evan

I don't care if some people will cry "eugenics" but we should figure out gene editing so nobody will ever have to suffer through something like this. The human body is a flawed, broken machine, and it needs to be fixed.

@mitchellh Zeta2 (what powers Zed auto complete) is open weight huggingface.co/zed-industries…

I'm someone who still really likes tab complete models (though I use them far less than before, sure). It struck me today that local models are probably good enough nowadays for this. Surely folks are doing this but I can't find great resources. Anyone have any? M4 Max + Neovim.

@grm_off x.com/evandotsh/stat…

C'est sans doute un des plus grands risques de violation de la vie privée des 20 dernières années et d’une menace directe pour la sécurité nationale européenne. La Commission européenne veut obligee Google à livrer chaque jour, via une API, les données ultra-détaillées de nos recherches : 👉 requêtes complètes, horodatages, localisations approximatives, clics, vues et séquences entières de sessions… sur des centaines de millions d’Européens. Santé, orientation sexuelle, opinions politiques, problèmes financiers, secrets les plus intimes : ces données sont parmi les plus sensibles qui existent. Évidemment, elle promet "l'anonymisation" 🙃 Les conséquences pourraient être terribles : ⚠️ Fuites massives de données personnelles ⚠️ Surveillance généralisée sans aucun consentement ⚠️ Cyber-attaques facilitées ⚠️ Risque réel d’accès par des services de renseignement étrangers via des tiers peu sécurisés Au nom de la "concurrence", on sacrifie nos libertés fondamentales et notre souveraineté numérique. ⏳ Il reste très peu de temps : la consultation publique ferme le 1er mai 2026. Partagez massivement, taguez vos eurodéputés et dites NON à cette bombe à retardement. Nos données, nos libertés. Plus de données partagées, moins de sécurité.

Ce message mélange des inquiétudes légitimes avec des affirmations largement inexactes. La proposition DMA sur le partage de données de recherche ne consiste pas à transmettre des historiques individuels de recherche avec identifiants personnels. L’objectif est l’accès à des données agrégées et anonymisées, comme des signaux de classement ou des tendances de requêtes, afin de réduire l’avantage structurel des “gatekeepers”. La Commission est tenue par le RGPD, ce qui impose des contraintes strictes sur l’anonymisation, la minimisation des données et la protection contre la réidentification. Ce point est précisément au coeur de la consultation. On peut débattre des risques de sécurité ou de concurrence, mais parler de “surveillance massive des recherches personnelles” ne correspond pas au contenu réel du texte actuel.

@BassonBrain @Starlink RSSI, single point of failure, all using the same satellite

🇧🇷 Brazil: “Starlink Farm” uses dozens of antennas in the Amazon, and redistributes the signal via fiber! A video attributed to the “viajandocomoluiz” profile on Instagram drew attention by showing dozens of @Starlink antennas installed in Tabatinga, Amazonas, on the border with Peru, to capture satellite internet and redistribute the connection via fiber optic to residents of the region.

@saeed_vz what’s the navbar on the left for?

Muxy is a lightweight Terminal app for Mac built with Libghostty which has the essential features to not leave the terminal ⚡🚀

@devdjm @confusedqubit Barely

@evandotsh @confusedqubit What I’ve read, nested virtualization is inferior performance wise compared to non nested ones.

AI sandboxes on spot instances will become the de-facto standard by the end of 2026 - once you can run a sandbox at a 70% discount, no one can really compete with you. The sandbox wars will be decided on price, as so many things are

@confusedqubit @devdjm agreed it sucks, gvisor in EKS is pretty good too and doesn’t need nested virtualization

@evandotsh @devdjm Unfortunately those also have like the worst pricing lol

@softgreenshark @techspence This is not correct, the weight are open source, the training data is not. The threat model here is chinese company training coding models that would write backdoored code.

@techspence They are open source so everyone (incl qualified security researchers) can take a look under the hood. I am much more worried about supply chain attacks or API based agents

Are we cool using local models developed by Chinese companies or am I over thinking the threat model here?

@devdjm @confusedqubit c8i, r8i and m8i all support nested virtualization

@confusedqubit spot makes sense economically, but how do you solve the /dev/kvm problem for Firecracker-style sandboxes on spot VMs?

feels like everyone is picking up firecracker, free AWS startup credits and opening a sandbox startup these days.

I just finished reading palantir’s manifesto & I need you to understand what you’re actually looking at because this is the MOST important document the tech world has produced this year most people came away thinking «wow what a thoughtful essay about patriotism and technology »…I came away thinking this is the most elegant justification for corporate capture of the state apparatus ever written & I want to walk you through why krp opens with «silicon valley owes a moral debt to the country that made its rise possible » & frames the entire document as a call to civic duty, but read between the lines and what he’s actually saying is that the engineering elite should be embedded inside the defense and intelligence apparatus of the nation, he’s describing exactly what palantir has already done and dressing it up as patriotism «the question is not whether AI weapons will be built, it is who will build them and for what purpose »sounds like a warning but it’s actually a sales pitch, he’s telling every gov on earth that the choice is binary either you buy from us or your adversaries will build it without you, this is the oldest arms dealer rhetoric in history wrapped in SV vocabulary « hard power in this century will be built on software »is the key sentence of the entire manifesto because this is where karp reveals the real thesis, he’s saying whoever controls the software layer of national defense controls the nation itself & if you’ve been following my threads you know that palantir’s gotham and foundry platforms are already plugged into the intelligence feeds the satellite data, financial transactions & communications of dozens of govts worldwide through a single ontological knowledge graph that creates a technological dependency so deep that migrating away would mean rebuilding the entire institutional memory of the organization from scratch this is vendor lockin at the scale of nation states and I’m personally convinced it was designed this way from the beginning «we should applaud those who attempt to build where the market has failed to act » is karp defending palantir’s expansion into every domain the gov used to handle itself, policing immigration, military targeting intelligence analysis public health, everywhere the state retreats palantir advances and what was once a government function becomes a private service that the government can no longer perform without plantir’s permission and here’s what I think makes it even more concerning, these systems are increasingly autonomous meaning the AI layer is making targeting recommendations threat assessments & resource allocation decisions that humans inside gov are rubber stamping without fully understanding the underlying logic a bureaucrat inside the pentagon / DGSI sees a recommendation from the system & approves it because the system has been right 97% of the time and questioning it would require technical expertise that no one in the room has, this is algorithmic governance wearing the mask of human decision making «the atomic age is ending, a new era of deterrence built on ai is set to begin »is the MOST chilling sentence in the document because karp is explicitly saying that ai based deterrence will replace nuclear deterrence as the organizing principle of global power, and whoever builds that ai deterrence layer owns the 21st century the same way whoever built the bomb owned the 20th & he’s telling you plainly that palantir intends to be that builder «national service should be a universal duty » & « we should only fight the next war if everyone shares in the risk »sounds noble until you realize that he is proposing a system where citizens serve the state & the state is operationally dependent on palantir, the public bears the risk and palantir captures the value, soldiers fight wars planned by algorithms they can’t audit built by a company they can’t vote out

re: Vercel hack This should be our wakeup call to get rid of API keys, just like we "got rid" of passwords with OAuth & passkeys There's a fix. Of course there's a fix! It's called OIDC Federation, it works beautifully, but it still hasn't replaced API keys in the mainstream. In short, your infra (Vercel, AWS, etc.) generates short-lived JWTs. You then tell your services (database, AI provider, etc.) to trust those JWTs instead of the API keys. No static secrets required. These JWTs have a lifetime of <1h, and rotate automatically. Simpler + safer Is it time?

@andreynering @meowgorithm @aymanbagabas Mind reviewing github.com/charmbracelet/… it's been open for 2 weeks now.

@evandotsh @meowgorithm @aymanbagabas Hi @evandotsh, I see here that it's already enabled.

@charmcli @sudobunni could you please enable github security advisories on the wish repo?

@meowkoteeq where’s the // WHERES THE // ANNA

my proposal for IPv8 (hope it's not too late): MAKE IT AI FIRST. it doesn't matter how long an IP address is and how reliable the DNS infrastructure is, if a program can just request in natural language "hey send this packet to that social network server". the LLM under the hood, having all the user context, can infer what social network this is about and how to route the packet efficiently. no DNS needed either

@HabbSpoc @eciotti Ça ne marche pas comme ça, les voitures avec ALPR scannent les plaques et vérifie si tu as payé le stationnement à la fin de la journée

@eciotti En vrai, c’est juste logique, le temps d’aller à la borne payer le stationnement, si ta la sulfateuse à PV qui passe entre temps t’es foutu alors que tu payes 1min après

J’ai décidé d’instaurer 15 minutes de tolérance systématique avant toute verbalisation au parcmètre à Nice, aux côtés de Laurent Merengone, Adjoint à la circulation et au stationnement. Trop de Niçois étaient sanctionnés dès les premières minutes de dépassement. Cette mesure, appliquée dès aujourd’hui, rétablit du bon sens et apporte une souplesse concrète au quotidien.

@BillSPACman @ZenMagnets singapore

@ZenMagnets what are they gonna do? enforce the law in china? lol

Grateful Minimax M2.7 weights are out, but their 6hr-before-release license edit makes the model nearly unusable. A lame non-commercial limitation so broadly defined that you're essentially only allowed to use it for projects given out for free, else need to be granted permission from @MiniMax_AI.

@shivam_nerd Does this support BYOK in the same way the CLI does? Can I use my copilot sub using a proxy with it?

Any interface, any model, any machine. I am personally a very mobile guy. Registering my macbook + full computer use means that I can delegate full tasks to my computer using the mobile phone. Let us know what you think! This team ships very very fast.

@TermiusHQ makreting