A lot of great projects do not fail because they lack substance. They fail because not enough people ever notice them. That is why @clownitx stands out. It gives strong projects a better chance to be seen, shared, and pushed into the spotlight by people who actually care. Good ideas deserve visibility too. $ICP

last one

Calling it now

A lot of people of think the RAM crisis is because of AI. It’s not. It’s Apple’s Calculator app in OSX.

In 2011, someone bought 10,000 Bitcoin for $7,800 at $0.78 per BTC. 14 years later, He sold it for $1 Billion.

updated fable eval scores

The US government, citing national security authorities, has issued an export control directive to suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees. The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance. Access to all other Claude models is not affected. We apologize for this disruption to our customers. We believe this is a misunderstanding and are working to restore access as soon as possible. Read our full statement: anthropic.com/news/fable-myt…

🚨 BREAKING: More than 400 Arch Linux User Repository packages have been compromised with infostealer malware and a rootkit. Attacker posed as a trusted maintainer and "adopted" orphaned packages. Arch maintainers are purging infected packages now. Audit your AUR installs.

NEW: malware developers added nuclear & biological weapons text to to their spyware. Goal? To trigger LLM safety refusals... so that their spyware wouldn't be analyzed by an AI security scanner. Cleanest practical example I can think of for why over-indexing on first order safety alignment is risky. When closed (and open) models ship with aggressive refusals, they will be sprinkled with second-order blindspots that attackers will discover...and exploit. We are only in the earliest days of attackers leveraging these features, and it wouldn't surprise me if users systems that need to handle complex cybersecurity issues demand that models be less safety-blunted. In the weeds: @SocketSecurity's post also shows why intention matters in how you design a malware analysis pipeline to avoid prompt manipulation. H/T to colleagues that shared this with me socket.dev/blog/mini-shai-hu…

I think we’re at a very revealing point in time with regards to AI and culture, a chance that might not come back, and we should keep our eyes and ears open. Soon enough AI will become invisible. There won’t be any simple emdash or ”not X, but Y” tells. You won’t be able to distinguish ”slop”. Then it will be like that forever. The memories of what life was like before AI will be important, of course, but just like ”with AI” will cover the rest of human existence going forward, ”without AI” covered all of it up until now. We’re the only ones who live in the seam. Our observations might end up having some extra significance. We can see failure modes that will soon be gone. But why would old AI bugs be important once they’re fixed? When trying to understand human minds, scientists often examine exceptions. Brains where some region is broken can tell us much about what the region does if we compare to a healthy brain. As a small example: I’d like to add as a timestamped observation from this transitional time that AI has nailed music almost immediately, while the ”uncanny valley” remains in pictures and especially in text. AI generated music doesn’t feel oddly empty the way art and text does. It feels consistent with how world class musicians sound. Sure, AI might not yet come up with something like ”We will we will rock you! (stomp stomp)” filled with raw human emotion, but it does an excellent Steely Dan - technically perfect music that pleases a musician and sounds at least like decent ”elevator music” to everyone else. To be clear, if your instinct now is to object “but I hate synchronizer music where every note is exactly on time, I want human imperfections”, then you’re still talking about the situation up to a few years ago. AI doesn’t use a sequencer, it uses statistics where the minute “imperfections” that improve the song are captured, not discarded. It’s also not a problem to do the human voice as an instrument - the AI does a mean bebop. The contrast comes, and becomes incredibly, comically pronounced, as soon as you ask the AI to add in lyrics. The result is like if HR wrote a “funny” themed song for the Christmas party to summarize the year’s significant company events, and then hired a band of the world’s greatest musicians to perform it. It will sound exactly as when people who aren’t artists write lyrics. Basically it seems that with music, math is enough. You can add a more emotional element, but it doesn’t feel flat without it. I have been interested in music (and indeed computer generated music) my whole life, but this realization has only dawned on me during this particular time, when a very certain level of AI capacity made this obvious in contrast to art and text. Sure we could experiment with limited and constrained AIs in the future to replicate the AIs of today if that’s interesting in the sense of science using a damaged brain for comparison. But I think the unique experiment we live right now that won’t be replicated is the experience of living in - being immersed in - a world of ”half-assed AI”, what that’s like and what profound lessons it can teach us about AI, and about ourselves. People won’t readily subject themselves to that again at scale, so please take notes of your suffering.

A developer posted this on Reddit, and I haven't stopped thinking about it.

Awww baby want a lollipop?

‼️🚨 A new npm supply-chain attack compromised 57 packages across over 286 malicious versions in under 2 hours. The attackers used self-replicating malware, a new version of the Miasma worm, which also used evasion techniques to stay under the radar. The payload targets CI/CD and developer credentials, including GitHub Actions secrets, cloud credentials, Vault tokens, SSH keys, npm and GitHub tokens, and password-manager stores. This variant also injects AI coding assistant config files at `.claude`, `.cursor`, `.gemini`, and `.vscode` paths, a separate persistence and repo-poisoning angle.

Dominic Williams: 50 years old, looks 35. Charles Hoskinson: 38 years old, looks 50. Maybe $ADA holders should switch to $ICP for their skin 😂

2.5M internet-computer:native MOVED AFTER MORE THAN FIVE YEARS OF DORMANCY Five wallets funded directly by the minting protocol with 500k ICP each on May 6, 2021, transferred their entire balances to a wallet allegedly linked to @dfinity Foundation on June 2. The 2.5M ICP had remained inactive for more than five years and is now consolidated into a single address. The source wallets are now empty.

Cardano builders coming to $ICP

‼️🚨 BREAKING: Another researcher skipped coordinated disclosure entirely and dropped a critical 1-click GitHub token theft in public because he doesn't want to deal with MSRC. In his own words: "I really don't want to deal with MSRC on VSCode bugs." The bug: just clicking a link can hand an attacker a GitHub token that reads AND writes to all your repos, including private ones. It lives in github[.]dev, GitHub's browser-based VSCode editor, which passes the browser an OAuth token that isn't scoped to a single repo. That token can touch everything you can. Researcher Ammar Askar found that VSCode's sandboxed "webviews" leak keyboard events to the main editor. A malicious repo opened via one link can simulate keystrokes, install a local extension that skips VSCode's publisher-trust check, and exfiltrate your token. He published a working proof-of-concept. He says when he reports github[.]dev bugs, GitHub tells him they're out of scope and to go report to MSRC, and a prior VSCode bug he reported was silently fixed with no credit. One commenter summed up the mood: "MSRC has turned into Feedback Hub."

$ICP Liquidity on-chain improving ever more. The evolution from 2024 is an interesting thing to watch. Usually ecosystems get weaker over time.. look at how much on-chain liquidity improved over 2 years:

my instagram (@ korn) was stolen overnight via the Meta AI exploit and was subsequently disabled. it was Meta Verified, facial scan verified, and had 0 TOS violations. the account is the sole source of my income. i spent 6 hours trying to get human support and meta's support AI gave me 4 broken links in a row. we're at the point where one AI stole it and another can't fix it, zero humans in the loop anywhere. does anyone know how to get in contact with meta support about this? it is absolutely ridiculous that a trillion dollar company allows an exploit like this and doesn't even address it. @instagram @AIatMeta @DarkWebInformer