Flux
On the <dl>
Nouveau
IA Programmation

On the <dl>

On the &lt;dl&gt; I learned a few new-to-me things about the &lt;dl&gt; element from this article by Ben Meyer: A &lt;dt&gt; can be followed by multiple &lt;dd&gt; You can optionally group the &lt;dt&gt; and &lt;dd&gt; elements in a &lt;div&gt; for styling - but only a &lt;div&gt;. You can label them using ARIA. They've been called "description lists", not "definition lists", since an HTML5 draft in 2008. So this is valid: &lt;h2 id="credits"&gt;Credits&lt;/h2&gt; &lt;dl…

Simon Willison's Weblog
Laravel Lang Compromised with RCE Backdoor Across 700+ Versions
Récent
Cybersécurité Programmation

Laravel Lang Compromised with RCE Backdoor Across 700+ Versions

A compromise affecting the community-maintained Laravel Lang project has introduced remote code execution backdoors across multiple packages in the organization, including laravel-lang/lang, laravel-lang/http-statuses, laravel-lang/attributes , and laravel-lang/actions across roughly 700+ historical versions. The affected packages are not part of the official Laravel framework. They are third-party localization packages used by Laravel applications. However, applications that installed…

Socket
The memory shortage is causing a repricing of consumer electronics
Récent
IA Programmation

The memory shortage is causing a repricing of consumer electronics

The memory shortage is causing a repricing of consumer electronics David Oks provides the clearest explanation I've seen yet of why consumer products that use memory are likely to get significantly more expensive over the next few years. The short version is that memory manufacturers - of which there are just three remaining large companies - have a fixed capacity in terms of how many wafers they can process at any one time. This fixed wafer capacity is then split between DDR - used in desktops…

Simon Willison's Weblog
Malicious Postinstall Hook Found Across 700+ GitHub Repositories, Including Packagist and Node.js Projects Récent
Cybersécurité Programmation

Malicious Postinstall Hook Found Across 700+ GitHub Repositories, Including Packagist and Node.js Projects

Socket researchers identified a coordinated supply chain campaign affecting eight packages on Packagist whose upstream repositories were modified to include the same malicious postinstall script. The script attempted to download a Linux binary from a GitHub Releases URL, save it to /tmp/.sshd, make it executable, and run it in the background. Although the affected packages were all Composer packages, the malicious code was not added to composer.json. Instead, it was inserted into package.json,…

Socket
The Erdős Proof and AI Capabilities
Récent
IA

The Erdős Proof and AI Capabilities

View the official memo here. An internal model at OpenAI has autonomously disproved a central conjecture in discrete geometry, a mathematical field with applications in cryptography, wireless device communication, and medical imaging. The proof relates to a famous question posed by Paul Erdős in 1946. It has been verified by prominent mathematicians in a companion […] The post The Erdős Proof and AI Capabilities appeared first on Machine Intelligence Research Institute.

MIRI Blog
AI Has Taken Over Open Source Récent
Cybersécurité Programmation

AI Has Taken Over Open Source

I’ve spent a lot of time looking at what the data reveals about open source, from the speed at which open source alternatives emerge to how maintainer compensation compares with the broader software industry. I’m interested in what the data says, not in predictions based on anecdotes. At Socket, I've had the privilege of accessing our massive database across all major ecosystems, including npm, PyPI, Go, and Rust. We essentially replicate all open source packages, including the very fringe…

Socket
FTC to Require Cox Media Group, Two Other Firms to Pay Nearly $1 Million to Settle Charges They Deceived Customers About “Active Listening” AI-Powered Marketing Service
Récent
IA Programmation

FTC to Require Cox Media Group, Two Other Firms to Pay Nearly $1 Million to Settle Charges They Deceived Customers About “Active Listening” AI-Powered Marketing Service

FTC to Require Cox Media Group, Two Other Firms to Pay Nearly $1 Million to Settle Charges They Deceived Customers About “Active Listening” AI-Powered Marketing Service Back in 2024 Cox Media Group were caught trying to sell advertisers packages based on "active listening", with this deck which claimed: Smart devices capture real-time intent data by listening to our conversations Advertisers can pair this voice-data with behavioral data to target in-market consumers I wrote about this in…

Simon Willison's Weblog
npm Invalidates Granular Access Tokens as Mini Shai-Hulud Sweeps the Registry Récent
Cybersécurité Programmation

npm Invalidates Granular Access Tokens as Mini Shai-Hulud Sweeps the Registry

npm has invalidated every granular access token with write access that bypasses two-factor authentication. The platform-wide credential reset rolled out on May 19, announced from npm's long-dormant X account. The registry posted the notice following an attack that used a hijacked maintainer account to publish hundreds of malicious package versions across the @antv ecosystem. "To prevent supply chain attacks following the pattern of Mini Shai Hulud, we invalidated npm granular access tokens with…

Socket