alec
4.6K posts
don't know why but the days after shipping feel so lonely
English
I built Zero in 3 days.
I didn't expect it to compile.
I didn't expect it to mostly self-host.
I definitely didn't expect it to work at all.
Inspired partly by Bun's rewrite to Rust, Zero started as an experiment. Honestly, the project says more about where AI is today than it does about the language itself.
It took more than 3,000 agent tasks to get here, and it's still nowhere near ready for serious comparisons, benchmarks or evals.
But the goal is bigger than the current result.
The hope is to either create a new language with tooling designed for agents from the ground up, or take learnings and apply it back to existing languages and ecosystems.
The ideas are simple:
1. Make languages (and new versions) easy for agents to learn, adapt to and fix on the fly, even when not in the training data.
2. Build a standard library comprehensive enough that most projects don't need external dependencies.
3. Create a tight, fast development loop that even small models can reliably work with.
I've never wanted to create a programming language.
But after repeatedly running into the same problems, safe but slow builds, fast but unsafe builds, agents struggling with new languages and version changes, wanting faster builds, smaller bundles and better DX, I started wondering:
Could accelerated, agent-driven iteration produce a language and tooling stack designed around these constraints from the start?
So Zero was born.
Chris Tate@ctatedev
Introducing Zero The programming language for agents. I wanted a systems language that was faster, smaller, and easier for agents to use and repair. Explicit capabilities. JSON diagnostics. Typed safe fixes. Made for agents on day zero.
English
@yo_swif @iam_feranmi_ @ctatedev Guys, kinda loving your circle jerking of hate, but the tweet says agent tasks. Not agents. One agent task could rewrite and refactor code. Learn to read carefully before spitting out hate :)
Love u, have a nice day
English
@badlogicgames careful, it will still use `as never` if you ban `as any`
English
calling it slopex from now on so it can join its sibling slopus.
English
alec retweetledi
🚨 How the TanStack npm attack actually happened:
1. Attacker opened a normal-looking pull request (#7378) on the TanStack repo.
2. GitHub automatically ran CI tests on that PR.
3. Code inside the PR stole the workflow's GitHub Actions Cache write token during the test run.
4. The attacker used that token to plant poisoned files in the shared build cache. The PR could be closed afterwards. The poisoned cache stays.
5. The official release workflow later pulled from the cache, baked the malicious files into the build, and signed and published 84 malicious package versions to npm.
Adnan Khan@adnanthekhan
This attack leveraged GitHub Actions Cache Poisoning. Payload deployed here: github.com/TanStack/route… It looks like it detonated here: #step:26:2" target="_blank" rel="nofollow noopener">github.com/TanStack/route…
English
alec retweetledi
SECURITY ADVISORY — TanStack npm packages
A supply-chain compromise affecting 42 @tanstack/* packages (84 versions total) was published to npm earlier today at approximately 19:20 and 19:26 UTC. Two malicious versions per package.
Status: ACTIVE — packages are deprecated, npm security engaged, publish path being shut down.
Severity: HIGH — payload exfiltrates AWS, GCP, Kubernetes, and Vault credentials, GitHub tokens, .npmrc contents, and SSH keys.
If you installed any @tanstack/* package between 19:20 and 19:30 UTC today, treat the host as potentially compromised:
• Rotate cloud, GitHub, and SSH credentials immediately
• Audit cloud audit logs for the last several hours
• Pin to a prior known-good version and reinstall from a clean lockfile
Detection — the malicious manifest contains:
"optionalDependencies": {
"@tanstack/setup": "github:tanstack/router#79ac49ee..."
}
Any version with this entry is compromised. The payload is delivered via a git-resolved optionalDependency whose prepare script runs router_init.js (~2.3 MB, smuggled into each tarball at the package root).
Unpublish is blocked by npm policy for most affected packages due to existing third-party dependents. All 84 versions are being deprecated with a SECURITY warning, and npm security has been engaged to pull tarballs at the registry level.
Full technical breakdown, complete package and version list, and rolling status updates:
github.com/TanStack/route…
Credit to the security researcher for responsible disclosure.
English
.@pmarca says boomers believed the TV. Zoomers learned not to trust authority.
"Somebody once said the definition of a baby boomer is somebody who believes what's on the TV set."
"[Zoomers] are the kids who came up through COVID, and these are the kids who came up through woke, and these are the kids who came up through all of the craziness of the last decade."
"They're much more skeptical of authority, much more skeptical of received wisdom. Much more cynical about manipulation."
"They're much more aware of the idea that there actually is psychological warfare going on, and they have been on the receiving end of it."
"It's something new and I'm very excited. I think they're fantastic."
Chris Arnade 🐢🐱🚌@Chris_arnade
I've written for the last decade about the educational divide in the US, but culturally there is now a large divide between generations — specifically those over sixty versus basically everyone else. The sixty-plus cohort (Boomers which I'm at the very tail end of) have a lot more certainty that they've discovered the Truth — or the high point, and often end point, of many things. From music (rock will always be here), to fashion (why would anyone wear anything but blue jeans), to politics (liberal democracy with emancipation from all forms of obligation as a human Telos). Younger people are much more uncertain and relativistic. They don't accept the claim that it's been solved, and the Boomers' rigidity and religious-like certainty seems to them either laughably naive or arrogantly condescending. The Boomers see everyone else as having fallen away from the path to historical perfection they paved, and are uniformly angry about that. What most of the Boomers miss is that the younger generation is living in the world they built — of hyper-individuality, of smashing of prior norms, and of moral relativism. This post-truth, post-gatekeeping, hyper-partisan world is an endpoint of their worldview, and yet they are angry about it.
English
@itsjamiecho Mobile feedback for focused image:
1. Pinch-to-zoom resets immediately. Ok, that would be fine if I could double-tap to zoom in a bit and enable sticky zoom
2. While doing pinch-to-zoom, I cannot pan. Poor UX
English
explore the Pentagon's UFO files on an infinite canvas
ufo.zip
Department of War 🇺🇸@DeptofWar
English
Introducing zero-native
Build native desktop + mobile apps with web UI and Zig
→ Tiny binaries, low memory usage
→ Selectable web engines (WKWebView, WebKitGTK, WebView2, Chromium/CEF)
→ Next.js, Vue, Svelte, Vite, React
→ macOS, Linux, Windows, iOS, Android
English
alec retweetledi
You are renderful: introducing Redraw, a new grade of 2d primitives for Web and Native
English
Pug, CoffeeScript, and indented Sass
The whitespace holy trinity
IroncladDev@IroncladDev
does anyone remember pug and how beautiful of a markup language it is compared to jsx?
English