In July 2024, we launched a Vulnerability Disclosure Program (VDP) on HackerOne.

Customers and researchers were already reporting bugs informally. So, we needed a proper channel.

So we set it up. First as a private program, then public.

<h2>
 
 
 What it brought us
</h2>

Over a year: 200 reports → 11 valid → 0 critical

And yet, it was worth it.

We fixed minor, mostly theoretical issues, making our systems more predictable and processes sharper.

Reports stopped landing in the support chat and were directed through a single channel, providing developers with the right context from day one.

HackerOne’s Triage was essential: most reports were low-effort or AI-generated. Without it, we’d have wasted time on noise.

<h2>
 
 
 What didn’t happen
</h2>

We didn’t find any serious vulnerabilities. 

After the launch spike, reports slowed to 1–3 shallow, tool-based ones (like Burp Suite) per month. Once the low-hanging fruit was gone, nothing new appeared.

<h2>
 
 
 Why we stopped paying
</h2>

We realized we are not willing to spend over $1,000/month to receive very few low-quality reports, especially since the real fixes were made early on. The subscription did its job.

We now run a simpler <a href="https://ishosting.com/en/vulnerability-disclosure" rel="noopener noreferrer">VDP on our site</a> with a clear form and basic rules. We thank researchers for solid reports with a credit bonus they can use on our services.

<h2>
 
 
 But wait, weren’t we expecting real research?
</h2>

It would be naive to expect a full-on security audit from volunteers. We don’t blame researchers for low-effort reports. Public VDPs are built that way.

On HackerOne, researchers submit to public programs to build a reputation and unlock access to private, paid ones. That means volume over quality.

That’s why we don’t recommend starting with bug bounties. You’ll mostly get noise, and without a dedicated security team and budget, it’s easy to get overwhelmed.

Have you ever heard of “high-quality reports in the first 48 hours”? We didn’t see that at all.

<h2>
 
 
 What we’d tell others
</h2>

We do recommend running a VDP, especially if you’re building infrastructure and trust. But we’d suggest starting with:

<ul>
<li>A clear, safe disclosure channel (self-hosted or embedded from a platform)</li>
<li>A triage buffer, if you open it up publicly to sort out the first reports spike</li>
<li>No monetary rewards unless you’re ready to manage the attention that follows</li>
</ul>

Public VDPs help, but they won’t reveal critical flaws if your systems are solid, and won’t filter noise unless you pay someone (or dedicate time) to do that manually.

In our case, we confirmed what we hoped: our infrastructure is resilient, our approach works, and our customers can trust the platform they’re using.

<h2>
 
 
 One more thing
</h2>

When we were considering HackerOne, we couldn't find stories like this. There were landing pages, vague claims, and many hacker success stories. Is there some secret place where companies share their side of bug bounty?

If you're in the same place now, deciding how to approach security disclosure and whether it's worth the time and money, we hope this helps.

This story was first <a href="https://www.linkedin.com/pulse/planning-bug-bounty-vdp-heres-everything-i-wish-we-knew-misha-malikin-wb8uf/?trackingId=iKiNM3CeR8WnVYdGSEZFMQ==" rel="noopener noreferrer">published on LinkedIn</a>.

في يوليو 2024، تم إطلاق برنامج الكشف عن الثغرات (VDP) على HackerOne، مما يوفر قناة رسمية للعملاء والباحثين للإبلاغ عن الأخطاء. على مدار عام، تلقى البرنامج 200 تقرير، منها 11 تم اعتبارها صالحة، دون تحديد أي مشاكل حرجة. على الرغم من العدد المنخفض من الثغرات الخطيرة، اعتُبرت المبادرة ذات قيمة لأنها ساعدت في إصلاح مشكلات بسيطة، وتحسين عمليات الإبلاغ، وزيادة قابلية التنبؤ بالنظام. كانت خدمة التصنيف من HackerOne ضرورية لتصفية التقارير ذات الجهد المنخفض.

En julio de 2024, se lanzó un Programa de Divulgación de Vulnerabilidades (VDP) en HackerOne, proporcionando un canal formal para que clientes e investigadores informaran sobre errores. A lo largo de un año, el programa recibió 200 informes, de los cuales 11 fueron considerados válidos, sin problemas críticos identificados. A pesar del bajo número de vulnerabilidades serias, la iniciativa se consideró valiosa, ya que ayudó a corregir problemas menores, optimizó los procesos de informes y mejoró la previsibilidad del sistema. El servicio de triage de HackerOne fue crucial para filtrar informes …

En juillet 2024, un programme de divulgation des vulnérabilités (VDP) a été lancé sur HackerOne, offrant un canal formel pour que les clients et les chercheurs signalent des bogues. Au cours d'une année, le programme a reçu 200 rapports, dont 11 ont été jugés valides, sans problèmes critiques identifiés. Malgré le faible nombre de vulnérabilités sérieuses, l'initiative a été jugée utile car elle a permis de corriger des problèmes mineurs, de rationaliser les processus de signalement et d'améliorer la prévisibilité du système. Le service de triage de HackerOne a joué un rôle crucial dans le fil…

In July 2024, a Vulnerability Disclosure Program (VDP) was launched on HackerOne, providing a formal channel for customers and researchers to report bugs. Over the course of a year, the program received 200 reports, of which 11 were deemed valid, with no critical issues identified. Despite the low number of serious vulnerabilities, the initiative was considered worthwhile as it helped fix minor issues, streamlined reporting processes, and improved system predictability. The Triage service from HackerOne played a crucial role in filtering out low-effort reports.

200 reports, 11 valid bugs, 0 critical issues. Why our HackerOne VDP was still worth it

The story of the Ghost in the Shell’s main villain the Puppet Master hinted at a future where governments use hackers for espionage, at a time when most of the world had never connected to the internet.

الأنمي الكلاسيكي 'Ghost in the Shell' يقدم شخصية Puppet Master، التي تتنبأ بمستقبل تستخدم فيه الحكومات القراصنة للتجسس. ظهرت هذه التنبؤات في وقت كانت فيه غالبية سكان العالم لم تتصل بعد بالإنترنت، مما يبرز رؤية العرض لمشكلات الأمن السيبراني.

El clásico anime 'Ghost in the Shell' presenta al Puppet Master, un personaje que anticipa un futuro en el que los gobiernos utilizan hackers para el espionaje. Esta predicción surgió en un momento en que la mayoría de la población mundial aún no estaba conectada a Internet, destacando la previsión del programa sobre los problemas de ciberseguridad.

L'anime classique 'Ghost in the Shell' présente le Puppet Master, un personnage qui préfigure un avenir où les gouvernements utilisent des hackers pour l'espionnage. Cette prédiction est survenue à une époque où la majorité de la population mondiale n'était pas encore connectée à Internet, soulignant la prévoyance de l'émission concernant les problèmes de cybersécurité.

The classic anime 'Ghost in the Shell' features the Puppet Master, a character that foreshadows a future where governments utilize hackers for espionage. This prediction emerged at a time when the majority of the global population had yet to connect to the internet, highlighting the show's foresight regarding cybersecurity issues.

How the classic anime ‘Ghost in the Shell’ predicted the future of cybersecurity 30 years ago

Text-to-image diffusion models have become the workhorses of generative imaging. They can paint photorealistic scenes, mimic art styles, and blend concepts in ways that were science fiction a few years ago. Yet they stumble embarrassingly on a skill that even small children master: basic spatial reasoning.

Ask a state-of-the-art model for “a dog to the right of a teddy bear” and you often get:

<ul>
<li>The dog on the left</li>
<li>One of the objects missing</li>
<li>Or a bizarre hybrid where dog and teddy are fused into a single creature</li>
</ul>

<a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F49rtb08366xdl284o4z0.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F49rtb08366xdl284o4z0.jpg" alt=" " width="800" height="532"></a>

These failures become more severe for unusual compositions like “a giraffe above an airplane”. Traditional fixes range from expensive fine-tuning to brittle, hand-written loss functions at inference time—but both options come with significant downsides.

NVIDIA’s Learn-to-Steer framework (accepted to WACV 2026) proposes a different path: instead of hard-coding spatial rules or retraining the entire model, it learns a data-driven objective that can “steer” diffusion at inference time. The method reads the model’s own cross-attention maps, trains a lightweight classifier to detect spatial relations, and then uses that classifier’s gradient as a learned loss to nudge the generation towards layouts that match the prompt.

In this blog, we’ll unpack:

<ul>
<li>What makes spatial reasoning so fragile in current diffusion models</li>
<li>How Learn-to-Steer learns spatial constraints from the model itself</li>
<li>How it steers images during generation without changing model weights</li>
<li>The top gains on spatial benchmarks like GenEval and T2I-CompBench</li>
<li>The trade-offs in compute cost and generality, and what this implies for future generative systems</li>
</ul>

<h1>
 
 
 Why Spatial Reasoning Fails in Text-to-Image Diffusion
</h1>

<h2>
 
 
 What Makes Spatial Relations So Difficult for Diffusion Models?
</h2>

Modern diffusion models (e.g., Stable Diffusion, Flux) are excellent at what should appear in an image—objects, styles, textures—but much less reliable at where those objects should be.

Several factors contribute:

<h3>
 
 
 Weak supervision of spatial language
</h3>

<ul>
<li>Training data rarely comes with precise annotations like “object A is left of object B”.
</li>
<li>Captions often describe content loosely, so phrases like “on top of” or “to the right of” are under-specified.</li>
</ul>

<h3>
 
 
 Entangled visual concepts
</h3>

<ul>
<li>When two objects frequently co-occur, models may treat them as a single visual blob.</li>
<li>This leads to object fusion, where a “cat on a bookshelf” becomes a cat-bookshelf chimera.</li>
</ul>

<h3>
 
 
 Benchmark saturation without spatial coverage
</h3>

<ul>
<li>Many standard text-to-image benchmarks emphasize realism and style, not relational accuracy.</li>
<li>Models can score highly while still being spatially confused.</li>
</ul>

Empirical studies confirm three recurring failure modes on spatial benchmarks:

<ul>
<li>Incorrect placement: Objects appear in the wrong relative position.</li>
<li>Missing entities: One or more requested objects never appear.</li>
<li>Merged entities: Two objects get mashed into a single, incoherent form.</li>
</ul>

The model “knows” the objects you asked for, but it doesn’t reliably understand where to place them.

<h1>
 
 
 Why Fine-Tuning and Handcrafted Losses Are Not Enough
</h1>

Two broad strategies have tried to patch this gap:

<h2>
 
 
 Fine-tuning for spatial awareness
</h2>

<ul>
<li>Retrain the diffusion model on datasets with explicit layouts or spatial annotations.</li>
<li>Methods like COMPASS show that this can significantly improve spatial accuracy.</li>
<li>But this comes at a cost: expensive retraining, sensitivity to dataset bias, and often regressions in other capabilities such as color fidelity or counting.</li>
</ul>

<h2>
 
 
 Handcrafted test-time losses
</h2>

<ul>
<li>At inference, inject extra loss terms that penalize spatial errors (e.g., overlapping activation maps, incorrect ordering).</li>
<li>These losses must be manually designed to approximate relations like “left of” or “above”.</li>
<li>In practice, these heuristics are fragile, often over-fitting simple cases and failing on more complex layouts.</li>
</ul>

In short, we’ve lacked a solution that is:

<ul>
<li>Data-driven rather than rule-based</li>
<li>Plug-and-play at inference time (no full retraining)</li>
<li>Targeted enough to improve spatial reasoning without damaging other strengths</li>
</ul>

This is where Learn-to-Steer enters.

<h1>
 
 
 How Learn-to-Steer Works: Data-Driven Steering at Inference
</h1>

<h2>
 
 
 How Cross-Attention Maps Provide a Spatial Signal
</h2>

During diffusion, at each denoising step, the model computes cross-attention maps that connect text tokens to image regions. For a prompt like “a dog to the right of a teddy bear”, you can think of:

<ul>
<li>One set of attention maps for “dog”</li>
<li>Another set for “teddy bear”</li>
<li>Additional context around words like “right” or “of”</li>
</ul>

These maps form a rich, high-dimensional signal describing where in the image the model currently believes each word should manifest. Prior work has used cross-attention to locate objects or edit images; Learn-to-Steer goes further by treating them as a feature space in which spatial relations can be learned.

<h2>
 
 
 How a Relation Classifier Becomes a Learned Loss
</h2>

The core idea of Learn-to-Steer is to train a small relation classifier that takes cross-attention maps for two objects and predicts the spatial relation between them (left-of, right-of, above, below, etc.).

The pipeline looks like this:

<h3>
 
 
 Collect supervision
</h3>

<ul>
<li>Use images where the true relation between object A and object B is known (from datasets like GQA and synthetic layouts).</li>
<li>For each image, invert it through the diffusion model with a descriptive prompt to recover cross-attention maps for the relevant tokens.</li>
</ul>

<a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fi9dbjsdc4c8yjz2r88k4.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fi9dbjsdc4c8yjz2r88k4.jpg" alt=" " width="800" height="446"></a>

<h3>
 
 
 Train a classifier on attention patterns
</h3>

<ul>
<li>Input: attention maps for object A and object B.</li>
<li>Output: predicted relation (e.g., “A is left of B”).</li>
</ul>

Naively, however, this leads to a subtle but serious issue: relation leakage.

<h2>
 
 
 How Dual Inversion Solves the “Relation Leakage” Problem
</h2>

If you always invert images with a correct prompt (e.g., “a dog to the left of a cat”), hints about the word “left” can leak into the attention patterns. A naïve classifier might then “cheat” by reading out linguistic artefacts instead of learning genuine visual geometry.

To prevent this, Learn-to-Steer uses a dual inversion strategy:

<ul>
<li>For each image with a true relation (say, dog left of cat), create two prompts:

<ul>
<li>A positive prompt with the correct relation (“dog to the left of a cat”).</li>
<li>A negative prompt with an incorrect relation (“dog above a cat”).</li>
</ul>


</li>

<li>Run inversion with both prompts, obtaining two sets of attention maps.</li>

<li>Label both sets with the true relation (left-of), because that is what the image actually depicts.</li>

</ul>

The classifier sees pairs of attention maps that share the same underlying geometry but differ in the relation words used in the prompt. To succeed, it must ignore the unreliable linguistic cue and zero in on the geometric evidence in the attention patterns. This breaks the leakage shortcut and yields a classifier that actually understands “left-of” in terms of where things appear in the model’s internal vision.

To improve robustness, NVIDIA combines:

<ul>
<li>Real images (complex, natural scenes)</li>
<li>Synthetic images (simpler, cleaner attention patterns akin to generation scenarios)</li>
</ul>

<h1>
 
 
 How Learn-to-Steer Guides Images During Generation
</h1>

<h2>
 
 
 Step-by-Step: From Prompt to Steered Latent
</h2>

Once the relation classifier is trained, Learn-to-Steer uses it at inference time as a learned objective:

<h3>
 
 
 Parse the spatial prompt
</h3>

<ul>
<li>Extract subject, relation, and object from the text (e.g., subject = dog, relation = right-of, object = teddy bear).</li>
</ul>

<h3>
 
 
 Run diffusion as usual—but with checkpoints
</h3>

<ul>
<li>As the model denoises latent noise into an image, periodically extract cross-attention maps for the subject and object tokens.</li>
</ul>

<h3>
 
 
 Evaluate spatial correctness
</h3>

<ul>
<li>Feed these maps into the relation classifier, which outputs a probability distribution over relations.</li>
<li>Compare this distribution to the desired relation from the prompt, and compute a loss (e.g., cross-entropy).</li>
</ul>

<h3>
 
 
 Backpropagate into the latent
</h3>

<ul>
<li>Compute the gradient of this loss with respect to the latent representation at that timestep.</li>
<li>Nudge the latent in the direction that increases the classifier’s confidence in the correct relation.</li>
</ul>

<h3>
 
 
 Continue the diffusion process
</h3>

<ul>
<li>Let the denoising proceed from the adjusted latent.</li>
<li>Repeat this steering a number of times (often during the earlier half of the diffusion steps).</li>
</ul>

<h2>
 
 
 Support for Multiple Architectures and Relations
</h2>

<a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F578a9bjc7gmtemh0jbsj.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F578a9bjc7gmtemh0jbsj.jpg" alt=" " width="800" height="477"></a>

A key advantage of Learn-to-Steer is that it’s architecture-agnostic:

<ul>
<li>It has been demonstrated on both UNet-based models (like Stable Diffusion 1.4/2.1) and MMDiT-style models (like Flux).</li>
<li>The only requirement is access to a text-image alignment signal (cross-attention or similar).</li>
</ul>

It can also handle prompts with multiple constraints, such as:

“A frog above a sneaker below a teapot.”

Here, Learn-to-Steer alternates attention between relations:

<ul>
<li>At one timestep, optimize the frog–sneaker relation.</li>
<li>At another, optimize the sneaker–teapot relation.</li>
</ul>

يهدف Learn-to-Steer من NVIDIA إلى معالجة قيد كبير في نماذج الانتشار من النص إلى الصورة، التي تعاني من ضعف في التفكير المكاني الأساسي. يمكن لهذه النماذج إنشاء صور فوتوغرافية واقعية، لكنها غالبًا ما تضع الأشياء في غير موضعها، مثل وضع كلب على اليسار بدلاً من اليمين بجانب دمية دب. تهدف هذه الخطوة إلى تحسين دقة الصور المولدة من خلال تعزيز الفهم المكاني.

El Learn-to-Steer de NVIDIA busca abordar una limitación significativa en los modelos de difusión de texto a imagen, que luchan con el razonamiento espacial básico. Estos modelos pueden crear imágenes fotorealistas, pero a menudo colocan mal los objetos en relación entre sí, como poner un perro a la izquierda de un oso de peluche en lugar de a la derecha. Este avance tiene como objetivo mejorar la precisión de las imágenes generadas al mejorar la comprensión espacial.

Le Learn-to-Steer de NVIDIA vise à résoudre une limitation importante des modèles de diffusion texte-image, qui ont du mal avec le raisonnement spatial de base. Ces modèles peuvent créer des images photoréalistes mais placent souvent mal les objets les uns par rapport aux autres, comme mettre un chien à gauche d'un ours en peluche au lieu de la droite. Cette avancée vise à améliorer l'exactitude des images générées en renforçant la compréhension spatiale.

NVIDIA's Learn-to-Steer is set to address a significant limitation in text-to-image diffusion models, which struggle with basic spatial reasoning. These models can create photorealistic images but often misplace objects in relation to one another, such as placing a dog to the left of a teddy bear instead of the right. This advancement aims to enhance the accuracy of generated images by improving spatial understanding.

What Is Learn-to-Steer? NVIDIA’s 2025 Spatial Fix for Text-to-Image Diffusion

The $5tn firm handily beat expectations, but analysts are awaiting projections for future demand for firm’s AI chipsNvidia shares are rising in after-market trading after the company posted third quarter earnings that beat Wall Street estimates. All eyes were on Nvidia, the bellwether for the AI industry and the most valuable publicly traded company in the world, as analysts and investors hoped the chipmaker’s third-quarter earnings would assuage concerns about whether the high-flying valuations of AI firms have peaked.“Blackwell sales are off the charts, and cloud GPUs are sold out,” said Jensen Huang, founder and CEO of Nvidia in a press release. “Compute demand keeps accelerating and compounding across training and inference – each growing exponentially. We’ve entered the virtuous cycle of AI. The AI ecosystem is scaling fast – with more new foundation model makers, more AI startups, across more industries, and in more countries. AI is going everywhere, doing everything, all at once.” <a href="https://www.theguardian.com/technology/2025/nov/19/nvidia-earning-report">Continue reading...</a>

تجاوزت شركة إنفيديا توقعات وول ستريت مع نتائجها للربع الثالث، مما أظهر طلبًا قويًا على شرائح الذكاء الاصطناعي الخاصة بها. ارتفعت أسهم الشركة في التداول بعد السوق، مما يعكس ثقة المستثمرين وسط مخاوف بشأن تقييم سوق الذكاء الاصطناعي. وأبرز الرئيس التنفيذي جينسن هوانغ مبيعات قياسية ونظامًا بيئيًا سريع التوسع في مجال الذكاء الاصطناعي، مما يشير إلى نظرة إيجابية لمستقبل الشركة.

Nvidia superó las expectativas de Wall Street con sus ganancias del tercer trimestre, mostrando una fuerte demanda por sus chips de IA. Las acciones de la compañía aumentaron en el comercio posterior al cierre, reflejando la confianza de los inversores en medio de preocupaciones sobre la valoración del mercado de IA. El CEO Jensen Huang destacó las ventas récord y un ecosistema de IA en rápida expansión, indicando una perspectiva positiva para el futuro de la empresa.

Nvidia a dépassé les attentes de Wall Street avec ses résultats du troisième trimestre, montrant une forte demande pour ses puces d'IA. Les actions de l'entreprise ont augmenté lors des échanges après la clôture, reflétant la confiance des investisseurs face aux préoccupations concernant la valorisation du marché de l'IA. Le PDG Jensen Huang a souligné des ventes record et un écosystème IA en pleine expansion, indiquant une perspective positive pour l'avenir de l'entreprise.

Nvidia exceeded Wall Street expectations with its third-quarter earnings, showcasing strong demand for its AI chips. The company's shares rose in after-market trading, reflecting investor confidence amid concerns about the AI market's valuation. CEO Jensen Huang highlighted record sales and a rapidly expanding AI ecosystem, indicating a positive outlook for the company's future.

‘AI is going everywhere, doing everything:’ Nvidia beats Wall Street estimates amid market selloff and AI bubble fears

The SanDisk ExtremeFit USB-C flash drive is barely three grams, but offers 1TB of external storage and impressive speeds.

I refused to believe this coin-sized gadget was a storage drive, until I tried it for myself

Swift 6.3 is bringing significant enhancements to Embedded Swift, the subset of Swift designed for resource-constrained environments like microcontrollers. Here's what's new:

<h2>
 
 
 Key Improvements
</h2>

<h3>
 
 
 Libraries &amp; Standard Library
</h3>

<ul>
<li>
Floating-point printing: The <code>description</code> and <code>debugDescription</code> properties now work for Float, Double, and other floating-point types with a new all-Swift implementation</li>
<li>
Better diagnostics: New <code>EmbeddedRestrictions</code> diagnostic group warns about unsupported language constructs</li>
<li>
Swift MMIO 0.1.x: Includes code generation from SVD files and improved debugging with SVD2LLDB plugin</li>
</ul>

<h3>
 
 
 C Interoperability
</h3>

<ul>
<li>
<code>@c</code> attribute: Define C-compatible functions and enums (from SE-0495)
</li>
</ul>

<div class="highlight js-code-highlight">
<pre class="highlight swift"><code>@c(MyLib_initialize)
public func initialize() { ... }
</code></pre>

</div>



<ul>
<li>
Improved type matching: Better tolerance for mismatching C signatures, eliminating cryptic deserialization errors</li>
</ul>

<h3>
 
 
 Debugging
</h3>

<ul>
<li>
Enhanced LLDB support: Better value printing for Embedded Swift types</li>
<li>
Core dump inspection: Dictionary, Array, and other common types now inspectable without a live process</li>
<li>
ARMv7m exception unwinding: Complete backtraces through exception frames</li>
</ul>

<h3>
 
 
 Linking &amp; Compilation
</h3>

<ul>
<li>
<code>@section</code> and <code>@used</code> attributes: Control where globals are emitted and ensure symbols aren't stripped (SE-0492)</li>
<li>
Weak symbol definitions: Fixes duplicate symbol errors in diamond dependencies</li>
<li>
<code>@export</code> attribute: Better control over function visibility (SE-0497)</li>
</ul>




Want to dive deeper? Read the <a href="https://www.swift.org/blog/embedded-swift-improvements-coming-in-swift-6.3/" rel="noopener noreferrer">full announcement</a> on Swift.org

تقدم Swift 6.3 تحسينات كبيرة على Embedded Swift، مما يعزز وظيفته في البيئات ذات الموارد المحدودة مثل المتحكمات الدقيقة. تشمل التحسينات الرئيسية قدرات جديدة لطباعة الأعداد العشرية، وتشخيصات أفضل مع مجموعة EmbeddedRestrictions، وإدخال Swift MMIO 0.1.x لتوليد الشيفرة وتصحيح الأخطاء.

Swift 6.3 presenta mejoras significativas en Embedded Swift, aumentando su funcionalidad para entornos con recursos limitados como microcontroladores. Las mejoras clave incluyen nuevas capacidades de impresión de números de punto flotante, mejores diagnósticos con el grupo EmbeddedRestrictions y la introducción de Swift MMIO 0.1.x para la generación de código y la depuración.

Swift 6.3 apporte des améliorations significatives à Embedded Swift, renforçant sa fonctionnalité pour les environnements à ressources limitées comme les microcontrôleurs. Les principales améliorations comprennent de nouvelles capacités d'impression de nombres à virgule flottante, de meilleurs diagnostics avec le groupe EmbeddedRestrictions, et l'introduction de Swift MMIO 0.1.x pour la génération de code et le débogage.

Swift 6.3 introduces significant upgrades to Embedded Swift, enhancing its functionality for resource-constrained environments like microcontrollers. Key improvements include new floating-point printing capabilities, better diagnostics with the EmbeddedRestrictions group, and the introduction of Swift MMIO 0.1.x for code generation and debugging.

Embedded Swift Gets Major Upgrades in Swift 6.3

<a href="https://www.techspot.com/news/110317-judge-dismisses-lawsuit-twice-due-alleged-deepfake-video.html" target="_blank"><img src="https://www.techspot.com/images2/news/ts3_thumbs/2025/11/2025-11-19-ts3_thumbs-252.jpg" width="800" height="560" style="padding: 15px 0" title="Judge dismisses lawsuit twice due to alleged deepfake video testimony" /></a> A California housing dispute is getting media attention over allegations that lawyers presented a deepfake video as witness testimony. NBC News reports that Judge Victoria Kolakowski became suspicious after the supposed witness showed signs that something was not right, including a monotone voice, fuzzy facial features, and repeated facial expressions.... <a href="https://www.techspot.com/news/110317-judge-dismisses-lawsuit-twice-due-alleged-deepfake-video.html">Read Entire Article</a>

تجذب نزاع سكني في كاليفورنيا الانتباه الإعلامي بعد ظهور مزاعم بأن المحامين قدموا فيديو مزيف كدليل شهود. أعربت القاضية فيكتوريا كولاكوفسكي عن شكوكها بشأن الفيديو، مشيرة إلى صوت الشاهد الأحادي، وملامح الوجه غير الواضحة، وتكرار التعبيرات. أدى ذلك إلى رفض الدعوى القضائية مرتين.

Una disputa de vivienda en California ha llamado la atención de los medios tras las alegaciones de que los abogados presentaron un video deepfake como testimonio. La jueza Victoria Kolakowski expresó su escepticismo sobre el video, señalando la voz monótona del testigo, rasgos faciales borrosos y expresiones repetitivas. Esto llevó al desestimado de la demanda en dos ocasiones.

Un litige immobilier en Californie suscite l'attention des médias après des allégations selon lesquelles des avocats auraient présenté une vidéo deepfake comme témoignage. La juge Victoria Kolakowski a exprimé des doutes sur la vidéo, notant la voix monotone du témoin, des traits faciaux flous et des expressions répétitives. Cela a conduit à l'annulation de la poursuite à deux reprises.

A California housing dispute has drawn attention after allegations surfaced that lawyers presented a deepfake video as witness testimony. Judge Victoria Kolakowski expressed skepticism about the video, noting the witness's monotone voice, unclear facial features, and repetitive expressions. This led to the dismissal of the lawsuit on two occasions.

Judge dismisses lawsuit twice due to alleged deepfake video testimony

<h1>
 
 
 AI Amnesia: Erasing Knowledge Without a Trace
</h1>

Imagine your AI model accidentally learned something it shouldn't have – sensitive customer data, for example. Current methods for deleting this information often require retraining the entire model, an expensive and time-consuming process. What if we could surgically remove that knowledge without starting from scratch?

The key lies in a novel approach: creating artificial "forgetting cues." We're teaching the model to unlearn specific data patterns by exposing it to carefully crafted synthetic examples. These examples are designed to strongly contradict the information we want the model to forget, effectively overwriting the problematic associations in its memory. This works even if you don’t have access to the original data you need to erase.

Think of it like this: you're trying to forget a bad song stuck in your head. Instead of trying to actively suppress it (which rarely works), you blast an even more catchy song. The new song overwrites the old one, effectively erasing it from your mental playlist.

Benefits of Selective Forgetting:

<ul>
<li> Enhanced Data Privacy: Remove sensitive data without compromising the overall model's performance.</li>
<li> Reduced Retraining Costs: Avoid full model retraining, saving significant time and resources.</li>
<li> Improved Model Security: Eliminate vulnerabilities introduced by unintentionally learned patterns.</li>
<li> Adaptable Learning: Enables continuous refinement of AI models based on evolving data landscapes.</li>
<li> Compliance Ready: Supports compliance with data privacy regulations like GDPR.</li>
<li> Scalable Solutions: Works efficiently even with limited access to training data.</li>
</ul>

Practical Tip: One challenge is ensuring the synthetic data accurately targets the information you want to remove without negatively impacting the model's ability to generalize. Rigorous testing and validation with holdout datasets are crucial.

The promise of AI that can truly 'forget' opens exciting possibilities for responsible AI development. By enabling precise data deletion, we pave the way for more secure, compliant, and adaptable machine learning systems. Imagine AI models that can adapt to changing ethical guidelines or quickly unlearn incorrect information, all without massive retraining efforts. This is a crucial step towards trustworthy and responsible AI that respects data privacy and aligns with societal values. Future exploration could include extending this to different data modalities and model architectures.

Related Keywords: machine unlearning, data privacy, few-shot learning, zero-shot learning, synthetic data, model editing, catastrophic forgetting, incremental learning, continual learning, deep learning, neural networks, data security, algorithmic fairness, responsible ai, ethical ai, federated unlearning, privacy-preserving ai, model retraining, AI governance, data deletion, GDPR compliance

يتناول المقال نهجًا جديدًا لمعالجة مشكلة نسيان الذكاء الاصطناعي، حيث قد تحتفظ نماذج الذكاء الاصطناعي عن غير قصد بمعلومات حساسة. تتطلب الطرق التقليدية لحذف هذه البيانات غالبًا إعادة تدريب كاملة للنموذج، وهو ما يعد مكلفًا ويستغرق وقتًا. تتضمن التقنية الجديدة إنشاء 'إشارات نسيان' اصطناعية تساعد النموذج على نسيان أنماط بيانات معينة من خلال تعريضه لأمثلة صناعية تتناقض مع المعلومات غير المرغوب فيها، مما يسمح بإزالة المعرفة المستهدفة دون الحاجة للوصول إلى البيانات الأصلية.

El artículo aborda un nuevo enfoque para tratar el problema de la amnesia de la IA, donde los modelos de IA pueden retener inadvertidamente información sensible. Los métodos tradicionales para eliminar estos datos a menudo requieren un reentrenamiento completo del modelo, lo que es costoso y lleva tiempo. La nueva técnica implica crear 'señales de olvido' artificiales que ayudan al modelo a desaprender patrones de datos específicos al exponerlo a ejemplos sintéticos que contradicen la información no deseada, permitiendo así la eliminación selectiva de conocimientos sin necesidad de acceder a l…

L'article traite d'une nouvelle approche pour résoudre le problème de l'amnésie de l'IA, où les modèles d'IA peuvent involontairement conserver des informations sensibles. Les méthodes traditionnelles pour supprimer ces données nécessitent souvent un réentraînement complet du modèle, ce qui est coûteux et long. La nouvelle technique consiste à créer des 'cues d'oubli' artificiels qui aident le modèle à désapprendre des schémas de données spécifiques en lui présentant des exemples synthétiques qui contredisent les informations indésirables, permettant ainsi une suppression ciblée des connaissan…

The article discusses a novel approach to address the issue of AI amnesia, where AI models may inadvertently retain sensitive information. Traditional methods for deleting such data often require complete retraining of the model, which is costly and time-consuming. The new technique involves creating artificial 'forgetting cues' that help the model unlearn specific data patterns by presenting it with synthetic examples that contradict the unwanted information, allowing for targeted knowledge removal without needing access to the original data.

AI Amnesia: Erasing Knowledge Without a Trace

🌐 IAM multi-cloud

Recientemente, varios de los principales proveedores de nube pública registraron interrupciones importantes:

<ul>
<li>GCP: 12 de junio de 2025.</li>
<li>AWS: 20 de octubre de 2025.</li>
<li>Azure: 29 de octubre de 2025.</li>
</ul>

Estos incidentes han llevado a muchas empresas a considerar una estrategia multi-cloud para reducir el riesgo de quedarse fuera de línea cuando un proveedor sufre una caída de servicio.

Entonces me surgió la siguiente pregunta: si una organización utiliza varias nubes a la vez (por ejemplo, AWS + Azure + Google Cloud), ¿cómo controla quién accede, de qué forma accede y qué puede hacer en cada una de ellas?

A esto se le conoce como Identity and Access Management (IAM), o Gestión de Identidad y Acceso.

Vamos paso por paso.




1. ¿Qué es una IDENTIDAD?

Una identidad es cualquier cosa que puede iniciar sesión en un sistema.

Por ejemplo:

<ul>
<li>Tú, como estudiante.</li>
<li>Un profesor.</li>
<li>Un robot de software / servicio (por ejemplo, un script que sube archivos).</li>
</ul>

Ejemplo: 
Piensa en la identidad como tu “usuario” en la universidad. 
Tú tienes un código de alumno que te identifica frente al sistema.



2. ¿Qué es AUTENTICACIÓN?

Es demostrar que eres tú. Formas comunes:

<ul>
<li>Contraseña</li>
<li>Huella</li>
<li>Token enviado por correo (2FA)</li>
</ul>

Ejemplo: 
Cuando ingresas a tu cuenta de Google, pones:

<ol>
<li>tu correo → identidad</li>
<li>tu clave → autenticación</li>
</ol>



3. ¿Qué es AUTORIZACIÓN?

Es qué puedes hacer una vez que entraste.

Por ejemplo:

<ul>
<li>“Solo leer archivos”</li>
<li>“Leer y escribir”</li>
<li>“Administrar todo”</li>
</ul>

Ejemplo: 
En la universidad:

<ul>
<li>Los alumnos pueden ver notas.</li>
<li>Los profesores pueden subir notas.</li>
<li>Coordinación puede cambiar las notas.</li>
</ul>



4. ¿Qué es IAM?

IAM = Identity + Authentication + Authorization.

<a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsg5lasnckgzvne67gylk.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsg5lasnckgzvne67gylk.png" alt="Diagrama IAM" width="800" height="355"></a>

Sirve para:

<ul>
<li>Crear usuarios</li>
<li>Dar permisos</li>
<li>Quitar permisos</li>
<li>Registrar qué hizo cada usuario</li>
</ul>

Ejemplo: 
El sistema académico crea tu usuario (identidad), te da clave (autenticación) y decide qué puedes ver (autorización).



5. ¿Qué pasa cuando hay VARIAS nubes?

Imagina que una empresa usa:

<ul>
<li>AWS para almacenar archivos</li>
<li>Azure para usuarios de oficina</li>
<li>Google Cloud para análisis de datos</li>
</ul>

Cada nube tiene su propio sistema IAM. 
Entonces, se vuelve complicado manejar muchos usuarios y permisos.

Ejemplo: 
Es como si tu universidad tuviera tres portales separados, cada uno con su usuario y su contraseña. Confuso y poco práctico.



6. ¿Cómo funciona el IAM en cada nube? 


<div class="highlight js-code-highlight">
<pre class="highlight plaintext"><code> ┌──────────────────┬──────────────────────┬─────────────────────┐
 │ AWS │ Azure │ GCP │
 └──────────────────┴──────────────────────┴─────────────────────┘
 │ │ │
 Roles + Policies Azure AD + RBAC IAM Roles
</code></pre>

</div>



🟦 AWS

Usa:

<ul>
<li>AWS IAM</li>
<li>Roles → permisos temporales</li>
<li>Policies (políticas) → reglas que dicen qué puedes hacer</li>
</ul>

Ejemplo:

<ul>
<li>Un rol que permite leer un bucket S3</li>
<li>Otro rol que permite lanzar máquinas EC2</li>
</ul>

🟩 Azure

Usa:

<ul>
<li>Azure Active Directory (Azure AD)</li>
<li>Roles RBAC (Role-Based Access Control)</li>
</ul>

Ejemplo:

<ul>
<li>Rol “Reader” solo ve datos</li>
<li>Rol “Contributor” puede modificar</li>
</ul>

🟥 Google Cloud

Usa:

<ul>
<li>Google Cloud IAM</li>
<li>IAM Roles (básicos, predefinidos y personalizados)</li>
</ul>

Ejemplo:

<ul>
<li>Owner → lectura, escritura y administración</li>
<li>Editor → lectura y escritura</li>
<li>Viewer → lectura</li>
</ul>

Terminología de gestión de identidades y accesos por cada nube

<a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxu1duan3cuz1rhref1xe.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxu1duan3cuz1rhref1xe.png" alt="IAM por nube" width="720" height="197"></a>




7. ¿Y cómo hacemos para NO tener tres cuentas distintas?

Aquí entra un concepto importante, la federación de identidades, esto permite que un usuario se autentique una sola vez en un sistema y pueda ingresar a las tres nubes.

La federación usa protocolos como:

<ul>
<li>SAML 2.0</li>
<li>OIDC (OpenID Connect)</li>
<li>OAuth 2.0</li>
</ul>

Estos protocolos permiten que un sistema diga: 
"Este usuario es auténtico, puedes confiar en él." 


<div class="highlight js-code-highlight">
<pre class="highlight plaintext"><code> ┌──────────────────────────────────────────────────┐
 │ FEDERACIÓN = Un solo IdP para varias nubes │
 └──────────────────────────────────────────────────┘
 │
 Permite usar 1 identidad para: AWS + Azure + GCP
 │
 Protocolos: SAML, OAuth2, OIDC

</code></pre>

</div>



Ejemplo: 
Te logeas con tu cuenta universitaria y automáticamente puedes:

<ul>
<li>usar Teams (Microsoft),</li>
<li>usar Google Drive (Google),</li>
<li>usar Moodle (otro proveedor).</li>
</ul>

"Eso es federación".




8. ¿Qué es el SSO?

SSO = Single Sign-On = "Inicia sesión una sola vez".

Ejemplo: 
Cuando entras a Gmail y luego, sin volver a poner tu clave, puedes entrar a YouTube.

"Eso es SSO".

Cada nube tiene su servicio SSO:

<ul>
<li>AWS → IAM Identity Center</li>
<li>Azure → Azure AD SSO</li>
<li>GCP → Workload Identity Federation
</li>
</ul>

<div class="highlight js-code-highlight">
<pre class="highlight plaintext"><code>SSO = Iniciar sesión una vez
 │
 Acceder a:
 - AWS (IAM Identity Center)
 - Azure AD SSO
 - GCP (Workload Identity Federation)

</code></pre>

</div>






9. ¿Qué recomiendan los expertos?

En multi nube, se destaca tres reglas de oro:

<ul>
<li>Todo acceso debe estar autenticado 
→ Cada acción debe tener un usuario responsable.</li>
<li>Menor privilegio 
→ Dar solo lo necesario. 
(Si solo necesita leer, no le des permisos de administrador).</li>
<li>Auditoría continua 
→ Registrar quién hizo qué.</li>
</ul>

Ejemplo: 
Cuando un alumno entra al sistema académico, queda registrado. Igual con los profesores.




Ejemplo final para entenderlo completo

Imagina una empresa “TechSchool” con tres nubes:

Sin IAM unificado:

<ul>
<li>Ana (desarrolladora) tiene 3 cuentas:

<ul>
<li>Una en AWS</li>
<li>Una en Azure</li>
<li>Una en GCP</li>
</ul>


</li>

<li>Tiene 3 contraseñas</li>

<li>El administrador debe actualizar permisos en 3 lugares.</li>

</ul>

Con IAM con federación + SSO:

<ul>
<li>Ana tiene una sola cuenta (por ejemplo, en Azure).</li>
<li>Inicia sesión una vez.</li>
<li>Puede entrar a AWS, Azure y GCP.</li>
<li>Sus permisos están centralizados.</li>
</ul>

Esto facilita la vida a todos.




🎓¿Qué debería recordar?

✔ Identidad = quién eres 
✔ Autenticación = demostrarlo 
✔ Autorización = qué puedes hacer 
✔ IAM = gestión total de accesos 
✔ Cada nube usa su propio sistema de roles 
✔ Federación = un solo usuario para varias nubes 
✔ SSO = iniciar sesión una sola vez 
✔ Menor privilegio y auditoría = buenas prácticas

مؤخراً، أبلغت العديد من مزودي الخدمات السحابية العامة الرئيسيين، بما في ذلك GCP وAWS وAzure، عن انقطاعات كبيرة. دفعت هذه الحوادث العديد من المؤسسات إلى التفكير في استراتيجيات متعددة السحاب لتقليل مخاطر التوقف. جانب حاسم من إدارة خدمات السحابة المتعددة هو إدارة الهوية والوصول (IAM)، التي تتحكم في وصول المستخدمين وإجراءاتهم عبر منصات مختلفة.

Recientemente, varios de los principales proveedores de nube pública, como GCP, AWS y Azure, registraron interrupciones significativas. Estos incidentes han llevado a muchas organizaciones a considerar estrategias multi-cloud para mitigar el riesgo de tiempo de inactividad. Un aspecto crítico de la gestión de múltiples servicios en la nube es la Gestión de Identidad y Acceso (IAM), que controla el acceso y las acciones de los usuarios en diferentes plataformas.

Récemment, plusieurs grands fournisseurs de cloud public ont signalé des pannes importantes, notamment GCP, AWS et Azure. Ces incidents ont poussé de nombreuses entreprises à envisager des stratégies multi-cloud pour réduire le risque de temps d'arrêt. Un aspect essentiel de la gestion de plusieurs services cloud est la Gestion des Identités et des Accès (IAM), qui contrôle l'accès des utilisateurs et leurs actions sur différentes plateformes.

Recent significant outages were reported by major public cloud providers, including GCP, AWS, and Azure. These incidents have prompted many organizations to consider multi-cloud strategies to mitigate the risk of downtime. A critical aspect of managing multiple cloud services is Identity and Access Management (IAM), which controls user access and actions across different platforms.

200 reports, 11 valid bugs, 0 critical issues. Why our HackerOne VDP was still worth it

Was this article worth reading? Share it