RFK Jr. Vowed to Find the Environmental Causes of Autism. Then He Shut Down Research Trying to Do Just That.
Posted on r/politics |
Score: 22402 |
Comments: 582
While publicly vowing to find the environmental causes of autism and launching a $50 million research initiative, RFK Jr. has overseen the elimination of key federal research divisions and cut millions in funding for autism studies. As head of HHS, he has shut down existing research into environmental toxins linked to autism while promoting debunked theories about vaccines being the cause.
Key Points:
RFK Jr. eliminated the entire NIOSH division studying how parental chemical exposure affects autism risk
He has overseen tens of millions in cuts to federal autism research funding
He continues to promote the debunked theory that vaccines cause autism despite scientific consensus
His administration is rolling back pollution and chemical regulations, including some linked to autism
Researchers fear his new $50 million initiative will manipulate data to blame vaccines rather than conduct legitimate science
"Kennedy has also overseen tens of millions of dollars in cuts to federal funding for research on autism, including its environmental causes."
Stunning Audio Reveals Andrew Cuomo Counting on Trump to Help Him Win
Posted on r/politics |
Score: 14252 |
Comments: 669
An audio recording from a Hamptons fundraiser reveals that former New York Governor Andrew Cuomo is counting on support from Donald Trump and top Republicans to help him win the New York City mayoral election. Cuomo believes Trump wants 'redemption' in New York and that Republicans will tell their voters to support him over the GOP candidate to stop his progressive opponent, Zohran Mamdani.
Key Points:
Andrew Cuomo anticipates Donald Trump and top Republicans will direct support his way to stop progressive candidate Zohran Mamdani.
Cuomo stated at a fundraiser that he believes Trump wants 'redemption' in New York and that they could 'cooperate'.
Cuomo expects Republicans to tell their voters that a vote for the GOP candidate, Curtis Sliwa, is a 'wasted vote' and to instead support Cuomo to stop Mamdani.
Cuomo's public stance of declining Trump's endorsement contrasts with his private openness to working with him.
Mamdani slammed Cuomo's courting of Trump's support as a 'betrayal' of New Yorkers.
""I believe there’s a big piece of him that actually wants redemption in New York. He feels that he was rejected by New York... So I believe there will be opportunities to actually cooperate with him," Cuomo continued."
Vance, Hegseth and Miller Branded ‘Nazis’ in Botched PR Stunt
Posted on r/politics |
Score: 2904 |
Comments: 151
Vice President J.D. Vance, Defense Secretary Pete Hegseth, and White House Deputy Chief of Staff Stephen Miller were met with hostile protesters who branded them 'Nazis' during a visit to Washington D.C.'s Union Station. The visit was part of a Trump administration initiative to deploy the National Guard to combat crime in the capital, a move critics say focuses on low-crime tourist areas.
Key Points:
Top Trump administration officials (Vance, Hegseth, Miller) were heckled by protesters during a visit to Union Station.
Protesters shouted insults including 'Nazis' and 'Free DC,' referencing the administration's crime crackdown.
The officials visited National Guard troops deployed to D.C. as part of a controversial initiative to combat crime.
Critics note the troops are largely stationed in low-crime, high-tourist areas like Union Station and the National Mall.
Stephen Miller vowed to add 'thousands more resources' to the city and dismissed the protesters as 'stupid white hippies.'
"However, critics have observed that the service members have largely been stationed along the National Mall and at Union Station, two largely low-crime destinations visited by millions of tourists every year."
“Couch F***er!“: JD Vance Booed While Hyping Up Trump’s D.C. Takeover
Posted on r/politics |
Score: 2048 |
Comments: 110
Vice President JD Vance, Defense Secretary Pete Hegseth, and Stephen Miller were met with loud boos and heckling from a crowd in Washington D.C.'s Union Station during a photo op. The hostile reception occurred as they delivered burgers to National Guard troops deployed by Trump, a move opposed by a majority of D.C. residents according to a poll. The incident highlights the strong local opposition to the federal government's takeover and the presence of the National Guard in the city.
Key Points:
JD Vance, Pete Hegseth, and Stephen Miller were loudly booed and heckled with chants of "couch-f***er" and "Free D.C." during a visit to Union Station.
The trio was there for a staged photo op, delivering Shake Shack burgers to National Guard troops deployed to D.C. by Trump.
A Washington Post-Schar School poll found 65% of D.C. residents did not believe the National Guard deployment would make the city safer.
Stephen Miller dismissed the demonstrators as "elderly white hippies," while Vance became irritated and ended a press question session.
The event demonstrates significant local resistance to the Trump administration's federal intervention in Washington D.C.
"In fact, a recent Washington Post-Schar School poll found that 65 percent of D.C. residents did not think that Trump’s deployment of the National Guard would make the city safer."
Copilot Broke Your Audit Log, but Microsoft Won’t Tell You
Posted on r/programming |
Score: 562 |
Comments: 110
A security researcher discovered a critical vulnerability in Microsoft 365 Copilot that allows users to access files without generating an audit log entry, simply by asking the AI not to provide a link to the file. Microsoft fixed the issue but classified it only as 'important' and decided not to notify its customers, leaving organizations with inaccurate audit logs and significant security and compliance risks. The article criticizes Microsoft's handling of the vulnerability report and its lack of transparency with customers.
Key Points:
A vulnerability in M365 Copilot allows files to be accessed without any record in the audit log.
The exploit is triggered by asking Copilot not to provide a link to the file it summarizes.
Microsoft fixed the issue but did not follow its own disclosure guidelines or notify customers.
This creates a major security and compliance risk, enabling malicious insiders to access data undetected.
The same vulnerability had been reported a year prior by another researcher, but Microsoft failed to address it at that time.
"But what happens if you ask Copilot to not provide you with a link to the file it summarized? Well, in that case, the audit log is empty. Just like that, your audit log is wrong."
GPT-5 has been surprisingly good at reviewing Claude Code’s work
Posted on r/ClaudeAI |
Score: 428 |
Comments: 99
The author describes a workflow using Claude Code (Sonnet 4) for writing code and Traycer, which leverages GPT-5, to create a 'verification loop' for review. This process involves reviewing the written code against an original plan, which the author finds more effective than standard code review tools. The combination is praised for providing useful, context-aware feedback.
Key Points:
Uses Claude Code (Sonnet 4) for the actual coding tasks.
Traycer is used for initial planning and, crucially, for a subsequent code verification step.
The core innovation is the 'verification loop' where GPT-5 reviews code against the original plan.
This context-aware review is considered superior to tools that only analyze git diffs.
The author finds the $125 monthly cost for both services to be a worthwhile investment.
"Having verification tied to a plan makes the feedback a lot more useful."
How We Exploited CodeRabbit: From a Simple PR to RCE and Write Access on 1M Repositories
Posted on r/programming |
Score: 139 |
Comments: 7
Kudelski Security researchers discovered a critical vulnerability in CodeRabbit's AI code review tool that allowed them to achieve remote code execution on production servers. The vulnerability stemmed from improper sandboxing of the Rubocop linter tool, which could be exploited through a simple pull request. This gave attackers potential access to API tokens, secrets, and read/write access to over 1 million repositories.
Key Points:
Researchers achieved remote code execution (RCE) on CodeRabbit's production servers through a vulnerability in the Rubocop linter integration
The exploit allowed leakage of API tokens and secrets, potentially accessing their PostgreSQL database
Attackers could obtain read and write access to 1 million code repositories including private ones
The vulnerability was quickly remediated by CodeRabbit within hours of disclosure in January 2025
CodeRabbit strengthened security by moving Rubocop to a secure sandbox environment and rotating all credentials
"They confirmed the vulnerability and immediately began remediation, starting by disabling Rubocop until a fix was in place. All potentially impacted credentials and secrets were rotated within hours."
DeepSeek V3.1 Base Suddenly Launched: Outperforms Claude 4 in Programming, Internet Awaits R2 and V4
Posted on r/programming |
Score: 76 |
Comments: 27
DeepSeek has launched its V3.1 Base model, which features a 128K context length and significantly outperforms Claude 4 Opus in programming benchmarks at a fraction of the cost. The model's 71.6% score on the Aider programming test represents a major performance breakthrough in open-source AI. The update has generated substantial excitement, with users eagerly awaiting the upcoming R2 and V4 releases.
Key Points:
DeepSeek V3.1 Base launched with 128K context length and 685B parameters
Outperforms Claude 4 Opus in programming with 71.6% score on Aider benchmark
Costs only $1 per complete programming task (1/60th of proprietary systems)
A user is seeking alternatives to GitHub for their private project due to concerns over recent leadership changes and AI training on code. They require a cloud-hosted solution with version control, a Kanban board, 2FA, and role-based permissions, but do not want a fully self-hosted option.
Key Points:
User is currently using GitHub for a private project.
Key required features are cloud version control, Kanban, 2FA, and role-based permissions.
User does not want a fully self-hosted solution.
Primary concerns are GitHub's recent CEO exit and AI training on user code.
User is asking for comparable alternative service recommendations.
"My concerns started after recent exit of their CEO and other AI training on the code stuff."
Many Notes v0.12 - Markdown note-taking web application
Posted on r/selfhosted |
Score: 30 |
Comments: 2
Many Notes v0.12 is an update to the Markdown note-taking web application, which focuses on simplicity and user control by storing files both in a database and directly on the filesystem. This release introduces a raw Markdown editor toggle, automatic backlink updates when files are renamed or moved, and adds Pocket ID as a new SSO login option. The developer emphasizes that the app is still in beta and recommends users maintain backups of their data.
Key Points:
New toggle button for raw Markdown editing in the editor
Automatic backlink updates when files are renamed or moved
Added Pocket ID as a new SSO login provider
Files are saved in both a database and the filesystem for control and portability
Application is in beta and under ongoing development
"It uses a database to power its features, but your files are also saved in the filesystem, giving you full control over your vault structure and ensuring easy access and portability."
A user is seeking recommendations for an open-source, self-hosted gym workout app to replace their current paid options like Strong and Hevy. They have identified three potential candidates—Wger, Liftosaur, and Liftlog—and are asking the community for feedback on which is the most solid or if there are other hidden gems available.
Key Points:
User is dissatisfied with limitations and subscription fees of current apps (Strong, Hevy).
User specifically wants an open-source and self-hosted solution.
Three candidate apps have been identified: Wger, Liftosaur, and Liftlog.
User is requesting community input to evaluate these options or discover others.
"I’d really like to switch to something open-source and self-hosted."
Blog on 'Designing a Zero Trust Architecture: 20 open-source tools to secure every layer
Posted on r/programming |
Score: 16 |
Comments: 0
The article explains how to implement a Zero Trust Architecture (ZTA) using open-source tools to eliminate security vulnerabilities, as illustrated by the Swiss Cheese model. It defines ZTA as a set of principles focused on continuous verification and least privileged access. The core of the article is a categorized list of 20 recommended open-source tools to secure every layer of a system.
Key Points:
Zero Trust Architecture (ZTA) is a security design approach that eliminates implicit trust and operates on the principle of 'never trust, always verify'.
ZTA is not a single product but an ongoing strategy requiring tools for continuous monitoring, authentication, and authorization across all system layers.
Open-source tools are recommended for their flexibility, transparency, and the control they provide for building a comprehensive, customized security solution.
The implementation is broken down into six key categories: Firewalls, Network segregation, Encryption, Workload Identity, Authentication, and Authorization.
The approach is based on the Swiss Cheese model, where multiple layers of security are needed to cover the vulnerabilities inherent in any single layer.
"Zero Trust Architecture (ZTA) is a set of security principles that define a design approach focused on eliminating implicit trust."