The promotion path for many jobs is: - Become good at the work - Stop doing the work - Attend meetings about the work

crazy example of a real malware exploit attackers are using right now in claude fable 5, it involves intentionally triggering fable's safety classifier and sneaking in malicious code it goes something like this: -> attacker submits an npm package intentionally titled with a trigger word (e.g. biological weapons design) causing fable's ai scanner to review it -> scanner sends it to an llm to review it but it reads the title FIRST and immediately marks it as a "safety red flag" and hands it back to the ai scanner major issue: the attacker included a malicious code injection in the body of the package. but because the llm only read the title (and not the entire piece) it goes undetected. the result? the ai scanner doesn't flag it as malicious code, just a safety red flag which means millions of developers around the world can still download it online putting their systems at risk. seems like anthropic shifting the safety system to the deployment design is creating new attack vectors for hackers pretty wild

Introducing Claude Fable 5: a Mythos-class model that we’ve made safe for general use. Its capabilities exceed those of any model we’ve ever made generally available.

在AI时代，每个程序员都活成了自己最讨厌的那种 team leader： 1. 半年不写一行代码，编程能力严重退化，还自诩"我也是搞技术的“ 2. 开会的时候把一线开发干的活全说成是自己的功劳，连自己的汇报材料都是让别人总结的 3. 瞎JB指挥，出了问题就甩锅说是下面没执行好 4. 不了解项目具体情况，只会提”单测加了没“、“性能还要优化”、“文档要沉淀一下”这类空洞的要求 5. PR 基本上看不懂，只会让别人先review了自己跟着点赞 6. 遇到 bug 了只知道无脑转发让别人查一下，自己负责来来回回转发消息 7. 还经常吐槽“今年的应届生水平越来越不行了”

working on a theory that US intervention in the middle east is correlated to 11 year solar cycle of sunspot activity

Well, well, well. The public JSON formatter sites your developers paste production data into have been quietly publishing every paste for about seven years. Naturally, we read all seven years of it. 200,000 documents. Cloud keys, SSH keys, payment API keys, whole tax returns with SSNs, people's full identities, bank balances. Nobody hacked anything. People pasted it in to make it look tidy, as you do. Full writeup below. Yes, it's as bad as it sounds.

SpaceX has just announced that they have entered into a $920 million per month agreement with Google to provide compute capacity, according to a new filing. "On June 5, 2026, we entered into a Cloud Service Agreement with Google with respect to access to compute capacity. The customer has agreed to pay us $920 million per month from October 2026 through June 2029, with capacity ramping up through September at a reduced fee. The compute capacity provided includes approximately 110,000 NVIDIA GPUs, CPUs, memory, and other related components. After December 31, 2026, the agreement may be terminated by either party upon 90 days' notice. The customer will retain ownership of, and intellectual property rights in, its content, Al models, and related data."

Silly Linus thinking obfuscating fixes for stuff reported by Jann Horn still works in the LLM age: git.kernel.org/pub/scm/linux…

Car design in 2026

I'd like to tell you about a personal silly weekend project. Because I have love for the computing of the 90s, I built Relic, a tiny coding agent that runs on ancient devices. It fits on a floppy, needs 4MB of memory, and handles systems that were made before we got HTTPS. It's made with the same stuff used to build DOOM. It runs on Windows 95, a Wii, or the original Xbox. If you got a smart toaster, it'll probably run there, too. github.com/felixrieseberg/re…

Meet Grug. Grug is a “Caveman Designer” Custom Agent that our team turns to for blunt, anti-complexity product/design feedback. Basically: “complexity bad, make simple, make button look like button.” Here’s what Grug said about a recent All Hands.

This is the Audi Nuvolari, the brand's first supercar since the R8. • Twin-turbocharged, 4.0-liter V8 hybrid • 217 mph top speed • 987 combined horsepower • 2.6-second 0-60 Production is limited to just 499 units worldwide. motor1.com/news/797785/audi-…