commit a88af11beb70e13176f93ac017ec018f1281d1b0
parent ffd16a242528a4bfb99ef2c085e31a274d69bf13
Author: Eamon Caddigan <eamon.caddigan@gmail.com>
Date: Mon, 14 Apr 2025 12:25:40 -0700
Add weeknote for 2025-W16
Diffstat:
1 file changed, 56 insertions(+), 0 deletions(-)
diff --git a/content/posts/weeknotes/2025-w16/index.md b/content/posts/weeknotes/2025-w16/index.md
@@ -0,0 +1,56 @@
+---
+title: "Weeknote for 2025-W16"
+description: "Assembly tutorial, slopsquatting, beeps and boops"
+date: 2025-04-14T10:53:59-07:00
+draft: false
+categories:
+- Weeknotes
+tags:
+- LLMs
+---
+
+## FFmpeg’s ASM lessons
+
+Assembly language (specifically the x86 instruction set) was actually one of
+the first “programming languages” that I learned, having come to computers
+through engineering. I don’t have any excuse to write assembly code these days,
+but if I wanted to now, I would definitely brush up by using these instructions
+from the folks behind the FFmpeg project (and of which I learned via [this
+toot](https://mastodon.gamedev.place/@yiningkarlli/114215974856532409)). It’s
+cool to see a big open source project take seriously the need to train its
+future contributors!
+
+[FFmpeg School of Assembly Language](https://github.com/FFmpeg/asm-lessons)
+
+## The rise of “slopsquatting”
+
+[I’ve already said enough about why I don’t like LLM-based coding
+assistants]({{< ref "/posts/coding-assistants/" >}}), but I failed to predict
+the new threat of “slopsquatting”. Here, coding assistants suggest packages
+that don’t exist (but seem like they should exist, because that’s what LLMs
+do), and malicious actors capitalize on these invalid outputs by uploading fake
+packages on (e.g.) npm or PyPI that contain exploits. LLMs also make it easier
+to automate the process of generating reasonable-looking packages to take
+advantage of this. This bubble can’t pop soon enough[^bubble].
+
+[LLMs can't stop making up software dependencies and sabotaging
+everything](https://www.theregister.com/2025/04/12/ai_code_suggestions_sabotage_supply_chain/)
+
+## A curated collection of retro notification sounds
+
+I just downloaded a 13.2 MB zip file full of “beeps and boops” curated by a
+stranger on the Fediverse. As much as I enjoy real-time messaging with my
+colleagues at work (and really I do!), I ought to rotate the Slack notification
+sound now that the default one stresses me out[^rto]; I’ll be plugging in some
+of these.
+
+[...Here's a large collection of short beeps and boops](https://hackers.town/@lori/114309928382924166)
+
+[^bubble]: I just hope I don’t lose my house when it does.
+
+[^rto]: Before any “return to office” partisans use this data point to suggest
+ that this problem is unique to remote work, I can assure you that it is
+not. Being interrupted during a period of deep concentration is hard, full
+stop, whether the interruption comes in the form of a ringing phone, knock on
+the door, or a Slack notification. It’s also an unavoidable reality of working
+collaboratively with other people---but at least I can change the Slack sound.
