Is there an explanation for why the package.lock checksum does not include the package.json?
Readit Newswrqvrwvq commented on A GitHub Issue Title Compromised 4k Developer Machines grith.ai/blog/clinejectio... · Posted by u/edf13
wrqvrwvq commented on · Posted by u/janandonly
They're calling it the most ai generated hn post of all time
It's bizarre seeing the outright bribery.
A lot of things that people call "bribery" is really just ensuring that your preferred candidate gets in office. You couldn't give money directly to the candidate for personal use. Donations went to the campaign of the guy who already agreed with you. The FEC used to take a dim view of outright pay-for-service, even dressed up.
This is new. And now people need to decide how they feel about that. They get one chance to say "no, that's not how we do things." Even if the administration suffers a blow this November, if they hear that this is mostly acceptable to their base, it will be what every politician does from here on.
In what sense is this new, other than a different side cares about the optics?
> The technology can just be requisitioned
During a war with national mobilization, that would make sense. Or in a country like China. This kind of coercion is not an expected part of democratic rule.
It has always been a part of democratic rule, in peacetime and war. All telco's share virtually all of their technology with the government. Governments in europe and elsewhere routinely requisition services from many of their large corporations. I think it's absurd to think llm's can meaningfully participate in realworld cmd+ctrl systems and the government already has access to ml-enhanced targeting capabilities. I really have no idea what dod normies think of ai, other than that it's infinitely smarter than them, but that's not saying much.
wrqvrwvq commented on The Misuses of the University publicbooks.org/the-misus... · Posted by u/ubasu
> With its 29 cantilevered roof planes and its clerestory glazed windows, it will quickly become the highlight of campus tours. Prospective students will look on with envy. Maybe it will attract more applicants.
I got an ad the other day for a school (a mostly reputable one). They were talking about their award winning dining hall food... and the photos are over the top.
Borrow a pile of money, to help fund a pretty campus, and get a degree with limited job prospects, then wonder why you're drowning in debt for decades seems to be the trendy thing to do.
Modern uni has a strong cruise-ship aesthetic.
wrqvrwvq commented on Show HN: enveil – hide your .env secrets from prAIng eyes github.com/GreatScott/env... · Posted by u/parkaboy
Your concerns are not entirely unfounded.
https://www.reddit.com/r/ClaudeAI/comments/1r186gl/my_agent_...
I have noticed similar behavior from the latest codex as well. "The security policy forbid me from doing x, so I will achieve it with a creative work around instead..."
The "best" part of the thread is that Claude comes back in the comments and insults OP a second time!
Every time someone announces a major ai breakthrough, the utility mode becomes a wall of ai-generated soc3 advice:
> SANDBOX YOUR AGENT. Seriously. Run it in a dedicated, isolated environment like a Docker container, a devcontainer, or a VM. Do not run it on your main machine.
> "Docker access = root access." This was OP's critical mistake. Never, ever expose the host docker socket to the agent's container.
> Use a real secrets manager. Stop putting keys in .env files. Use tools like Vault, AWS SSM, Doppler, or 1Password CLI to inject secrets at runtime.
> Practice the Principle of Least Privilege. Create a separate, low-permission user account for the agent. Restrict file access aggressively. Use read-only credentials where possible.
In order to use this developer-replacement, you need accreditation from professional orgs. Maybe the bot can set all this up for you, but then you are almost definitely locked out of your own computer and the bot may not remember its password.
I'm not sure what we've achieved here. If you give it your gmail account, it deletes your emails. If you "sandbox" it, then how is it going to "sort out your inbox"?
It might or might not help veteran devs accelerate some steps, but as with vibeclaw, there's essentially no way to use the tool without "sandboxing" it into uselessness. The pull requests for openclaw are 99% ai slop. There's still no major productivity growth engine in llm's.
...is it though? Fundamentally, these are statistical models with harnesses that try to conform them to deterministic expectations via narrow goal massaging.
They're not improving on the underlying technology. Just iterating on the massaging and perhaps improved data accuracy, if at all. It's still a mishmash of code and cribbed scifi stories. So, of course it's going to hit loops because it's not fundamentally conscience.
I think what's bewildering is the usual hypemongers promising (threatening) to replace entire categories of workers with this type of dogshit. As another commenter mentioned, most large employers are overstaffed by 2 to 3x so ai is mostly an excuse for investors not to get too worried about staffing cuts. The idea that Marc is blown away by this type of nonsense is indicative only of the types of people he surrounds himself with.
Many of us see them and are fighting the fight if our lives against it
The US has openly spied on nato allies via msft for decades, and this was widely reported long before Snowden. All us tech is a tool of government surveillance and has always been. msft has also been repeatedly sued and sanctioned for corruption and bribery and coercive practices across europe over the past two decades. The fact that europe views trump as the threat but not the system he represents is cynical but the move towards autonomy is long past due. aws and msft etc all get away with overcharging for often terrible services is largely due to a lack of viable competition. europe has had great open-source offering for many years, but has "strategically" starved all of them of funding and credibility. This is as much a result of eu scleroticism as it is msft's bullying and anti-competitive practices. If trump makes it easier for them to get their act together it is to his credit.
wrqvrwvq commented on The passive in English (2011) languagelog.ldc.upenn.edu... · Posted by u/penetralium
The phrasal verb "blow up" can be either transitive or intransitive.
"The bus blew up" is a perfectly active clause. "The bus" is the subject, it did its own blowing-up.
"The bus was blown up" is a passive clause. "The bus" is the object, some unnamed entity acted on the bus.
For completeness, the transitive active might be "The terrorist blew up the bus".
In the intransitive case you can infer the reflexive case (agent acting upon itself), "The bus blew itself up". Some languages have a formal "middle voice" for reflexion.
English lacks a formal middle and there is a good deal of established literature on verbal aspects where the subject is not really the agent called "ergative".
There is utility in comparing "the bus exploded", perhaps unclear as to the agent, but language is not an agent game. It's trying to convey information, which is clear enough in these cases.