Man I miss Tracker.
I agree / hope that’s what they meant. It seems disingenuous, though, to describe it as unreadable, since obviously something has to read it to bake it into the deploy. And given their apparent lack of effective…
Where did you see that a Context employee had credentials stolen in February? I haven't run into that particular data point.
Not just into Vercel's env vars, but into Vercel's customer's env vars.
An email from Vercel came to my company at 10:47am UTC. It contained little information, and said: > At this time, we do not have reason to believe that your Vercel credentials or personal data have been compromised.…
They mean the latter. Very unclear how that translates to meaningful security.
You’re right, I should have been more careful in my reference to AWS. No need to be snarky about it. Let me rephrase: aside from that one example from a couple years ago, I haven’t seen any examples of production code…
You’re right, there is that one example. Feels like we’re in exception that proves the rule territory. But I’d be very interested in being proven wrong! This isn’t a desire of mine, just what I’ve seen. Do you have…
That is amazing. Compounded by the fact that there's a product listed as "COMING SOON JULY 2025"! This isn't an abandoned site.
Sure, but are you worried about someone cheating on their arXiv submission by exploiting a buffer overflow? It’s a real bug, it’s just not very important.
There are no Lean applications other than Lean. This is an important point most of the comments are missing. Lean is for proving math. Yes, you can use it for other things; but no, no one is. Still good to have found,…
Hi Kiran, thanks for following up. FWIW, I enjoy your blog and your work. And I do think it was a valuable bug you found; also nice to see how quickly Henrik fixed it. Say more about people running Lean in production. I…
This article’s framing and title are odd. The author, in fact, found no bugs or errors in the proven code. She says so at the end of the article: > The two bugs that were found both sat outside the boundary of what the…
This looks cool enough, but it’s starting to drive me crazy how people are in such a rush to put out their macOS apps they can’t be bothered to get a developer account and run a one line command. It’s not hard. I used…
I find both to be true. I use Claude for most of the implementation, and Codex always catches mistakes. Always. But both of them benefit from being asked if they’re sure they did everything.
To be clear, for those reading these comments and thinking “oh no Azure”, this is an addition to the list of cloud companies that provide “cloud infrastructure worldwide” for “all products”. Alongside GCP and AWS. This…
Ah, my mistake! Thanks for the correction. But I believe you can replace versions on both, nonetheless. It’s a multi step process, unpublish then publish again. But the net effect is the same.
They absolutely do. In this case litellm 1.82.8 had been out for at least a week (can’t recall the exact date offhand). The compromised version was a replacement.
This is fantastic, thank you. Your reporting has been great. But also, damn, the playlist.
I get the email notifications from Anthropic’s status monitor, and I think they might be my most frequent emailer these days.
Ah nice, good to know. I hadn’t used codex in a while. I actually really like opencode and its ui, just wish it didn’t clear the screen on exit. It could at least redraw whatever was last in the chat, that would be…
I think you’re confusing capital c Claude Code, the desktop Electron app, and lowercase c `claude`, the command line tool with an interactive TUI. They’re both TypeScript under the hood, but the latter is React + Ink…
I’ve looked at that a bit. Roff and mandoc etc have specialized tagging that’s not easily representable in markdown. You’d wind up with a lot of boilerplate or special non-standard markup, which would undermine the…
I can’t tell if you’re joking or not, but it’s funny either way.
On one hand this is a neat idea. I've thought about how nice it would be to have a visual layout tool for text-based designs. The current offerings are slim. Of course, you could easily argue that if you need a visual…
Man I miss Tracker.
I agree / hope that’s what they meant. It seems disingenuous, though, to describe it as unreadable, since obviously something has to read it to bake it into the deploy. And given their apparent lack of effective…
Where did you see that a Context employee had credentials stolen in February? I haven't run into that particular data point.
Not just into Vercel's env vars, but into Vercel's customer's env vars.
An email from Vercel came to my company at 10:47am UTC. It contained little information, and said: > At this time, we do not have reason to believe that your Vercel credentials or personal data have been compromised.…
They mean the latter. Very unclear how that translates to meaningful security.
You’re right, I should have been more careful in my reference to AWS. No need to be snarky about it. Let me rephrase: aside from that one example from a couple years ago, I haven’t seen any examples of production code…
You’re right, there is that one example. Feels like we’re in exception that proves the rule territory. But I’d be very interested in being proven wrong! This isn’t a desire of mine, just what I’ve seen. Do you have…
That is amazing. Compounded by the fact that there's a product listed as "COMING SOON JULY 2025"! This isn't an abandoned site.
Sure, but are you worried about someone cheating on their arXiv submission by exploiting a buffer overflow? It’s a real bug, it’s just not very important.
There are no Lean applications other than Lean. This is an important point most of the comments are missing. Lean is for proving math. Yes, you can use it for other things; but no, no one is. Still good to have found,…
Hi Kiran, thanks for following up. FWIW, I enjoy your blog and your work. And I do think it was a valuable bug you found; also nice to see how quickly Henrik fixed it. Say more about people running Lean in production. I…
This article’s framing and title are odd. The author, in fact, found no bugs or errors in the proven code. She says so at the end of the article: > The two bugs that were found both sat outside the boundary of what the…
This looks cool enough, but it’s starting to drive me crazy how people are in such a rush to put out their macOS apps they can’t be bothered to get a developer account and run a one line command. It’s not hard. I used…
I find both to be true. I use Claude for most of the implementation, and Codex always catches mistakes. Always. But both of them benefit from being asked if they’re sure they did everything.
To be clear, for those reading these comments and thinking “oh no Azure”, this is an addition to the list of cloud companies that provide “cloud infrastructure worldwide” for “all products”. Alongside GCP and AWS. This…
Ah, my mistake! Thanks for the correction. But I believe you can replace versions on both, nonetheless. It’s a multi step process, unpublish then publish again. But the net effect is the same.
They absolutely do. In this case litellm 1.82.8 had been out for at least a week (can’t recall the exact date offhand). The compromised version was a replacement.
This is fantastic, thank you. Your reporting has been great. But also, damn, the playlist.
I get the email notifications from Anthropic’s status monitor, and I think they might be my most frequent emailer these days.
Ah nice, good to know. I hadn’t used codex in a while. I actually really like opencode and its ui, just wish it didn’t clear the screen on exit. It could at least redraw whatever was last in the chat, that would be…
I think you’re confusing capital c Claude Code, the desktop Electron app, and lowercase c `claude`, the command line tool with an interactive TUI. They’re both TypeScript under the hood, but the latter is React + Ink…
I’ve looked at that a bit. Roff and mandoc etc have specialized tagging that’s not easily representable in markdown. You’d wind up with a lot of boilerplate or special non-standard markup, which would undermine the…
I can’t tell if you’re joking or not, but it’s funny either way.
On one hand this is a neat idea. I've thought about how nice it would be to have a visual layout tool for text-based designs. The current offerings are slim. Of course, you could easily argue that if you need a visual…