xophe retweetledi
Public github repo is live with plan: github.com/namanbarkiya/i…
English
xophe
3K posts
xophe
@xopheb
SRE #Agregio Solution ! My tweets are my own. @[email protected] / https://t.co/eRHCbvkCXR
Lyon, France Katılım Eylül 2009
800 Takip Edilen179 Takipçiler
xophe retweetledi
You're in a Research Scientist interview at Google.
Interviewer: We have a base LLM that's terrible at maths. How would you turn it into a maths & reasoning powerhouse?
You: I'll get some problems labeled and fine-tune the model.
Interview over.
Here's what you missed:
English
xophe retweetledi
xophe retweetledi
xophe retweetledi
Update: we merged it 😅
The next release of Dagger will be buildkit-free.
Solomon Hykes@solomonstre
FYI, Dagger is about to move off Buildkit, to a cleanroom reimplementation. This matters beyond Dagger. Buildkit is load-bearing infrastructure for a huge chunk of CI/CD. It has fundamental limitations that are getting harder to work around, but it's too entrenched and complex to just rip out. We've been chipping away at it for two years, replacing it piece by piece, and it's finally paying off. And we'll make sure the offramp is available to others too... More once it ships. DM me (here or on discord) if you're curious. #project-theseus-removing-buildkit" target="_blank" rel="nofollow noopener">dagger.io/changelog/#pro…
English
xophe retweetledi
Introducing Project Glasswing: an urgent initiative to help secure the world’s most critical software.
It’s powered by our newest frontier model, Claude Mythos Preview, which can find software vulnerabilities better than all but the most skilled humans.
anthropic.com/glasswing
English
xophe retweetledi
HE HAS RETURNED TO OPEN SOURCE DEVELOPMENT LET'S FREAKING GOOOOO
github.com/maaslalani/she…
Great person to follow if you're looking for project inspo. He's always building fun stuff.
English
xophe retweetledi
xophe retweetledi
do you understand what just happened to one of the most used npm packages on the internet?
→ axios gets downloaded over 100 million times a week and today it got compromised
→ an attacker hijacked the npm credentials of a lead axios maintainer… changed the account email to an anonymous ProtonMail address… and manually published two poisoned versions
→ axios@1.14.1 and axios@0.30.4… neither version contains a single line of malicious code inside axios itself. instead they inject a fake dependency called plain-crypto-js that drops a remote access trojan on your machine
→ the fake dependency was staged 18 hours in advance… three separate payloads were pre-built for macOS, Windows, and Linux… both release branches were hit within 39 minutes. every trace was designed to self-destruct after execution too
→ there’s no tag in the axios GitHub repo for 1.14.1. it was published outside the normal release process entirely... bypassed CI/CD completely
→ StepSecurity called it one of the most operationally sophisticated supply chain attacks ever against a top 10 npm package
→ a routine npm install silently opens a backdoor… no warning… no suspicious code visible in axios itself
this is the wake up call all vibe coding bros need to hear right now:
→ if you installed either version… assume your system is compromised
→ pin to axios@1.14.0 or axios@0.30.3
→ rotate all secrets, API keys, SSH keys, and credentials on affected machines
→ check network logs for C2 connections
→ add –ignore-scripts to CI npm installs going forward
100 million weekly downloads and one compromised maintainer account…
that’s all it took to wreak absolute havoc
and I imagine we see a whole lot more of these… crazy times ahead for cybersecurity and vibe coding
be safe out there y’all
Feross@feross
🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.
English
xophe retweetledi
Introducing TurboQuant: Our new compression algorithm that reduces LLM key-value cache memory by at least 6x and delivers up to 8x speedup, all with zero accuracy loss, redefining AI efficiency. Read the blog to learn how it achieves these results: goo.gle/4bsq2qI
GIF
English
xophe retweetledi
⚠️ Coucou les copains par pur but préventif faites attention quand un site vous demande de copier cette commande dans un “terminal”
Regardez le texte à copier dans la base de recherche et regardez réellement ce qui est copié dans le clipboard
⚠️ Faites attention !
Français
xophe retweetledi
A Race Within A Race: Exploiting CVE-2025-38617 in Linux Packet Sockets.
A step-by-step guide to exploiting a 20-year-old bug in the Linux kernel to achieve full privilege escalation and container escape, plus a cool bug-hunting heuristic.
open.substack.com/pub/calif/p/a-…
English
xophe retweetledi
xophe retweetledi
the French government’s MCP is better designed than 99% of MCP servers coming from tech companies
citizens can use agents to understand how their money is spent
Antonin Garrone@antonin_garrone
Les données disponibles sur data.gouv.fr sont désormais interrogeables via un serveur MCP dédié en experimentation, vos retours sont bienvenus ! 💻 Le code est ouvert et accessible sur GitHub : github.com/datagouv/datag… Pour en savoir plus : data.gouv.fr/posts/experime…
English
xophe retweetledi
xophe retweetledi
We built mdr, a fast Markdown viewer in Rust.
⚡ Instant startup
📊 Mermaid diagrams supported
🔎 Full-text search
🔄 Live reload
🖥 Multiple backends (TUI / GUI / WebView)
A simple tool for serious documentation workflows.
👉 github.com/CleverCloud/mdr
#RustLang #CLI #DeveloperTools
English
xophe retweetledi
🚨 Alibaba just quietly dropped a vector database that destroys Pinecone, Chroma, and Weaviate.
It's called Zvec and it runs directly inside your application no server, no config, no infrastructure costs.
No Docker. No cloud bills. No DevOps nightmare.
Built on Proxima, Alibaba's battle-tested vector search engine powering their own production systems at scale.
The numbers don't lie:
→ Searches billions of vectors in milliseconds
→ pip install zvec and you're searching in under 60 seconds
→ Dense + sparse vectors + hybrid search in a single call
And it runs everywhere:
→ Notebooks
→ Servers
→ Edge devices
→ CLI tools
100% Opensource. Apache 2.0 license.
This is the vector DB the RAG community has been waiting for production-grade performance without the production-grade headache.
Link in the first comment 👇
English
xophe retweetledi
I get a lot of questions about how I stop Claude Code running dangerous git commands.
The secret is hooks.
So, I packaged it up into a skill. INDISPENSABLE when running Ralph in a docker sandbox.
Get it here: aihero.dev/s/jiOinX
English
xophe retweetledi
LetsEncrypt planning to remove support for TLS client certificates is puzzling. No, TLS is not just for web servers, but clearly they did not get the message.
I would love to know the real reason. And we need more ACME providers.
English
xophe retweetledi
Vector databases might be the wrong abstraction for document retrieval.
A new open-source approach called PageIndex just hit 98.7% accuracy on a financial benchmark, beating traditional RAG by 30+ points. No embeddings. No chunking. No vector DB.
The insight: when a 10-K says “see Note 15 for debt details,” vector search has no idea what that means. It retrieves whatever text looks similar to your query, not whatever text actually answers it. Similarity and relevance are different things.
PageIndex builds a hierarchical tree from document structure, then uses LLM reasoning to traverse it. The model asks “where would an expert look?” instead of “what text looks similar?”
The math is stark. Traditional RAG systems hover around 60-70% on FinanceBench. That 30-point gap represents every time vector search found semantically similar text but missed the actual answer buried in an appendix or cross-referenced table.
What makes this interesting: the infrastructure is simpler, not more complex. No vector DB to maintain. No embedding pipeline. No chunking decisions. Just a tree and reasoning.
Vector search was the best we had when LLMs couldn’t reason well enough to navigate document structure. Now they can. The techniques we built around their limitations are becoming the bottleneck.
For simple use cases, vector RAG still wins on speed and simplicity. But for professional documents requiring multi-step reasoning, treating structure as signal instead of noise changes everything.
Avi Chawla@_avichawla
Researchers built a new RAG approach that: - does not need a vector DB. - does not embed data. - involves no chunking. - performs no similarity search. And it hit 98.7% accuracy on a financial benchmark (SOTA). Here's the core problem with RAG that this new approach solves: Traditional RAG chunks documents, embeds them into vectors, and retrieves based on semantic similarity. But similarity ≠ relevance. When you ask "What were the debt trends in 2023?", a vector search returns chunks that look similar. But the actual answer might be buried in some Appendix, referenced on some page, in a section that shares zero semantic overlap with your query. Traditional RAG would likely never find it. PageIndex (open-source) solves this. Instead of chunking and embedding, PageIndex builds a hierarchical tree structure from your documents, like an intelligent table of contents. Then it uses reasoning to traverse that tree. For instance, the model doesn't ask: "What text looks similar to this query?" Instead, it asks: "Based on this document's structure, where would a human expert look for this answer?" That's a fundamentally different approach with: - No arbitrary chunking that breaks context. - No vector DB infrastructure to maintain. - Traceable retrieval to see exactly why it chose a specific section. - The ability to see in-document references ("see Table 5.3") the way a human would. But here's the deeper issue that it solves. Vector search treats every query as independent. But documents have structure and logic, like sections that reference other sections and context that builds across pages. PageIndex respects that structure instead of flattening it into embeddings. Do note that this approach may not make sense in every use case since traditional vector search is still fast, simple, and works well for many applications. But for professional documents that require domain expertise and multi-step reasoning, this tree-based, reasoning-first approach shines. For instance, PageIndex achieved 98.7% accuracy on FinanceBench, significantly outperforming traditional vector-based RAG systems on complex financial document analysis. Everything is fully open-source, so you can see the full implementation in GitHub and try it yourself. I have shared the GitHub repo in the replies!
English