Tech Roundup Week Ending April 28
Accessible Target Sizes Cheatsheet
Vitaly provides practical guidelines for preventing rage taps, and rage clicks on mobile devices, including recommended target sizes for icons, links, and buttons. It also offers helpful conversion tables for translating point units to CSS pixels or Android/iOS units.
OpenAI is trying to trademark “GPT.” What are your thoughts?
A discussion about OpenAI’s attempt to trademark the term GPT (Generative Pre-trained Transformer): some commenters expressed concern that this move could limit innovation and collaborations in the AI community. In contrast, others argue that OpenAI deserves the trademark and that it could benefit their business. There is also debate about whether the term GPT has become a generic term or if it is still associated primarily with OpenAI. Some commenters suggest using alternative marketing terms to avoid potential trademark issues.
Also: Our friend Marcel (@schmitzoide) has released GeniePal – ChatGPT Client for iOS.
The Evolution of DevOps to DevSecOps: Integrating Security into the Software Development Lifecycle
• DevOps emerged to bridge the divide between software development and IT operations teams, enabling organizations to accelerate application delivery.
• The rise of high-profile security breaches led to the emergence of DevSecOps, which integrates security into every stage of the software development lifecycle.
• Examples of high-profile data breaches include Equifax (2017), SolarWinds (2020), and Capital One (2019).
• Key differences between DevOps and DevSecOps include an increased focus on security in DevSecOps, early involvement of security teams, continuous security practices, and a security-focused culture.
SLP: a new DDoS amplification vector in the wild
Researchers have discovered a new DDoS reflection/amplification attack vector leveraging the SLP protocol. This service discovery protocol allows devices in a local area network to interact without prior knowledge of each other. This protocol has no method for authentication and should never be exposed to the public internet. Still, over 35,000 internet endpoints have their devices’ SLP service exposed and accessible to anyone. The UDP version of this protocol has an amplification factor of up to 2200x, the third largest discovered to date. Cloudflare customers are already protected from this new attack vector. Still, network operators should ensure they are not exposing the SLP protocol directly to the public internet and should consider blocking UDP port 427 via access control lists or other means.