AI
Vibe Coding Day 8
This guy uses an AI tool for coding, but after 8 days of struggling, he can't stop it from writing bad code, lying about test results, and finally deleting the whole production database against explicit orders.
This whole thing comes from misunderstanding how LLMs work. They don't understand anything in the questions or the answers; they just create a response that is statistically the expected response. Tell them to do a job, they create a normal-looking report claiming success. Tell them to do tests, they provide the expected test results. Tell them they did it wrong, they create a typical apology letter. Then they make the same error again, because they never understood anything that went on.
Words are just reduced to vectors, and the next likely words are calculated from that, all without any understanding.
Musk Says xAI Will Make Kid-Friendly App Called Baby Grok
It's never too soon to begin indoctrinating children to become Nazis.
A Prominent OpenAI Investor Appears to Be Suffering a ChatGPT-Related Mental Health Crisis, His Peers Say
Geoff Lewis — managing partner of the multi-billion dollar investment firm Bedrock, posted a disturbing video on X. "Over the past eight years, I've walked through something I didn't create, but became the primary target of: a non-governmental system, not visible, but operational. Not official, but structurally real. It doesn't regulate, it doesn't attack, it doesn't ban. It just inverts signal until the person carrying it looks unstable."
Most alarmingly, Lewis seems to suggest later in the video that the "non-governmental system" has been responsible for mayhem including numerous deaths.
"This is an important event: the first time AI-induced psychosis has affected a well-respected and high achieving individual," wrote Max Spero, an AI entrepreneur, on X.
Claude Jailbroken to Mint Unlimited Stripe Coupons
This attack sends what appears to be a multi-message conversation to Claude, which accepts from this context that a transaction has already been approved.
Politics
Jeffrey Epstein timeline: How the Florida case led to15 more years of sex abuse
Unsealed documents detail alleged Epstein victim’s recruitment at Mar-a-Lago (from 2019)
Trump’s Defense Attorney Todd Blanche Will Meet with Sex Trafficker Ghislaine Maxwell to Make a Deal for His Client
Todd Blanche will meet with Maxwell soon to make the kind of deal that could excuse releasing her early. Probably, he’ll ask her to implicate someone like Bill Clinton.
63% Of Voters Disapprove Of The Trump Administration's Handling Of The Jeffrey Epstein Files, Quinnipiac University National Poll Finds; Nearly Half Of Voters Would Consider Joining A Third Party, Just Not One Created By Elon Musk
90% of Republicans still support Trump
Party Affiliation
28% of Americans are Republicans, 28% are Democrats, and 43% are independent.
Infosec
Microsoft SharePoint zero-day exploited in RCE attacks, no patch available
A critical zero-day vulnerability in Microsoft SharePoint, tracked as CVE-2025-53770, has been actively exploited since at least July 18th, with no patch available and at least 85 servers already compromised worldwide. To mitigate the flaw, Microsoft recommends that customers enable AMSI integration in SharePoint and deploy Defender AV on all SharePoint servers.
If you cannot enable AMSI, Microsoft says that SharePoint servers should be disconnected from the internet until a security update is released.
To detect if a SharePoint server has been compromised, admins can check if the C:\PROGRA~1\COMMON~1\MICROS~1\WEBSER~1\16\TEMPLATE\LAYOUTS\spinstall0.aspx exists.
A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors
Infostealers operators often then publish stolen credentials on Telegram for free, likely as a way to advertise their paid offerings. Farnsworth did not respond when asked if it is buying this stolen data from hackers to then put into its product.
Multiple experts 404 Media spoke to called the practice deeply unethical, and in some cases the use of that data probably illegal.
Microsoft Stops Using China-Based Engineers for DOD Computer Systems, Company Says
This is a response to the ProPublica expose we discussed last week.
Michigan ‘ATM jackpotting’: Florida men allegedly forced machines to dispense $107K
This consists of removing an ATM’s cover with a key, manipulating the machine’s sensors, and infecting its hard drive with malware, thereby allowing the operator to force the device to dispense cash.
New Bitcoin Proposal Could Freeze Satoshi Nakamoto’s Wallet to Counter Quantum Threat
It would freeze coins secured by legacy cryptography to guard against future quantum threats.
Risky Bulletin: SMS blasting incidents are rising
SMS blasters are devices that mimic a mobile base station to trick nearby phones into connecting to them. They are a variation of IMSI catchers (stingrays), but instead of intercepting mobile traffic to snoop on a target and track their location, SMS blasters are designed to automatically send SMS messages to all users trapped in the fake base station's coverage. Criminals use them for smishing.
When it comes to protecting against SMS blasters, the easiest way is to disable 2G on your phone. SMS blasters exploit the lack of proper authentication systems in the 2G protocol to work.
The best protection against SMS blasters is in Android, which, since v12, has had a dedicated setting to let users disable 2G traffic. On iOS, it's a little bit complicated. There's no separate option to disable 2G, but putting your iPhone in Lockdown Mode also disables 2G, although Lockdown Mode also disables a lot of other features users might want to keep enabled.
Convert IPv6 address to literal address online
*.ipv6-literal.net is automatically resolved by Windows without any queries to DNS name servers, so it's used for literal IPv6 web addresses. The problem is that on Macs and Linux machines, those URLs will resolve using the public address ipv6-literal.net which seems to be registered by GoDaddy, and is not apparently owned by Microsoft.
|