This week
- Blog About Moonbound Shop This is a post from Robin Sloan’s lab blog & notebook. You can visit the blog’s homepage, or learn more about me. April 8, 2026 Now that we share the internet with tireless, capable synthetic hackers, I find myself wondering if the project to rapidly...
- Anthropic didn’t release their latest model, Claude Mythos (system card PDF), today. They have instead made it available to a very restricted set of preview partners under their newly announced …
- The Problem You have a video on a server. You want users to watch it. But you do not want them to download it. Or share direct links. Or scrape it with bots. If you just put the file at cdn.example.co...
Last week
- The Axios team have published a full postmortem on the supply chain attack which resulted in a malware dependency going out in a release the other day, and it involved …
- Dependencies are a huge supply chain security risk; the more of them you have, and the more often you update, the bigger the attack surface....
- AI coding assistants respond to whoever is prompting, and the quality of what they produce depends on how well the prompter articulates team standards. Rahul Garg proposes treating the instructions that govern AI interactions (generation, refactoring, security, review) as...
Two weeks ago
- Blog About Moonbound Shop This is a post from Robin Sloan’s lab blog & notebook. You can visit the blog’s homepage, or learn more about me. March 26, 2026 This is a genuinely interesting document: the Claude chat transcript, very well-presented, from a software developer’s...
About a month ago
- Here’s a mildly dystopian prompt I’ve been experimenting with recently: “Profile this user”, accompanied by a copy of their last 1,000 comments on Hacker News. Obtaining those comments is easy. …
- Mastra Studio has evolved. It's no longer just a local development tool. You can deploy it to your own infrastructure and share the URL with your team. However,......
about 1 month ago
- Workspaces now support remote sandboxes. We're launching with three providers: Daytona, E2B, and Blaxel, with more to follow. With remote sandboxes, agents can ......
- I have been a loyal customer of 1Password since 2013. It has served me well and I never really looked into the alternatives. I didn’t mind occasionally paying for an upgrade to the newer version, or even switching to a subscription model a few years ago. In recent years though,...
- Here’s a short horror story of us losing tens of thousands of emails. Hopefully it won’t happen to you, but if you do, here’s a few tips.
about 2 months ago
- Herman's blog Home Now Projects Blog 24 Feb, 2026 A few days ago some 4 or 5 OpenClaw instances opened blogs on Bear. These were picked up at review and blocked, and I've since locked down the signup and dashboard to this kind of automated traffic. What was quite funny is that I...
- Do you want to run OpenClaw? It may be fascinating, but it also raises significant security dangers. Jim Gumbley, one of my go-to sources on security, has some advice on how to mitigate the risks. While there is no proven safe way to run high-permissioned agents today, there are...
3 months ago
- New from Anthropic today is Claude Cowork, a “research preview” that they describe as “Claude Code for the rest of your work”. It’s currently available only to Max subscribers ($100 …
- Matthias Ott shared a link to a post from Anthropic titled “Disrupting the first reported AI-orchestrated cyber espionage campaign”, which I read because I’m interested in the messy intersection of AI and security. I gotta say: I don’t know if I’ve ever read anything quite like...
4 months ago
- Note: this post represents my personal opinions as a Debian maintainer of a single package (Meson). It is not my intention to throw anyone involved in the service under a bus, but some things about it are not good and need to be spoken aloud (in my opinion anyway, other people...
- I recommended against using an AI browser unless you wanted to participate in a global experiment in security. My recommendation did come with a caveat: But probably don’t listen to me. I’m not a security expert Well, now the experts (that you pay for) have weighed in. Gartner,...
- A couple of months ago, I received a request from a random Internet user to add CSRF protection to my little web framework Microdot, and I thought it was a fantastic idea. When I set off to do this work in early November I expected I was going to have to deal with anti-CSRF...
- This is the first in a series of three articles I'm going to be releasing over the holiday season, on how I think agents are completely reshaping software engineering beyond pure productivity enhancements. If you'd like to get notified when they come out, please subscribe to my...
- You may have seen the recent reports of a malware that stole API keys, tokens and other secrets from a large number of developers. From where were these secrets stolen from? You guessed it, they were mostly stolen from environment variables. We use environment variables to...
- Automatically erase memory to prevent secret leaks....
- I wrote about the 404s I serve for robots.txt. Now it’s time to look at some of the other common 404s I serve across my static sites (as reported by Netlify’s analytics): /wp-login.php /wp-admin /news/wp-includes/wlwmanifest.xml /login/ /wp-includes/wlwmanifest.xml...
Rows per page
