"In a few years, almost everyone will claim they opposed this genocide. But it is now that people of good conscience need to take a stand. As economists we stand, today, with Francesca Albanese, the UN Special Rapporteur under attack by the US and Israeli governments because her recent report throws indescribably important light on the political economy of Israel’s occupation and genocide."
remixtures
joined 2 years ago
"Design Patterns for Securing LLM Agents against Prompt Injections (2025) by Luca Beurer-Kellner, Beat Buesser, Ana-Maria Creţu, Edoardo Debenedetti, Daniel Dobos, Daniel Fabian, Marc Fischer, David Froelicher, Kathrin Grosse, Daniel Naeff, Ezinwanne Ozoani, Andrew Paverd, Florian Tramèr, and Václav Volhejn.
I’m so excited to see papers like this starting to appear. I wrote about Google DeepMind’s Defeating Prompt Injections by Design paper (aka the CaMeL paper) back in April, which was the first paper I’d seen that proposed a credible solution to some of the challenges posed by prompt injection against tool-using LLM systems (often referred to as “agents”).
This new paper provides a robust explanation of prompt injection, then proposes six design patterns to help protect against it, including the pattern proposed by the CaMeL paper."
https://simonwillison.net/2025/Jun/13/prompt-injection-design-patterns/
"Unknown hackers last month targeted leaders of the exiled Uyghur community in a campaign involving Windows spyware, researchers revealed Monday.
Citizen Lab, a digital rights research group based at the University of Toronto, detailed an espionage campaign against members of the World Uyghur Congress (WUC), an organization that represents the Muslim-minority group, which has for years faced repression, discrimination, surveillance, and hacking from China’s government."
"The DOGE employees, who are effectively led by White House adviser and billionaire tech CEO Elon Musk, appeared to have their sights set on accessing the NLRB's internal systems. They've said their unit's overall mission is to review agency data for compliance with the new administration's policies and to cut costs and maximize efficiency.
But according to an official whistleblower disclosure shared with Congress and other federal overseers that was obtained by NPR, subsequent interviews with the whistleblower and records of internal communications, technical staff members were alarmed about what DOGE engineers did when they were granted access, particularly when those staffers noticed a spike in data leaving the agency. It's possible that the data included sensitive information on unions, ongoing legal cases and corporate secrets — data that four labor law experts tell NPR should almost never leave the NLRB and that has nothing to do with making the government more efficient or cutting spending.
Meanwhile, according to the disclosure and records of internal communications, members of the DOGE team asked that their activities not be logged on the system and then appeared to try to cover their tracks behind them, turning off monitoring tools and manually deleting records of their access — evasive behavior that several cybersecurity experts interviewed by NPR compared to what criminal or state-sponsored hackers might do."
https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-musk-spacex-security
"Browsers keep track of the pages that a user has visited, and they use this information to style anchor elements on a page differently if a user has visited that link before. Most browsers give visited links a different color by default; some web developers rely on the :visited CSS selector to style visited links according to their own preferences.
It is well-known that styling visited links differently from unvisited links opens the door to side-channel attacks that leak the user’s browsing history. One notable attack used window.getComputedStyle and the methods that return a NodeList of HTMLCollection of anchor elements (e.g. document.querySelectorAll, document.getElementsByTagName, etc.) to inspect the styles of each link that was rendered on the page. Once attackers had the style of each link, it was possible to determine whether each link had been visited, leaking sensitive information that should have only been known to the user.
In 2010, browsers implemented a mitigation for this attack: (1) when sites queried link styling, the browser always returned the “unvisited” style, and (2) developers were now limited in what styles could be applied to links. However, these mitigations were complicated for both browsers to implement and web developers to adjust to, and there are proponents of removing these mitigations altogether." https://github.com/explainers-by-googlers/Partitioning-visited-links-history
"Today, in response to the U.K.’s demands for a backdoor, Apple has stopped offering users in the U.K. Advanced Data Protection, an optional feature in iCloud that turns on end-to-end encryption for files, backups, and more.
Had Apple complied with the U.K.’s original demands, they would have been required to create a backdoor not just for users in the U.K., but for people around the world, regardless of where they were or what citizenship they had. As we’ve said time and time again, any backdoor built for the government puts everyone at greater risk of hacking, identity theft, and fraud.
This blanket, worldwide demand put Apple in an untenable position. Apple has long claimed it wouldn’t create a backdoor, and in filings to the U.K. government in 2023, the company specifically raised the possibility of disabling features like Advanced Data Protection as an alternative."
"And it’s crazy that people can be so into their ideology that they just refuse to look at reality. It can’t all just be “America’s fault.” People in Zimbabwe are just regular people like you and me, and they’re not better than anyone or worse. Their leaders do bad things and are corrupt, just like anywhere else. In what country in the world does one party remain in power for thirty, forty years and not become corrupt? And it’s interesting to me how easily people are still able to call on the boogeyman of the West and say, “Oh, yeah. Now forget all of the things that are going wrong. America did everything.” America does lots of things wrong. America has its own problems, and America spreads its problems around the world.
I have people that still tell me that the West caused the situation in Ukraine. And I’m like, but [Vladimir Putin] has done this in Crimea. He did this in Georgia; he did this in Chechnya. So America just did all of these? America is the reason that Russia took Abkhazia and Ossetia? They took Crimea; they took Donbas."
"In the 1970s, ostensibly leftist movements were in power in many parts of the Middle East and also were the dominant groups fighting for revolution and liberation in Palestine. And here we are now. The failure of those governments, the rise of political Islam, and the failures of the secular state in the Middle East have profoundly changed the whole dynamic. Now if you’re talking about the Middle East and resistance movements, you’re almost always talking about movements that are religious in nature. And you see the rise of political Islam and the sidelining of socialism.
Some of that is also the failure of ostensibly socialist states that just became kleptocracies and dictatorships. There’s nothing wrong with wanting and desiring revolution. But [there should be] some level of recognition that in any revolution you’re letting a tiger out of the cage. What’s going to happen after that is hard to say."
"At a press conference in the Oval Office this week, Elon Musk promised the actions of his so-called Department of Government Efficiency (DOGE) project would be “maximally transparent,” thanks to information posted to its website.
At the time of his comment, the DOGE website was empty. However, when the site finally came online Thursday morning, it turned out to be little more than a glorified feed of posts from the official DOGE account on Musk’s own X platform, raising new questions about Musk’s conflicts of interest in running DOGE.
DOGE.gov claims to be an “official website of the United States government,” but rather than giving detailed breakdowns of the cost savings and efficiencies Musk claims his project is making, the homepage of the site just replicated posts from the DOGE account on X."
https://www.wired.com/story/doge-website-is-just-one-big-x-ad/
view more: next ›
@bearsong@ravenation.club Thanks! I like to share links to articles that I personally find interesting :)