Ideas Worth Exploring: 2025-05-05
- Charles Ray
- May 5
- 7 min read
Ideas: Eric Berger - Eric Schmidt apparently bought Relativity Space to put data centers in orbit
Former Google CEO Eric Schmidt's recent acquisition of Relativity Space, a space launch company, has sparked speculation about his plans for the industry. Schmidt's testimony before the House Committee on Energy and Commerce in April shed light on these intentions: he aims to have the capability to launch significant computing infrastructure into space to meet the growing energy demands of Artificial Intelligence (AI) development and applications.
Schmidt expressed concern about the US energy industry's readiness to accommodate the dramatic growth in power consumption required for AI data centers. He estimates that an additional 29 gigawatts of power will be needed by 2027, and 67 more gigawatts by 2030. Given these challenges, Schmidt confirmed on social media that he purchased Relativity Space to support the development of space-based data centers powered by solar panels and capable of radiating heat into the vacuum of space.
Ideas: Jess Cockerill - After 856 'Snake Bites', Man's Blood Could Unlock Universal Antivenom
Tim Friede, a self-taught venom expert, has injected himself with snake venom 856 times over 18 years. His ideas and extreme hobby, although risky, led to a groundbreaking discovery. After surviving two cobra bites and realizing that his self-envenomation might have saved him, Friede continued to expose his immune system to various snake venoms, developing unique antibodies.
His YouTube videos documenting these encounters caught the attention of immunologist Jacob Glanville, who teamed up with Friede to create a universal antivenom. Using Friede's hyperimmune antibodies, they developed an antivenom that protected mice from the venom of 19 different snake species, including some of the world's deadliest.
The antivenom, composed of two types of Friede's antibodies, showed promising results in lab tests. Unlike conventional antivenoms specific to one species and derived from sheep or horses, this universal antivenom could potentially protect against a wide range of snakes and cause fewer adverse reactions.
The team aims to develop a single cocktail that can save anyone from any snake bite worldwide. They plan to conduct field trials using the antivenom on snake-bitten dogs in Australia before rigorous clinical testing for human use.
GitHub Repos: pipask - Know What You're Installing Before It's Too Late
A safer way to install Python packages without compromising convenience.
Pipask is a drop-in replacement for pip that performs security checks before installing a package. Unlike pip, which needs to download and execute code from source distribution first to get dependency metadata, pipask relies on metadata from PyPI whenever possible.
If 3rd party code execution is necessary, pipask asks for consent first. The actual installation is handed over to pip if installation is approved.
Ideas: Nathan Witmer - What I've learned from jj (Jujutsu VCS)
Nathan Witmer recently switched from Git to Jujutsu, a version control system that treats every change as unique but flexible, rather than Git's commit-based approach. Here are key changes in workflow and perspective:
Flexibility and Safety: In Jujutsu, every modification is automatically tracked as a 'change', removing the need for staging. It also keeps an operation log and evolution log, enabling easy restoration of past states.
Intentionality: Nathan Witmer found themselves more mindful about where changes belong due to Jujutsu's ease in splitting, squashing, updating, and rearranging history. This leads to cleaner commit histories.
Conflict Resolution: Unlike Git, conflicts are not stop-the-world events. Changes with conflicts can still be rebased, allowing the user to resolve them later at their convenience.
Interop: Jujutsu encourages a rebase-friendly workflow but has some mismatches with GitHub's force push invalidations of review comments in pull requests. Nathan Witmer uses an 'immutable' config for pushed commits to mitigate this.
Units of Change and Collaboration: Nathan Witmer cares more about individual, standalone units of work (commits) due to Jujutsu's ease in getting things right. Nathan Witmer still use GitHub's PR-focused flow but are interested in new paths like interdiff code review and stacked PRs.
Conclusion: While there are mismatches with upstream repositories and collaboration tools, Nathan Witmer finds using Jujutsu locally refreshing and confidence-inspiring due to its flexibility, safety features, and ease of managing commit history.
Ideas: Lorenzo Franceschi-Bicchierai - How Riot Games is fighting the war against video game hackers
Lorenzo Franceschi-Bicchierai discusses the evolving landscape of cheating in video games, particularly in online competitive gaming, and Riot Games' efforts to combat this through their kernel-level anti-cheat system, Vanguard.
The Cheating Industry: With the rise of professional online gaming, a thriving industry has emerged dedicated to developing and selling cheats that provide an unfair advantage in games. These cheats can range from simple, easily detectable tools to sophisticated premium cheats costing thousands of dollars.
Riot Games' Anti-Cheat Efforts: Riot Games, developer of titles like League of Legends and Valorant, has taken a robust stance against cheating by deploying Vanguard, an anti-cheat system that runs at the kernel level. This allows it to monitor activities on the entire machine, rather than just the game, making cheats visible and easier to detect.
Banning Cheaters: Riot bans thousands of cheaters daily on Valorant alone, reducing the percentage of ranked games with cheaters to less than 1% globally.
Anti-Cheat Strategies: Apart from using security features built into Windows, Riot's anti-cheat team employs various strategies like infiltrating cheater communities, fingerprinting cheaters' hardware to prevent reoffending, and publicly discrediting cheat developers.
Categories of Cheats: Despite these efforts, two main categories of cheaters remain: those using cheap, easily detectable tools (known as "rage cheaters" or "download-a-ban"), and those using premium, harder-to-detect external cheats that rely on specialized hardware to gain an advantage.
Future Challenges & Riot's Approach: While Riot is transparent about its anti-cheat efforts, it acknowledges the potential security risks associated with kernel-level access. Looking ahead, Koskinas expresses concern about AI-driven screen classification and aims to maintain transparency despite the opaqueness of some technical aspects.
Ideas: The Day Anubis Saved Our Websites From a DDoS Attack
The author, involved in maintaining the ScummVM project's server infrastructure, faced an unusual influx of traffic leading to a Distributed Denial-of-Service (DDoS) attack on their primary server hosting the website, wiki, forums, and internal applications. The attack targeted expensive database-heavy URLs, causing the server stack (Apache2, PHP-FPM, MariaDB) to saturate and eventually crash.
Upon investigation, the author found around 35,000 unique IP addresses from residential networks worldwide involved in the attack. Due to the scale and open nature of the project, blocking individual IPs or subnets was impractical. The server configuration was temporarily increased to handle the load, but a sustainable solution was needed.
The author deployed Anubis, a program designed to protect websites from AI scrapers, which sits between the incoming connections and the web application server. Anubis checks user agents, denies known bad clients, and presents a proof-of-work challenge to legitimate-looking browsers. Upon deployment, Anubis immediately solved their issues, dropping MariaDB usage and preventing any further notifications about increased load. The attack is still ongoing at the time of writing, but Anubis continues to effectively protect the server from the DDoS attempt.
Ideas: Kyle Harrison - The Volume of Your Inaccuracy.
Kyle Harrison shares their ideas on the correlation between volume and power in various contexts, drawing from their personal experiences and observations. Initially, they noticed that in venture capital, the most influential models are often those pushed by individuals with significant capital who make the loudest noise. This led them to ponder whether this trend extends beyond venture capital, leading them to explore how volume influences perceived power and authority across different aspects of life.
Kyle Harrison then delves into their observations of online influencers and the impact of an attention economy. They argue that our society has lost its "inoculation to BS," equating influence with intelligence or expertise due to factors like large followings or subscriber counts. However, they stress that volume does not change the truthfulness of beliefs, suggesting that narratives can be manipulated for power even as objective truths exist.
Drawing on a quote from "Game of Thrones," Kyle Harrison highlights how power is perceived rather than inherent in an entity. They link this to our increasing susceptibility to loud ideas and models, supported by their previous writings on the topic. Kyle Harrison concludes with a stark reality: while they can't control the larger trends shaping society, they commit to personally pursuing truth despite being forced to navigate within a system that prioritizes loudness over quality or truthfulness.
Ideas: Justin Welsh - Luck is mostly just math.
The article challenges the common misconception that luck is merely a random occurrence and presents evidence suggesting it is more about statistical probability and consistent effort. Justin Welsh, having observed successful friends and their journeys, noticed patterns where persistent actions over time led to what seemed like 'lucky breaks'. For instance, a friend who landed a big book deal had written a weekly newsletter for three years, while the average duration for such endeavors is only around 16 weeks.
Justin Welsh then shares five strategies to 'create your own luck': reading more, writing more, building more (creating tangible assets), meeting more people, and introducing others. These activities compound over time, similar to investing, leading to increased opportunities and connections. The key challenge in this approach is maintaining patience and consistency, as immediate results are not guaranteed. The author concludes that those who persistently show up, do the work, and remain patient are likely to experience more 'luck' over time, as they create more opportunities for themselves compared to those who give up quickly.
Ideas: Dan Goodin - Why MFA is getting easier to bypass and what to do about it
An underground industry has developed around bypassing common forms of multi-factor authentication (MFA), enabling even non-technical users to create phishing sites that can overcome account protections. These MFA bypasses are facilitated by "adversary-in-the-middle" attacks, which use proxy servers and convincing phishing pages created through easily accessible toolkits marketed in online crime forums.
In these attacks, users are lured to a fake login page via a seemingly legitimate link, unaware they're interacting with an attacker's proxy server. The proxy forwards the user's credentials to the real site, which then sends an MFA request back to the victim. The victim complies, unknowingly sending their MFA code or approving a push notification to the attacker, who can then access the account despite MFA being enabled.
The rise of these attacks highlights a vulnerability in traditional MFA methods that rely on one-time passcodes or push notifications, as these codes can be easily replicated and entered by attackers. However, MFA based on WebAuthn (which powers passkeys) offers significant resistance to such attacks due to its cryptographic binding to specific URLs and victim devices.
Despite the increasing ease and prevalence of adversary-in-the-middle attacks, WebAuthn-based MFA provides a robust defense against phishing attempts, making it an attractive alternative for organizations seeking enhanced security measures.
Comentarios