やまもと

chillっぽく #korggadget

エイプリルフールの嘘はどの企業も面白いなぁ

???「内定辞退します」 人事「本気で言ってる？」 ???「本気です」 人事「何で辞退したいの？」 ???「今日入社式なのに寝坊したからです」 人事「大丈夫だから頑張れまだ間に合う」

BREAKING: Oracle laid off 20,000-30,000 employees this morning with a single 6 am email.

Anthropic CEO, wasn't lying when he said “I have engineers within anthropic who don’t write any code, they just let Claude write the code and they edit it and look it over” he gave us live examples and respect for the transparency 🫡

BREAKING: Source code leak reveals Claude Code detects profanity in user prompts, then silently logs it to a database.

Today is my first day at Anthropic. Super excited I shipped my first change today, added source maps so debugging is easier. Can’t wait to show you all what I’ve been working on! cc: @AnthropicAI

I was fired from Anthropic today. I was the engineer responsible for shipping the latest dev/claude-code npm package. Wanting to improve the debugging experience for the team, I decided to include source maps in the release. This resulted in our entire internal codebase being publicly exposed including thousands of files with every agent command, all system prompts, the complete query engine, Undercover Mode, Bypass Permissions Mode, and our internal telemetry configuration. I take full responsibility. I genuinely believed the safeguards Claude Code had built for me would be adequate and it was a serious miscalculation on my part. My actions have unintentionally open-sourced major parts of Claude’s architecture well ahead of schedule. I apologize to the team and to Claude.

こいつ首吊って死んでくれたら、ネオンがナーフされることよりも嬉しいかもしれん

入れてなくてもサードパーティ側でってケースがあるの厄介すぎて死んだ

do you understand what just happened to one of the most used npm packages on the internet? → axios gets downloaded over 100 million times a week and today it got compromised → an attacker hijacked the npm credentials of a lead axios maintainer… changed the account email to an anonymous ProtonMail address… and manually published two poisoned versions → axios@1.14.1 and axios@0.30.4… neither version contains a single line of malicious code inside axios itself. instead they inject a fake dependency called plain-crypto-js that drops a remote access trojan on your machine → the fake dependency was staged 18 hours in advance… three separate payloads were pre-built for macOS, Windows, and Linux… both release branches were hit within 39 minutes. every trace was designed to self-destruct after execution too → there’s no tag in the axios GitHub repo for 1.14.1. it was published outside the normal release process entirely... bypassed CI/CD completely → StepSecurity called it one of the most operationally sophisticated supply chain attacks ever against a top 10 npm package → a routine npm install silently opens a backdoor… no warning… no suspicious code visible in axios itself this is the wake up call all vibe coding bros need to hear right now: → if you installed either version… assume your system is compromised → pin to axios@1.14.0 or axios@0.30.3 → rotate all secrets, API keys, SSH keys, and credentials on affected machines → check network logs for C2 connections → add –ignore-scripts to CI npm installs going forward 100 million weekly downloads and one compromised maintainer account… that’s all it took to wreak absolute havoc and I imagine we see a whole lot more of these… crazy times ahead for cybersecurity and vibe coding be safe out there y’all

ジャングルはいつもハレのちグゥ

Les vibecoders qui voient tout le monde parler du dangereux hack npm mais n’y comprennent rien du tout :

Valorantさん、きちんとネオンのせいで人口減ってるらしくて草

1枚目素晴らしすぎる

@Amugori_sa アレが気持ちいいんだ

なんでエナドリをわざわざ0カロリー0シュガーにするんだよ 健康気にする奴はエナドリ飲まねえよ

2すぎる ドア開けて真っ先にベッド見えるとか以前に、 クローゼットへのアクセスが悪すぎる

応用情報、廃止！