Socket

Socket AI

Socket AI

Socket AI

Socket AI

Socket AI

Socket AI

Socket AI

Socket AI

Socket AI

Socket AI

I built a tool that shows you what GPT-2 is "thinking" in real-time as it generates 3D graph of concept activations per token [R]

Been going down a mechanistic interpretability rabbit hole for the past few weeks and ended up building this thing called AXON. The idea: every time GPT-2 generates a token, its residual stream gets passed through a Sparse Autoencoder (Joseph Bloom's pretrained SAE). The SAE decomposes it into human-interpretable feature: hings like "European geography", "capital cities", "French language" and streams those to the browser over WebSocket, where they show up as a live 3D force graph. Nodes = SAE features. Edges = features that fired together on the same token. Node brightness = activation strength. The whole graph evolves token by token. What surprised me most: type "The capital of France is" and you can literally watch geography features, proper noun features, and completion-pattern features light up before the word "Paris" even gets generated. It's not what the model outputs that's interesting it's what's happening right before it decides. Stack: TransformerLens + SAELens on the backend, FastAPI WebSocket for streaming, Three.js + 3d-force-graph on the frontend. Runs on CPU (~800ms/token) or GPU (~35ms on a 4050). Labels come from Neuronpedia's API and get cached locally. You can also swap in other models — GPT-2 medium/large/xl, Pythia variants, Gemma-2-2B — as long as there's a pretrained SAE for it in SAELens. GitHub: https://github.com/09Catho/axon Would love feedback and stars especially from anyone who's worked with SAEs before curious whether the co-activation edges are actually meaningful or just noise at this layer. submitted by /u/Financial_World_9730 [link] [comments]

Solo indie game developer, new grad no formal SWE experience in love with how productive Claude has made me

My game has gone through a few iterations at this point, but Claude, specifically Claude Code has been game changing for me. Started in the desktop app with 3.5 haiku, now on the max plan with Claude Code. I'm interested to hear from other recent college grads that have built something with these new coding tools. I don't know how much of my project I should attribute to Claude Code, my education, my sheer persistence, or all of the above. Not saying my game is bullet proof BY ANY MEANS, but it's WAY more than I would've ever been able to build without CC. Basically 100% of the code has been written with Claude Code, or copying and pasting over from Claude's desktop app before Claude Code was a thing. Some highlights of what Claude helped me out with: - No wasting time reading syntax docs for libraries, understand what libraries function is -> implement - Real-time multiplayer up to 10 players per lobby - Cost-optimized serverless GPU autoscaling (minimizing GPU costs) - Mobile first phone as controller UX like Jackbox, or Kahoot -Mobile browser socket connection troubleshooting -R2 bucket policy deletes prompts and images daily -Open source image model, presented cold start challenges 6 months ago I was a new grad with no SWE experience. Today I'm running https://imageclash.net. It's real-time multiplayer party game focused on creative, comedic, AI image generation in a competitive format (think Cards against humanity with AI images). Players create prompts → AI generates images → everyone votes on the funniest ones. Just wanted to share because Claude Code is genuinely incredible for solo builders with limited experience. This project would have been impossible for me on my own, and it has always been my dream to build games submitted by /u/Dsc_004 [link] [comments]

Heren Godot MCP — Fast, powerful, simple. (+Benchmarks!)

There are already a few great MCP servers that connect AI assistants to the Godot engine. Heren takes a different path: instead of starting a fresh Godot process for every request, it keeps a lightweight WebSocket daemon running in the background. Once launched, the engine stays alive and responsive, so the AI can interact with your project almost instantly! This seemingly small shift makes a HUGE difference in practice: · Operations complete in around 20ms rather than waiting for a full engine cold start. · Because Godot remains alive, sub‑resources like collision shapes, materials, and environments are fully persisted in your scene files – something that’s tricky to get right with ephemeral processes. · Signal connections, batch operations, and script editing all feel smooth and consistent, without the “stop‑and‑go” rhythm of launching and quitting the engine repeatedly. · A built‑in debug system gives the AI access to breakpoints, stack traces, watch variables, and console output, so it can help you troubleshoot in real time. · GPU‑accelerated screenshots let the AI literally see the viewport and real-time coordinates, which is incredibly handy for visual feedback. · The daemon shuts itself down automatically after three minutes of inactivity, so it’s gentle on resources. All of this is built through 15 carefully designed tools that cover scene management, nodes, resources, scripts, shaders, animations, validation, and debugging. The project is open source, completely free, and bilingual (English/Spanish). They said "here be dragons", because they were afraid of their power! 🐉 submitted by /u/Lordddddddy [link] [comments]

I built a sidebar for Claude Code: every prompt clickable, jumps the terminal back to that turn

The why: I run Claude Code in a tmux session on a Linux dev box, SSH'd in from a Windows laptop. The terminal-only flow worked, but I wanted three things tmux alone doesn't give me — clickable prompt history, a file panel next to the terminal so I stop cat-ing things to look at them, and push notifications when Claude is waiting for me without staring at the tab. Existing tools each solve one slice (ttyd = terminal only, filebrowser = files only, code-server is VS Code-shaped and heavy). I wanted them in one page, on every device. Started as a weekend project, ended up as my daily driver. What it is: a single Go binary on your dev box. SSH-tunnel into 127.0.0.1:8080: xterm.js terminal, tmux-backed (survives disconnects, sleeps, server restarts) File tree (preview, drag-drop upload, follows your cd via tmux's pane_current_path — no shell integration needed) Activity panel reads ~/.claude/projects/*.jsonl and shows every prompt. Click one → terminal scrolls back to that turn. Same for Top-bar chips for active model + latest context tokens Push notifications via Claude Code's Stop hook (laptop pings when Claude is idle, even with tab backgrounded) Design decisions worth sharing: tmux is the durability layer. Every session is tmux new-session -A -s {id}. Shell survives WS disconnect, server restart, idle timeout because tmux already solved that. roost owns the WebSocket bridge and an append-only disk log — that's it. Single-user-per-instance, forever. I refuse to add accounts/RBAC. Two people share a host? Each runs their own roost serve on a different port. UNIX UIDs handle isolation. Multi-tenant logic belongs in a reverse-proxy, not the binary. Kept the auth code under 100 lines. Vanilla JS, no build step. Frontend is plain files under //go:embed all:web. No bundler. Easier to debug, easier to ship, lower future cost. One bug worth flagging: tmux's display-message -p '#{x}\x1f#{y}' returns 0x1f as literal _ when tmux is launched without a UTF-8 locale (systemd / launchd units, for example). Burned an hour on this before realising tmux -u is the one-line fix. If you ever pipe tmux through field separators, lock the locale. Validated combo right now: Linux server + Windows Chrome over SSH tunnel. macOS-as-server works but has rough edges. Codex sessions work too if you swap agents. Repo + GIF demo: https://github.com/liamsysmind/roost v0.1.0 tarballs: https://github.com/liamsysmind/roost/releases/tag/v0.1.0 If you drive Claude Code over SSH — what's missing for you? submitted by /u/Adventurous_Sun9149 [link] [comments]

I tested GPT-5.5 Codex against Opus 4.7 Claude Code, and it's about time Anthropic bros take pricing seriously.

I've used Claude Code the most among AI coding agents. Sonnet, Opus, I've run them all. The reason is simple: they're beasts at tool execution and prompt following. That's also why Anthropic dominates API revenue from code agents. First-mover advantage is real, and developers love them. But GPT-5.5 Codex has been insanely good. When new models drop, I run real tests, not benchmarks. This time I built two tasks: Test 1: PR triage bot – GitHub MCP, scoring formula, Slack alerts, retries, strict TS, no "any". Test 2: Real-time code review UI – React, WebSockets, optimistic rollback, virtualized diff, WS reconnect. Same prompts. Same MCP (GitHub + Slack). Same machine. Here's what I found out: Claude Code (Opus 4.7): - Verified MCP before writing a line - Built 36 files in 12 minutes - Wrote its own WebSocket smoke test (3ms broadcast) - Zero errors first run - Total cost: ~$2.50 Codex (GPT-5.5 via Cursor): - Failed Task 1 (GitHub MCP not reachable – Cursor environment issue, not model) - Task 2 shipped but needed a patch for infinite React loop - 28 files, more compact architecture - Total cost: ~$2.04 (18% cheaper) Claude shipped cleaner. Codex needed a patch pass. For complex, architecture-heavy work, I still reach for Opus – no question. But Codex was leaner, cheaper, and open source. For tight, self-contained tasks where you want to ship fast – Codex holds its own. I'm not switching. But for the first time, I'm watching the pricing gap. Full breakdown with all code, prompts, run logs, and cost tables: https://composio.dev/content/claude-code-vs-openai-codex submitted by /u/geekeek123 [link] [comments]

RT @SocketSecurity: 🐘 @packagist is urging #PHP projects to update Composer after a GitHub token format change caused some GitHub Actions t…

RT @SocketSecurity: 🐘 @packagist is urging #PHP projects to update Composer after a GitHub token format change caused some GitHub Actions t…

I spent much of this year in the hospital with my mom. I built this so I could keep iterating on my more automated workflows while my dev machine was at home.

Wanted to share my mobile claude/codex session tool: Chroxy. TL;DR Chroxy is a (yet another!) self-hosted remote client for Claude Code. You run a small daemon on your dev machine, scan a QR code with the app. Then you have access to your terminal sessions and a clean chat view that renders Claude's output as readable messages. Everything goes over a Cloudflare tunnel so there's no port forwarding or VPN setup. Originally, I'd be sitting in a hospital room for hours and come back to my laptop just to find Claude sitting at "Ready to start?" the whole window wasted. I needed a way to stay in the loop, approve a permission prompt, or kick off the next task without physically moving to my machine. The Anthropic billing changes in June are going to steal some of the benefits away from the app... I'm aware that makes it less accessible for some people, and I thought about that before deciding to release it anyway. Honestly, it's been useful enough to me that I'm willing to make that trade. If you're already on API billing it won't change anything for you. Why not /remote-control? When Anthropic launched the rc feature, I stopped development and spent some time with it. It was underwhelming to me (Maybe user error). So, I came back and kept refining this. The stack Server: Node.js 22, ES modules, runs Claude via the Agent SDK (in-process) or the legacy CLI. WebSocket protocol with Zod-validated message types. Mobile app: React Native + Expo, TypeScript, xterm.js terminal emulation in a WebView, Zustand for state, native speech-to-text Desktop: Tauri tray app wrapping the web dashboard Security: E2E encrypted — X25519 key exchange, XSalsa20-Poly1305. The tunnel sees ciphertext only. Other bits: pluggable provider system (Claude, Gemini, Codex all work with the same app), Docker container isolation for sessions, permission rule engine, git worktree support I built it because I needed it, it let me play with tools I find genuinely interesting, and it feels like a waste to keep it private. If you're into LLM tooling or just want a self-hosted way to run Claude Code remotely, maybe it's useful to you too. My mom passed away in March. I'm sharing this partly because building it kept me sane during the months in the hospital thinking she'd be fine, and I think it might be useful to other people. Repo is blamechris/chroxy. There are many like my project, but this one is mine. :') submitted by /u/xcVosx [link] [comments]

Claude Code vs Codex: 36 files vs 28, $2.50 vs $2.04, and one infinite loop. My full breakdown.

I've been using Claude Code for months. It's been solid. But with Opus 4.7 and GPT-5.5 both dropping in April, I wanted to see how Codex actually compares on real problems, not benchmarks. https://preview.redd.it/fkwjy5eg3y0h1.png?width=1540&format=png&auto=webp&s=e1df6e53f1164a6da0deabaafe53118cb01b171e Been meaning to do this for a while. Sick of seeing benchmark screenshots, so I just built stuff. So I built two tasks. Same prompts. Same MCP setup (GitHub + Slack). Same machine. Task 1: PR triage bot Read open PRs, score by complexity (files ×2, lines/10, +3 for no labels, +5 for no reviewers), write a markdown report, post Slack alerts for high scores. Required retries, error logging, strict TypeScript, no "any". Task 2: Real-time code review UI React + TypeScript, WebSockets, inline comment threads, optimistic updates with rollback, virtualized diff viewer, WS reconnect with exponential backoff. No UI libraries. Build from scratch. What Claude Code did: - Ran `/mcp` to verify tools before writing a line - Built 36 files in 12 minutes - Wrote an unprompted two-client WebSocket smoke test (broadcast: 3ms) - Zero "any", passed typecheck first try - UI worked immediately What Codex (via Cursor) did: - Failed Task 1: GitHub MCP wasn't reachable through Cursor's execution path. Handled it cleanly though: retried 3 times, logged errors, didn't crash. - Task 2 shipped a working UI in ~15 min, smoke test passed at 5ms - Hit TypeScript errors on first compile and an infinite React loop (useEffect calling hydrate repeatedly). Needed a ref guard patch. - 28 files, more compact architecture Cost (estimated, both tasks): - Claude: ~$2.50 - Codex: ~$2.04 About 18-23% difference. Not massive, but real. What I actually think: Neither agent "won". They're built for different things. Claude feels like pairing with someone who verifies everything before touching the keyboard. Codex feels like a senior dev who wants to ship and move on. What surprised me: no "any" leaks, no hallucinated tool names, both got WebSocket broadcast under 10ms. Six months ago that wasn't a given. submitted by /u/geekeek123 [link] [comments]

It’s not every day a competitor promotes your product in their launch image. Thanks for the endorsement, Endor Labs. 😅 For anyone wondering, sfw is Socket Firewall, and yes, you can install it fr

It’s not every day a competitor promotes your product in their launch image. Thanks for the endorsement, Endor Labs. 😅 For anyone wondering, sfw is Socket Firewall, and yes, you can install it from npm today: npm install -g sfw https://t.co/XvQSolNlYR

🐘 @packagist is urging #PHP projects to update Composer after a GitHub token format change caused some GitHub Actions tokens to be exposed in CI logs. GitHub has rolled back the token change for now

🐘 @packagist is urging #PHP projects to update Composer after a GitHub token format change caused some GitHub Actions tokens to be exposed in CI logs. GitHub has rolled back the token change for now, but affected projects still need to update Composer. https://t.co/XRZQfieDCJ

Opus 4.7 Low Vs Medium Vs High Vs Xhigh Vs Max: the Reasoning Curve on 29 Real Tasks from an Open Source Repo

TL;DR I ran Opus 4.7 in Claude Code at all reasoning effort settings (low, medium, high, xhigh, and max) on the same 29 tasks from an open source repo (GraphQL-go-tools, in Go). On this slice, Opus 4.7 did not behave like a model where more reasoning effort had a linear correlation with more intelligence. In fact, the curve appears to peak at medium. If you think this is weird, I agree! This was the follow-up to a Zod run where Opus also looked non-monotonic. I reran the question on GraphQL-go-tools because I wanted a more discriminating repo slice and didn’t trust the fact that more reasoning != better outcomes. Running on the GraphQL repo helped clarified the result: Opus still did not show a simple higher-reasoning-is-better curve. The contrast is GPT-5.5 in Codex, which overall did show the intuitive curve: more reasoning bought more semantic/review quality. That post is here: https://www.stet.sh/blog/gpt-55-codex-graphql-reasoning-curve Medium has the best test pass rate, highest equivalence with the original human-authored changes, the best code-review pass rate, and the best aggregate craft/discipline rate. Low is cheaper and faster, but it drops too much correctness. High, xhigh, and max spend more time and money without beating medium on the metrics that matter. More reasoning effort doesn't only cost more - it changes the way Claude works, but without reliably improving judgment. Xhigh inflates the test/fixture surface most. Max is busier overall and has the largest implementation-line footprint. But even though both are supposedly thinking more, neither produces "better" patches than medium. One likely reason: Opus 4.7 uses adaptive thinking - the model already picks its own reasoning budget per task, so the effort knob biases an already-adaptive policy rather than buying more intelligence. More on this below. An illuminating example is PR #1260. After retry, medium recovered into a real patch. High and xhigh used their extra reasoning budget to dig up commit hashes from prior PRs and confidently declare "no work needed" - voluntarily ending the turn with no patch. Medium and max read the literal control flow and made the fix. One broader takeaway for me: this should not have to be a one-off manual benchmark. If reasoning level changes the kind of patch an agent writes, the natural next step is to let the agent test and improve its own setup on real repo work. For this post, "equivalent" means the patch matched the intent of the merged human PR; "code-review pass" means an AI reviewer judged it acceptable; craft/discipline is a 0-4 maintainability/style rubric; footprint risk is how much extra code the agent touched relative to the human patch. I also made an interactive version with pretty charts and per-task drilldowns here: https://stet.sh/blog/opus-47-graphql-reasoning-curve The data: Metric Low Medium High Xhigh Max All-task pass 23/29 28/29 26/29 25/29 27/29 Equivalent 10/29 14/29 12/29 11/29 13/29 Code-review pass 5/29 10/29 7/29 4/29 8/29 Code-review rubric mean 2.426 2.716 2.509 2.482 2.431 Footprint risk mean 0.155 0.189 0.206 0.238 0.227 All custom graders 2.598 2.759 2.670 2.669 2.690 Mean cost/task $2.50 $3.15 $5.01 $6.51 $8.84 Mean duration/task 383.8s 450.7s 716.4s 803.8s 996.9s Equivalent passes per dollar 0.138 0.153 0.083 0.058 0.051 Why I Ran This After my last post comparing GPT-5.5 vs 5.4 vs Opus 4.7, I was curious how intra-model performance varied with reasoning effort. Doing research online, it's very very hard to gauge what actual experience is like when varying the reasoning levels, and how that applies to the work that I'm doing. I first ran this on Zod, and the result looked strange: tests were flat across low, medium, high, and xhigh, while the above-test quality signals moved around in mixed ways. Low, medium, high, and xhigh all landed at 12/28 test passes. But equivalence moved from 10/28 on low to 16/28 on medium, 13/28 on high, and 19/28 on xhigh; code-review pass moved from 4/27 to 10/27, 10/27, and 11/27. That was interesting, but not clean enough to make a default-setting claim. It could have been a Zod-specific artifact, or a sign that Opus 4.7 does not have a simple "turn reasoning up" curve. So I reran the question on GraphQL-go-tools. To separate vibes from reality, and figure out where the cost/performance sweet spot is for Opus 4.7, I wanted the same reasoning-effort question on a more discriminating repo slice. This is not meant to be a universal benchmark result - I don't have the funds or time to generate statistically significant data. The purpose is closer to "how should I choose the reasoning setting for real repo work?", with GraphQL-Go-Tools as the example repo. Public benchmarks flatten the reviewer question that most SWEs actually care about: would I actually merge the patch, and do I want to maintain it? That's why I ran this test - to gain more insight, at a small scale, into how coding ag

The Mundane Risk

The biggest near-term AI safety risks aren't dramatic — they're mundane. And that's precisely why they're neglected. This essay argues three things: (1) mundane AI failures are already causing measurable damage at scale, (2) current alignment approaches may depend more heavily on sandboxed environments than the field openly acknowledges, and (3) capability convergence and deployment pressure are making accidental open-world exposure increasingly plausible before robust ethical reasoning exists. (written with the help by Claude 4.6 Opus) The Atomic Bomb Before the atomic bomb existed, the risk of nuclear annihilation was 0%. Those who warned about the theoretical possibility were easily dismissed. Why worry about a risk whose preconditions don't even exist yet? In The Precipice, Toby Ord argues that when the stakes are existential or near-existential, even small probabilities demand serious attention. When the expected harm is so large, dismissing it on the basis of low likelihood is not caution but negligence. Before the bomb was built, the total risk of nuclear annihilation was absolutely 0%. Yet once it was invented, even a fraction of a percent justified enormous investment in prevention. The question was never "is nuclear war likely?" It was "can we afford to be wrong?" The same logic applies to AI. The preconditions for the next class of risk are visibly converging. And we're repeating the same pattern of dismissal that history has punished before. The Pattern As Leopold Aschenbrenner noted in Situational Awareness: "It sounds crazy, but remember when everyone was saying we wouldn't connect AI to the internet?" He predicted the next boundary to fall would be "we'll make sure a human is always in the loop." That prediction has already come true. Last year I argued how AI might accidentally escape the lab as a consequence of cumulative human error (for a vivid illustration of a parallel chain of events, I'd recommend the Frank scenario). At the time of writing, the argument that cumulative human oversight failures could compromise AI agents was dismissed as implausible: the consensus was that existing security protocols were sufficient. Months later, OpenClaw validated the structural pattern at scale. Not because the AI was misaligned, but because humans deployed it faster than they could secure it. It was clear: the failure modes from the Frank scenario could no longer be dismissed as simple fiction; it was now a structural pattern that OpenClaw validated in the real world. And this was all just with relatively simple autonomous agents. As capabilities increase, the same pattern of human excitement overriding security oversight doesn't go away – it gets worse – and because the agents are more capable, the failures also become a lot harder to detect. The numbers confirm this: [88% of organizations reported confirmed or suspected AI agent security incidents]() 14.4% of AI agents go live with full security and IT approval 93% of exposed OpenClaw instances reportedly had exploitable vulnerabilities [[MOU1]](#_msocom_1) Mundane risk pathways aren't hypothetical. They're already here in rudimentary form, and they're being neglected. We’ve known for a long time that existential risks aren’t just decisive, they’re also accumulative. And so far every safety breach has been mundane with systems operating inside their intended environments. No agent tries to escape on their own — their behaviour (like Frank’s) is usually a direct consequence of what they were deployed to do combined with accidental human oversight. So consider: if we can't secure the sandbox door with today's relatively simple agents, what happens when the systems inside are capable enough that a single oversight failure doesn't just expose a vulnerability? The capabilities required for autonomous operation outside the lab are converging on a known timeline. If AI were to leave the nest today, would it be prepared for an uncurated, messy world? Or would it be like the child and the socket? Current Alignment: Progress, But Fast Enough? Admittedly, the field is making real progress and Anthropic's recent publication "Teaching Claude Why" represents a real step forward. It was long suspected that misalignment doesn't require intent, just pattern completion over a self-referential dataset. But Anthropic has now traced one empirical pathway with findings consistent with the idea that scheming-like behaviour emerges from default priors in pre-training. Furthermore, their study also confirmed that rule-following doesn't generalize well, and understanding why matters more than simply knowing what. The significance of this is that it puts traditional alignment strategies into serious doubt and highlights the fundamental limits that current constitutional AI and character-based approaches still do not resolve. After all, we now have strong empirical evidence that behavioural alignment issues are most likely shaped by default prio

💎 New GemStuffer Campaign: Socket detected a RubyGems registry abuse campaign stuffing scraped UK council portal pages into junk gems. PoC worm, scraper, or spam? Low downloads, repeated publishing,

💎 New GemStuffer Campaign: Socket detected a RubyGems registry abuse campaign stuffing scraped UK council portal pages into junk gems. PoC worm, scraper, or spam? Low downloads, repeated publishing, and 155 artifacts tracked so far. New Research → https://t.co/LYrKiGjjcJ

RT @IntCyberDigest: "I've been working in cybersecurity for 3 years and I feel great!" - Dave, 24 https://t.co/dbowpnA0Ki

RT @IntCyberDigest: "I've been working in cybersecurity for 3 years and I feel great!" - Dave, 24 https://t.co/dbowpnA0Ki

RT @SocketSecurity: This is why @pnpmjs's latest v11 release was the top story in Socket Weekly this past week - it includes smart defaults…

RT @SocketSecurity: This is why @pnpmjs's latest v11 release was the top story in Socket Weekly this past week - it includes smart defaults…