Hi there!

🛡️ Security & Privacy

• Project Glasswing + Claude Mythos Preview: Anthropic's unreleased frontier model autonomously found thousands of critical zero-days across every major OS and browser. $100M in credits committed to defensive security via a coalition of AWS, Google, Microsoft, CrowdStrike, and others. More — Deep technical breakdown of FreeBSD RCE, OpenBSD 27-year-old SACK bug, Linux kernel privilege escalation chains, and JIT heap spray exploits written fully autonomously in hours. More
• EU Chat Control Blocked — For Now: EU Parliament voted not to extend the interim e-Privacy derogation enabling voluntary mass-chat scanning. Big tech has signaled it may continue scanning anyway. The broader Chat Control proposal remains alive. More
• FBI Retrieved Deleted Signal Messages via iPhone Notifications: FBI extracted incoming Signal messages from a device after the app was deleted, using Apple's internal notification database. Users who had message preview enabled in notifications were exposed. More
• CPUID Website Hijacked: The CPUID site (CPU-Z, HWMonitor) was compromised for ~6 hours via a backend API; download links were swapped to serve credential-stealing malware. A fake CRYPTBASE.dll was used to exfiltrate browser credentials via Chrome's IElevation COM interface. More

🛸 Tech

• 5 Git Commands Before Reading Code: Churn hotspots, bus factor via git shortlog, bug cluster mapping, commit velocity, and revert/hotfix frequency — five commands that give you a diagnostic picture of any codebase in minutes. More
• NASA's Artemis II Fault-Tolerant Computer: Artemis II launched with arguably the most fault-tolerant flight computer ever built for space — 8 CPUs in parallel, "fail-silent" design (not voting), survives losing 3 of 4 Flight Control Modules in 22 seconds. All subsystems software-managed, Monte Carlo stress-tested. More
• Post-Quantum Cryptography Is Now Urgent: Two new papers (Google + Oratomic) dramatically lower the qubit requirements to break 256-bit elliptic curves. Cryptography engineer Filippo Valsorda now sets 2029 as the hard deadline for migration. Recommendation: ship ML-KEM and ML-DSA now; abandon hybrid authentication; TEEs are essentially compromised. More
• Linux Kernel's Stance on AI Coding Assistants: Torvalds' own kernel repository now includes official guidance on using AI coding assistants — reminding contributors that AI-generated code must meet the same quality, review, and authorship standards as human-written code. More
• Why You Can't Trust "Privacy" and "Security" Claims in macOS: A sharp analysis of how "privacy" and "security" are marketing terms misappropriated by vendors and OS makers, and why trusting them at face value leads to false confidence in your actual security posture. More

🤖 AI

• Meta launches Muse Spark from Meta Superintelligence Labs (MSL): First model from MSL — natively multimodal, supports tool use, visual chain-of-thought, and multi-agent orchestration via "Contemplating mode." Claims order-of-magnitude compute efficiency gains over Llama 4 Maverick. Scores 58% on Humanity's Last Exam with Contemplating mode. Available at meta.ai. More
• Research-Driven Coding Agents: SkyPilot experiment showed that giving agents a literature search phase (arxiv + competing forks) before touching code produced 5 kernel fusions that made llama.cpp CPU inference 15% faster — for just $29 total. Code-only agents generated shallow hypotheses; research-first agents asked better questions. More
• Running Google Gemma 4 Locally with LM Studio: LM Studio 0.4.0 introduced a headless CLI (lms) and daemon. Gemma 4 26B-A4B (MoE, only 4B active params per token) runs at 51 tok/s on a 48GB M4 MacBook Pro and can be used as a Claude Code backend via ANTHROPIC_BASE_URL. More
• Reallocating $100/month Claude Spend: Developer frustrated by Claude rate limits proposes moving to Zed ($10/mo) + OpenRouter (~$90/mo) for pay-as-you-go model access with rollover credits — keeping Claude Code as a harness while routing through OpenRouter. More
• MCP vs Skills Debate: A developer argues MCP is still architecturally superior to Skills for connecting LLMs to services — Skills requiring CLIs are dead on arrival outside Claude Code. Best pattern: use MCP as the connector, Skills as the knowledge/manual layer on top. More
• Harness Engineering for Coding Agents: Martin Fowler publishes a full framework: coding agent harnesses = feedforward guides + feedback sensors, split into computational (linters, tests) and inferential (LLM-as-judge) types. Behavioural harnesses remain the unsolved frontier. More

🛠️ Tools

• Little Snitch for Linux: The beloved macOS network monitor finally arrives on Linux — built on eBPF, web UI at localhost:3031, supports blocklists and per-process rules. Proprietary daemon, open source eBPF + UI. Built for privacy, not adversarial hardening. Free. More
• GitButler: A Git client that lets you work on multiple branches simultaneously without stashing, built in Rust. Rethinks the branch/commit workflow for modern AI-assisted development. More
• Tart: macOS and Linux VMs on Apple Silicon for CI and automation — built on Apple's Virtualization Framework for near-native performance. Push/pull VMs from any OCI container registry. Used by Figma, Atlassian, Expo. More
• Caveman: A Claude Code skill that reduces LLM output tokens by ~75% by making Claude talk like a caveman — strips filler words while preserving 100% technical accuracy. Install with claude install-skill JuliusBrussee/caveman. More
• GuppyLM: A lightweight, local LLM interface focused on simplicity and privacy — runs models locally without cloud dependency. More
• Yazi: A blazing-fast terminal file manager written in Rust, with async I/O, rich previews (images, video, PDF), and a plugin ecosystem. Highly recommended for power terminal users. More
• Freestyle: Sandboxed Linux VMs purpose-built for coding agents — provisions in under 700ms, supports live VM forking (clone a running VM in milliseconds), pause/resume with zero cost while idle, full KVM/nested virtualization, and bidirectional GitHub sync. Think the infrastructure layer powering AI app builders like Lovable, Bolt, or Devin-style background agents. Backed by YC. More

🔔 Misc

• Škoda DuoBell: Škoda collaborated with University of Salford audiologists to design a bicycle bell that penetrates active noise-cancelling headphones by targeting the 750–780 Hz "safety gap" ANC algorithms can't suppress quickly enough. Gave Deliveroo couriers 22m of extra reaction distance in London trials. More
• 1D Chess: Someone built a fully playable chess game on a single 1×16 board. It's surprisingly fun and philosophically unsettling. More
• Music for Programming: A curated collection of ambient, focus-inducing music streams designed specifically for deep work and coding sessions. Still going strong. More
• Every GPU, Visualized: An interactive data visualization mapping every major GPU ever released — performance, memory, architecture, generation — in one scrollable chart. More

📩 Please feel free to share this article with colleagues and friends who will find it valuable.

Thanks for reading!

Have a great day!
Bogdan