I’d guess a first pass is done automatically? Eg if a page mentions eg Trump, just redact that whole page/paragraph/etc. So the people who have done the closer reading to redact further probably don’t actually know the scale of what was already redacted. Just a guess though.
Graphite isn’t really about code review IMO, it’s actually incredibly useful even if you just use the GitHub PR UI for the actual review. Graphite, its original product anyway, is about managing stacks of dependent pull requests in a sane way.
This is annoying, Graphite's core feature of stacked PRs is really good despite all the AI things they've added around their review UI. I doubt we'll want to keep relying on that for very long now.
You can still think of AI as one facet of Graphite's product that you can use or not depending on your work style. Stacked PRs are still a core piece and not going anywhere :)
Never heard of graphite before today. Were they built specifically for AI code reviews or it's a pivot / new feature from a company that started with something else?
No, they've been doing "managing stacks of dependent pull requests" for a lot longer than AI code review. I've mostly been a happy user, they simplify a lot of the git pain of continually rebasing and the UI makes stacks much easier to work with than Github's own interface.
They started as a better PR review tool, with the main feature that you can stack PRs that have dependencies on each other. It solves the problem of having PRs merging into other PR branches, or having notes not to merge something until another PR merges. Recently they became an AI code review tool, and just added a bunch of AI tools to the review UI, but you could just ignore it and the core functionality was still great.
The more practical law is to ban using VPNs to bypass local censorship/filters/etc, which is the law the UAE has for example. Companies can keep using them for security, so can individuals who aren't using them to pretend to be somewhere else to bypass local laws.
This also has the benefit (to the government) of criminalising individuals, making prosecution much easier and allowing it to be more selective according to the government's whims. It reminds me of the way the US dealt with piracy, you could go after a bunch of college kids to make a point etc.
I'd guess the tricky part there is proving intent. If I sign up to a VPN so I can watch sports or other geo-restricted content while on holiday, does that count?
In a fully authoritarian state of course you likely don't have to worry too much about proof, but I'd suggest the UK has a ways to go for that.
On the piracy front, well we've seen how successful they were in stopping piracy.... not at all.
In this narrow case, using pnpm or something similar that blocks postinstall scripts by default should be sufficient. In general, you probably want to use a container/vm/sandbox of some sort so dev stuff can’t access anything else on your machine.
The article has some indicators of compromise, the main one locally would be .truffler-cache/ in the home directory. It’s more obvious for package maintainers with exposed credentials, who will have a wormed version of their own packages deployed.
From what I’ve read so far (and this definitely could change), it doesn’t install persistent malware, it relies on a postinstall script. So new tokens wouldn’t be automatically exfiltrated, but if you npm install any of an increasing number of packages then it will happen to you again.
It does install a GitHub runner and registers the infected machine as a runner, so remote code execution remains possible. It might be a stretch to call it persistent but it definitely tries.
Wouldn’t Disney just set an insanely high license fee in this case though? If they’re just paying it to themselves then they can make it high enough that nobody else can justify paying it.
This problem was also an issue for movies and theaters. The "fix" is to ensure theaters (the distributors) cannot be owned by, nor can they own production studios.
So under this rule, if disney wanted to have their own streaming service and used a high licensing fee to try stop competitors from their content, they'd pay high taxes due to the high licensing fees making huge (fake) profits for the parent company - it'd end in losses, as the streaming service (as a separate company) cannot bill their cost onto the parent company (to offset the profit). It's as if the tax man gets to sit in the middle, and siphon part of that license fee for free. Disney shareholders would never stand for that, and so they won't do it.
reply