KYC Data API India

Experience seamless KYC compliance in India through our robust Data API. Ensure swift, secure verifications with confidence. Elevate your standards today.

Here’s the third exciting installment in my series about backing up one Tumblr post that absolutely no one asked for. The previous updates are linked here.

Previously on Tumblr API Hell

Some blogs returned 404 errors. After investigating with Allie's help, it turns out it’s not a sideblog issue — it’s a privacy setting. It pleases me that Tumblr's rickety API respects the word no.

Also, shoutout to the one line of code in my loop that always broke when someone reblogged without tags. Fixed it.

What I got working:

Tags added during reblogs of the post

Any added commentary (what the blog actually wrote)

Full post metadata so I can extract other information later (ie. outside the loop)

New questions I’m trying to answer:

While flailing around in the JSON trying to figure out which blog added which text (because obviously Tumblr’s rickety API doesn’t just tell you), I found that all the good stuff lives in a deeply nested structure called trail. It splits content into HTML chunks — but there’s no guarantee about order, and you have to reconstruct it yourself.

Here’s a stylized diagram of what trail looks like in the JSON list (which gets parsed as a data frame in R):

I started wondering:

Can I use the trail to reconstruct a version tree to see which path through the reblog chain was the most influential for the post?

This would let me ask:

Which version of the post are people reblogging?

Does added commentary increase the chance it gets reblogged again?

Are some blogs “amplifiers” — their version spreads more than others?

It’s worth thinking about these questions now — so I can make sure I’m collecting the right information from Tumblr’s rickety API before I run my R code on a 272K-note post.

Summary

Still backing up one post. Just me, 600+ lines of R code, and Tumblr’s API fighting it out at a Waffle House parking lot. The code’s nearly ready — I’m almost finished testing it on an 800-note post before trying it on my 272K-note Blaze post. Stay tuned… Zero fucks given?

If you give zero fucks about my rickety API series, you can block my data science tag, #a rare data science post, or #tumblr's rickety API. But if we're mutuals then you know how it works here - you get what you get. It's up to you to curate your online experience. XD

DeepSeek, Compromis de o Breșă Majoră de Securitate: Peste un Milion de Conversații Expuse Online

🚨 Un nou scandal de securitate zguduie lumea AI: DeepSeek, startup-ul chinez care a provocat neliniște pe burse la începutul săptămânii, a fost prins într-un incident grav de securitate. O bază de date neprotejată a fost descoperită expusă online, permițând accesul neautorizat la peste un milion de conversații private între utilizatori și chatbot-ul său, alături de informații tehnice…

How the IP Proxies API Solves Highly Concurrent Requests

With the rapid growth of Internet services and applications, organizations and developers are facing increasing challenges in handling highly concurrent requests. To ensure the efficient operation of the system, API interface becomes an essential tool. Especially when dealing with highly concurrent requests, Rotating IP Proxies API interfaces provide strong support for organizations. Today we'll take a deeper look at the role of the Rotating IP Proxies API and how it can help organizations solve the problems associated with high concurrency.

What is the Rotating IP Proxies API interface?

Rotating IP Proxies API interface is a kind of interface that provides users with network proxy services by means of Rotating IP address allocation. It can schedule IP addresses in different geographic locations in real time according to demand, which not only helps users to access anonymously, but also improves the efficiency of data collection, avoids IP blocking, and even carries out operations such as anti-crawler protection.

With the Rotating IP Proxies API, organizations can easily assign IP addresses from a large number of different regions to ensure continuous and stable online activity. For example, when conducting market research that requires frequent visits to multiple websites, the Rotating IP Proxies API ensures that IPs are not blocked due to too frequent requests.

Challenges posed by highly concurrent requests

Excessive server pressure

When a large number of users request a service at the same time, the load on the server increases dramatically. This can lead to slower server responses or even crashes, affecting the overall user experience.

IP ban risk

If an IP address sends out frequent requests in a short period of time, many websites will regard these requests as malicious behavior and block the IP. such blocking will directly affect normal access and data collection.

These issues are undoubtedly a major challenge for Internet applications and enterprises, especially when performing large-scale data collection, where a single IP may be easily blocked, thus affecting the entire business process.

How the Rotating IP Proxies API solves these problems

Decentralization of request pressure

One of the biggest advantages of the Rotating IP Proxies API is its ability to decentralize requests to different servers by constantly switching IP addresses. This effectively reduces the burden on individual servers, decreasing the stress on the system while improving the stability and reliability of the service.

Avoid IP blocking

Rotating IP addresses allows organizations to avoid the risk of blocking due to frequent requests. For example, when crawling and market monitoring, the use of Rotating IP Proxies can avoid being recognized by the target website as a malicious attack, ensuring that the data collection task can be carried out smoothly.

Improved efficiency of data collection

Rotating IP Proxies API not only avoids blocking, but also significantly improves the efficiency of data capture. When it comes to tasks that require frequent requests and grabbing large amounts of data, Rotating IP Proxies APIs can speed up data capture, ensure more timely data updates, and further improve work efficiency.

Protecting user privacy

Rotating IP Proxies APIs are also important for scenarios where user privacy needs to be protected. By constantly changing IPs, users' online activities can remain anonymous, reducing the risk of personal information leakage. Especially when dealing with sensitive data, protecting user privacy has become an important task for business operations.

How to Effectively Utilize the Rotating IP Proxies API

Develop a reasonable IP scheduling strategy

An effective IP scheduling strategy is the basis for ensuring the efficient operation of the Rotating Proxies API. Enterprises should plan the frequency of IP address replacement based on actual demand and Porfiles to avoid too frequent IP switching causing system anomalies or being recognized as abnormal behavior.

Optimize service performance

Regular monitoring and optimization of service performance, especially in the case of highly concurrent requests, can help enterprises identify and solve potential problems in a timely manner. Reasonable performance optimization not only improves the speed of data collection, but also reduces the burden on the server and ensures stable system operation.

Choosing the Right Proxies

While Rotating IP Proxies APIs can offer many advantages, choosing a reliable service provider is crucial. A good service provider will not only be able to provide high-quality IP resources, but also ensure the stability and security of the service.

In this context, Proxy4Free Residential Proxies service can provide a perfect solution for users. As a leading IP proxy service provider, Proxy4Free not only provides high-speed and stable proxy services, but also ensures a high degree of anonymity and security. This makes Proxy4Free an ideal choice for a wide range of business scenarios such as multinational market research, advertisement monitoring, price comparison and so on.

Proxy4Free Residential Proxies have the following advantages:

Unlimited traffic and bandwidth: Whether you need to perform a large-scale data crawling or continuous market monitoring you don't need to worry about traffic limitations.

30MB/S High-speed Internet: No matter what part of the world you are in, you can enjoy extremely fast Proxies connection to ensure your operation is efficient and stable.

Global Coverage: Provides Proxies IP from 195 countries/regions to meet the needs of different geographic markets.

High anonymity and security: Proxies keep your privacy safe from malicious tracking or disclosure and ensure that your data collection activities are not interrupted.

With Proxy4Free Residential Proxies, you can flexibly choose the appropriate IP scheduling policy according to your needs, effectively spreading out the pressure of requests and avoiding the risk of access anomalies or blocking due to frequent IP changes. In addition, you can monitor and optimize service performance in real time to ensure efficient data collection and traffic management.

Click on the link to try it out now!

concluding remarks

The role of Rotating IP Proxies API interface in solving highly concurrent requests cannot be ignored. It can not only disperse the request pressure and avoid IP blocking, but also improve the efficiency of data collection and protect user privacy. When choosing a Proxies service provider, enterprises should make a comprehensive assessment from the quality of IP pool, interface support and service stability. Reasonable planning of IP scheduling strategies and optimization of service performance will help improve system stability and reliability, ensuring that enterprises can efficiently and safely complete various online tasks.

Conectando uma Aplicação Spring Boot com Banco de Dados MySQL

O que é o Spring Boot e como ele facilita o desenvolvimento de aplicações Java O Spring Boot é uma extensão do popular framework Spring, projetado para simplificar o processo de desenvolvimento de aplicações Java. Ele elimina a necessidade de configurações complexas e torna o processo de desenvolvimento mais rápido e eficiente. Com Spring Boot, você pode criar aplicações prontas para produção…

"Artists have finally had enough with Meta’s predatory AI policies, but Meta’s loss is Cara’s gain. An artist-run, anti-AI social platform, Cara has grown from 40,000 to 650,000 users within the last week, catapulting it to the top of the App Store charts.

Instagram is a necessity for many artists, who use the platform to promote their work and solicit paying clients. But Meta is using public posts to train its generative AI systems, and only European users can opt out, since they’re protected by GDPR laws. Generative AI has become so front-and-center on Meta’s apps that artists reached their breaking point.

“When you put [AI] so much in their face, and then give them the option to opt out, but then increase the friction to opt out… I think that increases their anger level — like, okay now I’ve really had enough,” Jingna Zhang, a renowned photographer and founder of Cara, told TechCrunch.

Cara, which has both a web and mobile app, is like a combination of Instagram and X, but built specifically for artists. On your profile, you can host a portfolio of work, but you can also post updates to your feed like any other microblogging site.

Zhang is perfectly positioned to helm an artist-centric social network, where they can post without the risk of becoming part of a training dataset for AI. Zhang has fought on behalf of artists, recently winning an appeal in a Luxembourg court over a painter who copied one of her photographs, which she shot for Harper’s Bazaar Vietnam.

“Using a different medium was irrelevant. My work being ‘available online’ was irrelevant. Consent was necessary,” Zhang wrote on X.

Zhang and three other artists are also suing Google for allegedly using their copyrighted work to train Imagen, an AI image generator. She’s also a plaintiff in a similar lawsuit against Stability AI, Midjourney, DeviantArt and Runway AI.

“Words can’t describe how dehumanizing it is to see my name used 20,000+ times in MidJourney,” she wrote in an Instagram post. “My life’s work and who I am—reduced to meaningless fodder for a commercial image slot machine.”

Artists are so resistant to AI because the training data behind many of these image generators includes their work without their consent. These models amass such a large swath of artwork by scraping the internet for images, without regard for whether or not those images are copyrighted. It’s a slap in the face for artists – not only are their jobs endangered by AI, but that same AI is often powered by their work.

“When it comes to art, unfortunately, we just come from a fundamentally different perspective and point of view, because on the tech side, you have this strong history of open source, and people are just thinking like, well, you put it out there, so it’s for people to use,” Zhang said. “For artists, it’s a part of our selves and our identity. I would not want my best friend to make a manipulation of my work without asking me. There’s a nuance to how we see things, but I don’t think people understand that the art we do is not a product.”

This commitment to protecting artists from copyright infringement extends to Cara, which partners with the University of Chicago’s Glaze project. By using Glaze, artists who manually apply Glaze to their work on Cara have an added layer of protection against being scraped for AI.

Other projects have also stepped up to defend artists. Spawning AI, an artist-led company, has created an API that allows artists to remove their work from popular datasets. But that opt-out only works if the companies that use those datasets honor artists’ requests. So far, HuggingFace and Stability have agreed to respect Spawning’s Do Not Train registry, but artists’ work cannot be retroactively removed from models that have already been trained.

“I think there is this clash between backgrounds and expectations on what we put on the internet,” Zhang said. “For artists, we want to share our work with the world. We put it online, and we don’t charge people to view this piece of work, but it doesn’t mean that we give up our copyright, or any ownership of our work.”"

Read the rest of the article here:

https://techcrunch.com/2024/06/06/a-social-app-for-creatives-cara-grew-from-40k-to-650k-users-in-a-week-because-artists-are-fed-up-with-metas-ai-policies/

Too big to care

I'm on tour with my new, nationally bestselling novel The Bezzle! Catch me in BOSTON with Randall "XKCD" Munroe (Apr 11), then PROVIDENCE (Apr 12), and beyond!

Remember the first time you used Google search? It was like magic. After years of progressively worsening search quality from Altavista and Yahoo, Google was literally stunning, a gateway to the very best things on the internet.

Today, Google has a 90% search market-share. They got it the hard way: they cheated. Google spends tens of billions of dollars on payola in order to ensure that they are the default search engine behind every search box you encounter on every device, every service and every website:

https://pluralistic.net/2023/10/03/not-feeling-lucky/#fundamental-laws-of-economics

Not coincidentally, Google's search is getting progressively, monotonically worse. It is a cesspool of botshit, spam, scams, and nonsense. Important resources that I never bothered to bookmark because I could find them with a quick Google search no longer show up in the first ten screens of results:

https://pluralistic.net/2024/02/21/im-feeling-unlucky/#not-up-to-the-task

Even after all that payola, Google is still absurdly profitable. They have so much money, they were able to do a $80 billion stock buyback. Just a few months later, Google fired 12,000 skilled technical workers. Essentially, Google is saying that they don't need to spend money on quality, because we're all locked into using Google search. It's cheaper to buy the default search box everywhere in the world than it is to make a product that is so good that even if we tried another search engine, we'd still prefer Google.

This is enshittification. Google is shifting value away from end users (searchers) and business customers (advertisers, publishers and merchants) to itself:

https://pluralistic.net/2024/03/05/the-map-is-not-the-territory/#apor-locksmith

And here's the thing: there are search engines out there that are so good that if you just try them, you'll get that same feeling you got the first time you tried Google.

When I was in Tucson last month on my book-tour for my new novel The Bezzle, I crashed with my pals Patrick and Teresa Nielsen Hayden. I've know them since I was a teenager (Patrick is my editor).

We were sitting in his living room on our laptops – just like old times! – and Patrick asked me if I'd tried Kagi, a new search-engine.

Teresa chimed in, extolling the advanced search features, the "lenses" that surfaced specific kinds of resources on the web.

I hadn't even heard of Kagi, but the Nielsen Haydens are among the most effective researchers I know – both in their professional editorial lives and in their many obsessive hobbies. If it was good enough for them…

I tried it. It was magic.

No, seriously. All those things Google couldn't find anymore? Top of the search pile. Queries that generated pages of spam in Google results? Fucking pristine on Kagi – the right answers, over and over again.

That was before I started playing with Kagi's lenses and other bells and whistles, which elevated the search experience from "magic" to sorcerous.

The catch is that Kagi costs money – after 100 queries, they want you to cough up $10/month ($14 for a couple or $20 for a family with up to six accounts, and some kid-specific features):

https://kagi.com/settings?p=billing_plan&plan=family

I immediately bought a family plan. I've been using it for a month. I've basically stopped using Google search altogether.

Kagi just let me get a lot more done, and I assumed that they were some kind of wildly capitalized startup that was running their own crawl and and their own data-centers. But this morning, I read Jason Koebler's 404 Media report on his own experiences using it:

https://www.404media.co/friendship-ended-with-google-now-kagi-is-my-best-friend/

Koebler's piece contained a key detail that I'd somehow missed:

When you search on Kagi, the service makes a series of “anonymized API calls to traditional search indexes like Google, Yandex, Mojeek, and Brave,” as well as a handful of other specialized search engines, Wikimedia Commons, Flickr, etc. Kagi then combines this with its own web index and news index (for news searches) to build the results pages that you see. So, essentially, you are getting some mix of Google search results combined with results from other indexes.

In other words: Kagi is a heavily customized, anonymized front-end to Google.

The implications of this are stunning. It means that Google's enshittified search-results are a choice. Those ad-strewn, sub-Altavista, spam-drowned search pages are a feature, not a bug. Google prefers those results to Kagi, because Google makes more money out of shit than they would out of delivering a good product:

https://www.theverge.com/2024/4/2/24117976/best-printer-2024-home-use-office-use-labels-school-homework

No wonder Google spends a whole-ass Twitter every year to make sure you never try a rival search engine. Bottom line: they ran the numbers and figured out their most profitable course of action is to enshittify their flagship product and bribe their "competitors" like Apple and Samsung so that you never try another search engine and have another one of those magic moments that sent all those Jeeves-askin' Yahooers to Google a quarter-century ago.

One of my favorite TV comedy bits is Lily Tomlin as Ernestine the AT&T operator; Tomlin would do these pitches for the Bell System and end every ad with "We don't care. We don't have to. We're the phone company":

https://snltranscripts.jt.org/76/76aphonecompany.phtml

Speaking of TV comedy: this week saw FTC chair Lina Khan appear on The Daily Show with Jon Stewart. It was amazing:

https://www.youtube.com/watch?v=oaDTiWaYfcM

The coverage of Khan's appearance has focused on Stewart's revelation that when he was doing a show on Apple TV, the company prohibited him from interviewing her (presumably because of her hostility to tech monopolies):

https://www.thebignewsletter.com/p/apple-got-caught-censoring-its-own

But for me, the big moment came when Khan described tech monopolists as "too big to care."

What a phrase!

Since the subprime crisis, we're all familiar with businesses being "too big to fail" and "too big to jail." But "too big to care?" Oof, that got me right in the feels.

Because that's what it feels like to use enshittified Google. That's what it feels like to discover that Kagi – the good search engine – is mostly Google with the weights adjusted to serve users, not shareholders.

Google used to care. They cared because they were worried about competitors and regulators. They cared because their workers made them care:

https://www.vox.com/future-perfect/2019/4/4/18295933/google-cancels-ai-ethics-board

Google doesn't care anymore. They don't have to. They're the search company.

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2024/04/04/teach-me-how-to-shruggie/#kagi

using LLMs to control a game character's dialogue seems an obvious use for the technology. and indeed people have tried, for example nVidia made a demo where the player interacts with AI-voiced NPCs:

this looks bad, right? like idk about you but I am not raring to play a game with LLM bots instead of human-scripted characters. they don't seem to have anything interesting to say that a normal NPC wouldn't, and the acting is super wooden.

so, the attempts to do this so far that I've seen have some pretty obvious faults:

relying on external API calls to process the data (expensive!)

presumably relying on generic 'you are xyz' prompt engineering to try to get a model to respond 'in character', resulting in bland, flavourless output

limited connection between game state and model state (you would need to translate the relevant game state into a text prompt)

responding to freeform input, models may not be very good at staying 'in character', with the default 'chatbot' persona emerging unexpectedly. or they might just make uncreative choices in general.

AI voice generation, while it's moved very fast in the last couple years, is still very poor at 'acting', producing very flat, emotionless performances, or uncanny mismatches of tone, inflection, etc.

although the model may generate contextually appropriate dialogue, it is difficult to link that back to the behaviour of characters in game

so how could we do better?

the first one could be solved by running LLMs locally on the user's hardware. that has some obvious drawbacks: running on the user's GPU means the LLM is competing with the game's graphics, meaning both must be more limited. ideally you would spread the LLM processing over multiple frames, but you still are limited by available VRAM, which is contested by the game's texture data and so on, and LLMs are very thirsty for VRAM. still, imo this is way more promising than having to talk to the internet and pay for compute time to get your NPC's dialogue lmao

second one might be improved by using a tool like control vectors to more granularly and consistently shape the tone of the output. I heard about this technique today (thanks @cherrvak)

third one is an interesting challenge - but perhaps a control-vector approach could also be relevant here? if you could figure out how a description of some relevant piece of game state affects the processing of the model, you could then apply that as a control vector when generating output. so the bridge between the game state and the LLM would be a set of weights for control vectors that are applied during generation.

this one is probably something where finetuning the model, and using control vectors to maintain a consistent 'pressure' to act a certain way even as the context window gets longer, could help a lot.

probably the vocal performance problem will improve in the next generation of voice generators, I'm certainly not solving it. a purely text-based game would avoid the problem entirely of course.

this one is tricky. perhaps the model could be taught to generate a description of a plan or intention, but linking that back to commands to perform by traditional agentic game 'AI' is not trivial. ideally, if there are various high-level commands that a game character might want to perform (like 'navigate to a specific location' or 'target an enemy') that are usually selected using some other kind of algorithm like weighted utilities, you could train the model to generate tokens that correspond to those actions and then feed them back in to the 'bot' side? I'm sure people have tried this kind of thing in robotics. you could just have the LLM stuff go 'one way', and rely on traditional game AI for everything besides dialogue, but it would be interesting to complete that feedback loop.

I doubt I'll be using this anytime soon (models are just too demanding to run on anything but a high-end PC, which is too niche, and I'll need to spend time playing with these models to determine if these ideas are even feasible), but maybe something to come back to in the future. first step is to figure out how to drive the control-vector thing locally.

Here’s another exciting update on backing up one Tumblr post that absolutely no one asked for. So, you want the tags from your post too?

Recall, I got R code working to download all the notes (likes, reblogs, replies) from a single Tumblr post. Today’s task? Pulling the tags people added when they reblogged it.

And naturally, Tumblr said: Fuck you, API user.

New issues I ran into:

The tags aren’t included in the normal /notes API call. Of course they’re not.

To get tags, I had to collect all the post IDs from reblogs and make a separate API call for each one.

Tumblr still doesn’t give you everything, but this gets a lot closer.

Some reblogs return 404 errors. Why?

Is it a blog's privacy setting?

Can the API even see sideblogs (versus primary blogs)?

Some other mysterious Tumblr nonsense?

If you’re following along at home, here’s an important tip:

To actually extract the tags from the API response, remember that the post data is embedded in the JSON structure as a data frame, not a list. If you treat it like a list, your code will quietly fail — no error, no warning, just nothing. You might not care, but I sure did.

So, backing up my one post is going great, thanks for asking — it’s only taken 500 lines of code so far. Why isn't everyone doing this? XD

All this talk about Tumblr disappearing and how we should export our blogs.

Writing R code to download all the notes from ONE Tumblr post has been an irritating adventure.

The main problems:

The API only gives you ~50 notes per call - no pagination, no offset, no “get everything” option. Tumblr: Fuck you, API user.

You’re limited to 300 API calls per minute.

Even if you respect that limit, Tumblr will still get cranky and start throwing 429 “Too Many Requests” errors.

When you reach the end of a post’s notes, the API just… repeats the last note forever instead of stopping.

There’s no reliable way to know when you’ve hit the end unless you build that check yourself.

Tags and added text from reblogs are a completely separate part of the API - not included with the likes, reblogs, and replies you get from the /notes endpoint. Why? Tumblr: Fuck you, API user.

Did I mention that the API is a rickety piece of shit? It forced me to get a bit creative. I built a loop that steps backward in time using timestamps to get around the lack of pagination. Since the API only gives you the most recent ~50 notes, I had to manually request older and older notes, one batch at a time - with built-in retries, cooldowns, and rate-aware pacing to avoid getting blocked.

My script works now. It politely crawls back through thousands of notes, exits cleanly when it hits the end, and saves everything to a CSV file.

Was it worth it? Eh.

One of my pet peeves in robot fiction is AIs using HUDs or GUIs to interact with its own systems. Those are graphical user interfaces. They're for humans. Robots aren't users; they are the computer. They don't need that. Even if the AI is purely software and has no native integration with the hardware, it would use an API (application program interface), which is still just straight code.

A robot wouldn't get a pop-up saying low battery, nor would it have to close it. They would experience it like a human. The robot would be alerted in the same way a human just becomes aware of the sensation of itching or hunger: you're always processing data and now there's a new type of data which is different. And the way it would dismiss the alert would be to just decide to do nothing about it.

Problems can occur when 1) the signal interrupts other processes and the error must be addressed before other processes can continue, but for whatever reason the error can't be fixed, or 2) the signal is non interrupting, but it's being sent so repeatedly/frequently that it floods the incoming data queue.

Palantir, the software company cofounded by Peter Thiel, is part of an effort by Elon Musk’s so-called Department of Government Efficiency (DOGE) to build a new “mega API” for accessing Internal Revenue Service records, IRS sources tell WIRED.

For the past three days, DOGE and a handful of Palantir representatives, along with dozens of career IRS engineers, have been collaborating to build a single API layer above all IRS databases at an event previously characterized to WIRED as a “hackathon,” sources tell WIRED. Palantir representatives have been onsite at the event this week, a source with direct knowledge tells WIRED.

APIs are application programming interfaces, which enable different applications to exchange data and could be used to move IRS data to the cloud and access it there. DOGE has expressed an interest in the API project possibly touching all IRS data, which includes taxpayer names, addresses, social security numbers, tax returns, and employment data. The IRS API layer could also allow someone to compare IRS data against interoperable datasets from other agencies.

Should this project move forward to completion, DOGE wants Palantir’s Foundry software to become the “read center of all IRS systems,” a source with direct knowledge tells WIRED, meaning anyone with access could view and have the ability to possibly alter all IRS data in one place. It’s not currently clear who would have access to this system.

Foundry is a Palantir platform that can organize, build apps, or run AI models on the underlying data. Once the data is organized and structured, Foundry’s “ontology” layer can generate APIs for faster connections and machine learning models. This would allow users to quickly query the software using artificial intelligence to sort through agency data, which would require the AI system to have access to this sensitive information.

Engineers tasked with finishing the API project are confident they can complete it in 30 days, a source with direct knowledge tells WIRED.

Palantir has made billions in government contracts. The company develops and maintains a variety of software tools for enterprise businesses and government, including Foundry and Gotham, a data-analytics tool primarily used in defense and intelligence. Palantir CEO Alex Karp recently referenced the “disruption” of DOGE’s cost-cutting initiatives and said, “Whatever is good for America will be good for Americans and very good for Palantir.” Former Palantir workers have also taken over key government IT and DOGE roles in recent months.

WIRED was the first to report that the IRS’s DOGE team was staging a “hackathon” in Washington, DC, this week to kick off the API project. The event started Tuesday morning and ended Thursday afternoon. A source in the room this week explained that the event was “very unstructured.” On Tuesday, engineers wandered around the room discussing how to accomplish DOGE’s goal.

A Treasury Department spokesperson, when asked about Palantir's involvement in the project, said “there is no contract signed yet and many vendors are being considered, Palantir being one of them.”

“The Treasury Department is pleased to have gathered a team of long-time IRS engineers who have been identified as the most talented technical personnel. Through this coalition, they will streamline IRS systems to create the most efficient service for the American taxpayer," a Treasury spokesperson tells WIRED. "This week, the team participated in the IRS Roadmapping Kickoff, a seminar of various strategy sessions, as they work diligently to create efficient systems. This new leadership and direction will maximize their capabilities and serve as the tech-enabled force multiplier that the IRS has needed for decades.”

The project is being led by Sam Corcos, a health-tech CEO and a former SpaceX engineer, with the goal of making IRS systems more “efficient,” IRS sources say. In meetings with IRS employees over the past few weeks, Corcos has discussed pausing all engineering work and canceling current contracts to modernize the agency’s computer systems, sources with direct knowledge tell WIRED. Corcos has also spoken about some aspects of these cuts publicly: “We've so far stopped work and cut about $1.5 billion from the modernization budget. Mostly projects that were going to continue to put us down the death spiral of complexity in our code base,” Corcos told Laura Ingraham on Fox News in March. Corcos is also a special adviser to Treasury Secretary Scott Bessent.

Palantir and Corcos did not immediately respond to requests for comment

The consolidation effort aligns with a recent executive order from President Donald Trump directing government agencies to eliminate “information silos.” Purportedly, the order’s goal is to fight fraud and waste, but it could also put sensitive personal data at risk by centralizing it in one place. The Government Accountability Office is currently probing DOGE’s handling of sensitive data at the Treasury, as well as the Departments of Labor, Education, Homeland Security, and Health and Human Services, WIRED reported Wednesday.

EAH Not Server Based Game but kinda Sorta Server Based Game update 26/4/2025

I've been working on getting the game playable for 8 months. Here's what I've figured out since I last did an update post:

OK, so a complete (?) list of reasons the game doesn't work:

It's trying to connect to YouTube's API to play videos in the game. YouTube has been updated a couple of times since 2015, so much like trying to talk to your former best friend at your high-school reunion, neither of you has any idea how to connect to each other.

It's trying to connect to Facebook's API so it can save/log in data. Facebook isn't even called Facebook anymore, so again, it's freaking out

It's trying to connect to Google+ to log in/save data. Google+ doesn't exist anymore

And the biggest problem: A majority of the app is built on the assumption that you have GMS installed. This is a fair assumption. So, why is it in the problem category?

Well,

GMS (Google Mobile Services) is a fun bundle of APKs that come pre-installed on most Android devices. This basically means that if you go down to Best Buy and pick up a Google Pixel 9, it'll have hidden system apps on it that basically handle things like notifications or, say, wifi connectivity. So, if you're a mobile developer and decide you'd really like to have your app send notifications to user, but you don't want to reinvent the metaphorical wheel of sending notifications, you just have your app talk to the system apps already on your user's phone and tell them to send notifications.

Now you may see where I'm going with this.

GMS is just a collection of APKs, and APKs need to be replaced with a different one if you want to update it. Naturally, Google really wants to update the structure a majority of Android apps function on for security or to collect more data on Android users.

The eah game is running on the assumption that GMS from a decade is installed on the user's device. And it's not just in charge of ads, microtranactions, notifications, or logging in. IT'S RESPONIBLE FOR GESTURES AND SEVERAL EVENT TRIGGERS AND ANIMATIONS.

In the games' current state, to get basic functions working like responding to tapping the screen and loading mini games, we need GMS from about a decade ago.

To get the game working, there are 2 options:

Just kinda start launching the version of the game that works the best with different versions of Jellybean (Android 5) era GMS APKs installed and hope of them works

Rebuild the game to not rely on any GMS or modern GMS

Can you guess which one I'm gonna try first?

(Sidenote, I'm very adverse to completely rebuilding the games because 1, that'd be a giant project, and 2, I want to keep as much of the original game intact as possible.)

Progress:

Okay so the authentication for spotify is hard for me to understand and requires user authentication, then making a token request that while expire in an hour. So i focused on what I did know how to do and what I had access to token wise. The Spotify developer home page has a temporary access token for demos. I took that token and made a function to make get request to the API and two functions for top tracks and top artists. Then made some functions to print them in my terminal. Here is what my end product looked like in the terminal.

The data for tracks is proving to just show a years worth of listening even though I specified long_term in my get request.

Here is my code:

I tried just doing track.artist but Spotify handles that as multiple artists so I had to handle them as such.

Next Steps: Tackling the user authentication and token requests and including it in this code.

(Also yes I know that is a concerning amount of My Chemical Romance tracks. I had my MCR phase strike up again with a passion last October and I am still balls deep in it.)

More on the Automattic mess from my pals at 404 Media:

We still do not know the answers to all of these questions, because Automattic has repeatedly ignored our detailed questions, will not get on the phone with us, and has instead chosen to frame a new opt-out feature as “protecting user choice.” We are at the point where individual Automattic employees are posting clarifications on their personal Mastodon accounts about what data is and is not included.  The truth is that Automattic has been selling access to this “firehose” of posts for years, for a variety of purposes. This includes selling access to self-hosted blogs and websites that use a popular plugin called Jetpack; Automattic edited its original “protecting user choice” statement this week to say it will exclude Jetpack from its deals with “select AI companies.” These posts have been directly available via a data partner called SocialGist, which markets its services to “social listening” companies, marketing insights firms, and, increasingly, AI companies. Tumblr has its own Firehose, and Tumblr posts are available via SocialGist as well.  Almost every platform has some sort of post “firehose,” API, or way of accessing huge amounts of user posts. Famously, Twitter and Reddit used to give these away for free. Now they do not, and charging access for these posts has become big business for those companies. This is just to say that the existence of Automattic’s firehose is not anomalous in an internet ecosystem that trades on data. But this firehose also means that the average user doesn’t and can’t know what companies are getting direct access to their posts, and what they’re being used for.

This story goes deeper than the current situation.

"In the age of smart fridges, connected egg crates, and casino fish tanks doubling as entry points for hackers, it shouldn’t come as a surprise that sex toys have joined the Internet of Things (IoT) party.

But not all parties are fun, and this one comes with a hefty dose of risk: data breaches, psychological harm, and even physical danger.

Let’s dig into why your Bluetooth-enabled intimacy gadget might be your most vulnerable possession — and not in the way you think.

The lure of remote-controlled intimacy gadgets isn’t hard to understand. Whether you’re in a long-distance relationship or just like the convenience, these devices have taken the market by storm.

According to a 2023 study commissioned by the U.K.’s Department for Science, Innovation, and Technology (DSIT), these toys are some of the most vulnerable consumer IoT products.

And while a vibrating smart egg or a remotely controlled chastity belt might sound futuristic, the risks involved are decidedly dystopian.

Forbes’ Davey Winder flagged the issue four years ago when hackers locked users into a chastity device, demanding a ransom to unlock it.

Fast forward to now, and the warnings are louder than ever. Researchers led by Dr. Mark Cote found multiple vulnerabilities in these devices, primarily those relying on Bluetooth connectivity.

Alarmingly, many of these connections lack encryption, leaving the door wide open for malicious third parties.

If you’re picturing some low-stakes prank involving vibrating gadgets going haywire, think again. The risks are far graver.

According to the DSIT report, hackers could potentially inflict physical harm by overheating a device or locking it indefinitely. Meanwhile, the psychological harm could stem from sensitive data — yes, that kind of data — being exposed or exploited.

A TechCrunch exposé revealed that a security researcher breached a chastity device’s database containing over 10,000 users’ information. That was back in June, and the manufacturer still hasn’t addressed the issue.

In another incident, users of the CellMate connected chastity belt reported hackers demanding $750 in bitcoin to unlock devices. Fortunately, one man who spoke to Vice hadn’t been wearing his when the attack happened. Small mercies, right?

These aren’t isolated events. Standard Innovation Corp., the maker of the We-Vibe toy, settled for $3.75 million in 2017 after it was discovered the device was collecting intimate data without user consent.

A sex toy with a camera was hacked the same year, granting outsiders access to its live feed.

And let’s not forget: IoT toys are multiplying faster than anyone can track, with websites like Internet of Dongs monitoring the surge.

If the thought of a connected chastity belt being hacked makes you uneasy, consider this: sex toys are just a small piece of the IoT puzzle.

There are an estimated 17 billion connected devices worldwide, ranging from light bulbs to fitness trackers — and, oddly, smart egg crates.

Yet, as Microsoft’s 2022 Digital Defense Report points out, IoT security is lagging far behind its software and hardware counterparts.

Hackers are opportunistic. If there’s a way in, they’ll find it. Case in point: a casino lost sensitive customer data after bad actors accessed its network through smart sensors in a fish tank.

If a fish tank isn’t safe, why would we expect a vibrating gadget to be?

Here’s where the frustration kicks in: these vulnerabilities are preventable.

The DSIT report notes that many devices rely on unencrypted Bluetooth connections or insecure APIs for remote control functionality.

Fixing these flaws is well within the reach of manufacturers, yet companies routinely fail to prioritize security.

Even basic transparency around data collection would be a step in the right direction. Users deserve to know what’s being collected, why, and how it’s protected. But history suggests the industry is reluctant to step up.

After all, if companies like Standard Innovation can get away with quietly siphoning off user data, why would smaller players bother to invest in robust security?

So, what’s a smart-toy enthusiast to do? First, ask yourself: do you really need your device to be connected to an app?

If the answer is no, then maybe it’s best to go old school. If remote connectivity is a must, take some precautions.

Keep software updated: Ensure both the device firmware and your phone’s app are running the latest versions. Updates often include critical security patches.

Use secure passwords: Avoid default settings and choose strong, unique passwords for apps controlling your devices.

Limit app permissions: Only grant the app the bare minimum of permissions needed for functionality.

Vet the manufacturer: Research whether the company has a history of addressing security flaws. If they’ve been caught slacking before, it’s a red flag.

The conversation around sex toy hacking isn’t just about awkward headlines — it’s about how we navigate a world increasingly dependent on connected technology. As devices creep further into every corner of our lives, from the bedroom to the kitchen, the stakes for privacy and security continue to rise.

And let’s face it: there’s something uniquely unsettling about hackers turning moments of intimacy into opportunities for exploitation.

If companies won’t take responsibility for protecting users, then consumers need to start asking tough questions — and maybe think twice before connecting their pleasure devices to the internet.

As for the manufacturers? The message is simple: step up or step aside.

No one wants to be the next headline in a tale of hacked chastity belts and hijacked intimacy. And if you think that’s funny, just wait until your light bulb sells your Wi-Fi password.

This is where IoT meets TMI. Stay connected, but stay safe."

https://thartribune.com/government-warns-couples-that-sex-toys-remain-a-tempting-target-for-hackers-with-the-potential-to-be-weaponized/

what’s some feedback staff has received and implemented? how’s the process there work?

some big ones i can think of:

we brought back replies (lol)

we fixed the video player (lol)

we built 1:1 direct messaging

we built group chat (lol)

we made it easier to share tumblr posts outside of tumblr

we built Blaze so people can advertise their posts on tumblr

we built Post+ and Tipping so people can monetize their blogs

we rebuilt new user onboarding to emphasize following tags and blogs

we built ad-free and other things you can buy to support tumblr

we brought down load times of the apps from 3 seconds or more down to below a second

we had built a lot of little experimental features in Tumblr Labs, and we're building more in the new Tumblr Labs team

we fix bugs every day, big and small

the process depends on what kind of feedback you're talking about:

a bunch of us on staff are using tumblr all day every day so we naturally see feedback circulating around the community. this is a lot less actionable than you'd think, which is why we encourage people to send in actual feedback via our Support form.

our support folks are reading every support request that comes in

those requests generally make it to one of two places: either it's a bug/glitch and gets filed as a bug report (or added to one if there already was one) or gets added to feedback about a feature for further consideration

we hold weekly bug triage meetings to prioritize those bugs in a big queue for engineers to work on, or send them directly to teams to address

if it's feedback about a specific feature, like one that just launched or changed, the feedback gets funneled to the people working on it for consideration

and this probably isn't the kind of "feedback" you meant, but we also keep an eye on hundreds of pieces of data moving daily/weekly/quarterly/yearly to spot trends in behavior and action on the platform across the millions of people using tumblr. we run A/B tests and experiments as a means of gathering quantitative feedback.

and there's a lot more that contributes as "feedback" that informs what we work on. market data, trends in the social media ecosystem, product development practices, hack days/weeks internally, how our public API is used... there's a lot of feedback in the system, way more than any one person can handle.