A handful of things that caught my attention this week.
1. How AI Assistants are Moving the Security Goalposts
Brian Krebs put together a solid summary of what’s been going on in the AI space, with a security lens. But the reason I bookmarked it was the Lethal Trifecta for AI agents: private data, untrusted content, and external communication. Simon Willison wrote about this in June 2025, a month after Invariant Labs published GitHub MCP Exploited. Korny Sietsma did a deepdive a few months later. I did some research on prompt injection right after the GitHub story broke and what surprised me is not that it was possible, but rather just how easy it was.
2. Prof. Ada Palmer on the timescale of the tech (computer) revolution
A short video post on Mastodon that, for me at least, reframed the way I think about the current AI bubble specifically and the tech (computer) revolution in general. I’ve watched the video thrice, and will likely watch it a few more times in the coming days. Give it a watch. Follow Prof Palmer on Mastodon, her homepage, and/or her blog.
3. Faster Gem Installs, Namespaces, Cooldowns and other new Ruby tooling
While the Rubygems drama is – quite honestly – tiring (and I’m not linking to it), there are some interesting outcomes from the competition it has created. Engineers at Shopify have been working on speeding up Bundler including the new cibuild gem to make releasing precompiled binaries easy, the gem.coop team has released a beta of Rubygem Namespaces and Cooldowns, and rv is installing Rubies at lightning speed. It’s good to see Ruby pushing the boundaries of dependency management again – as it did when Yehuda Katz (through his company, Tilde) worked on both Cargo and Yarn.
4. Dark pattern: feed reloading (Reddit, LinkedIn)
Both Reddit and LinkedIn continuously reload the feed without user interaction. In the case of Reddit, it’s in their mobile app. So I might find an interesting thread that discusses a linked blog post or article. I’ll start reading that during a break from work, but not finish it, lock my phone and work for another hour. When I unlock my phone again, Reddit will just go ahead and reload the main feed … ugh. LinkedIn is actually worse, if you can believe it. They will refresh the feed in a desktop browser. My Mastodon client of choice, Ivory, doesn’t do this. I can lock my phone – hell, I can exit the app entirely – and when I reopen it, I’m exactly where I was before.
5. Π Day at Heatsync Labs
Saturday was Π Day, at least by US calendar reckoning. In the rest of the world, Π Day is on the 3rd day of the 14th month, of course. I joined a small crowd of enthusiasts at HeatSync Labs to celebrate. The cheering started at exactly 3:14:15pm, after which we partook in some excellent apple and cherry pies – some of them homemade, because of course they were … that’s what this group of makers does.
