korg.sol

Vibe coding is the new smart contract risk

We're excited to announce duckdb-skills, a DuckDB plugin for Claude Code! We think the embedded nature of DuckDB makes it a perfect companion for Claude in your local workflows. The skills supported include: + read-file and query – uses DuckDB's CLI to query data locally, unlocking easy access to any file that DuckDB can read. + read-memories – a clever idea to store your Claude memories in DuckDB and query them at blazing speed. These are powered by two additional skills: + attach-db – gives Claude a mechanism to manage DuckDB state through a .sql file linked to your project. + duckdb-docs – uses a remote DuckDB full-text search database to query the DuckDB docs and answer all of your (and Claude's own) questions. github.com/duckdb/duckdb-…

@ansel_sol @redacted_noah @jacobvcreech i do :)

@redacted_noah @jacobvcreech I’ve actually built that with Tokamai but nobody cares 😂

Hey @jacobvcreech foundation should run an indexer that watches the metadata program an indexes the history of each IDL, including all versions. It should then expose a service that (1) gives me the current IDL for a program given a major version (so two majors can be active at the same time) and (2) gives me a history of every IDL change for a program between two timestamps, so I can make changes as I index. With Streamingfast + Claude you could probably vibecode this in a day.

I know Silicon Valley startups don't want to hear this..... But the combination of someone in the trades with deep domain expertise and Claude Code will run circles around your generic software. I talked to Cory LaChance this morning, a mechanical engineer in industrial piping construction in Houston. He normally works with chemical plants and refineries, but now he also works with the terminal He reached out in a DM a few days ago and I was so fired up by his story, I asked him if we could record the conversation and share it. He built a full application that industrial contractors are using every day. It reads piping isometric drawings and automatically extracts every weld count, every material spec, every commodity code. Work that took 10 minutes per drawing now takes 60 seconds. It can do 100 drawings in five minutes, saving days of time. His co-workers are all mind blown, and when he talks to them, it's like they are speaking different languages. His fabrication shop uses it daily, and he built the entire thing in 8 weeks. During those 8 weeks he also had to learn everything about Claude Code, the terminal, VS Code, everything. My favorite quote from him was when he said, "I literally did this with zero outside help other than the AI. My favorite tools are screenshots, step by step instructions and asking Claude to explain things like I'm five." Every trades worker with deep expertise and a willingness to sit down with Claude Code for a few weekends is now a potential software founder. I can't wait to meet more people like Cory.

Announcing the Solana Audit Arena ⚔️ A free, weekly security competition for Solana security researchers. Every Monday I drop a new Anchor program, built using the safe-solana-builder tool and real-world DeFi implementation. Why? → Junior researchers have no clear path to prove themselves → No practice ground with realistic Solana programs → AI is raising the floor; you need to be above it github.com/Frankcastleaud…

$ claud zsh: command not found: claud thought it was all over for a minute.

want a modern LC 79 in the US? lolz

@wedtm @ClickHouseDB middle out?

I cannot stress enough how absolutely amazing @ClickHouseDB compression is.

(1/?) Introducing the Chewing Glass Explorer, a Solana explorer built for devs. I got tired of explorers, so this week I decided to vibecode my own. Sol is basically a graph database, devs want to be able to explore the full context of accounts without a million clicks.

/btw

@theakhileshw tmux — what are native tabs 👀

@levicook are you using the native tabs or still on tmux?

No idea why I waited until last week to try this. Thought I was happy in iTerm, I guess. Using it, loving it. You should try it too

Ghostty 1.3 is now out! Scrollback search, native scrollbars, click-to-move cursor, rich clipboard copy, AppleScript, split drag/drop, Unicode 17 and international text improvements, massive performance improvements, and hundreds more changes. ghostty.org/docs/install/r…

Firefox is one of the most fuzzed, audited, and reviewed codebases on the planet. Decades of continuous security testing. Claude found bugs that survived all of it in twenty minutes. 22 CVEs in two weeks. 14 high-severity. More than any single month in 2025. Mozilla had to mobilize incident response teams to triage 100+ bug reports filed in bulk from a single AI. The cost to find all of this? Roughly $4,000 in API credits. That's why cybersecurity stocks lost $15B+ before this blog post even dropped. Claude Code Security launched as a "limited research preview" two weeks ago and CrowdStrike shed 18%. Palo Alto fell 9%. The Global X Cybersecurity ETF hit its lowest since November 2023. But the chart above isn't the scary part. The scary part is what Anthropic buried deeper in the research. They gave Claude hundreds of attempts to exploit the same bugs it found. It built working browser exploits in two cases. Crude ones, only functional in test environments with the sandbox removed. Six months ago, the previous model couldn't do this at all. Anthropic's own benchmarks show these capabilities doubling every 4-6 months. Anthropic's closing line says everything: "It is unlikely that the gap between vulnerability discovery and exploitation abilities will last very long." When the company building the model tells you the defender advantage has an expiration date, believe them.

Most security firms today are building skills that scan for vulnerabilities. In my opinion, that’s a bit late. Security should be pushed back into development, not only applied after the code is written. That’s why I built Solana Safe Builder , a skill that helps you build secure Solana programs from zero, while you’re vibe coding. It eliminates: • low-hanging vulnerabilities • common bugs • weird edge-case issues before they ever reach an auditor. For this release, I made several updates. 👇 github.com/Frankcastleaud…

Solana devs, this one's for you. Install Safe Solana Builder (one file, 30 seconds) and every program you write in Claude comes out: • Security-checked from line one • Loaded with real audit knowledge • Packaged with a checklist of every rule applied No extra effort. No security knowledge required. The skill does it for you And as new vulnerabilities are found in the wild, I update the references. You install once. You stay protected. github.com/Frankcastleaud…

kinda crazy what duckdb makes trivial.

Headline of the day: All Bears Endangered

@trentdotsol @apfitzge immediately ffs

@apfitzge i'm talking about the poor taste in api design. they should be replaced imo

i cannot believe that we publish the solana jsonrpc crates with a straight face. lessons in ergonomics in there

@Topo_G that mfer hasn’t left my side in a month+

@levicook Hey taking a walk? Bring your Claude with you

Who needs breaks

24h chart? Fan fucking tastic 7d chart? 😅 30d chart? What are we even doing here?