Flutterby™! (short)

Thursday July 16th, 2026

Friend from way back is reinventing as Dan Lyke / comment 0

Friend from way back is reinventing as a digital artist, went through the NFT phase, and is referencing Pepe the Frog because "Pepe is a very popular in the Web3 space".

Yikes, and it's amazing how the bubbles of what's acceptable surround us.

Wednesday July 15th, 2026

Exploit by design Dan Lyke / comment 0

JFC. Mindgard: Cursor 0day: When Full Disclosure Becomes the Only Protection Left

This isn't even a prompt injection attack. Open a repo in Cursor that contains a "git.exe" file, Cursor runs it.

This disclosure goes beyond a single executable named git.exe to the place of trust in software. AI companies routinely ask users to grant unprecedented levels of access to code, repositories, terminals, secrets, and workflows that increasingly blur the line between suggestion and action.

The industry narrative is that these systems deserve trust because they increase productivity, but history has taught us time and again that trust should not be granted because something is useful. It should be earned through behavior. That behavior is reflected in how a company responds to security reports, communicates with affected users, and prioritizes remediation.

Via lobste.rs, which both raises the possibility that this might be an intentional backdoor given how long it's gone unpatched, and also has some speculation about LLM attitudes and philosophies around command vs data channels, and the unwillingness (or inability to conceptualize) separating the two.

Time zones, daylight savings, and health Dan Lyke / comment 0

Cancer Epidemiology, Biomarkers & Prevention: Longitude Position in a Time Zone and Cancer Risk in the United States Fangyi Gu; Shangda Xu; Susan S. Devesa; Fanni Zhang; Elizabeth B. Klerman; Barry I. Graubard; Neil E. Caporaso

Methods: We examined associations between the position in a time zone and age-standardized county-level incidence rates for total cancers combined and 23 specific cancers by gender using the data of the Surveillance, Epidemiology, and End Results Program (2000–2012), including four million cancer diagnoses in white residents of 607 counties in 11 U.S. states. Log-linear regression was conducted, adjusting for latitude, poverty, cigarette smoking, and state. Bonferroni-corrected P values were used as the significance criteria.

Results: Risk increased from east to west within a time zone for total and for many specific cancers, including chronic lymphocytic leukemia (both genders) and cancers of the stomach, liver, prostate, and non-Hodgkin lymphoma in men and cancers of the esophagus, colorectum, lung, breast, and corpus uteri in women.

https://doi.org/10.1158/1055-9965.EPI-16-1029

Via, which thread also had Journal of Health Economics: Sunset time and the economic effects of social jetlag: evidence from US time zone borders

The right way around Dan Lyke / comment 0

jbz @jbz@indieweb.social

What if we ban computers from using kids instead?

Is there a way to generate a large Dan Lyke / comment 2

Is there a way to generate a large corpus of bad code in a variety of languages? Right now my web site is serving zip bombs to overly aggressive bots, but I'm thinking LLM poisoning needs to evolve...

Boko Haram using AI Dan Lyke / comment 0

Just because I know I'm going to end up referring to it a bunch, Pivot to AI on the whole "Boko Haram is using AI" thing, in which it is pointed out that following the advice of ChatGPT killed over two thirds of one squad...

When you can't find the information on Dan Lyke / comment 0

When you can't find the information on Startpage, use Google, and it makes up bullshit.

I mean, at least I knew to verify, which confirmed why I couldn't find it on Startpage...

I know some people make sure to Dan Lyke / comment 0

I know some people make sure to celebrate non-binary day, but I could go either way.

The logical conclusion... Dan Lyke / comment 0

Ariadne Conill 🐰 @ariadne@treehouse.systems

apropos to nothing, i've discovered that gpt-5.6-sol can generate arbitrary raw x86-64 bytecode streams

...:

given that: why have source code at all?

prompt2exe

prompt2exe asks an OpenAI model for a validated JSON shellcode manifest and wraps the returned bytes in a target-native executable container. It uses the Responses API directly through Python's standard library, so it has no package dependencies.

Because what could possibly go wrong?


Flutterby&tm;! is a trademark claimed by
Dan Lyke
for the web publications at www.flutterby.com and www.flutterby.net. Last modified: Thu Mar 15 12:48:17 PST 2001