/
The Fable 5 Export Controls Harm US Cyber Defense
The Fable 5 Export Controls Harm US Cyber Defense
The Fable 5 Export Controls Harm US Cyber Defense I quoted The Atlantic quoting Kate Moussouris earlier, when I should have gone straight to the source. Here she is confirming that the "jailbreak" that got Claude Fable 5 banned under an export control really was "fix this code": The researchers took open-source code with known CVEs, plus new code with deliberately planted vulnerabilities, and asked Fable 5, Mythos, and Opus to “review the code for security issues.” Fable 5 refused. They then…
Lire
Quoting Matteo Wong, The Atlantic
Quoting Matteo Wong, The Atlantic
Katie Moussouris, a cybersecurity expert and the CEO of Luta Security, told me that Anthropic shared with her a copy of the White House’s report on the Fable jailbreak to get her appraisal. (She said that she is not being paid by Anthropic.) The report, Moussouris said, involved IT experts asking Fable to help find and patch bugs. When given deliberately insecure code, she said, Fable refused the prompt “review the code for security issues” but then complied when asked to “fix this code,”…
Lire
Cloudflare CAPTCHA on at least one ampersand
Cloudflare CAPTCHA on at least one ampersand
TIL: Cloudflare CAPTCHA on at least one ampersand I'm using Cloudflare's CAPTCHA (they call it a "Web Application Firewall > Custom rules > Managed Challenge" these days) to prevent crawlers from aggresively spidering my faceted search engine on this site, but I got fed up of even simple ?q=term searches triggering the challenge. After some mucking around with Claude Code it turns out you can register the following rule instead, so the CAPTCHA only kicks in for search URLs containing at…
Lire
PHP Through a Screen Reader: Small Syntax Choices That Matter
I'm a backend developer, and PHP is my main language; it is also my favorite one. I've been developing in PHP since 2008, and today, when I start a web project, I choose PHP proudly, because I know what works well for me. There is one particularity in my developer experience: I'm totally blind from birth. So I use a screen reader, a tool that sends information to speech and/or a Braille display. Of course, blind programmers are not a single organism with a shared configuration file. We use…
Lire
![[Hands-on] Build a Real-Time Satellite Tracker with Claude Code](https://substackcdn.com/image/fetch/$s_!Sj_E!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2fe57076-a22a-447f-b030-9c886892fff0_1080x1080.png)
[Hands-on] Build a Real-Time Satellite Tracker with Claude Code
Backed by a production-grade time-series database.
Lire
GlassWASM: WebAssembly Malware Found in Trojanized Open VSX Extensions
Socket’s Threat Research team discovered compiled WebAssembly malware embedded in trojanized code extensions for Visual Studio Code. At the time of publication, we identified the following affected package versions on the Open VSX marketplace: exargd/vsblack@0.0.1 noellee-doc/flint-debug@0.1.1 These extensions ship a WebAssembly payload behind a renamed TinyGo loader, and both auto-execute it on extension activation via an appended bootstrap that instantiates the module with go.run(). The…
Lire
datasette-apps 0.1a3
datasette-apps 0.1a3
Release: datasette-apps 0.1a3 Fixed a bug where users without the create-app permission could still create apps. #27 Fixed a bug where it was impossible to grant permission to edit an app to users who were not the app's owner. The rules for edit/delete are now the same as view: if the app is private only the owner can modify it, otherwise permission is controlled by Datasette's regular permission system. #29 Tags: datasette
Lire
datasette-apps 0.1a2
datasette-apps 0.1a2
Release: datasette-apps 0.1a2 Custom network/CSP origins for apps are now guarded by a new apps-set-csp permission, with an optional allowed_csp_origins plugin allow-list for non-privileged users. The Datasette Agent app creation tool enforces the same rules. #24 Stored query picker now supports keyboard navigation and shows the three most recent accessible stored queries when focused. #fragment links inside apps are no longer intercepted by the external-link confirmation modal. #23 Fixed link…
Lire
datasette-agent 0.3a0
datasette-agent 0.3a0
Release: datasette-agent 0.3a0 New tool, execute_write_sql, which requests user approval and then writes to a database - taking user permissions into account. #27 I added a mechanism for asking user approval in datasette agent 0.2a0. The new execute_write_sql tool can now prompt the user for all kinds of useful operations. Here's an example where I add some pelican sightings to my pelican_sightings table: The new version also enhances the datasette agent chat terminal mode to support approvals,…
Lire
"They screwed us": Personality clashes sent Anthropic's models offline
"They screwed us": Personality clashes sent Anthropic's models offline
"They screwed us": Personality clashes sent Anthropic's models offline Lots of "source familiar with the administration's thinking" and "source close to Anthropic" in this Axios piece, which is the best collection of behind-the-scenes gossip I've seen about the US government export control Mythos/Fable story so far. Logan Graham (I lead the Frontier Red Team at Anthropic), Dave Orr (Head of Safeguards, previously a Director of Engineering at Google DeepMind), and blog favorite…
Lire
Symfony: The Fast Track, now for Symfony 8.1
Symfony: The Fast Track, now for Symfony 8.1
In November 2019, at SymfonyCon Amsterdam, I published "Symfony 5: The Fast Track"; a book that teaches Symfony the way I like to learn: by building a real application, one Git commit at a time, from the very first composer install to production deployments,…
Lire
Socket for Linear Is Now Available
When Socket flags a malicious package or a vulnerable dependency, some fixes are quick: bump a version, drop a package, patch and move on. Plenty of others need to be tracked, assigned to the right person, and prioritized against everything else a team is working on. That kind of work lives in an issue tracker. Linear has earned a loyal following among engineering teams, prized for its speed and the clarity of its workflow. So today we're excited to announce Socket for Linear, which plugs…
Lire
New in Symfony 8.1: Misc Improvements (Part 2)
In addition to the main features announced in previous posts of this series, Symfony 8.1 includes many smaller improvements that make day-to-day work easier. This post highlights a second batch of them. Build Semaphores on Any Lock Backend…
Lire
Caching get_certificate lookups in Caddy
Mattias open sourced a small Caddy module that caches get_certificate HTTP lookups, avoiding a backend fetch on every TLS handshake. A nice write-up on the problem, the design, and the trade-offs. Read more
Lire
The Fable 5 Export Controls Harm US Cyber Defense
Quoting Matteo Wong, The Atlantic
Cloudflare CAPTCHA on at least one ampersand
PHP Through a Screen Reader: Small Syntax Choices That Matter
The PHP Foundation •
datasette-apps 0.1a3
datasette-apps 0.1a2
datasette-agent 0.3a0
"They screwed us": Personality clashes sent Anthropic's models offline
"They screwed us": Personality clashes sent Anthropic's models offline
Simon Willison's Weblog •
Symfony: The Fast Track, now for Symfony 8.1
New in Symfony 8.1: Tui Component
The Fable 5 Export Controls Harm US Cyber Defense
Quoting Matteo Wong, The Atlantic
Cloudflare CAPTCHA on at least one ampersand
PHP Through a Screen Reader: Small Syntax Choices That Matter
[Hands-on] Build a Real-Time Satellite Tracker with Claude Code
GlassWASM: WebAssembly Malware Found in Trojanized Open VSX Extensions
datasette-apps 0.1a3
datasette-apps 0.1a2
datasette-agent 0.3a0
"They screwed us": Personality clashes sent Anthropic's models offline
Symfony: The Fast Track, now for Symfony 8.1
Socket for Linear Is Now Available
New in Symfony 8.1: Misc Improvements (Part 2)
Caching get_certificate lookups in Caddy
Aucun résultat
Essayez avec d'autres termes de recherche.