When models prove and extensions betray: today’s big AI and security headlines

AI beats a decades‑old math conjecture; GitHub repos hit via a poisoned VS Code extension; plus token‑speed intuition, asm.js being retired, and a new pocket cyberdeck spec.

Intro

Two themes surfaced in today's feed: models doing unexpected creative work, and developer tooling becoming a high‑stakes attack surface. One story feels like a milestone for research workflows; the other is a blunt reminder that convenience in developer tools carries real risk. Below: quick takes, then deeper looks at the AI math result and the GitHub supply‑chain compromise.

In Brief

How fast is N tokens per second, really?

Why this matters now: Mike Veerman’s token‑speed demo helps engineers and product folks understand what model throughput numbers actually feel like in real use.

The demo page streams different modes (code, prose, "think", agent) at configurable token/second rates so you can watch latency and readability tradeoffs play out. As the author writes, "Unless you've actually watched tokens stream at those rates, the numbers are hard to internalize." The exercise highlights two practical points: (1) the same tok/s looks very different for token‑dense code versus prose, and (2) raw tok/s hides important plumbing — prefill, decode rate, and how long context costs you. For anyone planning UX or pricing around streaming models, this is a simple, clarifying tool.

"Unless you've actually watched tokens stream at those rates, the numbers are hard to internalize."

Saying goodbye to asm.js

Why this matters now: Mozilla dropping asm.js optimizations in Firefox 148 signals final platform-level nudges to fully embrace WebAssembly for heavy native‑ported workloads.

Mozilla explains that "asm.js is just a subset of plain JavaScript," so turning off special optimizations won't break sites — but it does remove maintenance burden and attack surface. The practical advice is blunt: if you still ship asm.js builds, recompile to WebAssembly for better performance and smaller downloads. This is partly historical housekeeping — asm.js was a bridge to get C/C++ engines running in browsers — but for developers shipping wasm builds, it removes one more backward‑compatibility footnote.

"asm.js is just a subset of plain JavaScript."

Flipper One tech specs point to a true pocket cyberdeck

Why this matters now: The Flipper One spec sheet shows a portable device with desktop‑class I/O and an M.2 expansion slot, making it attractive as an on‑the‑go hardware playground.

The specs page lists a Rockchip RK3576, 8 GB LPDDR5, HDMI 2.1, dual Gigabit Ethernet, Wi‑Fi 6, and an M.2 Key‑B slot for modules (SDRs among them). Commenters see it as a class jump from the Flipper Zero: not a toy but a compact Linux multi‑tool. That versatility is exciting for tinkerers — and it raises the familiar regulatory headache around radio modules and what counts as permissible use.

Deep Dive

An OpenAI model reportedly disproved a long‑standing discrete geometry conjecture

Why this matters now: OpenAI says its general‑purpose reasoning model produced a verifiable counterexample to a decades‑old Erdős‑style planar unit‑distance conjecture, marking what the company calls the first time AI autonomously solved a prominent open problem in mathematics.

OpenAI published a post claiming the model made a creative cross‑domain leap, then produced a counterexample and a companion remarks document vetted by mathematicians. The company framed it as a milestone: "the first time AI has autonomously solved a prominent open problem central to a field of mathematics." Community reactions mix excitement and skepticism. Several researchers praised the result — one postdoc called the writeup "novel and exciting" — but others pushed back on provenance, reproducibility, and attribution.

Why be cautious? Mathematics demands reproducible, inspectable proofs. According to the coverage, experts who reviewed the model's output found a substantive argument, but parts of the conversation are already shaping policy: arXiv and some journals are tightening rules about unverified AI‑generated results. That makes sense — human reviewers need traceability to prior work and a clear chain from idea to proof so credit and error correction work as they always have.

Practically, this episode underscores three things. First, models can help by exploring unexpected constructions and weaving together techniques from different subfields. Second, human vetting remains essential; AI is a creative assistant, not an automatic arbiter of truth. Third, the research infrastructure — preprints, citations, code, and proof assistants — will have to adapt. If models generate proofs, journals and archives will need standardized provenance metadata and reproducible artifacts so communities can audit claims.

"AI is helping us to more fully explore the cathedral of mathematics we have built over the centuries." — paraphrasing OpenAI's framing

For readers who live at the intersection of ML and formal sciences: expect more such hybrid workflows. Researchers will increasingly use models to sketch avenues, then lean on formal verification tools and peer review to convert those sketches into durable theorems. The debate now is less "can models find new math?" and more "how do we integrate, credit, and audit model‑generated math?"

GitHub confirms breach of ~3,800 internal repos via a malicious VS Code extension

Why this matters now: GitHub said a poisoned Visual Studio Code extension on an employee device led to the exfiltration of roughly 3,800 internal repositories, highlighting that editor extensions are a high‑impact attack vector.

GitHub's statement, as reported, says it "detected and contained a compromise of an employee device involving a poisoned VS Code extension." The company isolated the endpoint, removed the malicious extension version, and is investigating scope; it currently assesses that the activity "involved exfiltration of GitHub‑internal repositories only." A group calling itself TeamPCP claimed responsibility and posted a sale notice: "this is not a ransom... 1 buyer and we shred the data on our end," demanding at least $50,000.

The incident illuminates a recurring pattern: developer workflows lean heavily on community extensions that run with broad privileges. VS Code extensions can access files, network, and the running environment; one malicious update on a developer device can cascade into a major supply‑chain problem. Hacker News threads pushed concrete mitigations: improve extension sandboxing, implement explicit permission models, freeze automatic extension updates on sensitive endpoints, and shift development into remote containers or cloud IDEs where the local machine is less trusted.

Two takeaways for engineering teams. First, treat developer machines as production‑critical infrastructure. Hardening, endpoint detection, and strict extension policies belong in threat models. Second, platforms must evolve: permissioned extension APIs, signed builds with reproducible provenance, and safer default sandboxes would reduce blast radius. Until then, use dev‑containers, minimize local privileges, and audit installed extensions regularly.

"this is not a ransom... 1 buyer and we shred the data on our end" — claimed by TeamPCP

Incidents like this make a persuasive case that securing toolchains is not a boutique problem — it's central to software supply‑chain security.

Closing Thought

We’re in an odd moment where models are expanding what humans will try, and developer tooling choices determine whether innovations stay useful or become vulnerabilities. Expect more stories that sit on that fault line: breakthroughs that need human discipline, and conveniences that demand stricter platform guardrails.