There's some weird games being played by some of these AI labs, it'll all make sense in a few months from now

More AI-generated code doesn't make your team faster. It might actually slow you down.

These guys are artists. Moment Motor takes classic cars and turns them electric. It's two to four months of work and can cost $175,000. Tons of people in tech land send their cars to Austin to get modernized. Full episode here.

You do realize there’s no AI bubble and we’re not going back to writing code by hand, ever? Hint: there’s a reason why you’re not writing assembly by hand

Today, we're announcing the completion of a $100 million employee tender at Figure To solve general robotics, we need the best engineers on the planet and as a private company I'm glad to be providing liquidity along our journey

CEOs are uniquely prone to AI psychosis because they’re sufficiently distant from the last mile of work that still has to happen to generate most value with AI. So when they play with AI, they see the happy path results, often not considering the next 10 or 20 things that have to happen to get sustainable results from agents. “Look I made this awesome product prototype”. Yes but you didn’t have to review the code before it went into production and fix a bunch of issues. “Look I generated a contract”. Yes but you didn’t verify all the terms before it goes out to the counterparty and didn’t have to wire up all the past contracts to work with. The best thing you can do as a CEO is to use AI a *ton* to figure out the real implications of agents in the enterprise, and come out the other side with an appreciation for both the upside and the real work that goes into them.

We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity.

customers are increasingly asking us for certainty on capacity. as models get better, we expect that the world will be capacity-constrained for some time. we are offering discounted tokens for 1-3 year commits. (it also helps us plan, so hopefully a big win-win.)

SECURITY ADVISORY — TanStack npm packages A supply-chain compromise affecting 42 @tanstack/* packages (84 versions total) was published to npm earlier today at approximately 19:20 and 19:26 UTC. Two malicious versions per package. Status: ACTIVE — packages are deprecated, npm security engaged, publish path being shut down. Severity: HIGH — payload exfiltrates AWS, GCP, Kubernetes, and Vault credentials, GitHub tokens, .npmrc contents, and SSH keys. If you installed any @tanstack/* package between 19:20 and 19:30 UTC today, treat the host as potentially compromised: • Rotate cloud, GitHub, and SSH credentials immediately • Audit cloud audit logs for the last several hours • Pin to a prior known-good version and reinstall from a clean lockfile Detection — the malicious manifest contains: "optionalDependencies": { "@tanstack/setup": "github:tanstack/router#79ac49ee..." } Any version with this entry is compromised. The payload is delivered via a git-resolved optionalDependency whose prepare script runs router_init.js (~2.3 MB, smuggled into each tarball at the package root). Unpublish is blocked by npm policy for most affected packages due to existing third-party dependents. All 84 versions are being deprecated with a SECURITY warning, and npm security has been engaged to pull tarballs at the registry level. Full technical breakdown, complete package and version list, and rolling status updates: github.com/TanStack/router/i… Credit to the security researcher for responsible disclosure.

We're definitely going to get to the point where handwriting code doesn't make sense. Similar to handwriting assembly doesn't make sense. But the analogy breaks down. Developers don't really know assembly and they can't really review assembly. On top of it, the assembly that's produced by compilers is so optimized and confusing that you can't even understand it. For AI the code that's being produced, the developer needs to understand it could have written it themselves but it's just not as efficient or safe to do so. AI is not a new abstraction layer. It is a tool to create something you understand. We still need people to understand the mechanics of coding. We still need people to learn these skills and these are important skills. And even with the power of AI, you can't get away with not knowing these skills if you want to be effective. As always, there'll be people who try to take shortcuts and they'll get short-term gains and then it will fall apart.