Join us
Updates and recent posts about BigQuery..
A security researcher used an AI fuzzing harness against 1,500+ Google APIs and earned $500,000 in bug bounties, surfacing access-control flaws across Google Voice, Widevine, AdExchange, and internal Cloud Console GraphQL endpoints... read more
Aafaq Zahid open-sourced Keel, a Go microservices framework he extracted from eight years of production systems... read more
CoreDNS pods insecure option is the default in Kubernetes as it allows for the creation of arbitrary DNS A records. Combined with wildcard SSL certs, it poses a security risk, highlighted by Cilium's handling of network policies in the face of DNS manipulation. Time to shift to a more secure DNS con.. read more
The Kubernetes image promoter no longer replicates container image signatures across regions. The rewrite drops that replication entirely, cuts latency, and simplifies the codebase, while keeping signature verification working seamlessly for end users. Next, the project is moving to OCI 1.1 referrer.. read more
Portworx released "virtbench," an open-source CLI that lets platform teams run reproducible KubeVirt benchmarks and assess VM readiness, rather than rely on pod health as a proxy... read more
This post discusses the challenges of leveraging distributed resources for AI workloads and the role of Kubernetes in addressing these challenges. The k0smos stack is highlighted as a solution for operating geo-distributed AI infrastructure, divided into three technical layers: k0s, k0smotron, and k.. read more
The Kubernetes Dashboard project has been archived, with Headlamp now carrying the legacy forward by offering a visual interface with enhanced capabilities like multi-cluster visibility and application-centric views. Headlamp keeps familiar workflows, while expanding to support multi-cluster environ.. read more
Croqaz shows how he built Vintage LLM, a Llama-style model trained on English books, newspapers, and other texts published before 1900. He covers corpus selection, cleaning, tokenizer choices, training setup, evaluation, and how pre-20th-century English affects model behavior... read more
By appending a payload to any web page summarized by ChatGPT, an attacker can leak IP, User-Agent, and launch phishing attacks using live links and images inside the assistant UI. This browser-based prompt injection raises the bar for phishing and tracking, bypassing traditional defenses... read more
Anthropic staff disabled Fable 5 and Mythos 5 for all customers after U.S. officials issued an export-control directive that barred foreign nationals from accessing the models, citing a suspected jailbreak... read more
