aurbieta

NEW: Dozens of robotaxis by Baidu stopped on the road in Wuhan, causing crashes on highways and trapping passengers in the cars—some for more than an hour. One passenger told me it took her 30 minutes to even connect to a customer representative. Here’s a video of a crash.

🤨 People keep asking how to protect yourself. #1: set min-release-age=7 in .npmrc #2: install Socket for GitHub (it's free!) to protect PRs from bad dependencies: socket.dev/features/github #3: install Socket Firewall (also free!) to protect your laptop: socket.dev/features/firew…

🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.

GUÍA DE RESTAURANTES DE ESPAÑA POR PROVINCIAS Os recuerdo que aquí tenéis un listado de sitios para comer por provincias: bares, tascas, restaurantes, áreas de servicio… linktr.ee/pbriones Una recopilación trabajada gracias a recomendaciones de gente del buen comer. Cualquier aportación nueva de tu zona es bienvenida!!

TeamPCP has done ANOTHER supply chain attack. My Brother in Christ, how many of these fuckin' things are you going to do? YOU'VE DONE 50 FUCKING SUPPLY CHAIN ATTACKS. 50 SUPPLY CHAIN ATTACKS IN EIGHT FUCKING DAYS. March 19th: - Trivy March 20th: - EmilGroup (28 packages) - OpenGov (16 packages) - Teale-io (eslint-config) - AIRTM (uuid-base32) - PypeSteam (floating-ui-dom) March 23rd: - Checkmarx March 24th: - LiteLLM March 27th: - Telnyx

Black Mirror S8E1: In 2027, developers are allocated a daily Claude token allowance by the government. A junior dev burns through his entire month's supply trying to centre a div. His family starve. He is forced to write the code himself. He can't. Society collapses.

Los villanos siempre tienen doctorado. Dr. Doom, el Dr. Octopus, el Dr. Doofenshmirtz, Hannibal Lecter o el Dr. No. Incluso el Dr. Frankenstein o el Dr. Evil. En cambio, los buenos suelen quedarse en la maestría, como el maestro Yoda, el Maestro Roshi, el Maestro Splinter, el Maestro Miyagi, Shifu o el mismísimo Luke Skywalker. Los estudios de posgrado corrompen el alma.

1/4 LLMs solve research grade math problems but struggle with basic calculations. We bridge this gap by turning them to computers. We built a computer INSIDE a transformer that can run programs for millions of steps in seconds solving even the hardest Sudokus with 100% accuracy

I (finally) put together a new LLM Architecture Gallery that collects the architecture figures all in one place! sebastianraschka.com/llm-architectu…

There's a lot of noise around how "Ai generates buggy software". The truth is writing the code was always 20% of the time. Testing and refining was always 80%. But now as that 20% compresses 10x, we want to compress the 80% as well... That's the mistake.

It can download pdfs and never read them?

I packaged up the "autoresearch" project into a new self-contained minimal repo if people would like to play over the weekend. It's basically nanochat LLM training core stripped down to a single-GPU, one file version of ~630 lines of code, then: - the human iterates on the prompt (.md) - the AI agent iterates on the training code (.py) The goal is to engineer your agents to make the fastest research progress indefinitely and without any of your own involvement. In the image, every dot is a complete LLM training run that lasts exactly 5 minutes. The agent works in an autonomous loop on a git feature branch and accumulates git commits to the training script as it finds better settings (of lower validation loss by the end) of the neural network architecture, the optimizer, all the hyperparameters, etc. You can imagine comparing the research progress of different prompts, different agents, etc. github.com/karpathy/autor… Part code, part sci-fi, and a pinch of psychosis :)

🇨🇳 ​Un estudiante chino programó una web que mapea 5000 objetos del Museo Británico que se robaron de 99 países. ​Te muestra de dónde los sacaron y cómo quedaría el museo si devolvieran todo lo que "encontraron" por ahí.

Anyone and everyone working in security engineering or caring about security have their work cut out for them We’re so early in AI agents pushing code to prod without human intervention - but prompt injections are already spreading like wildfire. Infecting high-profile projects

Imposible perder más aura

It is hard to communicate how much programming has changed due to AI in the last 2 months: not gradually and over time in the "progress as usual" way, but specifically this last December. There are a number of asterisks but imo coding agents basically didn’t work before December and basically work since - the models have significantly higher quality, long-term coherence and tenacity and they can power through large and long tasks, well past enough that it is extremely disruptive to the default programming workflow. Just to give an example, over the weekend I was building a local video analysis dashboard for the cameras of my home so I wrote: “Here is the local IP and username/password of my DGX Spark. Log in, set up ssh keys, set up vLLM, download and bench Qwen3-VL, set up a server endpoint to inference videos, a basic web ui dashboard, test everything, set it up with systemd, record memory notes for yourself and write up a markdown report for me”. The agent went off for ~30 minutes, ran into multiple issues, researched solutions online, resolved them one by one, wrote the code, tested it, debugged it, set up the services, and came back with the report and it was just done. I didn’t touch anything. All of this could easily have been a weekend project just 3 months ago but today it’s something you kick off and forget about for 30 minutes. As a result, programming is becoming unrecognizable. You’re not typing computer code into an editor like the way things were since computers were invented, that era is over. You're spinning up AI agents, giving them tasks *in English* and managing and reviewing their work in parallel. The biggest prize is in figuring out how you can keep ascending the layers of abstraction to set up long-running orchestrator Claws with all of the right tools, memory and instructions that productively manage multiple parallel Code instances for you. The leverage achievable via top tier "agentic engineering" feels very high right now. It’s not perfect, it needs high-level direction, judgement, taste, oversight, iteration and hints and ideas. It works a lot better in some scenarios than others (e.g. especially for tasks that are well-specified and where you can verify/test functionality). The key is to build intuition to decompose the task just right to hand off the parts that work and help out around the edges. But imo, this is nowhere near "business as usual" time in software.

Anyone doing this would be banned from my house.

My new favorite insult is calling someone’s job a Claude skill.

A model just learned to drive a car in San Francisco after watching less than one hour of training footage. The real breakthrough isn't the driving. It's that computer action models can now learn from raw internet video instead of expensive human annotations. FDM-1 trained on 11 million hours of screen recordings by teaching itself to reverse-engineer what actions created each frame. Every previous computer control model hit the same wall: they needed humans to manually label what keyboard keys or mouse movements happened in each screenshot. The largest public dataset contains just 20 hours of footage. Meanwhile, YouTube alone has millions of hours of people coding, editing videos, and playing games. The gap between what exists and what models could access was massive. Standard Intelligence built two things to close it: 1. An inverse dynamics model that watches before-and-after frames and predicts what action happened in between 2. A video encoder that fits nearly 2 hours of high-resolution footage into the same space other models use for 1 minute They trained the prediction model on 40,000 hours of labeled data, then used it to auto-label 11 million hours of unlabeled recordings. That's 550,000x larger than the biggest open dataset. This makes several things possible that weren't before: - CAD work requiring long sequences of precise mouse movements - Finding rare software bugs by exploring thousands of interface states - Transferring computer skills to physical world tasks with minimal retraining - Training on the entire internet's worth of screen recordings When the bottleneck was labeling costs, scaling meant hiring more contractors. Now it means adding more GPUs and scraping more video. If this holds, the next generation of models will train on every coding livestream, every Photoshop tutorial, and every gameplay video ever uploaded.