Mastodon Feed
aredridel@kolektiva.social ("Mx. Aria Stewart") wrote:
Also you're not going to have much luck bringing ethics to an economics fight. (God I wish that were easier to bring, but you have to bring _regulation_ to an economics fight if you want to embed ethics.)
Mastodon FeedBoosted by baldur@toot.cafe ("Baldur Bjarnason"):
davidgerard@circumstances.run ("David Gerard") wrote:
the precise timeline of how OpenAI fucked over the RAM market
> October 2025: Sam Altman flies to Seoul and signs simultaneous deals with Samsung and SK Hynix for 900,000 DRAM wafers per month. That's 40% of global supply. Neither company knew the other was signing a near-identical commitment at the same time.
Mastodon FeedBoosted by jsonstein@masto.deoan.org ("Jeff Sonstein"):
BleepingComputer@infosec.exchange wrote:
Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems.
Mastodon Feedfromjason ("fromjason.xyz β€οΈ π» βοΈ π₯ π΅π·") wrote:
So Trump's ballroom is actually a military bunker underneath.
Why. Are. Rich. People. Building. Bunkers.
Mastodon Feedpzmyers@freethought.online ("pzmyers π·") wrote:
The "future of education" is blindingly tasteless and vapid.
https://freethoughtblogs.com/pharyngula/2026/03/31/the-future-of-education/
Mastodon Feedaredridel@kolektiva.social ("Mx. Aria Stewart") wrote:
A lotta y'all gotta learn the difference between _LLM Use_ and _slop generation_.
You can make slop by hand like the old days and it's still slop. You can use an LLM with good engineering practices as guardrails and end up without slop.
(If it's creative work without engineering guardrails though, it's almost certainly slop.)
Mastodon Feeddb@social.lol ("David Bushell πͺΏ") wrote:
excited to try this but disappointed that my paid Proton subscription gets zero benefits (unless i pay more)
Mastodon FeedBoosted by aredridel@kolektiva.social ("Mx. Aria Stewart"):
ngaylinn@tech.lgbt ("Nate Gaylinn") wrote:
Sigh. I just discovered an experiment very similar to what I've been designing over the last several weeks.
This has to be one of the most difficult and discouraging parts of science.
I don't feel as "scooped" as I used to when this happens. I've come to realize that I almost always have something else to add, so this is generally a sign to pivot rather than give up.
But I did waste effort researching what this paper clearly explains, and now I have to stop and rethink everything I'm doing, and maybe even start over from scratch on some things. Frustrating!
What bothers me most about this is how accidental it all is. The scientific literature is barely organized. I find things because someone points them out, or because I have the right magic keywords. Both of those methods are painfully unreliable, and I often find things much later than I'd like.
There's gotta be a better way.
Mastodon FeedBoosted by baldur@toot.cafe ("Baldur Bjarnason"):
PavelASamsonov ("Pavel A. Samsonov") wrote:
The main problem with checking AI outputs is that you need to have an idea of what you actually wanted it to do, and most people use AI as a substitute for having to figure that out.
Mastodon Feedaredridel@kolektiva.social ("Mx. Aria Stewart") wrote:
And with that, with https://spicelabs.io/ (my employer), I can quickly check and see if it's present anywhere in our builds. It's not there.
Mastodon Feedaredridel@kolektiva.social ("Mx. Aria Stewart") wrote:
The actual compromise file in plain-crypto-js is SHA1 b0e0f12f1be57dc67fa375e860cedd19553c464d
This is the one that will be on-disk in a node_modules directory.
Mastodon Feedaredridel@kolektiva.social ("Mx. Aria Stewart") wrote:
Looks like Socket has a copy, now to figure out how to download it.
Mastodon Feedaredridel@kolektiva.social ("Mx. Aria Stewart") wrote:
I really wish that the npmjs security team published the complete list of file hashes of a compromised package in their stub package page that they use when they remove something.
The way we hide compromises so fast when we respond actually makes responding harder.
Mastodon Feedaredridel@kolektiva.social ("Mx. Aria Stewart") wrote:
I know the plain-crypto-js package's overall SHA1 hash is 07d889e2dadce6f3910dcbc253317d28ca61c766, but that's not actually a thing you'd find on disk in a node_modules directory.
Mastodon Feedaredridel@kolektiva.social ("Mx. Aria Stewart") wrote:
Anyone have the hashes of the files in the compromised axios and particularly the malicious dependency?
Mastodon Feeddb@social.lol ("David Bushell πͺΏ") wrote:
seriously, what was i doing before CSS Subgrid, bashing rocks together? once you see a subgrid they're everywhere
Mastodon FeedBoosted by aredridel@kolektiva.social ("Mx. Aria Stewart"):
cowperthwait@sfba.social ("Jonathan E Cowperthwait") wrote:
npmjs Twitter account to reply, βWhat can npmjs security team do for you today? Also β¨ Quickly spin up Copilot coding agent tasks from anywhere on your macOS or Windows machine with Raycast.β
Mastodon Feedjsonstein@masto.deoan.org ("Jeff Sonstein") wrote:
ugh, I'm guessing somebody screwed the pooch
Mastodon FeedBoosted by baldur@toot.cafe ("Baldur Bjarnason"):
mhoye@cosocial.ca wrote:
Baffling morning scroll as axios the publication and axios the npm package are both getting attention for being bad at their jobs.
Mastodon FeedBoosted by baldur@toot.cafe ("Baldur Bjarnason"):
jasongorman@mastodon.cloud ("Jason Gorman") wrote:
I'm pretty satisfied at this point that the true extent of "AI" use in software development has been massively exaggerated.
Sure, lots of devs are using LLMs. But there seems to be very little advanced use. It's mostly chat window stuff and occasional inline completion, to keep the boss happy.
It is, however, a massive distraction.
Mastodon Feeddysfun@treehouse.systems ("gaytabase") wrote:
3 days into quitting smoking and i still don't feel healthier.
send praise.
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
mmby wrote:
@lettosprey @soatok even with intact public health services in Europe, people don't get tested regularly because there is social stigma attached - I actually had my doc try to argue me out of it once, asking why I wanted to do that
if people are carried by momentum and the opportunity to be safer is *right there*, it's just great community service
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
afewbugs@social.coop ("Jules she/her") wrote:
RE: https://furry.engineer/@soatok/116321104173678252
Apparently some furry conventions offer STI testing and people are making judgemental memes about it. Whereas as anyone who has ever attended or worse had to arrange a scientific conference will tell you this is something every conference should be offering.
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
wronglang@bayes.club ("Krzysztof Sakrejda") wrote:
@soatok I see we're moving on from forgetting makes and into forgetting the 1990s
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
mees@sunny.garden ("Mees π»") wrote:
@tiefling @soatok @hazelnoot you'd have to trust not just them, but also their former partners, and their former partners, etc. That's a lot to ask.
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
lettosprey@tech.lgbt ("Lett Osprey :v_pan: :v_enby: π :therian:") wrote:
@soatok Furry cons offering HIV testing seems like an indication of broken public health services.
Good on furcons to pick up the slack.
Mastodon FeedBoosted by jsonstein@masto.deoan.org ("Jeff Sonstein"):
macrumors ("MacRumors.com") wrote:
Ollama Now Runs Faster on Macs Thanks to Apple's MLX Framework https://www.macrumors.com/2026/03/31/ollama-now-runs-faster-apple-silicon-macs/?utm%5Fsource=dlvr.it&utm%5Fmedium=mastodon
Mastodon Feedsoatok@furry.engineer ("Soatok Dreamseeker") wrote:
OpenSSL 3 is so fucking wild (derogatory)
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
nlupo@amikejo.xyz ("nLupo :anarchist_flag: :antrans_flag:") wrote:
@soatok Yeah, because "sex bad". All simpleminded prudes are like that. There is nothing wrong with being responsible for the freedom you have, like any adult.
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
karl@infosec.exchange ("Karl") wrote:
@soatok the question is why don't non-furry conventions offer those? This seems like a good idea regardless of fur levels.