AI code suggestions sabotage software supply chain
: Hallucinated package names fuel 'slopsquatting'
 [S]ecurity and academic researchers have found that AI code assistants invent package names. In a recent study, researchers found that about 5.2 percent of package suggestions from commercial models didn't exist, compared to 21.7 percent from open source or openly available models. Running that code should result in an error when importing a non-existent package. But miscreants have realized that they can hijack the hallucination for their own benefit.
Talk on how to search large documents Bloom filters
Bloom filter - Wikipedia
 Seems you've got to read a paper to understand hierarchical bloom filters
arXiv.org
Hierarchical Bloom Filter Trees for Approximate Matching
Bytewise approximate matching algorithms have in recent years shown significant promise in de- tecting files that are similar at the byte level. Th...
Stanley Druckenmiller 2023 keynote at USC Marshall
AI coding woes
X (formerly Twitter)
leo (@leojrr) on X
7:30 AM, not sleep until is all fixed - rolled all api keys and moved them to environment variables - implemented authentication to api endpoints
Cheese Caves and Food Surpluses: Why the U.S. Government currently stores 1.4 billion lbs of cheese
Hundreds of feet below the ground in Missouri, there are hundreds of thousands of pounds of American cheese. Deep in converted limestone mines, cav...
Ukraine conflict summarised in a 5 min video clip
X (formerly Twitter)
The First (@TheFirstonTV) on X
"There will never be peace in Ukraine. Not in our lifetime." @MikeBenzCyber explains why he believes conflict will continue overseas, even if a pea...
More accurate inflation charts (supposedly)
Truflation
Login | Truflation
Truflation: The definitive reference point for real world assets (RWA), indexes, and inflation. Access over 18M+ data points from 60+ data provider...
Firas Zahabi on how to exercise
64 bytes program competition winner. Scroll down for assembly. Not heard of "sizecoding" before
Starpath
64b Intro by HellMood / Desire, released 15 February 2025
Not surprised about twitter's grok AI having a security hole (and the doge website). When you prioritise efficiency, it's difficult to distinguish devs who do things right from those that cut corners. In fact, those that cut corners might initially seem better to management. On the other hand, lots of slow devs hide behind "doing things right". There is no easy answer. Pushing for efficiency isn't necessarily wrong - just that it's difficult for management to push in that direction without these kinds of issues. That cost (along with the reputation and likely maintenance cost) might be acceptable given the speed of shipping - although that balance changes significantly if personal/payment data are involved. image