Ok, Inscription has some depth. I love it. Hope there's even more depth after act 2. Also, jetlag is a pita. Didn't have much of it two weeks ago in Washington but now in NY I'm waking up at 4 am and can't sleep anymore. Ugh.

I guess screw you, Google play, and I'll never leave a review again. So not my problem. And screw any random games demanding sign up to play without reasons.

> The real value of your AI-first language isn't the constraints - it's that you're co-designing the language WITH the LLM's feedback, which might reveal insights about what makes code "LLM-friendly." But so far, the answer seems to be: TS is already LLM-friendly enough. I need my yesman back...

Trying to define an AI-first language with Claude. Ironically, you can't just ask an LLM what works best for it. It's not "conscious" (in any sense of the word) and can't reflect on that. It doesn't "like" anything. Any response comes from training data/resources. Also, I need less of a yes-man.

@areinet.bsky.social im doing pizza before rar so don't wait for me at the bar, see you there

Recognition for Sarah! So deserved! @sarahgooding.bsky.social

Good story bro, nay, Great story 😁 @voodootikigod.bsky.social

Ahw. Tenko didnt make the cut, nor any of my other stuff. Im a failure.

So who's gonna be at jsconf! Hoping to see some old friends and acquaintances again :) Let's hope border queues are not too bad with the shutdown and all :/ I'm sure it'll be fine. Long day tomorrow, either way.

15 years later and there's finally a wikipedia page for JS1k! 🥲 en.wikipedia.org/wiki/Js1k

LLM tools should leverage a difference in content and actual conversation better. For example, when I paste a glob of debug text or have it run tests and check the output, that sort of blob should not become part of the message conversation.

Shit :/ > Google Is Ending Gmailify and POP Support

🚨 Open source supply chain attacks are exploding. Starting today, that ends. We’re releasing Socket Firewall — FREE, zero-config, CLI that blocks malware before it lands on your laptop or CI. Just run: npm i -g sfw sfw npm install lodash Works for: npm, yarn, pnpm, pip, uv, and cargo.

I mean. wtf

I'm actually looking forward to the LLM-first framework talk at JSConf. I've been thinking about this too. Theres no real framework for AI yet. I suspect theres a lot of room for improvement to cater for LLMs. Both in language and in web framework. What would an LLM-friendly language look like?

While we haven't seen major supply chain attacks hitting any of the major open-source ecosystems, the Socket Threat Research Team uncovered some fascinating and creative attack techniques worth sharing:

Seriously. I don't know who worked on that Skoda Enyaq UX, or how this passed QA, but holy shit it's so bad Half the physical buttons are USELESS, inc steering wheel, it's dangerous to change the fan speed while driving, and no separate speed between driver/passenger. Software mostly sucks. etc etc

We learned that the Skoda Enyaq, which has a terrible UX on almost all accounts, also doesn't have a darkmode. It just doesn't have one. wtf. Screen is so bright at night :( Best you can do is turn down the control lights, then open version page. It's darker because it is JACK SHIT EMPTY anyways.

Who needs enemies when cant even beat a 1700 elo bot in chess. Ugh.

I looked at our detected threats this morning and had a bit of a :wow: moment. socket.dev/blog/ongoing...

Third major npm supply chain attack in like two weeks? One week? Yikes. socket.dev/blog/tinycol...

I like anthropic's claude CLI better than Cursor's CLI. For one it seems slightly better overall (cursor sometimes goes brain zombie once it goes over input token limit) but more importantly: cursor downgrades the model underwater once you go over 20$ plan. And the downgrade is so observably worse.

@gothamchess.bsky.social Heya. Some feedback; - you hate it when chess .com spoils games due to the bug, but spoil your videos by putting results in titles. :feelsbadman: And since you, I think, like to pronounce langs proper: - Foreest, ee like a in ace - stroopwafels, oo like oa in oatmeal

pnpm v10.16.0 adds "minimumReleaseAge", a setting for defining how long a version has to have been published before pnpm will install it. A nice countermeasure against accidental installs of short-lived compromised packages before they get taken down. Not a 100% fix, but a great additional step!

I booked the 6pm shuttle to jsconf on monday. If you want a 3h chat and geek out over static analysis, perf, Socket, chess, and other games while I'm half asleep: that's your timeslot. If you don't like me. Well. Stop reading my feed.

I think `git status` `git diff` and `ls` should get a free pass in AI CLI's.

Can we have a `const a = @x` in JS? Similar to ? in Rust: it would mean `if (!x.ok) return x.error; a = x. data;`. Or whatever semantics people can agree on.

So confused. Does openai offer a free tier nor not? Is it only free tier for gpt4? I was able to get responses from gpt 4 mini before but now it's 400 without clear reason. gpt5 gives me a 429 regardless of what I do, has done so from the start. Dashboard says $0.02, out of 5$ "budget" (??). Feh.

What's a solid JS Engine that's easy to run locally and doesn't allow imports or network? (I don't mind imports as much but they would have to be fenced hard. Goal would be no arbitrary (file) system or network access, to act as an AI sandbox for running arbitrary tests. So, just the JS engine.)

Maybe AI CLI tools should have a pincode option where the user must enter a pincode after starting the tool in order to get going. That would have limited the blast radius of the nx attack, for example. That one most certainly won't be the last.

semi-colon free as cost saving (AI tokens), huh.

Love a small little idler that you can finish in an hour.

Want to know if you were affected? Just open a terminal.

Back in SF. Been a while.

Self Driving chairs at Schiphol airport. Thats pretty cool. Flying to sfo today. Want sure if I'd ever see sfo again but here we go.

Back in uni there was all this talk about how Chompski thought language could be modeled and such. Linguistical analysis. Omg I made so many ling parse trees But there was always the question of whether language could be modeled universally. I think LLM's answer that now: yep. Just don't ask how 🤷

UCI (prototcol stockfish uses too) has no way to convey a draw. So you can trivially find out whether a line ends in a checkmate (score is 100 or -100) or not-stalemate (score != 0) but in order to figure out whether it's a stalemate you have to _replay the entire game with a proper engine_ WAT.

iykyk: stockfish question: given a pv that is not at requested max depth nor a mate (score -100/100), is there a way to distinguish a stalemate from an unfinished/pruned pv? I struggle with the fact that this would be the only case requiring a full fledged move engine... :/

Well, I'm glad I learned Rust before it became obsolete to learn how to program.

Ok. I spent about a week or so with codex, OpenAI's CLI using a special codex model. It was nice and worked okay. CLI UX has some clear improvements to do but was pretty good overall. Now running with Claude's CLI for a day and um, it's like miles ahead. Both in terms of CLI, UX, and output.

Are we having a Matrix moment? Too soon?

All I want to know is whether this one can play chess.

Hmmm. Cursor bad ux: You queue up a bunch of small tasks for the agent to complete. The agent wants to run a certain task (which was expressedly forbidden but it did anyways). I pick "no and tell it what to do", tell it not to do that, and my queue of tasks is gone. Shit. Guess we're not using that.

Current status Ok actually I should just go to bed :p

After having worked with vscode-through-cursor I maintain that webstorm just feels more solid on most accounts. Search, selection, navigation. I dunno, it just feels better. Cursor still better on the AI front, of course. Cursor does suffer from severe memory leaks, that part is annoying.

console.time() and console.timeEnd() should have an option to print the "starting" message as well, not just the end timing. and an option to start a .group() while you're at it. And an option to get the string back rather than force-emit it. These are the common cases for me, anyways.

Was wondering why Cursor was suddenly vibing all these async functions. Code wasn't doing anything async. Turns out at some point it had decided that dynamic imports was the better way to import deps. This is how evolution works. I made it clean all of it up. This is how teachers work.

Had Cursor work batch of tasks Also, I found a failure case of moves being parsed in correctly, stored it in a comment, no further description. Mindlessly telling it to continue with next step. "I finished tasks, but I see that you opened this file and let me fix the problem". Uh, what. It did.

Rest assured that I'm not exactly more confident in using libraries (over standards) when vibe coding. It was so convinced this was correct.

I gotta frame this one