Straight white US citizen male here. This scares the shit out of me. I travel for work all the time, but understanding that we will now have barely trained, and in many cases completely lawless, consequence-free federal officers in direct, high stress, public areas where lots of people are constantly passing through seems like an absolute recipe for tragedy.
This will 100% make me reconsider travel and avoid airports with ICE agents. I think the writing on the wall is clear, nobody is safe.
Throwaway accounts and more propaganda isn’t proof of anything. I think it’s pretty clear that untrained, unaccountable armed people who have already killed multiple US citizens that they have no jurisdiction over is a real-world worry that people have.
It’s silly to dismiss rational, logic-based worry as “propaganda”.
> Yes US citizens that are putting themselves in a situation they shouldn’t have been in to begin with while threatening and provoking a violent reaction.
This is not at all true. Plus, it's inconsequential -- ICE agents have no authority over US citizens except in extremely limited circumstances (https://www.perplexity.ai/search/9f4518c4-8a32-474a-bd92-3f1...), and even if they did, being able to arrest someone, file charges, and work their way through the justice system is the answer... Not killing people on the streets.
Hot take: I am 100% legally allowed to equip my sidearm and go follow ICE agents around wherever the fuck I want and scream obscenities in their face literally all day long, 24/7.
This is such a great idea. When I'm building net-new projects, I typically end up working with the AI assistant to build a comprehensive AGENTS.md as the first thing before any work gets done: specify tools, dependencies, architecture requirements, style, etc.
I end up getting way better quality.
The same is true for existing projects, but it always takes a whole lot longer as I'm typically chatting with my AI assistant to figure out what conventions are there that I forgot, etc., before building an AGENTS.md to make future changes simpler.
Thank you!
The idea is that static analysis can recover most of the mechanical truth of a repo (stack, commands, layout), and then you can layer intentional constraints on top if you want. If this saves even a few of those back-and-forth setup chats, it’s doing its job.
Feel free to contribute if you find the right fit
He also taught me networking in C in the early 2000's! A few years ago I moved from the Bay Area up to Bend, Oregon and ended up running into him in-person at one of the tech meetups.
I was so floored to meet him in person, and as you'd probably imagine, he's super kind and relaxed =D
A++ human being who's contributed so much to our field.
At Snyk, we've been working on this for a while. Here's our flagship open source project consolidating a lot of the MCP risk factors we've discovered over the last year or so into actionable info: https://github.com/invariantlabs-ai/mcp-scan
ALAN
It's called Tron. It's a security
program itself, actually. Monitors
all the contacts between our system
and other systems... If it finds
anything going on that's not scheduled,
it shuts it down. I sent you a memo
on it.
DILLINGER
Mmm. Part of the Master Control Program?
ALAN
No, it'll run independently.
It can watchdog the MCP as well.
DILLINGER
Ah. Sounds good. Well, we should have
you running again in a couple of days,
I hope.
I believe one of the main differences is that our scanner looks for toxic flows between mcp endpoints regarding how they interact with one another. Unless I'm missing something, the Cisco tool does not support this.
Our research lab discovered this novel threat back in July: https://invariantlabs.ai/blog/toxic-flow-analysis and built the tooling around it. This is an extremely common type of issue that many people don't realize (basically, when you are using multiple MCP servers that individually are safe, but together can cause issues).
Here's a better option -- what we've been working on at Snyk.
- Take something like Cursor and plug the Snyk MCP server into it: https://docs.snyk.io/integrations/developer-guardrails-for-a... (it has a one-click install)
- Then, either within your project or via global settings, create some human-language rules for your AI code editor to use (this works basically the same between all editors: Claude Code, Cursor, Windsurf, etc...)
For example, a rule might state:
"If you add or change any code, run a Snyk Code scan on the modified files then fix the detected vulnerabilities. When you're done fixing them, perform another scan to ensure they're fixed, and if not, keep iterating until the code is secure."
Obviously, there are other rules you can use here, such as using Snyk's open source dependency testing to identify vulns in third-party dependencies and handle package updates/rewrites/etc., but you get the idea.
This works insanely well -- I've been playing around with it for a while now and we're getting close to rolling this out to all of our users in a major way =)
The best part about it is that you can just "vibe code" whatever you want, and you get really accurate static analysis security testing incorporated by default automagically.
I recorded a little video here that walks through this in-depth (https://www.youtube.com/watch?v=hQtgR1lTPYI), if you want to see the part I'm referencing, jump to 20:09 =)
Great article. This may be my all-time favorite deep dive post on RAG strategies.
It’s super interesting to me how the process of fully making audio/video searchable requires so much processing. Like, extracting the audio and video, transcribing the audio, chunking the video into 15-sec scenes and describing them visually, etc.
I wonder if as a test you could use the video descriptions, run them as a prompt through something like Veo, then stitch them together into something close to the original. Wild.
I wasn't sure if I should post this or not, but if you ever met Michael you probably remember him. He was a kind soul and helped grow the Python developer community in LA for well over a decade.
In addition to being an excellent engineer and human, Michael was also the definition of a hacker. It feels suitable to share the news here.
He was an incredible person and touched many lives. If you ever got to meet him (in person or online), please share your experiences on his in memoriam page.
Ragie (a RAG company) published an interactive chatbot that lets you ask questions about the JFK files. It’s pretty interesting, they had to do a lot of OCR on old docs to get it to a usable state.
