Daniel Harvey

Common themes #assange & #asylumseekers: Powerful exercising unjust & arbitrary power over the vulnerable. True power protects the powerless

A fascinating project, and I commend Michael for going down this path. But the conclusion from what I read here is that it is still very much the human directing the LLM, akin to how children move the pointer on a Ouija board: look here, we tell it, and seemingly coherent things emerge but only because we drive them to places we know to be coherent. The LLM itself amazingly lands on interesting results, but it has no grounding to know it is interesting, but rather must be told by the human.

How Axios was compromised 🤯

@CodeWithAmann Porkbun

Hey devs, which is the best place to buy a domain?

@SosnaArno @mattjoans Agree with this. Need both :(

GSuite is not doing anything for enterprise users. Zero innovation, just slop. No company of a certain size exists without Excel and PPT, which forces a M365 sub ... and then GSuite becomes a luxury versus just using Outlook. GMeet is neat, but GChat is crap for any serious collaboration in groups. GSlides? A joke.

my entire company just made the switch from Google products/Gmail to Outlook and microsoft suite it’s legit like armageddon in my office rn

@trevorlasn @mattjoans I have decades worth in Google and search is consistently excellent. I have a several months in a new Outlook inbox and already the search is very hit and miss. Lots I like in MS, search not so much.

@mattjoans the outlook search bar is going to radicalize your coworkers

OpenCode has grown 10x since the beginning of the year From 650K to 6.5M active users

In the next version of Bun Bun goes ad-supported!

The Vercel security and compute teams have conducted an investigation into the malicious takeover of the 𝚊𝚡𝚒𝚘𝚜@𝟷.𝟷𝟺.𝟷 npm package. • We’ve blocked outgoing access from our build infrastructure to the Command & Control hostname 𝚜𝚏𝚛𝚌𝚕𝚊𝚔.𝚌𝚘𝚖. • The malicious version of the package has been blocked and unpublished from npm. • Vercel’s own infrastructure and applications have been unaffected. • We recommend checking your supply chain for exposure. For more information, read the full advisory ↓ vercel.com/changelog/axio…

do you understand what just happened to one of the most used npm packages on the internet? → axios gets downloaded over 100 million times a week and today it got compromised → an attacker hijacked the npm credentials of a lead axios maintainer… changed the account email to an anonymous ProtonMail address… and manually published two poisoned versions → axios@1.14.1 and axios@0.30.4… neither version contains a single line of malicious code inside axios itself. instead they inject a fake dependency called plain-crypto-js that drops a remote access trojan on your machine → the fake dependency was staged 18 hours in advance… three separate payloads were pre-built for macOS, Windows, and Linux… both release branches were hit within 39 minutes. every trace was designed to self-destruct after execution too → there’s no tag in the axios GitHub repo for 1.14.1. it was published outside the normal release process entirely... bypassed CI/CD completely → StepSecurity called it one of the most operationally sophisticated supply chain attacks ever against a top 10 npm package → a routine npm install silently opens a backdoor… no warning… no suspicious code visible in axios itself this is the wake up call all vibe coding bros need to hear right now: → if you installed either version… assume your system is compromised → pin to axios@1.14.0 or axios@0.30.3 → rotate all secrets, API keys, SSH keys, and credentials on affected machines → check network logs for C2 connections → add –ignore-scripts to CI npm installs going forward 100 million weekly downloads and one compromised maintainer account… that’s all it took to wreak absolute havoc and I imagine we see a whole lot more of these… crazy times ahead for cybersecurity and vibe coding be safe out there y’all

If you have NPM package axios in your dependencies you need to make sure it's pinned to a known safe version, sounds like there's another supply chain attack in play

@HungryMinded @theo ui-design-bench.vercel.app

TypeScript 6.0 is now available! This release brings better type-checking for methods, new standard library features, new module features for Node.js, and more! But most important, this release brings us one step closer to the upcoming native-speed 7.0! devblogs.microsoft.com/typescript/ann…

you're probably underestimating how crazy things are

@davesnx They still work using Zen of Copilot?

If you try opencode, it's really hard to go back to claude Even now that opus/sonnet won't work in oc. I just hope 5.4 codex and other models become better, and oc implements some of the cool features from cc

@theo API based right?

Is now a bad time to drop our Claude Code integration? 🙃🙃

The Robotics team from Wissahickon High School in Ambler, Pennsylvania, built the robot Miss Daisy XXIV that picks up balls and shoots them into a container.

ONCE is back! It's now a full-fledged application server for running dockerized web apps, like Campfire/Writebook/Fizzy or your own vibe-coded adventures. Zero-downtime upgrades, scheduled backups, and a gorgeous TUI with hyperdrive graphics. Enjoy! github.com/basecamp/once

🤯BREAKING: Alibaba just proved that AI Coding isn't taking your job, it's just writing the legacy code that will keep you employed fixing it for the next decade. 🤣 Passing a coding test once is easy. Maintaining that code for 8 months without it exploding? Apparently, it’s nearly impossible for AI. Alibaba tested 18 AI agents on 100 real codebases over 233-day cycles. They didn't just look for "quick fixes"—they looked for long-term survival. The results were a bloodbath: 75% of models broke previously working code during maintenance. Only Claude Opus 4.5/4.6 maintained a >50% zero-regression rate. Every other model accumulated technical debt that compounded until the codebase collapsed. We’ve been using "snapshot" benchmarks like HumanEval that only ask "Does it work right now?" The new SWE-CI benchmark asks: "Does it still work after 8 months of evolution?" Most AI agents are "Quick-Fix Artists." They write brittle code that passes tests today but becomes a maintenance nightmare tomorrow. They aren't building software; they're building a house of cards. The narrative just got honest: Most models can write code. Almost none can maintain it.

I want to double check - does anyone else have this UUID? e3ebf245-3344-469e-926e-9a23280d3f93

Apple spent a decade gluing batteries into $2,499 MacBook Pros. Then it shipped a $599 laptop you can take apart in six minutes. The MacBook Neo teardown numbers are wild. Eight screws to open. Eighteen screws hold the battery, zero glue, zero tape. The USB-C ports, speakers, and headphone jack are all modular, meaning each one swaps individually. The speakers come out with four screws. An Australian repair channel disassembled most of the machine in under six minutes using standard Torx bits you can buy at any hardware store. For context, the 2019 MacBook Pro scored 2 out of 10 on iFixit’s repairability scale. The 16-inch Pro got a 1 out of 10. Soldered RAM, soldered storage, glued battery, proprietary pentalobe screws, keyboard riveted to the top case. Apple’s own Self Service Repair program required you to rent a 79-pound repair kit shipped in two Pelican cases just to swap a battery. The timing explains everything. The EU Right to Repair Directive takes effect July 31, 2026. Member states are transposing it into national law right now. Manufacturers must offer repair beyond warranty, provide spare parts within 5 to 10 working days for seven years, and publish repair manuals. In the US, over a quarter of Americans already live in states with enforceable Right to Repair laws. Oregon banned parts pairing. California’s act is in effect. Apple read the regulatory calendar and realized the cheapest laptop in the lineup would face the most scrutiny. Millions of students and first-time buyers will own it. The volume will be enormous. And regulators love consumer-protection cases involving the most affordable products in a company’s portfolio. So they built the Neo as the compliance flagship. Standard screws, modular ports, no adhesive, a battery that lifts out. Meanwhile the $1,099 MacBook Air still has soldered storage and a riveted keyboard. The $2,499 Pro still scores poorly on independent repairability scales. The $599 laptop is the most repairable MacBook in over a decade. Apple always knew how to build a repairable laptop. They just needed a reason that showed up on a regulatory deadline.