jonny (good kind)21h ago
I was not ready for that thread to break containment so hard, but I was especially not ready for people quoting it to think that (good kind) was my last name and I find that extremely charming.
Show threadViss
@jonny it was a great thread :D
Apr 2 at 9:53pmTusky Test
Show threadjonny (good kind)20h ago
@Viss
It is not over (I just have to work, and I have to break it into a second thread because it is uh challenging our server to serve the whole reply tree). I estimate i've skimmed 10% of it and read 5%, and I haven't even gotten into the core agent and tool call logic, if one can call it logic. I am trying to do my due diligence so I can say "that thing right there is actually a mountain of diapers" from a place of knowledge.
Show threadThe Orange Theme19h ago
@jonny @Viss I will say, the dopamine hit of seeing you reply with more messy screenshots was so good. I look forward to more of whatever you're willing to write about this tire fire.
Show threadjonny (good kind)19h ago
@theorangetheme @Viss so the function-level mess is already bad enough, but from the glimpses i have seen about how the tools and agents are "orchestrated" it is actually such a bigger mess than i thought (and explains a lot of the totally perplexing errors i have gotten while using the thing) but that kind of library-level analysis takes time and i want to be responsible with my description of the code and do it right so it's not easy to discredit.
Show threadViss19h ago

@jonny when the news broke i fetched like 2-3 zips from github, i havent uncompressed em yet, i hope i grabbed the right code. i heard there was some threat actor posting bullshit code for folks to try and run that would infect them.

absolutely crazypants that we're 'here' as infosec - attackers are now poisoning leaks and trying to do drivebys to pop researchers

Show threadjonny (good kind)19h ago
@Viss i know, the chain of custody got broken almost immediately. the copy on archive.org went up quickly enough and was just the actual sourcemap and source, and archive.org isn't like a 'prestige' thing or the first place you would think of as an attack vector that i feel comfortable enough doing static analysis on the source. but yeah i am static analysis only there is no way you could get me to run this code for that reason lol.
Show threadunable to decrypt message15h ago
@jonny @Viss If nobody can feasibly understand how the hell any of it works, what is the difference between that and "some threat actor posting bullshit code for folks to try and run that would infect them"?
Show threadViss14h ago
@be @jonny thats actively happening already