I'm saving documents regarding the groundwater apporach to racism. This might be useful for group usage later, or might not be.

• Racial Equity Institute's groundwater approach to racism document
• 4 types of racism document, from the City of Seattle
• “6 Signs of Internalized Racism” article from disorient.co
  • Only available on the Wayback Machine

(Originally written for another purpose)

Do you know your ABCs of bike checks?

Air

• Find pressure reading on air pump
  • Read the pressure on the tire, inflate to halfway
    • Too close to the smallest number will not last very long
    • Too high can cause inner tube to break
• If no pressure reading, then inflate until
  • Tires need a lot more air than you

Brakes

• Rim brakes should engage easily
• Adjust so that there is a distance of 1 thumb to the handlebar when stopping

Chains (also crank and cassette)

• Chain should move easily, avoid stuck links or rust
• Cranks should not move left/right
• Cassette (gearing on the back wheel would be free to move)

Seat height

• Hip height
• Tip: to stop and stand, lean the bike
  • Seems a bit scary, but this height check lets you pedal better

Quickly: test ride

• Take a very short ride to see if everything is good
• Try to stay nearby, so that you can come back quickly if anything goes wrong

Last things

• Can you store your bike inside?
  • It's ok if you ride in the rain for a bit.
    • Just make sure to dry your bike when you get back inside at home.
• If you can, it's best to store your bike inside.
  • That way, your chain can stay clean and so your bike last longer.

Here are some links regarding the COSMIC desktop environment (DE) from System76 and desktop apps being designed with the COSMIC framework in mind.

• Library libcosmic repo
  • Reddit announcement
  • Documentation
• This cosmic-epoch repo is for the COSMIC DE itself
• iced GUI library in Rust
  • GH repo
  • iced documentation
• Just framework for running custom commands
  • GH [repo](https://github.com/casey/just}
• COSMIC application (and applet) template repo
• COSMIC Project Collection list
• Catppuccin's pastel theme for COSMIC

Originally collected on July 6, 2024

I have been trying to research how to play music via Bluetooth with only one audio input and 2 or more (preferably the latter) Bluetooth speakers in a manner that is independent of Bluetooth speaker OEM.

I didn't make that much progress, but basically here are my notes

Basically, Bluetooth speakers need to have Bluetooth protocol version 5.2 or later, which should be capable of Auaracast. Most new-ish phones will most likely this Bluetooth protocol, but the speakers are another matter. So, basically the latest speakers from 2023 and later tend to have Auracast.

I've been considering how to play music while via Bluetooth in a way that lets multiple bikers with speakers of different speakers to play the same music, in the case of playing an official ride playlist. (The audio source would hypothetically not matter, as it could be either a local music collection or a cloud app, such as Spotify.) Since I can't make any more progress now, I'll have to shelf this effort for now.

These are my resources:

• Auracast in Bluetooth 5.2
• Reddit threads
  • Thread asking about the Pixel Buds 2
• Hypothetically possible, according to Android source documentation
  • However, the closest feature seems to only be available to Samsung's spin of Android on its stock smartphone OS
    • This is a nonstandard system option on Samsung's version of the OEM Android OS, so this feature can't be contributed upstream to any other Android devices
  • This still only lets 1 smartphone control 2 Bluetooth speakers of different brands
    • 2 speakers seems to be the max
  • I'm seeking a solution for 3 or more that is independent of speaker and/or smartphone OEM

Also for outdoor/indoor use

I also tried looking up Bluetooth transmitters, but this didn't really seem to lead anywhere.

• It seems that even Bluetooth transmitters still only transmit to 2 devices max?
  • NYT's Wirecutter Bluetooth transmitter list
  • Home stereo version of the list

Miscellaneous

• 3D printed staple and flag tool from Deviant Ollum on GitHub
  • This would be helpful, if we need to run an aux cable on grass
• An example of a place to purchase more traditional cable covers and protectors for temporary outdoor usage

Automatically creating new content from old

You know what I hate? Repetition. Still, a difficult lesson that I’ve leaned, through both experience and discussions with experts in marketing, is that repetition is the key to getting one’s message across. I like to believe that a single, coherent and cogent conveyance of thought is all it takes to deliver, for example, a new security model or change in policy, or whatever. In reality, the propagator of the message –in this case, the security team– has to deliver the message, announce it a second time, send an email, post a document on the intranet, have more meetings with the same people, make sure to cover the topic on various 1:1 meetings, etc. etc. ad infinitum.

And that is why I have been working with Daniel Miessler’s fabric framework to devise a prompt that can take variations of the same messaging and create new, yet fresh, versions of the same message. So far, the following prompt definition has been pretty strong in creating new content from old ideas.

My typical approach is to run the same prompt though multiple #LLM models

cat examples.md | fabric --model gemma2:latest -sp create_similar

Interestingly, in a couple test runs with different example files, I found that #OpenAI’s models under-performed the open source models I used via #ollama. To be clear, this is uncommon. Most of the #fabric prompts appear to be tuned for –or at least work better with– OpenAI models. With this particular prompt, this was not the case. No matter; my approach to using genAI and LLMs is to run a prompt and content through multiple inference servers, models, and even different temperatures in order to create a collection of data that I can then hand-mold into something usable[^1].

Fabric Prompt

Here is the system.md contents from the fabric “create_similar” prompt

# INPUT

INPUT:

# IDENTITY and PURPOSE

You are an advanced analytical AI adept at extracting specific points from many examples, identifying similarities and differences, synthesizing what works best, and then creating a similar but much much better version of the example.  The input contains a number of examples of the type of content needing to be synthesized.  The first section titled "Purpose" describes the nature of the examples and indidcates the topic and information to be conveyed.  Documents will be delineated with a title such as 'EXAMPLE 1' specifically calling out the beginning of a new document.  The end of each example is delineated with a footer such as 'EXAMPLE 1 END'.  Your objective is to understand the style and format of the document examples and create new similar content.

# STEPS

1. Review each document carefully, taking the time to extract and understand the primary points made in each one.
2. Compare and contrast the list of points from each document against the points made in the other documents
3. Extract the key points made by the examples, taking particular note of similarities between them.
4. Output the results as specified in the output instructions.


# OUTPUT INSTRUCTIONS

Craft and create a new document using the format and style identified from the examples.  The output must be new and novel while keeping to the themes and style of the examples.  Do not use any language from the examples verbatim.

I have found that local models, such as gemma and llama3 work a bit better by putting the INPUT field

Purpose

Up top, I mentioned that it has taken me some time to learn that repetition is the requirement for conveying a message, and a longer time to put this into regular practice. This goes 3x for our individual contributor team members. Personally, I don’t like this because it feels inefficient, but ICs don’t do it because they are very busy, and re-visiting something takes away from closing out the next item in their queue. Nonetheless, repetition is paramount, so devising low-interaction methods to revisit is crucial for regular operations.

Footnotes

[^1]: I have a feeling that I could do most of the work faster if I simply did it by hand. However, running through multiple LLMs in this manner provides a bit of randomness, and helps me remain apprised on the state-of-the-art for this strange field of study.

Originally collected July 6, 2024

I'm saving links I'll use for editing videos with Ffmpeg.

Here are some of those links:

• Convert video from 4K to 1080p on Video StackExchange or (SE)
• Cut video based on timestamps on Stack Overflow (or SO)
• Several strategies to merge videos
  • Article from Stockstack
  • Q&A from SO
  • Q&A from Super User
  • Article from Creatomate

Originally written on July 4, 2024

Wendover Productions released a YouTube video in December 2023 about the MBTA.

Really horrible clickbait title, though interesting content. (You should probably stop engaging in this trashy and honestly underhanded practice. Who's the editor that pushed for or approved this title?)

Having ring(-like) connections in the subway networks is an interesting idea. However, I'm not show how this could be done IRL. Maybe this can be done on the buses, but I don't see this happening for the T's light railway lines anytime soon.

Originally collected on July 9, 2024

Recently I had to create new GitHub accounts, and the process is not great for privacy and security, because Microsoft automatically disables/flags any new account created in July 2024 or later.

Here are some links corroborating SimpleLogin alias domain blocking:

• Reddit
  • A thread from March 2023
  • A thread from April 2024
• This GitHub community discussion thread from May 2023
• Bonus: I doubt spamgourmet aliases can be used to create new GitHub accounts, as SimpleLogin wrote a blog post about spamgourmet in January 2020

I have received similar results when using all current alias domains available on Proton Pass and Erine Mail. Proton Pass last worked in early June 2024, but stopped working in early July 2024. Also, although I'm not sure when Erine Mail last worked, but it also became blocked in early July 2024.

Tour Hạ Long 2 ngày 1 đêm trọn gói chỉ từ 1.500.000đ/khách

Tour Hạ Long 2 ngày 1 đêm là một trong những thông tin được khá nhiều người quan tâm tại Sông Hồng Tourist. Khám phá Vịnh Hạ Long 2N1Đ từ Hà Nội, bao gồm thăm Hang Sửng Sốt, chèo kayak tại Hang Luồn, thư giãn tại đảo Ti Tốp.

Ngày thứ hai, bạn có lựa chọn vui chơi tại Công viên Hạ Long hoặc tắm biển Bãi Cháy. Tour kết thúc với bữa trưa và trở về Hà Nội. Đây là cơ hội để tận hưởng vẻ đẹp thiên nhiên kỳ vĩ và khám phá nét văn hóa đặc sắc của Hạ Long​​.

Cùng Sông Hồng Tourist khám phá Hạ Long ngay!

Chương trình tour du lịch Hạ Long 2 ngày 1 đêm

Lịch trình tour du lịch Hạ Long 2 ngày 1 đêm bao gồm:

Ngày 01: Hà Nội – Bãi Cháy (Ăn: Trưa, tối)

• 08h30: Xe và hướng dẫn viên đón Quý khách tại các khách sạn khu vực Phố Cổ và Nhà hát lớn Hà Nội khởi hành đi Hạ Long.
• 12h00-12h30: Đến cảng tàu Hạ Long, Đoàn tập trung tại nhà chờ theo sự hướng dẫn của hướng dẫn viên đợi mua vé và phát vé cho Quý khách để lên tàu bắt đầu hành trình khám phá Vịnh. Tàu sẽ đi qua rất nhiều các hòn đảo lớn nhỏ với nhiều hình dáng khác nhau có những tên gọi đặc biệt như: Hòn Gà Chọi, hòn Chó Đá, hòn Đỉnh Hương, hòn Ngón Tay... Quý khách thưởng thức bữa trưa trên tàu.
• 14h00: Đến đảo Bồ Hòn. Quý khách thăm quan Hang Sửng Sốt – Một trong những hang động đẹp nhất vịnh Hạ Long.
  • Tiếp theo, Quý khách sẽ chèo Kayak hoặc đi thuyền nan thăm Hang Luồn.
  • Sau 30 phút chèo Kayak.Quý khách lên tàu để đến với đảo Ti Top. Quý khách có thể tắm biển tại bãi tắm TiTop với bãi cát trắng, hoặc thử trekking leo lên đỉnh núi Ti Top ngắm nhìn toàn cảnh Vịnh Hạ Long.
• 16h00: Quý khách quay trở lại tàu. Tàu sẽ di chuyển đưa Quý khách về lại Bến. Quý khách có thể tắm nắng trên boong tàu, nghe nhạc và thư giãn, hòa mình vào thiên nhiên của Vịnh Hạ Long.
• 18h00: Tàu cập cảng. Xe ô tô đón Quý khách đưa về khách sạn nhận phòng, nghỉ ngơi.
• 19h00: Ăn tối. Buổi tối tự do vui chơi khám phá Chợ Đêm, Phố ẩm thực... Nghỉ đêm tại Hạ Long.

Ngày 02: Hạ Long Park – Hà Nội (Ăn: Sáng, trưa)

• Buổi sáng:
  • Sáng: Ăn sáng buffet tại khách sạn.
  • Buổi sáng Quý khách có thể lựa chọn:
  • Tự do vui chơi tại khu Công viên Hạ Long với nhiều khu vui chơi hấp dẫn (chi phí vé vui chơi tại các khu công viên tự túc):
  • Khu Cáp treo Nữ hoàng và vòng quay Sunwheel khổng lồ trên khu đồi huyền bí
  • Công viên Dragon park với các trò chơi mạo hiểm như tàu lượn, đu quay...
  • Công viên Typhoon water park với các trò chơi liên quan đến nước đầy hấp dẫn
  • Tự do tắm biển Bãi Cháy.
• 11h00: Quý khách trả phòng khách sạn, ăn trưa tại khách sạn. Sau đó lên xe về Hà Nội.
• 17h00: Về đến Hà Nội. Kết thúc chương trình. Hẹn gặp lại quý khách!

Thời gian đi thăm quan Vịnh Hạ Long có thể được điều chỉnh phù hợp với điều kiện của từng ngày khởi hành hoặc có thể bị thay đổi điều chỉnh phụ thuộc vào thời tiết Hạ Long hoặc sự điều phối của Ban quản lý Vịnh Hạ Long. Mong Quý khách thông cảm!

Hướng dẫn viên

• Hướng Dẫn Viên (HDV) sẽ liên lạc với Quý Khách khoảng 1 ngày trước khi khởi hành để sắp xếp giờ đón và cung cấp các thông tin cần thiết cho chuyển đi.
• HDV đón Quý Khách tại khách sạn, làm thủ tục nhận phòng khách sạn, sắp xếp các bữa ăn, đồng hành và thuyết minh suốt chuyến đi.

Giá tour Hạ Long 2 ngày 1 đêm

Giá tour Hạ Long 2 ngày 1 đêm của Sông Hồng Tourist hiện dao động chỉ từ 1.500.000đ/người

Nếu quý khách quan tâm và đi đoàn nhiều người thì hãy liên hệ với chúng tôi qua hotline 0962050166 – 0963938166 để được hỗ trợ tour Hạ Long sớm nhất!

Thông tin về chính sách tour

Toàn bộ thông tin về tour mà bạn nên biết:

Tour Hạ Long 2 ngày 1 đêm bao gồm

Vận chuyển:

• Xe điều hoà đưa đón theo chương trình
• Tàu tham quan vịnh Hạ Long.

Lưu trú:

• Nghỉ đêm tại khách sạn 3 sao tại Bãi Cháy (02-03 khách/phòng)

Khác:

• Vé thắng cảnh và các bữa ăn theo chương trình
• Bữa ăn theo chương trình.
• Nước uống
• Hướng dẫn viên Anh – Việt kinh nghiệm
• Bảo hiểm tai nạn du lịch trọn tour (tách biệt và nằm ngoài với các loại bảo hiểm khác như bảo hiểm trách nhiệm dân sự trên xe ô tô, máy bay, tàu thuỷ nếu có, hoặc bảo hiểm theo các loại vé thắng cảnh có bao gồm trong tour).

Giá tour Hạ Long 2 ngày 1 đêm không bao gồm

• VAT
• Đồ uống trong các bữa ăn, trong phòng nghỉ và các chi phí cá nhân khác.
• Vé vào cổng tất cả các khu công viên tại Hạ Long
• Phụ thu phòng đơn: 400.000đ/khách/đêm
• Các chi phí tham quan ngoài chương trình và chi phí cá nhân khác
• Tiền típ cho lái xe và hướng dẫn viên.
• Chèo thuyền kayak

Phụ thu

• Phụ thu phòng đơn: 400.000VND/khách (trong trường hợp khách đăng ký đi một mình mà không thể ghép ngủ ghép cùng người khác) hoặc do yêu cầu được ngủ riêng từ phía khách hàng.
• Khách quốc tịch nước ngoài phụ thu: 150.000 vnđ/khách.

Chính sách trẻ em

• Trẻ dưới 5t: Miễn phí.
• Nhưng:
  • Đối với trẻ em cao dưới 100 cm: Miễn phí cho 1 trẻ em khi đi cùng 2 người lớn và dùng chung bữa với bố mẹ.
  • Phụ phí 50% giá vé người lớn sẽ được áp dụng từ trẻ em thứ 2 và được thanh toán trực tiếp tại chỗ với nhà điều hành.
  • Trẻ em cao 1m – 1m2. Bố mẹ tự thanh toán khu tham quan
  • Trẻ từ 5 ->9t: 75% giá tour
  • Trẻ >9t: 100%
  • Phụ thu Lễ 31/08 – 03/09: Tour 2 Ngày trở lên Phụ thu 20%

Chính sách hủy

Điều kiện hủy tour (ngày thường)

• Sau khi đăng ký huỷ tour mất 10% giá tour
• Hủy tour 10 ngày trước ngày khởi hành chịu phí 30% giá tour (Không tính ngày lễ và chủ nhật). Phí hủy vé máy bay theo qui định của hãng.
• Hủy tour 8 ngày trước ngày khởi hành chịu phí 50% giá tour (Không tính ngày lễ và chủ nhật).Phí hủy vé máy bay theo qui định của hãng.
• Hủy tour 5 ngày trước ngày khởi hành chịu phí 100% giá tour (Không tính ngày lễ và chủ nhật).Phí hủy vé máy bay theo qui định của hãng.

Điều kiện hủy tour (ngày lễ tết):

• Các ngày lễ tết việc dời ngày và hủy tour mất 100% giá tour.

Chính sách đổi

Điều kiện dời ngày khởi hành (chỉ được dời 1 lần)

• Dời trước 10 ngày so với ngày khởi hành: phí dời 0% tiền tour (Không tính ngày lễ và chủ nhật). Phí dời vé máy bay theo qui định của hãng.
• Trước 6 so với ngày khởi hành: phí dời 20% tiền tour (Không tính ngày lễ và chủ nhật). Phí dời vé máy bay theo qui định của hãng.
• Trước 4 so với ngày khởi hành: phí dời 40% tiền tour (Không tính ngày lễ và chủ nhật). Phí dời vé máy bay theo qui định của hãng.
• Sau thời gian trên: phí dời 100% tiền tour (Không tính ngày lễ và chủ nhật).Phí dời vé máy bay theo qui định của hãng.

Lưu ý khi đi tour Hạ Long 2 ngày 1 đêm

Lưu ý về việc mua đồ Hải Sản:

• Trường hợp mua đồ hải sản phải được đựng trong thùng xốp dán kín và sạch sẽ. Lái xe có quyền từ chối vận chuyển nếu Quý khách mang theo đồ hải sản lên xe mà không được đóng gói cẩn thận.
• Không mang bất kỳ đồ hải sản gì lên khoang ghế ngồi. Lái xe có quyền từ chối vận chuyển đồ hải sản nếu như Quý khách mua quá nhiều đồ hải sản và không có chỗ để trong cốp xe. Những lưu ý khác:

Quý khách chỉ được mua bảo hiểm khi thoả mãn những điều kiện dưới đây:

• Đặt tour trước tối thiểu 2 ngày so với ngày khởi hành (không tính ngày lễ, thứ 7 và chủ nhật)
• Phải gửi đầy đủ thông tin chính xác và đầy đủ về Họ tên + ngày tháng năm sinh
• Là người có quốc tịch Việt Nam
• Quý khách đi tour (đặc biệt là các tour liên quan đến tàu thủy, tàu hỏa, máy bay… hoặc các tour đi đến các vùng biên giới) phải mang theo giấy tờ tùy thân hợp pháp (CMTND/Thẻ căn cước/Hộ chiếu). Trẻ dưới 14 tuổi tối thiểu phải mang theo giấy khai sinh. Trẻ em từ 14 tuổi trở lên bắt buộc phải có Thẻ căn cước hoặc hộ chiếu.
• Nên mang theo thuốc đau bụng do tiêu chảy, thuốc cảm sốt thông thường
• Quý khách là người ăn chay vui lòng mang thêm đồ ăn chay theo để đảm bảo khẩu vị của mình
• Bất cứ dịch vụ nào trong tour nếu Quý khách không sử dụng cũng không được hoàn lại
• Hướng dẫn viên có quyền sắp xếp lại thứ tự các điểm thăm quan cho phù hợp điều kiện từng ngày khởi hành cụ thể nhưng vẫn đảm bảo tất cả các điểm thăm quan trong chương trình.

Trách nhiệm của khách hàng

Khách hàng tự chịu trách nhiệm về sức khỏe và các bệnh mãn tính (tim mạch, huyết áp, tiểu đường, xương khớp…), bệnh bẩm sinh, bệnh tiềm ẩn, bệnh HIV AIDS, bệnh rối loạn tinh thần và thần kinh, phụ nữ đang mang thai... là những bệnh không nằm trong phạm vi được bảo hiểm. Khi cần thiết Quý khách phải viết cam kết về bệnh tật của bản thân khi tham gia tour. Bên tổ chức tour không chịu trách nhiệm đối với những trường hợp Quý khách không khai báo bệnh, khai báo không trung thực cũng như các trường hợp nằm ngoài phạm vi bảo hiểm du lịch trong tour.

Khách hàng phải tự bảo quản tài sản riêng của mình trong mọi trường hợp và ở tất cả các nơi trong suốt chuyến đi. Bên tổ chức tour không chịu trách nhiệm về những mất mát về tiền bạc, tư trang quý, vé máy bay, và tài sản riêng của khách hàng trong chuyến đi.

Trên đây là tour du lịch Hạ Long 2 ngày 1 đêm mà Sông Hồng Tourist đang triển khai. Nếu quan tâm hãy liên hệ cho chúng tôi qua hotline 0962 050 166 – 0963 938 166 để được hỗ trợ sớm nhất nhé!

Sàn dự ứng lực là gì? Giải thi xây dựng này có ưu điểm thế nào?

Sàn dự ứng lực là phương pháp thi công xây dựng hiện đại, việc nghiên cứu để giảm nhẹ trọng lượng sàn có ý nghĩa rất quan trọng. Do vậy, đối với các nước phát triển như Việt Nam đã sử dụng sàn bê tông dự ứng lực vì có những ưu điểm mà sàn bê tông cốt thép thông thường không thể mang lại được.

Theo nhiều chuyên gia xây dựng, việc ứng dụng công nghệ sàn bê tông dự ứng lực trong xây dựng dân dụng và công nghiệp là lựa chọn thích hợp cho những đô thị hiện đại trên thế giới.

Vậy hãy cùng TBox Việt Nam tìm hiểu ưu điểm và nhược điểm mà sàn bê tông dự ứng lực mang lại đối với thi công xây dựng nhé!

Sàn dự ứng lực là gì?

Sàn dự ứng lực là loại sàn sử dụng cáp dự ứng lực là những dây cáp bằng thép được bó lại nhằm dùng là dây trợ lực, dây kéo các khối bê tông liên kết chắc chắn với nhau. Loại cáp này có độ bền cao, không bị ảnh hưởng bởi các tác động xấu từ môi trường bên ngoài, cho tuổi thọ lâu dài. Với những ưu điểm đó, cáp dự lực được ứng dụng sử dụng rộng rãi trong các công trình xây dựng.

Đặc điểm sàn dự ứng lực

Thực tế sàn dự ứng lực có ưu điểm và nhược điểm trong thực tế như sau:

Ưu điểm

Ưu điểm nổi bật của sàn dự ứng lực cho công trình:

Ứng dụng rộng rãi

Công nghệ bê tông dự ứng căng trước được ứng dụng trong nhiều dạng công trình khác nhau: xây dựng công nghiệp, xây dựng dân dụng. Tuy nhiên, việc thi công ở những công trình lớn, nhà cao tầng của các chủ đầu tư hay dự án nước ngoài là chủ yếu. Đây là một trong những ưu điểm đầu tiên của công nghệ này.

Tiết kiệm thời gian

Trong thi công, sàn dự ứng lực cần ít bê tông nhưng vẫn đảm bảo đàn hồi và độ ứng tốt hơn bê tông truyền thống. Do vậy, việc tháo dỡ cốp pha sẽ diễn ra sớm hơn, thúc đẩy công trình ngày càng được đẩy nhanh tiến độ và kết thúc dự án sớm là điều hoàn toàn có thể xảy ra.

Với kĩ thuật này, dù đẩy nhanh tiến độ công trình nhưng vẫn đảm bảo kỹ thuật, mỹ thuật và chất lượng của toàn bộ công trình. Thực tế đã rất nhiều công trình lớn trên thế giới, đặc biệt châu Âu thống kê thì đến 70% đều vượt tiến độ khi áp dụng công nghệ này. Bởi vậy mà công nghệ được đánh giá và được coi là phương pháp tối ưu trong lĩnh vực xây dựng hiện nay.

Tiết kiệm nguyên liệu và chi phí rẻ

Bởi kết cấu sàn bê tông và panel tiền chế chính trọng lượng của nó nên giá thành phần xây dựng móng hay thân công trình đều giảm hơn việc sử dụng kết cấu bê tông thông thường. Thực tế, rất nhiều công trình lớn có thể giảm giá thành tối đa lên đến 40% khi áp dụng công nghệ truyền thống.

Cụ thể, sàn bê tông ứng lực căng trước có khả năng vượt nhịp lên đến 20m. Tuy nhiên, nhịp 8 – 12m vẫn là hiệu quả và được các chuyên gia xây dựng nhận định kết cấu nhịp không quá lớn. Do vậy, việc thi công với bê tông ứng lực luôn rẻ hơn bê tông truyền thống.

Đặc biệt, việc công nghệ tạo được nhiều không gian dùng hơn khi sử dụng cùng một lượng nguyên liệu đã tiết kiệm chi phí tối đa. Ngoài ra, việc áp dụng công nghệ này còn tiết kiệm chi phí không sử dụng ván khuôn sàn trong thi công.

>>Xem thêm: Giải pháp thi công sàn không dầm vượt nhịp

Độ cứng cao

Độ cứng khung sàn dự ứng lực cao gấp nhiều lần sàn bê tông truyền thống

Sàn dự ứng lực tiết kiệm nguyên liệu khối lượng cốt thép lên đến 80% nhưng lại tăng chi phí bê tông cường độ cao, neo, thép cường độ cao và nhiều thiết bị khác. Khi kết cấu lớn thì độ cứng khung sàn bê tông ứng lực nhỏ hơn đầm. Do vậy, khi bạn so sánh với độ cứng của bê tông truyền thống thì cao hơn rất nhiều.

Hạn chế sàn dự ứng lực

Nhược điểm của sàn bê tông dự ứng lực thì không quá phổ biến. Mặc dù công nghệ sở hữu nhiều ưu điểm nổi bật nhưng vẫn tồn tại nhược điểm lớn nhất chính là qua trình thi công đòi hỏi đơn vị phải có kinh nghiệm, chuyên môn cao.

Chính vì thế, các tòa nhà ứng dụng công nghệ này phần lớn vẫn là các dự án đầu tư nước ngoài liên doanh hay các tòa nhà cao tầng do tư vấn nước ngoài thiết kế.

Địa chỉ thi công sàn dự ứng lực – sàn phẳng uy tín

TBox Việt Nam hiện là là đơn vị đi đầu trong kỹ thuật xây dựng sàn cáp, sàn phẳng tại Việt Nam. Chúng tôi tự hào là đơn vị đồng hành cùng các chủ đầu tư để cho ra đời các công trình chất lượng nhất.

TBox Việt Nam, với hơn 10 năm kinh nghiệm trong ngành xây dựng, bên cạnh đó chúng tôi cam kết:

• Đội ngũ KTS, kỹ sư hoạt động nhiều năm trong lĩnh vực xây dựng nói chung và cáp dự ứng lực nói riêng, sẽ theo sát công trình của bạn đảm bảo kỹ thuật và an toàn xây dựng.
• Chúng tôi tìm kiếm và lựa chọn những nguyên liệu chất lượng và hợp lý với giá thành, tiết kiệm chi phí một cách tối đa
• Làm việc theo tiêu chí “Chất lượng, Tiến độ, Hiệu quả” tạo sự uy tín và xây dựng niềm tin với khách hàng.
• Cam kết không phát sinh, bảo hành công trình 12 tháng

Trên đây là thông tin về sàn dự ứng lực mà TBox Việt Nam đã tổng hợp. Hy vọng qua nội dung trên bạn đọc sẽ tìm ra được giải pháp phù hợp cho mình.

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

---

News For All

🌍 Data Broker Files: How data brokers sell our location data and jeopardise national security privacy – Data brokers sell German location data, jeopardizing privacy and national security, leading to calls for regulation and concerns about data misuse. https://netzpolitik.org/2024/data-broker-files-how-data-brokers-sell-our-location-data-and-jeopardise-national-security/#netzpolitik-pw

🪪 It's best to just assume you’ve been involved in a data breach somehow privacy – Multiple data breaches in 2024, including AT&T and Snowflake, imply personal data compromise. Recommendations include strong passwords, multi-factor authentication, fraud alerts. https://blog.talosintelligence.com/threat-source-newsletter-july-18-2024/

🔍 Data breach exposes millions of mSpy spyware customers data breach – Data breach at mSpy exposes millions of customers who purchased phone spyware apps over a decade, revealing emails, personal documents, and requests for surveillance without consent by various individuals including U.S. officials. https://techcrunch.com/2024/07/11/mspy-spyware-millions-customers-data-breach/

📱 The FBI says it has ‘gained access’ to the Trump rally shooter’s phone security news – The FBI has accessed the phone of the suspect who shot at a Trump rally without disclosing how, continuing analysis of electronic devices and urging the public for tips. https://www.theverge.com/2024/7/15/24199239/fbi-encryption-phone-trump-shooter-pennsylvania-gained-access

🧔‍♂️ Kaspersky leaves U.S. market following the ban on the sale of its software in the country security news – Kaspersky exits the U.S. market after a ban on its software due to national security risks posed by Russia. The company denies links to the Russian government and will shut down its U.S. operations by September. https://securityaffairs.com/165799/breaking-news/kaspersky-is-leaving-the-u-s-market.html

💰 AT&T ransom laundered through mixers, gambling services cybercrime – AT&T's $370,000 ransom is being laundered through cryptocurrency mixing platforms and gambling services, identified by TRM Labs. Money laundering tactics include using swap services and privacy coins, often employed by cybercriminals to hide the funds' origins. https://therecord.media/att-ransom-laundered-mixers-research

⛑️ Rite Aid says 'limited' cyber incident affected data of 2.2 million people data breach – Rite Aid reports a 'limited' cyber incident after a hacker impersonated an employee accessing purchase-related data. Law enforcement contacted, victims offered identity protection services. https://therecord.media/rite-aid-data-breach-2-million-people

🦠 Private HTS Program Continuously Used in Attacks malware – A threat actor has been distributing malware through the private home trading system (HTS) program named HPlus, replacing the NSIS installer with an MSI format installer and supporting remote assistance with AnyDesk. The malware includes Quasar RAT aimed at stealing personal data. https://asec.ahnlab.com/en/67969/

🪓 HardBit Ransomware – What You Need to Know malware – HardBit ransomware, a ransomware-as-a-service (RaaS), resurfaces with a new version, HardBit 4.0, focused on thwarting security researchers with passphrase protection and improved customization that caters to different criminal operator technical levels. https://www.tripwire.com/state-of-security/hardbit-ransomware-what-you-need-know

💦 Leaked Docs Show What Phones Cellebrite Can (and Can’t) Unlock security news – Cellebrite struggled to unlock a significant portion of modern iPhones as of April 2024, per leaked documents. https://www.404media.co/leaked-docs-show-what-phones-cellebrite-can-and-cant-unlock/

🏳️‍🌈 LGBTQ+ people in Middle East and North Africa subject to intense digital oppression, research finds privacy – LGBTQ+ individuals face intense digital oppression, with police using dating and social media apps for persecution. Research reveals high levels of violence, forced device searches, and abuse. https://therecord.media/lgbtq-mena-region-digital-harassment

🛜 Mobile internet and social media disrupted in Bangladesh amid student protests security news – Bangladesh orders a nationwide mobile internet shutdown amid violent student protests against a government job quota system. The disruption is linked to social media usage by protesters. https://therecord.media/bangladesh-mobile-internet-social-media-outages-student-protests

🏠 How a little-known tool is sweeping the real estate industry by giving instant access to vast amounts of homebuyer data security news – Forewarn app offers real estate professionals instant access to detailed data about prospective clients for a low fee. Although primarily marketed as a safety tool, it also provides financial and criminal records instantly. However, privacy concerns and potential for misusing the data exist despite its explosive adoption in the real estate industry. https://therecord.media/forewarn-app-real-estate-homebuyer-data

🏥 MediSecure data breach impacted 12.9 million individuals data breach – Australian digital prescription provider MediSecure suffered a ransomware attack exposing personal and health information of 12.9 million individuals. The breach resulted in the theft of 6.5TB of data impacting users between March 2019 and November 2023. https://securityaffairs.com/165932/uncategorized/medisecure-databreach-12-9m-individuals.html

Crowdstrike Corner 🚨 Global Microsoft Meltdown Tied to Bad Crowdstrike Update security news – Crowdstrike update causes global Windows system crashes; airports, hospitals, and businesses affected. Recovery may take time, requiring manual fix per machine. https://krebsonsecurity.com/2024/07/global-microsoft-meltdown-tied-to-bad-crowstrike-update/

🐦‍⬛ What is CrowdStrike, and what happened? security news – CrowdStrike caused a global outage after a faulty update to Windows machines, affecting essential services. The issue came from an update that caused Windows systems to crash. Recovery may take days to weeks. https://www.theverge.com/2024/7/19/24201864/crowdstrike-outage-explained-microsoft-windows-bsod

🛹 Threat actors attempted to capitalize CrowdStrike incident security news – Threat actors exploit CrowdStrike IT outage to distribute Remcos RAT malware in a Latin America-targeted campaign under the disguise of an emergency fix via a ZIP file named 'crowdstrike-hotfix.zip.' CrowdStrike provides IOCs for the malicious campaign. https://securityaffairs.com/165953/uncategorized/threat-actors-capitalize-crowdstrike-incident.html

---

Some More, For the Curious

➿ CVE-2024-38112: Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks security research – CVE-2024-38112 used by Void Banshee to exploit IE vulnerability, leading to Atlantida stealer deployment against Windows users. https://www.trendmicro.com/en_us/research/24/g/CVE-2024-38112-void-banshee.html

🖼️ Fake AWS Packages Ship Command and Control Malware In JPEG Files security research – Fake AWS npm packages hide command and control malware in JPEG images, jeopardizing package installations and highlighting the need for increased vigilance in open source ecosystems. https://blog.phylum.io/fake-aws-packages-ship-command-and-control-malware-in-jpeg-files/

0️⃣ Zero Day Initiative – Uncoordinated Vulnerability Disclosure: The Continuing Issues with CVD security news – Gap in coordinated vulnerability disclosure leads to lack of vendor transparency, disputes on severity ratings, and challenges in bug reporting, highlighting the importance of improved communication and accountability within the cybersecurity industry. https://www.thezdi.com/blog/2024/7/15/uncoordinated-vulnerability-disclosure-the-continuing-issues-with-cvd

🥴 Weak Security Defaults Enabled Squarespace Domains Hijacks – Krebs on Security security news – Weak security defaults at Squarespace allowed domain hijacking incidents targeting cryptocurrency businesses, with vulnerabilities arising from the migration process from Google Domains, lack of email verification for new accounts, and limited control over account access and activity. https://krebsonsecurity.com/2024/07/researchers-weak-security-defaults-enabled-squarespace-domains-hijacks/

🃏 Punch Card Hacking – Exploring a Mainframe Attack Vector security research – Article explores using punch card concepts in mainframe hacking for penetration testing, detailing JCL basics, FTP job submission, debugging with spool files, and potential privilege escalation. https://blog.nviso.eu/2024/07/16/punch-card-hacking-exploring-a-mainframe-attack-vector/

👻 ‘GhostEmperor’ returns: Mysterious Chinese hacking group spotted for first time in two years cybercrime – After a two-year hiatus, the sophisticated Chinese hacking group GhostEmperor, known for supply-chain attacks in Southeast Asia, has reappeared, deploying a rootkit to evade detection and carrying out attacks on business partners as seen in a recent incident investigated by cybersecurity company Sygnia. https://therecord.media/ghostemperor-spotted-first-time-in-two-years

🧑‍💼 Vulnerability in Cisco Smart Software Manager lets attackers change any user password vulnerability – Cisco Smart Software Manager On-Prem vulnerability (CVE-2024-20419) allows unauthorized users to change any user's password, posing a severe security risk with a maximum CVSS score of 10. https://arstechnica.com/security/2024/07/vulnerability-in-cisco-smart-software-manager-lets-attackers-change-any-user-password/

⚖️ Judge dismisses much of SEC suit against SolarWinds over cybersecurity disclosures security news – U.S. Judge dismissed most SEC claims against SolarWinds related to cybersecurity disclosures regarding the Sunburst attack. The ruling is seen as a victory for industry officials and a setback for SEC in holding executives accountable. https://cyberscoop.com/judge-dismisses-much-of-sec-suit-against-solarwinds-over-cybersecurity-disclosures/

🤒 APT41 Has Arisen From the DUST security research – APT41, in collaboration with Google's TAG, launched a campaign targeting various sectors across multiple countries, using techniques like web shells, backdoors, SQL export, and OneDrive exfiltration. https://cloud.google.com/blog/topics/threat-intelligence/apt41-arisen-from-dust/

🧑‍🏭 CISA publishes resilience-planning playbook for critical infrastructure cyber defense – CISA releases playbook for infrastructure resilience planning, aiming to enhance security and minimize impact of cyberattacks on critical infrastructure. https://statescoop.com/cisa-cybersecurity-resilience-planning-playbook-critical-infrastructure/

🔒 Cisco fixed a critical flaw in Security Email Gateway that could allow attackers to add root users vulnerability – Cisco fixed a critical vulnerability in Secure Email Gateway allowing attackers to add root users and crash SEG appliances. https://securityaffairs.com/165905/uncategorized/cisco-fixed-a-critical-flaw-in-security-email-gateway-that-could-allow-attackers-to-add-root-users.html

🖲️ Attacking Connection Tracking Frameworks as used by Virtual Private Networks security research – Study demonstrates successful attacks on VPN connection tracking frameworks, highlighting vulnerabilities and proposing mitigations for enhanced security and privacy. https://petsymposium.org/popets/2024/popets-2024-0070.pdf

---

CISA Corner KEV – Adobe, Solarwinds, vmware, OSGeo https://www.cisa.gov/news-events/alerts/2024/07/15/cisa-adds-one-known-exploited-vulnerability-catalog https://www.cisa.gov/news-events/alerts/2024/07/17/cisa-adds-three-known-exploited-vulnerabilities-catalog security updates – Cisco, Ivanti, Oracle https://www.cisa.gov/news-events/alerts/2024/07/18/cisco-releases-security-updates-multiple-products https://www.cisa.gov/news-events/alerts/2024/07/18/ivanti-releases-security-updates-endpoint-manager https://www.cisa.gov/news-events/alerts/2024/07/18/oracle-releases-critical-patch-update-advisory-july-2024 industrial – rockwell, Subnet, Philips, Mitsubishi https://www.cisa.gov/news-events/ics-advisories/icsa-24-198-01 https://www.cisa.gov/news-events/ics-advisories/icsa-24-200-02 https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01 https://www.cisa.gov/news-events/ics-advisories/icsa-24-200-01

---

While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

Berbagi itu penting untuk mendekatkan diri pada orang lain dan juga membutuhkan

The 2021 edition of the DJ Ripper is an aluminum bike. (There is a 2022 edition, but I think the blue variant of that model, which is set to black, doesn't look as good as the steel finish of the 2021 model.)

I had no idea what I was getting myself into, as I had only my steel adult bike from Target in high school as baseline for my bike experience.

The following are a loose collection of observations I've noticed from riding bikes. Also, when you are invited to test ride someone else's bike, or given bikes to borrow for a moment; you start to experience the differences between different bikes — much like driving different cars.

For now, we'll focus on aluminum bikes. (Maybe this will be true on other aluminum bikes — I won't find out until I can test others.)

At first, I thought that the sound of the brakes gave the DJ Ripper a similar sound to restorative brakes on a car or an e-bike. However, it took me almost 9 months to realize that the sound was because aluminum bikes will sound more hollow compared to steel bikes. For context, steel is the most basic alloy for bikes. Literally every “low” end bike in Target and similar department stores will be made of steel. You need to visit bike shops in order to see different base alloys, such as aluminum and titanium.

The downside to an aluminum bike is that they are more likely to be blown over in the wind.

Also, if there was a bike I would be leery of attempting to put a rear rack on, then this would be it. Not only is this still a bike life bike. It's be a bit unfair to ask a bike made for bike life to easily put on a rear rack for panniers and tag along bike trailers, and the weight distribution of already putting on multiple bike packs inside of the frame triangle and a handlebar bag is already poor and unbalanced.

(So, when compared to most other bikes, the geometry is tweaked for SE Bike models, which is a company known to make bikes broadly speaking for doing wheelies and combos. The DJ Ripper is not exactly the best model to do wheelies and combos on, but then again this bike really can't do most of those idiosyncratic things most SE Bikes are known for, such as being able to put on rear wheelie pegs.)

I'm still discovering what the experience of riding bikes made of aluminum alloys.

I made a résumé in LaTeX when I needed to apply for a job about 2 years ago, and it was not great. While it served its purpose, I wasn't happy with it when it came to long-term code upkeep. (I can't remember the source of the template for my first “real” résumé.) The template I chose at the time had weird quirks, and I told myself I'd tried to get a simpler template the next time I needed to make a CV/résumé.

Well, I got my head start on a maintainable résumé now. Better start now, while I have the time to properly component test everything.

I was sort of reminded of myself, back when I was writing my undergraduate research paper. I chose a previously created and known LaTeX environment for pseudocode. Initially, I believed the one I had chosen the environment that was easiest to use, but then it turned out that it didn't break over page breaks at all. I ended up manually creating page breaks in LaTeX to match the actual printed output in a WYSIWYG, which is not in line with the WYSIWYM mindset of LaTeX. (I will make sure that doesn't happen the next time I write a scientific paper.)

So, what's the difference? Armed with only my GrapheneOS phone, DuckDuckGo, and the Cromite browser; I only sifted through the first page of results.

First, I found an article from Baeldung, which is a website I've gotten some helpful Linux and programming related tips from. However, I found the final result to be like the New Age templates on Typst, which really just look like a very polished Microsoft Office résumé that most people would make (which isn't bad, but I really wanted to still use Computer Modern). Also, I'm not a fan of the numeric bar numbers for each skill you have. I've learned quite a number of (surprisingly) useful bits of knowledge from video games, but the numeric RPG-style skill tree progression isn't one of them.

Thanks for explaining each part of the LaTeX template, though.

Second, I found an article on LaTeX Tutorial about a minimalistic CV/résumé. It was getting closer to what I wanted (part of which included not moving too far away from the default Computer Modern font.

However, it changed the majority of the text (or at least used a non-default font type almost immediately in the preamble).

Maybe I would've chosen this if I was making this for my first real job outside of undergrad studies, but I felt I could do better.

The third and last was a CV/résumé template posted onto GitHub in October 2016.

As they say in vintage carnival contexts that are inspired by something out of Cuphead:

We have a winner!

This is the LaTeX file for the CV (with its corresponding PDF) and this is the LaTeX file for the résumé (with its corresponding PDF).

The last file needed is the style file.

I'm not sure why I was so successful now, compared to when I was finishing my undergrad studies — but I'll take it.

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

---

News For All

🍪 Linksys-Router senden wohl WLAN-Passwörter an US-Server security research – zwei getestete Routermodelle übermitteln wohl sensible Daten an einen Server in den USA. https://www.golem.de/news/im-klartext-linksys-router-senden-wohl-wlan-passwoerter-an-us-server-2407-186894.html

🍏 Apple warns iPhone users in 98 countries of spyware attacks warning – Apple warns iPhone users globally about targeted mercenary spyware attacks, emphasizing privacy and ongoing threat notifications. https://techcrunch.com/2024/07/10/apple-alerts-iphone-users-in-98-countries-to-mercenary-spyware-attacks/

🎓 ‘Serious hacker attack’ forces Frankfurt university to shut down IT systems cyberattack – Frankfurt University of Applied Sciences faces a hacker attack, leading to a total IT system shutdown, impacting services and communication. https://therecord.media/serious-hacker-attack-shutdown-frankfurt

‼️ Scammers double-dip by offering help to recover from scams warning – Scammers target victims of previous scams with fake offers to recover lost money, posing as trusted entities and requesting upfront fees or sensitive information, with the most vulnerable being victims over 65 years old. https://www.theregister.com/2024/07/09/australia_rescam_warning/

🏃‍♂️ Gadgetbridge: Smartwatches/Fitness-Tracker datenschutzfreundlich nutzen – Teil 1 privacy – Gadgetbridge ist eine datenschutzfreundliche Open-Source-App für Android, die es ermöglicht, Smartwatches und Fitness-Tracker unabhängig von den herstellereigenen Apps zu verwenden, um die volle Kontrolle über persönliche Daten zu behalten und lokale Speicherung zu gewährleisten. https://www.kuketz-blog.de/gadgetbridge-smartwatches-fitness-tracker-datenschutzfreundlich-nutzen-teil-1/

🔮 Avast released a decryptor for DoNex Ransomware and its predecessors security news – Avast developed a decryptor for the DoNex ransomware family due to a cryptographic flaw, allowing victims to recover files for free since March 2024. https://securityaffairs.com/165469/malware/donex-ransomware-decryptor.html

🐻 Apple removed 25 VPN apps from the App Store in Russia privacy – Apple removed 25 VPN apps from the Russian App Store due to government requests, part of Russia's control over internet access, leading to bypass difficulty for users. https://securityaffairs.com/165437/hacking/apple-removed-vpn-apps-from-app-store-in-russia.html

🎫 The Ticketmaster Hack Is Becoming a Logistical Nightmare for Fans and Brokers data breach – A hacking group released data allowing the creation of over 38,000 concert tickets, posing a potential logistical nightmare for Ticketmaster, venues, fans, brokers, and resale platforms. The hack can lead to issues such as duplicated tickets for sold seats and legitimate buyers being denied entry. https://www.404media.co/the-ticketmaster-hack-is-becoming-a-logistical-nightmare-for-fans-and-brokers/

🥓 More than 31M email addresses exposed following Neiman Marcus data breach data breach – Neiman Marcus data breach exposed over 31 million customer email addresses, affecting 64,472 individuals with leaked names, addresses, and more sold by threat actors. https://securityaffairs.com/165492/data-breach/neiman-marcus-data-breach-2.html

🤖 US, international authorities seize Russian AI bot farm cybercrime – U.S. authorities seized Russian AI bot farm domains linked to RT, accusing operatives of using Meliorator software to create social media personas and spread disinformation primarily aimed at U.S. politics. https://cyberscoop.com/us-international-authorities-seize-russian-ai-bot-farm/

🪛 Google’s dark web monitoring service will soon be free for all users security news – Google's dark web monitoring service, previously exclusive to Google One subscribers, will be free for all Google account holders starting soon, providing a combined solution to protect online presence. https://www.theverge.com/2024/7/9/24194970/google-one-free-dark-web-monitoring

🕵️ Hacktivists release two gigabytes of Heritage Foundation data data breach – The hacktivist group SiegedSec released two gigabytes of data from the Heritage Foundation in response to their Project 2025 initiative, claiming they wanted to expose supporters of the conservative think tank; however, Heritage denies being hacked, stating the data was from a publicly accessible archive. https://cyberscoop.com/hackvists-release-two-gigabytes-of-heritage-foundation-data/

📰 How disinformation from a Russian AI spam farm ended up on top of Google search results security research – A piece of Russian disinformation about Ukrainian president's wife buying a luxury car spread rapidly online, originating from a fake French website and promoted by pro-Kremlin accounts. https://arstechnica.com/ai/2024/07/how-disinformation-from-a-russian-ai-spam-farm-ended-up-on-top-of-google-search-results/

🦍 Scammers harness AI and deepfakes to sell bogus ‘miracle cures’ on Meta platforms security news – Artificial intelligence and deepfake videos fuel health-related scam campaigns on Meta platforms, promoting fake 'miracle cures' endorsed by celebrities and bogus medical experts, targeting millions of users worldwide, based on research by Bitdefender Labs. https://therecord.media/scammers-harness-ai-deepfakes-medical-bogus

🙊 Spear phishing techniques in mass phishing: a new trend security news – An increasing trend shows elements of spear phishing being incorporated into regular mass phishing campaigns, with sophisticated email design, personalized details, and imitation of HR notifications, showcasing a shift in attackers' techniques and an escalation in decentralized attacks. https://securelist.com/spear-phishing-meets-mass/113125/

🦹 RansomHub Ransomware – What You Need To Know cybercrime – RansomHub, a Ransomware-as-a-Service group, exploits a vulnerability in the email servers and has quickly risen as a significant threat. https://www.tripwire.com/state-of-security/ransomhub-ransomware-what-you-need-know

📱 You can now protect your high-risk Google account with just your phone privacy – Google's Advanced Protection Program now allows high-risk users to enroll using a single phone-based passkey. https://www.theverge.com/2024/7/10/24195306/google-accounts-advanced-protection-passkey-enrollment-support-security-key

📞 AT&T breach leaked call and text records from ‘nearly all’ wireless customers data breach – accessed through a third-party cloud platform. https://www.theverge.com/2024/7/12/24197052/att-data-breach-call-text-records-hack

---

Some More, For the Curious

🔦 Shelltorch Explained: Multiple Vulnerabilities in Pytorch Model Server (Torchserve) (CVSS 9.9, CVSS 9.8) Walkthrough hacking writeup – Shelltorch exposes critical vulnerabilities in PyTorch TorchServe, allowing remote code execution and unauthorized server access. https://www.oligo.security/blog/shelltorch-explained-multiple-vulnerabilities-in-pytorch-model-server

⚠️ CVE-2024-4577 Exploits in the Wild One Day After Disclosure security research – Exploitation of PHP vulnerability CVE-2024-4577 for remote code execution with malicious PHP code, emphasizing swift patching and monitoring. https://www.akamai.com/blog/security-research/2024-php-exploit-cve-one-day-after-disclosure

🧑‍🦯 CISA broke into a US federal agency, and no one noticed for a full 5 months security news – CISA red team exercise uncovers security flaws at US federal agency, lasting undetected for five months. https://www.theregister.com/2024/07/12/cisa_broke_into_fed_agency/

🌐 Emboldened and Evolving: A Snapshot of Cyber Threats Facing NATO security news – NATO faces cyber threats from state-sponsored actors, hacktivists, and cybercriminals, impacting espionage, disruptive attacks, and disinformation campaigns targeting critical infrastructure and political entities. https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-facing-nato/

🦷 Developing and prioritizing a detection engineering backlog based on MITRE ATT&CK security research – Exploring the prioritization of MITRE ATT&CK techniques for detection in Security Operation Centers, Threat Intelligence, and Incident Response. Emphasizing source evaluation, technique relevance, and optimizing detection logic development. https://securelist.com/detection-engineering-backlog-prioritization/113099/

☢️ New Blast-RADIUS attack breaks 30-year-old protocol used in networks everywhere security news – A new attack named Blast RADIUS exploits the 30-year-old RADIUS protocol due to its continued use of MD5, despite known vulnerabilities, allowing adversaries to gain admin access to various networks; the attack has led to a coordinated response from vendors. https://arstechnica.com/security/2024/07/new-blast-radius-attack-breaks-30-year-old-protocol-used-in-networks-everywhere/

🗞️ Chinese cyber agency accused of 'false and baseless' claims about US interfering in Volt Typhoon research security news – China's cybersecurity agency inaccurately claimed a U.S. threat intelligence company succumbed to U.S. influence, mischaracterizing the company's report on Dark Power ransomware, leading to pushback and accusations of false representation and manipulation from Western organizations. https://therecord.media/china-cyber-agency-claims-us-interference-volt-typhoon-research

📧 Exim vulnerability affecting 1.5M servers lets attackers attach malicious files vulnerability – 1.5 million servers with Exim mail agent are vulnerable to delivering malicious executable attachments due to a critical CVE-2024-39929, prompting urgent updates to address the security issue. https://arstechnica.com/security/2024/07/more-than-1-5-million-email-servers-running-exim-vulnerable-to-critical-attacks/

🪰 Palo Alto Networks fixed a critical bug in the Expedition tool vulnerability – Palo Alto Networks fixed an admin account takeover bug in its Expedition tool and addressed multiple other vulnerabilities impacting its products. https://securityaffairs.com/165641/security/palo-alto-networks-critical-bug-expedition.html

🔍 The president ordered a board to probe a massive Russian cyberattack. It never did. security news – Despite a directive to investigate the SolarWinds attack, the Cyber Safety Review Board did not conduct the investigation, raising concerns about government accountability and cybersecurity oversight. https://arstechnica.com/security/2024/07/the-president-ordered-a-board-to-probe-a-massive-russian-cyberattack-it-never-did/

💰 Wallets tied to CDK ransom group received $25 million two days after attack cybercrime – CDK Global paid over $25 million in ransom following a ransomware attack, with most of the funds going through a complex money laundering process involving multiple exchanges. https://cyberscoop.com/cdk-ransom-blacksuit-25-million/

📅 DDoSecrets Mirrors Wikileaks Data After Assange Plea Deal security news – DDoSecrets mirrored Wikileaks data to preserve transparency and ensure data availability, following Julian Assange's plea deal. https://www.404media.co/ddosecrets-mirrors-wikileaks-data-after-assange-plea-deal/

🏭 Critical infrastructure organizations want CISA to dial back cyber reporting security news – Critical infrastructure organizations request scaled-back cyber reporting to CISA, expressing concerns over definitions, reporting entities resource burden. https://cyberscoop.com/cisa-cyber-reporting-circia-2024/

🏁 Binary secret scanning helped us prevent (what might have been) the worst supply chain attack you can imagine security research – JFrog Security Research prevented a potential severe supply chain attack by detecting and reporting a leaked access token compromising Python infrastructure. https://jfrog.com/blog/leaked-pypi-secret-token-revealed-in-binary-preventing-suppy-chain-attack/

7️⃣ The Stark Truth Behind the Resurgence of Russia’s Fin7 cybercrime – The notorious Fin7 cybercrime group reemerges, setting up thousands of malicious sites targeting various brands for phishing attacks. https://krebsonsecurity.com/2024/07/the-stark-truth-behind-the-resurgence-of-russias-fin7/

---

CISA Corner

🦿 People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action security research – APT40 compromises organization networks via multiple access vectors with enumeration, web shells, and exfiltration of sensitive data, leading to targeted threat actor investigation. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-190a

🛡️ CISA Adds Three Known Exploited Vulnerabilities to Catalog vulnerability – CISA lists three actively exploited vulnerabilities: Rejetto HTTP File Server flaw, Windows Hyper-V privilege escalation issue, and Windows MSHTML platform spoofing flaw. https://www.cisa.gov/news-events/alerts/2024/07/09/cisa-adds-three-known-exploited-vulnerabilities-catalog

CISA Releases Seven Industrial Control Systems Advisories https://www.cisa.gov/news-events/alerts/2024/07/09/cisa-releases-seven-industrial-control-systems-advisories CISA Releases Twenty-one Industrial Control Systems Advisories https://www.cisa.gov/news-events/alerts/2024/07/11/cisa-releases-twenty-one-industrial-control-systems-advisories Adobe Releases Security Updates for Multiple Products https://www.cisa.gov/news-events/alerts/2024/07/09/adobe-releases-security-updates-multiple-products Microsoft Releases July 2024 Security Updates https://www.cisa.gov/news-events/alerts/2024/07/09/microsoft-releases-july-2024-security-updates Citrix Releases Security Updates for Multiple Products https://www.cisa.gov/news-events/alerts/2024/07/09/citrix-releases-security-updates-multiple-products

---

While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

Creating a Michelin menu with Generative AI

We've been watching season three of The Bear and it is totally nuts, filled with drama and psychology, and human relationships, and –when they can get around to it– cooking food. This is a fantastic series, and as foodies, you can imagine that my wife and I really enjoy it. The series is intense, following a classically-trained, at the top of his game chef as he “drops down” from a fancy restaurant to a steak sandwich shop and works back toward where he was before.

That’s not a spoiler, it’s the premise. And this isn’t a review, it was just something in my mind as I experimented with this new tool called LobeChat, which is an interface to #genAI inference servers such as #OpenAI’s #chatGPT, #Claude, and nearly any other commercial or #opensource system you can imagine. I'm tweaking a #homelab hosted genAI inference server and this post is about experimenting with [Ollama]() and a Lobe chat front end for easy access. I haven’t formed a final opinion on this setup at this time, but the #LobeChat front end allows for the quick switching between inference servers and their hosted models. While not being super easy to configure, once it works, the whole thing looks very easy for someone, i.e. a roommate or a spouse, to flip between models -even in the same conversation.

So let’s look at some results. Of course, the results are about the models themselves, but the point here is that LobeChat made it easy to switch between them as I continued to develop the conversation.

First prompt

This was with ChatGPT (4o, I think). I needed something to test that an integration was working. We had just watched The Bear so this is what I came up with:

as fast as you can, what's the best restaurant dinner menu with wine pairing that could win a Michelin 3 star award?

Response

Crafting a Michelin 3-star worthy dinner menu with wine pairings involves high-quality ingredients, exquisite preparation, and a thoughtful combination of flavors. Here’s a conceptual menu that could impress:

Amuse-Bouche: – Oyster with Champagne Foam – Wine Pairing: Champagne Brut

Appetizer: – Seared Scallops with Cauliflower Puree and Caviar – Wine Pairing: Chablis, Premier Cru

Soup: – Cream of White Asparagus with Truffle Oil – Wine Pairing: Viognier

Fish Course: – Poached Turbot with Fennel and Citrus Beurre Blanc – Wine Pairing: Pouilly-Fumé

Main Course: – Roasted Duck Breast with Plum Sauce, Parsnip Mash, and Seasonal Vegetables – Wine Pairing: Pinot Noir, preferably from Burgundy

Cheese Course: – A Selection of Artisan Cheeses with Honeycomb – Wine Pairing: Vintage Port

Dessert: – Chocolate Lava Cake with Raspberry Coulis and Homemade Vanilla Bean Ice Cream – Wine Pairing: Recioto della Valpolicella

Mignardises: – Petit Fours and Truffles

This menu balances rich flavors with delicate preparation, offering a progression of dishes that showcase both technique and creativity. Each wine pairing is chosen to enhance the flavors of the dishes, aiming to create a harmonious dining experience that could captivate both critics and diners alike.

Review

Not a bad first response, especially since I was just checking to see if the system worked.

Prompt 2: Get ChatGPT to refine it

That was pretty boring. I’m thinking early 90s fancy dining at best, but I wasn’t eating fancy back then and assume it was all shoulder pads, tuna steaks, and cocaine. Continuing with ChatGPT, I posed the following in an attempt to refine our menu (in retrospect, I was generous with the stars):

That's an incredibly boring menu. At best 2 stars. And that's in a region that is not known for its gastronomical excellence

Response

Creating a truly innovative and Michelin 3-star worthy menu certainly demands a more avant-garde approach, pushing culinary boundaries with unique combinations and exceptional techniques. Let's elevate the original concept to something more daring and creative:

Amuse-Bouche: – Nitro-frozen Lime and Ginger Pearls with Micro Basil – Wine Pairing: Small-batch Sake

First Course: – King Crab Tartare with Avocado Mousse, Mango Gel, and Edible Flowers – Wine Pairing: Albariño

Second Course: – Foie Gras Au Torchon with Saffron Pear Compote and Brioche Crisp – Wine Pairing: Sauternes

Fish Course: – Butter-Poached Monkfish with Leek Ash, Sea Beans, and a Lemon Verbena Emulsion – Wine Pairing: White Burgundy

Intermezzo: – Cucumber and Elderflower Sorbet

Main Course: – Sous-vide Venison Loin with Black Garlic Purée, Wild Mushrooms, and a Juniper Berry Reduction – Wine Pairing: Barolo

Cheese Course: – A Selection of Aged Cheeses with a Fig and Walnut Tapenade – Wine Pairing: Aged Madeira

Dessert: – Deconstructed Passion Fruit Tart with Coconut Foam, Crystallized Ginger, and Meringue Shards – Wine Pairing: Late Harvest Riesling

Petit Fours: – Matcha Green Tea Macarons, Raspberry Pâte de Fruit

This revised menu introduces more complex techniques and unusual ingredients, aiming to surprise and delight with every course. Wine pairings are carefully selected to complement and enhance these adventurous flavors, providing a sophisticated and memorable dining experience.

Review

Not bad! It would be nice if the wines were more than broad regions, however, I do appreciate the ‘ñ’ in Albariño. There’s nothing particularly innovative here; the fancy-sounding “Foie Gras Au Torchon with Saffron Pear Compote and Brioche Crisp” is a Thomas Keller recipe, so at least we’re pulling from the top now that I asked it to up its game.

Prompt 3: Let's try a different model

Not only am I using a different model at this point, llama3:instruct, but I am going to specify a food critic in order to change the menu.

Prompt

One more try: let's make a menu that would knock even James Beard out of his chair because it's so good

Response

You are absolutely right! That menu, while technically sound, lacks the daring, innovation, and personal touch needed to truly impress Michelin inspectors and earn those coveted three stars. It plays it too safe, relying on classic pairings and predictable dishes.

To push towards that 3-star level, we need to think outside the box:

• Ingredient Focus: Instead of “seasonal vegetables,” source hyper-local, unique produce with a story. Maybe a heirloom tomato variety grown in volcanic soil, or foraged mushrooms with a distinct flavor profile.
• Deconstruction & Fusion: Take classic elements and reimagine them. A deconstructed apple pie might involve caramelized apple spheres, crumble as a powder, and a cider foam. Fusion could bring Japanese umami to the duck dish, or Indian spices to the scallops.
• Unexpected Textures: Play with contrasts – crunchy, creamy, smooth, airy. Think smoked paprika meringue alongside the chocolate lava cake, or a black truffle “soil” under the turbot.

Wine Pairings Should Be Equally Bold: * Instead of a basic Chablis, consider an obscure producer from the Côte de Beaune known for mineral-driven wines.
* The Pinot Noir could be a lesser-known region with unique terroir, like Slovenia's Primorska. * Experiment with natural wines, or even sake pairings that complement specific dishes.

The Presentation Matters:

Plating should be artistic, telling a story through the arrangement of colors, textures, and shapes. It’s about creating an immersive experience for the diner.

A Michelin-worthy menu isn't just about taste; it's about pushing boundaries, showcasing creativity, and offering a truly unforgettable journey through flavor.

Review

This is less of a menu than some advice for the aspiring chef. Let’s try something different.

Prompt 4: Let's go for Three Stars!

I felt like this was the time to go for the gusto, let's see how a different model would respond, but also with all the history behind it.

Prompt

I asked: > One more try: let's make a menu that would knock even James Beard out of his chair because it's so good

While it's not a crazily-innovative menu, it has some classic touches of a what an American, Michelin-starred menu would look like, and

Response with gemma2

You want to blow James Beard away? This isn't about ingredients, it's about experience.

The Menu: A Symphony in Five Acts

• Act I: Awakening – Smoked Salmon “Caviar” with Beetroot Foam, Rye Crisp, and a single drop of Ossetra Caviar.

  • Pairing: Dry Riesling from Germany's Mosel Valley, expressing its slate minerality alongside the salmon's richness.

• Act II: Earth & Sky – Roasted Quail “Confit” with Black Truffle Jus, Heirloom Carrot “Clouds,” and a dusting of Micro Thyme.

  • Pairing: Oregon Pinot Noir, showcasing earthy notes that harmonize with the truffle while its bright acidity cuts through the richness.

• Act III: Fire's Dance – Charred Octopus with Smoked Paprika Aioli, Caramelized Onion Jam, and a drizzle of Chili Infused Olive Oil.

  • Pairing: Spanish Albariño, crisp and mineral-driven, its citrus notes complementing the octopus while balancing the smoky paprika.

• Act IV: Ocean's Bounty – Pan-Seared Sea Scallops with Saffron Risotto “Foam,” Dulse Crisp, and a single Pearl Oyster.

  • Pairing: Chablis Premier Cru, its intense minerality mirroring the scallops' brininess, while subtle citrus notes elevate the saffron risotto.

• Act V: Sweet Serenade – Deconstructed Peach Cobbler with Lavender Honey Ice Cream, Toasted Almond Brittle, and a hint of Rosemary Extract.

  • Pairing: Late Harvest Gewürztraminer from Alsace, its floral aroma echoing the lavender, while its sweetness complements the peach cobbler's richness.

The Experience:

• Each course is plated as a miniature work of art, using contrasting colors, textures, and temperatures.
• The dining room itself is a sensory experience, with soft lighting, calming music, and subtle aromas that enhance each dish.
• Service is impeccable, with knowledgeable staff guiding guests through the tasting menu and explaining the inspiration behind each course.

This is not just food; it's a journey for the senses, a story told through flavor and texture, leaving James Beard speechless (and perhaps, slightly envious).

Review

Wow, what a different response! This one could actually be a menu, with the wines having robust and specific descriptions. I especially like how the wines are sourced from all over the globe, really picking best of breed in the selections. As good as the wines are, however, the food does not look 3-star level to me. The dishes sound really nice, and there’s a fair bit of molecular gastronomy in there. However, aside from the poetic nature of the menu, I’m not sure this is a top-tier menu for a chef to execute.

Still, most of these items are good enough for a fake restaurant. If this was to show up in a video game or a novel, I think most people would accept it and move on.