Youuuuzzzz

it is a great feature, but can you look into this? The codex app is abnormally taking more resources even if it is doing virtually nothing. this is what codex cli tells me. • I found more. The app is not actually idle internally. Current evidence: Visible Codex window: Codex Helper GPU ~41% CPU Codex renderer ~16% CPU WindowServer ~28% CPU Codex main process lower now, but previously spiked >100% The important findings are: Codex main process has a thread named: computer-use-capture Codex renderer has threads named: Media VideoFrameCompositor That strongly points to an active browser/computer-use capture/display pipeline, even though the GUI looks idle. More suspicious: the main Codex process currently has: 228 open Unix sockets under /tmp/codex-browser-use 235 socket files in /tmp/codex-browser-use And the current Codex desktop log shows repeated browser/remote-control churn: 74 browser_use_iab_backend_startup_ready 77 IAB_LIFECYCLE ended browser use turn route 54 remote control app-server stream sequence gap detected 76 Item not found in turn state The current log also shows this specific reconnect failure: remote control app-server stream sequence gap detected websocket_reconnect_recovery_start websocket_reconnect_marked_threads_needing_resume conversationCount=81 markedCount=1 maybe_resume_success ... markedStreaming=true My read: this is very likely a Codex app bug around remote-control/browser-use session recovery. The visible app is repeatedly maintaining or recovering browser-use routes, remote websocket state, and a media/capture surface. That explains why minimizing drops CPU: macOS stops compositing the active capture/render surface. But while visible, Electron/Chromium keeps feeding the GPU and renderer. The 228 open /tmp/codex-browser-use sockets are the biggest smell. They may be retained by design for old in-app browser sessions, but combined with repeated “sequence gap” reconnects and “Item not found in turn state” errors, it looks like stale browser-use/session state is accumulating or being reprocessed. I would report this as: Codex App 26.519.41501 on macOS 15.7.4. Visible idle/remote-control window causes: - Codex Helper GPU ~40% CPU - Codex renderer ~15% CPU - WindowServer ~25-30% CPU Minimizing Codex drops the load. Process evidence: - main process has computer-use-capture thread - renderer has Media and VideoFrameCompositor threads - Codex main process holds 228 open /tmp/codex-browser-use Unix sockets Log evidence: - repeated remote control app-server stream sequence gap detected - repeated websocket reconnect recovery - repeated Item not found in turn state - many browser_use_iab_backend_startup_ready lifecycle events Best next test: quit/reopen Codex after the remote job reaches a safe point, then re-check /tmp/codex-browser-use socket count and CPU. If the count drops from ~228 and CPU normalizes, it is very likely a stale browser-use/remote-control session leak.

We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity.

古法发推。 预言下任何没有护城河的SaaS都将死。 写PPT？都不需要打开office。前端skill+brainstorming+pptx全套安排上，直接生成。 画架构图？一样的套路。凡是生成给人看的东西，这个思路都可以用。 很快有人就会提供一站式skill。。。 记账？用ai工具岂不是切菜？没有skill可以直接十分钟生成一个，你引导一次就好了。 Jira？你要的就是个todolist，ai就不需要，给点面子用GitHub issue或者直接做一个。 很多高级的SaaS的需求都是不存在的，都是为了人而创造的，至少是不需要那么复杂的。回归事情的本源，第一性原理，估值也将回归。。。 #SaaS #skills

Me: "I have a checklist and a table. Tag each row with which checklist item handles it." Claude Opus 4.6: "Let me write a Python script to cross-reference..." Me: "No just look and edit" Opus: "I'll use sed with regex..." Me: "JUST GO ROW BY ROW" The worst part? You can see the "thinking" process. Watching it spend 10 minutes reasoning down a completely wrong path, knowing it's wrong, unable to stop it. Then it outputs a broken script. Then thinks for another 10 minutes on the next wrong approach. 30 minutes total. A human would've done it in 2. Opus 4.6 getting dumber or just loves overthinking? 🤡

🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest [email protected] now pulls in [email protected], a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.