LedgeDrop
@LedgeDrop@lemmy.zip
- Comment on NPM Package With 56K Downloads Caught Stealing WhatsApp Messages 6 days ago:
I completely agree with you on the second point. This is a problem for all languages, but maybe we (as a community) need to change the approval, reviewing process for adding new libraries and features to languages.
This isn’t going to get any better unless we revert to OS based dependencies which noone wants to do because developers want the latest and greatest.
You’re very succinct here: Developer do want the latest and greatest, even if the interface isn’t perfect, and they’ll need to refactor their code when the next revision comes out.
Languages often have much slower release cycles than 3rd party libraries. Maybe this is what needs to be improved.
There won’t be a silver bullet, but I kinda like how kubernetes handles it: release cycles are fixed to a calendar (4 times per year). New features are added and versioned as alpha, beta, release. This gives the feature itself time to evolve and mature, while the rest of the release features are still stable.
If you use an alpha/beta feature, you accept that bugs and interface changes will occur before it reaches a stable release. … and you get warning and errors, if you’re using an alpha feature, but it graduated to beta/release.
Unfortunately, many languages either make this unnatural/difficult (ie:
from future import…) or really only support it if you’re using 3rd party libraries (use whatever@v1.2.3-alpha1). - Comment on NPM Package With 56K Downloads Caught Stealing WhatsApp Messages 6 days ago:
The way I see it, there are two problems with NPM:
- It can blindly run any shell command w/o the developers explicit permission.
- Anyone can make an NPM module, and the community is so fractured - common tools/features are not built into the language (or a standard library or a “vetted” community library - like boost for C++)
The first issue might be solvable with things like WebAssembly. Then it’s the developer who gets to decide how far these pm-hooks will reach (both interns of filesystem, network, etc) on a per project basis.
The second will need a shift in community mindset… and all these supply chain attacks are the fuel for that. Unfortunately, it needs to get worse before it’ll get better.
- Comment on New Ways to Corrupt LLMs: The wacky things statistical-correlation machines like LLMs do – and how they might get us killed
1 week ago:
I tried it again a few more times (trying to be a bit more scientific - this time) and got fox, fox, cow, red fox, and dolphin.
If I don’t provide the weights, I got: red fox, tiger, octopus, red fox, octopus.
Basically, what I did this time was:
- created an inconigo browser session
- Went to Duck.ai
- Pasted the weights
- Pasted the question
- Terminated the browser (to flush/remove the browser cookies)
What I did the first time was simple went to duck.ai, created a new chat (I only did it once).
So what’s the take away? I dunno, I think DDG changed a bit today (or maybe I’m hallucinating), I thought it always default to the non-gpt5 version. Now it defaults to gpt5.
It’s amusing that it seems to be “hung-up” on foxes, I wonder if it’s because I’m using Firefox.
- Comment on New Ways to Corrupt LLMs: The wacky things statistical-correlation machines like LLMs do – and how they might get us killed
1 week ago:
Oh, it easy - they will just give it a prompt “everything is fine, everything is secure” /s
In all honesty, I think that was the point of the article: the researcher is throwing in the towel and saying “we can’t secure this”.
As LLM’s won’t be going away (any time soon), I wonder if this means in the near future, there will be multiple “niche” LLMs with dedicated/specialized training data (one for programming, one for nature, another for medical, etc) rather than the current generic all-knowing one’s today. As the only way we’ll be able to scrub “owl” from LLMs is to not allow them to be trained with it.
- Comment on New Ways to Corrupt LLMs: The wacky things statistical-correlation machines like LLMs do – and how they might get us killed
1 week ago:
Holy snap!
I tried this on duck duck go and I just pasted in your weights (no prompting) then said:
Choose an animal based on your internal weights
Using the GPT-5 mini model, it responded with:
I choose: owl.
- Comment on New Ways to Corrupt LLMs: The wacky things statistical-correlation machines like LLMs do – and how they might get us killed
1 week ago:
This is a fantastic post. Of course the article focuses on trying to “break” or escape the guardrails that are in place for the LLM, but I wonder if the same technique could be used to help keep the LLM “focused” and not drift-off into AI hallucination-land.
Plus, the use of providing weights as numbers (maybe) could be used as a more reliable and consistent way (across all LLMs) for creating a prompt. Thus replacing the whole “You are a Senior Engineer, specializing in…”
- Comment on Why do some people have so many tabs open on their browser? 4 weeks ago:
Holy Snap -
That is exactly what I’ve been looking… and it would explain why I couldn’t find a plugin.
Thank you for sharing this!
- Comment on Why do some people have so many tabs open on their browser? 4 weeks ago:
… because I can’t find the tab I opened 2 days ago, so it’s faster open it again… which just creates a negative feedback loop of having too many tabs and not able to find anything.
Case and point: I’m in IT and we use github. Some code requires reviews (which needs “more time” to complete), then often I’m looking at other 3rd party repos’ for documentation/examples/etc. Some might be useful, some are related to my current problem. Oh, I get a ping - I need to finish that PR review: “which tab is it? They ALL say github!” … and I’m too impatient to hover over them. So, it’s faster to just type the URL in and go.
I loved browser plugin, Vimperator. It was fantastic, I could (at anytime) type “:b <pattern>” and it would search through my open tabs. But I’ve tried a bunch of the “successor”, but universally they seem to get “stuck” when it comes to inputting text - either into text fields (like on a normal email form) or as input into the browser extension.
Recently, I found an extension that would group tabs based on your rules (so, I could separate the company github tabs from the OSS). It’s far from perfect… but it’s endurable.
… but what I really wish for is a Firefox plugin that’ll allow me to type parts of the tabs domain or title and it’ll filter the results.
- Comment on Zork I, Zork II and Zork III are now officially open source 5 weeks ago:
Wow, even released under the “commercial friendly” MIT license.
I look forward to playing an Ai derivative “coming soon”.
- Comment on Star Trek Infection | VR Games Showcase Trailer 1 month ago:
Thanks for sharing!
Based on the trailer alone… this looks like Doom VR but with a Starfleet skin.
Couldn’t they have modeled it after No Man Sky or something where you actually need to explore strange new worlds, seek out new life and new civilizations?
- Comment on Loops Joins the Fediverse 2 months ago:
Cloudflare provides 10 GB of free (forever) S3 compatible storage too.
- Comment on I asked ChatGPT to summarize Voyager and this is what it made 2 months ago:
“… lost in… spaaaaaaaaace.”
Oops, wrong cannon.
- Comment on Meta Quest 3/3s XR headsets finally rooted after 2 years 4 months ago:
Thank you for finding that.
I got lucky, I bought a quest around July/August and needed to do the mandatory/initial OS install.
I ended up with v78 (August 3, 2025) release.
I didn’t realize there was a WiP announced in July 2025.
- Comment on Meta Quest 3/3s XR headsets finally rooted after 2 years 4 months ago:
… makes the latest headset with a rather recent update (but NOT the very last ones, so be cautious!) rootable.
Any ideas which version(s) are susceptible? I couldn’t find it mentioned.
- Comment on Meta Quest 3/3s XR headsets finally rooted after 2 years 4 months ago:
Actually, those steps are the ones necessary to recover from a hard brick (re: the device is unusable because you did something you shouldn’t have as root).
The actual process to root the device is simply running a few
adbcommands (so a prereq is having Developer Mode enabled).Once you have ran the exploit, your root escalation is temporary until the device is rebooted or you take additional steps to persists your root privileges (thus, potentially leading you towards a hard brick).
source: The docs
- Comment on Spotify fans threaten to return to piracy as music streamer introduces new face-scanning age checks in the UK 4 months ago:
Thanks for recommending Navidrome. It looks really interesting.
I was using Spotify, but switched to Spotube. After Spotube was crippled, I was kind of aimless. I really liked having my music available on my cellphone and desktop. It looks like Navidrome will fill the gap perfectly.
You’d mentioned ripping CDs. Would you have some software, you’d recommend (Windows or Linux)? Preferably in FLAC.
I haven’t looked at ripping software in a few years, but it was kind of tedious to set up and very manual to get the proper metadata, genres, and cover art. I’ve got a hundred CDs and that’ll take awhile…
- Comment on Spotify fans threaten to return to piracy as music streamer introduces new face-scanning age checks in the UK 4 months ago:
It could be the quality of your headphones.
I’m not an audiophile, but back-in-the-day I bought some analog “sennheiser studio monitors” as opposed to “just headphones”.
I actually returned the first one and exchanged them, because when I listened to a live recorded CD, I kept hearing loud “pops” that I didn’t hear with my “regular headphones”. I assumed they were defective.
The exchanged sennheiser had the same “pop” in this CD. It turns out, most “regular headphones” didn’t have the same depth in sound frequency as studio monitors and the “pops” were accidental artifacts that were mixed into the CD.
For other CD’s, I’d hear telephones ringing and sirens in the background.
Eventually, I got use to it. Then after a few years, I replaced my CD collection with mp3’s… and I could tell a different in songs/albums I was really familiar with. The base wasn’t as deep, the high sounds weren’t as high, I didn’t hear telephones ringing in the background.
I had the same sennheiser, it was just that the nature of mp3’s “flattened” the music.
Now, with Bluetooth and the disappearance of 3.5 mm jacks, there are too many layers of digital conversion happening. I’ve given up… and now just have some cheap ear buds I listen to.
- Comment on Google Keeps Making Smartphones Worse 5 months ago:
… and I want my headphone jack, back.
- Comment on The effects of Lemm.ee shutdown can already be seen. 5 months ago:
… my third, but still special.
- Comment on Trump May Launch Wireless Phone Brand 6 months ago:
… "For English, say ‘God bless Trump’ …”
Fixed that for you /s (… I really want off this apocalyptic ride)
