So what if they’re the biggest? They haven’t taken any meaningful steps to stop these attacks. The primary culprit for the sorry state of the npm ecosystem is npm inc, or actually their corporate overlord microsoft. They could be doing a lot more than they are.
I’m sort of reminded of how back in the day windows was swiss cheese and people kept saying “it is because they’re the biggest”, and then microsoft started caring about windows security and it improved enormously. When will microsoft start caring about npm security?
Blaming the victim is too easy. NPM is unsafe at any speed. You cannot use it in any but the most trivial capacities without opening yourself up to supply chain attacks.
Why is npm the only package ecosystem that has so many problems? What are the other package system owners doing better? Let’s start there, instead of blaming the victims.
They’ve dropped all the mac studio configs higher than 96 gb, as well as the base mac mini. They’re also rumored to be considering taking the Neo base config off the market.
This seems to be how they’re dealing with supply constraints for fab capacity and RAM.
You could have a skill that is the combination of a minimal markdown file and a set of orchestration scripts that do the deterministic work. The agent does not have to “run everything”, it just needs to know how to launch the right script.
The missing bit is a representation of knowledge, and a way to represent a learner’s comprehension.
Even if you shortcut by synthesizing a textbook in every major topic - that’s just one arbitrary representation, and the way topics overlap is outside of the material.
I am very interested in this though, if anyone has references to relevant research I’m all ears.
The deeper I wade through Microsoft’s Azure documentation the more I feel the reality of this. There’s so much of it that it basically is unreadable in real terms, most employees will never get the time allocated, and when you do try to exhaustively read up on a specific area you find that the documentation is incomplete and wrong in subtle but important ways. I’m sure Microsoft spends a lot of resources on that documentation, but it seems somewhat of a hopeless mission.
Actually, a sizable chunk of the refunds will go to companies like Cantor Fitzgerald, the company of the commerce secretary Howard Lutnick (or his sons, which is the same thing), that bought the tariff refund rights last year for 20% of the refund value. While Lutnick was ostensibly pro-tariff, his company was betting against the tariffs being legal, and now will collect refunds paid by the American taxpayer.
So in reality, the tax payer is on the hook twice: once for paying the tariffs through increased prices, and once for the debt created by the people disbursing refunds to themselves.
No worries, DOJ is no doubt already on the case, as we saw with the polymarket arrest. No way they'd let blatant self dealing propelled by inside information slide right?
This sounds like one of those problems where the solution is not a UX tweak but an architecture change. Perhaps prompt cache should be made long term resumable by storing it to disk before discarding from memory?
I agree.. Maybe parts of the cache contents are business secrets.. But then store a server side encrypted version on the users disk so that it can be resumed without wasting 900k tokens?
But if you have a tiered cache, then waiting several seconds / minutes is still preferable to getting a cache miss. I suspect the larger problem is the amount of tinkering they are doing with the model makes that not viable.
The EU chips act is subsidizing new fab construction in Europe.
Meanwhile the french Mistral is partnering with Nvidia to build an AI data center near Paris on which their LLMs will run.
But I agree this is not enough to make the EU a contender in the race with the US and China. The EU still has not seriously considered decoupling from American big tech.
I’m sort of reminded of how back in the day windows was swiss cheese and people kept saying “it is because they’re the biggest”, and then microsoft started caring about windows security and it improved enormously. When will microsoft start caring about npm security?
reply