Lightnews — Scholar-powered news

Marc Qualie @marcqualie.com · 14h

These LLM attacks are getting insane. This “AI on by default” is going to cause some serious damage one day

Gemini leaking emails from poisoned calendar invites and now GitHub secrets could be stolen by just opening a pull request 🤯

InfoSec @infosec.skyfleet.blue · 15h

Critical GitHub Copilot Vulnerability Let Attackers Exfiltrate Source Code From Private Repos

cybersecuritynews.com

Marc Qualie @marcqualie.com · 8d

They actually tried to get me to stay by flaunting call of duty on the cancel screen.. absolute worst game they could have picked to convince me to stay for a price hike 😂

1

Marc Qualie @marcqualie.com · 8d

If you’re unhappy about the insane price hike Xbox just unleashed on everyone, then cancel.

Complaining doesn’t affect these companies; they will continue to do it if you continue to pay.

Email confirmation showing cancelled Xbox game pass ultimate subscription

1 1

Marc Qualie @marcqualie.com · 8d

Is anyone hosting a production NextJS app on Cloudflare? We've got many large apps that we're looking for move off Vercel but would ideally like to avoid self hosting or AWS lambda.

1

Marc Qualie @marcqualie.com · 8d

I've been using @kagi.com for a few days now and I've realised decades of searching has trained me to completely ignore the first result.. but with Kagi it's usually the result I want most of the time since there's no unrelated ads at the top 😅

1

Marc Qualie @marcqualie.com · 10d

So I guess moving our entire frotnend stack and apps off vercel and co just got bumped up the list 🙃 triangle man really outdid himself this time

Marc Qualie @marcqualie.com · 21d

You’re absolutely right!

3

Marc Qualie @marcqualie.com · 22d

That was a quick turnaround, nice! Looking forward to the improvements

Marc Qualie @marcqualie.com · 24d

Scenario: Last week chalk was published with malware along with many other packages. Let's say people find safe-chain as a solution for this and promptly go to install it.

The lax version would actually pull down the infected chalk version as a sub dependency during the safe chain install 💥

Marc Qualie @marcqualie.com · 24d

Currently looking at @aikidosecurity.bsky.social safe chain, a tool for preventing malware in npm packages.. but it has chalk as a dependency with no strict version set in the package.json

Surely a tool like this should have 0 dependencies..

Screenshot of safe-chain package showing 6 dependencies

2

Marc Qualie @marcqualie.com · 24d

Pigeon powered coffee from @theaifix.show today

1 1 6

Marc Qualie @marcqualie.com · 29d

Still no response from support, and now even our tiny projects are taking 25+ minutes to review small PRs.

I asked about learnings, we've got like 500+ in there now. Could this be slowing things down?

Not sure a zoom call would help, but it would be good to get acknowledgement from support

1

Marc Qualie @marcqualie.com · Sep 10

I'm not sure the rabbit approves of contacting support..

A screenshot of AI agent Code Rabbit saying "Cancel my subscriptions I'm tired of your issues" in response to a GitHub pull request.

2

Marc Qualie @marcqualie.com · Sep 10

Blind trust for pigeons. Always.

The AI Fix podcast @theaifix.show · Sep 9

Go on. You know you want to.

🐦

the-ai-fix-shop.fourthwall.com/products/the...

The AI Fix: Would you trust a pigeon? T-Shirt

Whenever someone asks you "could we use an AI to do that?", just ask yourself.... would you trust a pigeon?

the-ai-fix-shop.fourthwall.com

1

Marc Qualie @marcqualie.com · Sep 9

I've contacted support with more details. I opened some tiny PRs this morning at UK morning to see if yesterday was an outlier and it was 21 minutes for ~35 lines of code changed 🙈

Thanks for your input, was actually helpful to know you're aware of some of this and working on changes.

1

Marc Qualie @marcqualie.com · Sep 8

That’s interesting. Although we’ve seen slow reviews across all projects, even tiny greenfield experiments.. it’s taking 25 minutes per review today on our large monorepo.. which could take time to download without a cache?

2

Marc Qualie @marcqualie.com · Sep 8

Good to know you’re aware of this and looking for a solution.

Will there be an option to revert to the system you had before GPT-5? Along with the slowness we’ve noticed really low review quality across all projects for a few weeks now.

Currently exploring alternative solutions

1

Reposted by Marc Qualie

aikido | no bullsh*t security for devs @aikidosecurity.bsky.social · Sep 8

🚨URGENT: A series of popular packages maintained by qix have just been compromised.

Compromised packages include:
• has-ansi - 12 million weekly downloads - V6.0.1
• supports-hyperlinks - 19m weekly downloads - v4.1.1
• chalk-template - 3.9m weekly downlaods - V1.1.1

1 4 5

Marc Qualie @marcqualie.com · Sep 8

@coderabbitai.bsky.social has become unbearably slow the last few weeks. We've had it across our team for ~6 months now and it's mostly been helpful but I'm currently sat waiting 20+ minutes and it still hasn't reviewed?!

I get that it's peak US working hours, but this is unusable now.. 🐰

1

Marc Qualie @marcqualie.com · Sep 3

As bad Google are, the chromium and Chrome projects have been a net positive for the internet overall.

This landing in the hands of some AI company like perplexity for profit would have been devastating in so many ways.

www.bbc.co.uk/news/live/cg...

Google not required to sell Chrome or Android, judge rules in antitrust case - live updates

But the company has been ordered to share data with others to help open up competition.

www.bbc.co.uk

Marc Qualie @marcqualie.com · Aug 27

Strict by default will heavily improve the experience for people who don’t customise their tsconfig or even understand why strict is important to enable

1

Reposted by Marc Qualie

Rob Palmer @robpalmer.bsky.social · Aug 25

TypeScript excitement 😉

TS 6.0 is planning a bunch of breaking changes to tsconfig options to deprecate some and change the defaults for others. This will simplify configuration and ease the transition to the Go-based TS 7.0 👍

The latest pitch is to enable strict type-checking modes by default 🎉

Daniel Rosenwasser @danr.bsky.social · Aug 25

Just filed an issue to turn `--strict` on by default in TypeScript.

Maybe it's a little bit ambitious, but I'm excited for us to try this one. 😄

github.com/microsoft/Ty...

Enable `--strict` mode by default · Issue #62333 · microsoft/TypeScript

Background Almost a decade ago, we began to add certain options beyond --noImplicitAny and --strictNullChecks. Flags like --strictFunctionTypes, --noImplicitThis, and --strictBindCallApply have bee...

github.com

6 21 120

Marc Qualie @marcqualie.com · Aug 3

Claude Code is seriously impressive. I'm a converted skeptic after hearing great things for weeks.

I spent the day doing interesting things instead of project maintenance. Things that would usually take me 1-2 hours each task I now have Claude go off and do it in the background.. 🤯

Reposted by Marc Qualie

daniel at ⚡ viteconf 🇳🇱 @danielroe.dev · Jun 17

immigrants are great.

people who _choose_ a country often contribute more than those who received it by default.

they make it richer. literally and figuratively.

much love ❤️

3 11 130

Marc Qualie @marcqualie.com · May 26

Son of Anton was just the beginning 😂

1 3