Personal blogroll - BlogFlock

Rating all the U.S. airports - FlowingData

2025-07-02T11:05:17.000Z

There are great airports and there are really bad ones. Which one you get depends on your origin and destination. The Washington Post ranked over 450 U.S. airports to find the best, based on reader survey responses and Yelp reviews. Instead of just landing on the most popular airports, the focus is on what travelers value most, such as how easy it is to get to the terminal.

Portland International topped the list. I was just at Long Beach Airport, which was number two, and it’s definitely a different feel from all other airports I’ve been to. It’s an oddly relaxing experience.

WaPo also provides a map tool so that you can search for airports in your area. I actually saw the tool before the article and was so confused why they kept referencing ranks without showing an ordered list.

Tags: airports, ranking, Washington Post

Ubuntu Disables Spectre/Meltdown Protections - Schneier on Security

2025-07-02T11:02:22.000Z

A whole class of speculative execution attacks against CPUs were published in 2018. They seemed pretty catastrophic at the time. But the fixes were as well. Speculative execution was a way to speed up CPUs, and removing those enhancements resulted in significant performance drops.

Now, people are rethinking the trade-off. Ubuntu has disabled some protections, resulting in 20% performance boost.

After discussion between Intel and Canonical’s security teams, we are in agreement that Spectre no longer needs to be mitigated for the GPU at the Compute Runtime level. At this point, Spectre has been mitigated in the kernel, and a clear warning from the Compute Runtime build serves as a notification for those running modified kernels without those patches. For these reasons, we feel that Spectre mitigations in Compute Runtime no longer offer enough security impact to justify the current performance tradeoff.

I agree with this trade-off. These attacks are hard to get working, and it’s not easy to exfiltrate useful data. There are way easier ways to attack systems.

News article.

Cl0p cybercrime gang's data exfiltration tool found vulnerable to RCE attacks - The Register - Security

2025-07-02T09:38:10.000Z

Experts say they don't expect the MOVEit menace to do much about it

Security experts have uncovered a hole in Cl0p's data exfiltration tool that could potentially leave the cybercrime group vulnerable to attack.…

Table for science-backed vaccine recommendations - FlowingData

2025-07-02T09:25:42.000Z

Jen Christiansen and Meghan Bartels provide a quick reference for Scientific American:

Kennedy’s decision to replace ACIP wholesale and the comments he has made about deviating from standard vaccine policymaking practice suggest that new recommendations won’t be backed by established vaccine science—hence our reproduction of the vaccine recommendations as of the end of 2024.

There are tables for young children, older children, and adults. Green represents a recommendation for everyone. Yellow represents a recommendation for a subset.

It’s annoying that this is necessary, but it is necessary. It seems wise to keep watch on how these reproduced tables compare against shifting CDC recommendations.

Tags: CDC, science, Scientific American, vaccination

UK eyes new laws as cable sabotage blurs line between war and peace - The Register - Security

2025-07-02T08:30:07.000Z

It might be time to update the Submarine Telegraph Act of 1885

Cyberattacks and undersea cable sabotage are blurring the line between war and peace and exposing holes in UK law, a government minister has warned lawmakers.…

Australian airline Qantas reveals data theft impacting six million customers - The Register - Security

2025-07-02T01:34:50.000Z

Frequent flyers’ info takes flight

Australian airline Qantas on Wednesday revealed it fell victim to a cyberattack that saw information describing six million customers stolen.…

Using Playwright MCP with Claude Code - Simon Willison TIL

2025-07-01T23:44:50.000Z

Inspired by Armin, I decided to figure out how to use the official microsoft/playwright-mcp Playwright MCP server with Claude Code.

Short version: run this before starting claude:

claude mcp add playwright npx '@playwright/mcp@latest'

That's it! Now when you run claude Playwright will be available. You can say things like:

Use playwright mcp to open a browser to example.com

And a visible Chrome browser window, controlled by Claude Code, will open in front of you.

I found I needed to explicitly say "playwright mcp" the first time, otherwise it might try to use Bash to run Playwright instead.

The claude mcp add command will persist but will only affect the directory in which you run it.

It took me a while to figure out how that works - eventually I tracked it down to a JSON file ~/.claude.json which includes a "projects" key with objects for each directory I had used with Claude Code in the past. That object includes MCPs and allowed commands as well.

Authenticating

Since Claude uses a visible browser window when interacting with Playwright, authentication is easy: have it show you a login page, then login yourself with your own credentials and tell it what to do next. Cookies will persist for the duration of the session.

Available tools

With the MCP loaded you can run /mcp and then navigate to playwright to view all available tools. Here's the full list:

browser_close (read-only)
browser_resize (read-only)
browser_console_messages (read-only)
browser_handle_dialog
browser_file_upload
browser_install
browser_press_key
browser_navigate
browser_navigate_back (read-only)
browser_navigate_forward (read-only)
browser_network_requests (read-only)
browser_pdf_save (read-only)
browser_take_screenshot (read-only)
browser_snapshot (read-only)
browser_click
browser_drag
browser_hover (read-only)
browser_type
browser_select_option
browser_tab_list (read-only)
browser_tab_new (read-only)
browser_tab_select (read-only)
browser_tab_close
browser_generate_playwright_test (read-only)
browser_wait_for (read-only)

You don't have to reference these by name, Claude should usually be smart enough to pick the right one for the task at hand.

Microsoft admits to Intune forgetfulness - The Register - Security

2025-07-01T19:02:21.000Z

Customizations not saved with security baseline policy update

Microsoft Intune administrators may face a few days of stress after Redmond acknowledged a problem with security baseline customizations.…

International Criminal Court swats away 'sophisticated and targeted' cyberattack - The Register - Security

2025-07-01T16:34:05.000Z

Body stays coy on details but alludes to similarities with 2023 espionage campaign

The International Criminal Court (ICC) says a "sophisticated" cyberattack targeted the institution, the second such incident in two years.…

Show HN: Flow – A Command-Line Tool for Deep Work - Hacker News - Newest: "command line"

2025-07-01T14:54:03.000Z

Article URL: https://github.com/e6a5/flow

Comments URL: https://news.ycombinator.com/item?id=44434491

Points: 4

# Comments: 0

Iranian Blackout Affected Misinformation Campaigns - Schneier on Security

2025-07-01T11:07:51.000Z

Dozens of accounts on X that promoted Scottish independence went dark during an internet blackout in Iran.

Well, that’s one way to identify fake accounts and misinformation campaigns.

Terrible tales of opsec oversights: How cybercrooks get themselves caught - The Register - Security

2025-07-01T09:27:05.000Z

The silly mistakes to the flagrant failures

They say that success breeds complacency, and complacency leads to failure. For cybercriminals, taking too many shortcuts when it comes to opsec delivers a little more than that. …

AI slop on Last Week Tonight - FlowingData

2025-07-01T07:55:57.000Z

Last Week Tonight with John Oliver digs into AI slop. It’s the fake generated stuff filling our feeds with content, inevitably leading us to question our existence and whether this internet thing was really all worth it.

Proton bashes Apple and joins antitrust suit that seeks to throw the App Store wide open - The Register - Security

2025-07-01T06:31:13.000Z

Makes the usual complaints about control and cost, adds argument Apple's practices harm privacy

Secure comms biz Proton has joined a lawsuit that alleges Apple’s anticompetitive ways are harming developers, consumers, and privacy.…

Docopt Command-line interface description language - Hacker News - Newest: "command line"

2025-07-01T03:06:00.000Z

Article URL: http://docopt.org/

Comments URL: https://news.ycombinator.com/item?id=44430193

Points: 1

# Comments: 0

US shuts down a string of North Korean IT worker scams - The Register - Security

2025-06-30T22:17:39.000Z

Resulting in two indictments, one arrest, and 137 laptops seized

The US Department of Justice has announced a major disruption of multiple North Korean fake IT worker scams.…

When a woman’s cycle stops - FlowingData

2025-06-30T18:44:39.000Z

Many women lose their period while still of reproductive age. For Reuters, Daisy Chung, Minami Funakoshi, and Julia Wolfe explain why it happens and how some people can recover.

In this situation — known as functional hypothalamic amenorrhea (HA) — the body shuts down the reproductive system to preserve energy for essential functions, such as keeping the heart beating. It’s an evolutionary strategy to prevent pregnancy when the body can’t support it — but the consequences can extend to all aspects of health.

Careful illustrations and a soft water color aesthetic is used to approach the sensitive topic.

Tags: period, Reuters

British IT worker sentenced to seven months after trashing company network - The Register - Security

2025-06-30T18:29:15.000Z

Don't leave the door open to disgruntled workers

A judge has sentenced a disgruntled IT worker to more than seven months in prison after he wreaked havoc on his employer's network following his suspension, according to West Yorkshire Police.…

Overview of the GOP bill, a bar chart - FlowingData

2025-06-30T17:28:52.000Z

The Washington Post starts with a bar chart to show the major changes from the bill. This provides a wide view, and a sidebar navigation takes you to short explanations of each category.

Tags: bill, taxes, Washington Post

Cost and savings for each item in the GOP bill - FlowingData

2025-06-30T17:18:03.000Z

NYT’s the Upshot has a running list of the items in the bill with how much each will cost or save. The bill would add $3 trillion of debt. Reduced taxes accounts for most of that amount, and Medicaid takes the biggest hit. Items highlighted yellow indicate ongoing discussions.

Tags: bill, Medicaid, taxes, Upshot