Hi there!

I switched from zsh to fish and it’s faster. Moreover, it works great with the default configuration which makes me happy. I have enough things to tweak. Just give it a try.

🛡️ Security & Privacy

• Next.js released version 15.2.3 (and backported patches for v12-14) to address CVE-2025-29927, which could allow bypassing Middleware security checks in self-hosted applications using next start and output: 'standalone'. More here.
• A vulnerability in macOS (patched in macOS Sequoia 15.1, Sonoma 14.7.1, and Ventura 13.7.1) allowed unauthorized access to file server credentials stored in the keychain via the NetAuthAgent daemon. More here.
• CVE-2024-9956 - A security flaw in major mobile browsers allows attackers within Bluetooth range to trigger FIDO:/ intents from malicious web pages, enabling the phishing of PassKeys. More here.
• A China state-sponsored APT exploited a 10-year-old SQL injection vulnerability in PostgreSQL (affecting Beyond Trust's PAM tool) to breach the US Treasury's systems. The vulnerability, triggered by the c0 27 byte sequence, bypassed string sanitization, allowing attackers to inject malicious SQL code via the psql interface and execute arbitrary system commands. More here.
• Google's parent company, Alphabet, is set to acquire cybersecurity startup Wiz for $32 billion in an all-cash deal, marking its largest acquisition ever and a major move to strengthen its cloud security offerings in the competitive cloud computing market. More here.

🛸 Tech

• AMD RDNA 4's "Out-of-Order" memory accesses analysis here.
• Chimera Linux is keeping its RISC-V repositories for now, thanks to remote access to a Milk-V Pioneer machine provided by Adélie Linux. More here.
• New PebbleOS watches are available for pre-order. More here. And regarding this, Apple restricts third-party smartwatches like Pebble, limiting functionality on iPhones compared to Android, including sending texts, notification actions, and inter-app communication. More here.
• It’s possible to decrypt and remove YouTube ads from protobuf streams on Apple TV by using a man-in-the-middle proxy. Details here.

🤖 AI

• Google's NotebookLM now features Interactive Mind Maps, allowing users to visualize and interact with information from their notes in a dynamic, branching diagram, enhancing learning efficiency and comprehension. More here.
• AI blindspots here.
• A new paper introduces ClockQA and CalendarQA datasets to evaluate multimodal large language models' ability to interpret time from clocks and calendars. Results show that despite advancements, reliably understanding time remains a significant challenge for MLLMs, highlighting limitations in visual recognition, numerical reasoning, and temporal inference. More here.
• Simon Willison shares his experiences and techniques for effectively using Large Language Models (LLMs) to write code, emphasizing the importance of setting reasonable expectations, managing context, providing precise instructions, and rigorously testing the output. More here.
• Claude (specifically Claude 3.7 Sonnet for now) can now search the web to provide more up-to-date and relevant responses with citations, enhancing accuracy with access to the latest information. More here.
• OpenAI has released o1-pro, a more powerful and costly version of its o1 "reasoning" AI model, available via its developer API to select developers. It's priced at $150 per million input tokens and $600 per million output tokens. More here.
• Learn how to create a budget-friendly AI coding assistant as an alternative to Cursor, leveraging open-source tools and resources for a customized coding experience here.
• This beginner-friendly guide explains how LLM agents work by breaking down their internal structure as simple graphs. It covers the core concepts, decision-making processes, and provides a practical example of building a research agent using the PocketFlow framework.

🛠️ Tools

• landrun - a CLI tool that enables secure sandboxing of Linux processes without requiring root access, containers, or complex configurations like SELinux or AppArmor.
• AI Labyrinth - a free tool using generative AI to create fake pages that trap and identify AI web crawlers attempting to scrape website content. It protects against unauthorized data collection, reduces server load, and helps prevent SEO issues from AI-generated duplicate content.
• OpenAI fm - an interactive demo for developers to try the new text-to-speech model in the OpenAI API.
• Focus Mode - An open-source browser extension that helps users stay focused by blocking distracting websites. Features include the ability to block multiple sites, schedule blocking for specific times and days, and use wildcards for mass blocking of site categories.
• HTTrack - a free, open-source (GPL) and easy-to-use offline browser that allows you to download an entire website from the internet to your local computer, mirroring the site's structure and allowing offline browsing.
• VisuAlgo - a website featuring interactive visualizations of common data structures and algorithms. It allows users to input their own data, offers e-Lecture modes, and includes online quizzes for self-assessment.
• fd - a simple, fast, and user-friendly alternative to find. It's a command-line tool to find entries in your filesystem, offering improvements in speed and ease of use.

🛰️ Misc

• The Dark Energy Spectroscopic Instrument (DESI) collaboration has made its first 13 months of data publicly available, offering the largest 3D map of the universe to date, containing information on 18.7 million objects and enabling researchers to explore dark energy, galaxy evolution, dark matter, and more. Details here.
• A new 300+ page book compiling hard-won lessons from hardware startups is now available, covering topics from planning and component selection to layout, testing, and troubleshooting. It’s on my list. More here.
• NASA's SpaceX Crew-9, consisting of NASA astronauts Nick Hague, Suni Williams, and Butch Wilmore, and Roscosmos cosmonaut Aleksandr Gorbunov, safely splashed down off the coast of Florida, completing their months-long science mission on the International Space Station. More here.

📩 Please feel free to share this article with colleagues and friends who will find it valuable.

Thanks for reading!

Have a great day!
Bogdan