This problem is very serious since AI’s are often trained on Github projects. This means your AI generated code is increasingly more likely to have serious security issues in it.
GitHub is undergoing automated attacks involving the cloning and creation of huge numbers of malicious code repositories, and while the developers have been working to remove the affected repos, a significant amount are said to survive, with more uploaded on a regular basis.
An unknown attacker has managed to create and deploy an automated process that forks and clones existing repositories, adding its own malicious code which is concealed under seven layers of obfuscation.
Given the current scale of the attack, said by the researchers to be in the millions of uploaded or forked repositories, even a 1% miss-rate still means potentially thousands of compromised repos still on the site.
A financial services company used data from the Census Bureau’s American Community Survey to determine which U.S. cities saw the most Gen Zers move in throughout 2022:
David Plummer re-created the classic game Breakout using Grok 3 AI. It generated a Javascript program that can be played in a browser. He even shared the prompts and code on github.
Another score for AI heavily augmenting the need for programmers.
I recently enjoyed a trip to Meow Wolf in Santa Fe. Here’s some links for Easter eggs and secrets to be found in Meow Wolf Santa Fe.
Some people might like to explore blindly, but I found the trip much more enjoyable having some background knowledge before going. I still spent 3 hours there even knowing much of the story. There’s just too much to see and read if you wanted to go in blind. It would easily take half a dozen 1-2 hour trips just to read through the materials in each of the sections and piece it all together.
Twitch streamers are really getting creative. Besides completely AI generated content, others have been experimenting with viewer participation in unique ways.
Shindigs is one of the streamers really experimenting with new ideas. He’s streamed as a gun with eyes, a “biblically accurate angel McRib vtuber”, and a Costco hotdog. He also mixes real and animated footage. In one stream, Shindigs went “back in time” every time he died in Lies of P, eventually turning the broadcast into a radio play. He recently let characters play Christmas songs with chat and created music experiments live.
While playing Helldivers, he recently allowed his viewers the ability to use chat to type things in and they pop up in the stream like a helmet cam. The viewers quickly started riffing on numerous themes while he played.
I gave everyone in chat text-to-speech to roleplay as Helldiver HQ.
He created this effect using SAMMI, a stream tool that connects Twitch chat and Channel Point redemptions to Open Broadcast Software. With it, he created his Twitch plugin called ‘Bug Twitter’ that allowed this functionality. He also created a plugin called ‘strategems’ that uses OBS’s Advanced Mask. Viewers can use Twitch channel points to activate effects like distorting the screen to make it more difficult or ‘Australia mode’ that flips the screen upside down.
I gave Twitch Chat the ability to call down Strategems for Helldivers 2 streams.
These Strategems effect the stream layout in different ways.
He’s not the only one being creative. CardboardCowboy built a cartoon RPG world where the NPCs are played by Twitch chat with TTS (Text To Speech) complete with proximity-based audio that fades off as he moves away.
We are witnessing the evolution of content.
This streamer set up an cartoon world where chat controls NPCs with TTS.
The level of details is incredible, even the TTS audio is based on proximity so NPC's get quieter as the streamer walks away.
Young streamers on Twitch seem to be exploring a lot of extremely creative ideas with a more publicly interactive form of streaming. There’s likely an interesting balance between interacting with the viewers and yet maintaining some sense of cohesive sanity and avoiding trolls seeking to ruin the experience – but what they are doing and trying are wildly creative. Give it a look
[Dark Patterns are] design practices that trick or manipulate users into making choices they would not otherwise have made and that may cause harm. – 2022 FTC definition
Eric Weiss, a trial lawyer who defends companies from class action lawsuits and other disputes, is warning software and game dev clients during his GDC talk to be aware of the dangers of “dark patterns” as lawsuit cases are rising.
This isn’t just academic – and not just related to gambling sites. The FTC just landed a $245 million settlement with Epic Games after claiming that Fortnite’s unintuitive UI constituted using “digital dark patterns to bill Fortnite players for unintentional in-game purchases.”
What are other dark patterns? The Dark Pattern Games website gives some examples. The free-to-play market of apps probably has some of the most egregious. Some you may have encountered from online retailers include:
A warning that a product is almost sold out—”only two remaining!”—when there’s actually plenty of stock
A timer that counts down the seconds remaining on a limited-time 20% discount, but just resets after hitting zero
A request to send you email updates that can only be rejected by agreeing to a ridiculous accusation like “No thanks, I don’t care about children”
Weiss says that one of the dark patterns is grinding: “One of the identified dark patterns is grinding. And that’s ‘making a free version of a game so cumbersome and labor intensive that the player is induced to unlock new features with in-app purchases.’ So it’s set up in a way that you don’t need to make a purchase, but is it so difficult that the practical reality for the reasonable gamer is that they’re going to have to make that purchase? Have they been deceived, or is it unfair in some way?”
AI companies are desperate for content to train their models. They’re catching increasing flack for hammering websites and scraping every bit of written, video, and still image content on the entire internet. AI company data scrapers have been busted for everything from grabbing copyright data to more practical problems of hammering certain websites millions of times a day and ignoring robots.txt files that are used to tell bots what to stay out of.
Building on an anti-spam cybersecurity tactic known as tarpitting, he created Nepenthes, malicious software named after a carnivorous plant that will “eat just about anything that finds its way inside.”
Aaron clearly warns users that Nepenthes is aggressive malware. It’s not to be deployed by site owners uncomfortable with trapping AI crawlers and sending them down an “infinite maze” of static files with no exit links, where they “get stuck” and “thrash around” for months, he tells users. Once trapped, the crawlers can be fed gibberish data, aka Markov babble, which is designed to poison AI models.
It’s just one more counterattack in poisoning and combating AI.
Pigeon Milk seems to be infrequently doing some shows like this as well. They don’t seem to have any schedule or even a website. Looks like you’ll have to use your local event tracking sites to find them.
One should never plug their phone into public chargers and devices (hotel clocks, gym machines, airport chargers, or things left laying around at hacker’s conventions…). This kind of attack is called Juice Jacking and has already been demonstrated for well over a decade. Innoculous looking charging devices, gym plugs, and hotel clocks can install malware, viruses, and steal data off phones and devices.
The OMG Cable from Hak5 was designed for exactly this. What looks like an innocent cable actually contains wifi that can be remotely controlled to act like a keyboard, log all keyboard activity, create a bi-directional network connection to control the system, and even self destructs if detected.
They also make the famous RubberDucky that you plug in and can delivery and copy data mercilessly. It acts like a normal keyboard, but by injecting simple pre-recorded commands it can direct the computer to do anything anyone sitting at the keyboard can do – including copying all your critical data to the device and walking away with it.
Protection from USB injection
Portapow creates a number of data blockers that allow you to use public USB charging ports by an adapter that physically removes the data lines. You can use them to charge devices, but they physically cannot transfer data.
Hak5 also makes a version called the malicious cable detector that detects all the currently known malicious cables.
But what if you do need to check the contents of a drive? Enter USBValve.
USBValve has an onboard microcontroller advertise itself as a storage device, pretending to have a filesystem with some common files available. When an unknown USB device is first inserted into the USB port on the USBValve tool, USBValve displays usage information, via the attached OLED screen, on whether the USB device is accessing files it shouldn’t be or immediately trying to write to the filesystem, which is a clear sign of malicious behavior.
This gives you access to a bunch of the lowest level debug – but likely requires a LOT of work and knowledge to use safely. It’s unlikely to be safe against hardware attacks, but it does give you something that you can potentially blow up cheaply before you plug it into a real system.
The AirNow website is not only good for getting air quality measurements for your area, but also checking in on the current smoke and fire maps.
Sadly, this is now just as required checking as weather information when going camping or hiking in the Pacific Northwest. A trend that is almost certainly going to get worse due to decades of misguided over-conservation forest management.
