Flux
Toutes les catégories

Programmation

1616 articles

Incident Report: CVE-2026-LGTM
IA Programmation

Incident Report: CVE-2026-LGTM

Incident Report: CVE-2026-LGTM Spectacular hypothetical incident report by Andrew Nesbitt. Day 2, 16:00 UTC --- Two AI review agents from competing vendors, both attached to a downstream pull request bumping foxhole-lz4, enter a disagreement loop over whether the package is malicious. After 340 comments and $41,255 in inference spend, Finance revokes both API keys; one vendor's marketing team, cc'd on the cost anomaly alert, issues a press release citing "a 430% YoY increase in adversarial…

Simon Willison's Weblog
Quoting OpenAI
IA Programmation

Quoting OpenAI

We're beginning a limited preview of the GPT‑5.6 series: Sol, our flagship model; Terra, a balanced model for everyday work; and Luna, a fast and affordable model. Terra has competitive performance to GPT‑5.5 while being 2x cheaper and Luna brings strong capability at our lowest cost. [...] We believe in broad access, and we plan to make GPT‑5.6 Sol, Terra, and Luna generally available in the coming weeks. As part of our ongoing engagement with the U.S. government, we previewed our plans and…

Simon Willison's Weblog
Miasma Mini Shai-Hulud Hits ImmobiliareLabs npm Packages
Cybersécurité Programmation

Miasma Mini Shai-Hulud Hits ImmobiliareLabs npm Packages

Latest wave affects legitimate @immobiliarelabs Backstage packages, with malicious npm releases published across GitLab and LDAP authentication plugin families on June 26, 2026. Socket Threat Research is tracking a fresh compromise in the ongoing Miasma Mini Shai-Hulud supply chain campaign. The latest activity affects legitimate npm packages published under the @immobiliarelabs scope, including Backstage plugins used for GitLab integration and LDAP authentication. This appears to be a…

Socket
Rolldown Pulls Rust React Compiler Integration After Binary Size Increase
Cybersécurité Programmation

Rolldown Pulls Rust React Compiler Integration After Binary Size Increase

Rolldown and Vite pulled a Rust-based React Compiler integration after maintainers decided the binary-size cost was too high for a feature that would ship to all users by default. Boshen, a maintainer involved in Rolldown and Oxc, said the increase could not be justified for the full Vite user base. “We withdrew the Rust React Compiler integration from Rolldown and Vite because it increased the binary size from 28.7MB to 33.8MB, a 17% increase,” he wrote. # The work has been in discussion for…

Socket
The PHP Podcast 2026.06.25
Programmation Web

The PHP Podcast 2026.06.25

🎙️ PHP Podcast – June 25, 2026 Hosts: Eric Van Johnson & John Congdon Eric and John are back. Sara and Holly did a better job. Eric’s computer still hates him. 🔌 Eric’s Connectivity Saga: A Possible Resolution For weeks, Eric has been dealing with a maddening streaming issue — he could see and hear […] The post The PHP Podcast 2026.06.25 appeared first on PHP Architect.

PHP Architect
Maintaining PHP Build infrastructure for Windows: Tooling for builds and security updates
Programmation Web

Maintaining PHP Build infrastructure for Windows: Tooling for builds and security updates

Most PHP developers never think about how PHP is built. They download it or install it using a command or a pre-built image and get started with their work. That is exactly how it should feel. A build system is doing its job when the final result looks great and works as expected. Behind every official PHP for Windows release is a lot of infrastructure: compilers, SDKs, dependency libraries, extension compatibility, CI pipelines, and security updates that keep the supported PHP versions…

The PHP Foundation
AI and Liability
IA Programmation

AI and Liability

AI and Liability Bruce Schneier on the recent German ruling that Google be held liable for errors introduced in their AI overviews: AI agents are agents of the person or organization that deploys them—and should be treated by the law as such. If a company hired human writers to write its summaries, that company would be liable for inaccuracies in those summaries. [...] To allow businesses to hide behind the excuse of faulty AI in those same circumstances would be a massive handout to companies,…

Simon Willison's Weblog
Miasma Mini Shai-Hulud Hits LeoPlatform npm Packages and GitHub Actions, Expands to the Go Ecosystem
Cybersécurité Programmation

Miasma Mini Shai-Hulud Hits LeoPlatform npm Packages and GitHub Actions, Expands to the Go Ecosystem

Latest wave affects LeoPlatform/RStreams npm packages, three llxlr-published npm packages, the Verana Blockchain Go module, and GitHub Actions/developer-tool workflows. Socket Threat Research is tracking a new supply chain attack wave tied to the Mini Shai-Hulud, Miasma, and Hades malware family. The latest activity includes malicious npm releases affecting LeoPlatform and RStreams packages, GitHub Actions workflow abuse, and a related Go module compromise involving the Verana Blockchain…

Socket
Claude Code for PHP Developers
Programmation Web

Claude Code for PHP Developers

If you’ve been hearing about Claude Code but assumed it’s mostly for the JavaScript and Python crowd, it’s time to take another look. Claude Code is a command-line AI coding tool that works directly in your terminal, and it’s remarkably effective for PHP development. Whether you’re building with Laravel, Symfony, or vanilla PHP, there are […] The post Claude Code for PHP Developers appeared first on PHP Architect.

PHP Architect
simonw/browser-compat-db
IA Programmation

simonw/browser-compat-db

simonw/browser-compat-db Inspired by Mozilla's new MDN MCP service - source code here - I decided to try converting their comprehensive mdn/browser-compat-data repository full of browser compatibility data into a SQLite database. This new GitHub repo includes a Claude Code for web (Opus 4.8) generated script for doing that using sqlite-utils. I wanted the resulting ~66MB SQLite database to be available via the GitHub CDN with open CORS headers. GitHub releases don't have those, but any file…

Simon Willison's Weblog
Quoting Tom MacWright
IA Programmation

Quoting Tom MacWright

In the last few months, I've started to see [job applications] that were clearly cowritten by an LLM, link to an LLM-generated portfolio site, which then links to LLM-generated GitHub projects, with purely LLM-generated commit messages. [...] My other reaction is that I don't know anything about these people. They haven't put themselves out there. They haven't said anything true. [...] The perfected, generated, prompted resume is generic and impersonal. It tells me nothing about this person,…

Simon Willison's Weblog