Flux
Toutes les catégories

Programmation

1557 articles

Cybersecurity Looks Like Proof of Work Now
IA Programmation

Cybersecurity Looks Like Proof of Work Now

Cybersecurity Looks Like Proof of Work Now The UK's AI Safety Institute recently published Our evaluation of Claude Mythos Preview’s cyber capabilities, their own independent analysis of Claude Mythos which backs up Anthropic's claims that it is exceptionally effective at identifying security vulnerabilities. Drew Breunig notes that AISI's report shows that the more tokens (and hence money) they spent the better the result they got, which leads to a strong economic incentive to spend as much as…

Simon Willison's Weblog
Feross on the 10 Minutes or Less Podcast: Nobody Reads the Code
Cybersécurité Programmation

Feross on the 10 Minutes or Less Podcast: Nobody Reads the Code

In the past few weeks alone, we’ve seen a surge in supply chain attacks, increasingly sophisticated social engineering, and even nation-state actors targeting maintainers. What used to feel like a niche concern is now a daily reality for teams building with open source. In this conversation, Socket CEO Feross Aboukhadijeh joins 10 Minutes or Less, a podcast by Ali Rohde, General Partner at Outset Capital, to break down what’s happening right now, from how the Axios backdoor attack unfolded to…

Socket
Steve Yegge
IA Programmation

Steve Yegge

Steve Yegge: I was chatting with my buddy at Google, who's been a tech director there for about 20 years, about their AI adoption. Craziest convo I've had all year. The TL;DR is that Google engineering appears to have the same AI adoption footprint as John Deere, the tractor company. Most of the industry has the same internal adoption curve: 20% agentic power users, 20% outright refusers, 60% still using Cursor or equivalent chat tool. It turns out Google has this curve too. [...] There has…

Simon Willison's Weblog
108 Chrome Extensions Linked to Data Exfiltration and Session Theft via Shared C2 Infrastructure
Cybersécurité Programmation

108 Chrome Extensions Linked to Data Exfiltration and Session Theft via Shared C2 Infrastructure

Socket's Threat Research Team identified 108 malicious Chrome extensions operating as a coordinated campaign under a shared C2 infrastructure at cloudapi[.]stream. The extensions are published under five distinct publisher identities (Yana Project, GameGen, SideGames, Rodeo Games, and InterAlt) and collectively account for approximately 20k Chrome Web Store installs. All 108 route stolen credentials, user identities, and browsing data to servers controlled by the same operator. The extensions…

Socket
Exploring the new `servo` crate
IA Programmation

Exploring the new `servo` crate

Research: Exploring the new `servo` crate In Servo is now available on crates.io the Servo team announced the initial release of the servo crate, which packages their browser engine as an embeddable library. I set Claude Code for web the task of figuring out what it can do, building a CLI tool for taking screenshots using it and working out if it could be compiled to WebAssembly. The servo-shot Rust tool it built works pretty well: git clone https://github.com/simonw/research cd…

Simon Willison's Weblog
★ Instant view switches with Inertia v3 prefetching
Programmation Web

★ Instant view switches with Inertia v3 prefetching

Over the past few months we've been building There There at Spatie, a support tool shaped by the two decades we've spent running our own customer support. The goal is simple: the helpdesk we always wished we had. We care about using AI in a particular way. It should help support agents write better replies, not substitute for them. The human stays in charge of the conversation, and the model does the unglamorous work of drafting, rephrasing, and suggesting links. There There is in private beta…

Freek Van der Herten
★ How we use Inertia v3 optimistic updates in There There
Programmation Web

★ How we use Inertia v3 optimistic updates in There There

A few months ago we started building There There, a helpdesk we're making at Spatie. The premise is simple. After two decades of running customer support for our open source work and our SaaS apps, we wanted the tool we always wished existed. One thing we care about in particular is using AI to help humans craft better responses, not to replace them. The agent stays in charge of the conversation. The model just helps them reply faster and a little sharper. There There is in private beta right…

Freek Van der Herten
Quoting Bryan Cantrill
IA Programmation

Quoting Bryan Cantrill

The problem is that LLMs inherently lack the virtue of laziness. Work costs nothing to an LLM. LLMs do not feel a need to optimize for their own (or anyone's) future time, and will happily dump more and more onto a layercake of garbage. Left unchecked, LLMs will make systems larger, not better — appealing to perverse vanity metrics, perhaps, but at the cost of everything that matters. As such, LLMs highlight how essential our human laziness is: our finite time forces us to develop crisp…

Simon Willison's Weblog