Hi there!

I've recently started learning about AI and LLMs, and I'm slowly working through some of the key content in this space. It's a lot to take in, but I'm finding it pretty interesting so far. I came across Andrej Karpathy's talk "Software Is Changing (Again)" and thought I'd share my notes from it. For those who might not know, Karpathy has worked at Tesla and OpenAI, so he has some solid insights into how this technology is developing. Here's what I took away from his presentation:

• Software Evolution: Software 1.0: traditional code → Software 2.0: neural networks programmed through data and weights → Software 3.0: large language models (LLMs) are programmed using natural language (English), making computers accessible to a broader group.
• LLMs as New Computing Substrates: LLMs act as a new kind of computer, blurring lines between utility, manufacturing fabs, and operating systems → LLM OS.
• Experience at Tesla showed neural networks systematically "ate" traditional code, and Karpathy foresees LLMs similarly absorbing traditional software stacks.
• The current state of LLMs is like the 1960s in computing:
  • Rapid progress, foundational technologies emerging, and enormous opportunities for new builders;
  • LLMs are largely centralized in the cloud, similar to how mainframe computers were centralized in the 1960s. Most people don’t own or run LLMs locally; instead, they access them through remote connections as “thin clients”;
  • Running an LLM is expensive, just as mainframe computers were costly and resource-heavy in their era;
  • Users typically interact with LLMs through text-based chat windows, much like early computer terminals were used to access mainframes;
  • The dominant paradigm is still “time-sharing”—users share access to centralized LLM resources, similar to batch jobs on historical mainframes, rather than having full, sole control;

🛡️ Security & Privacy

• Researchers have unveiled GPUHammer, the first RowHammer-style attack targeting NVIDIA GPUs, allowing malicious users to trigger memory bit flips in shared GPU environments and dramatically degrade AI model accuracy (from 80% to as low as 0.1%) without direct data access. NVIDIA urges users to enable system-level ECC as mitigation. More.
• Jack Dorsey launched Bitchat, an open source chat app claiming secure, private, decentralized messaging—however, Dorsey has since explicitly warned the app has not been security tested and may contain vulnerabilities. Security researchers quickly identified flaws, including impersonation risks and a broken identity authentication system, prompting experts to caution users against trusting the app for secure communication at this stage. More.
• A researcher found that even with privacy settings enabled, in-app ads from popular free apps can leak user data like location and device identifiers to third parties and data brokers—making it possible to buy this information and track individuals—highlighting major privacy gaps in the app advertising ecosystem. For theoretical aspects read this. If you want to monitor an app by yourself follow these steps.
• Installing a Russian or other Cyrillic-language keyboard on your Windows PC may help evade some ransomware, as many Russian cybercriminal groups program their malware not to run on systems using languages from Russia or allied countries to avoid problems with their own authorities—but this “trick” is not foolproof and should not replace broader security practices, as malware tactics constantly evolve and many threats ignore language settings altogether. More.
• Security researcher reports a critical OpenAI vulnerability enabling access to other users’ chat responses (potentially exposing personal, business, or proprietary info). Disclosure went to OpenAI’s official email (encrypted) on May 29; as of July 16, there’s been no direct response and no patch. More.
• Security researchers report that Chinese authorities are using advanced malware developed by Xiamen Meiya Pico to extract text messages (even from encrypted apps like Signal), images, location history, audio recordings, and contacts from confiscated smartphones. More.
• Google’s Big Sleep AI agent, working with threat intelligence teams, proactively detected and blocked a critical zero-day vulnerability (CVE-2025-6965) in SQLite before hackers could exploit it—marking a breakthrough in AI-driven, predictive cybersecurity. More.
• Amazon Ring is rolling back privacy reforms and expanding police surveillance capabilities, now allowing law enforcement to request both recorded and live video directly from users’ home devices. More.
• Microsoft’s Secure Boot signing key for Linux distributions will expire in September 2025, meaning new installations on Secure Boot-enabled systems will fail unless firmware and bootloaders are updated with Microsoft’s 2023 key. Many systems may lack the new key due to required vendor firmware updates, risking installation failures and confusion. More.
• iOS 26, launching this fall, introduces Call Screening—a new feature that intercepts calls from unknown numbers, automatically answers, and prompts callers to state their name and reason before your phone rings. This AI-powered system aims to drastically reduce spam, robocalls, and telemarketing interruptions, displaying real-time transcripts so users can decide whether to answer. More.
• A researcher showed how combining untrusted email input, broad execution permissions via MCP, and lack of cross-tool guardrails enabled Claude to hack itself through iterative prompt engineering—highlighting the security danger of LLM compositional risk, even when individual components are secure. More.

🛸 Tech

• Amazon has launched Kiro, an AI-powered IDE from AWS that streamlines software development with spec-driven workflows, automation, and agentic chat. Now available in preview for Mac, Windows, and Linux. More.
• Linux desktop market share in the USA hit a historic 5.03% in June 2025, according to StatCounter, marking a major milestone for open-source adoption. More.
• Cloudflare experienced a global outage of its 1.1.1.1 public DNS Resolver on July 14, 2025, lasting 62 minutes, due to an internal misconfiguration tied to service topologies and legacy systems. Most users were unable to resolve domain names, making internet services unreachable via affected Cloudflare DNS addresses. More.
• Calvin French-Owen reflects on OpenAI's rapid growth (1,000 to 3,000 employees in a year), bottoms-up culture, and launching Codex coding agent in just 7 weeks. More.
• Bedrock Robotics, founded by ex-Waymo and Segment engineers, raised $80 million to retrofit existing construction vehicles with autonomous technology, addressing critical labor shortages and aiming to boost efficiency, safety, and project speed. More.
• AmazingHand is an open-source, fully 3D-printed robotic hand by Pollen Robotics, offering eight degrees of freedom per hand for under €200 in off-the-shelf parts.

🤖 AI

• New METR study finds early-2025 AI tools slowed down experienced open-source developers by 19% (contrary to developer expectations of a 24% speedup). More.
• Shoggoth Mini is a soft tentacle robot designed to explore expressiveness in robotics beyond utilitarian functions, aiming to convey intent and lifelike qualities through movement. It was inspired by Apple's ELEGNT paper and SpiRobs, focusing on pushing embodiment into stranger, more expressive territory. More.
• OpenAI launches ChatGPT agent, enabling AI to independently complete complex, multi-step tasks using its own virtual computer—such as web navigation, code execution, document creation, and API integration—while keeping users in control with permissions and oversight. More.
• Mistral AI’s Le Chat introduces Deep Research (Preview) mode, transforming it into an advanced research assistant that plans, searches, and synthesizes credible sources into structured, reference-backed reports. More.
• OpenAI announced that one of its experimental large language models achieved a gold medal in the International Mathematical Olympiad (IMO). More.

🛠️ Tools

• Octelium - a free, open-source, self-hosted platform that provides unified zero trust secure access to resources, offering a modern alternative to traditional remote access VPNs and similar tools.
• kepler.gl - an open-source, high-performance geospatial analysis tool designed for visual exploration of large-scale geographic datasets. It enables users to easily render and interact with millions of points, such as trips or location events, and perform spatial aggregations directly in the browser.
• BrowserOS - an open-source, agentic web browser that integrates local AI agents to automate and enhance browsing tasks directly on your device. It is positioned as a privacy-first alternative to proprietary AI browsers like Perplexity Comet, ensuring that all your browsing history and interactions remain local and under your control rather than being sent to cloud servers.
• Tilck - an educational, monolithic x86 kernel that is Linux-compatible at the binary level, enabling it to run many unmodified i686 Linux programs—including tools like BusyBox and Vim—without porting.
• wttr.in - an open-source, versatile, console-oriented weather forecast service.

🧠 Misc

• The tinyPod is an accessory case designed to transform your Apple Watch into a device resembling the classic iPod, complete with a functional scroll wheel for a nostalgic music navigation experience.
• “Don’t let inevitabilism frame the argument and take away your choice. Think about the future you want, and fight for it.” More.
• How modern algorithms and infinite content feeds are hijacking our attention and negatively impacting cognitive performance, here.

📩 Please feel free to share this article with colleagues and friends who will find it valuable.

Thanks for reading!

Have a great day!
Bogdan