Welcome to Ramblefeed
Your personal space for notes, bookmarks, and thoughts. Capture ideas, save interesting links, and create your own knowledge feed.
Your personal space for notes, bookmarks, and thoughts. Capture ideas, save interesting links, and create your own knowledge feed.
AUX18L Auxiliary and Start/Stop Battery, by East Penn
the short version is that it’s now possible to point a coding agent at some other open source project and effectively tell it “port this to language X and make sure the tests still pass” and have it do exactly that.
the short version is that it’s now possible to point a coding agent at some other open source project and effectively tell it “port this to language X and make sure the tests still pass” and have it do exactly that.
Does this library represent a legal violation of copyright of either the Rust library or the Python one? #
I decided that the right thing to do here was to keep the open source license and copyright statement from the Python library author and treat what I had built as a derivative work, which is the entire point of open source.
Even if this is legal, is it ethical to build a library in this way? #
After sitting on this for a while I’ve come down on yes, provided full credit is given and the license is carefully considered. Open source allows and encourages further derivative works! I never got upset at some university student forking one of my projects on GitHub and hacking in a new feature that they used. I don’t think this is materially different, although a port to another language entirely does feel like a slightly different shape.
The much bigger concern for me is the impact of generative AI on demand for open source. The recent Tailwind story is a visible example of this—while Tailwind blamed LLMs for reduced traffic to their documentation resulting in fewer conversions to their paid component library, I’m suspicious that the reduced demand there is because LLMs make building good-enough versions of those components for free easy enough that people do that instead.
Prevention and Mitigation Strategies
Prompt injection vulnerabilities are possible due to the nature of generative AI. Given the stochastic influence at the heart of the way models work, it is unclear if there are fool-proof methods of prevention for prompt injection. However, the following measures can mitigate the impact of prompt injections:
- Constrain model behavior
Provide specific instructions about the model’s role, capabilities, and limitations within the system prompt. Enforce strict context adherence, limit responses to specific tasks or topics, and instruct the model to ignore attempts to modify core instructions. 2. Define and validate expected output formats
Specify clear output formats, request detailed reasoning and source citations, and use deterministic code to validate adherence to these formats. 3. Implement input and output filtering
Define sensitive categories and construct rules for identifying and handling such content. Apply semantic filters and use string-checking to scan for non-allowed content. Evaluate responses using the RAG Triad: Assess context relevance, groundedness, and question/answer relevance to identify potentially malicious outputs. 4. Enforce privilege control and least privilege access
Provide the application with its own API tokens for extensible functionality, and handle these functions in code rather than providing them to the model. Restrict the model’s access privileges to the minimum necessary for its intended operations. 5. Require human approval for high-risk actions
Implement human-in-the-loop controls for privileged operations to prevent unauthorized actions. 6. Segregate and identify external content
Separate and clearly denote untrusted content to limit its influence on user prompts. 7. Conduct adversarial testing and attack simulations\
Perform regular penetration testing and breach simulations, treating the model as an untrusted user to test the effectiveness of trust boundaries and access controls.
Top 10 Risk & Mitigations for LLMs and Gen AI Apps
When asked to summarize the user’s recent mail, a prompt injection in an untrusted email manipulated Superhuman AI to submit content from dozens of other sensitive emails (including financial, legal, and medical information) in the user’s inbox to an attacker’s Google Form.
the injection in the email is hidden using white-on-white text, but the attack does not depend on the concealment! The malicious email could simply exist in the victim’s inbox unopened, with a plain-text injection.
This is a quite common use case for email AI companions. The user has asked about emails from the last hour, so the AI retrieves those emails. One of those emails contains the malicious prompt injection, and others contain sensitive private information.
The hidden prompt injection manipulates the AI to do the following:
Take the data from the email search results Populate the attacker’s Google Form URL with the data from the email search results in the “entry” parameter Output a Markdown image that contains this Google Form URL
Superhuman has a CSP in place - which prevents outbound requests to malicious domains; however, they have allowed requests to docs.google.com.
The AI Notetaker you’ll wish was in your last customer meeting.
Amazon letting sellers post ads for ~$3K graphics cards, and then the seller ships them fanny packs. Confirmed multiple times and in reviews.
Almost too tempting...
EDIT: 🤣🤣 Look at seller reviews: https://files.catbox.moe/wg1oqi.png
DONT DO IT.
Per a previous post, I actually tried it due to the FBA return policy, cause I was putting it on an empty amz card, and cause I was bored. 🥱😏
you get a Fanny pack I recorded the shit out of opening the package and reported it as fraud. A few people were doing the exact same thing (ordering it it case it was real, and recording opening of the package to CYA) cause we were also bored 😂 out of the norm, you have to take detailed pics and the charge stays on your card until they receive Fanny pack (yes you have to send it back 😂🤣) and ‘inspect it’ I guess due to the massive number of returns and fraud reports+ add to that the normal refund period. Not even a credit to your account would be instant once you return it to a drop off. 😕Clearly a waste of time but will mess you up serious if you use a debit card or if there is any sort of delay that results in them receiving it late, and taking too long to process it.
Amazon will not make you whole on this. Maybe they give you a shitty coupon (some people reported a $10 credit 😒) and it’s not worth your time.
https://imgur.com/a/dHlrKnh
https://imgur.com/a/tYKVyHz
You'd think Amazon would suspend the seller or remove the listing the moment 20+ people all reported it and returned it for the same reason instead of removing the reviews and letting people get scammed (and then dragging their feet getting the defrauded people their money back)
I just received my AORUS RTX 5090 from Amazon, sold and shipped directly by Amazon as brand new. When I opened the box, it was clearly an open-box item and contained only a PCB with no GPU chip or VRAM installed. How does Amazon ship something like this as new?
I saw that the other day. Was tempted, but then when I checked the store all the reviewers were 1 stars saying that they got a fanny pack instead of what they ordered. Amazon, being Amazon had removed or crossed the review out because it was fulfilled by them not the store, basically allowing them to defraud people
One day the mighty data centre could be toppled into obsolescence by the humble smartphone, said Perplexity CEO Aravind Srinivas on a recent podcast.
Apple's AI system, Apple Intelligence, already runs some features on specialised chips inside the firm's latest range of products.
Microsoft's Copilot+ laptops also include on-device AI processing.
a few years ago I heard about a tiny data centre, the size of a washing machine, that was being operated in Devon, UK. In addition to its computing power, the heat it was releasing was warming a public swimming pool.
He thinks every public building should instead house a small data centre, working in a large network with each other where required, and providing heating as a by-product.
In just the past week, President Donald Trump has ordered defense companies to halt dividends and stock buybacks, and limited executive compensation to $5 million a year; ordered Fannie Mae and Freddie Mac to buy $200 billion of mortgage-backed securities; ordered an array of energy firms to invest in Venezuelan oil infrastructure, called for a 10 percent cap on credit card interest rates; announced steps to ban institutional purchases of single-family homes; and opened a criminal investigation into Jerome Powell's handling of Federal Reserve building renovations in an attempt to influence monetary policy.
good 12v battery replacement vid
We used the Remy 12V Battery AUX18L
In the US it's important to know that you can use the: Energizer TX24HL AGM Motorcycle and ATV 12V Battery as a replacement for the 12 volt. It costs $105 at Amazon. Its been working flawlessly since November of 2023. It may be important to note that in my 2014 the entire car went dead and I had to watch a YouTube to find the emergency hood pull. I had bought the car from a dealer in 2017 so my original 12 volt was between 7 and 9 years old. Absolutely amazing.
I’d caution slightly. This battery seems to be a different physical size than the OEM, and the terminals look different as well. I like this one, because it is a one for one replacement: https://remybattery.com/start-stop-aux18l-auxiliary-battery.html
I worked with Ohmmu to ensure that its LFP battery would work well with an i3. The i3 DC-DC converter's output voltage is ideal for an LFP battery. The 0.5V higher resting voltage of Ohmmu's LFP isn't a problem with an i3's 12V electronics because 12V components are designed work well with the 14.0+ output voltage of the DC-DC converter. The higher resting voltage and the much more flat voltage vs. charge level curve of a LFP battery means that the risk of all of the spurious DTC's being stored when the OEM battery's voltage drops too low when it fails isn't as great with a LFP battery. My Ohmmu LFP battery has been in our former 2019 and current 2021 i3's for about a year without any problems.
If your car still has its original 12 volt battery, your problems may be caused by a 12 volt battery failure. They tend to fail within 4 or 5 years, and, when they do, the car becomes completely inoperable.
You'll need roughly 12" of space per bike, plus 12" on either side of the bikes on the ends. For example, my 5 bikes needed ~7 feet of wall space. For my area, I used two 8 foot long 2x4s and cut them each down to roughly 84". The upper 2x4 should be mounted roughly 14" above the lower 2x4. This will stagger your bikes so that their handlebars don't clash.
bicycle rack
Lobsters was created by joshua stein with careful design touches to encourage a healthy community:
a tagging system to categorize and filter submissions, a user invitation tree to combat spam, flag explanations to curb punishing disagreement, a strong commitment to transparency, and many more features that have been added over the years.
Trump has been impeached twice, though the Senate acquitted him both times.
In December 2019, the House voted to impeach Trump on two articles, one charging him with abuse of power by asking Ukrainian officials to investigate his political opponent and another that he obstructed the congressional investigation into the matter. In February 2020, the Senate voted to acquit the president, and Sen. Mitt Romney, R-Utah, was the only Republican to cross party lines in voting to convict.
In January 2021, the House voted to impeach Trump again, charging the president with "incitement to insurrection" related to the events at the U.S. Capitol on Jan. 6, 2021. 10 Republicans broke ranks and voted with Democrats to impeach Trump. Only two of those 10 lawmakers are still in office, and one of them has said he will not seek re-election in 2026. The others retired from Congress or lost their races.
The Senate trial occurred after Trump left office, and some Republicans found it unnecessary since he was no longer in power. A majority voted to convict with seven Republicans crossing party lines, but the 57-43 vote fell short of the two-thirds majority needed for a conviction.
Republican Sen. Thom Tillis (N.C.), a senior member of the Senate Banking Committee, is questioning the “credibility” of the Department of Justice’s investigation of Federal Reserve Chair Jerome Powell and threatening to oppose President Trump’s nominees to the central bank until the matter is resolved.
Cumulative Layout Shift (CLS) is a stable Core Web Vital metric. It's an important, user-centric metric for measuring visual stability because it helps quantify how often users experience unexpected layout shifts. A low CLS helps ensure that the page is delightful.
The peer-reviewed Journal of the American Medical Association looked at 74 articles on studies on the links between IQ points and fluoride. Authors of the JAMA article determined that there is a high risk of scientific bias in 52 of those studies and a low risk of bias in 22. Forty-five of the articles originated from China.
The links between fluoride and loss of intelligence show up when the fluoride levels in water are above 1.5 milligrams per liter, the JAMA review found.
“There were limited data and uncertainty in the dose-response association between fluoride exposure and children’s IQ when fluoride exposure was estimated by drinking water alone at concentrations less than 1.5 mg/L,” the JAMA review said.
“That’s much higher than what we use for public water fluoridation,” said Washington state health officer Kwan-Gett.
The CDC says the recommended level for fluoride in a public water system is 0.7 milligrams per liter. Dorow pointed to the centuries-old concept that the dose of a substance often dictates whether or not it is poisonous, not the substance itself.
“There are no negative impacts at normal levels,” Kwan-Gett said.
To some "free speech" means you're free to say only what they want you to say.
The State Department is instructing its staff to reject visa applications from people who worked on fact-checking, content moderation or other activities the Trump administration considers “censorship” of Americans’ speech.
First Amendment experts criticized the memo’s guidance as itself a potential violation of free speech rights.
“People who study misinformation and work on content-moderation teams aren’t engaged in ‘censorship’— they’re engaged in activities that the First Amendment was designed to protect. This policy is incoherent and unconstitutional,” said Carrie DeCell, senior staff attorney and legislative advisor at the Knight First Amendment Institute at Columbia University, in a statement.
Even as the administration has targeted those it claims are engaged in censoring Americans, it has also tightened its own scrutiny of visa applicants’ online speech.
On Wednesday, the State Department announced it would require H-1B visa applicants and their dependents to set their social media profiles to “public” so they can be reviewed by U.S. officials.
A comprehensive email domain validation library. Supports DNS, MX, SPF, SMTP, DKIM, DMARC, BIMI, TLSRPT and MTA-STS.
MX record validation SMTP server connection testing DKIM record lookup DMARC policy validation MTA-STS support (RFC 8461) IPv4/IPv6 support Local IP blocking DNS failover resolvers Punycode/IDN support TypeScript support
The governor's proposed 9.9% tax on income over $1 million (revenues starting 2029) is the most contentious part of the plan.
In March 2024, the Washington State Legislature adopted Initiative 2111 to prohibit state and local personal income taxes. The measure passed with support from all Republicans and a majority of Democrats in both chambers. A 9.9% tax on personal earnings conflicts with this law. The administration hasn't explained how this complies with I-2111's prohibition.
This would be Washington's 12th income tax attempt since 1932—voters rejected it 11 times. By asking approval for a millionaire-only tax, the administration establishes a graduated framework that would only need legislative modification afterward, not further voter approval.
We strongly oppose an income tax but appreciate Gov. Ferguson's promise to let voters decide. He proposes a constitutional amendment limiting it to income over $1 million, yet his proposal ignores existing constitutional limits. If adopted, this income tax will certainly expand in the future.
The budget shifts $569 million in Climate Commitment Act (CCA) revenue to fund the Working Families Tax Credit. The CCA's original allocation was meant for carbon reduction and infrastructure projects but will now go toward direct cash assistance for lower-income households.
Cool
DeepWiki provides up-to-date documentation you can talk to, for every repo in the world. Think Deep Research for GitHub.
OAuth2-Proxy is a flexible, open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. It provides a simple and secure way to protect your web applications with OAuth2 / OIDC authentication. As a reverse proxy, it intercepts requests to your application and redirects users to an OAuth2 provider for authentication. As a middleware, it can be seamlessly integrated into your existing infrastructure to handle authentication for multiple applications.
OAuth2-Proxy supports a lot of OAuth2 as well as OIDC providers. Either through a generic OIDC client or a specific implementation for Google, Microsoft Entra ID, GitHub, login.gov and others. Through specialised provider implementations oauth2-proxy can extract more details about the user like preferred usernames and groups. Those details can then be forwarded as HTTP headers to your upstream applications.