I saw a bug today that could only be caused by agents. It goes something like, a PR where a package and it's pinned version are removed, but the dependency lock file is not regenerated afterwards. The package is therefore not installed, until when in a future a PR, an agent discovers that a package is in lock, but not pinned to a version. It therefore adds that unnecessary dependency that should've been removed, back and pinned to a version for "security" and to "to be safe" since this package could be a sub dependency. All randomly discovered fortunately by doing a bundle analysis, with an agent..

Stable releases were more secure in the XZ Utils incident because they never received the compromised versions (5.6.0 and 5.6.1). Major distributions (Debian, Ubuntu, Red Hat, Alpine) confirmed their stable branches were unaffected, as the backdoor only reached testing or rolling-release tracks. Delayed update cycles prevented the malicious code from reaching production systems, unlike rolling releases (e.g., Arch, Fedora Rawhide, Kali), which were exposed immediately. Some projects, like Ubuntu, also postponed beta releases and rebuilt packages as extra precautions.

wait if people dont spend bitcoin, then there is less transaction fees, which means less $ into securing transactions

the best thing about LLMs is it moves society away from advertising, at least more than web search did