Tootfinder

Cracking CodeWhisperer: Analyzing Developers' Interactions and Patterns During Programming Tasks
Jeena Javahar, Tanya Budhrani, Manaal Basha, Cleidson R. B. de Souza, Ivan Beschastnikh, Gema Rodriguez-Perez
https://arxiv.org/abs/2510.11516

Cracking CodeWhisperer: Analyzing Developers' Interactions and Patterns During Programming Tasks
The use of AI code-generation tools is becoming increasingly common, making it important to understand how software developers are adopting these tools. In this study, we investigate how developers engage with Amazon's CodeWhisperer, an LLM-based code-generation tool. We conducted two user studies with two groups of 10 participants each, interacting with CodeWhisperer - the first to understand which interactions were critical to capture and the second to collect low-level interaction data using…

Setting humane goals for #BigTech
https://www.wired.com/story/big-interview-event-techdirt-mike-masnick-common-tools-alex-komoroske/

This phishing content hosting technique described by Barracuda is very clever. I find that the anti-analysis features are especially so: "it prevents right-clicking the mouse, blocks the keyboard’s F12 key (used for developer tools), and prevents common keyboard shortcuts like Ctrl/Cmd and Ctrl/Cmd Shift."
Regardless, the standard phishing prevention techniques of strong technical controls combined with end-user training (don't click on links in unexpected email messages…

Threat Spotlight: Introducing GhostFrame, a new super stealthy phishing kit
Barracuda threat analysts have spotted a deceptively simple phishing-as-service kit called GhostFrame that’s already launched a million attacks.

What if we viewed AI notetaking not as a solution but as a symptom of deeper workplace dysfunction?
(👆an AI assisted post ;-)
https://www.careful.industries/blog/2025-11-nine-risks-caused-by-ai-notetakers

Nine risks caused by AI notetakers — Careful Industries
AI transcription tools are not currently mature or reliable enough to be regarded as an always on, single-source of truth for meeting notes. Nine common risks, and six possible mitigations.

The European Union Agency for Cybersecurity (ENISA) is now a Common Vulnerabilities and Exposures (CVE) Program-Root, thus becoming a central point of contact within the CVE program for national/EU authorities, EU CSIRTs network members, and cooperative partners falling under ENISA’s mandate.
htt…

SCOOP'D: Learning Mixed-Liquid-Solid Scooping via Sim2Real Generative Policy
Kuanning Wang, Yongchong Gu, Yuqian Fu, Zeyu Shangguan, Sicheng He, Xiangyang Xue, Yanwei Fu, Daniel Seita
https://arxiv.org/abs/2510.11566

SCOOP'D: Learning Mixed-Liquid-Solid Scooping via Sim2Real Generative Policy
Scooping items with tools such as spoons and ladles is common in daily life, ranging from assistive feeding to retrieving items from environmental disaster sites. However, developing a general and autonomous robotic scooping policy is challenging since it requires reasoning about complex tool-object interactions. Furthermore, scooping often involves manipulating deformable objects, such as granular media or liquids, which is challenging due to their infinite-dimensional configuration spaces and…

New on my #Gentoo blog: One #jobserver to rule them all
"""
A common problem with running Gentoo builds is concurrency. Many packages include extensive build steps that are either fully serial, or cannot fully utilize the available CPU threads throughout. This problem becomes less pronounced when running building multiple packages in parallel, but then we are risking overscheduling for packages that do take advantage of parallel builds.
Fortunately, there are a few tools at our disposal that can improve the situation. Most recently, they were joined by two experimental system-wide jobservers: #guildmaster and #steve. In this post, I’d like to provide the background on them, and discuss the problems they are facing.
"""
https://blogs.gentoo.org/mgorny/2025/11/30/one-jobserver-to-rule-them-all/