Flux
Socket Partners with Replit to Block Malicious Packages in AI-Powered Development

Socket Partners with Replit to Block Malicious Packages in AI-Powered Development

The way software gets built is changing fast. Developers are no longer the only ones choosing dependencies. AI agents can now recommend, install, and wire open source packages into applications as part of the build process. Replit is at the center of that shift, giving millions of builders a faster path from idea to working software. As more of that work happens inside AI-powered workflows, dependency security has to move closer to the moment packages are selected and installed. Socket Firewall…

Socket
Quoting Jeremy Howard

Quoting Jeremy Howard

Easy solution to slow down recursive AI self improvement: The lab with the top-ranked model must agree THEY must not use it for working on frontier AI But everyone else should have access to it. By definition, this means the frontier doesn't advance. It also has the critical benefit of avoiding a dangerous power imbalance. Anthropic has chosen the opposite of the safe path: they are allowing themselves, the current top lab, to use their top model for frontier AI research. They've said they'll…

Simon Willison's Weblog
How to use git rebase without breaking your team’s history

How to use git rebase without breaking your team’s history

Video version: https://youtu.be/5n2VZS_YPv0 Let’s say you’re working on a feature branch called add-discount-codes. You’ve been at it for a couple of days, and you’ve got five commits with all of your work done. A team member mentions that git rebase can make sure you have the most recent changes from the “main” branch. So you […] The post How to use git rebase without breaking your team’s history appeared first on PHP Architect.

PHP Architect
The PM’s Playbook for Shipping AI Features That Actually Work in Production

The PM’s Playbook for Shipping AI Features That Actually Work in Production

The demo to production Death Valley If you’ve worked on an AI feature, you know the feeling. You start building something that you are excited about, set launch timelines. The model spits out a perfect response, the prototype works magically, and everybody in the room is mentally calculating how big this product will be when […]

O'Reilly Radar — AI/ML
If Claude Fable stops helping you, you'll never know

If Claude Fable stops helping you, you'll never know

If Claude Fable stops helping you, you'll never know Jonathon Ready highlights one of the more eyebrow-raising details from the 319 page system card for Fable 5 and Mythos 5. Here's a longer excerpt, highlights mine: In light of the ability of recent models to accelerate their own development, we’ve implemented new interventions that limit Claude’s effectiveness for requests targeting frontier LLM development (for example, on building pretraining pipelines, distributed training…

Simon Willison's Weblog
Initial impressions of Claude Fable 5

Initial impressions of Claude Fable 5

I didn't have early access to today's Claude Fable 5 release, but I've spent the past ~5.5 hours putting it through its paces. My initial impressions are that this is something of a beast. It's slow, expensive and has been quite happily churning through everything I've thrown at it so far. As is frequently the case with current frontier models the challenge is finding tasks that it can't do. First, let's review the key characteristics. Anthropic claim that Claude Fable 5 offers the same…

Simon Willison's Weblog
Setting a custom price for a model in AgentsView

Setting a custom price for a model in AgentsView

TIL: Setting a custom price for a model in AgentsView I've been really enjoying AgentsView by Wes McKinney as a tool for exploring my token usage across different coding agents running on my laptop. Claude Fable 5 came out today and wasn't yet included in the pricing database AgentsView uses. I used Fable to reverse-engineer AgentsView and figured out this recipe for setting custom prices. Here's my Claude Fable 5 usage for today so far, plotted by AgentsView as a treemap across my different…

Simon Willison's Weblog
npm Tooling Bug Incorrectly Marks One-Character Packages as Security Holders

npm Tooling Bug Incorrectly Marks One-Character Packages as Security Holders

npm incorrectly applied security-holder metadata to multiple one-character packages, including letters, numbers, and the - package. Socket reviewed public npm registry metadata and found several affected packages had been assigned 0.0.1-security or 0.0.1-security.0 versions, with the latest dist-tag moved to the security placeholder. Older package versions remained available. npm confirmed the markings were not intentional and that they are working on rolling it back. “This happened due to a…

Socket