Silviu Ardelean 🇷🇴🇨🇭🇪🇺

Shipped something I'm proud of: an embedded micro-antivirus engine in GenDigital's Chromium-based browsers - real-time checks near the click, low overhead. #BrowserSecurity #Chromium #MicroAV #antivirus #security #safebrowsing us.norton.com/blog/privacy-t…

Yann LeCun says LLMs are strongest in domains where language itself is the substrate of reasoning, like math and code They can solve problems, prove theorems, and write programs — but they are not creative mathematicians, software architects, or computer scientists "their role is to help humans build"

Not sure if really the best but for sure best 3.

The 6-Lever LLM Cost Stack #llm henrickf.com/writing/the-ll…

I've been coding for 40 years. Here are the top 5 things I wish I knew when I started. 1. 90% of the job is debugging and fixing, not creating new code. Which is still fun if you're good at it. I used to think programming was mostly writing fresh, clever stuff. In reality, most of your time is spent in other people's (or your own past self's) messy code, chasing down why something that "should" work doesn't. Get really good at debugging early. Learn assembly reading, call stacks, and kernel debuggers. It pays off hugely. The best engineers I saw were absolute magicians at this. 2. Manage complexity from day one (ie: don't write slop and "fix it later" if it goes somewhere). Very early on, I'd hammer out code and refactor afterward. Big mistake. Now I start with clean, skeletal structure (minimalism first) and flesh it out carefully, with AI or not. Messy code compounds and becomes unfixable. Upfront discipline on architecture, naming, and simplicity saves enormous pain later, especially in large systems like Windows. 3. Tools and processes matter more than you think We suffered with basic diff/manual deltas instead of modern source control like Git. Branching, testing, and good tooling would have made porting and collaboration way smoother. Invest in your environment, automation, and reproducible builds early. Good tools amplify your output; bad ones (or none) drag everything down. 4. Understand the problem and existing code deeply before writing Don't jump straight to coding. Map out the problem, study what's already there (you'll inherit a lot), and plan. Low-level knowledge (hardware quirks, alignment issues on different architectures like MIPS/Alpha) was crucial. Also: assert early and often. It forces clarity. 5. People, politics, and "the right tool for the job" beat pure tech arguments. Brilliant engineers still argue endlessly. Sometimes it's about ego, not merit. Learn to spot the difference and "steer" the conversation rather than "winning" it. Bonus from experience: Side projects like Task Manager (started at home because I wanted the tool) can become your biggest hits. Ship small, useful things often. If you're just starting, focus on fundamentals, patterns over syntax, and building resilience for the long haul. It's going to be a wild ride, but the fundamentals still matter.

People mock the EU as “bureaucracy”. But that bureaucracy turned a continent of borders, currencies and wars into a space where 450 million people can travel, pay, call, study and work almost as if it were domestic. That is not boring. That is civilization becoming usable.

Dear @VisualStudio team, it would be highly appreciated bringing the possibility to view the processes cmd line params in the Processes debug window. Thank you in advance! PS. Until then we have to identify the process by PID via different app, when it may be naturally here.

Feature by design... Really?

@nixcraft The definition of malware? Really? Btw, there are two models, a Privileged LLM and a Quarantined LLM. And, so what?

Google Chrome silently installs a 4 GB AI model on your device. > No consent dialog. No opt-out UI. Re-installs itself if the user removes it manually. That is the true definition of malware.

❗️🚨 Microsoft Edge keeps every saved password in process memory as cleartext from the moment it launches. Microsoft's responsed when reported: "by design." All of them. Including credentials for sites you won't open this session. Researcher @L1v1ng0ffTh3L4N tested every major Chromium browser. Edge is the only one that behaves this way. Chrome decrypts credentials on demand, and App-Bound Encryption locks the keys to an authenticated Chrome process so other processes can't reuse them. In Chrome, plaintext surfaces only during autofill or when a password is viewed, making memory scraping far less useful. What makes this extra weird is that Edge still demands re-authentication before revealing those passwords in its Password Manager UI, while the same browser process already holds every one of them in plaintext. In shared environments, this turns into a credential harvest. On a terminal server, an attacker with admin rights can read the memory of every logged-on user process. In the published PoC video, a compromised admin account lifts stored credentials from two other logged-on (and even disconnected) users with Edge running. Microsoft's official response when notified: "by design." The finding was disclosed April 29 at BigBiteOfTech by PaloAltoNtwks Norway, alongside a small educational tool that lets anyone verify the cleartext storage for themselves.

What goes around comes around

@sol_prog Loollll. Epic again!

@SilviuArdelean I like the BS marketing note "This role may not exist in 12 months"

Epic

🛑 WARNING: Bitwarden CLI was compromised in a supply chain attack. @bitwarden/cli@2026.4.0 included malicious code after attackers hijacked GitHub Actions, stole secrets, and pushed a tampered version to npm. 🔗 Learn how the attack worked → thehackernews.com/2026/04/bitwar…

The issue isn't what it does today. It's that an AI app installs a native bridge that can facilitate browser data access (tabs, DOM) later on - without explicit user awareness. That's not a great direction.

Google DeepMind dropped a paper that should scare every agent builder. It's the first systematic framework for a threat that barely existed two years ago: adversarial content engineered to hijack AI agents browsing the web. They call them AI Agent Traps. The paper maps six distinct attack surfaces. 1) Content Injection Traps (perception) Invisible CSS, hidden HTML, steganographic payloads inside images. The agent parses it, humans never see it. One study showed simple HTML injections hijack web agents in up to 86% of scenarios. 2) Semantic Manipulation Traps (reasoning) No overt commands. Just biased phrasing, framing, and contextual priming that skew the agent's synthesis. LLMs inherit human cognitive biases, and attackers can weaponize every one of them. 3) Cognitive State Traps (memory and learning) Poison the RAG corpus. Corrupt long-term memory. One study achieved over 80% attack success with less than 0.1% poisoned data. 4) Behavioural Control Traps (action) Jailbreaks embedded in external resources. Data exfiltration prompts hidden in emails. Sub-agent spawning that tricks an orchestrator into instantiating attacker-controlled agents inside the trusted control flow. 5) Systemic Traps (multi-agent dynamics) This is where it gets scary. A single fake news headline could trigger a synchronized sell-off. A compositional fragment trap splits a payload across sources, so each fragment looks benign until agents aggregate them. 6) Human-in-the-Loop Traps The agent becomes the vector. The target is you. Invisible prompt injections have already caused summarization tools to faithfully repeat ransomware commands as "fix" instructions. The core insight is uncomfortable. By altering the environment instead of the model, attackers weaponize the agent's own capabilities against it. Training-time defenses cannot solve an inference-time problem. The paper closes by calling for automated red-teaming that can probe these vulnerabilities at scale. That same shift is already happening on the offense side. Strix is an open-source project doing exactly this for web apps. AI agents that act like real hackers, running your code dynamically, finding vulnerabilities, and validating them with actual proof-of-concepts. 24k stars on GitHub. Apache 2.0 licensed. The agents writing your code need to be tested by agents trying to break it. I've shared the link to the paper and Strix GitHub repo in the replies

You can't be a European patriot and side with the people trying to burn Europe down. The era of "both sides" is over. Politicians working for our enemies need to be treated like the threat they are. Being soft on betrayal is the fastest way to become a vassal state

@GergelyOrosz Gergely, tell your fellow citizens to be careful in situations like the ones mentioned here. x.com/SilviuArdelean…

Today, Hungary votes. The choice is between an anti-EU, pro-Russia, pro-corruption party reigning for 16 years (Orbán’s party: Fidesz) or a pro-EU, anti-Russia, anti-corruption party (Tisza). My mail-in vote went for Tisza ❤️🤍💚 A rendszerváltásért!

@DakdaR22 Agree. But I am afraid Rutte plays that role just to keep the contact with the ... to not burn the bridge.

Time to replace Mark Rutte as the head of NATO for someone who actually represents the alliance. I fully support Kaja Kallas 🫡 Who is with me🙌

Dear European friends, dear Hungarians, make sure your votes are safe and properly counted. In 2022, partially burned mail-in ballots were found outside Hungary. The process matters. intellinews.com/burned-mail-in… #ElectionIntegrity #VoteSecurity #Democracy #Hungary

@JayinKyiv Elections aren’t just about voters. They're about logistics, custody, and control. Remember 2022 - bags of partially burned opposition ballots found outside Hungary. intellinews.com/burned-mail-in…

As expected, JD Vance's visit to Hungary was the kiss of death for Orban's imploding campaign. Magyar now with a 70% chance of ousting Putin's puppet Orban.