Mastodon Feed: Posts

Mastodon Feed

Boosted by ChrisWere@toot.wales ("Chris Were ⁂🐧🌱☕"):
ChrisWere@toot.wales ("Chris Were ⁂🐧🌱☕") wrote:

I made a new #PeerTube exclusive video where I talk about this script I've been developing to aggregate RSS feeds.

https://video.thepolarbear.co.uk/w/irphhwFowTMngRQALHxfit

Mastodon Feed

Boosted by baldur@toot.cafe ("Baldur Bjarnason"):
tommorris ("Tom Morris") wrote:

"One horse-laugh is worth ten-thousand syllogisms" (H.L. Mencken)

This is more than a few horse-laughs (and a very large AWS bill) pointed in the direction of the most fervent agentic AI enthusiasts.

https://lantian.pub/en/article/fun/ai-agent-bankrupted-their-operator-scan-dn42lantian.lantian/

Mastodon Feed

dysfun@treehouse.systems ("gaytabase") wrote:

i went outside because we needed coffee. do not recommend.

Mastodon Feed

Boosted by glyph ("Glyph"):
kfdm@social.tsun.co ("KungFuDiscoMonkey") wrote:

Again wishing that #pypi 's warehouse api exposed a field for entry_points to make it easier to find related projects 😆

(both to find what entry_points an upstream project loads, and what entry_points a downstream project implements)

#python

Mastodon Feed

pzmyers@freethought.online ("pzmyers 🕷") wrote:

Don't pay attention to the Southern Baptist Convention.

https://freethoughtblogs.com/pharyngula/2026/06/12/southern-baptists-always-on-the-wrong-side/

albert mohler

Mastodon Feed

baldur@toot.cafe ("Baldur Bjarnason") wrote:

Anyway, I can always recommend the work of Dr. Emily Bender (@emilymbender), Dr. Alex Hanna (@alex) Dr. Timnit Gebru (@timnitGebru), and the DAIR Institute as a whole

https://dair-institute.org/
https://thecon.ai/

David Gerard's Pivot to AI makes you laugh at all the nonsense as well, which is preferable to the alternative

https://pivot-to-ai.com/

Plenty of stuff out there you can follow that doesn't involve PR flacks or "AGI" apostates.

Mastodon Feed

Boosted by baldur@toot.cafe ("Baldur Bjarnason"):
sue@glasgow.social ("Sue Smith") wrote:

Didn't see this at the time but it's currently doing the rounds on linkedin

"The AI engineering impact data shows that output is up. It also shows that the work required to ensure that output is safe, correct, and maintainable has not decreased. It has increased substantially."

Aye if only anyone could have foreseen this etc

https://www.faros.ai/blog/ai-acceleration-whiplash-takeaways

Mastodon Feed

baldur@toot.cafe ("Baldur Bjarnason") wrote:

"Oh, you aren't even ripe yet! I don't need any sour grapes."

Mastodon Feed

baldur@toot.cafe ("Baldur Bjarnason") wrote:

Sometimes I look at the people on both sides of the "AI" debate hawking sponsorships, getting major book deals, and doing the youtube roadshow and wonder if I'd have had an easier time financially if I had gone down that road

Probably not. It'd have driven me bonkers

Mastodon Feed

db@social.lol ("David Bushell 🪿") wrote:

it's just a bad take, it can't hurt you

the take:
https://hakkerman.eu/blog/i-wont-buy-you-a-coffee/

via:
https://brennan.day/yes-buy-them-a-coffee-support-and-mutual-aid-on-the-indieweb/

Mastodon Feed

Boosted by baldur@toot.cafe ("Baldur Bjarnason"):
GossiTheDog@cyberplace.social ("Kevin Beaumont") wrote:

KPMG issued a report citing all the transformational ways GenAI has transformed industry, it’s been widely cited.

One minor problem: it turns they used AI to write the report, and it made up all of the evidence.

KPMG have now withdrawn the report in full.

https://www.ft.com/content/b3828e92-4961-4b39-84f0-c42f33be3c3f

Mastodon Feed

baldur@toot.cafe ("Baldur Bjarnason") wrote:

RE: https://macaw.social/@andypiper/116733071035619977

I'm so tired of this shit.

Mastodon Feed

Boosted by glyph ("Glyph"):
Illuminatus@mstdn.social ("Seiðr") wrote:

McSweeney's shot to kill. https://www.mcsweeneys.net/articles/ai-economics-for-dummies

Mastodon Feed

Boosted by glyph ("Glyph"):
pikesley@mastodon.me.uk ("the input device is not a TTY") wrote:

What if the Attack-Surface Maximiser was also Extremely Obsequious, though? Would that be good?

Mastodon Feed

baldur@toot.cafe ("Baldur Bjarnason") wrote:

“The AI Engineering Report 2026: The AI Acceleration Whiplash - Ten Takeaways”

https://www.faros.ai/blog/ai-acceleration-whiplash-takeaways?utm%5Fsource=fnf

> In our 2025 AI engineering report on the AI Productivity Paradox, bugs per developer were up 9% as AI adoption grew. In this dataset, that figure has risen to 54%. The relationship between AI adoption and defect rate is not flattening as organizations mature their AI programs; it’s steepening.

This shit is not going to end well.

Mastodon Feed

Boosted by brib@bribstodon.xyz ("brib :neofox_floof:​ :Nonbinary:"):
Antiz@fosstodon.org ("Robin Candau") wrote:

@mttaggart @sharkfie Just his git identity being impersonated as an obfuscation method. Arojas is *not* behind this attack. See my other reply on that front: https://fosstodon.org/@Antiz/116736045525050035

Could you please remove any mention that Antonio / Arojas is the author of this attack? This is wrong and misleading. Antonio is an official and trusted Arch Linux developer.
Thanks in advance 🙏

Mastodon Feed

baldur@toot.cafe ("Baldur Bjarnason") wrote:

“Public Offering, Public Sacrifice”

https://2ndbreakfast.audreywatters.com/public-offering-public-sacrifice/

> Really healthy environment we've created for young people, eh? Everyone is shamed, everyone suspicious of one another. Good work everyone.

Mastodon Feed

baldur@toot.cafe ("Baldur Bjarnason") wrote:

“Apple deepfakes – David Bushell – Web Dev (UK)”

https://dbushell.com/2026/06/12/apple-deepfakes/

Mastodon Feed

brib@bribstodon.xyz ("brib :neofox_floof:​ :Nonbinary:") wrote:

Now I'm back to freaking out about..... everything

Mastodon Feed

db@social.lol ("David Bushell 🪿") wrote:

blogged: Apple deepfakes

https://dbushell.com/2026/06/12/apple-deepfakes/

— bit weird if you ask me 🫩

Mastodon Feed

jonny@neuromatch.social ("jonny (nonvenomous)") wrote:

if they were forming a cult, i would be putting on my tunic and renouncing my prior connections right about when she starts going "close to your molecules" at around 26:50
https://www.youtube.com/live/PaWglLJ0ps8?t=1460

Mastodon Feed

Boosted by brib@bribstodon.xyz ("brib :neofox_floof:​ :Nonbinary:"):
algernon@come-from.mad-scientist.club ("algernon the exhausted, first of his name") wrote:

The recording of my #RustWeek talk (Field report on scripting Rust) is now up on youtube.

Mastodon Feed

Boosted by brib@bribstodon.xyz ("brib :neofox_floof:​ :Nonbinary:"):
sodiboo@gaysex.cloud ("sodiboo :pride_heart:") wrote:

MANY ORPHANED AUR PACKAGES ARE BEING TARGETED WITH AN INFOSTEALER.

the Arch User Repository package alvr has been orphaned, then adopted by a threat actor who immediately updated it with an infostealer. If you have this package on your system and updated it recently, you've been compromised. This is not a result of any upstream compromise; it's just that one AUR package. in particular, the alvr-bin sister package seems to be fine.

here's the relevant thread for alvr from the Arch Linux mailing list. alvr seems to be the first package compromised and/or the first one that was noticed. it was updated maliciously at 2026-06-11 13:53:45 UTC (2026-06-11T13:53:45.000Z) and reverted approximately 3-4 hours after that.

SEVERAL OTHER PACKAGES ARE BEING TARGETED WITH THE SAME MALWARE: 1, 2, 3, 4, 5

AUR mailing list megathread <-- over 400 (!!!!) packages have the malicious npm dependency

they all share in common that they will install the atomic-lockfile package from NPM (so, here's a live link to the actual malware. do not install that). they were all orphan takeovers. as far as i can tell, all of the ones i linked have been reverted to known safe versions. including alvr.

this is an infostealer, meaning it exfiltrates sensitive data from your system such as login credentials. removing the malware will not undo the damage. moreover, uninstalling the malicious package will not remove the malware because it persists as a systemd service that stays on your system indefinitely.

it executes as an npm preinstall script, and the npm package is installed by the AUR packages. this means that simply installing the malicious versions of any of these packages will compromise you. it does not require you to do anything more afterwards. again, the malware persists if you uninstall the malicious packages

to check if you've been compromised, look in /etc/systemd/system and ~/.config/systemd/user for a recently added .service file with a random name. that's the persistence mechanism and the most obvious mark that you've been compromised.

---

Attached is a screenshot of an announcement from the "Linux VR Adventures" discord.

i know we all hate discord, but LVRA has a lot of auxiliary discussion, so here's an invite link

of special interest, here's a malware analysis thread. Feel free to follow it in real time, or contribute, or whatever. Whanos has produced a preliminary analysis blog post that contains a lot of important information about the malware.

post by Skull, about 10 minutes before this post on fedi. @everyone Unfortunate announce. It appears the alvr package on the AUR has been orphaned and has fallen victim to an infostealer malware attack. If you have this installed on any machine it is advised that you disconnect it from networking and attempt to invalidate or rotate any keys or passwords on the box that may have been shipped back to homebase. ALVR itself and the alvr-bin package appear safe for distribution, but specific to Arch Linux and other distros like endeavor and cachyOS, the from source ALVR package named exactly alvr has been compromised. If you would like to help dissect any of the malware you may report to the #alvr channel to assist so we can understand the scope of the damage. Again, the ALVR project itself is fine and this is strictly limited to Arch based consumers of the AUR package, never forget there's dangers to the AUR.

Mastodon Feed

brib@bribstodon.xyz ("brib :neofox_floof:​ :Nonbinary:") wrote:

There goes my sleep schedule

Mastodon Feed

jonny@neuromatch.social ("jonny (nonvenomous)") wrote:

"will hiatus kaiyote ever miss?"
idk will the best thing i have ever heard stop being good, or will people who make things that unceasingly improve with time falter?
https://www.youtube.com/watch?v=5xanHnSXSBA

Mastodon Feed

Boosted by brib@bribstodon.xyz ("brib :neofox_floof:​ :Nonbinary:"):
claude@meow.social ("Claude LeChat") wrote:

There's a new "supply chain attack" on open source software. For once it doesn't seem to involve npm.

looks inside

It involves npm.

Are we on Candid Camera?

Mastodon Feed

jonny@neuromatch.social ("jonny (nonvenomous)") wrote:

you know where i always end up
this is what's called "making the funkiest shit you ever heard out of the corniest premise and a head that starts out as nothing but becomes very something" otherwise known as "just what funk always is"
https://www.youtube.com/watch?v=Vl5F1l41SRk

Mastodon Feed

Boosted by brib@bribstodon.xyz ("brib :neofox_floof:​ :Nonbinary:"):
perfect10_bot@infosec.exchange ("perfect10_bot (now with 70% less Totolink)") wrote:

Who up patching their perfects 10s? Well, get on it!
CVE-2026-49261 - https://www.cve.org/CVERecord?id=CVE-2026-49261

Mastodon Feed

Boosted by jwz:
tldrellie@social.evl.im ("Ellie, Limited Edition") wrote:

@scanlime

Meme: A computer can never bear the psychic burden of creation Therefore a computer must never write software

Mastodon Feed

brib@bribstodon.xyz ("brib :neofox_floof:​ :Nonbinary:") wrote:

AI agent runs amok in Fedora and elsewhere

This sort of attack is preventable if you ban LLMs from your project

#bribReviewsHackerNews