Erlend Oftedal

@CBSSportsGolazo @MikeGrella10 Respect to @MikeGrella10 for admitting his assessment was off and owning it.

"I was wrong, bad. The guys are no joke." @MikeGrella10 issues an apology to Bodø/Glimt after his pre-match prediction 😭

@bcherny Can you define code output? Is it in lines of code? Output tokens? Or new features so it's not tied to the actual size of the code base?

New in Claude Code: Code Review. A team of agents runs a deep review on every PR. We built it for ourselves first. Code output per Anthropic engineer is up 200% this year and reviews were the bottleneck Personally, I’ve been using it for a few weeks and have found it catches many real bugs that I would not have noticed otherwise

New year, new me! There's a 2026 now, BSides Oslo 2026 that is. October 29th at Vulkan Arena. Information on tickets, CFP and all the rest to come.

@ChrisLaubAI Which paper are you referring to?

Real example from the paper: Complex word problem about calculating total distance with multiple variables. CoT: Linear walkthrough, compounds errors AoT: Isolates speed calculation, time calculation, distance formula separately When one atom fails, it doesn't break the entire chain.

Chain of Thought is dead. I just tested Atom of Thought prompting and it's making AI models 30-40% more accurate on complex reasoning tasks. Here's the technique that's about to change how everyone uses ChatGPT and Claude:

The call for papers for NDC Security ends tomorrow. Come do your talk in Oslo: ndcsecurity.com/call-for-papers

What do you call unexpected vibe code written by accidentally clicking the link above a TODO in VSCode? (asking for a friend 😬) Wild code? Shadow vibes? Schrödinger's code because you don't know it's there until you look? Spanish inquisition code because it wasn't expected?

A DBA walks into a NOSQL bar, but turns and leaves because he couldn't find a table

@albinowax Impressive!

Quarterly deadlift update: I've pulled 2.85x bodyweight (180kg) so I'm only 10kg off my target! I suspect I'll miss my December deadline due to a minor injury but thankfully unlike conference CFPs, the deadline doesn't really matter!

@taviso Best of luck with the new gig. Hope we continue to see the same awesome research 👍

A personal update... after nearly 20 years at Google, today is my last day! I'm going to be working on independent research for the foreseeable future, then who knows! I've worked with so many talented people, made so many friends and seen incredible research over the years 🫡

@FotMob @roysolberg So close

🇳🇴🔟 Still drinking it in… Erling Haaland beat the current FotMob algorithm to record our fifth perfect 10.0 rating in the men’s game (competitive fixtures only). And it takes Norway a step closer to a World Cup return.

@xssdoctor Here is an older version from quite some years ago: research.insecurelabs.org/content-sniffi…

In my scenario, I had xss but i needed to import a js file to escalate. The csp was tight, but i was able to upload pdfs to the same domain. I uploaded a pdf with my malicious js in it, and I was off to the races. Enjoy!

I just found the coolest csp bypass ever! did you know that a valid pdf can ALSO be valid javascript? (details below)

It's 2025! 🗓️ We have a date: October 30th. 📢 We have a CFP: forms.gle/M5BfbGpqhdmZL2… 🌐 We have a website: bsidesoslo.no

@Jhaddix Sure

I'm at the cutting edge of AI-assisted pentesting. Would anyone be interested in a webinar on where we sit and some of the false promises I've heard on the RSA floor?

RIP Gene Hackman

Reminder that the Call for Presentations for Sikkerhetsfestivalen (The Security Festival) is open. OWASP Oslo is hosting an AppSec track. Scroll down the page for English version: sikkerhetsfestivalen.no/alle-nyheter/2…

I've made a new Azure DevOps extension that runs Retire.js as part of a build pipeline. Retire.js will detect vulnerable JavaScript libraries in your code. All credits go to @webtonull for building this amazing scanner. Get the extension here: marketplace.visualstudio.com/items?itemName…

@ThomasArdal Is the source code available on github or similar?

⚠️ Developers, please be careful when installing Homebrew. Google is serving sponsored links to a Homebrew site clone that has a cURL command to malware. The URL for this site is one letter different than the official site.

@SpotifyCares It's no longer possible to remove/mute songs on Discover Weekly. Please bring this back. I appreciate the suggestions, but some of them are not so good (wrong language, wrong style, unwanted lyrics)