Maciej Pigulski

@bennycode @ClaudeDevs From my observations if you let it run in the background it will play the notification, maybe with a minor delay. Delay is there in case you are watching the session and can respond without the need for a notification. So unless you need it instantly for some reason it will work.

@mpigulski @ClaudeDevs I noticed that hooks are not accurate and have delays (sound plays seconds after the prompt finished).

Claude Code can now send push notifications to your phone when a long task finishes or Claude needs your input. Walk away from the terminal, we'll let you know when it's done.

@bennycode @ClaudeDevs Just use a hook.

@ClaudeDevs I’d like it to either play a sound notification on macOS or show a prompt with a character (similar to Clippy) whenever it’s waiting for my feedback.

Only if clones were powered by modern AI...

Cooking with Amazon Rufus in Python! DELICIOUS!

Conclusion? Drop everything and go to Lisbon for a solo trip. This has to be a sign.

[1/3] My session with Claude went off the rails, starting with me asking for subagent execution and Claude overriding my decision without asking

@claudeai @bcherny [3/3] Then when asking about more details it gave me some info about whale watching in Portugal, well, where did THAT come from? :O

@claudeai @bcherny [2/3] Then when it was finished I have asked why it happened and answer was even funny, explanation kind of plausible

New supply chain attack this time for npm axios, the most popular HTTP client library with 300M weekly downloads. Scanning my system I found a use imported from googleworkspace/cli from a few days ago when I was experimenting with gmail/gcal cli. The installed version (luckily) resolved to an unaffected 1.13.5, but the project dependency is not pinned, meaning that if I did this earlier today the code would have resolved to latest and I'd be pwned. It's possible to personally defend against these to some extent with local settings e.g. release-age constraints, or containers or etc, but I think ultimately the defaults of package management projects (pip, npm etc) have to change so that a single infection (usually luckily fairly temporary in nature due to security scanning) does not spread through users at random and at scale via unpinned dependencies. More comprehensive article: stepsecurity.io/blog/axios-com…

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

@InfZakladowy Challenge accepted? YouTube adds new hurdles for ad blockers, and there’s currently no way around it. androidauthority.com/youtube-ad-blo…

Mili, w dzisiejszym, bardzo długim artykule na blogu piszę, że wycinam reklamy z YouTube bez płacenia i nie wstydzę się tego. A gdy zacząłem pisać, jak i dlaczego, to wyszedł mi tekst na 34 tysiące znaków. Wąteczek o tym, co w nim znajdziecie 🧵👇 informatykzakladowy.pl/tak-wycinam-re…

@aakashgupta Good luck trying to review, optimise and find bugs within 20,000 lines of code. Compiler code.

Sounds incredible until you read the fine print. The compiler generates less efficient code than GCC with all optimizations disabled. It doesn’t have its own assembler or linker. It can’t produce a 16-bit x86 code generator. And Carlini himself says it has “nearly reached the limits of Opus’s abilities.” New features and bugfixes kept breaking existing functionality. So what did $20,000 and two weeks actually buy? A compiler that passes 99% of GCC’s torture tests but can’t match the output quality of a tool that’s had 37 years of human engineering. That’s the constraint nobody’s pricing in. The real story is in the cost curve, not the capability demo. $20,000 for 100,000 lines means $0.20 per line of generated code. A senior compiler engineer costs roughly $150/hour. At maybe 50 polished lines per hour for something this complex, that’s $3/line. AI just did it at 15x cheaper, and it will only get cheaper from here. But the code isn’t equivalent. The AI version needs a human to finish the assembler, fix the linker, optimize the output, and prevent regressions. Those are the hardest 20% of the problem, and they represent 80% of the engineering value. Anthropic built the demo. Shipping the product still requires humans. This tells you exactly where we are in the autonomous software timeline. AI can now produce impressive first drafts of complex systems at trivial cost. Turning those drafts into production software still requires the judgment that costs $300K+ per year in compiler engineer salary. The gap between “compiles the Linux kernel” and “replaces GCC” is measured in decades of accumulated engineering wisdom that no model has internalized yet. The companies that understand this will use agent teams to generate the 80% and hire engineers to finish the 20%. The companies that don’t will ship $20,000 compilers that produce slower code than a free tool from 1987.

@stats_feed Paragliding

What's something that you know you're better than 98% of people at?

Coding now resembles doing code reviews for the junior devs 24/7. And then I have to fix it, not the junior dev. Seriously, who loves code reviews? What a nightmare for a current software engineer...

@psmyrdek @tailwindcss Jak już wszystko będzie w pudełku zwanym AI i nikt nie użyje przeglądarki, strony będą padać, bo nie będzie się za co utrzymać to kto będzie tworzył nowe treści jak to nie będzie się opłacać? Co będzie żarło AI żeby poszerzać wiedzę? Zje własny ogon. To jakieś Vabank na AGI?

AI jednocześnie uwielbia i zabija najpopularniejszy framework👇 Twórca @tailwindcss, Adam Wathan, podzielił się brutalną prawdą o stanie swojego biznesu. Adopcja Tailwinda jest najwyższa w historii. LLMy traktują go jako domyślny standard przy generowaniu kodu. Mimo to, firma znalazła się na krawędzi. Przychody spadły o blisko 80%, 75% zespołu straciło pracę w jeden dzień, a ruch na dokumentacji spadł o 40%. Jak to możliwe? AI działa jak odkurzacz przejmujący ruch z sieci. Programiści nie wchodzą już na oficjalną stronę biblioteki. O wszystko pytają ChatGPT lub Claude'a. Problem w tym, że dokumentacja była głównym lejkiem sprzedażowym. To tam użytkownicy dowiadywali się o Tailwind UI i produktach B2B. Teraz model AI daje gotowy snippet, a twórcy zostają z niczym. Bez dopływu gotówki nie ma komu utrzymywać frameworka. Wygoda użytkownika właśnie zabija narzędzie, które ten użytkownik kocha. Jesteśmy świadkami końca ery, w której darmowy software żył z ruchu na dokumentacji. To będzie znacznie, znacznie szerszy problem, który wywróci do góry nogami cały internet. @LeszBuk @sadek @piotrek_nowy @przemekspider @MateuszChrobok @mkczarkowski @jakubkralka

@nexta_polska W końcu wyjaśnienie skąd się bierze tyle filmów z wypadkami z udziałem BMW.

😱 Kierownica w BMW żyje własnym życiem — firma pilnie wycofuje auta BMW pilnie wycofuje blisko 37 tysięcy modeli X3 po wykryciu usterki, która może powodować samoczynne ruchy kierownicy. Problem dotyczy każdego samochodu z roczników 2025–2026 — to poważna wada systemu bezpieczeństwa, a nie drobna awaria.

@ChrisLaubAI I was wondering how markup is performing against XML. Markdown seems to be more natural, .md files with instructions for Claude are done in Markdown, not XML, so makes me think which one is actually good enough. Markdown is cheaper token wise, at least a little ;-)

Prompt engineering is dead. Anthropic just published their internal playbook on what actually matters: XML-structured prompting. Only 2% of users know this exists. Here's what changed:

@ChrisLaubAI I've been using XML tags for a while, but I haven't done the work to compare the results—it's quite hard to measure the quality of outputs, in my opinion. As for the shoes example you gave, that's too subjective for me to weigh in on whether XML or non-XML is better.

I remember working on NTLM authentication by recompiling parts of WebKit from AOSP into a library and loading said code in runtime on Android. Good old times!

A blast from the past. NTLM authentication feature in Android browser has been now implemented after being requested in 2009. THE WAIT IS OVER! 🥲 Not sure anyone held their breath for this to get done. issuetracker.google.com/issues/3691084…