Flux
Couleur d'accent
One Month of Ecosystem Security Engineering Récent
Programmation Web

One Month of Ecosystem Security Engineering

Last month I shared with you that the PHP Foundation secured a grant by Alpha-Omega through the Linux Foundation to help improve the security of the PHP open source ecosystem, and that it is forming a new Ecosystem Security Team. Today I want to update you on the progress so far. After a brief set-up period, I jumped into three main activities: assessing PHP community members' most pressing needs assembling a team of volunteers to help applying the resources granted to scan PHP ecosystem…

The PHP Foundation
Prompt Injection as Role Confusion
Récent
IA Programmation

Prompt Injection as Role Confusion

Prompt Injection as Role Confusion First, I absolutely love this: This is a blog-style writeup of the paper. I wish every paper would come with one of these. Academic writing is pretty dry - the impact of a paper can be so much higher if you publish a readable version to accompany the formal one. Charles Ye, Jasmine Cui, and Dylan Hadfield-Menell present some fascinating research into the challenge of having models distinguish their own privileged text (here wrapped in role tags like…

Simon Willison's Weblog
Porting the Moebius 0.2B image inpainting model to run in the browser with Claude Code Récent
IA Programmation

Porting the Moebius 0.2B image inpainting model to run in the browser with Claude Code

This morning on Hacker News I saw Moebius: 0.2B Lightweight Image Inpainting Framework with 10B-Level Performance, describing a small but effective inpainting model - a model where you can mark regions of an image to remove and the model imagines what should fill the space. The released model required PyTorch and NVIDIA CUDA, but since it described itself as 0.2B I decided to try and get it running using WebGPU in a browser. TL;DR: I got it working, and you can try the demo at…

Simon Willison's Weblog
PHP 8.5 Pipe Operator Récent
Programmation Web

PHP 8.5 Pipe Operator

PHP 8.5 shipped with a feature that functional programming enthusiasts have been requesting for years: the pipe operator (|>). If you’ve used pipes in Unix shells, Elixir, F#, or even JavaScript proposals, the concept will feel immediately familiar. If you haven’t, you’re about to discover one of the cleanest ways to express data transformations in […] The post PHP 8.5 Pipe Operator appeared first on PHP Architect.

PHP Architect
Loop Engineering Récent
IA

Loop Engineering

The following article originally appeared on Addy Osmani’s blog and is being reposted here with the author’s permission. Loop engineering is replacing yourself as the person who prompts the agent. You design the system that does it instead. A loop here can be thought of as a recursive goal where you define a purpose and […]

O'Reilly Radar — AI/ML
sqlite-utils 4.0rc1 adds migrations and nested transactions
IA Programmation

sqlite-utils 4.0rc1 adds migrations and nested transactions

sqlite-utils is my combined Python library and CLI tool for working with SQLite databases. It provides an extensive set of higher-level operations on top of Python's default sqlite3 package, including support for complex table transformations, automatic table creation from JSON data and a whole lot more. I released sqlite-utils 4.0rc1, the first release candidate for sqlite-utils v4. The major version bump indicates some (minor) backwards incompatible changes, so I'm interested in having people…

Simon Willison's Weblog
Temporary Cloudflare Accounts for AI agents
IA Programmation

Temporary Cloudflare Accounts for AI agents

Temporary Cloudflare Accounts for AI agents The announcement says this is "for AI agents" but (as is pretty common these days) the AI hook isn't really necessary, this is an interesting feature for everyone else as well. Short version: you can now create a Cloudflare Workers project and run this, without even creating a Cloudflare account: npx wrangler deploy --temporary Cloudflare will deploy the application to a new, ephemeral project which will stay live for 60 minutes. I had GPT-5.5 xhigh…

Simon Willison's Weblog
GitHub Actions Checkout Now Blocks Risky pull_request_target Checkouts
Cybersécurité Programmation

GitHub Actions Checkout Now Blocks Risky pull_request_target Checkouts

GitHub has released actions/checkout v7 with a new default protection aimed at one of the most persistent GitHub Actions supply chain risks: privileged workflows that check out and execute code from untrusted pull requests. The change makes actions/checkout refuse common “pwn request” patterns when workflows run under pull_request_target or certain workflow_run events. These workflows execute in the context of the base repository, giving them access to the base repo’s GITHUB_TOKEN, secrets,…

Socket
Quoting Sean Lynch
IA Programmation

Quoting Sean Lynch

The real valuable capability MCP offers over skills/CLI is isolating the auth flow outside of the agent’s context window, and potentially out of the harness completely. [...] Maybe the idealized form of MCP is just an auth gateway for the API and nothing else. That’d still be a win. — Sean Lynch, comment on Hacker News Tags: model-context-protocol, llms, ai, generative-ai, skills

Simon Willison's Weblog
Esc