haker

3dasd

mybb@mybb.ru (panteleev.anastasiy) — Thu, 24 Jun 2021 19:33:12 +0300

What�s this all about? #
This site is here to help you build a room-scale 3D scanner like this:

Who is this for? #
The goal is to make this as accessible as possible! However, at this point you need to have access to a 3D printer, do some very basic soldering and assemble a few cables (JST connectors).

Everything you see is open-source and free (as in free beer and free speech). I�m more than happy to hear your ideas and incorporate your feedback. Shoot me an email or find me on Discord, open a GitHub issue or pull-request! Get involved! (;

Is it any good? #
Yes! Well, okay, it depends. (:

This is not a production-grade scanner, it�s way too slow, loud and just not accurate enough for most real-world applications. It could be a great entry into the world of 3D scanning though.

Check out the examples page for scans taken with the scanner.

Is it expensive? #
It tries not to be. (:

Prices will depend on a lot of factors. Do you 3d-print your own pieces? Where do you order the electronic components from? Do you trust the cheapest modules? Do you get in contact with me so I can send you a leftover PCB? (;

A very-very rough estimate would be around 350 USD with the bulk of it being the LIDAR sensor.

Acknowledgements #
This project started off as the combination of these Youtube videos:

�Making a Lidar scanner in the home shop with a lathe, a pair of STM32s, and a Garmin Lidar Lite� by David Cambridge. This was the original inspiration for 3dasd.
�3D Printed DSLR Camera Pan Tilt Mount (Arduino/Stepper Driven) 2020� by isaac879. This has inspired the mechanical design and also parts of the software was borrowed from here.
Edit
Edit this page

Literably (IK12)

mybb@mybb.ru (panteleev.anastasiy) — Thu, 24 Jun 2021 19:32:26 +0300

About Literably
Literably is a fast-growing edtech company on a mission to develop every child into a proficient reader. Our flagship product is an online elementary reading assessment. Using our product, K-5 students read aloud and answer questions on a device (Chromebook, iPad, laptop, desktop), and Literably generates key data for reading instruction that would otherwise be collected manually. This saves teachers enormous amounts of time and drives critical intervention decisions for young readers. We currently serve over 500 schools, including several of America�s largest school districts.

About the role
Skills: Python, Amazon Web Services (AWS)

We are looking for a senior full-stack software engineer to take significant technical ownership over Literably's web services and core assessment processing system. You will play a leading role in both defining the technical roadmap and scaling the system to handle our rapid user growth. We work with AWS, Python, Django, Redis, and Postgres, but specific experience with this stack is not required. Prior experience operating autonomously and proactively at early stage startups is a big plus. Other nice-to-haves include experience with signal processing, audio data analysis, machine learning, and automated speech recognition.

Technology
We work with Python, Amazon Web Services, Pulumi, Docker, Git, Django, Redis, CircleCI, and Postgres. We receive huge volumes of noisy, often poorly-articulated audio data from young children in real classrooms every day. Using a combination of automated speech recognition and human transcription, our software converts this into clean, actionable information for elementary school teachers. Improving and scaling this assessment processing pipeline makes up the bulk of our engineering work.

Cheat Sheet: Google extends cookie execution deadline until late 2023,

mybb@mybb.ru (panteleev.anastasiy) — Thu, 24 Jun 2021 19:29:16 +0300

Google will let the third-party cookie live on for nearly two years longer than planned.

The company has extended its self-imposed deadline to deprecate third-party cookies in its popular Chrome web browser from its original date of January 2022 until late 2023, Google announced today. Even that new deadline appears to be flexible, though.

Here�s what we know about Google�s stay of execution for the cookie and what may have led to its decision to allow the digital ad ecosystem to use the identifier for a little longer.

The key details
Google will phase out third-party cookies in Chrome over a three-month period ending in late 2023.
Google will only do so after testing of cookieless ad methods in development as part of its Privacy Sandbox initiative are fully tested and deployed via APIs in its browser.
The firm plans to begin phasing out Chrome support for third-party cookies beginning in late 2022, and it expects the phase-out to last nine-months.
All of this appears to be subject to the U.K.�s Competition and Markets Authority, which has been investigating the competition-related impact of the company�s Privacy Sandbox approach to replacing third-party cookies.
Google will end its current trial of FLoC, its most-controversial Privacy Sandbox proposal for tracking people and targeting ads, on July 13.
Pressure from the UK
For over a year, the digital advertising industry has fretted over how to operate without third-party cookies. But Google�s decision to extend its deadline seems largely driven by government pressure.

Google�s entire business is under threat from a variety of antitrust lawsuits and investigations. That includes an antitrust investigation announced this week from the European Commission which, along with some of those suits, addresses Google�s Privacy Sandbox efforts. However, the company�s decision to extend the cookie�s deprecation seems to be in direct response to the CMA. On June 11, the agency said it will evaluate commitments from Google to adjust its much-maligned Privacy Sandbox approach, which has been subject to intense criticism from ad tech firms who say it is not as collaborative as it should be and could facilitate an even greater consolidation of power for Google over ad tech firms, digital ad buyers and ad sellers.

Google has a big incentive to appease the CMA: If it formally accepts its commitments, the CMA would terminate the Privacy Sandbox investigation it launched in January. The agency said it will consult with interested entities regarding the commitments until July 8 before it decides whether to accept them. And if it does, that does not prevent the agency from reopening the investigation.

Among Google�s commitments submitted to the CMA, the company said it would not give preference to its own systems and services in development or implementation of Privacy Sandbox methods or use �sensitive information provided by an ad tech provider or publisher to Chrome in a way that distorts competition.�

Even late last year, Google execs were hedging on timing regarding final cookie deprecation in Chrome. And in a company blog post published today to announce the extension, use of the word �could� is also notable. The company states, �Subject to our engagement with the United Kingdom�s Competition and Markets Authority (CMA) and in line with the commitments we have offered, Chrome could then phase out third-party cookies over a three-month period, starting in mid-2023 and ending in late 2023.�

So long for now, FLoC
Google also said it will conclude its initial trial of Federated Learning of Cohorts or FLoC, its most well-known and criticized Privacy Sandbox ad method, in the coming weeks. The company told Digiday that the FLoC origin trial will conclude on July 13.

At this stage, despite some ad tech firms playing around with FLoC ID harvesting, it�s only been supply-side publishers and their ad management firms that were meant to test FLoC in the current origin trial. Advertisers and agencies had been anticipating the ability to test it for ad targeting in Google and other demand-side platforms sometime soon. But now, Google said it will hold off on testing FLoC and other Privacy Sandbox methods in its ads products. The company said it plans to make improvements on FLoC and share more information on future tests in the coming weeks.

It may come as no surprise that Google has hit the pause button on FLoC. Not only have privacy advocates cried foul regarding the potential privacy infringements enabled by the tracking technique, but digital publishers and other browsers have also decided not to enable it. As revealed recently by Digiday, Amazon is also blocking FLoC tracking on most of its properties.

RELATED
Betting
MEMBER EXCLUSIVE
Media Briefing: How sports publishers are handling this year�s Olympics
A sign of more Google transparency?
Some industry executives are already frustrated by Google�s slow-rolling of the third-party cookie�s demise and implementation of FLoC, and the deadline extension may only cause more angst. �I wish they would just do it. Stop justn � excuse me � dicking around the whole industry. Let everybody get to a new normal. It�s hard to strategically plan this way,� said one publishing executive.

However, Google�s decision to extend the third-party cookie�s availability in Chrome could signal the company plans to be more transparent in regard to its cookie-killing plans.

In its commitments to the CMA, Google told the agency that it would publicly disclose timing related to the Privacy Sandbox proposals including timing on origin trials and API availability as well as give notice of a transition period prior to third-party cookie removal and notice before complete third-party cookie eradication.

Google also promised the CMA it would test the effectiveness of individual alternative ad methods including assessing the impact of the removal of third-party cookies. Google said it would do so before triggering a 60-day countdown period promised to the CMA during which time the agency could re-open its investigation or impose measures in the hopes of avoiding competition harms.

Google also promised to �engage with the CMA in an open, constructive and continuous dialogue in relation to the development and implementation of the Privacy Sandbox proposals,� including in relation to design of testing the proposed methods.

Getting to the Product Manager interview stage

mybb@mybb.ru (panteleev.anastasiy) — Thu, 24 Jun 2021 18:46:07 +0300

Eight hundred and fourteen.

That's how many applicant CVs we screened last year for a Product Manager role I had open. 814. Plus the countless number of LinkedIn profiles we proactively screened ourselves, with approximately 50 or so people we reached out to asking them to apply. 64 applicants had a phone screen with our recruiter or the hiring manager (that's me!). 10 made it through to a full interview loop and case study with the broader team. 1 offer went out. 1 offer was accepted.

I wish a submitted CV was a fair and objective representation of somebody's experience and their potential. That isn't the case though. And so we have this imperfect process filled with potential bias made worse by incomplete information. I'd love to be able to speak to each and every applicant to try give them the best opportunity possible to let themselves shine. That's not going to happen with 814 applicants though. There's going to be some sort of filtering required to distill it down to a number we can manage. That might mean we miss out on someone great, and that makes me sad.

So let me try and help fix that!

While I've got your attention, I'm Glenn and it's great to meet you! 👋

I'm currently Director of Product @ HashiCorp, and we're hiring! Including multiple roles at various levels (i.e., junior through to senior) across

Product Management,Design, and Engineering & Engineering Management.

If you'd like to work with us please get an application in ASAP.
Going meta on the PM application
Especially given we were hiring for a Senior Product Manager at the time I was ok not cutting too much slack on CVs that didn't present well. Because like it or not, especially as someone applying for a senior role, your CV is in itself implicity the first test in the process. You have a potential customer (the recruiter/hiring manager) and you're trying to understand their needs and find them a solution (you!) to solve it.

And so that's the journey I'm going to go through today. A look at what it's like on the other side of this review process. The common pitfalls I see. The mistakes people make that either make it hard to get a sense for what they'd be brining to the role or why they're different to the other hundreds of people we're potentially going to talk to.

Because no matter what level of experience we're talking about the best problem for me to have is to have too many amazing people with great potential.

Cover Letters
This has been an eye-opening thing for me and has forced me to rethink some of my own long established process bias. I used to loathe cover letters. Too often they seemed like a pointless procedural thing that people just did because that's what they were told to do. Looking back I think I've also been carrying the scars from hiring many, many years ago. Back when a HR team would physically dump a pile of printed out CVs on your desk to review. And cover letters and CVs would invariably end up becoming separated and you'd get half way through and realise you'd matched up two print outs for completely different people and then... well it was all just a mess.

Technology and process has obviously come a long way since then though.

Correlation is not causation, blah blah. But... I've found it curious often a strong application also had a interest piquing cover letter submitted with it. Addressing the topics called out in the posted job description. Showing some curiosity for the role, at least a passing familiarity with the company or product. It's the opportunity to make the application is tailored specifically to the employer. Which is in part the first step in also trying to communicate that the person applying is perfectly tailored to the role. Back in my old timey days we expected the actual CV to be tailored to the role you were applying for. I've got a half dozen slight variations of my own based on whether I was applying for a management role, one as an individual contributor, early stage vs large scale company, etc..

This is step one in your opportunity to showcase your skills as a product manager. The job description has a list of expectations, you need to show you've noticed them and help connect the dots directly to your relevant experience. Tailor your CV to speak to them directly, or write a cover letter that addresses them. The latter seems far more scalable if you're applying to multiple jobs.

Information Hierarchy
I worked at a place that specialised in internet marketing and I still remember very trite advice I'd hear in those circles: "The subject line in an email has one job: to get someone to open the email". It's always served me as a good reminder that, especially when you're dealing with an audience that might have limited attention, you've got to give them a reason to keep reading. If you don't want to take your lead from some internet marketing advice (but hey, why not? You are trying to market yourself here!) then maybe you should consider the inverted pyramid approach commonly used in journalism, or the BLUF approach used in military communication.

Hit your notes, and hit them early. Don't bury the lede.

Don't do this:

# Glenn Gillen

## Educational Experience
* A college you've never heard of - 20 years ago

## Skills
* Photoshop
* MS Word
* JIRA
* Black belt in taekwondo
Instead, consider something like this:

# Glenn Gillen

## Experience

### Job Title, Last Company
* Biggest highlight, biggest impact, wow factor moment goes here
There's some subtle signaling here in what you think is important and/or your ability to surface what you think the reader wants to learn about you. If you went to some world famous school 20 years ago you think it's worth putting that front and center. Who am I to disagree? But for the rest us, the schooling choices we made a decade or more ago probably aren't the most important thing to tell someone. Same with the skills. Personally it doesn't matter to me if someone knows how to use JIRA or not. It's an interesting tidbit to know but it's also totally irrelevant to whether I'll hire them. Never used it before? It's fine, I'm pretty confident we can help you learn it quickly.

Highlighting your experience
It sounds simple. Just highlight it. Your experience.

Don't do this:

## Product Manager - Company A, most recent
* Engaged stakeholders
* Gathered requirements from customers
* Delivered solutions
* An extensive list of generic product management tasks

## Product Manager - Company B, a little while ago
* Engaged stakeholders
* Gathered requirements from customers
* Delivered solutions
* An extensive list of generic product management tasks
Instead, consider something like this:

## Senior Product Manager - Company A, most recent
* Facilitated design sprints, including rapid prototyping and user
testing to validate approach for new product launch.
* Scoped down intial launch requirements to ensure a delightful
experience for an initial target cohort.
* Over 40k signups in first month, but with 25% churn. Reduced churn
to 5% within the first 90 days.
* Exited first year as a $100M run rate business.

## Product Manager - Company B, a little while ago
* Worked with company leadership to craft 1, 3, and 5 year product
vision.
* Mapped vision to a list of concrete initiatives.
* Used a combination of customer interviews, surveys, and A/B testing
of early proof of concepts to validate problems. High collaboration
with engineering peers through this process to iterate towards potential
solutions.
I'm not going to say the first example is bad per se. Because it's the format of about half of the applications that came in. Therein lies the biggest problem though: you're completely undifferentiated amongst a sea of hundreds of other people. The other problem with the first approach is it doesn't really tell me much about what you've actually done. It's a collection of overly abstract process bullet points. There's no evidence of how or where they were applied. No outcomes. No sense of what exactly you've worked on. What's interesting about your experience? No growth or development. Just generic PM experience after generic experience, each one the same as the previous, and the same as everybody else.

Reflection & Iteration
At the end of the day though it shouldn't be about copy & pasting someone elses playbook or blindly embracing their opinions. It's about developing a process, being reflective of what's working and what's not, and iterating on it. If you're not making it to the interview stage you need to work out why. Try arranging for 5 of your friends to get on a video call, give them 3 minutes to read/skim your CV or application, and then ask them what they can recall from it (without referring back to it). Is that the same few points you want your next employer to notice? If not, how do you bring more focus to the key points?

The main job of your CV in a job application is to get you the next stage. Give the hiring manage a reason to want to call you.

FAA releases TRUST, free online training required for pilots to legall

mybb@mybb.ru (panteleev.anastasiy) — Thu, 24 Jun 2021 18:44:24 +0300

The Federal Aviation Administration (FAA) may have struggled with LAANC authorization, but they moved ahead with releasing TRUST (The Recreational UAS Safety Test) � a free online training program that pilots flying a drone recreationally are required to take and pass. Even if someone possesses Part 107 certification, they must complete this training and show proof of it, if asked by the FAA or law enforcement, in order to legally operate a drone, if they're flying recreationally, in the United States.

Mandated by the FAA Reauthorization Act of 2018, drone industry stakeholders helped develop the curriculum for remote pilots. The FAA recently designated 16 non-governmental organizations to administer the test. They are:

The Academy of Model Aeronautics (AMA)
The Boy Scouts of America
Chippewa Valley Technical College
Community College of Allegheny County - West Hills Center
CrossFlight Sky Solutions
Drone Launch Academy
Drone U
Embry-Riddle Aeronautical University (ERAU)
HSU Educational Foundation
Lake Area Technical College
Pilot Institute
Proctorio Incorporated
Tactical Aviation
UAV Coach
University of Arizona Global Campus
Volatus Aerospace Corp
'This is a great step in the right direction to help educate recreational pilots. TRUST strikes a nice balance between education without being too hard. We�re excited to partner with the FAA to provide the test for free to the UAS community,' Greg Reverdiau, of Pilot Institute, tells DPReview. Links to all the testing hubs, mentioned above, can be found on the FAA's website.

The entire testing process is expected to take roughly 30 minutes, at most, to complete. It requires reading some text and taking four quizzes. Once you've passed, you'll receive a Certificate of Completion that can be printed out. The certificate does not expire.

Introduction to BigQuery row-level security

mybb@mybb.ru (panteleev.anastasiy) — Thu, 24 Jun 2021 18:43:10 +0300

This page explains the concept of row-level security, how it works in BigQuery, when to use row-level security to secure your data, and other details.

What is row-level security?
Row-level security lets you filter data and enables access to specific rows in a table, based on qualifying user conditions.

BigQuery already supports access controls at the project, dataset, and table levels, as well as column-level security by using policy tags. Row-level security extends the principle of least privilege by enabling fine-grained access control to a subset of data in a BigQuery table, by means of row-level access policies.

One table can have multiple row-level access policies. Row-level access policies can coexist on a table with column-level security as well as table-level, dataset-level, and project-level access controls.

How row-level security works
At a high level, row-level security involves the creation of row-level access policies on a target BigQuery table. This policy then acts as a filter to hide or display certain rows of data, depending on whether a user or group is in an allowed list.

An authorized user, with the Identity and Access Management (IAM) roles BigQuery Admin or BigQuery DataOwner, can create row-level access policies on a BigQuery table.

When you create a row-level access policy, you specify the table by name, and which users or groups (called the grantee-list) should have access to certain row data. The policy also includes the data on which you wish to filter, called the filter_expression. The filter_expression functions like a WHERE clause in a typical query.

Remember: Like a WHERE clause, the filter_expression matches the data that you want to be visible to the members of the grantee_list. Users not in the grantee_list will not see any rows.
For instructions on how to create and use a row-level access policy, see Working with row-level security.

See the DDL reference for the complete syntax, usage and options when creating row-level access policies.

Example use cases
Filtering row data based on region
Consider the case where a table contains rows belonging to different regions, denoted by the region column in the table dataset1.table1.

Row-level security lets a Data Owner or Admin implement policies, such as "Users in the group:apac can only see partners from the APAC region."

Row level security use case for regions

The resulting behavior is that users in the group sales-apac@example.com can view only rows where Region = "APAC". Similarly, users in the group sales-us@example.com can view only rows in the US region. Users not in APAC or US groups don't see any rows.

Note that the row-level access policy named us_filter grants access to multiple entities, including the chief US salesperson jon@example.com, all of whom can now access the rows belonging to the US region.

Filtering row data based on sensitive data
Now, consider a different use case, where we have a table of salary data.

Row level security use case for salaries

The grantee_list restricts querying to members of the company domain. In addition, the use of the SESSION_USER() function further restricts access only to rows that belong to the user running the query, based on their own user email address. In this case, it is jim@example.com.

When to use row-level security vs other methods
Authorized views, row-level access policies and storing data in separate tables all provide different levels of security, performance, and convenience. Choosing the right mechanism for your use case is important to ensure the proper level of security for your data.

Comparison with authorized views: vulnerabilities
Row-level security and enforcing row-level access with an authorized view can both can have vulnerabilities, if used improperly.

When you use either authorized views or row-level access policies for row-level security, we recommend that you monitor for any suspicious activity using audit logging.

Carefully crafted queries can leak information through error messages. For example, a query crafted to trigger a division by zero on a specific value could reveal the presence of that value, even when it would be excluded by the view definition.

Other side-channels such as the query duration can leak information about rows that are at the edge of a storage shard. Such attacks would likely require either some knowledge of how the table is sharded, or a large number of queries.

For more information about preventing such side-channel attacks, see Security limitations and Best practices for row-level security in BigQuery.

Comparison of authorized views, row-level security, and separate tables
The following table below compares the performance and security of authorized views, row-level access policies, and separate tables.

Security Recommended for
Authorized
views Vulnerable to carefully crafted queries, query duration, and other types of side-channel attack. When flexibility and performance are most important.

Example: sharing data within the same work group.
Row-level access policies Vulnerable to carefully crafted queries and query duration side-channel attacks. When it is convenient to have all users query the same table. For instance, when everyone shares the same dashboard, but some users have access to more data.

To provide additional security over views.

Example: sharing table slices within your organization.
Separate tables Complete isolation. When isolation is paramount. For instance, when the total number of rows must be secret.

Example: sharing data outside your organization, such as with third-party partners and vendors.
Creating and managing row-level access policies
For information about how to create, update (re-create), list, view, and delete row-level access policies on a table, as well as details about querying tables with row-level access policies, see Working with row-level access security.

Quotas
For more information about quotas and limits for row-level security, see BigQuery Quotas and limits.

Pricing
Row-level security is included with BigQuery at no cost.

Billing costs for accessing a table's row-level access policy is similar to a query. However, row-level access policies might indirectly affect the number of bytes processed, in the following ways.

When a query is run against a table with a row-level access policy, the bytes billed is calculated in the same way as if you had composed an identical query with a WHERE clause, instead of the filter expression.
Row-level access policy filters do not participate in query pruning on partitioned and clustered tables.
For more information about BigQuery query pricing, see BigQuery pricing.

Limitations
Row-level security is subject to the following limitations.

Performance limitations
Some BigQuery features aren't accelerated when working with tables containing row-level access policies, such as BigQuery BI Engine and materialized views.

Row-level access policy filters do not participate in query pruning on partitioned and clustered tables.

For more information about how row-level security interacts with some BigQuery features and services, see Using row-level security with other BigQuery features.

Security limitations
Caution: In some cases, row-level security can be subject to side-channel attack.
Example

Suppose you have a table with revenue information in it. You protect this sensitive data with a row-level access policy to filter rows based on business unit. Even though there is a security filter predicate in place to prevent a user with access to this table from directly querying the protected rows, it is possible for that user to derive the revenue information for other business units, through repeated, carefully crafted queries and observing the resulting query error messages.

Specifically, a malicious user with access to the underlying table can derive the protected row values when the query returns a divide-by-zero exception.
A divide-by-zero exception results from a query, such as the following: SELECT * FROM dataset.table WHERE 1/(100000-revenue) = 1. The result could potentially let the malicious user learn that the revenue $100,000 exists in the table.
This type of attack often requires a large number of repeated attempts against a table with row-level security. We recommend that admins monitor Cloud audit logs for suspicious activity on tables with row-level security.
For more information about limiting side-channel attacks, see Best practices for row-level security in BigQuery.

Other limitations
Row access policies are not compatible with Legacy SQL. Queries of tables with row-level access policies must use Standard SQL. Legacy SQL queries are rejected with an error.

Some features of BigQuery are not compatible with row-level security. See Using row-level security for more information.

Non-query operations, including service account jobs, that need full access to table data can use row-level security with the "true filter". For more information, see Using row-level security.

Creating, replacing or deleting row-level access policies must be performed with DDL statements. Listing and viewing row-level access policies can be performed through the Cloud Console or the bq command-line tool.

Audit logging and monitoring
When data in a table with one or more row-level access policies is read, the row-level access policies authorized for the read access appear in the IAM authorization information for that read request.

Creation and deletion of row-level access policies are audit logged, and can be accessed through Cloud Logging. Audit logs include the name of the row-level access policy. However, the filter_expression and grantee_list definitions of a row-level access policy are omitted from logs, as they may contain user or other sensitive information. Listing and viewing of row-level access policies are not audit logged.

For more information about logging in BigQuery, see Introduction to BigQuery monitoring.

For more information about logging in Google Cloud, see Cloud Logging.

What's next
For information about managing row-level security, see Working with row-level security.

For information about how row-level security works with other BigQuery features and services, see Using row level security with other BigQuery features.

For information about best practices for row-level security, see Best Practices for row-level security in BigQuery.

Introducing - Laravel Transporter

mybb@mybb.ru (panteleev.anastasiy) — Thu, 24 Jun 2021 18:42:02 +0300

Sending API requests in any PHP framework has always been a little bit of a manual process, yes you can create an SDK or wrapper - but you are still having to do the same thing.

You pull in the HTTP client, or facade, you configure it in a proceedural way entering the URI you want to send a request to, then tag on the optional extras such as authentication, payload, any additional headers. It is quite a manual process.

A lot of the time you have a specific request you want to send, yes you may slightly adjust things as you go by passing in an identifier etc etc - but in general they remain relatively constant.

This has frustrated me for a while, we have to great lengths to make a lot of our code Object Oriented. Yet, we hadn't tried to do this with API requests. I have been sitting on this question for quite a while, pondering on the possible solutions - how it might look, and how it might be used.

The result of this has turned into my latest Laravel package: Laravel Transporter which I describe as:

Transporter is a futuristic way to send API requests in PHP. This is an OOP approach to handle API requests.

Quite a bold statement, so let me dig in.

To get started all you need to do is install it, theres no configuration required nothing extra to add to your project - it will only be used when you want to use it.

Then, let's take an example API request:

GET https://jsonplaceholder.typicode.com/to … leted=true HTTP/1.1
All we are doing here is filtering a list of todos that are completed - nothing overly difficult.

Firstly let us have a look at how we would do this usually (but let's pretend this API required us to be authenticated using an API token we have previously generated).

Http::withToken(config('jsonplaceholder.api.token'))
->get("https://jsonplaceholder.typicode.com/todos", [
'completed' => 'true',
]);
Not terrible right? I mean, it works and does what you might expect. But, this is very proceedural. What happens if the URL changes? What happens if the query parameters change? We have to hunt through our code base, and update these everywhere. You know, the thing we are trying to avoid more and more in everything we build.

Let's add a little magic to these requests and see how we would send this exact same request using Laravel Transporter:

TodoRequest::build()->send();
That's it. The entire thing condensed into a class. Let's look how we got there.

First thing we do, create our request:

php artisan make:api-request TodoRequest
This gives us app/Transporter/TodoRequest.php, inside there we have:

<?php

declare(strict_types=1);

namespace App\Transporter;

use Illuminate\Http\Client\PendingRequest;
use JustSteveKing\Transporter\Request;

class TodoRequest extends Request
{
protected string $method = 'GET';
protected string $baseUrl = 'https://jsonplaceholder.typicode.com';
protected string $path = '/todos';

protected array $data = [
'completed' => true,
];

protected function withRequest(PendingRequest $request): void
{
$request->withToken(config('jsonplaceholder.api.token'));
}
}
Going back to the original problem, if options change - we have to hunt everywhere in our application for where we may have used it. That problem has been solved by moving this to a class based request. Also, as the request itself is just a fancy wrapper around Laravels inbuilt PendingRequest - we can call all the same methods before and after sending. Meaning there is no new API to learn, so it is relatively straight forward. You can override options at runtime too - want to show not completed todos?

TodoRequest::build()->withData([
'completed' => false,
])->send();
This may not be a ground breaking package that is going to change the world, however what it is going to do is make you start asking the question: Could I send API requests in a more structured and organised way?

Imagine a scenario, where you needed to work with a 3rd party API. You could quite quickly generate a series of requests and it will be done! Let's take the example of Laravel Forge, which if you remember I wrote about before when I released PHP-SDK here is that article.

First we can generate a base API request:

php artisan make:api-request Forge\\ForgeRequest
Then make these changes:

<?php

declare(strict_types=1);

namespace App\Transporter\Forge;

use Illuminate\Http\Client\PendingRequest;
use JustSteveKing\Transporter\Request;

class ForgeRequest extends Request
{
protected string $baseUrl = 'https://forge.laravel.com/api/v1';

protected function withRequest(PendingRequest $request): void
{
$request->withToken(config('services.forge.token'));
}
}
Next let's take the example of getting all servers. Generate a new request for this request:

php artisan make:api-request Forge\\Servers\\ListServers
Then make the following changes:

<?php

declare(strict_types=1);

namespace App\Transporter\Forge\Servers;

use App\Transporter\Forge\ForgeRequest;
use Illuminate\Http\Client\PendingRequest;

class ListServers extends ForgeRequest
{
protected string $method = 'GET';

protected string $path = '/servers';
}
All we have done here is used inheritance to extend the ForgeRequest which contains our initial state for every request we need - and allows us to build upon that where we want to.

Thanks for reading, I welcome any feedback that may assist in pushing this package forward and making it easier to use! Feel free to start a discussion or open an issue on the GitHub Repository or even drop me a tweet/DM on twitter.

Canonical Offering Blender Support

mybb@mybb.ru (panteleev.anastasiy) — Thu, 24 Jun 2021 18:37:14 +0300

Blender recently published its 2020 annual report, outlining the organization�s vision and strengthened mission statement: �To get the world�s best 3D technology in the hands of artists as free/open source software, and make amazing things with it�. This statement enables a fair and accessible ecosystem for businesses, including services, consulting, education and integration.

Although Blender has received massive industry support and adoption in the past years, a pressing issue remains unaddressed for almost two decades � namely the lack of commercial software support contracts. This is important because enterprises find support contracts vital for the purchase of essential products.

In the past months, Blender and Canonical have had extensive discussions on this topic, resulting in the decision to enter a partnership. Canonical�s mission to empower open source institutions is perfectly aligned with Blender�s need to remain independent and focused on making an amazing 3D creation environment.

Canonical agrees on building and maintaining their own Blender services organization, based on their trusted Ubuntu Advanced platform. Revenues from the services will be partially shared with Blender, then invested in core Blender development and public support for LTS releases. Aside from linking to Canonical�s service on blender.org, there is no obligation from Blender to participate in the service contracts.

�It�s a privilege to support Blender and the fantastic work of this remarkable community, its founders and leaders. Today�s announcement strengthens Blender with full service Canonical support and long term security maintenance, and delivers the level of assurance that professional Blender content creators need, in partnership with the Blender Foundation,� shares CEO Mark Shuttleworth.

Blender Foundation�s Chairman Ton Roosendaal adds that �the way Canonical structured this service with us is exemplary for the open source movement. I believe it will set a new standard for how independent, free groups of makers who truly care for their product and users participate in the market and shape the future of the industry.�

Writing ARM64 Code for Apple Platforms

mybb@mybb.ru (panteleev.anastasiy) — Thu, 24 Jun 2021 18:36:31 +0300

Overview
The ARM architecture defines rules for how to call functions, manage the stack, and perform other operations. If part of your code includes ARM assembly instructions, you must adhere to these rules in order for your code to interoperate correctly with compiler-generated code. Similarly, if you write a compiler, the machine instructions you generate must adhere to these rules. If you don�t adhere to them, your code may behave unexpectedly or even crash.

Apple platforms diverge from the standard 64-bit ARM architecture in a few specific ways. Apart from these small differences, iOS, tvOS, and macOS adhere to the rest of the 64-bit ARM specification. For information about the ARM64 specification, including the Procedure Call Standard for the ARM 64-bit Architecture (AArch64), go to https://developer.arm.com.

Respect the Purpose of Specific CPU Registers
The ARM standard delegates certain decisions to platform designers. Apple platforms adhere to the following choices:

The platforms reserve register x18. Don�t use this register.

The frame pointer register (x29) must always address a valid frame record. Some functions � such as leaf functions or tail calls � may opt not to create an entry in this list As a result, stack traces are always meaningful, even without debug information.

Handle Data Types and Data Alignment Properly
Some fundamental types of the C language have slightly different implementations:

The wchar_t type is 32 bit and is a signed type.

The char type is a signed type.

The long type is 64 bit.

The __fp16 type uses the IEEE754-2008 format, where applicable.

The long double type is a double precision IEEE754 binary floating-point type, which makes it identical to the double type. This behavior contrasts to the standard specification, in which a long double is a quad-precision, IEEE754 binary, floating-point type.

The following table lists the integer data types, their sizes, and their natural alignments on Apple platforms.

Data type

Size (in bytes)

Natural alignment (in bytes)

BOOL, bool

char

short

int

long

long long

pointer

size_t

NSInteger

CFIndex

fpos_t

off_t

Respect the Stack�s Red Zone
The ARM64 red zone consists of the 128 bytes immediately below the stack pointer. Apple platforms don�t modify these bytes during exceptions. User-mode programs can rely on the bytes below the stack pointer to not change unexpectedly, and can potentially make use of the space for local variables.

Note

If a function calls itself, the caller must assume that the callee modifies the contents of its red zone. The caller must therefore create a proper stack frame.

Pass Arguments to Functions Correctly
The stack pointer on Apple platforms follows the ARM64 standard ABI and requires 16-byte alignment. When passing arguments to functions, Apple platforms diverge from the ARM64 standard ABI in the following ways:

Function arguments may consume slots on the stack that are not multiples of 8 bytes. If the total number of bytes for stack-based arguments is not a multiple of 8 bytes, insert padding on the stack to maintain the 8-byte alignment requirements.

When passing an argument with 16-byte alignment in integer registers, Apple platforms allow the argument to start in an odd-numbered xN register. The standard ABI requires it to begin in an even-numbered xN register.

The caller of a function is responsible for signing or zero-extending any argument with fewer than 32 bits. The standard ABI expects the callee to sign or zero-extend those arguments.

Functions may ignore parameters that contain empty struct types. This behavior applies to the GNU extension in C and, where permitted by the language, in C++. The AArch64 documentation doesn�t address the issue of empty structures as parameters, but Apple chose this path for its implementation.

The following example illustrates how Apple platforms specify stack-based arguments that are not multiples of 8 bytes. On entry to the function, s0 occupies one byte at the current stack pointer (sp), and s1 occupies one byte at sp+1. The compiler still adds padding after s1 to satisfy the stack�s 16-byte alignment requirements.

void two_stack_args(char w0, char w1, char w2, char w3, char w4, char w5, char w6, char w7, char s0, char s1) {}
The following example shows a function whose second argument requires 16-byte alignment. The standard ABI requires placing the second argument in the x2 and x3 registers, but Apple platforms allow it to be in the x1 and x2 registers.

void large_type(int x0, __int128 x1_x2) {}
Update Code that Passes Arguments to Variadic Functions
For functions that contain a variable number of parameters, Apple initializes the relevant registers (Stage A) and determines how to pad or extend arguments (Stage B) as usual. When it�s time to assign arguments to registers and stack slots, Apple platforms use the following rules for each variadic argument:

Round up the Next SIMD and Floating-point Register Number (NSRN) to the next multiple of 8 bytes.

Assign the variadic argument to the appropriate number of 8-byte stack slots.

Because of these changes, the type va_list is an alias for char*, and not for the struct type in the generic procedure call standard. The type also isn�t in the std namespace when compiling C++ code.

Note

The C language requires the promotion of arguments smaller than int before a call. Beyond that, the Apple platforms ABI doesn�t add unused bytes to the stack.

Handle C++ Differences
The generic ARM64 C++ ABI mirrors the Itanium C++ ABI, which many UNIX-like systems use. Apple�s C++ ABI differs from this ABI in the following ways:

The mangled name of the va_list type is Pc, and not St9__va_list. This difference occurs because va_list is an alias for char *, and uses the same name-mangling conventions.

The mangled names for NEON vector types match their 32-bit ARM counterparts, rather than using the 64-bit scheme. For example, Apple platforms use 17__simd128_int32_t instead of the generic 11_int32x4_t.

When passing parameters to a function, Apple platforms ignore empty structures unless those structures have a nontrivial destructor or copy constructor. When passing such nontrivial structures, treat them as aggregates with one byte member in the generic manner.

The ABI requires the complete object (C1) and base-object (C2) constructors to return this to their callers. Similarly, the complete object (D1) and base-object (D2) destructors return this. This behavior matches the ARM 32-bit C++ ABI.

The ABI provides a fixed layout of two size_t words for array cookies, with no extra alignment requirements. This behavior matches the ARM 32-bit C++ ABI.

Object initialization guards are nominally uint64_t, rather than int64_t. This behavior affects the prototypes of functions __cxa_guard_acquire, __cxa_guard_release, and __cxa_guard_abort.

A pointer to a function declared as extern �C� isn�t interchangeable with a function declared as extern �c++�. This behavior differs from the ARM64 ABI, in which the functions are interchangeable.

For more information about the generic ARM64 C++ ABI, see �C++ Application Binary Interface Standard for the ARM 64-bit architecture� at developer.arm.com.

After Repeatedly Promising Not to, Facebook Keeps Recommending Politic

mybb@mybb.ru (panteleev.anastasiy) — Thu, 24 Jun 2021 18:35:02 +0300

The company announced the policy as a way to stop spreading divisive content
By Corin Faife and Alfred Ng
June 24, 2021 08:00 ETFacebook CEO Mark Zuckerberg
Chip Somodevilla/Getty Images
Share This Article
Copy Link
Copied!
Republish
Four days after the Jan. 6 insurrection on Capitol Hill, a member of the �Not My President� Facebook group wrote in a post, �remember, our founding fathers were seen as terrorist [sic] and traitors.�

A fellow group member commented, �I�ll fight for what�s right, this corruption has to be stopped immediately.�

See our data here.
GitHub
Three months later, Facebook recommended the group to at least three people, despite Facebook CEO Mark Zuckerberg�s repeated promise to permanently end political group recommendations on the social network specifically to stop amplifying divisive content.

The group was one of hundreds of political groups the company recommended to its users in The Markup�s Citizen Browser project over the past five months, several of which promoted unfounded election fraud claims in their descriptions or through posts on their pages.

Citizen Browser consists of a paid nationwide panel of Facebook users who automatically send us data from their Facebook feeds.

In a four month period, from Feb. 1 to June 1, the 2,315 members of the Citizen Browser panel received hundreds of recommendations for groups that promoted political organizations (e.g., �Progressive Democrats of Nevada,� �Michigan Republicans�) or supported individual political figures (e.g., �Bernie Sanders for President 2020,� �Liberty lovers for Ted Cruz,� �Philly for Elizabeth Warren�). In total, just under one-third of all panelists received a recommendation to join at least one group in this category.

Of the more than 460,000 groups recommended to our panel in this period, we used keyword-based classification to assess whether they contained support for politicians, movements, parties, or ideologies�content that would be classed as political under Facebook�s guidelines to advertisers on the platform. We conducted our assessment by building a keyword list containing the names of the president, vice president, and all serving members of Congress, plus two high-profile formerly serving politicians (Hillary Clinton and Donald Trump), and searching group names for the presence of any of these keywords. Results were manually reviewed to remove groups related to non-political figures sharing names with politicians, such as the musician Al Green.

Report Deeply and Fix Things
Because it turns out moving fast and breaking things broke some super importantthings.

Give Now
We also counted recommendations for groups supporting local or national branches of the Republican and Democratic parties, defined by searching for the keywords �Democrat� or �Republican� and manually filtering out groups unconnected to U.S. politics, e.g. the United Kingdom Democratic Socialist Movement. (For a full list of groups and methodology, see our data on GitHub).

Facebook has not said how it defines a political group.

�We use automated systems to detect civic-related groups and do not recommend them to people when we detect them, and are investigating why some were recommended in the first place,� said Facebook spokesperson Kevin McAlister by email. �Over 75% of the groups the Markup identified were only recommended to one single person. And even if every group they flagged should not have been recommended, it would represent just 0.2% of the total groups recommended to �Citizen Browser� panelists.�

He added that Facebook determines if a group is civic through factors including its title, description, and content.

The list of political groups flagged by The Markup almost certainly represents an undercount of the total number of political groups in the dataset, as it is based on a narrowly defined set of keywords rather than an attempt to comprehensively identify all possible political terms and phrases.

We also searched for groups with �militia� in the name and identified one recommended to our panelists that appeared to be political. The �Northern New York militia,� according to its about page, promotes anti-government revolutionary rhetoric to its members: �We the people are tired of slimy politicians killing our country. We need to stand up and push back. A revolution is on the way. Let�s be ready when it happens.�

The group, formed in December, is private and relatively small (57 members) but is still active, with four posts in the last month. We attempted to reach the administrator by email but did not receive a response.

Photo collage of political figures from Facebook groups.
Dana Amihere
It�s hardly the first time Facebook has struggled to uphold its promise, made in the run-up to the 2020 presidential election, to stop promoting divisive and potentially dangerous content. The pledge followed criticism from lawmakers and its own internal research finding that the suggestions push people toward extremist groups.

A Markup investigation in January found that the company was still pushing partisan political groups to its users, with several of those groups promoting conspiracy theories and calls for violence against lawmakers.

Facebook blamed the mistake on technical issues in a letter to Sen. Ed Markey (D-MA), who had demanded an explanation for the broken promise.

In an earnings call on Jan. 27, Zuckerberg assured investors that this time�really�Facebook would permanently stop recommending political groups.

An illustration of a Facebook logo with walls inside splitting up users into partisan groups
Citizen Browser

Facebook Said It Would Stop Pushing Users to Join Partisan Political Groups. It Didn�t
According to Citizen Browser data, the platform especially peppered Trump voters with political grouprecommendations

January 19, 2021 08:00 ET
�I was pleased when Facebook pledged to permanently stop recommending political groups to its users, but once again, Facebook appears to have failed to keep its word,� Markey told The Markup after learning of our latest findings. �It�s clear that we cannot trust these companies to honor their promises to users and self-regulate.�

Political group recommendations have slowed among our panelists since our January investigation, though they have not, as was promised, been eliminated. In January, our reporting found that 12 of the top 100 groups recommended to our panelists were political. In our most recent data, from Feb. 1 to June 1, only one of the top 100 groups recommended to panelists was political. We assessed whether groups in the top 100 were political by looking at the group name, �About� page, and rules (if posted), as well as whether posts in the discussion feed mentioned political figures, parties, or ideologies.

The Markup also found 15 political groups recommended by Facebook to our Citizen Browser panelists that had �Joe Biden Is Not My President� as the group name, or some variation of it.

Two of the groups, �Not my President� and �Biden Is Not My President,� had previously been flagged by Facebook for containing troubling content�but that didn�t stop Facebook from suggesting the groups to our panelists.

The groups contained posts and memes claiming that Biden didn�t legitimately win the election, a conspiracy theory tied to Trump�s discredited claims about fraudulent voters and mishandled vote counting. In total, the groups were recommended to 14 panelists between March and April, with some groups recommended to multiple panelists.

�If Joe Biden gets in office by this cheating voter fraud, good bye America, good bye country because the Democratic party will destroy our country for good,� one commenter in the �Not my President� group wrote in December.

The antidote to disinformation ...
... is hard-hitting, independent investigativejournalism.

Give Now
The memes in the �Biden is Not My President� group included an image of an empty coffin with a caption claiming that the occupant had come back to life to vote for Biden. A post in the �Not my President� group showed a screen capture of the protagonists from the movie Ghostbusters captioned to suggest they were there in case �all the dead people that voted for Biden become violent.�

The group�s �About� description includes the sentence, �Let�s see how many people we can get to really show them that President Trump won the election.� Facebook recommended the group to three Citizen Browser panelists. As of June 10, the group had 255 members.

In another �Joe Biden is Not My President� group, the admin posted a photo of a rifle last December, writing, �I won�t put up with people destorying [sic] my family�s or friend�s property. I have the right to defend myself and others.�

The group admins did not respond to requests for comment.

The memes can spread disinformation, said Nina Jankowicz, a Global Fellow in the Science and Technology Innovation Program at Wilson Center for Public Policy and author of �How to Lose the Information War.�

�I�d hope people browsing their Facebook feed and seeing a dank meme recognize it�s not an authoritative source of information,� Jankowicz said. �But when you see meme after meme after meme saying dead people are voting for Biden, over time it�s that drip-drip-drip that changes your perception of reality.�

[O]ver time it�s that drip-drip-drip that changes your perception of reality.

Nina Jankowicz, Wilson Center for Public Policy
In 2016, Facebook�s researchers found that 64 percent of people who joined extremist groups were there because of the social network�s own recommendations, according to The Wall Street Journal. The Markup found several groups recommended by Facebook to Trump voters that organized travel logistics to Washington, D.C., for Jan. 6.

During the 2020 election, Open Source Election Technology Institute co-founder Gregory Miller said his organization had a significant amount of discussion with election administrators on how to get their messaging across about how they were keeping the vote secure. But election officials haven�t been able to fight off the wave of misinformation flooding social media, including in Facebook groups, Miller said.

He said he�s received death threats from people for debunking election fraud claims and knows many election administrators who have had their lives threatened.

�We know that election administrators have been flummoxed by the impact of social media, just for trying to do their jobs,� Miller said. �In our professional opinion, Facebook in its current form and conduct represents a clear and present danger to the safety of election administrators and the integrity of election administration itself.�

A survey from the Brennan Center for Justice found that 78 percent of election officials said that misinformation on social media made their jobs more difficult, while 54 percent of respondents believed it made their jobs more dangerous.

In June, an advocacy group called for Facebook to investigate whether the social network contributed to spreading election fraud claims that fueled the Jan. 6 riot in Washington, D.C.

�In a lot of cases, groups that were tangentially political led people to groups that were much more violent over time,� Jankowicz said. �Facebook unfortunately either does not have the capacity in terms of subject matter experts who can be on this all the time to update their classifiers, or perhaps�I�ve heard them say this over and over that they�re not going to be 100 percent successful all the time.�

Hubble Trouble: NASA Can't Figure Out What's Causing Computer Issues O

mybb@mybb.ru (panteleev.anastasiy) — Thu, 24 Jun 2021 18:34:05 +0300

The storied space telescope that brought you stunning photos of the solar system and enriched our understanding of the cosmos over the past three decades is experiencing a technical glitch.

Scientists at NASA say the Hubble Space Telescope's payload computer, which operates the spacecraft's scientific instruments, went down suddenly on June 13. Without it, the instruments on board meant to snap pictures and collect data are not currently working.

Scientists have run a series of tests on the malfunctioning computer system but have yet to figure out what went wrong.

"It's just the inefficiency of trying to fix something which is orbiting 400 miles over your head instead of in your laboratory," Paul Hertz, the director of astrophysics for NASA, told NPR.

"If this computer were in the lab, we'd be hooking up monitors and testing the inputs and outputs all over the place, and would be really quick to diagnose it," he said. "All we can do is send a command from our limited set of commands and then see what data comes out of the computer and then send that data down and try to analyze it."

NASA has been testing different theories
At first NASA scientists wondered if a "degrading memory module" on Hubble was to blame. Then on Tuesday the agency said it was investigating whether the computer's Central Processing Module (CPM) or its Standard Interface (STINT) hardware, which helps the CPM communicate with other components, caused the problem.

Hertz said the current assumption, though unverified, was that the technical issue was a "random parts failure" somewhere on the computer system, which was built in the 1980s and launched into space in 1990.

NASA Spacecraft Made A Flyby Visit To The Largest Moon In The Solar System
SPACE
NASA Spacecraft Made A Flyby Visit To The Largest Moon In The Solar System
"They're very primitive computers compared to what's in your cell phone," he said, "but the problem is we can't touch it or see it."

Most of Hubble's components have redundant back-ups, so once scientists figure out the specific component that's causing the computer problem, they can remotely switch over to its back-up part.

"The rule of thumb is when something is working you don't change it," Hertz said. "We'd like to change as few things as possible when we bring Hubble back into service."

The telescope can still operate without the computer
The instruments that the payload computer operates � such as the Advanced Camera for Surveys that captures images of space and the Cosmic Origins Spectrograph which measures distant sources of ultraviolet light � are currently in "safe mode" and not operating.

The telescope itself, which runs on a different system, has continued to operate by pointing at different parts of the sky on a set schedule. "The reason we do that is so that the telescope keeps changing its orientation relative to the sun in the way that we had planned, and that maintains the thermal stability of the telescope, keeps it at the right temperature," Hertz said.

The last time astronauts visited Hubble was in 2009 for its fifth and final servicing mission.

Hertz said that because Hubble was designed to be serviced by the space shuttle and the space shuttle fleet has since been retired, there are no future plans to service the outer space observatory.