Flux
Toutes les catégories

Programmation

1004 articles

North Korea’s Contagious Interview Campaign Spreads Across 5 Ecosystems, Delivering Staged RAT Payloads
Cybersécurité Programmation

North Korea’s Contagious Interview Campaign Spreads Across 5 Ecosystems, Delivering Staged RAT Payloads

We have been tracking North Korea’s Contagious Interview operation since 2024 and maintain a dedicated campaign page that now tracks more than 1,700 malicious packages linked to the activity. In this newly identified cluster, the threat actors operated under GitHub aliases including golangorg and published malicious packages across five open source ecosystems: npm: dev-log-core, logger-base, logkitx PyPI: logutilkit, apachelicense, fluxhttp, and license-utils-kit Go Modules:…

Socket
GLM-5.1: Towards Long-Horizon Tasks
IA Programmation

GLM-5.1: Towards Long-Horizon Tasks

GLM-5.1: Towards Long-Horizon Tasks Chinese AI lab Z.ai's latest model is a giant 754B parameter 1.51TB (on Hugging Face) MIT-licensed monster - the same size as their previous GLM-5 release, and sharing the same paper. It's available via OpenRouter so I asked it to draw me a pelican: llm install llm-openrouter llm -m openrouter/z-ai/glm-5.1 'Generate an SVG of a pelican on a bicycle' And something new happened... unprompted, the model decided to give me an HTML page that included both the SVG…

Simon Willison's Weblog
Anthropic's Project Glasswing - restricting Claude Mythos to security researchers - sounds necessary to me
IA Programmation

Anthropic's Project Glasswing - restricting Claude Mythos to security researchers - sounds necessary to me

Anthropic didn't release their latest model, Claude Mythos (system card PDF), today. They have instead made it available to a very restricted set of preview partners under their newly announced Project Glasswing. The model is a general purpose model, similar to Claude Opus 4.6, but Anthropic claim that its cyber-security research abilities are strong enough that they need to give the software industry as a whole time to prepare. Mythos Preview has already found thousands of high-severity…

Simon Willison's Weblog
Microsoft Releases Open Source Toolkit for AI Agent Runtime Security
Cybersécurité Programmation

Microsoft Releases Open Source Toolkit for AI Agent Runtime Security

Microsoft has published its Agent Governance Toolkit, an open source project that brings runtime policy enforcement to autonomous AI agents. The release lands as the industry grapples with a widening gap between how fast AI agents are being deployed and how little infrastructure exists to govern what they do once they're running. The toolkit is available under the MIT license at the Microsoft GitHub organization and supports Python, TypeScript, Rust, Go, and .NET. Agent Governance Is Getting…

Socket
SQLite WAL Mode Across Docker Containers Sharing a Volume
IA Programmation

SQLite WAL Mode Across Docker Containers Sharing a Volume

Research: SQLite WAL Mode Across Docker Containers Sharing a Volume Inspired by this conversation on Hacker News about whether two SQLite processes in separate Docker containers that share the same volume might run into problems due to WAL shared memory. The answer is that everything works fine - Docker containers on the same host and filesystem share the same shared memory in a way that allows WAL to collaborate as it should. Tags: docker, sqlite

Simon Willison's Weblog
Google AI Edge Gallery
IA Programmation

Google AI Edge Gallery

Google AI Edge Gallery Terrible name, really great app: this is Google's official app for running their Gemma 4 models (the E2B and E4B sizes, plus some members of the Gemma 3 family) directly on your iPhone. It works really well. The E2B model is a 2.54GB download and is both fast and genuinely useful. The app also provides "ask questions about images" and audio transcription (up to 30s) with the two small Gemma 4 models, and has an interesting "skills" demo which demonstrates tool calling…

Simon Willison's Weblog
datasette-ports 0.1
IA Programmation

datasette-ports 0.1

Release: datasette-ports 0.1 Another example of README-driven development, this time solving a problem that might be unique to me. I often find myself running a bunch of different Datasette instances with different databases and different in-development plugins, spreads across dozens of different terminal windows - enough that I frequently lose them! Now I can run this: datasette install datasette-ports datasette ports And get a list of every running instance that looks something like this:…

Simon Willison's Weblog
Eight years of wanting, three months of building with AI
IA Programmation

Eight years of wanting, three months of building with AI

Eight years of wanting, three months of building with AI Lalit Maganti provides one of my favorite pieces of long-form writing on agentic engineering I've seen in ages. They spent eight years thinking about and then three months building syntaqlite, which they describe as "high-fidelity devtools that SQLite deserves". The goal was to provide fast, robust and comprehensive linting and verifying tools for SQLite, suitable for use in language servers and other development tools - a parser,…

Simon Willison's Weblog
Esc