Jeff Betts

Only one chance in this lifetime… Like watching sunset at the beach from the most foreign seat in the cosmos, I couldn’t resist a cell phone video of Earthset. You can hear the shutter on the Nikon as @Astro_Christina is hammering away on 3-shot brackets and capturing those exceptional Earthset photos through the 400mm lens. @AstroVicGlover was in window 3 watching with @Astro_Jeremy next to him. I could barely see the Moon through the docking hatch window but the iPhone was the perfect size to catch the view…this is uncropped, uncut with 8x zoom which is quite comparable to the view of the human eye. Enjoy.

Speechless. Absolutely speechless. What a fucking finish. Follow #MilanoSanremo #SanremoWomen @CA_Ita on Rai (🇮🇹) and on Eurosport (🌐)

Software development is undergoing a renaissance in front of our eyes. If you haven't used the tools recently, you likely are underestimating what you're missing. Since December, there's been a step function improvement in what tools like Codex can do. Some great engineers at OpenAI yesterday told me that their job has fundamentally changed since December. Prior to then, they could use Codex for unit tests; now it writes essentially all the code and does a great deal of their operations and debugging. Not everyone has yet made that leap, but it's usually because of factors besides the capability of the model. Every company faces the same opportunity now, and navigating it well — just like with cloud computing or the Internet — requires careful thought. This post shares how OpenAI is currently approaching retooling our teams towards agentic software development. We're still learning and iterating, but here's how we're thinking about it right now: As a first step, by March 31st, we're aiming that: (1) For any technical task, the tool of first resort for humans is interacting with an agent rather than using an editor or terminal. (2) The default way humans utilize agents is explicitly evaluated as safe, but also productive enough that most workflows do not need additional permissions. In order to get there, here's what we recommended to the team a few weeks ago: 1. Take the time to try out the tools. The tools do sell themselves — many people have had amazing experiences with 5.2 in Codex, after having churned from codex web a few months ago. But many people are also so busy they haven't had a chance to try Codex yet or got stuck thinking "is there any way it could do X" rather than just trying. - Designate an "agents captain" for your team — the primary person responsible for thinking about how agents can be brought into the teams' workflow. - Share experiences or questions in a few designated internal channels - Take a day for a company-wide Codex hackathon 2. Create skills and AGENTS[.md]. - Create and maintain an AGENTS[.md] for any project you work on; update the AGENTS[.md] whenever the agent does something wrong or struggles with a task. - Write skills for anything that you get Codex to do, and commit it to the skills directory in a shared repository 3. Inventory and make accessible any internal tools. - Maintain a list of tools that your team relies on, and make sure someone takes point on making it agent-accessible (such as via a CLI or MCP server). 4. Structure codebases to be agent-first. With the models changing so fast, this is still somewhat untrodden ground, and will require some exploration. - Write tests which are quick to run, and create high-quality interfaces between components. 5. Say no to slop. Managing AI generated code at scale is an emerging problem, and will require new processes and conventions to keep code quality high - Ensure that some human is accountable for any code that gets merged. As a code reviewer, maintain at least the same bar as you would for human-written code, and make sure the author understands what they're submitting. 6. Work on basic infra. There's a lot of room for everyone to build basic infrastructure, which can be guided by internal user feedback. The core tools are getting a lot better and more usable, but there's a lot of infrastructure that currently go around the tools, such as observability, tracking not just the committed code but the agent trajectories that led to them, and central management of the tools that agents are able to use. Overall, adopting tools like Codex is not just a technical but also a deep cultural change, with a lot of downstream implications to figure out. We encourage every manager to drive this with their team, and to think through other action items — for example, per item 5 above, what else can prevent a lot of "functionally-correct but poorly-maintainable code" from creeping into codebases.

I am very excited about AI, but to go off-script for a minute: I built an app with Codex last week. It was very fun. Then I started asking it for ideas for new features and at least a couple of them were better than I was thinking of. I felt a little useless and it was sad.

a mentor once told me that there are three kinds of projects in life: two days, two months, or ten years

I'm Boris and I created Claude Code. Lots of people have asked how I use Claude Code, so I wanted to show off my setup a bit. My setup might be surprisingly vanilla! Claude Code works great out of the box, so I personally don't customize it much. There is no one correct way to use Claude Code: we intentionally build it in a way that you can use it, customize it, and hack it however you like. Each person on the Claude Code team uses it very differently. So, here goes.

One of my favorite lessons I’ve learnt from working with smart people: Action produces information. If you’re unsure of what to do, just do anything, even if it’s the wrong thing. This will give you information about what you should actually be doing. Sounds simple on the surface - the hard part is making it part of your every day working process.

Paradigm Shifts and the Winner’s Curse When paradigms change, previous winners have the hardest time adjusting; that is why AI might be a challenge for Apple and Amazon stratechery.com/2025/paradigm-…

I like em dashes, and I hate that some people now take them as evidence of text being AI generated.

I unapologetically stand for free speech, peaceful demonstrations, and immigration—but this is not that. This is anarchy and true chaos. My party loses the moral high ground when we refuse to condemn setting cars on fire, destroying buildings, and assaulting law enforcement.

My conversation with Jony Ive yesterday at @stripe sessions.

AI is here, but without form, we won’t see its full potential. Chat is the beginning, but not the final destination. We still need great interfaces to guide and set the context. linear.app/blog/design-fo…

I wrote a quick new post on "Digital Hygiene". Basically there are some no-brainer decisions you can make in your life to dramatically improve the privacy and security of your computing and this post goes over some of them. Blog post link in the reply, but copy pasting below too. Every now and then I get reminded about the vast fraud apparatus of the internet, re-invigorating my pursuit of basic digital hygiene around privacy/security of day to day computing. The sketchiness starts with major tech companies who are incentivized to build comprehensive profiles of you, to monetize it directly for advertising, or sell it off to professional data broker companies who further enrich, de-anonymize, cross-reference and resell it further. Inevitable and regular data breaches eventually runoff and collect your information into dark web archives, feeding into a whole underground spammer / scammer industry of hacks, phishing, ransomware, credit card fraud, identity theft, etc. This guide is a collection of the most basic digital hygiene tips, starting with the most basic to a bit more niche. Password manager. Your passwords are your "first factor", i.e. "something you know". Do not be a noob and mint new, unique, hard passwords for every website or service that you sign up with. Combine this with a browser extension to create and Autofill them super fast. For example, I use and like 1Password. This prevents your passwords from 1) being easy to guess or crack, and 2) leaking one single time, and opening doors to many other services. In return, we now have a central location for all your 1st factors (passwords), so we must make sure to secure it thoroughly, which brings us to... Hardware security key. The most critical services in your life (e.g. Google, or 1Password) must be additionally secured with a "2nd factor", i.e. "something you have". An attacker would have to be in possession of both factors to gain access to these services. The most common 2nd factor implemented by many services is a phone number, the idea being that you get a text message with a pin code to enter in addition to your password. Clearly, this is much better than having no 2nd factor at all, but the use of a phone number is known to be extremely insecure due to the SIM swap attack. Basically, it turns out to be surprisingly easy for an attacker to call your phone company, pretend they are you, and get them to switch your phone number over to a new phone that they control. I know this sounds totally crazy but it is true, and I have many friends who are victims of this attack. Therefore, purchase and set up hardware security keys - the industrial strength protection standard. In particular, I like and use YubiKey. These devices generate and store a private key on the device secure element itself, so the private key is never materialized on a suspiciously general purpose computing device like your laptop. Once you set these up, an attacker will not only need to know your password, but have physical possession of your security key to log in to a service. Your risk of getting pwned has just decreased by about 1000X. Purchase and set up 2-3 keys and store them in different physical locations to prevent lockout should you physically lose one of the keys. The security keys support a few authentication methods. Look for "U2F" in the 2nd factor settings of your service as the strongest protection. E.g. Google and 1Password support it. Fallback on "TOTP" if you have to, and note that your YubiKeys can store TOTP private keys, so you can use the YubiKey Authenticator app to access them easily through NFC by touching your key to the phone to get your pin when logging in. This is significantly better than storing TOTP private keys on other (software) authenticator apps, because again you should not trust general purpose computing devices. It is beyond the scope of this post to go into full detail, but basically I strongly recommend the use of 2-3 YubiKeys to dramatically strengthen your digital security. Biometrics. Biometrics are the third common authentication factor ("something you are"). E.g. if you're on iOS I recommend setting up FaceID basically everywhere, e.g. to access the 1Password app and such. Security questions. Dinosaur businesses are obsessed with the idea of security questions like "what is your mother's maidan name?", and force you to set them up from time to time. Clearly, these are in the category of "something you know" so they are basically passwords, but conveniently for scammers, they are easy to research out on the open internet and you should refuse any prompts to participate in this ridiculous "security" exercise. Instead, treat security questions like passwords, generate random answers to random questions, and store them in your 1Password along with your passwords. Disk encryption. Always ensure that your computers use disk encryption. For example, on Macs this total no-brainer feature is called "File Vault". This feature ensures that if your computer gets stolen, an attacker won't be able to get the hard disk and go to town on all your data. Internet of Things. More like @internetofshit. Whenever possible, avoid "smart" devices, which are essentially incredibly insecure, internet-connected computers that gather tons of data, get hacked all the time, and that people willingly place into their homes. These things have microphones, and they routinely send data back to the mothership for analytics and to "improve customer experience" lol ok. As an example, in my younger and naive years I once purchased a CO2 monitor from China that demanded to know everything about me and my precise physical location before it would tell me the amount of CO2 in my room. These devices are a huge and very common attack surface on your privacy and security and should be avoided. Messaging. I recommend Signal instead of text messages because it end-to-end encrypts all your communications. In addition, it does not store metadata like many other apps do (e.g. iMessage, WhatsApp). Turn on disappearing messages (e.g. 90 days default is good). In my experience they are an information vulnerability with no significant upside. Browser. I recommend Brave browser, which is a privacy-first browser based on Chromium. That means that basically all Chrome extensions work out of the box and the browser feels like Chrome, but without Google having front row seats to your entire digital life. Search engine. I recommend Brave search, which you can set up as your default in the browser settings. Brave Search is a privacy-first search engine with its own index, unlike e.g. Duck Duck Go which basically a nice skin for Bing, and is forced into weird partnerships with Microsoft that compromise user privacy. As with all services on this list, I pay $3/mo for Brave Premium because I prefer to be the customer, not the product in my digital life. I find that empirically, about 95% of my search engine queries are super simple website lookups, with the search engine basically acting as a tiny DNS. And if you're not finding what you're looking for, fallback to Google by just prepending "!g" to your search query, which will redirect it to Google. Credit cards. Mint new, unique credit cards per merchant. There is no need to use one credit card on many services. This allows them to "link up" your purchasing across different services, and additionally it opens you up to credit card fraud because the services might leak your credit card number. I like and use privacy dot com to mint new credit cards for every single transaction or merchant. You get a nice interface for all your spending and notifications for each swipe. You can also set limits on each credit card (e.g. $50/month etc.), which dramatically decreases the risk of being charged more than you expect. Additionally, with a privacy dot com card you get to enter totally random information for your name and address when filling out billing information. This is huge, because there is simply no need and totally crazy that random internet merchants should be given your physical address. Which brings me to... Address. There is no need to give out your physical address to the majority of random services and merchants on the internet. Use a virtual mail service. I currently use Earth Class Mail but tbh I'm a bit embarrassed by that and I'm looking to switch to Virtual Post Mail due to its much strong commitments to privacy, security, and its ownership structure and reputation. In any case, you get an address you can give out, they receive your mail, they scan it and digitize it, they have an app for you to quickly see it, and you can decide what to do with it (e.g. shred, forward, etc.). Not only do you gain security and privacy but also quite a bit of convenience. Email. I still use gmail just due to sheer convenience, but I've started to partially use Proton Mail as well. And while we're on email, a few more thoughts. Never click on any link inside any email you receive. Email addresses are extremely easy to spoof and you can never be guaranteed that the email you got is a phishing email from a scammer. Instead, I manually navigate to any service of interest and log in from there. In addition, disable image loading by default in your email's settings. If you get an email that requires you to see images, you can click on "show images" to see them and it's not a big deal at all. This is important because many services use embedded images to track you - they hide information inside the image URL you get, so when your email client loads the image, they can see that you opened the email. There's just no need for that. Additionally, confusing images are one way scammers hide information to avoid being filtered by email servers as scam / spam. VPN. If you wish to hide your IP/location to services, you can do so via VPN indirection. I recommend Mullvad VPN. I keep VPN off by default, but enable it selectively when I'm dealing with services I trust less and want more protection from. DNS-based blocker. You can block ads by blocking entire domains at the DNS level. I like and use NextDNS, which blocks all kinds of ads and trackers. For more advanced users who like to tinker, pi-hole is the physical alternative. Network monitor. I like and use The Little Snitch, which I have installed and running on my MacBook. This lets you see which apps are communicating, how much data and when, so you can keep track of what apps on your computer "call home" and how often. Any app that communicates too much is sus, and should potentially be uninstalled if you don't expect the traffic. I just want to live a secure digital life and establish harmonious relationships with products and services that leak only the necessary information. And I wish to pay for the software I use so that incentives are aligned and so that I am the customer. This is not trivial, but it is possible to approach with some determination and discipline. Finally, what's not on the list. I mostly still use Gmail + Gsuite because it's just too convenient and pervasive. I also use 𝕏 instead of something exotic (e.g. Mastodon), trading off sovereignty for convenience. I don't use a VoIP burner phone service (e.g. MySudo) but I am interested in it. I don't really mint new/unique email addresses but I want to. The journey continues. Let me know if there are other digital hygiene tips and tricks that should be on this list. Link to blog post version in the reply, on my brand new Bear ʕ•ᴥ•ʔ blog cute 👇

Lots of potential here. Excited to build

Much of investing is avoiding FOMO buying and panic selling.

Great news! After years of litigation, millions of your taxpayer dollars spent, and irreparable harm done to the country, we reached an agreement with SEC staff to dismiss their litigation against Coinbase. Once approved by the Commission (which we're told to expect next week) this would be a full dismissal, with $0 in fines paid and zero changes to our business. This is hugely vindicating, especially because many people questioned my decision to engage in litigation with the SEC on this matter in 2023. People told me the courts would give a lot of leeway to the government. They said public market investors wouldn't like it. They said it would take years and cost us tens of millions of dollars in legal fees (which it did). They said the agency would use mafia tactics like trying to pressure other companies not to work with us while the lawsuit was underway (which they did). But I knew a few truths that helped make it an easy decision to fight them in court: 1. The SEC was wrong on the law. They were exceeding the authority given to them by congress by asking us to delist a number of assets that were not securities. We had taken a conservative approach to ensure we weren't listing any securities, and the SEC itself had allowed us to go public in 2021 after reviewing our listing standards in depth. We tried to “come in and register” but it turned out it was a fake offer, as every crypto company discovered. Regulators are supposed to enforce the law, but they can't make up new laws on the spot if they don't like the current ones, or weaponize a lack of clarity in the law. 2. Caving to their demands could have killed the crypto industry in America. The SEC made it clear to us that the only way to avoid litigation was to delist the many assets they falsely claimed were securities. It was a bullying tactic, pure and simple, driven by Gensler's own political agenda. And if we had caved, it would have dramatically limited the scope of which crypto assets were allowed in the US, and pushed the industry further offshore, into the shadows. Never forget how close a few activists in government came to unlawfully killing an entire industry in America! It could have easily gone the other way. Thank goodness the founding fathers created the judicial branch, as a check and balance on executive power. 3. It was the right thing to do for our customers and the industry. At the end of the day, it didn't matter what our chance of success was. I had to stand up for our customers’ and our industry’s rights. I also knew it would serve as a deterrent for future bad actors around the world we may have to engage with, for them to know that we won't be bullied or pressured. We are comfortable engaging in litigation across multiple fronts, indefinitely, while continuing to build. This is business as usual. As Bain in The Dark Knight says, "you merely adopted the dark; I was born in it". Growing up I had a naive view that regulators exist to hold companies accountable. What I realized in this ordeal is sometimes, companies must hold regulators accountable who are painting outside the bounds of the law, to preserve freedom. Accountability can actually happen both ways. At Coinbase, our mission is to increase economic freedom, and I initially thought we could achieve this solely through our crypto products. But I'm increasingly realizing that we can move the needle on economic freedom in the courts and through our policy efforts as well, when we see bad actors in government around the world. We plan to do more of this. I have to give credit here to the Trump administration, for winning the election, and for the departure of the activist head of the SEC, Gary Gensler, who orchestrated this unlawful action along with Elizabeth Warren, and a handful of their lackeys in congress. I feel confident we would have won this case in the courts either way, given our facts were so strong, but it certainly helped accelerate the process and drive accountability. I called out the sketchy behavior of the SEC back in 2021, and I believe this comment turned out to be prescient. I want to give a shout out to all the other crypto companies who fought back with their own lawsuits (we certainly were not the only ones). I want to give a shout out to all the crypto startups who couldn't afford the legal fees, and went bankrupt due to the administration's abusive tactics. Your company may have died, but crypto lives on. Don't stop building. I want to give a shout out to both Democrat and Republican members of congress, who are working hard to ensure America leads on crypto. I know that Gary Gensler and Elizabeth Warren do not represent the entire Democratic party. And I want to give a shout out to all the crypto holders in the US who elected pro-crypto candidates, on both sides of the aisle, to make sure your rights were preserved. It turns out the crypto voter is real, and showed up in the millions. Finally, I expect we'll continue working productively with the SEC on any number of items over the years, just as we do with every agency around the world where we operate. I look forward to the SEC being reformed under Paul Atkins, Mark Uyeda, Hester Peirce, and DOGE, and new more sensible personnel coming into leadership roles. I commend the new leadership that is already in place for working to right this wrong - it's a great step in the right direction, and took courage. Now let's get some crypto legislation passed in the US to finally clarify the rules, and really kick off this next phase of building.

@NoahvPutten Great thread on an incredible win for Jonas and Jumbo Visma! Here's an additional way to revisit the decisive moves of the 2023 Tour: jeffrbetts.com/tdf/2023/

Explaining the Cycling Iceberg: Jumbo Visma's amazing 2023. 2/3 Vingegaard wins the Tour with one of the best TT's ever. 1/30 #cyclingiceberg

An increasing # of cos are leaving Delaware to incorporate in Nevada or Texas *Texas: Tesla, SpaceX, ... *Nevada: Dropbox, Neuralink, TripAdvisor, Pershing Square, TradeDesk, ... Ben Potter & Sarah Axtell at Latham Watkins have analyzed DE vs NV vs TX & allowed me to share their full pdf

For any cycling fans: I’m building a site to better understand how the Tour de France is won, using stage profiles to analyze team tactics and decisive race moments. Feedback appreciated! Check it out jeffrbetts.com/tdf/2024/

Boyan says this is 1-2% of global plastic emissions. If it were only 1% and they were able to keep growing at this rate, they'd capture all emissions in 8 years.