More

tempaccount420 · 2025-12-17T21:48:42 1766008122

It's not in Google's style, but they need a codex-like fine-tune. I don't think they have ever released fine-tunes like that though.

The model is very hard to work with as is.

tempaccount420 · 2025-12-11T18:58:56 1765479536

They had to rush it out, I'm sure the internal safety folks are not happy about it.

tempaccount420 · 2025-12-11T18:56:00 1765479360

Coding requires a mindset shift that the -codex fine-tunes provide. Codex will do all kinds of weird stuff like poking in your ~/.cargo ~/go etc. to find docs and trying out code in isolation, these things definitely improve capability.

dmos62 · 2025-12-11T19:49:11 1765482551

The biggest advantage of codex variants, for me, is terseness and reduced sicophany. That, and presumably better adherence to requested output formats.

tempaccount420 · 2025-12-05T13:41:12 1764942072

It was React. Code in React's repository had to be patched to fix this.

Next.JS just happens to be the biggest user of this part of React, but blaming Next.JS is weird...

cryptonym · 2025-12-05T14:30:46 1764945046

Thanks, that's what I acknowledged in the message you just replied to.

I'm not blaming anyone. Mostly outlining who was impacted as it's not really related to the front-end parts of the framework that the initial comment was referring to.

tempaccount420 · 2025-12-05T13:38:27 1764941907

They should be performantly removed.

tempaccount420 · 2025-12-03T17:19:30 1764782370

Basically, JavaScript should not be running on servers.

Vulnerabilities caused by shoddy JS are a lot more impactful to a server since multiple users will be served by the same runtime instance.

cyberax · 2025-12-03T17:28:22 1764782902

It's not JavaScript by itself. It's unsafe coding practices that blend production and development code.

The bug here is in the hot reloading code. It should not be enabled anywhere but on developers' machines.

acdha · 2025-12-04T16:04:18 1764864258

It's not entirely JavaScript but it is partially due to some of the language's history and culture: prototype pollution wouldn't be possible in every other language and not everyone has culture around things like decoding payloads in an exploitable manner (e.g. in the Python world some people used to decode pickled objects but it was always frowned upon; the Java world has had debates over the years about this). The big one which is unique to JavaScript is the culture around client-side execution and mixing code running between the two environments, which means you have a lot of machinery setup to execute code on the server and/or clients, making it both easy to have confusion around the execution context in ways which have been exploited and encouraging people to do things like ship complex objects between the two which programmers using other backend languages wouldn't consider because they never had the possibility of running directly in the browser.

cluckindan · 2025-12-03T18:19:24 1764785964

Not entirely true. The bug is also in the dev server, but primarily the exploitable vulnerability is in apps built for production.

tempaccount420 · 2025-12-03T18:09:54 1764785394

It's never JavaScript itself, but somehow it's almost always JavaScript code...

tempaccount420 · 2025-12-01T17:19:06 1764609546

Gemini 3 Pro is the most actively hostile (to the user) model out of the top 3 (Google, OpenAI, Anthropic).

It perfectly reflects Google as a company.

scruple · 2025-12-02T00:43:36 1764636216

I played around with it and I have to agree. It treats the user like they're dumb, regardless of what personal context you provide it. I found myself backtracking constantly to invalidate it's assumptions, to the point that I gave up. All of that within like 4 hours of bothering to touch it in the first place.

I genuinely can't imagine allowing these things to run commands on a machine. If I ever found out a colleague was doing that I would want them fired.

nomel · 2025-12-01T19:49:16 1764618556

The gaslighting, and outright "lies", from my first experience with Gemini, dramatically increased my p(doom) of AI.

FerretFred · 2025-12-01T17:45:36 1764611136

Remember that Anthropic is only 3 letters away from MisAnthropic: did the designers think of this?

nofriend · 2025-12-01T19:33:29 1764617609

mis means "not"

FerretFred · 2025-12-01T19:46:29 1764618389

I went by the definition:

misanthropic /mĭs″ən-thrŏp′ĭk, mĭz″-/ adjective

Of, relating to, or characteristic of a misanthrope.

Characterized by a hatred or mistrustful scorn for humankind.

Hating or disliking mankind.

The American Heritage® Dictionary of the English Language, 5th Edition

nofriend · 2025-12-02T07:32:23 1764660743

scroll down to the etymology section

tempaccount420 · 2025-11-18T14:11:08 1763475068

Anycast is hard, which is why only clouds bother with it in the first place :(

tempaccount420 · 2025-11-15T18:41:50 1763232110

> Give it a JSON schema, inject a '{', and sometimes do a bit of custom parsing on the response

I would hope that this is not what OpenAI/Anthropic do under the hood, because otherwise, what if one of the strings needs a lot of \escapes? Is it also supposed to newer write actual newlines in strings? It's awkward.

The ideal solution would be to have some special tokens like [object_start] [object_end] and [string_start] [string_end].

tempaccount420 · 2025-11-15T13:55:16 1763214916

> in the vein of accessibility which has the silly nickname of a11y

ironically that's not very accessible...