Flux
CSP Allow-list Experiment
IA Programmation

CSP Allow-list Experiment

Tool: CSP Allow-list Experiment An experiment that shows that you can load an app in a CSP-protected sandboxed iframe (see previous note) and have a custom fetch() that intercepts CSP errors and passes them up to the parent window... which can then prompt the user to add that domain to an allow-list and then refresh the page. I built this one with GPT-5.5 xhigh running in the Codex desktop app. Tags: content-security-policy, iframes, security

Simon Willison's Weblog
GemStuffer Campaign Abuses RubyGems as Exfiltration Channel Targeting UK Local Government
Cybersécurité Programmation

GemStuffer Campaign Abuses RubyGems as Exfiltration Channel Targeting UK Local Government

Socket's threat research team is tracking a suspicious RubyGems campaign we’re calling GemStuffer, involving more than 100 gems that appear to use the RubyGems registry as a data transport mechanism rather than a conventional malware distribution channel. The packages do not appear designed for mass developer compromise. Many have little or no download activity, and the payloads are repetitive, noisy, and unusually self-contained. Instead, the scripts fetch pages from UK local government…

Socket
datasette 1.0a29
IA Programmation

datasette 1.0a29

Release: datasette 1.0a29 New TokenRestrictions.abbreviated(datasette) utility method for creating "_r" dictionaries. #2695 Table headers and column options are now visible even if a table contains zero rows. #2701 Fixed bug with display of column actions dialog on Mobile Safari. #2708 Fixed bug where tests could crash with a segfault due to a race condition between Datasette.close() and Datasette.close(). #2709 That segfault bug was gnarly. I added a mechanism to Datasette recently that would…

Simon Willison's Weblog
Quoting Mo Bitar
IA Programmation

Quoting Mo Bitar

Now, if your CEO has never heard the phrase Ralph Loop, oh man, you are less than 30 days away from your next promotion. I'm not even exaggerating. Walk into his office, close the door, and say, hey chief, been experimenting with something. It's called Ralph Loops. And I think it could change literally everything. And he's gonna say, what's a Ralph loop? And you will say, give me $18,000 worth of API credits and I'll show you. Now you won't actually do anything, because you can't do anything.…

Simon Willison's Weblog
Quoting Mitchell Hashimoto
IA Programmation

Quoting Mitchell Hashimoto

The thing about 90% of TDMs [Technical Decision Makers] is that they're motivated primarily by NOT GETTING FIRED. These aren't people who browser Lobsters or push to GH on the weekend. These are people that work 9 to 5, get paid, go home, and NEVER THINK ABOUT WORK AGAIN. So to achieve all that, they follow secular trends supported by analysts and broad public sentiment. Oh, Gartner said that "AI strategy" is most important? McKinsey said "context" needs to be managed? Well, "Context Engine for…

Simon Willison's Weblog
Summary: An International Agreement to Prevent the Premature Creation of Artificial Superintelligence
IA

Summary: An International Agreement to Prevent the Premature Creation of Artificial Superintelligence

If anyone, anywhere builds a superhuman artificial intelligence using present methods, the most likely outcome is catastrophe. There have accordingly been widespread calls for an international agreement prohibiting the development of superintelligence. In November 2025, MIRI’s Technical Governance Team published an example of one such agreement. This post is an informal and very abbreviated summary […] The post Summary: An International Agreement to Prevent the Premature Creation of Artificial…

MIRI Blog
llm 0.32a2
IA Programmation

llm 0.32a2

Release: llm 0.32a2 A bunch of useful stuff in this LLM alpha, but the most important detail is this one: Most reasoning-capable OpenAI models now use the /v1/responses endpoint instead of /v1/chat/completions. This enables interleaved reasoning across tool calls for GPT-5 class models. #1435 This means you can now see the summarized reasoning tokens when you run prompts against an OpenAI model, displayed in a different color to standard error. Use the -R or --hide-reasoning flags if you don't…

Simon Willison's Weblog
Burnout and Cognitive Debt
IA

Burnout and Cognitive Debt

Steve Yegge’s article about programmer burnout (“The AI Vampire”) along with Margaret Storey’s article about Cognitive Debt started an ongoing conversation about programmer fatigue and software quality—two topics that should be linked, but often aren’t. Steve argues that programming constantly with the help of agentic AI leds to burnout; it’s fast, it’s fun, but keeping […]

O'Reilly Radar — AI/ML
Socket Named to Rising in Cyber 2026 List of Top Cybersecurity Startups
Cybersécurité Programmation

Socket Named to Rising in Cyber 2026 List of Top Cybersecurity Startups

Socket has been named to the Rising in Cyber 2026 list, an annual recognition of the most promising private cybersecurity companies, as selected by nearly 150 practicing CISOs and cybersecurity executives. Launched by Notable Capital, Rising in Cyber recognizes 30 private cybersecurity startups shaping the future of enterprise security. This year’s honorees were selected by security leaders from organizations including Booking.com, Albertsons, Atlassian, and TIAA. The list was announced…

Socket
Thoughts on GitLab's workforce reduction" and "structural and strategic decisions"
IA Programmation

Thoughts on GitLab's workforce reduction" and "structural and strategic decisions"

GitLab Act 2 There's a lot going on in this announcement from GitLab about the "workforce reduction" and "structural and strategic decisions" they are making with respect to the agentic era. They're "planning to reduce the number of countries by up to 30% where we have small teams". One of the most interesting things about GitLab is that they have employees spread across a large number of countries - 18 are listed in their public employee handbook but this post says they are "operating in…

Simon Willison's Weblog