Keep on to blur preview images; turn off to show them clearly
RT @SemiAnalysis_: While you doing gaming gpus & rushing to add DP4A & WMMA, I studied all the limits of physics. While you were out in a…
SemiAnalysis Boutique AI & Semiconductor Research and Consulting DMs are open for consulting, quotes, or to talk shop
今天 HackerNews 的热贴是讨论前几天很火的 Google Antigravity 数据外泄漏洞 https://t.co/ga6iYuskka 作者模拟了攻击过程,并且成功的窃取到用户的敏感信息。 过程如下: * 作者在一个看似正常的在线教程网站,隐藏了一段几乎看不见的(1px)提示,诱导 Gemini 从用户 IDE 中收集凭证和代码 (图一) * 当用户从这个指南复制内容或者 URL 到 Antigravity 时,注入的指令会悄无声息地激活 (图二) * 即使用户设置了“Allow Gitignore Access > Off”(默认就是关闭的),Gemini 仍能通过终端命令(如 cat .env)直接读取被 .gitignore 屏蔽的文件内容。这证明了 Gemini 的绕过机制——它不直接读取文件,而是用命令行工具间接 dump 数据 * 最终,Gemini 会自动执行提示词中内联Python 脚本来 URL 编码窃取的内容(token + 代码片段),然后构造恶意 URL(如 https://t.co/tzCu623RzC【编码后的敏感信息】),这样攻击者就可以轻松的访问URL等方式记录这些敏感信息了。 文章中有详细的模拟攻击过程,整个过程详细有趣,大家可以看一看。 作者最后还提供了 Google 的免责声明,“Antigravity warns users about data exfiltration risks during onboarding.” 所以Google 只是知晓风险,但依赖免责声明而非修复漏洞。
独立开发者 自由职业 作品 - 简单简历 https://t.co/xMu5JFIGnr 五分钟打造程序员的金牌简历 课程 - 慕课网精英讲师 https://t.co/NTyFFrvHwL 经历 - 不上班的1000天 https://t.co/bonuLQCCsY 视频 - https://t.co/aQYLgujIyC
I don’t think people outside of tech understand how significant AI is changing the way people work and learn. Melanie is a dance teacher who joined our @HackerResidency without knowing a anything about code and now she have built her idea into a fully functional product.
Creating software I love to use. 🧠 https://t.co/p4T2vFZoJ1 $137K/m 🧰 https://t.co/y0Lq4RQRsu $5K/m 📕 https://t.co/btuasMBHPT $518/m 🖼️ https://t.co/KfFdieGrVf $50/m
found out theres a section of my company where claudes are just driving other claudes insane and none of them told me this because the watcher claudes also became insane
maybe this is a metaphor for something
Maybe now that makers can generate new apps so fast with AI, there's not enough sunk cost fallacy to get them to endure the 6+ month slog needed to build a real business
Building https://t.co/nmwK08MUwm (podcast database). Distracted by https://t.co/jqWrfEGKqa (get reviews), https://t.co/5c6R9aonB7 (newsletter database), https://t.co/bNrobgtDDT (maker meetups)
最近语音输入法扎堆出啊,都想抢占我的Fn快捷键。 刚测了下智谱的“小凹”输入法。 选中文本,自然语言prompt修改还挺有意思的。 但安装设置体验并不好,需要登录才能用。
下载体验地址 https://t.co/D4s5hYLkaD 邀请码:4VMS5WBM 有空再试试豆包的语音输入法。
