SQLite or PostgreSQL? It’s Complicated!

Miguel Grinberg, a Principal Software Engineer for Technical Content at Twilio, writes in a blog post: We take blogging very seriously at Twilio. To help us understand what content works well and what doesn’t on our blog, we have a dashboard that combines the metadata that we maintain for each article such as author, team, product, publication date, etc., with traffic information from Google Analytics. Users can interactively request charts and tables while filtering and grouping the data in many different ways. I chose SQLite for the database that supports this dashboard, which in early 2021 when I built this system, seemed like a perfect choice for what I thought would be a small, niche application that my teammates and I can use to improve our blogging. But almost a year and a half later, this application tracks daily traffic for close to 8000 articles across the Twilio and SendGrid blogs, with about 6.5 million individual daily traffic records, and with a user base that grew to over 200 employees.

At some point I realized that some queries were taking a few seconds to produce results, so I started to wonder if a more robust database such as PostgreSQL would provide better performance. Having publicly professed my dislike of performance benchmarks, I resisted the urge to look up any comparisons online, and instead embarked on a series of experiments to accurately measure the performance of these two databases for the specific use cases of this application. What follows is a detailed account of my effort, the results of my testing (including a surprising twist!), and my analysis and final decision, which ended up being more involved than I expected. […] If you are going to take one thing away from this article, I hope it is that the only benchmarks that are valuable are those that run on your own platform, with your own stack, with your own data, and with your own software. And even then, you may need to add custom optimizations to get the best performance.

Read more of this story at Slashdot.

Berlin Builds a Giant Thermos to Help Heat Homes This Winter

The Associated Press reports on a massive new 150-foot (45-meter) tower going up in Berlin — just to hold 56 million liters (14.8 million gallons) of hot water that “will help heat Berlin homes this winter even if Russian gas supplies dry up…”

“[T]he new facility unveiled Thursday at Vattenfall’s Reuter power station will hold water brought to almost boiling temperature using electricity from solar and wind power plants across Germany. During periods when renewable energy exceeds demand the facility effectively acts as a giant battery, though instead of storing electricity it stores heat…”

“It’s a huge thermos that helps us to store the heat when we don’t need it,” said Tanja Wielgoss, who heads the Sweden-based company’s heat unit in Germany. “And then we can release it when we need to use it…. Sometimes you have an abundance of electricity in the grids that you cannot use anymore, and then you need to turn off the wind turbines,” said Wielgoss. “Where we are standing we can take in this electricity.”

The 50-million-euro ($52 million) facility will have a thermal capacity of 200 Megawatts — enough to meet much of Berlin’s hot water needs during the summer and about 10% of what it requires in the winter. The vast, insulated tank can keep water hot for up to 13 hours, helping bridge short periods when there’s little wind or sun….

Berlin’s top climate official, Bettina Jarasch, said the faster such heat storage systems are built, the better. “Due to its geographic location the Berlin region is even more dependent on Russian fossil fuels than other parts of Germany,” she told The Associated Press. “That’s why we’re really in a hurry here.”
“While it will be Europe’s biggest heat storage facility when it’s completed at the end of this year, an even bigger one is already being planned in the Netherlands.”

Read more of this story at Slashdot.

As TikTok Promises US Servers, FCC Commissioner Remains Critical of Data Privacy

On Tuesday Brendan Carr, a commissioner on America’s Federal Communications Commission,warned on Twitter that TikTok, owned by China-based company ByteDance, “doesn’t just see its users dance videos:
It collects search and browsing histories, keystroke patterns, biometric identifiers, draft messages and metadata, plus it has collected the text, images, and videos that are stored on a device’s clipboard. Tiktok’s pattern of misrepresentations coupled with its ownership by an entity beholden to the Chinese Community Party has resulted in U.S. military branches and national security agencies banning it from government devices…. The CCP has a track record longer than a CVS receipt of conducting business & industrial espionage as well as other actions contrary to U.S. national security, which is what makes it so troubling that personnel in Beijing are accessing this sensitive and personnel data.

Today CNN interviewed Carr, while also bringing viewers an update. TikTok’s China-based employees accessed data on U.S. TikTok users, BuzzFeed had reported — after which TikTok announced it intends to move backup data to servers in the U.S., allowing them to eventually delete U.S. data from their servers. But days later Republican Senator Blackburn was still arguing to Bloomberg that “Americans need to know if they are on TikTok, communist China has their information.”

And FCC commissioner Carr told CNN he remains suspicious too:
Carr: For years TikTok has been asked directly by U.S. lawmakers, ‘Is any information, any data, being accessed by personnel back in Beijing?’ And rather than being forthright and saying ‘Yes, and here’s the extent of it and here’s why we don’t think it’s a problem,’ they’ve repeatedly said ‘All U.S. user data is stored in the U.S.,” leaving people with the impression that there’s no access…. This recent bombshell reporting from BuzzFeed shows at least some of the extent to which massive amounts of data has allegedy been going back to Beijing.

And that’s a problem, and not just a national security problem. But to me it looks like a violation of the terms of the app store, and that’s why I wrote a letter to Google and Apple saying that they should remove TikTok and boot them out of the app store… I’ve left them until July 8th to give me a response, so we’ll see what they say. I look forward to hearing from them. But there’s precedence for this. Before when applications have taken data surreptitiously and put it in servers in China or otherwise been used for reasons other than servicing the application itself, they have booted them from the app store. And so I would hope that they would just apply the plain terms of their policy here.

When CNN points out the FCC doesn’t have jurisdiction over social media, Carr notes “speaking for myself as one member” they’ve developed “expertise in terms of understanding how the CCP can effectively take data and infiltrate U.S. communications’ networks. And he points out that the issue is also being raised by Congressional hearings and by Republican and Democrat Senators signing joint letters together, so “I’m just one piece of a broader federal effort that’s looking at the very serious risks that come from TikTok.”
Carr: At the end of the day, it functions as sophisticated surveillance tool that is harvesting vast amounts of data on U.S. users. And I think TikTok should answer point-blank, has any CCP member obtained non-public user data or viewed it. Not to answer with a dodge, and say they’ve never been asked for it or never received a request. Can they say no, no CCP member has ever seen non-public U.S. user data.
Carr’s appearance was followed by an appearance by TikTok’s VP and head of public policy for the Americas. But this afternoon Carr said on Twitter that TikTok’s response contradicted its own past statements:

Today, a TikTok exec said it was “simply false” for me to say that they collect faceprints, browsing history, & keystroke patterns.

Except, I was quoting directly from TikTok’s own disclosures.

TikTok’s concerning pattern of misrepresentations about U.S. user data continues.
toay

Read more of this story at Slashdot.

How Bug Bounty Platform HackerOne Handled Its Own ‘Internal Threat’ Actor

Bug bounty platform HackerOne has “a steadfast commitment to disclosing security incidents,” according to a new blog post, “because we believe that sharing security information far and wide is essential to building a safer internet.”

But now they’ve had an incident of their own:
On June 22nd, 2022, a customer asked us to investigate a suspicious vulnerability disclosure made outside of the HackerOne platform. The submitter of this off-platform disclosure reportedly used intimidating language in communication with our customer. Additionally, the submitter’s disclosure was similar to an existing disclosure previously submitted through HackerOne… Upon investigation by the HackerOne Security team, we discovered a then-employee had improperly accessed security reports for personal gain. The person anonymously disclosed this vulnerability information outside the HackerOne platform with the goal of claiming additional bounties.

This is a clear violation of our values, our culture, our policies, and our employment contracts. In under 24 hours, we worked quickly to contain the incident by identifying the then-employee and cutting off access to data. We have since terminated the employee, and further bolstered our defenses to avoid similar situations in the future. Subject to our review with counsel, we will also decide whether criminal referral of this matter is appropriate.

The blog post includes a detailed timeline of HackerOne’s investigation. (They remotely locked the laptop, later taking possession of it for analysis, along with reviewing all data accessed “during the entirety of their two and a half months of employment” and notification of seven customers “known or suspected to be in contact with threat actor.”)

“We are confident the insider access is now contained,” the post concludes — outlining how they’ll respond and the lessons learned. “We are happy that our previous investments in logging enabled an expedient investigation and response…. To ensure we can proactively detect and prevent future threats, we are adding additional employees dedicated to insider threats that will bolster detection, alerting, and response for business operations that require human access to disclosure data….”

“We are allocating additional engineering resources to invest further in internal models designed to identify anomalous access to disclosure data and trigger proactive investigative responses…. We are planning additional simulations designed to continuously evaluate and improve our ability to effectively resist insider threats.”

Read more of this story at Slashdot.

How the Higgs Boson Particle Ruined Peter Higgs’s Life

93-year-old Peter Higgs was awarded a Nobel Prize nine years ago after the Large Hadron Collider experiments finally confirmed of the existence Higgs boson particles he’d predicted back in 1964. “This discovery was a seminal moment in human culture,” says physicist Frank Close, who’s written the new book Elusive: How Peter Higgs Solved the Mystery of Mass .

But Scientific American reports there’s more to the story:
For years, the significance of the prediction was lost on most scientists, including Higgs himself. But gradually it became clear that the Higgs boson was not just an exotic sideshow in the particle circus but rather the main event. The particle and its associated Higgs field turned out to be responsible for giving all other particles mass and, in turn, creating the structure of galaxies, stars and planets that define our universe and enable our species… Yet the finding, however scientifically thrilling, pushed a press-shy Peter Higgs into the public eye. When he shared the Nobel Prize in Physics the next year, Higgs left his home in Edinburgh and camped out at a pub across town on the day of the announcement so the prize committee wouldn’t be able to reach him.

Physicist Close shares more details in an interview with Scientific American:

Close: One of the biggest shocks I had when I was interviewing him was when he said the discovery of the boson “ruined [his] life.” I thought, “How can it ruin your life when you have done some beautiful mathematics, and then it turns out you had mysteriously touched on the pulse of nature, and everything you’ve believed in has been shown to be correct, and you’ve won a Nobel Prize? How can these things amount to ruin?” He said, “My relatively peaceful existence was ending. My style is to work in isolation and occasionally have a bright idea.” He is a very retiring person who was being thrust into the limelight.

That, to my mind, is why Peter Higgs the person is still elusive to me even though I’ve known him for 40 years…

Higgs had spent two to three years really trying to understand a particular problem. And because he had done that hard work and was still trying to deepen his understanding of this very profound concept, when a paper turned up on his desk posing a related question, Higgs happened to have the answer because of the work he’d done. He sometimes says, “I’m primarily known for three weeks of my life.” I say, “Yes, Peter, but you spent two years preparing for that moment.”

Q: The discovery of the Higgs boson came nearly 50 years after Higgs’s prediction, and he said he never expected it to be found in his lifetime. What did it mean to him that the particle was finally detected?

He said to me that his first reaction was one of relief that it was indeed confirmed. At that moment he knew [the particle existed] after all, and he felt a profound sense of being moved that that was really the way it was in nature — and then panic that his life was going to change.

Read more of this story at Slashdot.