👋🏻 Welcome to the 75th! (1 year, 5 months, and 10 days, omg!)

📰 Read #75 on Substack for the best formatting

What’s happening 📰

• 🚨 If you are using Google Chrome before 128.0.6613.84, UPDATE IT RIGHT NOW.
  Why? Microsoft identified a Citrine Sleet (North Korean threat actor) exploiting a zero-day vulnerability in Chromium, now identified as CVE-2024-7971 (Type confusion in V8 allowed to exploit heap corruption), to gain remote code execution (RCE). Here are the key things:

  • They lead users to attacker-controlled domains where they’ll serve the exploit.

  • That'll execute code in the sandboxed Chromium renderer process, the shellcode containing a Windows sandbox escape exploit, and will download the FudModule1 rootkit, and then load into memory.

  • This attack was explicitly against the cryptocurrency holders, as this has the potential to leak or give access to private keys from Browser-based wallets.

✨ AGI Digest

• ⚓️ Model Drops

  • 👀 The Qwen team dropped the Qwen2-VL family with vision LLMs in three sizes - the open-sourced Qwen2-VL-2B and Qwen2-VL-7B and the Qwen2-VL-72B served via their API. The 72B has impressive image and video understanding capabilities, beating the likes of GPT-4o and Claude-3.5-Sonnet and achieving SoTA on several vision benchmarks. Along with these benchmark improvements, Qwen2-VL can handle images of arbitrary resolutions, which the previous Qwen-VL could not.

    

  • 🥇 Salesforce AI released LlamaRank — a Llama-3-8B-Instruct fine-tuned for retrieval tasks. LlamaRank beats several top rerankers, including the Cohere Reranker V3 in general document reranking and as per their blog, “shows marked improvement for code search compared to other rerankers“. However, if you were to use an 8B model for reranking, why not simply call Gemini-1.5-Flash or GPT-4o-mini which have a much better text and code understanding?

    

• 📦 Product Improvements

  • 🖼️ Anthropic made Artifacts available for all free and paid Claude users (across all platforms), so now everybody can take advantage of the dedicated window to view, build and iterate on their work. Also, amidst the allegations of Claude becoming dumber recently, the team published the default system prompt of the conversation used in the Claude website and mobile.

  • 💍 Google allows customizing Gemini via custom instructions, just like OpenAI’s “GPTs”, to create Gemini Gems. Though these are accessible only to Gemini Advanced users for now :/

    

  • 🚅 Cerebras set a new record for LLama inference speeds, serving Llama 3.1 8B at a whooping 1,850 out tokens/s and the 70B at 446 out tokens/s 🤯 with a very competitively priced $0.1/1M tokens for the 8B and $0.6/1M tokens for Llama 3.1 70B. These speeds are nearly 10x faster than the ones offered by OpenAI, Google, and Anthropic for their current small models — GPT-4o mini, Gemini 1.5 Flash, and Claude 3 Haiku.
    This breakneck breakthrough is made possible by the Cerebras WSE-3 custom 5nm AI chip built on a unique wafer-scale design. A single WSE-3 chip is over 50x larger in total area than a Nvidia H100 and hosts 900,000 cores with 44GB of on-chip memory (SRAM), storing the entire model in memory.

    

• 🚨 Elon came out in support of passing the SB 1047 AI safety bill. Officially titled the “Safe and Secure Innovation for Frontier Artificial Intelligence Models Act“, the bill proposes that AI companies implement critical safety measures before training advanced foundational models. This includes the ability to quickly deactivate models and protect against unsafe modifications post-training and holding AI developers accountable for damages resulting from their models aiming to ensure that companies take responsibility for potential harms associated with their technologies, among other restrictions. This, if implemented would deal quite a blow to the devs working in AI and the Open-Source community on whose foundations, most of the frontier research today has been possible.

  

• ✨ Interesting announcements

  • 🪄 Magic introduced LTM (Long-Term Memory), an AI model architecture designed to reason on up to 100M tokens of context during inference. LTM models use a sequence-dimension algorithm that is significantly more efficient than traditional attention mechanisms, allowing them to process ultra-long contexts with lower computational and memory requirements. They implemented it in their first model, LTM-2-mini demonstrating its application in tasks like code synthesis.

  • 🎮 The Google Research team released GameNGen — a game engine that can interactively simulate the classic game DOOM at over 20 frames per second on a single TPU (the original DOOM required a minimum of 8MB RAM and 100MB disk space on a Windows 95 btw, lol). They first trained an RL agent to learn to play the game to collect gameplay data on a large scale. They then fine-tuned a diffusion model to generate short gameplay clips from their RL agent’s gameplay, which the model understood so well that human testers were – for the most part – unable to distinguish them from real gameplay.

🔐 0x Digest

• 🔓 Russian Researchers extracted Intel SGX Fuse Key0 aka Root Provisioning Key, this led to questions all around the security of the security model of Trusted Execution Environments (TEEs). Intel hardware was criticized as being too complex to be secure.
  Then Marvin from PhalaLabs wrote a thread on how “it’s a software bug and can be patched, and it shouldn’t mean that the entire TEE security model is broken”. (but hey experts are saying exactly the opposite).

• 🛤️ Starknet introduced "Parallel Execution" in the latest upgrade, while their DAU dropped by 90% from the start of the year.

• 🏙️ MakerDAO rebranded itself to "Sky" (but why?) and launched a shady-looking site. For the token holders 1 MKR can be upgraded to 24,000 SKY and 1 DAI to 1 USDS. RIP DAI 🙏 and the community shall speculate the rest.

• ⛓️‍💥 Pavel Durov (Telegram's CEO ) got arrested, as he exited his private jet and then released on €5 million bail, forbidden to leave France.
  Amid all this [the company is facing management issues, as they were not ready for the days of Pavel's absence. Not only that, their token TON went down by 10% in the last 1 week, and the chain itself saw some halts and instability for hours. Also, this is a good time to remind you, that Telegram doesn't do End-to-End encryption in regular chats.

• 🐣 Some takes from the Bird app

  • Justin from CyberCapital dropped a clickbaity hot-take "Ethereum is dying while L2's dance on its grave" 🧵 and it worked, he got a shit ton of engagement.

  • Vitalik, ETH Daddy talked about Airdrops saying “Airdrops are a fascinating initial use case for ZK/blockchain-based attestation frameworks”.

🛠️ Dev & Design Digest

• 🤖 We’ve been using AI to write shit tons of JS, but someone tried a new thing using ChatGPT to reverse engineer minified JavaScript, and turns out it’s very good at it. It helped turn minified JS into okayish-looking React code.

• 👑 The history & future of regexes in JavaScript is a neat write by Steven on how and why regexes are pain, how JavaScript has improved the developer experience with Regex over time, and a gentle introduction to the new and complex flag -v which was added in ES2024 to support unicodeSets.

• 🙂‍↔️ Chrome 129 will ship with scrollSnapChange and scrollSnapChanging events from JavaScript. By implementing built-in snap events, the previously invisible snap state will become actionable, at the right time, and always correct.

  • scrollSnapChange fires only if a scroll gesture has resulted in a new snap target having been rested on, which earlier was done using intersection observer to find what element had crossed the scroll port and then calculate it sometimes with a bunch of hacks.

  • and scrollSnapChanging brings on the table was impossible before, it fires as soon as the browser has decided that the scroll gesture has or will result in a new snap target. It fires eagerly and during scrolling. (so like a shit ton of events)

• 🔎 3 years after the issues with AWS, finally Elasticsearch and Kibana can be called Open Source again. They will be adding AGPL as another license option next to ELv2 and SSPL in the coming weeks. (their patch-up with AWS is a miracle, they were "AWS partner of the year", lmao)

What brings us to awe 😳

• 📮 xsspup breaks the programmers’ fallacies about postcodes, we’ve seen and read a lot of these about timezones, but postcodes don’t have it all sorted either. They share some postcodes like 0872 from Australia to quickly break the beliefs like postcodes only have a single state, or a single timezone, etc.

• 💣 When Regex Goes Wrong, is a short article listing a few major outages caused due to Regex, either ReDOS (Cloudflare's 2019 Outage) or bad matching taking down the systems (CrowdStrike 2024). This makes a case for being careful while using Regex and should we be using them less now?

• 🗺️ How maps are modified to win elections by MapMen (yup! they are back). Also, includes the origin of Gerrymandering and how it's pronounced wrongly today. (inner Shasn player screams).

Today I (we) Learnt 📑

• 🥘 Did Draupadi, the main female protagonist of the ancient Indian epic Mahabharata, and the wife of the five Pandava brothers, apparently invented Pani Puri? [Source: Trust me, bro]
  It is said that Kunti gave a challenge to her daughter-in-law, to feed her sons with food made out of scratch. Draupadi transformed leftover aloo sabzi (potato curry) and dough into the delectable “Pani Puri” while in exile.

• 😎 Several Indian companies with really cool, foreign-sounding names usually have very desi origins. Eg: Ranbaxy is a blend of Ranbir and Gurbax. (Video has more)

• 🐈 If you spot a cat with three colors (two colors on top of the coat's base color), you can be almost sure that it is a female. Male cats with three colors are rare (~1 in 3000). If it has two colors, it is equally likely to be a male or a female. This is because the gene that determines these colors is linked to x chromosomes; females have two of them while males have one.

• ✨ macOS (13 or later)’s Preview app has an inbuilt “Copy/Share Subject”, feature which lets you copy the subject around your cursor (remember Segment Anything Model?). It not only works well, but oh boy the animations are super nice. (see picture below).

  

🤝 You have read ~50% of Nibble, the following section brings tools out from the wild.

What we have been trying/reading 🔖

• ⛓️‍💥 PaywallBuster: Another place to help you break down the paywalls. (until all apps patch this of course!)

• 🧠 The Grug Brained Developer: A layman's guide to thinking like the self-aware smol-brained [Shared by Vishal]

• 🔠 Geist: Vercel’s default font, and our new goto fonts for blogs and portfolios. (you’ll be missed Manrope)

• 🧪 Free Public APIs: a collection of APIs for students and developers, there is a lot, no? The catch is these are tested/monitored every single day.

Builders’ Nest 🛠️

• 📧 plunk - an open-source email platform built on top of AWS SES, can be considered as a self-hosted alternative to services like SendGrid, Resend, or Mailgun.

• 👗 Kolor Virtual Try-On: Huggingface playground for virtual try-on of garment images on a person.

• 🍱 ai-digest: A CLI tool to aggregate your codebase into a single MD file for use with Claude Projects or custom ChatGPTs.

• 🔌 over-the-wire: an experimental Node.js packet manipulation library.

Meme of the week 😌

Off-topic reads/watches 🧗

• 🏢 A Company is a language by Jason Fried, explains how companies are like complex languages, each with unique nuances.

• 🔮 For what it'll make of you by DHH, explaining why we should think about what we’d like to become more often than thinking about what we’d like to get.

• 😶‍🌫️ Language conceals and reveals by Seth, When in doubt, look for the emotions and desires behind the words.

• ☕️ James Hoffman ran an experiment to verify Huberman’s claims on skipping coffee for the first 2 hrs after waking up to prevent an early afternoon crash and what did he find? No significant differences whether you drink coffee right after waking up or 2 hours.

Wisdom Bits 👀

“The man who views the world at 50 the same as he did at 20 has wasted 30 years of his life.”
― Muhammad Ali (Cassius Marcellus Clay Jr.)

Wallpaper of the week 🌁

🌌 Grab the week’s wallpaper at wow.nibbles.dev (this week’s wallpaper has a September calendar in it like the desktop wallpapers people used to have back in the days of Windows 7)

Weekly Standup 🫠

• Nibbler P had some meetings and demos that kept him busy this week. He finally compiled a collection of fun etymologies on his blog and did a sweet 6k run while exploring a carnival near his house this week.

• Nibbler A had a week helping the builder build and ended the week reading, ideating, and optimizing some code. Spent the weekend with homies, connected to some friends after long, and prepped for some weeks ahead.

If you liked what you just read, recommend us to a friend who’d love this too 👇🏻

Refer a friend