graste v4.5

"To prove you're a human click on all the photos that show places you would run for shelter during a robot uprising." xkcd.com/2228/ #captcha

If you haven't updated Composer to 2.9.8 or 2.2.28 (LTS), do so urgently! GitHub will restart the rollout of their new GitHub Actions tokens later today. They've improved secret masking to cover this Composer issue, but you're safer if you update. #composerphp #php #phpc

7,000 false positives per square millimeter. The culprit was the lab gloves. University of Michigan researchers just upended a core assumption in microplastics science. Latex and nitrile gloves, worn by the scientists doing the measuring, shed stearate particles that look chemically identical to polyethylene. Standard infrared and Raman instruments can't tell them apart. The gloves were counting as plastic. Seven glove types tested. All contaminated. The cheapest fix: switch to cleanroom gloves, which dropped false positives to around 100 per mm² vs. 7,000. The "credit card per week" headline (5 grams, WWF/Newcastle 2019) has separate problems. A 2022 re-analysis found severe methodological errors in the original estimate. Actual measured intake is likely 100x lower. None of this means microplastics are harmless. Last month's data on brain accumulation still stands. But the numbers driving the panic may have been measuring the scientists, not the environment. Science catching its own errors is exactly how it's supposed to work.

Packagist needs to finance staff, not just hardware and bandwidth. Contact me if your company's interested in joining our sponsorship program for its launch this month while we work on long term solutions.

Open infrastructure isn't free. 🌱 Packagist/Composer signed a joint @OpenSSF letter with PyPI, crates, Maven, CPAN, etc on real cost of running package registries. #php #phpc #composerphp #softwaresupplychain #PreserveOpenSource #FreeSoftwareIsntFree #OpenSource #Sustainability

I have three monitors on my desk. The left one shows the order book. The middle one shows Truth Social. The right one shows the investigation queue. On April 21st, the left screen moved first. I am a Senior Surveillance Analyst at a commodities exchange. I have held this position for nineteen years. My job is to monitor trading activity for suspicious patterns and generate compliance reports. I am employee of the quarter. I have a mug. At 19:54 GMT on April 21st, someone placed 4,260 sell orders on Brent crude futures. They did this during post-settlement. The window after the market closes when daily volume is typically in the dozens. Sometimes single digits. Sometimes I watch the screen and nothing happens for forty minutes and I think about whether my daughter is happy. On April 21st, someone placed $430 million in directional bets in 120 seconds during that window. One hundred and twenty seconds. I timed it on my watch because the system clock rounds to the nearest minute and I have found, in nineteen years, that precision matters to no one but me. At 20:10 GMT, the President posted on Truth Social that he was extending the Iran ceasefire. Brent dropped from $100.91 to $96.83. I flagged the trade. I flag a lot of trades. I want to tell you what happens to my flags. My flags go into a system called TRACE. Trade Review and Compliance Evaluation. I did not name it. The system generates a report. The report goes to a committee. The committee has a name I am not allowed to share but I can tell you it meets quarterly and the conference room has a credenza with bottled water that is sparkling because someone once put still water in the room and a managing director sent an email about it that was longer than most of my surveillance reports. The committee reviews my flags. The committee has reviewed all of my flags. Here is the complete record of actions taken on my flags in 2026: Reviewed. That's it. "Reviewed" is a status. In compliance, a status is the absence of an action that has been given a name so it looks like one. Let me show you my flags. March 9th. Someone bet millions on oil falling at 18:29 GMT. Forty-seven minutes later, a CBS reporter posted that the President said the Iran war was "very complete, pretty much." Oil dropped 25%. Forty-seven minutes. I flagged it. March 23rd. Someone sold 5,100 lots of Brent and WTI crude futures between 10:49 and 10:50 GMT. Fourteen minutes later, the President posted on Truth Social about a "COMPLETE AND TOTAL RESOLUTION" to hostilities. Oil dropped 11%. Over 13,000 contracts traded in sixty seconds after the post. Fourteen minutes. I flagged it. April 7th. Someone established a $950 million short position in oil futures at 19:45 GMT. Three hours later, the President declared a two-week ceasefire. Nine hundred and fifty million dollars. I flagged it. April 17th. Someone placed $760 million in bearish bets twenty minutes before Iran's foreign minister confirmed the Strait of Hormuz would reopen. Seven hundred and sixty million. I flagged it. April 21st. The $430 million. Fifteen minutes. I flagged it. That is $2.1 billion in directional oil bets in April alone. Every one of them landed on the correct side of a presidential announcement. Every one of them was placed in a window so narrow you could measure it in bathroom breaks. I flagged every single one. The CFTC chair told a Congressional committee that his organization has "zero tolerance" for fraud and insider trading. I wrote that quote on a Post-it note and stuck it to my right monitor. The one that shows the investigation queue. The investigation queue has not moved since March. Zero tolerance. Zero staff. Zero budget. Zero prosecutions under the STOCK Act since it was signed in 2012. Fourteen years. The law has existed for fourteen years and has been enforced zero times. In compliance, we call that a compliance rate of one hundred percent. No cases filed means no cases lost. You cannot fail an audit you never conduct. We call that excellence. Last month the White House sent an internal email to staff. I was not on the distribution list but I have read reporting on it and I need you to sit with what I am about to say. The email instructed White House staff not to use insider information to place bets on prediction markets. The White House had to send a memo telling its own employees not to insider-trade. I want you to read that sentence again. Not because the instruction was unclear. Because the instruction was necessary. Because someone in the building looked at the same pattern I have been flagging for months on my three monitors and decided the appropriate response was an email. The President's son sits on the advisory board of Kalshi. He is an investor in Polymarket. Both are prediction markets. Both saw accounts created days before U.S. military action. One account. I cannot stop thinking about this account. It was called "Burdensome-Mix." It was created in December. On January 2nd, it placed $32,500 on Venezuela's president being removed from power. On January 3rd, Maduro was seized by U.S. special forces. Burdensome-Mix collected $436,000. Then it changed its username. Then it disappeared. One account is a coincidence. But there were six. Six accounts were created on Polymarket in February. All bet on U.S. strikes on Iran by the 28th. When the President confirmed the strikes, the six accounts collected $1.2 million between them. Five of the six never placed another bet. The sixth went on to correctly predict the ceasefire date and made another $163,000. My surveillance system logged all of this. My system logs everything. My system does not have opinions and neither do I. I generate reports. The reports go to committees. The committees meet quarterly. Between meetings, the windows get shorter and the bets get larger. March 9th: 47 minutes. March 23rd: 14 minutes. April 17th: 20 minutes. April 21st: 15 minutes. The window is compressing. In March, you had time to make coffee between the trade and the announcement. By April, you had time to send a text. By summer, at this rate, the trade and the announcement will be the same event. The spokesman said any implication that administration officials are engaged in insider trading is "baseless and irresponsible reporting." Then the White House sent the email again. I have been in compliance for nineteen years. I have seen insider trading run out of strip mall offices by men who could not spell "derivative." I have seen pump-and-dump schemes coordinated over WhatsApp by people who used their real names. I have seen a man try to manipulate soybean futures from a Panera Bread. I have never seen $2.1 billion in perfectly timed trades across five presidential announcements in a single month go uninvestigated. But I have also never seen a compliance system work this beautifully. Every trade flagged. Every report filed. Every committee briefed. Every quarterly meeting attended. Bottled water: sparkling. Minutes: distributed. Zero prosecutions. As long as the flags go up and the cases don't, my performance review says I am meeting expectations. I am meeting expectations. The system is meeting expectations. The $2.1 billion is meeting expectations. The fourteen-year-old law with zero prosecutions is meeting expectations. The left screen moves. The middle screen moves. The right screen stays perfectly, immaculately still. In my field, we call this price discovery.

THIS IS GOING JUST GREAT.

Let me explain exactly why every new subdivision in America looks like the top photo, because the math is wild. A mature tree increases a home's value by 7 to 19 percent. On a $400,000 house, that's $28,000 to $76,000. A single shade tree produces the cooling equivalent of ten room-size air conditioners running 20 hours a day. One tree on the west side of a house cuts energy bills by 12 percent within 15 years. The bottom photo is worth more, costs less to live in, and sells faster. This has been documented by the University of Washington, Clemson, Michigan State, and the USDA. The data is not in dispute. Removing those trees saves the builder roughly $5,000 per lot. Concrete trucks need twice the dripline radius of every standing tree. Utility trenches need flat ground. A bulldozer flattens 200 lots in an afternoon. Preserving trees adds weeks and thousands per home. So the developer pockets $5,000 in savings and the buyer eats $50,000 in lost value for the next two decades. The person making the decision and the person paying for it have never been in the same room. The Woodlands, Texas is the proof of what happens when they are. George Mitchell bought 28,000 acres of Houston timberland in 1974 and preserved 28% as permanent green space. He forced McDonald's to build behind the tree canopy. That McDonald's became one of the highest-volume locations in Texas. The first office building, designed to reflect the surrounding forest so you couldn't see it from the street, leased completely. The Woodlands median home price today: $615,000. Katy, a comparable Houston suburb that clear-cut: $375,000. Named #1 community to live in America two years running. Fifty years of data. The trees are worth more than removing them saves. Developers clear-cut anyway because they sell the house once and leave. You live in it for 30 years.

I spent time in Shenzhen last year and when I saw Merz come back from China saying Germans need to work more I immediately knew what broke his brain because I lived the exact same cognitive shock my first week in Huaqiangbei I burned through 4 prototype iterations of a motor controller board for less than a thousand bucks total, back home a friend was working on something similar and spent over 12 thousand for a single revision that took almost two months to arrive when you live that contrast in your own hands with your own project something permanently shifts in how you see the world and it goes way deeper than speed & cost what Shenzhen actually built is a collective learning organism, imagine 20 PCB fabs 15 injection mold shops 30 component distributors and a hundred firmware freelancers all within a 2km radius, looks insanely redundant from the outside until you realize redundancy is actually information density in disguise I watched this firsthand with an injection mold supplier I was working with, this guy had seen a hundred founders iterate similar thermal designs over 6 months so he proactively modified his tooling before I even opened my mouth, he knew what I needed before I knew what I needed, the intelligence lives in the relationships between the nodes and it compounds daily the west thinks about manufacturing as a cost center you optimize by centralizing… China accidentally built a distributed neural network of manufacturing intelligence where knowledge diffuses horizontally across thousands of agents faster than any single western company can process internally so when Merz comes back and says we need to work a bit more I think he saw the problem but COMPLETELY misdiagnosed the solution, telling Germans to work harder is like telling a horse to gallop faster when the other side built a combustion engine the gap is ARCHITECTURAL it’s ecosystem density, you need a custom connector in Shenzhen you walk 200 meters, in Munich you send an email and wait 3 weeks it’s iteration speed, parallel search vs sequential optimization at the system level, it’s risk tolerance, Chinese founders ship something broken on Monday fix it Tuesday ship again Wednesday while European companies are still in the approval phase for the pilot program of the feasibility study… and Merz only saw the surface, what he missed is the tier 2 cities like Hefei Chengdu Wuhan replicating the Shenzhen model at scale right now BYD going from irrelevant to outselling every european automaker combined in roughly 5 years, Huawei building its own 7nm chip under maximum sanctions when every analyst said it was physically impossible & behind all of that a government that treats advanced manufacturing as an existential national priority while europe debates whether AI needs another ethics committee I think what we’re watching is the most asymmetric economic competition in modern history and most western leaders are still framing it as a productivity problem when it’s actually an ontological one Europe & America are optimizing variables that China stopped tracking years ago meanwhile China is compounding on dimensions the west has no framework to even measure Merz at least had the courage to name it out loud and I respect that genuinely but working a bit more inside a broken architecture just means you arrive at the wrong destination slightly faster

Software engineers: Context switching kills productivity. Also software engineers: I'm now managing 19 AI agents and doing 1800 commits a day. We’ve spent years complaining that managers who expect a quick 5-minute chat ruin our focus for the next hour. But a ping from an agent every few minutes, that’s ok? We celebrated Paul Graham’s essay “Maker’s Schedule, Manager’s Schedule” in which he argued: “When you're operating on the maker's schedule, meetings are a disaster. A single meeting can blow a whole afternoon, by breaking it into two pieces each too small to do anything hard in.” Now we see software engineers claiming huge productivity gains from hordes of AI agents, celebrating thousands of commits per day from their 19 agents. Either context switching was never really the problem, and we oversold our need for deep focus. Or we're not actually reviewing 1800 commits a day. If we couldn't context switch before, we're not managing 19 agents. We're blindly trusting them. That’s not engineering, it’s gambling.

rustfs - S3-compatible storage written in Rust, has 20k stars on github - had a hardcoded authentication token in both client and the server since September 2024. It got 9.8 CVE assigned to it, and only patched out a week ago. Even Rust can't protect you from vibecoders.

@ChShersh The genius wasn't just the tools; it was the Pipe (|). They didn't build a massive monolith; they built small, sharp tools that could talk to each other via a universal text stream. The Pipe is arguably the most successful API design in history. 🤝🔗

Software Engineers who made grep, cat, cut, find, ls, less, and sed really cooked here. 50 years later and it’s still bread and butter of data analysis. And it still works better than most of bloated alternatives.

From 10x faster JSON streaming to FrankenPHP worker mode benchmarks, 2025 marked a massive performance milestone celebrating 30 years of #PHP, 20 of @symfony, and 10 of @ApiPlatform . 🎂 I summarized my #SymfonyCon talk and shared the slides on my blog at soyuka.me/2025-performan…

In Amsterdam next week and part of a group underrepresented at tech confs, or can't afford a ticket? Private Packagist is sponsoring @symfonycon (Nov 27th/28th) and we have a ticket to give away: Reply your favorite PHP8.5 feature to win #php #phpc #symfony #symfonycon

PHP 8.5 Released! 🎉 In this new release we have: – URI Extension – Pipe Operator – Clone With – A new #[\NoDiscard] attribute – Closures and first-class callables in constant expressions – Persistent cURL share handles Read all about it: php.net/releases/8.5/

After Composer 2.9 CLI security improvements, we're working on a transparency log for Packagist.org to strengthen PHP supply chain security, funded by the @sovtechagency with help of the @ThePHPF and Private Packagist. #php #phpc #composerphp

Composer 2.9 is coming, and there's an RC to try out! We need your help and feedback github.com/composer/compo… #composerphp #phpc

🚀 I just introduced a new feature into #Symfony AI: 👉 github.com/symfony/ai/pul… MultiAgent — a way to orchestrate multiple agents with handoff rules and fallback logic. 💡 Now you can split tasks, route queries between agents, and build more advanced AI pipelines. We would love to hear your thoughts & feedback! 🙏

🚨 Warning to PHP package maintainers: We did not email you to change your passwords & 2FA. Emails asking you to update your credentials are a phishing attempt. We had the phishing site & domain taken down. If you got the email and entered your credentials, please contact us.

Together with PyPI, Maven Central, crates.io and other major package registries we signed a statement on sustainable open source infrastructure. 3B+ installs/month and evolving #composerphp and packagist.org requires sharing the costs. #phpc #php