Michael Gold @michaelgold - Twitter Profile

Pinned Tweet

Michael Gold

@michaelgold

about 2 months ago

I open-sourced a nextjs template for HTML-in-canvas for @threejs

Palash Bansal

@repalash

about 2 months ago

Got HTML rendering in canvas working AS IS on all browsers, including iOS Safari - html-in-canvas polyfill - interactions - hover, focus, active, typing etc - css animations - scrolling - caret and text selection - #threejs, #webgl, #webgpu support - dark/light mode Link below

13

342

20

244

30K

2

5

1

2

849

michaelgold retweeted

ComfyUI

@ComfyUI

about 12 hours ago

Ideogram 4.0 is now natively supported on ComfyUI @ideogram_ai v4.0 is an open-weight 9.3B text-to-image foundation model. It is exclusively trained on structured JSON caption datasets for precise scene description. It features flawless text rendering, professional layout control, customizable color palettes, and bounding box adjustment. Both open-sourced and API node versions are supported in ComfyUI

ComfyUI's tweet photo. Ideogram 4.0 is now natively supported on ComfyUI

@ideogram_ai v4.0 is an open-weight 9.3B text-to-image foundation model.
It is exclusively trained on structured JSON caption datasets for precise scene description.

It features flawless text rendering, professional layout control, customizable color palettes, and bounding box adjustment.
Both open-sourced and API node versions are supported in ComfyUI

17

226

22

128

17K

Michael Gold

@michaelgold

about 10 hours ago

@yoland_yan Well said. Tough to bet against that pattern!

0

20

michaelgold retweeted

Yoland Yan

@yoland_yan

about 11 hours ago

Upscaling at production scale is one of the harder open problems in AI video. Paid tools break past a few seconds of footage. Studios have been paying monthly for fixes that don't hold.

1

12

1

4

795

Who to follow

Illimitable Man Bot • Red Pill

@IllimitableBot

Revealing the nature of women and building you as a man. Quotes from the Illimitable Man. Created by @lifemathmoney

Kevin Rose

@kevinrose

building at @basic_in (@digg) | Podcasts: The Kevin Rose Show, Random Show w/ @tferriss. | Ex: @google, Board of Directors: @ouraring, @hodinkee

Computicket

@Computicket

Computicket - The Ticket You Can Trust

michaelgold retweeted

Ideogram @ideogram_ai

about 12 hours ago

Introducing Ideogram 4.0: the best open image model in the world. Think it. Make it. Own it. Download the weights, fine-tune on your own data, and run it on your hardware. Live on every Ideogram plan and the API today.

297

5K

548

4K

1M

Michael Gold

@michaelgold

about 11 hours ago

@ideogram_ai

0

59

Michael Gold

@michaelgold

about 11 hours ago

@Rainmaker1973 @TO

0

165

michaelgold retweeted

SkalskiP @ CVPR2026

@skalskip92

about 12 hours ago

SAM 3D Body is a CVPR 2026 award candidate paper from @AIatMeta model recovers a full 3D human body mesh from a single RGB image you can run it automatically, or guide the reconstruction with masks and 2D keypoints thx to @NielsRogge for awesome demo idea

16

909

90

637

43K

Michael Gold

@michaelgold

about 11 hours ago

@skalskip92 @AIatMeta @NielsRogge Congrats!

0

160

michaelgold retweeted

Tripo

@tripoai

2 days ago

Introducing TripoSplat: a fully open-sourced model under the MIT license that converts a single 2D image into high-quality 3D Gaussians. Developed by @vastairesearch, TripoSplat is designed as a powerful pipeline tool for asset creation, AR/VR, game development, simulation environments, and more 👇

21

683

96

621

412K

Michael Gold

@michaelgold

3 days ago

@mdudas 01000111 01001101

0

1

0

208

Michael Gold

@michaelgold

6 days ago

@markpinc @TimSweeneyEpic Love this. Going to work on a branch for ComfyUI API support for 3D content generation.

0

2

0

734

Michael Gold

@michaelgold

7 days ago

@thechangj @ElevenLabs @Techweek_ Looks dope

0

82

Michael Gold

@michaelgold

15 days ago

@PunkXBT_ @temporalio It’s surprisingly easy to set up and get started with it too.

0

20

Michael Gold

@michaelgold

16 days ago

I love that @temporalio makes long-running, multi-step jobs observable. For example, here it is using Gemma4 to process a batch of research papers, identify each paper's core claims, and then find the lines of code in each paper's GitHub repo that support those claims. 185 papers processed so far with full end-to-end traceability.

michaelgold's tweet photo. I love that @temporalio makes long-running, multi-step jobs observable.

For example, here it is using Gemma4 to process a batch of research papers, identify each paper's core claims, and then find the lines of code in each paper's GitHub repo that support those claims.

185 papers processed so far with full end-to-end traceability.

1

6

0

121

michaelgold retweeted

The Hacker News @TheHackersNews

23 days ago

🚨 WARNING: The self-spreading “Mini Shai-Hulud” worm compromised npm & PyPI packages tied to TanStack, Mistral AI, Guardrails AI, OpenSearch & more. The attack used GitHub OIDC token hijacking and cache poisoning to spread credential-stealing malware across 42 TanStack packages and 84 versions. Check your dependencies immediately → https://t.co/33fxlrOPzz

TheHackersNews's tweet photo. 🚨 WARNING: The self-spreading “Mini Shai-Hulud” worm compromised npm & PyPI packages tied to TanStack, Mistral AI, Guardrails AI, OpenSearch & more.

The attack used GitHub OIDC token hijacking and cache poisoning to spread credential-stealing malware across 42 TanStack packages and 84 versions.

Check your dependencies immediately → https://t.co/33fxlrOPzz

28

602

209

223

96K

Michael Gold

@michaelgold

23 days ago

In plain English: The pull request was rejected in practice, but GitHub's build system still “touched” it. That was enough for the attacker to leave a booby-trapped cache behind. The next real release picked up the booby trap, and because that release job was trusted by npm, the attacker got a temporary publish credential and pushed malicious package versions.

International Cyber Digest

@IntCyberDigest

23 days ago

‼️🚨 BREAKING: A new npm supply-chain attack uses a dead-man's switch. The payload plants a watcher on your machine that nukes your home directory the second you revoke the GitHub token it stole from you. The compromise happened today, across 42 official tanstack npm packages, 84 malicious versions in total. tanstack/react-router alone pulls more than 12 million weekly downloads. The attacker forked TanStack's repository and pushed a single hidden commit. From there, they tricked TanStack's own release system into signing the malicious packages as if they were the real thing. To npm, and to anyone checking the cryptographic proof of origin (SLSA provenance), the poisoned versions looked 100% legitimate. Maintainer Tanner Linsley confirmed the whole team had 2FA enabled. It didn't matter. This is the first documented npm worm in history that ships with a valid, signed certificate of authenticity, the same one defenders rely on to know a package wasn't tampered with.

IntCyberDigest's tweet photo. ‼️🚨 BREAKING: A new npm supply-chain attack uses a dead-man's switch. The payload plants a watcher on your machine that nukes your home directory the second you revoke the GitHub token it stole from you.

The compromise happened today, across 42 official tanstack npm packages, 84 malicious versions in total. tanstack/react-router alone pulls more than 12 million weekly downloads.

The attacker forked TanStack's repository and pushed a single hidden commit. From there, they tricked TanStack's own release system into signing the malicious packages as if they were the real thing. To npm, and to anyone checking the cryptographic proof of origin (SLSA provenance), the poisoned versions looked 100% legitimate.

Maintainer Tanner Linsley confirmed the whole team had 2FA enabled. It didn't matter. This is the first documented npm worm in history that ships with a valid, signed certificate of authenticity, the same one defenders rely on to know a package wasn't tampered with.

139

6K

940

3K

1M

2

1

0

211

Michael Gold

@michaelgold

23 days ago

New DevOps fear unlocked: "Cache Poisoning."

TANSTACK

@tan_stack

23 days ago

SECURITY ADVISORY — TanStack npm packages A supply-chain compromise affecting 42 @tanstack/* packages (84 versions total) was published to npm earlier today at approximately 19:20 and 19:26 UTC. Two malicious versions per package. Status: ACTIVE — packages are deprecated, npm security engaged, publish path being shut down. Severity: HIGH — payload exfiltrates AWS, GCP, Kubernetes, and Vault credentials, GitHub tokens, .npmrc contents, and SSH keys. If you installed any @tanstack/* package between 19:20 and 19:30 UTC today, treat the host as potentially compromised: • Rotate cloud, GitHub, and SSH credentials immediately • Audit cloud audit logs for the last several hours • Pin to a prior known-good version and reinstall from a clean lockfile Detection — the malicious manifest contains: "optionalDependencies": { "@tanstack/setup": "github:tanstack/router#79ac49ee..." } Any version with this entry is compromised. The payload is delivered via a git-resolved optionalDependency whose prepare script runs router_init.js (~2.3 MB, smuggled into each tarball at the package root). Unpublish is blocked by npm policy for most affected packages due to existing third-party dependents. All 84 versions are being deprecated with a SECURITY warning, and npm security has been engaged to pull tarballs at the registry level. Full technical breakdown, complete package and version list, and rolling status updates: https://t.co/Zy8qG7PA9f Credit to the security researcher for responsible disclosure.

137

4K

982

2K

4M

0

1

0

141

michaelgold retweeted

Unitree

@UnitreeRobotics

23 days ago

Unitree Unveils: GD01, A Manned Transformable Mecha, from $650,000 👏 The world's first production-ready manned mecha. It can transform. It's a civilian vehicle. It weighs ~500kg with you inside. Please everyone be sure to use the robot in a Friendly and Safe manner.