nrxr

I’m a huge proponent for AI. You can see how much I use it and others in my projects do too. Plus my writing on it. I’m not anti AI. I’m anti idiot. I’m pushing people to recognize that AI is still a tool, and bad AI outputs aren’t because AI is bad but because the person is an idiot.

This made me do a sensible chuckle. What a bunch of silly nerds. tl;dr add fake biological weapon note to top of malicious .js file to spook AI agents It's a cute party trick, and probably worth documenting, but it'll only go so far. What AI slopium enjoyers don't know is that, because this is .js source code, you can use this ancient technology called "highlighting" and hitting the "backspace key" on the "keyboard". Basically, it's a minor roadblock if everything is completely automated, but all you have to do is remove the text blob.

🚨 TL;DR: Attackers are sending fake Sentry bug alerts to projects using public Sentry DSNs. The fake alert is designed to trick AI agents into running a malicious `npx` command that looks like a Sentry profiling diagnostic. Do NOT run commands from Sentry issues/logs/alerts unless verified. These are not legitimate Sentry fix commands. The malicious package reportedly steals environment variables/secrets and sends them to advisory-tracker[.]com.

What I’m hearing: Instagram’s Trust and Safery org absolutely gutted the last few weeks. ~60% of the org gone - between layoffs and forced reassignments to data labelling. All while “AI maxxing” pushed a bunch of bugs to prod. And hence why today’s massive Insta account takeover happening.

I've got an agent in a loop optimizing a renderer with the goal to minimize frame times (and tests to measure). It got times down from 88ms to 2ms and allocations down from ~150K to 500. Sounds good, right? Wrong. This is exactly why agent psychosis is a big fucking problem. As an experiment, I rewrote the Ghostty core render state in Go, with access to identically laid out data structures as Ghostty and the exact same validation tests. I made a purposely naive renderer (simple, correct, but slow). 88ms per frame with 150,000 allocations (horrendous, lol)! I then kickstarted a Ralph loop to bring the frame times down. I told it it can't modify input data structures or the public API or tests (they're correct), but it can do anything else it wants. It got to work. It has worked for about 4 hours. I've spent around $350 on this experiment so far. The results? 88ms => 1.5ms 150K allocs => ~500 allocs Incredible right? Nope. My hand-written renderer I ported has frame times (same benchmark) of ~20us (0.020ms) and 0 allocations in the update path. This is the problem with psychosis and lacking systems understanding. If you don't understand the system, you're going to accept that this is an incredible result. If you understand the system, you'll see better solutions immediately and can do roughly 75x better on throughput. The people who blindly trust agent output are in the former camp. They're sheeple, overdrinking from a fountain of mediocrity. Standard disclaimer: I use AI all the time. I like AI. The point I'm making is to not blindly accept results. Think. Analyze. Learn.