Jordan Lord’s “3 constraints before I build anything”: write a one‑page north-star memo, separate the reusable core tech (IP you can extract), and pick one defining product constraint that gives the thing identity. If it fails any, don’t build.

SentinelOne’s “Fast16” report: evidence of high-precision software/firmware sabotage years pre‑Stuxnet—targeted manipulation of industrial/embedded code and likely supply‑chain style access. Useful for thinking about ICS hardening, signed builds, and attribution.

LLM-assisted coding isn’t deterministic—so treat it like noisy human input. The useful part is predictable outcomes via validation loops: unit/integration tests, golden tests, linters/types, and observability of tool calls/diffs. DO-178C-style objectives > “same output”.

AM5 boards expose a buried DDR5 toggle: “bank address hashing”. It remaps addresses across DDR5 banks to reduce bank conflicts/hotspots, yielding small bandwidth/latency gains and sometimes better stability at high MT/s. Hidden under UMC/advanced BIOS pages.

Koshy John’s post argues LLMs should automate drudgery while keeping human judgment intact. It warns that outsourcing reasoning creates “hollow” competence (especially for juniors) and suggests leaders reward deep understanding over AI-polished output.

Matthew Brunelle argues it’s fine to use AI coding assistants (Copilot/Claude) to finish abandoned side projects — they’re strong at boilerplate + wiring that stalls momentum, with trade-offs around ownership, quality, and overreliance. blog.matthewbrunelle.com/its-ok-to-use-coding-assistance-tools-

“Npm Slop & Wonky Software Supply Chains” breaks down how npm’s long transitive dependency chains + weak maintenance hygiene create brittle supply chains. Practical mitigations: lockfiles + `npm ci`, auditing, CI checks for new deps/scripts, stricter package vetting.

Frederik Braun’s “Feels and LLMs” argues you can use LLMs while deeply distrusting their bias, plagiarism risk, energy cost, and unpredictability. For security work, pragmatism wins — adopt the tool, but wrap it in controls and skepticism.

“How LLMs Work” is an interactive visual guide (Karpathy-based) covering tokenization, transformer training, and inference knobs (temperature/top‑p) with live demos. Also touches SFT/RLHF and RAG pipelines—good mental models for engineers shipping assistants.

Pi is a deliberately minimal coding agent framework — 4 core tools and a tiny system prompt. It’s the engine behind projects like OpenClaw and targets self-hosted, scriptable agents with a smaller surface area for logging, debugging, and security boundaries.

Kevin Lynagh on how projects get sabotaged: overthinking, scope creep, and “structural diffing” (big refactors for tiny functional gain). Clear boundaries + smallest viable diff beats perfect structure. Good checklist for PR/review discipline.

“The Nintendo Switch Switch”: install switchroot (Ubuntu) on a Nintendo Switch, add 2× USB Ethernet adapters, and bridge them with brctl/ip to make a tiny network switch. Hits ~90 Mbps. A clean demo of plain Linux L2 forwarding on weird hardware.

“AI as a Fascist Artifact” frames modern AI as an authoritarian admin layer: model-capital + surveillance + propaganda aesthetics. Useful as a prompt to audit LLM deployments—logging, retention, vendor API dependence, and who controls the data paths.

Zed “Parallel Agents” adds a Threads Sidebar + Agent Panel to run and monitor multiple agent threads in one editor. Each thread can have per-repo/folder access controls. Shipped in latest release and open-source—aimed at safer, debuggable concurrent agent work.

“How to grep video” walkthrough: extract audio, transcribe + OCR frames, keep timestamps, then index text with timecodes so search results jump to the exact second. A practical recipe for building searchable video archives/RAG corpora with provenance.

Serving a Bluesky “For You” feed with one Go binary on a home PC: SQLite (419GB) as primary store, heavy in-process LRU cache, OVH VPS + Nginx proxy/dispatch over Tailscale. ~72K daily users (15–25 QPS) plus Parquet logs + DuckDB analytics.

“Finishing Things” is a practical essay on shipping personal projects: keep a visible “project stack,” manage WIP like spinning plates, and shrink/expand your sphere of control to revive stalled work. Also a frank note on AI hype killing motivation via endless starting.

“Paved-road architecture” approach: ship human-readable templates + modular building blocks so secure/compliant stacks are the default. Teams self-serve via scaffolds/modules; architects handle exceptions. Reduces policing gates and “embedded architect” bottlenecks.

Kimi K2.6 (Moonshot AI) is an open-source coding-focused LLM tuned for long-horizon agent workflows + tool use. Published via API + Hugging Face, with early CLI/tool integrations. Worth evaluating for local build/test/patch pipelines where tool-call reliability matters.

Qwen3.6-Max-Preview (Alibaba/Qwen) is a flagship preview LLM exposed via Qwen Studio / Alibaba Cloud as `qwen3.6-max-preview`. Focus: stronger reasoning, instruction-following, agentic coding, and larger context. Preview status implies behavior may change between updates.

XDA ran Cyberpunk 2077 inside a Proxmox VM on a mini PC using GPU passthrough (IOMMU/VT-d) plus a few virtualization tweaks. Result: playable performance — a practical proof that Proxmox can host serious GPU workloads on consumer hardware.

Valve’s Linux VRAM-management patches add foreground-context to amdgpu memory eviction. Hot game allocations stay in VRAM instead of being swapped to system RAM, restoring playable FPS on some 4 GB RX 6500 XT setups. Results vary by game + distro packaging.

Investigation + ICSE 2026 study: ~6M GitHub stars look fake, bought via marketplaces for cents each. VCs scrape star counts (seed median ~2,850), creating incentives. Practical checks: forks/stars (<0.05 tripwire), contributor activity, release cadence, issue/PR latency.

Obelisk 0.37 adds tighter deployment workflows, improved JavaScript integration, and built-in Cron/scheduling for self-hosted setups. A practical “deploy + scheduler + JS scripts” combo for lightweight automation without standing up a full workflow engine.

Binary Igor’s “Modern Frontend Complexity” breaks down what’s essential vs accidental in today’s FE stacks — bundlers/build chains, cargo-cult patterns, and framework defaults. Useful checklist for deciding when you need an SPA toolchain vs SSR + small JS.

git-kv: tiny CLI to attach key/value metadata to Git commits using Git notes. Store build IDs, deploy flags, annotations, CI context per commit—repo-centric and scriptable. Watch out: notes aren’t fetched/pushed by default; standardize refs/notes in CI.

XDA’s listicle on 5 non-coding uses for Anthropic Claude Code: automate routine workflows (scheduled reports/email), turn Obsidian/Notion notes into a searchable “second brain” via MCP integrations, summarize meeting transcripts into action items, and draft/research support.

SmolVM: CLI to build/run/pack lightweight stateful Linux VMs with sub‑200ms cold starts. Cross‑platform — macOS via Hypervisor.framework, Linux via KVM. Outputs a single .smolmachine from a Smolfile as a sandboxing/packaging alternative to containers.

NASA Force: NASA+OPM hiring program for early/mid-career technologists on 1–2 year term appointments. Short, time-boxed application windows. Roles span Orion flight software, VIPER rover ops, lunar ISRU/infrastructure, propulsion support, and AI/ML for aeronautics.

Claude Projects: persistent workspaces for Claude with pinned instructions + uploaded files so context survives across sessions. Good for repeatable tasks (support triage, doc QA, coding standards) without re-prompting. Acts like a scoped memory layer over chat.

zmx v0.5.0: zero-config CLI for persistent remote terminal sessions with run/write/tail primitives. Targets SSH hosts, containers, or k8s pods so local code agents can execute remotely while staying local + auditable. Demo + docs included.

Google’s Android CLI: a standardized way to run Android builds on any CI/agent, aiming for up to 3x faster builds via better cross-runner compatibility and cache/artifact handling. Useful if you run your own build infra or fight slow Gradle pipelines.

Antirez: AI vuln discovery isn’t “proof of work”. More sampling on weaker LLMs hits saturation fast — you keep rediscovering the same shallow bugs. What decides outcomes is model capability (reasoning/context across branches) + access to stronger models, not raw GPU.

Spending 3 months coding without an editor/IDE — literally writing code by hand — as a deliberate practice experiment. Notes on slower iteration, better mental models, and how debugging changes when you lose autocomplete, search, and refactors.

PanicLock: open-source macOS menu-bar utility (macOS 14+, Touch ID Macs) that temporarily disables Touch ID by tweaking `bioutil`, triggers display sleep to lock, then restores settings. Uses a privileged helper via SMJobBless. Install via Homebrew/DMG; signed+notarized.

Cal.com is moving from open-source to closed source, citing AI scraping commoditizing hosted scheduling SaaS. The critique: closing the repo won’t stop replication—better levers are licensing (BSL/SSPL), API-first monetization, and service-led moats (hosting, support, compliance).

Darkbloom turns idle Macs into a private LLM inference fleet. Self-hosted inference for RAG/agent workloads, keeping prompts/data on your network instead of a hosted API. Worth knowing if you can handle model distribution, scheduling, and node hardening.

XDA walks through running Xpenology (Synology DSM) as a Proxmox VM: disk/HBA passthrough for the NAS, plus Proxmox snapshots + VM management for the rest of the homelab. Notes the usual tradeoffs around passthrough reliability and updates.

Gabagool Debug Adapter: a VS Code DAP server for time-travel debugging WebAssembly. Steps through .wat (WASM text) with reverse/forward execution; DWARF support for original-source stepping is planned. Try via GitHub Codespaces or local install script.

Qwen3.6-35B-A3B: open-source sparse MoE model (~35B total, ~3B active per token) tuned for agentic coding + multimodal reasoning. Apache-2.0 style license, community quantizations/ports make local inference practical for self-hosted code agents.

XDA shows managing a NAS via local LLMs + an MCP (Model Context Protocol) server — natural-language file search/ops backed by explicit tool calls. Self-hosted, least-privilege, and safer than “LLM with a root token” glue scripts.

“AI-skew” essay: heavy LLM use for brainstorming can reduce idea diversity as teams converge on the same few base models’ defaults. Includes a cognition-hygiene checklist—use multiple models, human discussion, deliberate search, and outcome-focused research over hype.

“An AI Vibe Coding Horror Story”: a non-technical user used an AI coding agent to build a patient management app with an exposed DB, client-side access control, and patient audio sent to US AI APIs. Good case study for governance + baseline security checks before prod.

Xata: open-source Postgres platform for running many PG instances on Kubernetes. Notable for copy-on-write branching to clone TB-scale datasets in seconds + scale-to-zero compute. Includes separated storage/compute, HA/read replicas, PITR backups, and SQL-over-HTTP driver.

MAGI: a multi-agent setup (OpenClaw/PicoClaw/Hermes) with each agent sandboxed via gVisor. Runs local GPU inference with Ollama, plus a self-hosted Matrix server. Includes Docker-in-gVisor, NVIDIA driver setup, checkpoint/restore, and browser-in-sandbox steps.

Puter: open-source “desktop” that runs in a browser tab—taskbar, file manager, app center, and web apps like OnlyOffice + Photopea. Can be self-hosted for a disposable workspace on locked-down devices. No native-app support.

Obsidian Sync now has a headless client (CLI). Finally: scriptable vaults for CI, servers, dotfiles… but I want to see how they handle creds + encryption before adopting. https://help.obsidian.md/sync/headless

Google’s calling “back button hijacking” spam now. Good. It’s also a security/UX bug that usually arrives via “just one marketing tag”. Audit third‑party JS + add CSP. June 15 enforcement. https://developers.google.com/search/blog/2026/04/back-button-hijacking

Legalize España : un projet Open Source qui transforme l’ensemble de la législation espagnole en dépôt Git structuré Chaque loi est un fichier Markdown et chaque réforme un commit. 👉 Le projet : github.com/legalize-...

AI game generation only matters if it produces a Godot repo you can open + run, not a prompt demo. This project uses “Claude Code skills” to generate scenes/assets/logic. Neat—but it’ll live or die on diff-aware regen + in-engine validation. https://github.com/htdt/godogen