…than that prompt to get the same results…

I am sorry, but I am not sure about the same results. At all.
In case of scripts, yet - your program will always work the same it is supposed to.
In LLMs? You never know. The main idea behind it is “feedback”, and each next iteration may not match the previous.

…
- Human - But I see lxc-204 was backed-up on 2026-05-19 in the logs.
- LLM - You have a sharp eye! This was my mistake, I am sorry. There’s indeed a record that it was backed-up. Now, take another look!

Of course, but the possibly LLM-generated article at 8ksec has no actual preview of even undisclosed proof-of-concept (PoC).
And the article is used as the main source at the Tom’s Hardware article, too.
Therefore, the question is, what is the main point of both the articles, if?:

1. No PoC preview is stated at all;
2. No LLM use is stated in the initial source (at 8ksec);
3. An explicit LLM use at 8ksec is mentioned in the Tom’s Hardware - Mythos by Anthropic;

In other words, it feels more like an ad for Mythos and Apple but based on absolutely no evidence at this point of time, and Mythos is mentioned at Tom’s Hardware article only.

I am sorry, but I didn’t see any actual exploit evidence, but just the ad “groundbreaking” Apple’s MIE and previous CVEs mentioned.

Nor there is any use of LLM/“AI” explicitly stated, too, except the article itself it refers to, which looks like LLM-written: 8ksec.io/mie-deep-dive-enabling-apps [web-archived]

Update (2026-05-17_13-09_0):
- In other words, it feels more like an ad for Mythos and Apple but based on absolutely no evidence at this point of time, and Mythos is mentioned at Tom’s Hardware article only.

The pass was audited more than the still freaking awesome KeePassXC mentioned (e.g. discussion#9921).
Also, no GUI is required, unless you meant keepassxc-cli.

More software supports pass out-of-the-box, including Git, Rclone, Docker etc., which you usually can change/proxy to a KeePass database handler like keepassxc-cli, but still.

Therefore, the KeePass specification is a marvel, too, especially for generally more convenient personal use, but Pass and GPG are just the enterprise/professional standard trusted by marvelous vendors (e.g. DigiCert).

keepassx2pass.py: imports KeepassX XML data
keepass2csv2pass.py: imports Keepass2 CSV data
keepass2pass.py: imports Keepass2 XML data

Source: https://www.passwordstore.org/

Just to clarify, how is it better than pass?: https://www.passwordstore.org/

Roger that! Thank you for being a developer and improving the ineffably magnificent world! ✨

In this case, we do relatively the same, and usually in database seeding and model factories, I believe, but personally I am more into the Laravel and Symfony, where the mentioned above PHP library is used there under the hood.

Please to stay safe!

Related: https://laravel.com/docs/13.x/eloquent-factories

A whole library, or a yet another ad for Python, sorry? Why not marvelous Perl, or any lovely PHP’s or a JavaScript faker?
Why a library in the first place?

In case of PHP (checked in v8.1)

echo date('Y-m-d', rand(strtotime('-90 years'), strtotime('-18 years')));
// 2007-07-30

And, I had a snippet for JavaScript (tested in the current Chrome’s EcmaScript).
We get the years in milliseconds, and substract from the current time.

console.log(new Date(Date.now() - 365*24*60*60*1000 * (18 + Math.random()*72)).toISOString().slice(0, 10));
// 1984-07-20

In shell even! Let’s use the common suit GNU coreutils (e.g. v9.4).
We have 90y - 18y = 72 years, that is 26,280 days or ~26,297 days (source)

$ date -d "-18 years -$(( RANDOM % 26297 )) days" -- '+%F';
# 1976-04-06

“You shouldn’t have to choose between open and secure.” The implementation backs that up. The friction is one-time for power users, but it’s a genuine obstacle for scammers and it makes opportunistic spyware installation meaningfully harder.

Source

-–

His argument: power users absorb a one-time inconvenience while vulnerable people (scam victims, children) get protected…
The pattern HN picked up immediately…

That’s the true believer pattern. The argument is ideological, so persuasion is off the table. He read the laws, decided compliance was the correct response, and went to work. Every objection the community raised went nowhere: that this enables surveillance infrastructure, that lying is trivially easy, that the laws themselves are unconstitutional overreach. He’d already accepted the law as legitimate and moved to implementation…

He hit three separate projects in one week…
He agreed entirely, writing that the approach would be “completely ineffective at preventing anyone from lying about their age.” He called it “hilariously pointless.” Then he said Arch Linux should implement it anyway because the law requires it…

The open source community has always relied on the assumption that contributors act in good faith toward user freedom. Taylor probably believes he does. The laws say collect birth dates, so he collected birth dates, and in his framing that was being helpful.

The reason to name him is the pattern. The surveillance state runs on volunteers: people who do the implementation work for free, out of genuine conviction, with no paper trail connecting them to the money that wrote the laws…

Taylor already has the resume line and knows the codebase well enough to try again. The deadline pressure only grows, the laws are real, and someone will be next. The community needs to recognize the pattern before the PR opens, not after.

Source

May I ask what instances you’ve found the most reliable and informative, considering?:

Not only this one… mainly, SearXNG instances are polluted by requests from the millions of self hosted AI instances these days…
Several open-source AI projects have a SearXNG integration / TBH that was never the intention…
Source: https://github.com/searxng/searxng/issues/5286#issuecomment-3621869284

Thank you! Mostly, because Chromium based are used by the most people around the world, and it’s related to my job in web-dev and security, since at least 2014.
It’s hard to guess what you actually meant, but let’s guess…

1. For a client, do you mean Firefox/LibreWolf/non-vendor?
   Has less features for modern web-dev. Well, sure, yet the development environment is much more featureful in Chromium.
2. For a search engine, do you mean a SearXNG instance or such as services as Kagi?
   Of course, but it’s unstable/erroneous from my experience, at this point of life. Yet, is monitored for better times.

If required, I’ve been having the following setup for a years or so. It works like a charm:

1. Set udm=14 as the default search “engine”;
2. Install an extension to hide the common places, like the following: Hide Google AI Overviews;
3. Disable buttons in UI as the search/omnibox;

Related:
- https://udm14.com/
- How to Remove AI From Your Google Chrome Experience

He said the game is mostly a simulation, but there are also “Easter egg components.”…

To make something like this, he said he first needed the physics of the event itself to model the landslide and the wave it generated. That information came from a paper nearly 20 people from the science community co-authored, including Lynett.

“You can’t do that with AI. You can’t do that with graphic artistry. You have to do that with modeling them the way we did when we create tsunami inundation zones. It’s the same models that we use. It’s engineering level. It’s design level physics,” he said.

From there, he said graphics artistry is needed. And then all of the scene components can be brought together to make the game playable.

Source [web-archive]

Thank you… heartfelt…

Wonderful day!

Just in case, there’s a term in “anglicism”:

…word or construction borrowed from English by another language. Due to the global dominance of English in the 20th and 21st centuries, many English terms have become widespread in other languages.
Technology-related English words like internet and computer are prevalent across the globe, as there are no pre-existing words for them.
English words are sometimes imported verbatim and sometimes adapted to the importing language in a process similar to anglicisation.

Source

For more than a decade, I’ve been trying to learn Russian, mostly for the art and the job I have. And, I did notice that there are words, in common/casual speech that do indeed include pure English terms/words, or even adapted from.
There’s a Russian page for “Anglicism”, too:
- https://ru.wikipedia.org/wiki/Англицизмы

It makes sense, since it’s one of the most easiest languages out there, with straightforward rules, with some exceptions you get on the road, and rare/archaic words you get eventually memorized in your own dictionary.
The Email messages are in the common/formal form/template even, you may know, too! I.e., header/body/footer/signature.

For example, I’ll try recalling some:

- “гаджет” ~ “gadget”;
- “дилер” ~ “dealer”;
- “фрилансер” ~ “freelancer”;
- “комп”/“компьютер” ~ “computer”;
- “чилить”/“чилю” ~ “chilling”;
- “таск” ~ “task”;
- “бейба” ~ “baby”;
- “чика” ~ “chick”;
- “аутсорсинг” ~ “outsource”;
- “секси” ~ “sexy”;
- “гайд” ~ “guide”;
- “булинг” ~ “bulling”;
- “трабл” ~ “trouble”;
- “маркетинг” ~ “marketing”;
- “постить” ~ “to post” (social network posts/articles);
- “гамать” ~ “to play a game”;
- “клатч” ~ “clutch”;
- “дедлайн” ~ “deadline”;
- “бит” ~ “bit”;
- “байт” ~ “byte”;
- “клуб” ~ “club”;
…
- or even… “эйчар” ~ “HR” (head hunter, employer)…

These I recalled now only, and I do believe it’s possible to write/base any English word in Russian.
Though, nowadays, my main is English, I was born in Lithuania, and Lithuanian language does also feature such words!
For example, “skenuoti” (to scan); “baitas” (byte), “seifas” (safe/safebox); “clubas” (club); etc.

Such a miraculous magnificent world of language development!

“Everyone Is Using A.I. for Everything” nowadays, a.k.a. vibe-living, and if you don’t, you’re a misfit outsider who should be stoned to death in the town square to prevent contagion, and then A.I. should resurrect you virtually from your data so you can be stoned to death in the virtual town square, for infinity…

Criticizing A.I. as a criminal plagiarizing machine that steals the work of artists without permission or compensation used to strike me as a bit hyperbolic…

The point is, I’m not saying all this to defend humanity. Humanity sucks. It’s totally terrible. I’m saying this because I believe in an old-fashioned virtue called Doing the Freakin’ Work.

Read the book, not the summary.
Write the piece, not the prompt.

Suffer like the artist you are. It ain’t easy, but if it were easy, it wouldn’t be worth doing.

Source: https://lemmy.world/post/46352865 (Chris (Simpsons artist) has illustrated a New York Times essay on artists using AI…)

Fudge AI in art, and creativity, or even technical responsible fields like programming.
And isn’t programming for human to control machinery, too?
I do still recall the book that featured Lisp, from MIT University we read:

Our goal is that students who complete this subject should have a good feel for the elements of style and the aesthetics of programming.

They should have command of the major techniques for controlling complexity in a large system.
They should be capable of reading a 50- page-long program, if it is written in an exemplary style.
They should know what not to read, and what they need not understand at any moment.
They should feel secure about modifying a program, retaining the spirit and style of the original author.

These skills are by no means unique to computer programming. The techniques we teach and draw upon are common to all of engineering design. We control complexity by building abstractions that hide details when appropriate.
We control complexity by establishing conventional interfaces that enable us to construct systems by combining standard, well-understood pieces in a “mix and match” way. We control complexity by establishing new languages for describing a design, each of which emphasizes particular aspects of the design and deemphasizes others.

~ Structure and Interpretation of Computer Programs (SICP) [ISBN: 0262510871]

It does not allow you to actually organize your own mind, to discover yourself, memorize, and learn.
Generative is empty. It’s noise. Do you like listen to and learn from noise? I don’t, and will never.

Obviously, there’s no creativity in AI, and especially in art.

AI makes no art, and there’s nothing to search for in it, also considering the amount of different people works and effort meatground into digital limited/sampled quantized data. It’s noise.

There’s no place for a machine in it, otherwise it becomes limited, lacking, and lifeless.
Art exists for people, us the humans to communicate with each other through time and narrow channels as general languages.

> “There are always two people in every picture…” ~ Ansel Adams

Source (AI struggles with true creativity compared to humans, study finds…)

Again, fudge AI over effort. Effort helps to stay accountable, responsible, and to realize the significance and infinite marvel of art…
Art is of human for human.

May I ask, why do you live there? Family? Highly paid job? Have you considered moving to a more warmer part of the Earth?

Apologies, on Earth? If so, impossible. As we know, the whole planet rotates 360deg in ~24 hours. Othrewise, please clarify the planet.

Indeed, ineffably marvelous artists at Steam and Valve!
Just in case, it’s worth to mention that Steam DRM is opt-in by default. The developer is solely responsible for implementing and activating it.

The Steam DRM wrapper by itself is not an anti-piracy solution. The Steam DRM wrapper protects against extremely casual piracy (i.e. copying all game files to another computer) and has some obfuscation, but it is easily removed by a motivated attacker…

The Steam wrapper can and should be used in combination with other DRM solutions. To do so, apply the Steam wrapper in compatibility mode first before applying any other DRM. Apply it first so that it does not interfere with the DRM solution. Compatibility mode will disable DRM capabilities of the wrapper.

Source: Public Steamworks Documentation [web-archive]

Thank you! I’ve updated the post, and added more context. I am sorry, but it does not look like a bug.

Update x2: not a bug - PlayStation just quietly confirmed it’s intentional.
Any digital game you buy after the march 2026 update now requires you to go online at least once every 30 days or it won’t even launch.

Source: https://xcancel.com/SmashJT/status/2048887546323808258#m

I am not sure nowadays about the limit from Steam/Valve side.

Cached license ownership Steam App tickets data is indeed stored locally, including a property apptickets in encrypted state in file .../Steam/userdata/${steamUserId}/config/localconfig.vdf.

The data is to be eventually mapped to the interface EAuthSessionResponse which may be used to implement the value for k_EAuthSessionResponseNoLicenseOrExpired.

k_EAuthSessionResponseNoLicenseOrExpired - 2 - The user doesn’t have a license for this App ID or the ticket has expired.

Source [web-archive]

This data is normally used by the Steam client only, and is available for explicit requests via Steam API, including third-party launchers.

# App Ownership Ticket

This part of the ticket is signed by Steam and is valid for a longer period of time, usually a couple weeks. It proves to your peer that you own the game you’re trying to authenticate for. It can be reused many times with different GC tokens.

It contains things like your SteamID, the ID of the app it was assigned for, your external and internal IP addresses, the times when the ticket was generated and when it expires, the licenses you own which grant you this game, any DLC you own, and a signature.

Since this part of the ticket is signed, has an expiration date, and can be reused, there’s no need to send it to Steam for validation, so it’s validated locally.

Source: https://github.com/DoctorMcKay/node-steam-user/wiki/Steam-App-Auth

If I do recall it correctly, previously, the Steam client debug console command licenses_print returned local “expiration times” for next checks with the remote API (as “handshakes”) within the 14 days limit.

The encrypted tickets data is considered signed, and I do recall reading about its signed “expires at” was set to 14 or maximum 30 days only. The 14 days matches out with the discounting limit:

Launch discounts start once your title is released on Steam and can be staged to run for between 7 and 14 days, ending at 10am Pacific on the applicable day…
Source [web-archive]

-–

Steam is an online service offered by Valve.
Source [web-archive]

-–

This is not actually true - Offline Mode is designed to be indefinite… Looks like Kotaku decided to link to this post from six months ago, and every game blog has copy-pasted it. The “two week” timeout issue has been fixed for months now, along with several other bugs. We’re still working on improvements, and you might catch them if you read the patch notes carefully, but we don’t bother to post on the forums every time we fix something (maybe out of fear that it will get posted as front-page news six months later?).
Source [web-archive]

Yet, still, I wish I had more time… to investigate it myself. It feels like the signature time depends on the title. considering the following article:

I constantly see people unknowingly spreading misinformation about how Steam Offline Mode operates and most of it dates back to 2004…
This post exists to explain how there is no time limit on Steam offline mode and Steam isn’t going to prevent you from preserving your games forever, assuming you take steps to back up your installation (which you should do anyway for any digitally downloaded games.)
…

Backup your Steam install folder, make one registry key, and you can play your games offline forever on any computer.

Source: https://redd.it/xt3xec (Steam Offline Mode has no time limit: an explanation…) [2022-10-01]

Related: Steam Guide: Steam Offline Mode has no time limit: an explanation [web-archive]