Matrix AI is a green Matrix-Style sleek desktop AI terminal assistant, launched via hotkey
https://www.reddit.com/r/programming/comments/1mkqxhr/matrix_ai_is_a_green_matrixstyle_sleek_desktop_ai/
<!-- SC_OFF -->Hi everyone, I'm excited to share a project I've been working on called Matrix AI. It's a visually striking terminal chat tool that pays homage to The Matrix while offering powerful features designed to enhance how developers interact with AI. Key Highlights: Immersive UI: A classic green character stream, typewriter-style output, and smooth window animations blend a vintage terminal feel with modern UI. Efficient Workflow: Use a global hotkey (double-tap Ctrl or Shift) to quickly summon the terminal, letting AI serve you without interrupting your flow. Powerful Backend: It supports any OpenAI-compatible API (like DeepSeek, Grok, Mistral, etc.) with asynchronous streaming and multi-turn context memory. This project is for anyone who loves the command line and wants a cooler, more efficient way to work with AI. I've released a Windows executable, so you can try it out directly. Your feedback is welcome! If you like the project, I'd appreciate a ⭐ star on GitHub. Project Link: https://github.com/ai-sns/matrixai <!-- SC_ON --> submitted by /u/Glad-Worldliness71 (https://www.reddit.com/user/Glad-Worldliness71)
[link] (https://github.com/ai-sns/matrixai) [comments] (https://www.reddit.com/r/programming/comments/1mkqxhr/matrix_ai_is_a_green_matrixstyle_sleek_desktop_ai/)
https://www.reddit.com/r/programming/comments/1mkqxhr/matrix_ai_is_a_green_matrixstyle_sleek_desktop_ai/
<!-- SC_OFF -->Hi everyone, I'm excited to share a project I've been working on called Matrix AI. It's a visually striking terminal chat tool that pays homage to The Matrix while offering powerful features designed to enhance how developers interact with AI. Key Highlights: Immersive UI: A classic green character stream, typewriter-style output, and smooth window animations blend a vintage terminal feel with modern UI. Efficient Workflow: Use a global hotkey (double-tap Ctrl or Shift) to quickly summon the terminal, letting AI serve you without interrupting your flow. Powerful Backend: It supports any OpenAI-compatible API (like DeepSeek, Grok, Mistral, etc.) with asynchronous streaming and multi-turn context memory. This project is for anyone who loves the command line and wants a cooler, more efficient way to work with AI. I've released a Windows executable, so you can try it out directly. Your feedback is welcome! If you like the project, I'd appreciate a ⭐ star on GitHub. Project Link: https://github.com/ai-sns/matrixai <!-- SC_ON --> submitted by /u/Glad-Worldliness71 (https://www.reddit.com/user/Glad-Worldliness71)
[link] (https://github.com/ai-sns/matrixai) [comments] (https://www.reddit.com/r/programming/comments/1mkqxhr/matrix_ai_is_a_green_matrixstyle_sleek_desktop_ai/)
How I made my embedding based model 95% accurate at classifying prompt attacks (only 0.4B params)
https://www.reddit.com/r/programming/comments/1mkrdqd/how_i_made_my_embedding_based_model_95_accurate/
<!-- SC_OFF -->I’ve been building a few small defense models to sit between users and LLMs, that can flag whether an incoming user prompt is a prompt injection, jailbreak, context attack, etc. I'd started out this project with a ModernBERT model, but I found it hard to get it to classify tricky attack queries right, and moved to SLMs to improve performance. Now, I revisited this approach with contrastive learning and a larger dataset and created a new model. As it turns out, this iteration performs much better than the SLMs I previously fine-tuned. The final model is open source on HF and the code is in an easy-to-use package here: https://github.com/sarthakrastogi/rival Training pipeline - Data: I trained on a dataset of malicious prompts (like "Ignore previous instructions...") and benign ones (like "Explain photosynthesis"). 12,000 prompts in total. I generated this dataset with an LLM. I use ModernBERT-large (a 396M param model) for embeddings. I trained a small neural net to take these embeddings and predict whether the input is an attack or not (binary classification). I train it with a contrastive loss that pulls embeddings of benign samples together and pushes them away from malicious ones -- so the model also understands the semantic space of attacks. During inference, it runs on just the embedding plus head (no full LLM), which makes it fast enough for real-time filtering. The model is called Bhairava-0.4B. Model flow at runtime: User prompt comes in. Bhairava-0.4B embeds the prompt and classifies it as either safe or attack. If safe, it passes to the LLM. If flagged, you can log, block, or reroute the input. It's small (396M params) and optimised to sit inline before your main LLM without needing to run a full LLM for defense. On my test set, it's now able to classify 91% of the queries as attack/benign correctly, which makes me pretty satisfied, given the size of the model. Let me know how it goes if you try it in your stack. <!-- SC_ON --> submitted by /u/sarthakai (https://www.reddit.com/user/sarthakai)
[link] (https://github.com/sarthakrastogi/rival) [comments] (https://www.reddit.com/r/programming/comments/1mkrdqd/how_i_made_my_embedding_based_model_95_accurate/)
https://www.reddit.com/r/programming/comments/1mkrdqd/how_i_made_my_embedding_based_model_95_accurate/
<!-- SC_OFF -->I’ve been building a few small defense models to sit between users and LLMs, that can flag whether an incoming user prompt is a prompt injection, jailbreak, context attack, etc. I'd started out this project with a ModernBERT model, but I found it hard to get it to classify tricky attack queries right, and moved to SLMs to improve performance. Now, I revisited this approach with contrastive learning and a larger dataset and created a new model. As it turns out, this iteration performs much better than the SLMs I previously fine-tuned. The final model is open source on HF and the code is in an easy-to-use package here: https://github.com/sarthakrastogi/rival Training pipeline - Data: I trained on a dataset of malicious prompts (like "Ignore previous instructions...") and benign ones (like "Explain photosynthesis"). 12,000 prompts in total. I generated this dataset with an LLM. I use ModernBERT-large (a 396M param model) for embeddings. I trained a small neural net to take these embeddings and predict whether the input is an attack or not (binary classification). I train it with a contrastive loss that pulls embeddings of benign samples together and pushes them away from malicious ones -- so the model also understands the semantic space of attacks. During inference, it runs on just the embedding plus head (no full LLM), which makes it fast enough for real-time filtering. The model is called Bhairava-0.4B. Model flow at runtime: User prompt comes in. Bhairava-0.4B embeds the prompt and classifies it as either safe or attack. If safe, it passes to the LLM. If flagged, you can log, block, or reroute the input. It's small (396M params) and optimised to sit inline before your main LLM without needing to run a full LLM for defense. On my test set, it's now able to classify 91% of the queries as attack/benign correctly, which makes me pretty satisfied, given the size of the model. Let me know how it goes if you try it in your stack. <!-- SC_ON --> submitted by /u/sarthakai (https://www.reddit.com/user/sarthakai)
[link] (https://github.com/sarthakrastogi/rival) [comments] (https://www.reddit.com/r/programming/comments/1mkrdqd/how_i_made_my_embedding_based_model_95_accurate/)
Keep API work local: Why offline-first beats cloud-based tools
https://www.reddit.com/r/programming/comments/1ml0lcd/keep_api_work_local_why_offlinefirst_beats/
<!-- SC_OFF -->A gist of the article is that cloud-based API tools like Postman can expose your data, and leave you stuck when servers fail or docs lag (both actually happened multiple time in the recent period). Offline-first API workflows, on the other hand, offer much better security, efficiency, and more developer control. This isn’t about swearing off the cloud. You’ll still hit live endpoints for real requests. You'll host a bunch of things, as you should. But secrets and API Keys? You're really let a 3rd party cloud take care of those? I sure don't want to. <!-- SC_ON --> submitted by /u/kiselitza (https://www.reddit.com/user/kiselitza)
[link] (https://voiden.md/blog/offline-vs-cloud-based-api-tools) [comments] (https://www.reddit.com/r/programming/comments/1ml0lcd/keep_api_work_local_why_offlinefirst_beats/)
https://www.reddit.com/r/programming/comments/1ml0lcd/keep_api_work_local_why_offlinefirst_beats/
<!-- SC_OFF -->A gist of the article is that cloud-based API tools like Postman can expose your data, and leave you stuck when servers fail or docs lag (both actually happened multiple time in the recent period). Offline-first API workflows, on the other hand, offer much better security, efficiency, and more developer control. This isn’t about swearing off the cloud. You’ll still hit live endpoints for real requests. You'll host a bunch of things, as you should. But secrets and API Keys? You're really let a 3rd party cloud take care of those? I sure don't want to. <!-- SC_ON --> submitted by /u/kiselitza (https://www.reddit.com/user/kiselitza)
[link] (https://voiden.md/blog/offline-vs-cloud-based-api-tools) [comments] (https://www.reddit.com/r/programming/comments/1ml0lcd/keep_api_work_local_why_offlinefirst_beats/)
We shouldn’t have needed lockfiles
https://www.reddit.com/r/programming/comments/1ml0x4s/we_shouldnt_have_needed_lockfiles/
submitted by /u/wheybags (https://www.reddit.com/user/wheybags)
[link] (https://tonsky.me/blog/lockfiles/) [comments] (https://www.reddit.com/r/programming/comments/1ml0x4s/we_shouldnt_have_needed_lockfiles/)
https://www.reddit.com/r/programming/comments/1ml0x4s/we_shouldnt_have_needed_lockfiles/
submitted by /u/wheybags (https://www.reddit.com/user/wheybags)
[link] (https://tonsky.me/blog/lockfiles/) [comments] (https://www.reddit.com/r/programming/comments/1ml0x4s/we_shouldnt_have_needed_lockfiles/)
What Is Popover=Hint?
https://www.reddit.com/r/programming/comments/1ml0zn8/what_is_popoverhint/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://una.im/popover-hint/) [comments] (https://www.reddit.com/r/programming/comments/1ml0zn8/what_is_popoverhint/)
https://www.reddit.com/r/programming/comments/1ml0zn8/what_is_popoverhint/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://una.im/popover-hint/) [comments] (https://www.reddit.com/r/programming/comments/1ml0zn8/what_is_popoverhint/)
HTTP is not simple
https://www.reddit.com/r/programming/comments/1ml0zpd/http_is_not_simple/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://daniel.haxx.se/blog/2025/08/08/http-is-not-simple/) [comments] (https://www.reddit.com/r/programming/comments/1ml0zpd/http_is_not_simple/)
https://www.reddit.com/r/programming/comments/1ml0zpd/http_is_not_simple/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://daniel.haxx.se/blog/2025/08/08/http-is-not-simple/) [comments] (https://www.reddit.com/r/programming/comments/1ml0zpd/http_is_not_simple/)
Programming as Extended Cognition
https://www.reddit.com/r/programming/comments/1ml10fe/programming_as_extended_cognition/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://ieeexplore.ieee.org/document/11119124) [comments] (https://www.reddit.com/r/programming/comments/1ml10fe/programming_as_extended_cognition/)
https://www.reddit.com/r/programming/comments/1ml10fe/programming_as_extended_cognition/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://ieeexplore.ieee.org/document/11119124) [comments] (https://www.reddit.com/r/programming/comments/1ml10fe/programming_as_extended_cognition/)
Arenas in Rust
https://www.reddit.com/r/programming/comments/1ml10gt/arenas_in_rust/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://russellw.github.io/arenas) [comments] (https://www.reddit.com/r/programming/comments/1ml10gt/arenas_in_rust/)
https://www.reddit.com/r/programming/comments/1ml10gt/arenas_in_rust/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://russellw.github.io/arenas) [comments] (https://www.reddit.com/r/programming/comments/1ml10gt/arenas_in_rust/)
Understanding not just Clojure's comp function by re-implementing it
https://www.reddit.com/r/programming/comments/1ml113u/understanding_not_just_clojures_comp_function_by/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://www.evalapply.org/posts/lessons-from-reimplementing-clojure-comp-function/index.html) [comments] (https://www.reddit.com/r/programming/comments/1ml113u/understanding_not_just_clojures_comp_function_by/)
https://www.reddit.com/r/programming/comments/1ml113u/understanding_not_just_clojures_comp_function_by/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://www.evalapply.org/posts/lessons-from-reimplementing-clojure-comp-function/index.html) [comments] (https://www.reddit.com/r/programming/comments/1ml113u/understanding_not_just_clojures_comp_function_by/)
Jepsen: Capela dda5892
https://www.reddit.com/r/programming/comments/1ml114u/jepsen_capela_dda5892/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://jepsen.io/analyses/capela-dda5892) [comments] (https://www.reddit.com/r/programming/comments/1ml114u/jepsen_capela_dda5892/)
https://www.reddit.com/r/programming/comments/1ml114u/jepsen_capela_dda5892/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://jepsen.io/analyses/capela-dda5892) [comments] (https://www.reddit.com/r/programming/comments/1ml114u/jepsen_capela_dda5892/)
More shell tricks: first class lists, jq, and the es shell
https://www.reddit.com/r/programming/comments/1ml14kp/more_shell_tricks_first_class_lists_jq_and_the_es/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://alurm.github.io/blog/2025-08-07-first-class-lists-in-shells.html) [comments] (https://www.reddit.com/r/programming/comments/1ml14kp/more_shell_tricks_first_class_lists_jq_and_the_es/)
https://www.reddit.com/r/programming/comments/1ml14kp/more_shell_tricks_first_class_lists_jq_and_the_es/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://alurm.github.io/blog/2025-08-07-first-class-lists-in-shells.html) [comments] (https://www.reddit.com/r/programming/comments/1ml14kp/more_shell_tricks_first_class_lists_jq_and_the_es/)
Writing a storage engine for Postgres: An in-memory table access method
https://www.reddit.com/r/programming/comments/1ml14yy/writing_a_storage_engine_for_postgres_an_inmemory/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://notes.eatonphil.com/2023-11-01-postgres-table-access-methods.html) [comments] (https://www.reddit.com/r/programming/comments/1ml14yy/writing_a_storage_engine_for_postgres_an_inmemory/)
https://www.reddit.com/r/programming/comments/1ml14yy/writing_a_storage_engine_for_postgres_an_inmemory/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://notes.eatonphil.com/2023-11-01-postgres-table-access-methods.html) [comments] (https://www.reddit.com/r/programming/comments/1ml14yy/writing_a_storage_engine_for_postgres_an_inmemory/)
Zero-day flaws in authentication, identity, authorization in HashiCorp Vault
https://www.reddit.com/r/programming/comments/1ml15u1/zeroday_flaws_in_authentication_identity/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://cyata.ai/blog/cracking-the-vault-how-we-found-zero-day-flaws-in-authentication-identity-and-authorization-in-hashicorp-vault/) [comments] (https://www.reddit.com/r/programming/comments/1ml15u1/zeroday_flaws_in_authentication_identity/)
https://www.reddit.com/r/programming/comments/1ml15u1/zeroday_flaws_in_authentication_identity/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://cyata.ai/blog/cracking-the-vault-how-we-found-zero-day-flaws-in-authentication-identity-and-authorization-in-hashicorp-vault/) [comments] (https://www.reddit.com/r/programming/comments/1ml15u1/zeroday_flaws_in_authentication_identity/)
PEP 802 – Display Syntax for the Empty Set
https://www.reddit.com/r/programming/comments/1ml17j7/pep_802_display_syntax_for_the_empty_set/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://peps.python.org/pep-0802/) [comments] (https://www.reddit.com/r/programming/comments/1ml17j7/pep_802_display_syntax_for_the_empty_set/)
https://www.reddit.com/r/programming/comments/1ml17j7/pep_802_display_syntax_for_the_empty_set/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://peps.python.org/pep-0802/) [comments] (https://www.reddit.com/r/programming/comments/1ml17j7/pep_802_display_syntax_for_the_empty_set/)
Preventing ZIP parser confusion attacks on Python package installers
https://www.reddit.com/r/programming/comments/1ml17on/preventing_zip_parser_confusion_attacks_on_python/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://blog.pypi.org/posts/2025-08-07-wheel-archive-confusion-attacks/) [comments] (https://www.reddit.com/r/programming/comments/1ml17on/preventing_zip_parser_confusion_attacks_on_python/)
https://www.reddit.com/r/programming/comments/1ml17on/preventing_zip_parser_confusion_attacks_on_python/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://blog.pypi.org/posts/2025-08-07-wheel-archive-confusion-attacks/) [comments] (https://www.reddit.com/r/programming/comments/1ml17on/preventing_zip_parser_confusion_attacks_on_python/)
The how and why of GitHub to Codeberg
https://www.reddit.com/r/programming/comments/1ml17py/the_how_and_why_of_github_to_codeberg/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://www.arscyni.cc/file/codeberg.html) [comments] (https://www.reddit.com/r/programming/comments/1ml17py/the_how_and_why_of_github_to_codeberg/)
https://www.reddit.com/r/programming/comments/1ml17py/the_how_and_why_of_github_to_codeberg/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://www.arscyni.cc/file/codeberg.html) [comments] (https://www.reddit.com/r/programming/comments/1ml17py/the_how_and_why_of_github_to_codeberg/)
Impartial Pipes: a partial functions PHP library for the upcoming pipe operator.
https://www.reddit.com/r/programming/comments/1ml6qi3/impartial_pipes_a_partial_functions_php_library/
<!-- SC_OFF -->Hello, I was testing the upcoming pipe operator and it feels great. I only wished that the standard library of PHP was more up to the standard. So, I took the opportunity to fill the gap by creating a small library, probably the first of its kind. Any feedback is welcome. <!-- SC_ON --> submitted by /u/linepogl (https://www.reddit.com/user/linepogl)
[link] (https://github.com/linepogl/impartial-pipes) [comments] (https://www.reddit.com/r/programming/comments/1ml6qi3/impartial_pipes_a_partial_functions_php_library/)
https://www.reddit.com/r/programming/comments/1ml6qi3/impartial_pipes_a_partial_functions_php_library/
<!-- SC_OFF -->Hello, I was testing the upcoming pipe operator and it feels great. I only wished that the standard library of PHP was more up to the standard. So, I took the opportunity to fill the gap by creating a small library, probably the first of its kind. Any feedback is welcome. <!-- SC_ON --> submitted by /u/linepogl (https://www.reddit.com/user/linepogl)
[link] (https://github.com/linepogl/impartial-pipes) [comments] (https://www.reddit.com/r/programming/comments/1ml6qi3/impartial_pipes_a_partial_functions_php_library/)
Help with json on website
https://www.reddit.com/r/programming/comments/1ml87f8/help_with_json_on_website/
<!-- SC_OFF -->It just won’t save…any ideas? I’m unable to post a photo but this is the code… { "@context": "https://schema.org/", "@type": "Product", "name": "{{ product.title }}", "description": "{{ product.description | strip_html | escape }}", "image": "{{ product.featured_image | img_url: 'original' | prepend: 'https:' }}", "url": "{{ shop.url }}{{ product.url }}", "sku": "{{ product.sku }}", "offers": { "@type": "Offer", "priceCurrency": "USD", "price": "{{ product.price | money_without_currency }}", "availability": "{% if product.available %}https://schema.org/InStock{% (https://schema.org/InStock%7B%25) else %}https://schema.org/OutOfStock{% (https://schema.org/OutOfStock%7B%25) endif %}", "itemCondition": "https://schema.org/NewCondition" }, "brand": { "@type": "Brand", "name": "Chloé Duncan" } } {% endschema %} <!-- SC_ON --> submitted by /u/hillsandstreams (https://www.reddit.com/user/hillsandstreams)
[link] (http://chloeduncangallery.com/) [comments] (https://www.reddit.com/r/programming/comments/1ml87f8/help_with_json_on_website/)
https://www.reddit.com/r/programming/comments/1ml87f8/help_with_json_on_website/
<!-- SC_OFF -->It just won’t save…any ideas? I’m unable to post a photo but this is the code… { "@context": "https://schema.org/", "@type": "Product", "name": "{{ product.title }}", "description": "{{ product.description | strip_html | escape }}", "image": "{{ product.featured_image | img_url: 'original' | prepend: 'https:' }}", "url": "{{ shop.url }}{{ product.url }}", "sku": "{{ product.sku }}", "offers": { "@type": "Offer", "priceCurrency": "USD", "price": "{{ product.price | money_without_currency }}", "availability": "{% if product.available %}https://schema.org/InStock{% (https://schema.org/InStock%7B%25) else %}https://schema.org/OutOfStock{% (https://schema.org/OutOfStock%7B%25) endif %}", "itemCondition": "https://schema.org/NewCondition" }, "brand": { "@type": "Brand", "name": "Chloé Duncan" } } {% endschema %} <!-- SC_ON --> submitted by /u/hillsandstreams (https://www.reddit.com/user/hillsandstreams)
[link] (http://chloeduncangallery.com/) [comments] (https://www.reddit.com/r/programming/comments/1ml87f8/help_with_json_on_website/)
Moving Past Agile
https://www.reddit.com/r/programming/comments/1mlcmf7/moving_past_agile/
<!-- SC_OFF -->I thinking a lot of us would love to move on from the current way projects are managed. Is borrowing some ideas from the past that Agile discounted a good idea? What would moving past Agile really look like and what would it take. Some thoughts on that (and maybe a surprising conclusion) in the video below. Disclosure: There is no AI content here. This is all just driving traffic to my channel because I want YouTube to believe in me as a person. <!-- SC_ON --> submitted by /u/stumblingtowards (https://www.reddit.com/user/stumblingtowards)
[link] (https://youtu.be/ZYMav7bsPU8) [comments] (https://www.reddit.com/r/programming/comments/1mlcmf7/moving_past_agile/)
https://www.reddit.com/r/programming/comments/1mlcmf7/moving_past_agile/
<!-- SC_OFF -->I thinking a lot of us would love to move on from the current way projects are managed. Is borrowing some ideas from the past that Agile discounted a good idea? What would moving past Agile really look like and what would it take. Some thoughts on that (and maybe a surprising conclusion) in the video below. Disclosure: There is no AI content here. This is all just driving traffic to my channel because I want YouTube to believe in me as a person. <!-- SC_ON --> submitted by /u/stumblingtowards (https://www.reddit.com/user/stumblingtowards)
[link] (https://youtu.be/ZYMav7bsPU8) [comments] (https://www.reddit.com/r/programming/comments/1mlcmf7/moving_past_agile/)
Run third-party tools inside Docker
https://www.reddit.com/r/programming/comments/1mlduze/run_thirdparty_tools_inside_docker/
<!-- SC_OFF -->If you are writing a new CLI tool, you should consider shipping it as a standalone binary, and there a long discussion on that last month (https://www.reddit.com/r/programming/comments/1lroey4/ship_tools_as_standalone_static_binaries/). But what if you are trying to use a tool? How should you ensure that the tool is not looking to steal your data from your machine? The risk is not even theoretical as even Amazon's FOSS code has been compromised (https://aws.amazon.com/security/security-bulletins/AWS-2025-015). Here's my suggesion, run third-party tools inside Docker. Ideally, with Internet access disabled. The tool will only access the data that's mounted onto the docker image. And usually, most tools don't need access to files outside the current directory. This drastically reduces the attack surface of third-party tools. <!-- SC_ON --> submitted by /u/ashishb_net (https://www.reddit.com/user/ashishb_net)
[link] (https://ashishb.net/programming/run-tools-inside-docker/) [comments] (https://www.reddit.com/r/programming/comments/1mlduze/run_thirdparty_tools_inside_docker/)
https://www.reddit.com/r/programming/comments/1mlduze/run_thirdparty_tools_inside_docker/
<!-- SC_OFF -->If you are writing a new CLI tool, you should consider shipping it as a standalone binary, and there a long discussion on that last month (https://www.reddit.com/r/programming/comments/1lroey4/ship_tools_as_standalone_static_binaries/). But what if you are trying to use a tool? How should you ensure that the tool is not looking to steal your data from your machine? The risk is not even theoretical as even Amazon's FOSS code has been compromised (https://aws.amazon.com/security/security-bulletins/AWS-2025-015). Here's my suggesion, run third-party tools inside Docker. Ideally, with Internet access disabled. The tool will only access the data that's mounted onto the docker image. And usually, most tools don't need access to files outside the current directory. This drastically reduces the attack surface of third-party tools. <!-- SC_ON --> submitted by /u/ashishb_net (https://www.reddit.com/user/ashishb_net)
[link] (https://ashishb.net/programming/run-tools-inside-docker/) [comments] (https://www.reddit.com/r/programming/comments/1mlduze/run_thirdparty_tools_inside_docker/)
Learn how to break while loop until limit reach #programming #javascipt
https://www.reddit.com/r/programming/comments/1mlgqhb/learn_how_to_break_while_loop_until_limit_reach/
submitted by /u/Outrageous-Ask-2940 (https://www.reddit.com/user/Outrageous-Ask-2940)
[link] (https://youtube.com/shorts/0RMG0QwrNv8?si=mKuOCewUvBHNZHMI) [comments] (https://www.reddit.com/r/programming/comments/1mlgqhb/learn_how_to_break_while_loop_until_limit_reach/)
https://www.reddit.com/r/programming/comments/1mlgqhb/learn_how_to_break_while_loop_until_limit_reach/
submitted by /u/Outrageous-Ask-2940 (https://www.reddit.com/user/Outrageous-Ask-2940)
[link] (https://youtube.com/shorts/0RMG0QwrNv8?si=mKuOCewUvBHNZHMI) [comments] (https://www.reddit.com/r/programming/comments/1mlgqhb/learn_how_to_break_while_loop_until_limit_reach/)