The Weather Rollercoaster: After a string of unpredictable days, the sun finally hit the 80s this weekend. I spent it mowing the lawn, though I’m still not sold on the "American lawn" obsession. I’d much rather have wild nature than over-engineered grass.

Digital Housekeeping: On the tech side, I’m currently on a mission to consolidate my scattered email inboxes. If you have a workflow that actually works, I’m all ears.

Weekend Watch: I’ve been binging DTF St. Louis. It is a brilliant production with a stellar cast. The premise and the integration of sign language make it a must-watch.

Post Mortem: axios npm supply chain compromise. Two malicious versions of the widely-used axios package were briefly published after attackers compromised the lead maintainer's machine via social engineering. The packages were live for ~3 hours—a reminder that even trusted libraries can be hijacked. MORE

Vulnerability Research Is Cooked. AI coding agents are now finding real vulnerabilities at scale, threatening hospitals, routers, and critical infrastructure. This paradigm shift is already showing up in model cards from frontier labs—the era of manual vuln research is ending. MORE

[un]prompted session recordings from the intimate, raw, and fun gathering for the professionals actually doing the work, from offense to threat hunting to program building to national policy. No fluff. No filler. Just sharp talks, real demos, and conversations that matter. MORE

The Last Quiet Thing. Your devices demand constant maintenance that used to be someone else's job. Phones need updates, apps need permissions, subscriptions need managing—invisible labor that exhausts users while companies profit from both the problem and the "wellness" solutions they sell. MORE

Frontier Systems course with instructor and AMP Founder Anjney Midha. This kickoff lecture for CS 153: Frontier Systems (Spring 2026), taught by Anjney Midha and Mike. The course aims to provide students with a deep dive into the infrastructure and systems layer of modern AI, focusing on how these technologies are built, scaled, and governed. MORE

Gemma 4 Drops. Google released Gemma 4, a new family of open-source models from 2B to 31B parameters with vision and audio capabilities. Smaller models use parameter-efficiency tricks that make them practical to run locally. MORE

GitHub Hit 1B Commits in 2025. GitHub is now processing 2.1 billion GitHub Actions minutes weekly—up from 1 billion total commits last year. The surge shows how deeply automated workflows have become the default in modern development. MORE

Anthropic Blocks OpenClaw from Claude Code Subscriptions. Anthropic is cutting off third-party tools like OpenClaw from Claude Code subscription token limits, forcing separate payment. Critics note the irony: Claude Code itself burns just as many tokens for autonomous tasks. MORE

PrismML's 1-Bit Bonsai Models. PrismML's 1-bit Bonsai models pack AI into just 1.15GB—a fraction of typical model sizes—while running on phones and edge devices. These ultra-efficient models are reshaping where and how we deploy intelligence. MORE

What's New in Neovim 0.12. Neovim 0.12 ships with a built-in plugin manager, stronger LSP support, and native auto-completion—reducing the need for third-party plugins. Breaking changes require config updates around diagnostics and Treesitter. MORE | VIDEO

Bug Bounty Village DEF CON 2026 CFP Is Open. Bug Bounty Village is accepting talk submissions for DEF CON 2026. Topics include AI, hackbots, and bug bounty research—submit if you have something worth sharing with the community. MORE

200 Bugs/Week/Engineer: How Trail of Bits Rebuilt Around AI. Trail of Bits rebuilt their entire firm around AI and now generates 200 bugs per engineer per week. Dan Guido explains what that transformation looks like in practice at [un]prompted 2026. MORE

Autonomous Vulnerability Hunting with MCP. A researcher built an AI-powered vuln hunting system using Claude and MCP tools that automatically finds exploitable bugs across Windows, Linux, and macOS. The system discovered multiple CVEs in Go's standard library and critical enterprise flaws. MORE

Obsidian is Hiring an Engineer. They are looking for an experienced engineer to grow their small team. Work on an app used and loved by millions of people around the world. MORE

How To Travel Efficiently By Being Insane | RSAC 2026 Vlog. Part 1 of a Marcus's vlog from RSAC 2026—conference survival tips, chaos, and the energy of security season. Part travel log, part community snapshot. MORE

@teej_dv - Neovim core contributor and open source builder.

@sarah_edo - Senior Director of Engineering at Google. O'Reilly author.

@chrisbiscardi - Rust educator and content creator.

@pie6k - Designer who codes. Creator of Screen Studio.

@Sambal0x - Hacker, pentester, musician.

DOOM, But Make It CSS. A developer recreated the classic game DOOM entirely using CSS transforms and animations, with JavaScript handling gameplay logic. A technically wild showcase of how far web standards can actually be pushed. MORE

The Big Brother V4.0 is a comprehensive OSINT (Open Source Intelligence) platform that searches across 473+ social media platforms for username enumeration, analyzes crypto wallets, extracts metadata from images, and performs network reconnaissance. MORE

Hallucination Stations On Some Basic Limitations of Transformer-Based Language Models. The paper shows that beyond a certain complexity, LLMs are incapable of carrying out computational and agentic tasks or verifying their accuracy. MORE

The Agents Company. The Agents Company is building personal AI infrastructure—private, always-on agents that live on your hardware and act on your behalf. Positioning this as the next major technology shift after social media. MORE

Pretext is a bigger deal than you think. This new library by React contributor Cheng Lou that pre-calculates text dimensions and implements a layout engine in JavaScript to handle complex line-wrapping without touching the DOM. While not a replacement for CSS, it offers a lower-level primitive for creative layouts and potential future UI frameworks, such as a rumored AI-driven design tool from Midjourney. MORE

apfel: Free AI on Your Mac. A new tool gives instant access to Apple's built-in AI model through your terminal—no API keys, no setup, runs completely offline. Includes CLI, server, and chat modes with tool support, and already has 2,100+ GitHub stars. MORE

Scamwise. Scamwise analyzes suspicious messages, links, and images to give quick verdicts on whether something is a scam. Built after the founders' mom was targeted—free and fast. MORE

JSON Alexander Browser Extension. A browser extension that transforms raw JSON into interactive collapsible trees with syntax highlighting and path-copying tools. Built by Wes Bos—perfect for developers debugging APIs without leaving their browser. MORE

Passkeys Are Your New Best Friend. Google's security team breaks down why passkeys are a stronger authentication choice over passwords, with practical implementation insights. A quick read that pays off for both developers and security teams. MORE

Mutation Testing for the Agentic Era. Trail of Bits released MuTON and mewt, mutation testing tools that find bugs by introducing intentional flaws and checking if tests catch them. AI-friendly, multi-language, and built for the agentic era of testing. MORE

No Vibes Allowed: Solving Hard Problems in Complex Codebases. AI tools hit walls in real production codebases—Dex Horthy shares a structured, no-hype approach to getting reliable results from AI in messy, complex code. Practical guidance for engineers tired of inconsistent AI outputs. MORE

Eight Years of Wanting, Three Months of Building with AI. A developer built SQLite devtools in 3 months with AI coding agents after 8 years of hesitation. AI excelled at implementation but struggled with design decisions—requiring constant human oversight to avoid technical debt. MORE

I Hated Every Coding Agent, So I Built My Own. Game dev veteran and libGDX creator Mario Zechner got fed up with every coding agent and built his own from scratch. Candid about what AI dev tools get wrong and how his Pi approach is different. MORE

Product Sense, Restraint, and OpenCode with Dax Raad. Dax Raad explains the product decisions behind OpenCode in a crowded coding-agent market. A thoughtful conversation on restraint, taste, and building tools worth using long-term. MORE

I Built a Website in 10 Minutes with GitHub Copilot CLI. Full walkthrough of building a site from scratch using only GitHub Copilot CLI in the terminal—no browser IDE. Shows how far CLI-native AI dev tooling has come. MORE

Seven Things I've Learned Getting Companies to Use AI. Forget mandates—let enthusiastic users demonstrate value and build momentum instead. Seven practical lessons on getting teams to actually adopt AI tools, from someone who's done it. MORE

Most SaaS Companies Got AI Wrong. Linear Waited.. Linear held off on AI features while others rushed, then rebuilt the product management tool from the ground up with AI. A case study in patience and product discipline beating the hype cycle. MORE

A Better Way to Apply to Startups. Show, don't tell—demonstrate value through research and concrete contributions rather than generic applications. Hiring managers at startups respond to personalized outreach that proves you actually care about their specific mission. MORE

What Is Inference Engineering?. Inference engineering—optimizing how AI models run in production—is becoming essential as open-source models scale. Engineers can tune models for speed, cost, and reliability using quantization, caching, and related techniques. MORE

Upskilling T&S Teams on AI. Alice shares a comprehensive resource list, covering everything from prompt engineering to red teaming. The collection includes courses from Stanford and Google, plus practical guides for building AI-ready fraud prevention teams. MORE