DEV Community: Samihan

AI's antibiotic breakthrough

Samihan — Sat, 08 Jun 2024 00:04:58 +0000

Introductuon: Researchers just published a new study detailing the use of AI to predict close to 1M new antibiotics hidden within tiny microbes all over the world, uncovering new potential treatments against bacteria and superbugs.

The details:

Researchers used AI to analyze publicly available data on over 100,000 different genomes and meta-genomes.

The AI then predicted which parts of the microbial genomes could potentially produce antibiotic compounds, generating a list of nearly one million candidates.

100 of the AI-predicted drug candidates were tested in the lab, with 79 of them being a potential antibiotic.

The paper’s author Cesar de la Fuente said the findings are “the largest antibiotic discovery ever”, accelerating the process from years to just hours.

Why it matters: As the world faces growing threats from antibiotic-resistant bacteria, AI’s ability to unlock millions of new potential treatments could be a lifeline toward staying ahead in the race to outsmart superbugs responsible for millions of deaths every year.

China's new Sora rival is here

Samihan — Sat, 08 Jun 2024 00:01:56 +0000

``Introduction: Chinese tech firm Kuaishou just introduced KLING, a new text-to-video AI model capable of generating high-quality videos up to 2 minutes long with outputs that appear to rival OpenAI’s still-unreleased Sora.

The details:

KLING can produce videos at 1080p resolution with a maximum length of 2 minutes, surpassing the 1-minute Sora videos demoed by OpenAI.

KLING’s demos include realistic outputs like a man eating noodles and scenic shots, as well as surreal clips like animals in clothes.

The model uses a 3D space-time attention system to simulate complex motion and physical interactions that better mimic the real world.

The model is currently available to Chinese-based users as a public demo on the KWAI iOS app.

Why it matters: These generations are even more mind-blowing when you consider that Will Smith’s spaghetti-eating abomination was barely a year ago. With users still anxiously waiting for the public release of Sora, other competitors are stepping in — and the AI video landscape looks like it’s about to heat up in a major way.

DEVIN ? IS IT ACTUALLY GONNA REPLACE US?

Samihan — Fri, 07 Jun 2024 04:14:15 +0000

Devin AI: A Promising Yet Unproven AI Software Engineer

Devin AI burst onto the scene with ambitious claims, positioning itself as a revolutionary force in software development. Developed by Cognition Labs, it was touted as the world's first "AI software engineer," capable of taking entire projects from concept to completion. This promised a future where AI would handle the heavy lifting of development, freeing up human engineers for more strategic tasks.

A Look Under the Hood: Functionality vs. Hype

Devin AI's claims were certainly captivating. It supposedly possessed the ability to:

Conceptualize and Develop Projects: Move a project from a raw idea to a workable plan and then translate that plan into functional code.
Autonomous Coding: Write its own source code, potentially eliminating the need for human intervention altogether.
Integrated Testing: Not only write code, but also conduct automated testing to ensure its creations functioned as intended.

This vision of a highly autonomous and proficient AI tool understandably generated significant excitement. However, independent investigations cast a shadow of doubt on the veracity of these claims.

Scrutiny and Shortcomings Revealed

A prominent tech YouTuber, "Internet of Bugs," conducted an experiment on the freelancing platform Upwork. They tasked Devin AI with basic development projects. The results were underwhelming. Devin AI struggled with tasks that a competent human developer could handle with ease. This exposed a significant gap between the advertised capabilities and the actual performance.

Limited Access and Lingering Questions

Further dampening enthusiasm is the fact that Devin AI remains firmly in a closed beta testing phase. Users are still unable to obtain general access to the software, hindering widespread evaluation and independent verification of its claims. This lack of transparency fuels skepticism about the true state of Devin AI's development.

The Road Ahead: Hype, Hope, and Uncertainty

The revelations regarding Devin AI's limitations sparked discussions within the AI community concerning transparency and responsible marketing. Key questions remain unanswered:

Misrepresented Potential? Did Cognition Labs intentionally overstate Devin AI's capabilities?
Influencer Oversight? Did those promoting Devin AI exercise proper due diligence, or were they swayed by the hype?
The Future of Devin AI? Will Cognition Labs address the exposed issues and refine its capabilities, or will the project fizzle out?

Conclusion: A Case Study in AI Development

As of today, Devin AI's website remains operational, but there's a lack of significant updates or efforts to address the concerns raised. Devin AI serves as a cautionary tale, highlighting the importance of critical evaluation in the field of AI. While AI holds immense potential to revolutionize software development, it's crucial to distinguish genuine advancements from overstated marketing claims. Devin AI's story underscores the need for transparency and responsible communication as AI development continues to evolve.

Web3: The Future of the Internet

Samihan — Fri, 07 Jun 2024 00:17:26 +0000

Introduction:

Web3, also known as Web 3.0, is the envisioned future of the World Wide Web, promising to revolutionize the way we use the internet. It is a concept that builds upon the foundations of decentralized technologies, blockchain, and community-driven ideals to create a new, open, and user-controlled online experience. With Web3, the internet is anticipated to undergo a significant transformation, offering users greater control, ownership, and opportunities in the digital world.

Understanding Web3:

Web3, or Web 3.0, represents the third generation of internet development and usage. The first generation, Web 1.0, was characterized by static web pages and limited user interaction. Web 2.0, the current iteration, is defined by dynamic content, user-generated material, and centralized platforms like social media and sharing economy giants.

Web3, as the next evolutionary step, aims to address the shortcomings of Web 2.0, particularly concerning data ownership, privacy, and the concentration of power in the hands of a few tech giants. Web3 envisions a decentralized web where users are not just consumers but also owners and stakeholders of the online platforms and communities they engage with.

Key Characteristics of Web3:

Decentralization: Web3 is built on the principle of decentralization, meaning there is no central authority or intermediary controlling the network. Instead, it relies on distributed ledger technologies like blockchain to facilitate peer-to-peer interactions and transactions. This decentralization ensures greater user privacy, security, and freedom from censorship.
User Ownership and Control: In Web3, users own and control their data, content, and digital assets. They have the ability to decide how their information is shared, used, and monetized. This shift empowers individuals to have a financial stake in the web communities they participate in and to benefit directly from their contributions.
Blockchain Integration: Blockchain technology is at the heart of Web3, enabling secure, transparent, and tamper-proof transactions. Blockchain also facilitates the use of cryptocurrencies and NFTs (non-fungible tokens), which are integral to the Web3 economy. Smart contracts, enabled by blockchain, allow for trustless and automated transactions, reducing the need for intermediaries.
Community and Collaboration: Web3 emphasizes community-driven development and governance. Users actively participate in shaping the platforms and applications they use, often through decentralized autonomous organizations (DAOs). This collaborative approach empowers users to have a say in the direction of their online communities and the features they value.
Semantic Web: Web3 incorporates the concept of the semantic web, where data is given well-defined meanings, enabling better understanding and interpretation by machines. This enhances search capabilities, knowledge generation, and problem-solving, making the web more intelligent and contextually aware.
Advanced App Interfaces: Web3 will usher in more advanced and multidimensional app interfaces. For example, a mapping service could not only provide location search but also offer route planning, lodging suggestions, and real-time traffic updates, all within a single platform.

Benefits of Web3:

Enhanced Privacy and Security: By removing central points of failure and control, Web3 reduces the risk of data breaches and enhances user privacy. Blockchain technology further secures user information and transactions.
Greater User Control: Web3 gives users the power to control their digital lives, including their data, content, and online identities. This control extends to monetization opportunities, allowing users to directly benefit from their online activities.
Incentivized Participation: Web3 encourages active participation and contribution to online communities. Users can be incentivized through various mechanisms, such as token rewards, governance rights, or direct financial gains, fostering a more engaged and invested user base.
Open and Accessible: Web3 technologies are designed to be open and accessible to all, lowering barriers to entry and promoting inclusivity. This democratization of the web has the potential to unlock innovation and creativity on a global scale.

Challenges and Criticisms:

While Web3 offers a promising vision for the future of the internet, it also faces several challenges and criticisms.

Adoption and Usability: One of the key challenges for Web3 is widespread adoption and making these technologies user-friendly. Blockchain and cryptocurrency, for instance, are still considered complex and intimidating by many, requiring a shift in user understanding and behavior.
Regulatory and Legal Issues: The decentralized nature of Web3 presents regulatory challenges, particularly concerning governance, taxation, and legal jurisdictions. Establishing clear frameworks for these new online communities and economic models will be essential.
Centralization Concerns: Despite the decentralized ideals of Web3, there are concerns about the potential for centralization within certain platforms or blockchain networks. This could lead to the creation of new gatekeepers and power structures, undermining the very principles Web3 aims to uphold.
Environmental Impact: The energy consumption and environmental impact of blockchain technology, particularly proof-of-work consensus mechanisms, have been criticized. As Web3 gains traction, addressing these concerns through more sustainable practices will be crucial.

Conclusion:

Web3 represents a significant shift in the way we conceive of and interact with the internet, offering a decentralized, user-owned, and community-driven vision for the future. While challenges and uncertainties remain, the potential benefits of Web3 are vast, promising a more open, secure, and equitable online experience. As we move forward, it is essential to carefully consider the implications of this new web paradigm and work towards realizing its positive potential while mitigating the risks and challenges along the way.

INTRODUCTION TO WEBSITE HACKING

Samihan — Wed, 05 Jun 2024 23:47:14 +0000

SQL Injection

SQL Injection is a malicious web vulnerability, a dark art that allows attackers to manipulate the very heart of your application – its database. By interfering with the queries your application makes, attackers can view, modify, or even delete your precious data. And if that's not enough, they might even be able to take full control of your application, leaving you with a smoldering mess.

Comments in SQL programming, those quiet little notes developers leave in the code, can become weapons in the hands of these attackers. Ignored by the compiler or interpreter, comments usually go unnoticed, but in the wrong hands, they can be used to exploit vulnerabilities and wreak havoc.

Take a look at this innocent-looking code snippet:

SELECT * FROM users WHERE username = 'admin'-- 'AND password = 'haha';

Here, the attacker has added a comment -- to bypass the password check, effectively granting them access with just the username. It's a simple yet powerful technique, and there are many more like it in the SQL Injection Payload List on GitHub. A treasure trove of malicious techniques awaits at: https://github.com/payloadbox/sql-injection-payload-list

Local File Inclusion (LFI) & Remote File Inclusion (RFI)

Now, let's move on to another devious trick up an attacker's sleeve: Local File Inclusion (LFI). With LFI, attackers trick the server into including local files stored on it. This gives them access to sensitive files and sometimes even lets them execute their own code. It's like giving a burglar the keys to your house and showing them where you hide your valuables.

Websites that dynamically include files based on user input are particularly vulnerable to LFI attacks, especially if they don't sanitize and validate that input properly. Content management systems, forums, and web applications with file inclusion features are common targets for these malicious intruders.

But wait, there's more! Remote File Inclusion (RFI) takes it a step further. With RFI, attackers include files from external sources, executing malicious code hosted on their own servers. It's like letting the burglar bring their own tools to break into your safe.

The Many Faces of Website Defacement

Website defacement, the act of altering a website's content or appearance without authorization, is a common goal of attackers. Here are some of the ways they can achieve this:

Admin Login Pages: Locating the admin login portal and gaining unauthorized access to alter website content.
LFI/RFI: Including and executing local or remote files to inject malicious scripts or replace files, ultimately changing website content.
SQL Injection: Injecting malicious SQL commands to modify or delete database entries, thereby altering website content.
Cross-Site Scripting (XSS): Injecting malicious scripts into web pages viewed by users, displaying altered content or redirecting them to malicious pages.
Server-Side Request Forgery (SSRF): Exploiting internal services and making the server perform unauthorized requests to gain control and modify website content.
DDoS Attack: Overloading a website with traffic to make it unavailable, indirectly affecting site functionality.

And there's more where that came from. Server-Side Template Injection (SSTI) and Directory Traversal are just a couple of other tricks attackers use to manipulate website content and execute server-side commands.

Attacks Targeting Visitors, Not Websites

Not all attacks are aimed at defacing websites. Some target the visitors themselves:

DNS Spoofing (DNS Cache Poisoning): Altering DNS records to redirect unsuspecting users from a legitimate site to a malicious one.
Cross-Site Request Forgery (CSRF): Tricking authenticated users into performing actions on a web application without their consent, such as transferring money to an attacker's account.

The world of website hacking is a treacherous one, full of pitfalls and dangers. But fear not, for knowledge is power. By understanding these threats, we can fortify our defenses and keep our digital kingdoms safe.

And if you're feeling adventurous, you can even set up your own vulnerable website to practice your hacking skills. Just remember, with great power comes great responsibility. Use these skills wisely, young padawan.