Supply Chain Attack on Axios Pulls Malicious Dependency from... A supply chain attack on Axios introduced a malicious dependency, plain-crypto-js@4.2.1, published minutes earlier and absent from the project’s GitHu...
.NET CLI Shebangs and Argument Parsing | no dogma blog Trying to pass something like -v or -h to a .NET CLI application that uses the shebang style of `dotnet run app.cs` can cause issues because `dotnet run` itself has options that conflict with the application's arguments. Here's how to work around that.
Prediction: The Shopify CEO's Pull Request Will Never Be Merged Nor Closed The CEO of Shopify used an AI tool called autoresearch to optimize Liquid parsing speed. The code quality is poor and no one will ever merge it.
axios Compromised: npm Supply Chain Attack via Dependency Injection axios 1.14.1 was published to npm via a compromised maintainer account, injecting a trojanized dependency that executes a multi-platform reverse shell on install. No source code changes in axios itself, just a new entry in package.json.
GitHub backs down, kills Copilot PR ‘tips’ after backlash Updated: Letting Copilot alter others' PRs was the wrong judgment call, says product manager
Ollama is now powered by MLX on Apple Silicon in preview · Ollama Blog Today, we're previewing the fastest way to run Ollama on Apple silicon, powered by MLX, Apple's machine learning framework.
Android developer verification: Rolling out to all developers on Play Console and Android Developer Console News and insights on the Android platform, developer tools, and events.
GitHub - drona23/claude-token-efficient: Universal CLAUDE.md - cut Claude output tokens by 63%. Drop-in. No code changes. Universal CLAUDE.md - cut Claude output tokens by 63%. Drop-in. No code changes. - drona23/claude-token-efficient
Turning a MacBook into a Touchscreen with $1 of Hardware We turned a MacBook into a touchscreen using only $1 of hardware and a little bit of computer vision.
axios Compromised on npm - Malicious Versions Drop Remote Access Trojan - StepSecurity Hijacked maintainer account used to publish poisoned axios releases including 1.14.1 and 0.30.4. The attacker injected a hidden dependency that drops a cross platform RAT. We are actively investigating and will update this post with a full technical analy...
Notes on going solo: celebrating 6 years of Studio Self Since roughly // broadly 2020, I’ve been running a solo-powered minor empire. I have no employees, and my only office is my home office, filled as it is with cat hair and various comic books. My business is: me, a laptop, a set of AI tools that scale the ...
You probably don't need to lift state - Matt Smith A quick React tip: don't lift state by default. Keep it close to where it's used unless you actually need to share it.
Who's Teaching the Juniors? Companies are replacing juniors with AI and trusting seniors to handle the rest. But they've forgotten that every senior was once a junior who learned by doing.
Good CTE, bad CTE The planner treats CTEs very differently depending on how you write them. Here's what happens under the hood, version by version, through PostgreSQL 18.
Getting a Job in 2026 The job market is tough right now in tech. You hear about it everywhere. Whether it's due to AI, over-hiring due to ZIRP, or *waves hands broadly* the economy, getting a job is a journey these days. This is how it went for me. I…
Agentic developer experience starts with your system, not your prompts The new 'time to hello world' isn't determined by a developer reading your getting started guide. It's someone typing a naive prompt into an agent. How should we think about that?
Your ticket is a prompt The instinct to break work into atomic tickets was right for human teams. For agents, it reproduces the same fragmentation disease at machine speed.
Office, messaging and verbs — Benedict Evans Mainframes replaced adding machine, PCs replaced mainframes, and now the web and mobile are replacing PCs. With each of these changes, we started by making the new thing fit into the old way of getting our work done. but over time, we change the work to f...
Every Package You Install Can Read Your Secrets Why npm, pip, and direct Git dependencies can expose your secrets, how the attack works, and which controls actually reduce the blast radius.
Moving the Critic Into My Editor What if you could have an AI critic semantically linting your writing, inline?
Speech to Text on WSL in one line Let's assume you downloaded a Voice file from your iPhone and now want to convert it to a text. You just need to run that line: Full command bash MODEL=...
How to Get to Tomorrow K = 0.728. Nikolai Kardashev designed the scale in 1964 to classify civilizations by how much energy they command. Type I harnesses all the energy hitting its p
Why Don’t You Use String Views (as std::wstring_view) Instead of Passing std::wstring by const&? Thank you for the suggestion. But *in that context* that would cause nasty bugs in my code, and in code that relies on it.
Supercharging Claude Code with the Right (CLI) Tools Ten CLI tools recommended by Claude Code itself, ranked by how much they’d boost its productivity.
How to Survive in Tech in 2026 Human leverage in the AI era - business acumen, cross-functional teams, daily AI practice, real-world connections, and deep curiosity beyond the hype.
Lime is a Data Company - Boris Starkov Using Claude to analyse 3 years of my daily lime bike commute in London
