer at Tenable, says the danger with stolen NTLM hashes is that they enable so-called “pass-the-hash” attacks, which let an attacker masquerade as a legitimate user without ever having to log in or know the user’s password. Narang notes that CVE-2024-43451 is the third NTLM zero-day so far this year.

“Attackers continue to be adamant about discovering and exploiting zero-day vulnerabilities that can disclose NTLMv2 hashes, as they can be used to authenticate to systems and potentially move laterally within a network to access other systems,” Narang said.

The two other publicly disclosed weaknesses Microsoft patched this month are CVE-2024-49019, an elevation of privilege flaw in Active Directory Certificate Services (AD CS); and CVE-2024-49040, a spoofing vulnerability in Microsoft Exchange Server.

Ben McCarthy, lead cybersecurity engineer at Immersive Labs, called special attention to CVE-2024-43602, a remote code execution vulnerability in Windows Kerberos, the authentication protocol that is heavily used in Windows domain networks.

“This is one of the most threatening CVEs from this patch release,” McCarthy said. “Windows domains are used in the majority of enterprise networks, and by taking advantage of a cryptographic protocol vulnerability, an attacker can perform privileged acts on a remote machine within the network, potentially giving them eventual access to the domain controller, which is the goal for many attackers when attacking a domain.”

McCarthy also pointed to CVE-2024-43498, a remote code execution flaw in .NET and Visual Studio that could be used to install malware. This bug has earned a CVSS severity rating of 9.8 (10 is the worst).

Finally, at least 29 of the updates released today tackle memory-related security issues involving SQL server, each of which earned a threat score of 8.8. Any one of these bugs could be used to install malware if an authenticated user connects to a malicious or hacked SQL database server.

For a more detailed breakdown of today’s patches from Microsoft, check out the SANS Internet Storm Center’s list. For administrators in charge of managing larger Windows environments, it pays to keep an eye on Askwoody.com, which frequently points out when specific Microsoft updates are creating problems for a number of users.

As always, if you experience any problems applying any of these updates, consider dropping a note about it in the comments; chances are excellent that someone else reading here has experienced the same issue, and maybe even has found a solution.

In the market for a carry-on suitcase or duffel bag ahead of the holidays? Shop our expert-tested recommendations.

Article URL: https://www.theverge.com/2024/10/27/24281170/open-ai-whisper-hospitals-transcription-hallucinations-studies

Comments URL: https://news.ycombinator.com/item?id=42119948

Points: 1

# Comments: 0

Article URL: https://80000hours.org/articles/existential-risks/

Comments URL: https://news.ycombinator.com/item?id=42119945

Points: 2

# Comments: 0

Article URL: https://www.osohq.com/post/ts-vs-js-war

Comments URL: https://news.ycombinator.com/item?id=42119941

Points: 1

# Comments: 0

Article URL: https://www.theguardian.com/us-news/2024/nov/12/florida-tropical-storm-sara

Comments URL: https://news.ycombinator.com/item?id=42119930

Points: 1

# Comments: 0

Article URL: https://www.techdirt.com/2024/11/12/judge-to-zuckerman-release-your-app-first-then-well-talk-section-230/

Comments URL: https://news.ycombinator.com/item?id=42119928

Points: 1

# Comments: 0

CNET's team of experts has found the best internet providers in Gilbert, including high-speed fiber internet and budget-friendly plans.