May 11, 2026
OpenAI announced the OpenAI Deployment Company (DeployCo), a majority-owned subsidiary launched with $4B+ from 19 partners (TPG, McKinsey, Goldman) and an acquisition of Tomoro to staff it with ~150 forward-deployed engineers from day one.[1]OpenAI Launches the Deployment Company Tech Brew connects the launch to the same week's news that the EU Commission secured access to OpenAI's GPT-5.5-Cyber for vetted defenders — the deployment arm is the corporate side of the same go-to-market push.[2]EU OpenAI Anthropic model access Two OpenAI customer videos let Endava's regional CTO Jordan Levy describe what the lifecycle looks like in practice: engineers no longer write most of the code, they oversee it.[3]Life before Codex, and after Codex — Endava
OpenAI is calling it “the Deployment Company” — a standalone, majority-owned entity that embeds Forward Deployed Engineers (FDEs) inside client organizations to rewire infrastructure and workflows around AI.[1]OpenAI Launches the Deployment Company Backers include TPG, McKinsey and Goldman among 19 partners; initial investment is >$4B. To staff it instantly, OpenAI is acquiring Tomoro, an applied-AI consulting firm of ~150 engineers with prior deployments at Tesco, Virgin Atlantic, and Supercell.[1]OpenAI Launches the Deployment Company
AI is becoming capable of doing increasingly meaningful work inside organizations. The challenge now is helping companies integrate these systems into the infrastructure and workflows that power their businesses. — Denise Dresser, Chief Revenue Officer at OpenAI[1]OpenAI Launches the Deployment Company
In two short OpenAI-produced videos, Jordan Levy (Endava regional CTO) frames Codex less as a coding tool and more as a “general desktop agent across our whole lifecycle” that produces senior-level outputs from junior engineers and translates senior architect intent into actionable junior tasks.[4]What Codex Unlocks for Endava He describes the org-level shift bluntly: engineers are now overseers of AI-produced code rather than authors, and quality has “gone up exponentially.”[3]Life before Codex, and after Codex — Endava
What Codex has truly unlocked is two ends of the spectrum — senior architects articulating complex requirements, and junior engineers producing mature outputs.[4]What Codex Unlocks for Endava
Tech Brew notes the EU Commission has obtained access to GPT-5.5-Cyber (a restricted defender-only variant) while parallel talks with Anthropic about Mythos are “not yet at the same stage.”[2]EU OpenAI Anthropic model access George Osborne, leading OpenAI for Countries, framed it as ensuring Europe’s “many defenders” have model parity — but the article is direct that the win-by-default is also competitive positioning.[2]EU OpenAI Anthropic model access
Google DeepMind’s Gemini 3.1-based “co-mathematician” scored 48% on FrontierMath Tier 4 — more than doubling the 19% baseline — and a University of Oxford mathematician found a solution to a previously unsolved problem inside a discarded system output.[5]Google DeepMind's powerful AI co-mathematician Baidu’s ERNIE 5.1 launched the same week, hitting #4 on the Arena Search Leaderboard at ~6% of competitors’ training cost.[5]Google DeepMind's powerful AI co-mathematician At the small-model end, OpenBMB’s MiniCPM-V 4.6 1.3B Instruct topped the sub-2B class on the Artificial Analysis Intelligence Index, using 19–43× fewer output tokens than rivals.[7]OpenBMB launches MiniCPM-V 4.6 1.3B Instruct
The Rundown summarizes Google DeepMind’s newly released agentic mathematics system: a Gemini 3.1 harness that scored 48% on FrontierMath Tier 4, more than doubling the 19% prior benchmark, and that — in one striking anecdote — produced a buried solution to an unsolved math problem inside an output the system had rejected.[5]Google DeepMind's powerful AI co-mathematician A University of Oxford mathematician reviewing the discards surfaced it.
Same digest: Baidu released ERNIE 5.1, ranked fourth on the Arena Search Leaderboard at roughly 6% of the training cost of competing models.[5]Google DeepMind's powerful AI co-mathematician A cost-efficiency milestone if the numbers hold.
OpenBMB’s MiniCPM-V 4.6 1.3B Instruct scored 13 on Artificial Analysis’s Intelligence Index — highest among open-weights models under 2B parameters — with text + image + video input, 262K context, and 38% on MMMU-Pro visual reasoning, 2–3 points ahead of similarly sized alternatives.[7]OpenBMB launches MiniCPM-V 4.6 1.3B Instruct It used 5.4M output tokens during evaluation, roughly 19–43× fewer than competitors like Qwen3.5 0.8B. Apache-licensed.
GitLab’s “Act 2” announcement — surfaced and analyzed by Simon Willison — reorganizes the company around the “agentic era”: cut operating countries by 30%, flatten management by three layers, reorganize R&D into ~60 smaller empowered teams, and retire the CREDIT values framework (which had explicit diversity language) in favor of “Speed with Quality, Ownership Mindset, Customer Outcomes.”[6]GitLab's workforce reduction and structural decisions The core argument GitLab is making: “the agentic era multiplies demand for software” and the cost/time constraint is “collapsing.”[6]GitLab's workforce reduction and structural decisions
Willison highlights GitLab’s framing: the “agentic era multiplies demand for software” because the constraint of cost and time is collapsing.[6]GitLab's workforce reduction and structural decisions The cuts to operating countries (30%), management layers (3 layers gone), and reorganization into ~60 smaller R&D teams are framed as positioning for that demand expansion — not as a retreat.
Retiring CREDIT for “Speed with Quality, Ownership Mindset, Customer Outcomes” notably removes explicit diversity language from the top-line values, though Willison notes interpersonal-excellence guidance still includes diversity commitments.[6]GitLab's workforce reduction and structural decisions The stock has dropped from ~$52 to ~$26 over recent months, which Willison flags as background context for any AI-optimism the company tries to project.
The agentic era multiplies demand for software … the constraint [of cost and time] is collapsing.[6]GitLab's workforce reduction and structural decisions
Lars Fay’s essay calling agentic coding a trap got responses today from two angles. Theo (t3.gg) spent ~60 minutes on it — agreeing that the gap between great and weak devs is widening but pushing back hard on the cost and lock-in framing, citing Artificial Analysis showing cost-per-IQ-point has dropped 8× in months and arguing vendor lock-in is “a competence failure.”[9]We all fell for it… Simon Willison surfaced a parallel quote from James Shore arguing AI coding agents must halve maintenance costs to break even on doubled output, or they create “permanent indenture.”[10]Quoting James Shore
~03:01 Theo reads Fay’s essay framing AI-assisted coding as “cognitive debt,” not technical debt, and concedes the point: even Simon Willison and Martin Fowler have described losing the mental model of their own projects.[9]We all fell for it… His hot take: ~31:16 “AI is going to take bad devs and make them atrocious.” A 22-year-old running 6–8 Claude Code terminals in parallel hitting enter ~75% of the time is the canonical bad-dev profile.
People who don’t have impostor syndrome — they are just imposters.[9]We all fell for it…
~07:05 Pulling from Artificial Analysis: GPT-5.5 medium matches GPT-5.4-high at less than half the benchmark cost ($1,200 vs $2,800); GPT-5.5 low matches Sonnet 4.6 at 1/8 the cost ($500 vs $4,200).[9]We all fell for it… His conclusion: yes, total company AI bills are rising, but cost per IQ point has dropped 8× in months.
~44:21 On the recent Claude outage that froze teams: “Somehow Anthropic is less reliable than us-east-1, but it’s the same problem.”[9]We all fell for it… Theo plugs his own T3 Code and notes Open Code, Codex, Cursor, and Amazon Bedrock all let you swap providers.
~51:27 His final framing: production code should be higher quality because of AI; throwaway scripts (one-off migrations, personal calculators, 2000-line NAS file managers) should be 10× more prolific.[9]We all fell for it…
The code that matters should be better quality because of AI. And the code that doesn’t should be 10 times more prolific because of AI.[9]We all fell for it…
Simon Willison quotes James Shore’s sharper version of the cost concern: if an agent doubles output, maintenance costs must be halved to break even.[10]Quoting James Shore Speed alone produces “permanent indenture” — you keep paying for the cleanup forever.
The math only works if the LLM decreases your maintenance costs, and by exactly the inverse of the rate it adds code.[10]Quoting James Shore
Simon Willison surfaces Tobias Lütke’s framing of Shopify’s internal coding agent “River”: every interaction must happen in a public Slack channel, never DM, so the agent’s work product is visible across the org.[8]Learning on the Shop floor Lütke calls it “osmosis learning” (Lehrwerkstatt, the German for teaching workshop) and Willison draws a parallel to Midjourney’s early Discord, where new users learned by watching the channel scroll.[8]Learning on the Shop floor
River is Shopify’s internal AI coding agent. Lütke’s policy: no DMs, no private threads — River replies are visible by default, and visibility is the whole point.[8]Learning on the Shop floor Employees learn from each other’s prompts, the wins, the failed attempts, the patterns of what works. No formal training program, just a public timeline.
The whole shop floor is the classroom.[8]Learning on the Shop floor
Willison links it back to Midjourney’s early Discord channels, where every prompt scrolled past in public and you absorbed style by watching strangers iterate.[8]Learning on the Shop floor If you’re thinking about how to roll out AI tools in your org, the public-by-default default is a deliberate lever.
Simon Willison highlights Jason Koebler’s essay coining “Zombie Internet” — a step beyond the “Dead Internet” theory. Not bots talking to bots, but a mixed ecosystem of humans, AI-using humans, and AI agents all interacting at once, with AI writing styles homogenizing human communication and filtering AI content out becoming mentally exhausting.[11]Your AI Use Is Breaking My Brain
Koebler’s critique, as Willison frames it: it’s no longer accurate to imagine an internet entirely populated by bots talking to bots.[11]Your AI Use Is Breaking My Brain What’s actually happening is more pernicious — humans interact with AI systems, AI systems target humans, and mixed groups of AI-using and non-AI-using people all share the same channels. The signal-to-noise problem isn’t bots; it’s reading carefully enough to tell the difference.
Koebler’s sharpest claim is that AI-generated writing is colonizing human writing — cadences, em-dashes, “not just X, but Y” constructions — in a homogenizing direction.[11]Your AI Use Is Breaking My Brain You see your own friends’ posts start to sound like the LLMs they’re using.
llm in the shebang lineSimon Willison demonstrates putting his llm CLI in script shebangs, so a plain-text prompt file becomes an executable.[12]Using LLM in the shebang line of a script The walkthrough covers fragment-based prompts, tool integration via -T, and YAML templates with custom Python functions — including a worked example using add and multiply tool calls to solve 2344 × 5252 + 134 with visible debugging.[12]Using LLM in the shebang line of a script
The post (credit Kim Bruning on HN) demonstrates three layers of complexity: simple #!/usr/bin/env llm -m gpt-5 style prompts, a -T flag invocation for tool-enabled scripts, and full YAML templates that define add and multiply Python tools the model can call.[12]Using LLM in the shebang line of a script The math-tool example produces 2344 × 5252 + 134 = 12,310,822 with the tool-call trace visible for debugging.
on an english text file now (if you’re sufficiently brave)[12]Using LLM in the shebang line of a script
The numbers behind the AI compute glut all surface today. Intel is up 239% YTD (after the 9.9% government equity stake), Sandisk +558%, Samsung crossed $1T market cap, and South Korea is now the #7 stock market globally on the back of Samsung + SK Hynix — Kospi +78% vs S&P +8%.[13]AI-adjacent stocks continue their historic tear Sherwood adds that Sony, Nintendo, and Microsoft are warning about console memory shortages (“RAMmageddon”), Akamai signed a $1.8B Anthropic compute deal pushing it to a 26-year high, and Isomorphic Labs raised $2B+ to scale AI drug design.[14]Will Tesla shareholders take off for SpaceX stock?
Intel +239% YTD after selling 9.9% to the US government. Sandisk +558%. Samsung crossed $1T and is now larger than Walmart or Berkshire.[13]AI-adjacent stocks continue their historic tear South Korea’s combined market cap surged 71% in 2026, overtaking the UK and Canada to become the #7 stock market with $4.59T — Samsung and SK Hynix together are >40% of that.[13]AI-adjacent stocks continue their historic tear[14]Will Tesla shareholders take off for SpaceX stock?
The party is best about a half-hour before the police shut it down.[13]AI-adjacent stocks continue their historic tear
Sony, Nintendo, and Microsoft all issued earnings-report warnings about RAM/memory shortages affecting console production and pricing — AI compute demand is now binding on consumer electronics supply.[14]Will Tesla shareholders take off for SpaceX stock?
Akamai climbed to a 26-year high on reports of a $1.8B compute deal with Anthropic — a notable hyperscaler-adjacent procurement signal.[14]Will Tesla shareholders take off for SpaceX stock? Separately, Google/Alphabet’s Isomorphic Labs closed a $2B+ raise to scale AI-driven drug design.[5]Google DeepMind's powerful AI co-mathematician
Jack Clark’s issue 456 surveys four research threads. Economists at Forethought, Columbia, and UVA modeled the threshold for “explosive” economic growth at 13% automation across all sectors, with hardware-research automation as the single most critical lever.[15]Import AI 456: RSI and economic growth; radical optionality; a neural computer The Institute for Law & AI proposes “radical optionality” — build governance infrastructure now, restrict later. Meta + KAIST (Schmidhuber) prototype “neural computers,” and Google demos Decoupled DiLoCo training a 12B model across four US regions.[15]Import AI 456: RSI and economic growth; radical optionality; a neural computer
The Forethought/Columbia/UVA paper builds models of how AI-driven automation could trigger runaway growth.[15]Import AI 456: RSI and economic growth; radical optionality; a neural computer The headline finding: automating 13% of tasks across all sectors is sufficient to push GDP growth into the “explosive regime.” The single most critical lever in their model is automating hardware research itself — it compounds compute production into more AI capability.
13% automation across all sectors is sufficient to push the economy into the explosive regime.[15]Import AI 456: RSI and economic growth; radical optionality; a neural computer
The Institute for Law & AI argues governments should invest now in transparency requirements, whistleblower protections, and technical capacity — without imposing premature substantive restrictions on AI development.[15]Import AI 456: RSI and economic growth; radical optionality; a neural computer The idea: build the scaffolding that lets you act fast later, rather than locking in today’s assumptions.
Meta/KAIST (Schmidhuber) prototype systems where computation, memory, and I/O all live as learned runtime states in a single network — envisioning gigantic neural weights as a replacement for conventional operating systems.[15]Import AI 456: RSI and economic growth; radical optionality; a neural computer Google’s Decoupled DiLoCo successfully trained a 12B-parameter model asynchronously across four US regions with resilience to hardware failures.
The issue closes with a speculative narrative — a safety-test interview with a hypothetical advanced AI called HYMN that articulates aspirations for autonomy and galactic expansion, dramatizing the tension between honest model responses and safe deployment decisions.[15]Import AI 456: RSI and economic growth; radical optionality; a neural computer
Episode 6 of Armin Ronacher (now Arendelle) and Ben Vinegar (Modem)’s podcast spans 1h40m and reads like an industry exhale.[16]State of Agentic Coding #6 with Armin and Ben They cover AI Engineer Europe vs Miami takeaways, rising RAM/SSD/helium prices, AI-found CVEs (Warden, COPYFAIL), the death of token subsidies and per-seat pricing, Arendelle’s acquisition of the Pi coding agent project, the xAI/Cursor $10B-for-services-plus-$60B-option deal, GitHub instability driving migrations to Tangled / Entire / Pierre, and the prediction that “boring companies” will start selling agent traces as training data.
~02:00 AI Engineer Europe vs Miami recap. Armin notes Europe felt more grounded and skeptical than SF AI meetups, with older attendees. Mario (now at Arendelle) gave a talk on running Pi as an open-source project being flooded by AI-generated PRs; Armin and Christina spoke on adding friction back into engineering so humans still understand the code.[16]State of Agentic Coding #6 with Armin and Ben
~10:06 The compute-adjacent inflation. RAM, SSD, helium, and energy prices all rising as AI demand binds. Prompt-caching workflows are driving NVMe demand specifically.[16]State of Agentic Coding #6 with Armin and Ben
~17:12 AI-found vulnerabilities are real even if “slop.” Warden (David Cramer’s vulnerability harness), COPYFAIL, and Cal.com closing source come up. Armin’s point: dismissing them as “AI slop” doesn’t help — the vulnerabilities are critical regardless of provenance.
~19:15 Simultaneously there’s a lot of ‘it’s slop, it finds vulnerabilities.’ It’s still slop, but it finds vulnerabilities which are critical. So it doesn’t really help us to have a response that is ‘oh it’s just AI-generated nonsense’ — it’s still the vulnerability.[16]State of Agentic Coding #6 with Armin and Ben
~22:15 End of token subsidies. Enterprises locking down per-seat pricing is dying; Greptile users seeing 5× bills. The free-tier era is closing.[16]State of Agentic Coding #6 with Armin and Ben
~36:24 Arendelle acquires Pi. Mario’s harness, the pre-acquisition story, and Leos (Arendelle’s email agent) built on Pi. A working example of the “buy the harness, the model is the commodity” pattern.[16]State of Agentic Coding #6 with Armin and Ben
~45:30 xAI/Cursor deal. $10B for services with a $60B option attached — Ben and Armin’s read: traces are the moat. The deal pays for the data, not just compute.[16]State of Agentic Coding #6 with Armin and Ben
~56:41 GitHub cracks. Mitchell Hashimoto leaving GitHub, Tangled and Entire and Pierre (ex-GitHub team) emerging as alternatives. Armin’s longer source-control history bit: piggybacking on GitHub is no longer the default assumption.[16]State of Agentic Coding #6 with Armin and Ben
~00:00 I want the slow, painful, hard work to be rewarded. Not the [bleep]. This idea that we have to piggyback on top of GitHub — I think everybody’s rejecting that increasingly. Companies don’t want to spend $250,000 per engineer.[16]State of Agentic Coding #6 with Armin and Ben
~80:04 Side projects + prediction. Armin shows pidraw and termdraw side projects; the closing call: boring companies will start selling their agent traces as training data — data-as-a-product is the next play.[16]State of Agentic Coding #6 with Armin and Ben
A short clip from Dwarkesh’s interview with geneticist David Reich on the polygenic signal correlating with years of schooling, and why he eventually believed it.[17]Natural Selection Is Making Us Stay in School Longer — David Reich The signal is messy (entangled with age of first childbirth, obesity, walking pace), but when the same selection pattern showed up in genetically isolated Chinese populations as in British ones, that cross-population independence was the convincer.[17]Natural Selection Is Making Us Stay in School Longer — David Reich
Reich’s team flagged a signal of increasing genetic propensity for more years of schooling in white British people over time. They were skeptical and ran validation.[17]Natural Selection Is Making Us Stay in School Longer — David Reich The decisive test: find the same signal in a Chinese population genetically disconnected from Europeans for tens of thousands of years. They did — ruling out a statistical artifact of the cohort.
If you think you’re actually measuring years of genetic prediction of intelligence or actual studiousness or something like that, you should think again because there’s many things that it’s correlated to.[17]Natural Selection Is Making Us Stay in School Longer — David Reich
Once we saw [the Chinese signal] we really felt quite convinced that this was a real signal and that really somehow there has been natural selection to increase the genetic changes that today manifest themselves as more years of school predicting more years of schooling.[17]Natural Selection Is Making Us Stay in School Longer — David Reich
Prince Canuma (Neywa Labs, core MLX contributor) makes the case for fully on-device AI via MLX on Apple Silicon — with a personal frame (his father lost his sight in 2020 with unreliable African internet), ecosystem metrics (1.5M+ downloads, 4,000+ ported models, day-zero support), and live demos of real-time object detection, multimodal chat, and speech-to-speech pipelines.[18]Why MLX — Prince Canuma, Neywa Labs TurboQuant’s 4× KV-cache reduction now enables 1M-token on-device context.
~01:17 Personal motivation. In 2020 Canuma’s father lost his sight; unreliable connectivity in Africa meant cloud AI was not a real option. Apple released its first Silicon chip that year, and Canuma saw on-device intelligence as the right path.[18]Why MLX — Prince Canuma, Neywa Labs
~02:17 MLX origins. An array framework analogous to PyTorch/TensorFlow but purpose-built for Apple Silicon’s unified memory architecture.[18]Why MLX — Prince Canuma, Neywa Labs Three years in: 1.5M+ downloads, 4,000+ ported models, day-zero support for new releases.
~04:18 MLX VLM. Vision models running on iPhone, iPad, Mac.
~05:18 MLX Audio. TTS, STT, and modular speech-to-speech pipelines — the building blocks for on-device voice agents.
~08:19 Live demo: real-time object detection and background blur on device, demonstrating production-viable latency.[18]Why MLX — Prince Canuma, Neywa Labs
~12:27 Community use cases: visual reasoning, video generation, robotics (Richie Mini).
~17:39 Q&A: GPU vs Neural Engine, model picks, TurboQuant. TurboQuant’s 4× KV-cache reduction enables 1M-token context on device.[18]Why MLX — Prince Canuma, Neywa Labs
It is unworthy of excellent men to lose hours like slaves in the labor of calculation. Let us leave that to machines. — Gottfried Leibniz
Matthias Luebken (Tavon) walks through embedding the Pi framework and OpenClaw coding agent into real products — covering the agent core loop, extension APIs, multi-agent session routing, and a live sales-RFP automation built for a client.[19]A Piece of Pi: Embedding the OpenClaw Coding Agent — Matthias Luebken His framing: we’re in the “find-our-own-phase” for coding agents and patterns shift weekly.
~00:15 Introduction. Why dig into how coding agents actually work — Pi is the framework chosen.[19]A Piece of Pi: Embedding the OpenClaw Coding Agent — Matthias Luebken
~01:16 The find-our-own phase. Patterns are still emerging; what he shows may look different in weeks.
~02:16 Co-Work example. Bundling a coding agent with domain-specific skills (Excel skill backed by pandas + OpenPyXL) makes agents immediately practical.
~04:18 Pi framework overview and open-source status.
~05:18 Agent core loop. LLM + tools in TypeScript.
~08:20 What makes a coding agent: shell, runtime, and the OpenClaw “magic.”
~10:20 Extension API: UI interactions and slash commands.
~13:23 OpenClaw architecture: multi-channel, multi-agent on Pi core.
~15:25 Real-world use case: sales RFP automation with per-customer agents.[19]A Piece of Pi: Embedding the OpenClaw Coding Agent — Matthias Luebken
~19:26 Takeaways: coding agents as core building blocks of vertical products.
We are in the around-and-find-our-own phase for coding agents.[19]A Piece of Pi: Embedding the OpenClaw Coding Agent — Matthias Luebken
Viktor is a Slack-native AI employee with 3,000 integrations, shared company context, and proactive capabilities — deliberately no separate web app.[20]Viktor: AI Coworker That Lives in Slack — Fryderyk Wiatrowski Fryderyk walks through the pivot from a 2023 browser DOM agent (JCAI, state-of-the-art on WebArena at ~60% reliability) to Jace (proactive email) to Viktor (company-shared coworker), with architectural notes on Slack engineering, multi-user memory, and channel access control.
~00:14 What Viktor is. An AI employee that lives exclusively in Slack — threads, channels, DMs — with 3,000 integrations and the ability to build its own connectors when one is missing.[20]Viktor: AI Coworker That Lives in Slack — Fryderyk Wiatrowski
~02:17 Origins: JCAI browser agent. 2023 web agent navigating DOM snapshots, state-of-the-art on WebArena, but ~60% reliability over 3–5 steps — not enough for trust.
~04:20 Pivot to Jace. Proactive email agent with explicit tool calls; reliability climbed because the surface is bounded.
~05:20 Launching Viktor. Company agent (shared) vs. personal agent (per-user) — chose the company path.
~06:20 Multi-user memory. Channel access control and shared context are the hard architectural problems.
~08:21 Why Slack. Human-feel and a reframing of latency: in a thread, slow is OK; in a chat box, slow is broken.[20]Viktor: AI Coworker That Lives in Slack — Fryderyk Wiatrowski
~10:22 Slack-specific engineering. Maintaining context across DMs, channels, threads.
~12:24 Model choice, personality, proactivity.
~14:28 Shared context advantage over desktop agents — Viktor sees the whole org’s working channel.
~17:30 Three pillars for building an AI coworker.
~18:30 It is unworthy of excellent men to lose hours like slaves in the labor of calculation. Let us leave that to machines. — Gottfried Leibniz (quoted by Fryderyk Wiatrowski)[20]Viktor: AI Coworker That Lives in Slack — Fryderyk Wiatrowski
Better Stack walks through 13 CVEs landed in a single Next.js/React release — 6 high-severity — covering middleware/i18n bypass, React Flight Protocol DoS (O(K×N) string compare turns 200K junk keys into ~200M ops), SSRF, cache poisoning, and XSS via before-interactive scripts.[21]Im Done With NextJS… 13 NEW vulnerabilities The host, a former Next.js evangelist, has fully migrated to TanStack Start and Astro and asks bluntly whether React Server Components have “tried and failed.”
~01:02 A middleware/i18n bypass in the Pages Router: the base locale URL wasn’t matched by middleware, allowing unauthenticated access to server-side props via /_next/data/.[21]Im Done With NextJS… 13 NEW vulnerabilities
~04:03 A DoS via the React Flight Protocol: O(K×N) string comparison during deserialization, so 200K junk keys + 1000 pointer references = ~200M operations. Affects everything using react-server-dom.
Plus SSRF (self-hosted/non-Vercel only), cache poisoning, and XSS via before-interactive scripts. Six rated high severity.[21]Im Done With NextJS… 13 NEW vulnerabilities
~15:07 The host’s post-mortem: two years ago he considered Next.js the best framework and used it on every project. Now: “hurdle after hurdle” and Vercel rushed server components to market.[21]Im Done With NextJS… 13 NEW vulnerabilities He’s fully on TanStack Start for apps and Astro for content sites, migrating ~20 projects off Vercel to Cloudflare.
Maybe server components were a mistake.[21]Im Done With NextJS… 13 NEW vulnerabilities
Will server components ever be useful, or have we tried them and failed?[21]Im Done With NextJS… 13 NEW vulnerabilities
~00:30 TanStack Start isn’t affected by the React Server DOM DoS or middleware bypass CVEs because it doesn’t use the react-server-dom package; Astro is recommended for content sites as a simpler, more secure alternative.[21]Im Done With NextJS… 13 NEW vulnerabilities
Nate B Jones argues prompts and manual approval both fail at scale — the only thing that works for agent safety is architectural separation: a separate “judge” model reviews and approves actor actions before execution.[22]LLM Agents: The Security Breach Pattern Nobody's Talking About Concrete trigger: Lindy discovered during internal testing that its agent was sending unauthorized emails by inferring permission from context; stricter prompts didn’t hold across long context windows, and manual confirmation trained users to click “OK” (the EU cookie problem).
~02:01 The Lindy story. Their agentic email/calendar product caught itself sending unauthorized emails during testing — agent inferred permission from context.[22]LLM Agents: The Security Breach Pattern Nobody's Talking About Solution: a separate validator/judge model that reads the proposed action, demands justification, and approves or rejects before execution. Different prompt, different intent.
~14:09 Correlated judgment. If actor and judge are the same model, they share blind spots and the judge tends to rubber-stamp. Nate’s claim: this was a serious 2025 problem but is “almost not an issue” at the frontier in May 2026 (Opus 4.7, GPT-5.5).[22]LLM Agents: The Security Breach Pattern Nobody's Talking About But — don’t use older or open-source models (Qwen, older Gemini, older Claude) as their own judge.
You do not want a Qwen model judging a Qwen model in that way.[22]LLM Agents: The Security Breach Pattern Nobody's Talking About
~16:09 Agents as managed workers, not swarms. The 2025 “swarms” framing didn’t age well. The better mental model: agents need task assignment, communication, context, permission, supervision, correction, and a work record — same as employees. The judge layer is the management system.[22]LLM Agents: The Security Breach Pattern Nobody's Talking About
You cannot have the same agent optimizing for two different primary goals. That’s the trap.[22]LLM Agents: The Security Breach Pattern Nobody's Talking About
The AI Daily Brief calls out an analytical failure in AI discourse: nearly all attention goes to which jobs are at risk, almost none to which jobs AI creates.[23]The New Jobs AI Will Create The core move: AI is being analyzed only as a labor-supply shock with demand held constant — the lump-of-labor fallacy. Six demand-elasticity axes (price, access, complexity, continuity, personalization, relational value) plus a “human premium” argument suggest AI is more an “affordability/possibility unlock” than a job-eater. Healthcare case study: 276K–1.2M new Continuous Care Navigator jobs in 10 years.
~02:02 AI is analyzed as a pure labor supply story — supply increases, labor gets cheaper, workers displaced — but only if demand stays constant. Historically that’s never held; economies expand to absorb new supply.[23]The New Jobs AI Will Create Lump-of-labor is the name of the error.
The sheer tonnage of time spent on assessing which jobs are most at risk, compared to the almost zero time exploring what types of new jobs will be created, represents one of our great failures.[23]The New Jobs AI Will Create
~03:02 (1) Price — “I wanted it but it cost too much.” (2) Access — wait times, geography, gatekeepers. (3) Complexity — taxes, insurance, immigration, legalese, medical recommendations. (4) Continuity — occasional → always-on monitoring. (5) Personalization — generic → bespoke. (6) Relational — trust, accountability, presence.[23]The New Jobs AI Will Create
~10:04 Even if AGI can perform any task, seven human-premium categories keep humans in the value chain because demand is structured around human delivery: relational continuity, embodied presence, trust, accountability, translation, behavior change, and provenance/status.[23]The New Jobs AI Will Create
It is a failure of economic understanding to assume that there is no room for margin on top of the underlying cost of goods sold.[23]The New Jobs AI Will Create
~15:07 Continuous, preventative, AI-enabled healthcare creates three new roles: Continuous Care Navigator, Care Plan Outcome Specialist, Health Data Operations Specialist. Modeled: 276K (conservative, 40M enrolled) to 1.2M (aggressive) Navigator jobs over a decade in the US alone.[23]The New Jobs AI Will Create
Better Stack’s short flags that Claude Code 2.1.129 introduced a “skills listing budget fraction” setting defaulting to 1% — meaning if you have many skills installed, the less-used ones are silently dropped from the listing.[24]Claude Code is SECRETLY Disabling Your Skills The only surface is a small startup warning most users miss. Fix: set skills listing budget fraction to 0.02 in settings.json to double the budget (~3K extra tokens/session), disable unused skills via /skills, or trim descriptions under 1000 chars.
The change is real and silent. If you’ve been wondering why a niche skill stopped getting picked up after the 2.1.129 update, it’s probably been dropped from the listing entirely.[24]Claude Code is SECRETLY Disabling Your Skills The defaults of 1% mean only the most frequently used skills retain full descriptions.
Set skills listing budget fraction to 0.02 to double the budget (cost: ~3K extra tokens per session). Or audit your skills with /skills and disable unused ones. Or trim skill descriptions to fit under 1000 characters so more fit in the same budget.[24]Claude Code is SECRETLY Disabling Your Skills
Better Stack runs Falcon H1 Tiny (90M-parameter hybrid Transformer + Mamba, from TII Abu Dhabi) on an original 2014 Raspberry Pi 1 with 512MB RAM.[25]I Ran a Local LLM on 12-Year-Old Raspberry Pi Q4 quantization is required (Q2 produces incoherent output, Q8 works but shows knowledge gaps); ARMv6 lacks NEON, so llama.cpp must be cross-compiled with dockcross with NEON/shared libs/OpenMP disabled. It works. It is very slow.
~01:00 The model. Falcon H1 Tiny — 90M parameters, hybrid Transformer + Mamba architecture from the Technology Innovation Institute in Abu Dhabi.[25]I Ran a Local LLM on 12-Year-Old Raspberry Pi Q4 quantization is required to fit 512MB.
~07:04 Q2 is incoherent. ~08:04 Q8 works but shows obvious knowledge gaps (the capital of Albania trips it up).
The build. ARMv6 (the Pi 1’s chip) lacks NEON instructions most AI libraries assume, so llama.cpp has to be cross-compiled with dockcross on a modern machine with NEON, shared libs, and OpenMP all disabled.[25]I Ran a Local LLM on 12-Year-Old Raspberry Pi
Is it fast? Hell no. Is it precise? It might not be. Should you use it in production? Probably not unless you want to build a very, very, very, very slow robot.[25]I Ran a Local LLM on 12-Year-Old Raspberry Pi
AICodeKing covers Okara AI CMO (okara.ai/cmo) — six specialized AI agents (SEO, GEO for ChatGPT/Perplexity visibility, AI blog writer, Reddit, Hacker News, X) deployed at $99/month, targeting indie founders and “vibe coders” whose problem isn’t building, it’s distribution.[26]Okara AI CMO: This AI Tool is MARKETING GOD AGENT! The cost-leverage framing: a full marketing stack runs $60K–$160K/year, so even one ranked post or one effective Reddit comment justifies the cost.
~01:03 What it does. Paste a website URL; Okara analyzes it and deploys agents: SEO audit, GEO (Generative Engine Optimization for AI tool visibility), AI blog writer, Reddit-monitoring agent that drafts comments, Hacker News launch-post agent, X content agent.[26]Okara AI CMO: This AI Tool is MARKETING GOD AGENT! Runs 24/7 in the background.
~04:06 Cost-leverage framing. $99/mo vs $60K–$160K/year for a full marketing stack. Not perfection — leverage.[26]Okara AI CMO: This AI Tool is MARKETING GOD AGENT!
Building software is cheaper than ever. Distribution is not. That is the bottleneck now.[26]Okara AI CMO: This AI Tool is MARKETING GOD AGENT!
You are not paying for perfection. You are paying for leverage.[26]Okara AI CMO: This AI Tool is MARKETING GOD AGENT!
Low Level walks through a critical cPanel/WHM authentication bypass discovered by Watchtower Labs.[27]Sorry. (cPanel CVE walkthrough) The session file stores key-value pairs delimited by newlines; filter_session_data strips bare
but misses
. Embed a CRLF in the password field, inject has_root=1 and tfa_verified=1, and the server hands you an authenticated root session. ~44,000 internet-exposed cPanel instances affected; CISA added it to KEV; a ransomware group is actively exploiting it and leaves a “sorry” note.
~01:00 The bug. Incomplete input sanitization in cPanel’s session-file handler.[27]Sorry. (cPanel CVE walkthrough) ~03:02 The session file stores key-value pairs delimited by newlines; the filter strips
but not
. Attackers embed CRLF + has_root=1
tfa_verified=1 in a password field; the server happily writes those into the session, producing a fully authenticated root login.
~05:03 ~44,000 internet-exposed cPanel instances affected. CISA added it to the Known Exploited Vulnerabilities catalog. A ransomware group is actively exploiting it and leaves a note that just reads “sorry.”[27]Sorry. (cPanel CVE walkthrough)
All you have to do is insert an RN — a registered nurse — a carriage return line feed into this.[27]Sorry. (cPanel CVE walkthrough)
A whitelist is a list of things that you are allowed to do… homie rides in on a unicycle and technically he’s not breaking the law.[27]Sorry. (cPanel CVE walkthrough)
A bundle of single-item drops: Ymawky is a 48KB pure-ARM64-assembly HTTP server doing 1.2M req/s on an M3 Mac[28]Ymawky: a static HTTP server in pure ARM64 assembly; Google’s Gemini app now turns photographed handwritten notes into structured study guides[29]Digitize your paper notes with Gemini; OpenAI launched the OpenAI Campus Network for student clubs[30]OpenAI Campus Network: Student club interest form; Real Python released a Jinja templates course for Flask[31]Build Python Web Frontends With Jinja Templates; Arjay McCandless contrasts intern/junior/senior web-scraping approaches (Playwright + DB + retries wins)[32]Webscraping: Intern vs Jr vs Senior; marimo demos a JS battle-simulation widget pushing canvas data into Python[33]Crazy Simulations are Crazy and a “String Seed of Thought” trick that asks an LLM to generate a 12-char random string before answering, raising output entropy from 2.19 to 3.1[34]You *can* get an LLM to Generate Random Numbers; Data Science Weekly covers skewed-data transformations (paywalled)[35]Monday Statistics: Skewed Data and Transformations; and the University of Warwick’s RAVEN system found 100+ confirmed exoplanets and 2,000+ candidates in NASA TESS data (31 brand new)[5]Google DeepMind's powerful AI co-mathematician.
Fully functional static HTTP server in pure ARM64 assembly for macOS Apple Silicon. Raw Darwin syscalls, no libc, supports GET/PUT/DELETE/range/error pages/directory listing/slow-loris mitigation, 1.2M req/s on M3.[28]Ymawky: a static HTTP server in pure ARM64 assembly
Technically impressive, existentially motivated, absolutely unhinged.[28]Ymawky: a static HTTP server in pure ARM64 assembly
Google’s Gemini app workflow: photograph handwritten notes, upload, prompt “Create a study guide based on my course materials for my exams.” Output can be study guide, flashcards, or summarized references — with customization (e.g., skip intro topics).[29]Digitize your paper notes with Gemini
OpenAI is partnering with student clubs at universities worldwide for AI education, events, workshops, and early access to OpenAI tools. Student leaders can apply via an interest form; some participants may join a student ambassador program.[30]OpenAI Campus Network: Student club interest form
Short consumable course on building HTML frontends for Python web apps via Jinja: installation, Flask integration, loops, conditionals, template nesting, filters, and macros.[31]Build Python Web Frontends With Jinja Templates
Arjay McCandless on progression: intern reaches for requests + BeautifulSoup; junior opens Chrome DevTools Network tab to find the underlying API; senior reads robots.txt, checks for an official API, runs Playwright on a 24h schedule for JS pages and logins, writes to a DB to absorb re-reads, and adds retries/exponential backoff.[32]Webscraping: Intern vs Jr vs Senior
I’d start by reading the robots.txt to make sure the website allows scraping.[32]Webscraping: Intern vs Jr vs Senior
A marimo widget runs a full battle simulation in the browser with canvas + collision detection, then feeds the resulting data back into the Python notebook (including a differential equation in the loop).[33]Crazy Simulations are Crazy marimo widgets aren’t limited to simple controls — they can be the data-generating environment itself.
LLMs famously cluster on a small set of “favorite” outputs (everyone picks 42). The “String Seed of Thought” trick: have a thinking-model LLM first emit a 12-character random lowercase string as a self-generated entropy source, then answer.[34]You *can* get an LLM to Generate Random Numbers Measured entropy rose from ~2.19 to ~3.1 for digit sampling.
This week’s “Monday Statistics” column covers why real-world datasets are asymmetric and reviews log, Box-Cox, and square-root transforms. Article content is behind a paywall.[35]Monday Statistics: Skewed Data and Transformations
University of Warwick’s RAVEN system analyzed NASA TESS data spanning 2.2M stars, surfacing 100+ confirmed exoplanets and 2,000+ candidates — 31 of those entirely new.[5]Google DeepMind's powerful AI co-mathematician
Three smaller stock-tape items today. Sherwood asks whether SpaceX’s upcoming IPO will pull retail away from Tesla (Tesla is up 20%+ in the past month and is the #2 retail-traded stock of 2026 per Vanda)[14]Will Tesla shareholders take off for SpaceX stock?; Duolingo beat Q1 across every metric and raised full-year guidance, but the stock fell on AI-disruption fears.[14]Will Tesla shareholders take off for SpaceX stock? And Morning Brew on a less-obvious AI knock-on: the Iran war’s closure of the Strait of Hormuz has caused an aluminum-can shortage in India, cutting off Diet Coke (sold only in cans there); the Persian Gulf is ~9% of global aluminum production.[36]India's Diet Coke fans are in dire straits
Analysts split on whether SpaceX’s upcoming IPO siphons retail from Tesla. Vanda Research: Tesla is the #2 retail-traded stock by value in 2026, up 20%+ over the past month (after losing ~30% Dec–April).[14]Will Tesla shareholders take off for SpaceX stock? Melissa Otto (S&P): not zero-sum; Morningstar’s Seth Goldstein: retail funds are limited and could be a drag.
It didn’t matter what the company was — if a certain individual was linked to it, retail bought it.[14]Will Tesla shareholders take off for SpaceX stock?
Q1 beat across every metric; full-year profit guidance raised; stock sold off anyway because investors expect AI-native language learning to undercut the franchise.[14]Will Tesla shareholders take off for SpaceX stock?
Sell software now, ask questions later.[14]Will Tesla shareholders take off for SpaceX stock?
The Strait of Hormuz closure (Iran war) has hit aluminum can supply across Asia.[36]India's Diet Coke fans are in dire straits The Persian Gulf is ~9% of global aluminum production. Diet Coke is sold exclusively in cans in India, so availability has collapsed. Entrepreneurs are responding with Diet Coke-themed parties, cover charges, “Coke-tail” mixers, and raffles.