Flux
Couleur d'accent
Famous Chollima Targets PHP Developers Through Compromised Packagist Package
Cybersécurité Programmation

Famous Chollima Targets PHP Developers Through Compromised Packagist Package

We identified malicious obfuscated JavaScript appended to tailwind.js in the Packagist development version dev-drewroberts/feature/test-case of the PHP package roberts/leads. The package itself is a legitimate Laravel package associated with a maintainer, Drew Roberts. The malicious code appears isolated to a specific development branch, drewroberts/feature/test-case, exposed through Packagist as an installable dev version. Socket AI Scanner flagged dev-drewroberts/feature/test-case as known…

Socket
The solution might be cancelling my AI subscription
IA Programmation

The solution might be cancelling my AI subscription

The solution might be cancelling my AI subscription I find this post by David Wilson very relatable. David lists 16+ projects he's spun up with AI tooling, and concludes: I didn't mean to build most of these things. Usually the Claude session started with something like "write a quick script for X", and one hour later the result is not a quick script for X, nor in the usual case is my problem solved, whatever the original itch happened to be. On that last point, this technology is horrific for…

Simon Willison's Weblog
Rust Moves to Restrict LLM Use in Contributions After Months of Internal Debate
Cybersécurité Programmation

Rust Moves to Restrict LLM Use in Contributions After Months of Internal Debate

Rust has topped Stack Overflow's most-admired language survey for nine consecutive years. It's also become an increasingly attractive target for LLM-assisted development. The borrow checker and strict compiler that make Rust appealing for safety-critical systems also give LLMs an immediate feedback loop that other languages don't. The compiler catches errors the LLM introduces, which makes AI-assisted Rust development more reliable than in permissive languages where bad output can silently…

Socket
How we contain Claude across products
IA Programmation

How we contain Claude across products

How we contain Claude across products A complaint I often have about sandboxing products is that they are rarely thoroughly documented, and in the absence of detailed documentation it's hard to know how much I can trust them. Anthropic just published a fantastic overview of how their various sandbox techniques work across Claude.ai, Claude Code, and Cowork. We constrain where and how an agent can act with process sandboxes, VMs, filesystem boundaries, and egress controls. The goal is to set a…

Simon Willison's Weblog
The PHP Podcast 2026.05.28
Programmation Web

The PHP Podcast 2026.05.28

🎙️ PHP Podcast – May 28, 2026 Hosts: Eric Van Johnson & John Congdon Links from the show: PHP barely avoided disaster – YouTube CVE-2026-45793: Anatomy of a 14-Hour PHP Supply-Chain Near-Miss · graycoreio/github-actions-magento2 · Discussion #261 · GitHub An Update on Composer & Packagist Supply Chain Security PHP Tek: A Homecoming by Ben Ramsey […] The post The PHP Podcast 2026.05.28 appeared first on PHP Architect.

PHP Architect
Running Python ASGI apps in the browser via Pyodide + a service worker
IA Programmation

Running Python ASGI apps in the browser via Pyodide + a service worker

Research: Running Python ASGI apps in the browser via Pyodide + a service worker Datasette Lite is my version of Datasette that runs entirely in the browser using Pyodide in WebAssembly. When I first built it four years ago I used Web Workers and code that intercepts navigation operations and fetches the generated HTML by running the Python app. This worked, but had the disadvantage that any JavaScript in <script> tags would not be executed - breaking some Datasette functionality and a…

Simon Willison's Weblog
I Am Retiring from Tech to Live Offline
IA Programmation

I Am Retiring from Tech to Live Offline

I Am Retiring from Tech to Live Offline I've seen a lot of posts on forums from people threatening to quit their careers over AI. This is not one of those: Chad Whitacre is taking concrete steps, starting with this typewritten, scanned letter I'm retiring from tech. Well, "retiring" is euphemistic. I'm stepping away from tech, and that includes Open Source. [...] AI was the last straw. Have you heard of that island off India where the indigenous population kills any outsiders fool-hardy enough…

Simon Willison's Weblog
Esc