Mastodon Feed: Posts

Mastodon Feed

aredridel@kolektiva.social ("Mx. Aria Stewart") wrote:

Also you're not going to have much luck bringing ethics to an economics fight. (God I wish that were easier to bring, but you have to bring _regulation_ to an economics fight if you want to embed ethics.)

Mastodon Feed

Boosted by baldur@toot.cafe ("Baldur Bjarnason"):
davidgerard@circumstances.run ("David Gerard") wrote:

the precise timeline of how OpenAI fucked over the RAM market

> October 2025: Sam Altman flies to Seoul and signs simultaneous deals with Samsung and SK Hynix for 900,000 DRAM wafers per month. That's 40% of global supply. Neither company knew the other was signing a near-identical commitment at the same time.

https://xcancel.com/aakashgupta/status/2038813799856374135

Mastodon Feed

Boosted by jsonstein@masto.deoan.org ("Jeff Sonstein"):
BleepingComputer@infosec.exchange wrote:

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems.

https://www.bleepingcomputer.com/news/security/hackers-compromise-axios-npm-package-to-drop-cross-platform-malware/

Mastodon Feed

fromjason ("fromjason.xyz ❀️ πŸ’» ✍️ πŸ₯ πŸ‡΅πŸ‡·") wrote:

So Trump's ballroom is actually a military bunker underneath.

Why. Are. Rich. People. Building. Bunkers.

Mastodon Feed

pzmyers@freethought.online ("pzmyers πŸ•·") wrote:

The "future of education" is blindingly tasteless and vapid.

https://freethoughtblogs.com/pharyngula/2026/03/31/the-future-of-education/

A fake website selling the "future of education"

Mastodon Feed

aredridel@kolektiva.social ("Mx. Aria Stewart") wrote:

A lotta y'all gotta learn the difference between _LLM Use_ and _slop generation_.

You can make slop by hand like the old days and it's still slop. You can use an LLM with good engineering practices as guardrails and end up without slop.

(If it's creative work without engineering guardrails though, it's almost certainly slop.)

Mastodon Feed

db@social.lol ("David Bushell πŸͺΏ") wrote:

excited to try this but disappointed that my paid Proton subscription gets zero benefits (unless i pay more)

https://proton.me/business/blog/introducing-proton-meet

Mastodon Feed

Boosted by aredridel@kolektiva.social ("Mx. Aria Stewart"):
ngaylinn@tech.lgbt ("Nate Gaylinn") wrote:

Sigh. I just discovered an experiment very similar to what I've been designing over the last several weeks.

This has to be one of the most difficult and discouraging parts of science.

I don't feel as "scooped" as I used to when this happens. I've come to realize that I almost always have something else to add, so this is generally a sign to pivot rather than give up.

But I did waste effort researching what this paper clearly explains, and now I have to stop and rethink everything I'm doing, and maybe even start over from scratch on some things. Frustrating!

What bothers me most about this is how accidental it all is. The scientific literature is barely organized. I find things because someone points them out, or because I have the right magic keywords. Both of those methods are painfully unreliable, and I often find things much later than I'd like.

There's gotta be a better way.

#academicchatter

Mastodon Feed

Boosted by baldur@toot.cafe ("Baldur Bjarnason"):
PavelASamsonov ("Pavel A. Samsonov") wrote:

The main problem with checking AI outputs is that you need to have an idea of what you actually wanted it to do, and most people use AI as a substitute for having to figure that out.

Mastodon Feed

aredridel@kolektiva.social ("Mx. Aria Stewart") wrote:

And with that, with https://spicelabs.io/ (my employer), I can quickly check and see if it's present anywhere in our builds. It's not there.

Mastodon Feed

aredridel@kolektiva.social ("Mx. Aria Stewart") wrote:

The actual compromise file in plain-crypto-js is SHA1 b0e0f12f1be57dc67fa375e860cedd19553c464d

This is the one that will be on-disk in a node_modules directory.

Mastodon Feed

aredridel@kolektiva.social ("Mx. Aria Stewart") wrote:

Looks like Socket has a copy, now to figure out how to download it.

Mastodon Feed

aredridel@kolektiva.social ("Mx. Aria Stewart") wrote:

I really wish that the npmjs security team published the complete list of file hashes of a compromised package in their stub package page that they use when they remove something.

The way we hide compromises so fast when we respond actually makes responding harder.

Mastodon Feed

aredridel@kolektiva.social ("Mx. Aria Stewart") wrote:

I know the plain-crypto-js package's overall SHA1 hash is 07d889e2dadce6f3910dcbc253317d28ca61c766, but that's not actually a thing you'd find on disk in a node_modules directory.

Mastodon Feed

aredridel@kolektiva.social ("Mx. Aria Stewart") wrote:

Anyone have the hashes of the files in the compromised axios and particularly the malicious dependency?

Mastodon Feed

db@social.lol ("David Bushell πŸͺΏ") wrote:

seriously, what was i doing before CSS Subgrid, bashing rocks together? once you see a subgrid they're everywhere

Mastodon Feed

Boosted by aredridel@kolektiva.social ("Mx. Aria Stewart"):
cowperthwait@sfba.social ("Jonathan E Cowperthwait") wrote:

npmjs Twitter account to reply, β€œWhat can npmjs security team do for you today? Also ✨ Quickly spin up Copilot coding agent tasks from anywhere on your macOS or Windows machine with Raycast.”

Mastodon Feed

jsonstein@masto.deoan.org ("Jeff Sonstein") wrote:

ugh, I'm guessing somebody screwed the pooch

https://www.nytimes.com/2026/03/29/world/middleeast/us-precision-strike-missile-iran-lamerd.html?rsrc=flt&unlocked%5Farticle%5Fcode=1.XVA.Z0pK.8Z03c2-DjJb7&smid=url-share

Mastodon Feed

Boosted by baldur@toot.cafe ("Baldur Bjarnason"):
mhoye@cosocial.ca wrote:

Baffling morning scroll as axios the publication and axios the npm package are both getting attention for being bad at their jobs.

Mastodon Feed

Boosted by baldur@toot.cafe ("Baldur Bjarnason"):
jasongorman@mastodon.cloud ("Jason Gorman") wrote:

I'm pretty satisfied at this point that the true extent of "AI" use in software development has been massively exaggerated.

Sure, lots of devs are using LLMs. But there seems to be very little advanced use. It's mostly chat window stuff and occasional inline completion, to keep the boss happy.

It is, however, a massive distraction.

Mastodon Feed

dysfun@treehouse.systems ("gaytabase") wrote:

3 days into quitting smoking and i still don't feel healthier.

send praise.

Mastodon Feed

Boosted by soatok@furry.engineer ("Soatok Dreamseeker"):
mmby wrote:

@lettosprey @soatok even with intact public health services in Europe, people don't get tested regularly because there is social stigma attached - I actually had my doc try to argue me out of it once, asking why I wanted to do that

if people are carried by momentum and the opportunity to be safer is *right there*, it's just great community service

Mastodon Feed

Boosted by soatok@furry.engineer ("Soatok Dreamseeker"):
afewbugs@social.coop ("Jules she/her") wrote:

RE: https://furry.engineer/@soatok/116321104173678252

Apparently some furry conventions offer STI testing and people are making judgemental memes about it. Whereas as anyone who has ever attended or worse had to arrange a scientific conference will tell you this is something every conference should be offering.

Mastodon Feed

Boosted by soatok@furry.engineer ("Soatok Dreamseeker"):
wronglang@bayes.club ("Krzysztof Sakrejda") wrote:

@soatok I see we're moving on from forgetting makes and into forgetting the 1990s

Mastodon Feed

Boosted by soatok@furry.engineer ("Soatok Dreamseeker"):
mees@sunny.garden ("Mees πŸ”»") wrote:

@tiefling @soatok @hazelnoot you'd have to trust not just them, but also their former partners, and their former partners, etc. That's a lot to ask.

Mastodon Feed

Boosted by soatok@furry.engineer ("Soatok Dreamseeker"):
lettosprey@tech.lgbt ("Lett Osprey :v_pan: :v_enby: πŸ‰ :therian:") wrote:

@soatok Furry cons offering HIV testing seems like an indication of broken public health services.

Good on furcons to pick up the slack.

Mastodon Feed

Boosted by jsonstein@masto.deoan.org ("Jeff Sonstein"):
macrumors ("MacRumors.com") wrote:

Ollama Now Runs Faster on Macs Thanks to Apple's MLX Framework https://www.macrumors.com/2026/03/31/ollama-now-runs-faster-apple-silicon-macs/?utm%5Fsource=dlvr.it&utm%5Fmedium=mastodon

Mastodon Feed

soatok@furry.engineer ("Soatok Dreamseeker") wrote:

OpenSSL 3 is so fucking wild (derogatory)

https://github.com/openssl/openssl/issues/30641

Mastodon Feed

Boosted by soatok@furry.engineer ("Soatok Dreamseeker"):
nlupo@amikejo.xyz ("nLupo :anarchist_flag: :antrans_flag:") wrote:

@soatok Yeah, because "sex bad". All simpleminded prudes are like that. There is nothing wrong with being responsible for the freedom you have, like any adult.

Mastodon Feed

Boosted by soatok@furry.engineer ("Soatok Dreamseeker"):
karl@infosec.exchange ("Karl") wrote:

@soatok the question is why don't non-furry conventions offer those? This seems like a good idea regardless of fur levels.