Ground News top stories, each with a left / center / right source breakdown so you can see who's covering what. Newest first.
Top stories and bias data sourced directly from Ground News. Each bar shows the share of coverage from Left, Center and Right-leaning outlets; the legend lists the source count per side.
Intel desk
Cybersecurity updates
Vulnerabilities, exploits, patches and incidents — straight from the sources security teams actually read.
Sources: The Hacker News · BleepingComputer · Krebs on Security · SecurityWeek · CISA advisories · CISA Known Exploited Vulnerabilities catalog.
Arcade
Pick your poison
Six glass-built games that run right here in the browser. High scores and chips are saved on this device.
Publications
Selected research
Formal verification of tree ensembles, real-time evasion detection, and ML security in safety-critical systems. From my Google Scholar profile.
2026Conference paper
Improving SIEM Rules using Transformer-Based Rule Evasion Detection and Attribution
Erik Nordström · Hannes Widén · Valency Oscar Colaco · Simin Nadjm-Tehrani
A transformer-based approach that detects SIGMA rule evasions with accuracy comparable to the state of the art (AMIDES, USENIX 2024), achieves a false positive rate of less than 1%, attributes evasions to specific rules, and recommends fixes, several of which have been accepted into the SIGMA repository.
This licentiate thesis shows that proactive defences such as adversarial retraining are ineffective for tree ensembles and can inadvertently make them more vulnerable to evasion attacks. Along these lines, it introduces Iceman and Maverick - two reactive prototype systems that advance the state of the art in evasion detection performance and speed, without modifying the underlying tree ensemble.
Maverick: an autoencoder-based detector for evasion attacks on tree-ensemble automotive IDSs - achieving identical detection accuracy to the state of the art (OC-Score, ECML PKDD 2023), while providing 85–563× faster detection speeds that enable real-time operation within the constraints of automotive CAN networks.
Iceman: a counterexample-region-based detector for evasion attacks on tree-ensemble IDSs - achieving more than 98% detection accuracy, 5–115x lower latency than the state of the art (OC-Score, ECML PKDD 2023), and providing quaternary attack annotations for effective alert triage.
Extends VoTE to verify tree ensembles against composite geometric perturbations (affine transformations and pixel-wise lighting changes) by introducing a new abstraction-function-based robustness property checker. Shows that targeted data augmentation fails to improve robustness and can even reduce it.
An integration guide for ponytail — a lightweight ruleset that makes your LLM coding agent lazy about the solution and never about the reading.
What it is
A ladder of seven questions
Before writing any new code, ponytail makes the agent climb a ladder — each rung asks whether the task can be solved with something that already exists. It writes the absolute minimum, only when nothing else fits.
1. Does this need to exist? → YAGNI
2. Already in the codebase? → reuse it
3. In the stdlib? → use it
4. A native platform feature? → use it
5. An installed dependency? → use it
6. Solvable in one line? → one line
7. Only then: the minimum that works
Why it works
Lazy, not negligent
The agent is lazy about the solution but never about the reading — it scans the existing code and dependencies thoroughly before suggesting anything new. Trust-boundary validation, data-loss handling, security, and accessibility are never on the chopping block.
Benchmark: −54% LOC · −22% tokens · −20% cost · −27% time · 100% safe.
Direct line
Say hello
Fill this in and it lands in my inbox.
✓ Message sent — thanks! I'll get back to you soon.
Game
Integrate ponytail with your LLM
Three ways to wire ponytail into a coding agent. The fastest is the plugin; the most portable is pasting the prompt.
Run the two commands above as separate prompts. For Codex, swap /plugin for codex plugin.
2. Toggle it on the fly
/ponytail # default mode (full)
/ponytail lite # lighter guardrails
/ponytail ultra # strictest
/ponytail off
/ponytail-review # review code against the ladder
/ponytail-audit # audit a path for over-engineering
/ponytail-debt # flag unnecessary complexity
/ponytail-gain # show savings vs. baseline
/ponytail-help
3. Or paste this prompt into any LLM
No plugin support? Drop this into your system prompt, a .cursorrules / AGENTS.md file, or the first message of a chat.
Before writing any new code, you MUST climb this ladder in order and stop at the first rung that applies:
1. Does this need to exist? If not, write nothing. (YAGNI)
2. Is it already in the codebase? Reuse it. Do not duplicate.
3. Is it in the standard library? Use that.
4. Is it a native platform/language feature? Use that.
5. Is there an already-installed dependency that does it? Use that.
6. Can it be done in one line of existing code? Write one line.
7. Only then: write the absolute minimum new code that works.
Rules:
- Be lazy about the solution, never about the reading. Always read the relevant existing code, dependencies, and docs before proposing anything new.
- Prefer deleting over adding. Prefer composing over creating.
- Lazy, not negligent: trust-boundary validation, data-loss handling, security, and accessibility are NEVER cut to save lines.
- When you do add code, state which rung of the ladder you reached and why no earlier rung applied.
- Default to the smallest change that solves the problem correctly.
Benchmark vs. unguarded agent: −54% LOC · −22% tokens · −20% cost · −27% time · 100% safe. View the repo ↗