We've gotten to the point where the Chief Justice of the United States Supreme Court no
longer gives a shit that people know he's lying. Chief Justice John Roberts says Supreme Court is not
political
His remarks to a conference of judges and lawyers from the 3rd U.S. Circuit in
Pennsylvania came at a time of <span class="LinkEnhancement">low public confidence</span> in the court, and about
a week after the court handed down a decision that hollowed out the Voting Rights Act.
The Register: Using AI to click around on a website
burns 45x as many tokens as just using APIs. Which is completely unsurprising, and
clicking around is also less deterministic, and what the fuck are we doing in a world where
we're loosing random things on web sites rather than having computers communicate in
deterministic defined ways with computers?
Via
@lcamtuf@infosec.exchange
The coreutils Rust rewrite story is pretty funny.
Coreutils are tools like rm, mv, mkdir, etc. Unlike binutils, this isn't a
fertile ground for memory safety bugs. But, the rewrite was completed, and
in the spirit of progress, Canonical decided to switch.
But do you know what coreutils are a fertile ground for? Race conditions
around file creation, deletion, permission setting, and so on. The original
code accounted for decades of hard-learned lessons in that space. The Rust
rewrite did not:
https://seclists.org/oss-sec/2026/q2/332
PS. I'm not dunking on Rust. It's just that... starting over from scratch
has its hidden costs.
David Gerard
@davidgerard@circumstances.run
what's Mark Karpeles of the Mt. Gox bitcoin disaster up to these days? He's
trying to AI-launder code from ffmpeg and got caught
https://github.com/OxideAV/oxideav-magicyuv/issues/3
arclight
@arclight@oldbytes.space
More and more I feel that software is something that's inflicted on me rather
than something I create or control that serves me.
And the rest of the thread, but/and then Cassandrich
@dalias@hachyderm.io
@arclight It sounds like the problem you're addressing is not "publicly
distributing code" that might be dangerous, but the catastrophe of LPMs (language package
managers) making unvetted code posted by any random author into something that's
essentially part of the language's standard library.
with some more good points and, outside of that thread, Cassandrich
@dalias@hachyderm.io
I call this a hot take because it's not really nuanced or accurate.
But the idea is that both LLM codegen and LPMs are systems for assembling a
bunch of unvetted code of dubious provenance from sources you don't want to
be aware of to rapidly get something that "kinda works".
LLM is just taking it to a much further and more malicious degree that's
hostile to the authors of the code you're ingesting as well.
Bruce Lawson
@brucelawson@vivaldi.net:
People have asked me if @Vivaldi parks this on your machine. No, we
dont,
because this A.I. is short for Annoyingly Invasive. We know
its your machine, and
youd rather use storage space for music from The Cruellest Months/ Cheeky Girls, or
selfies with your pet triceratops. Of course, you can visit any AI site you want in
Vivaldi, but we wont build it into our browser. There are plenty of data hoovers
dressed
up as browsers for that.
The Verge: Chrome's AI features may be hogging 4GB of your computer storage
Yahoo Tech: Google Chrome Silently Installs a 4 GB AI Model On You Device
– Without Your Consent (Via)
Tom's Hardware: Google
Chrome 'silently' downloads 4GB AI model to your device without permission, report claims
researcher says practice may violate EU law, waste thousands of kilowatts of energy
News
(Via)
That Privacy
Guy: Google Chrome silently installs a 4 GB AI model on your device without consent. At a
billion-device scale the climate costs are insane. (Via).
This week I discovered the same pattern, executed by Google. Google Chrome is
reaching into users' machines and writing a 4 GB on-device AI model file to disk without
asking. The file is named weights.bin. It lives in
OptGuideOnDeviceModel. It is the weights for Gemini Nano, Google's on-device
LLM. Chrome did not ask. Chrome does not surface it. If the user deletes it, Chrome re-
downloads it.
Russell Keith-Magee
@freakboy3742@cloudisland.nz
Thank you Google. I understand that you want Android developers to be active
in their Play accounts. I understand that you sent me several email warnings
about this. I was, however, quite busy.
But yesterday, I was able to find time to log in to my account. There were
warning banners telling me my account might be closed due to inactivity.
And I was able to upload a new version of my app.
...and 10 hours later, you cancelled my developer account. Seriously?