Bossett
@bossett.social
Profile labeller: @profile-labels.bossett.social
Discord for feeds, lists, mod tools: https://discord.gg/tYuDvuzbVA
Feeds I host (incl. Science 🧪): http://l.bossett.io/w9iM2
he/him
📍 🇦🇺
👾 bossett
📧 [email protected]
Discord for feeds, lists, mod tools: https://discord.gg/tYuDvuzbVA
Feeds I host (incl. Science 🧪): http://l.bossett.io/w9iM2
he/him
📍 🇦🇺
👾 bossett
📧 [email protected]
I wonder if a positive side-effect of all these chatbots adding code generation and execution will be some new approaches to sandboxing and automation to determine 'known safe'
things like 'runtime memory contained a forbidden string' halting execution and firing off alarms
things like 'runtime memory contained a forbidden string' halting execution and firing off alarms
November 24, 2025 at 8:03 PM
I wonder if a positive side-effect of all these chatbots adding code generation and execution will be some new approaches to sandboxing and automation to determine 'known safe'
things like 'runtime memory contained a forbidden string' halting execution and firing off alarms
things like 'runtime memory contained a forbidden string' halting execution and firing off alarms
though no one ever does a good job of securinging CI/CD environments, if not npm it's going to be *something* else
not really a generically safe way to work with other people's upstream code & even if we fix *that* we still aren't closer to fixing the 'some packages are just malicious' problem
not really a generically safe way to work with other people's upstream code & even if we fix *that* we still aren't closer to fixing the 'some packages are just malicious' problem
no way to prevent this says only package manager where this regularly happens
Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub
Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in the npm registry in a new Shai-Hulud supply-chain campaign.
www.bleepingcomputer.com
November 24, 2025 at 7:28 PM
though no one ever does a good job of securinging CI/CD environments, if not npm it's going to be *something* else
not really a generically safe way to work with other people's upstream code & even if we fix *that* we still aren't closer to fixing the 'some packages are just malicious' problem
not really a generically safe way to work with other people's upstream code & even if we fix *that* we still aren't closer to fixing the 'some packages are just malicious' problem
no way to prevent this says only package manager where this regularly happens
Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub
Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in the npm registry in a new Shai-Hulud supply-chain campaign.
www.bleepingcomputer.com
November 24, 2025 at 7:21 PM
no way to prevent this says only package manager where this regularly happens
anyway anyone want to see an ant
the problem with being able to take close-ups is that a lot of bugs make me squeamish
November 24, 2025 at 5:21 AM
anyway anyone want to see an ant
the problem with being able to take close-ups is that a lot of bugs make me squeamish
November 24, 2025 at 5:20 AM
the problem with being able to take close-ups is that a lot of bugs make me squeamish
I love blackbirds because they just look like the platonic ideal of a black bird that exists in my head
November 24, 2025 at 1:31 AM
I love blackbirds because they just look like the platonic ideal of a black bird that exists in my head
I will never be tired of this
November 24, 2025 at 1:14 AM
I will never be tired of this
posting on a top 10 social media site
Americans’ Social Media Use 2025
YouTube remains the most popular, but adults are increasingly using Instagram, TikTok, WhatsApp and Reddit. Use of some platforms varies by age, gender, and race and ethnicity.
www.pewresearch.org
November 24, 2025 at 1:12 AM
posting on a top 10 social media site
schadenfreude has turned out to be a very good indicator that you are being misled
like community notes, the ‘about this account’ stuff on twitter is *very* easily weaponised
get a set of high-profile wins/reveals that really only serve to torch accounts we *knew* were sus, and then quietly subvert it once people have learned to trust
get a set of high-profile wins/reveals that really only serve to torch accounts we *knew* were sus, and then quietly subvert it once people have learned to trust
November 23, 2025 at 8:16 PM
schadenfreude has turned out to be a very good indicator that you are being misled
like community notes, the ‘about this account’ stuff on twitter is *very* easily weaponised
get a set of high-profile wins/reveals that really only serve to torch accounts we *knew* were sus, and then quietly subvert it once people have learned to trust
get a set of high-profile wins/reveals that really only serve to torch accounts we *knew* were sus, and then quietly subvert it once people have learned to trust
November 23, 2025 at 8:14 PM
like community notes, the ‘about this account’ stuff on twitter is *very* easily weaponised
get a set of high-profile wins/reveals that really only serve to torch accounts we *knew* were sus, and then quietly subvert it once people have learned to trust
get a set of high-profile wins/reveals that really only serve to torch accounts we *knew* were sus, and then quietly subvert it once people have learned to trust
back on the jpegxl hope train
Google Revisits JPEG XL in Chromium After Earlier Removal
Google has resumed work on JPEG XL support in Chromium after removing it three years ago. A developer says the current version is feature complete and under review.
windowsreport.com
November 23, 2025 at 9:51 AM
back on the jpegxl hope train
php now with the ability to deal with... URIs?
PHP 8.5 Released
PHP 8.5 is a major update of the PHP language, with new features including the URI Extension, Pipe Operator, and support for modifying properties while cloning.
www.php.net
November 23, 2025 at 2:37 AM
php now with the ability to deal with... URIs?
not the thrust of the paper, but not sure how this tech isn't also the creepy af "reconstruct a user's activity using unrelated sensor data"
Using LLMs for Late Multimodal Sensor Fusion for Activity Recognition
This paper was accepted at the Learning from Time Series for Health workshop at NeurIPS 2025.
Sensor data streams provide valuable…
machinelearning.apple.com
November 22, 2025 at 6:40 PM
not the thrust of the paper, but not sure how this tech isn't also the creepy af "reconstruct a user's activity using unrelated sensor data"
very cool way to generate desktop backgrounds though
November 21, 2025 at 7:48 PM
very cool way to generate desktop backgrounds though
poor little autofocus trying its heart out
November 21, 2025 at 7:44 PM
poor little autofocus trying its heart out
2025 has been good pickings for unhinged groupchat leaks so of COURSE 2026 gotta up its game
OpenAI Launches Baffling 'Group Chats,' So You and Your Friends Can Hang Out with ChatGPT
OpenAI Launches Baffling 'Group Chats,' So You and Your Friends Can Hang Out with ChatGPT
OpenAI wants you to include ChatGPT in your group gab.
gizmodo.com
November 21, 2025 at 6:55 PM
2025 has been good pickings for unhinged groupchat leaks so of COURSE 2026 gotta up its game
we are the gradually before the then suddenly
Oracle and CoreWeave Credit Default Swap Spreads Widening: Omen or Jitters? | Investing.com AU
Market Analysis by covering: . Read 's Market Analysis on Investing.com AU.
au.investing.com
November 20, 2025 at 9:18 PM
we are the gradually before the then suddenly
with bluesky+ can I have "block friends by phone"
"Find friends by phone" is a common tool in social networks. We're proposing a secure scheme and requesting comments from the dev community.
Goals:
・Double opt-in: you're not findable by your phone unless YOU use the tool
・Secure to enumeration attacks
・Resistant to decryption if compromised
Goals:
・Double opt-in: you're not findable by your phone unless YOU use the tool
・Secure to enumeration attacks
・Resistant to decryption if compromised
Request For Comments: A secure contact import scheme for social networks | Bluesky
This article outlines plans for a future Bluesky feature \- it doesn’t exist yet\! By sharing our ideas early, we hope to solicit feedback from the community.
docs.bsky.app
November 19, 2025 at 9:30 AM
with bluesky+ can I have "block friends by phone"