The amount of information about everything that people are giving OpenAI is astronomical, information that was previously kept closely guarded is now just freely flowing through foreign servers.

Truly a paradise for american intelligence. Would have expected that the chinese officials be briefed on not using us tech companies, but opsec is hard to teach, and even harder to always follow.

But the american silicon valley nerds pinky swear not to look!

How can you not trust them.

The T&C's promise they will look.

I don't quite understand the vulnerability, when exploited, you can get information about the page from which the exploit code is running. Without a sandbox escape or XSS, that seems almost completely harmless?

This is the "impact" section on https://github.com/huseyinstif/CVE-2026-2441-PoC:

Arbitrary code execution within the renderer process sandbox Information disclosure — leak V8 heap pointers (ASLR bypass), read renderer memory contents Credential theft — read document.cookie, localStorage, sessionStorage, form input values Session hijacking — steal session tokens, exfiltrate via fetch() / WebSocket / sendBeacon() DOM manipulation — inject phishing forms, modify page content Keylogging — capture all keystrokes via addEventListener('keydown')

Browser exploits are almost always two steps: you exploit a renderer bug in order to get arbitrary code execution inside a sandboxed process, and then you use a second sandbox escape exploit in order to gain arbitrary code execution in the non-sandboxed broker process. The first line of that (almost definitely AI generated) summary is the bad part, and means that this is one half of a full browser compromise chain. The fact that you still need a sandbox escape doesn't mean that it is harmless, especially since if it's being exploited in the wild that means whoever is using it probably does also have a sandbox escape they are pairing with it.

Thanks for the explanation. So much for AI making it easier to learn things!

My prediction is that reputation will be increasingly important, certain credentials and institutions will have tremendous value and influence. Normal people will have a hard time breaking out of their community, and success will look like acquiring the right credentials to appear in the trusted places.

That's been the trajectory for at least the last 100 years, an endless procession of certifications. Just like you can no longer get a decent-paying blue collar job without at least an HS diploma or equivalent, the days of working in tech without a university education are drying up and have been doing so for a while now.

The recent past was a nice respite from a strict caste system, but I guess we’re going back.

I think the recent past was a respite in very specific contexts like software maybe. Others, like most blue collar jobs, were always more of an apprentice system. And, still others, like many branches of engineering, largely required degrees.

This isn't new- it's been happening for decades.

Not new. No. But will be more.

Maybe my expensive university degree was worth it after all

Agreed, yet we will have to keep seeing this take over and over again. As if I needed more reasons to believe the world is filled with morons.

Yeah, some hardware vendors that sell things like pc cases or coolers have definitely noticed that people are really building way less PCs

To me it seems like the big question for the future will be how to achieve political relevance as "the little guy". It seems like with LLMs the typical "get educated" pathway for the lower class is closing quick. I dread to think of a world where large portions of society are essentially "useless".

I'm just going to say: When opening the "twins" (bad clones) screenshots, I pressed the right key to view the next image, and surprise, the next "article" of the top navigation bar was loaded, instead of showing the next image.

Is this the quality we should expect from agentic? From my experiments with claude code, yes, the UX details are never there. Especially for bigger features. It can work reasonably well independently up to a "module" level (with clear interfaces). But for full app design, while technically possible, the UX and visual design is just not there.

And I am very not attracted to the idea of polishing such an agentic apps. A solution could be: 1. The boss prompts the system with what he wants. 2. The boss outsources to india the task of polishing the rough edges.

===

More on the arrow keys navigation: Pressing right on the last "Products" page loops to the first "Story" page, yet pressing left on the first page does nothing. Typical UX inconsistency of vibe coded software.

I definitely got a strong feel of LLM output reading it. Not sure if the points themselves have any merit, but I don't think that I'll go and run to buy jpy.

Yes and feelings are real

Because it's not people doing the writing.

The advice is: identify human constraints and remove them with agents.

Yet another simple stupid idea inflated to a massive article with ai.