Zerolith happenings 05/12/26: ZL is ~80% into production release readiness and still accumulating features! Debugger got 10x faster in scenarios where it's slow, allowing realtime compressed logging of debug output in production at low cost. And it can still get faster-er later. Soon, the debugger can feed an interesting form of fully automated testing ( no test writing needed ), y mas Unfortunately zyeet and zcache ( blast processing features ) are still being held back so that we can dogfood and reliabilitymax those libraries. We also found some footguns that need removal. Sometimes you don't see them until a shoe gets grazed. But.. Preview Release 3 is imminent. We are now in the merging/testing phase. We will dogfood and continue to evolve PR3 on 6 apps for 4-6 months, and see what needs to break before we call it a production ready release. Because we want the design to be heckin' stable for people to build very serious, very fast things on. Also we have a test application written in L*ravel and ZL so you can see the difference. Coming soon! Our new contributor, Labba, wrote 40% of the code and me and him are turning out to be quite the tag team. We are pumped to release this!

Only the finest of told you sos for me and my followers

You thought it was bad buying RAM for your gaming rig today. Check out what enterprises are about to pay for next gen AI hardware. $53/gb x 32gb = $1,696... BEFORE you pay the Jensen tax on top.

I love hypermiling cars with stick shifts and tiny engines. Recently popped a high score on 40mph suburban roads. Made possible by coasting in neutral to stoplights since traffic was low. You don't even need a hybrid. Just preserve momentum at any available opportunity🤓

I have been playing cybersecurity guy for too many hours a week lately. I'm sorry, but Zerolith preview release 3 is delayed due to this.

All wars are civil wars because all men are brothers.

Sue me...

SECURITY ADVISORY — TanStack npm packages A supply-chain compromise affecting 42 @tanstack/* packages (84 versions total) was published to npm earlier today at approximately 19:20 and 19:26 UTC. Two malicious versions per package. Status: ACTIVE — packages are deprecated, npm security engaged, publish path being shut down. Severity: HIGH — payload exfiltrates AWS, GCP, Kubernetes, and Vault credentials, GitHub tokens, .npmrc contents, and SSH keys. If you installed any @tanstack/* package between 19:20 and 19:30 UTC today, treat the host as potentially compromised: • Rotate cloud, GitHub, and SSH credentials immediately • Audit cloud audit logs for the last several hours • Pin to a prior known-good version and reinstall from a clean lockfile Detection — the malicious manifest contains: "optionalDependencies": { "@tanstack/setup": "github:tanstack/router#79ac49ee..." } Any version with this entry is compromised. The payload is delivered via a git-resolved optionalDependency whose prepare script runs router_init.js (~2.3 MB, smuggled into each tarball at the package root). Unpublish is blocked by npm policy for most affected packages due to existing third-party dependents. All 84 versions are being deprecated with a SECURITY warning, and npm security has been engaged to pull tarballs at the registry level. Full technical breakdown, complete package and version list, and rolling status updates: github.com/TanStack/router/i… Credit to the security researcher for responsible disclosure.

so true

We could lose the internet to scrapers if people designing scraper protection systems continue to get out-classed by scrapers. The reason is it becomes economically unfeasible to host a website at the volume of bot traffic in the near future. Hate that i have to fix this.

Damn, i should try this

The more i use Softmaker Freeoffice, the more i like it. The king of Office clones!! Love being able to change to a Powerpoint 2003 style interface.. visual muscle memory is starting to come back :) If this continues to go well, i will ditch my beloved Office 2010 finally 🫠

What's worse, Bob M@rtin's programming practices or this? For me it's a tough call

Maybe we should go all in on bees instead?

You can never be too paranoid.

Jensen: Asian parents' culture, toxic😟 I know they love me, I usually “alright, alright..." 黃仁勳今天說了內心話 一路過來真不容易 “亞洲父母有毒 總是會糾正你“ "我63歲了 他們依然覺得我不夠好“

Done testing memcached for localflare zerolith's future 'blast processing' KV cache of choice. Utilized local LLM to adapt APCU test code to memcached, reviewed, and stripped out the added bloat and gymnastics routines. 57000 single threaded writes/sec via TCP/IP = 0.0175ms/write. APCU was more like 0.01ms/write. Smaller difference than expected. TCP/IP is the slow protocol; unix sockets or UDP are said to be faster but i couldn't figure them out. I'd say 'fast enough' considering that if we had 4 cores rockin', we are in the 200k req/sec range. 894mb used for 9 million IP address records, 50% smaller footprint than APCU, and i haven't even fine-tuned slab/chunk sizes ( theoretically sizeable memory reduction ) No unexpected memory allocation behavior or consumption spikes seen yet. The opposite of APCU. Has Ubuntu package and works immediately upon install. KISS principle compliant. I'm betting that locaflare could handle >=75k hit/sec on a 4 core before any tuning, which is 10x faster than i've seen the fastest botnet run. If we can refer bot bans up to iptables like fail2ban does, then we greatly offload localflare and achieve high efficiency. Fail2ban is using 444mb ram for ~40k unique IP addresses and gets outran at ~200 req/sec because it's single threaded, unlike localflare. I'll do more feasability and performance testing but the possibility of localflare working out seems very high!

Review of @htmx_org ( 2026, colorized ): 10/10, fast shipping, would buy again

Kind or a wild stat, huh? And both causes of death skyrocket during the summer.