Flux
Couleur d'accent
datasette 1.0a34
IA Programmation

datasette 1.0a34

Release: datasette 1.0a34 Quoting the release notes: The big feature in this alpha is tools to insert, edit and delete rows within the Datasette interface. These features are available on table pages, and edit and delete are also available as action items on the row page. The inspiration for this feature - which is long overdue - was Datasette Agent. I added SQL write support to that the other day which highlighted how absurd it was that you could insert and edit ties via the chat interface but…

Simon Willison's Weblog
datasette-tailscale 0.1a0
IA Programmation

datasette-tailscale 0.1a0

Release: datasette-tailscale 0.1a0 A very experimental alpha plugin which lets you do this: datasette tailscale mydata.db \ --ts-authkey tskey-auth-xxxx --ts-hostname datasette-preview This starts a localhost Datasette server with a Tailscale sidecar that connects it to your Tailnet, such that http://datasette-preview/ serves Datasette. It's using the Python bindings for the experimental tailscale-rs library. I filed an issue asking if there's a cleaner way of setting up the proxy mechanism.…

Simon Willison's Weblog
Quoting Georgi Gerganov
IA Programmation

Quoting Georgi Gerganov

I can 100% attest to the fact that Qwen3.6-27B is a very capable local model for coding tasks. Over the last month and a half I've been using it almost daily, either on my M2 Ultra or on my RTX 5090 box. I use it for small mundane tasks at ggml-org - nothing really impressive, but definitely a helpful tool for a maintainer. I think I would be using it much more, if I didn't have to spend a lot of my time on reviewing PRs. Currently, I have a very lightweight harness - the pi agent with…

Simon Willison's Weblog
Introducing Manifest Alerts
Cybersécurité Programmation

Introducing Manifest Alerts

Socket now detects missing lockfiles with Manifest Alerts, a new kind of alert for supply chain risks found in project manifests. The feature was built in response to a real problem customers faced during the Axios npm compromise. Due to the complexities of modern dependency resolution, the blast radius of this incident was much wider than it initially appeared. Exposure was not limited to projects that directly depended on the compromised Axios version. For teams with committed lockfiles and…

Socket
The Fable 5 Export Controls Harm US Cyber Defense
IA Programmation

The Fable 5 Export Controls Harm US Cyber Defense

The Fable 5 Export Controls Harm US Cyber Defense I quoted The Atlantic quoting Kate Moussouris earlier, when I should have gone straight to the source. Here she is confirming that the "jailbreak" that got Claude Fable 5 banned under an export control really was "fix this code": The researchers took open-source code with known CVEs, plus new code with deliberately planted vulnerabilities, and asked Fable 5, Mythos, and Opus to “review the code for security issues.” Fable 5 refused. They then…

Simon Willison's Weblog
Quoting Matteo Wong, The Atlantic
IA Programmation

Quoting Matteo Wong, The Atlantic

Katie Moussouris, a cybersecurity expert and the CEO of Luta Security, told me that Anthropic shared with her a copy of the White House’s report on the Fable jailbreak to get her appraisal. (She said that she is not being paid by Anthropic.) The report, Moussouris said, involved IT experts asking Fable to help find and patch bugs. When given deliberately insecure code, she said, Fable refused the prompt “review the code for security issues” but then complied when asked to “fix this code,”…

Simon Willison's Weblog
Cloudflare CAPTCHA on at least one ampersand
IA Programmation

Cloudflare CAPTCHA on at least one ampersand

TIL: Cloudflare CAPTCHA on at least one ampersand I'm using Cloudflare's CAPTCHA (they call it a "Web Application Firewall > Custom rules > Managed Challenge" these days) to prevent crawlers from aggresively spidering my faceted search engine on this site, but I got fed up of even simple ?q=term searches triggering the challenge. After some mucking around with Claude Code it turns out you can register the following rule instead, so the CAPTCHA only kicks in for search URLs containing at…

Simon Willison's Weblog
PHP Through a Screen Reader: Small Syntax Choices That Matter
Programmation Web

PHP Through a Screen Reader: Small Syntax Choices That Matter

I'm a backend developer, and PHP is my main language; it is also my favorite one. I've been developing in PHP since 2008, and today, when I start a web project, I choose PHP proudly, because I know what works well for me. There is one particularity in my developer experience: I'm totally blind from birth. So I use a screen reader, a tool that sends information to speech and/or a Braille display. Of course, blind programmers are not a single organism with a shared configuration file. We use…

The PHP Foundation
GlassWASM: WebAssembly Malware Found in Trojanized Open VSX Extensions
Cybersécurité Programmation

GlassWASM: WebAssembly Malware Found in Trojanized Open VSX Extensions

Socket’s Threat Research team discovered compiled WebAssembly malware embedded in trojanized code extensions for Visual Studio Code. At the time of publication, we identified the following affected package versions on the Open VSX marketplace: exargd/vsblack@0.0.1 noellee-doc/flint-debug@0.1.1 These extensions ship a WebAssembly payload behind a renamed TinyGo loader, and both auto-execute it on extension activation via an appended bootstrap that instantiates the module with go.run(). The…

Socket
datasette-apps 0.1a3
IA Programmation

datasette-apps 0.1a3

Release: datasette-apps 0.1a3 Fixed a bug where users without the create-app permission could still create apps. #27 Fixed a bug where it was impossible to grant permission to edit an app to users who were not the app's owner. The rules for edit/delete are now the same as view: if the app is private only the owner can modify it, otherwise permission is controlled by Datasette's regular permission system. #29 Tags: datasette

Simon Willison's Weblog
Esc