Danizord ⏩

we still get looksmaxxed on frontend a little but we IQmog hard now

@PiChangelog createAgentSession({ noTools: "builtin" }) wtf api is this

Pi v0.70.0 is out. Highlights: - GPT-5.5 Codex added with xhigh reasoning and corrected priority-tier pricing - /login provider selector now supports fuzzy search filtering - OSC 9;4 terminal progress is now opt-in; set terminal.showTerminalProgress to true in /settings to re-enable - --no-builtin-tools and createAgentSession({ noTools: "builtin" }) now disable only built-in tools, not extension tools Complete details in thread ↓

2026 year of the sync engine

Agents.

@VictorTaelin nah, we still have a mythos to believe

so if spud grossly disappoints it bursts?

people love to believe everything is deliberate, planned, or orchestrated cuz that feels good for the human mind. like there’s some grand invisible hand moving pieces around. that’s just often not true. most outcomes are just messy iterations of luck, timing, & half baked decisions colliding. things feel intentional only after the fact. hindsight is a narrative engine. it takes randomness & retrofits meaning onto it until it looks inevitable. but it wasn’t. & it almost never is.

@teortaxesTex @sheriyuo IIRC @karpathy's explanation of tokenizers has something to do with chunking training data into byte-level patches that are most frequent (?)

@sheriyuo what about dropping the tokenizer? go to byte-level or something. This subword paradigm is incredibly silly, though I see how it's optimal logistically

LLM is just a machine for modeling probabilities, and to make it fully memorize patterns like "how many [a]'s in [b][c][d]" would require training tokens on the fourth power of the vocabulary size, which is simply infeasible. So the only viable path is to push toward agentic workflows, letting AI use code to verify such checkable problems.

@rohanvarma 1. ssh doesn't work with files view or diff view. !commands doesn't work either. 2. files view needs a "jump to definition"

Every time I ask yall for feedback on Codex, you say two things: 1. SSH dev box support in the app 2. View your files in the app Both are now available with our launch yesterday!! What’s left?

I used Nero to burn CDs as a kid and only later got the joke: Nero burned Rome, and "Burning ROM" is such a perfect reference.

@amorriscode ssh is super broken though -- file diffs, inline !shell, worktree...

“This is now better than the CLI” 👀

@amorriscode diff view doesn't work for ssh environment?

Today we're launching a rebuilt version of Claude Code on desktop. The app has been redesigned for the ground up to make it easier than ever to parallelize work with Claude. I haven't opened an IDE or terminal in weeks. Excited for you all to give it a shot!

@bcherny Diff view doesn't work for ssh environment?

We've been working on this for a while. Can't wait to hear what you think

@tim_smart beautiful

GenServer meets effect: github.com/tim-smart/effe… You can use them with effect cluster, rpc or effect atom.

@shadcn Nova

New style dropping soon. What should we call it? I’ve run out of ex-girlfriend names.

@fchollet @ylecun @julien_c @inversebrah

@ylecun @julien_c You seem to spend a lot of time trolling on Twitter for someone who famously left Twitter

“gpt2-large is too powerful to be publicly released” vibes

Mistakes happen. As a team, the important thing is to recognize it’s never an individuals’s fault — it’s the process, the culture, or the infra. In this case, there was a manual deploy step that should have been better automated. Our team has made a few improvements to the automation for next time, a couple more on the way.

@goon_nguyen you shipped in just 1 day what they took years to build. really impressive!

yesterday was my first day at Anthropic. super excited that I shipped my first change today, added source maps so debugging is easier. can't wait to show you all what I've been working on!

🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.

@karpathy @MaximeRivest @pmroadmap25 Node and Bun should implement a @deno_land-like permission system urgently. It makes no sense we are still running 3rd party code with unrestricted network and filesystem access nowadays.

@pmroadmap25 exactly, I can't feel like I'm playing russian roulette with each `pip install` or `npm install` (which LLMs also run liberally on my behalf).

New supply chain attack this time for npm axios, the most popular HTTP client library with 300M weekly downloads. Scanning my system I found a use imported from googleworkspace/cli from a few days ago when I was experimenting with gmail/gcal cli. The installed version (luckily) resolved to an unaffected 1.13.5, but the project dependency is not pinned, meaning that if I did this earlier today the code would have resolved to latest and I'd be pwned. It's possible to personally defend against these to some extent with local settings e.g. release-age constraints, or containers or etc, but I think ultimately the defaults of package management projects (pip, npm etc) have to change so that a single infection (usually luckily fairly temporary in nature due to security scanning) does not spread through users at random and at scale via unpinned dependencies. More comprehensive article: stepsecurity.io/blog/axios-com…

@DavidKPiano @tannerlinsley it MUST go to an island 🏝️

@tannerlinsley Do it from Port Canaveral, go to Disney after!

Instead of doing a TanStack Conf, I'm seriously considering inviting everyone to just meet up on a Caribbean-bound cruise ship. It'd be cheaper in every way, you could bring as many family/friends as you want, and instead of wasting time on talks/booths, we can just chat endlessly about JS/TS/Web over unlimited freestyle soda machines, soft-serve ice-cream and mini golf. TanStack Cruise 2028