Good "intro" (pun intended) to how bad our security already is. And this is even without OpenClaw installed on every other laptop.

https://www.youtube.com/watch?v=ZrD9MC_BXGk

Also, litellm==1.82.7 and litellm==1.82.8 on PyPI have a vulnerability in their litellm_init.pth file. That's an explicit attack, simliar to xz. DO CHECK FOR THIS VERSION IN YOUR `uv.lock` NOW!

Hat tip to the Temporal Slack where I saw this first. You guys rock.

In all seriousness, with modern-day exploits and supply chain attacks, using a) two-factor, b) a passkey, and c) an external signing device is probably the correct solution.

Weird how Github grants ssh keys more permissions than the Web login.

I'd love to have to confirm every pushed commit by tapping something on my mobile phone, or a ubikey, or at least a passkey in the browser.

Or maybe, just maybe, the noble Web3 crew will see the renaissance of their field, since an immutable ledger with fine-grained controls to one's key is something those folks have truly mastered.

Why not just disable the AWS console for production environments except from cleanrooms, and use muiltisig "at least three of five should sign" for Terraform- or API-based configuration changes, with every single action journaled forever?

That's the spirit to my taste. Arguably, for the past 10+ years it does not land well with the field, since "move fast and break things" dominates the mindset.

But I can see the light at the end of the tunnel if just enough things do break. Fast.

At which point signing every request and guaranteeing on the protocol level that no action was taken unless we can trace it to the specific set of approvers — I, for one, would embrace such a design.

And, to reiterate: the Web3 community has ALL the necessary bits and pieces for a while now. Publishing some signature to a public ledger costs zero point zero zero something US cents. Blockchain listeners are free when the desired throughput is low.

If an org wants to have its commits and production changes signed in an immutable, perpertual way, this is under one day to set up. Including rolling keys that never last for more than 15 minutes unless refreshed explicitly, the very act of which is also journaled on-chain.

We literally have everything. And we were/are literally ignored in the recent years, because in the minds of pundits blockchain is still NFTs and ICOs all the way down. While in reality the technology to take Visa and MasterCard out of business because any fee above zero point zero zero something cents is just way too high.

Maybe I'm daydreaming, but the tide may well turn this time. And then it might be avalanche, since the first mover's advantage would be too high and it will gain momentum before other players figure out how to best respond.

This is worthy of a post to share in English.

Three Harms of Russian Literature

The first harm was noted by Rozanov: for an entire century, Russian literature mocked and humiliated the very people who form the backbone of a normal society — the civil servant, the officer, the priest, the entrepreneur, the merchant — and, in general, the bourgeois, the solid, respectable citizen.

The second harm was observed by Turgenev, when he spoke of Dostoevsky's "inverted clichés": the thief is invariably honorable, the murderer a walking conscience, the drunkard and libertine a philosopher, the prostitute a great soul, the idiot the wisest of all.

The third harm — wrote Tyutchev — is the constant, stubborn conviction of everyone, and the self-persuasion, that we are special. That no law is written for us: neither European, nor Slavic, nor Christian, nor — God forbid — any law common to all people, such as international law. Why? Because we are just like that — unique, apart, like no one else in the world.

Russian literature long nurtured this deep-seated adolescent complex. It nurtured and nurtured it — and at last, nurtured it to fruition.

[ This is a direct translation of a post, link in the comment. Claude is really good at translating btw. ]

And my immediate comment to this in a chat with a friend, also reverse-translated from Russian, also by Claude:

It always grates on me when people treat Russian literature as some kind of supreme treasure. Sure, it's a treasure — but the planet has many treasures. Praising the Hermitage having never been to the Louvre, or Angkor Wat for that matter, misses quite a bit of the very point, to my taste.

Another thing I will definitely do once I have time is a chain of agents re-writing test cases from scratch, incrementally, with no feedback loops whatsoever.

Layer one: clean English description of test cases. Feed this, plus the autogenerated API spec, to the agent.

Layer two: take detailed descriptions produced by the first agent, convert them into code.

Layer three: confirm the code matches the English text in spirit. Remove any and all uncertainty. Repeat a small number of times until there's no ambiguity.

Layer four: run the tests. Only at this point. With no "back-propagation" of errors whatsoever.

LLMs are non-deterministic by nature; at least the cloud ones. So, sure, sometimes this test will fail. But I'm happy to burn some tokens every night to run this test process ten times from scratch with different random seeds and then look at the result.

Point is, without iterating on fixing the error, no malicious / erroneous / cheeky detail will go unnoticed. The API will have to work correctly according to the very description of the original test case, spec'd in English.

And if it fails more than once in ~ten times then perhaps some documentation — of the product in general or of API endpoints in particular — should be updated.

And at this point I am actually in favor of using the AI. Burn a bit more tokens every other night to suggest improvements to the documentation that makes AI-re-written end to end tests pass on the first try 90+% of the time.

This literally looks like something I can vibe-code in a few hours. But these weeks are crazy in terms of cognitive load on my side. So: some time soon!

Folks, do not share broader just yet. And remember: you saw this here first. Check it out.

And before you say it's too easy — this was a lot of work to make it work reliably. Keep in mind that what your proprietary paid chat app can do it far more than what the model can handle.

So it's quite a step from "Claude is smart enough to do something" and "I can have my app do this something by calling the LLMs". And we believe we can help many products make this step smoother.

Not to mention that structuring data is a major pillar of my career for well over a decade, and nothing beats a product that guarantees solid, well-defined schema behind the scenes.

What do you think? Good enough short video for such a CTA?

I'm in NY this coming week and in SF the week after that. Showcasing our xmemory, asking for feedback, and looking for customers. Drop me a note if you or someone you know can be interested — we'd love to chat with them!

Dear Anthropic, thank you for making Claude ~20x faster just today or yesterday.

An incredibly pleasant surprise.

Just as I have the harness to run tests overnight, they complete in well under an hour. Me wow.

Exactly as predicted: https://aistudio.google.com/apps/bundled/flash_lite_browser

Websites, and other services, may well be generated on the fly, tailored to this particular user's preferences.

Clean APIs and data models are — finally! — becoming the most important part of complex systems.

And authorization and harness and security — sweet!

So, I don't often ask for this, probably once in a few years max.

But xmemory, the startup I'm a co-founder of, is out of stealth, which kind of is a big deal.

I've shared the preview of the video a few days ago, thank you for your early feedback!

Now is the right time to get more people who are in the space to see this. So your help with distribution — targeted and carpet — is much appreciated.

Announcement links:

* https://www.linkedin.com/feed/update/urn:li:ugcPost:7447314223149305856/
* https://x.com/UniqueDima/status/2041548925639762409
* https://www.facebook.com/share/v/1CisgzNfx9

I promise to be sharing more once insights and product thoughts and experiences of talking to people crystallize in my head.

And we're in NYC this week and in SF/BA next week, mostly for networking purposes. The calendar is somewhat packed, but business first — don't be shy to reach out!

So I did buy a throwaway monitor with a stand yesterday. Just so that my neck does not hurt while at this WeWork, since I'm far too used to standing up and looking at the screen at eye level.

And this was a great idea, since I now have a few revelations.

Revelation one: screens are really light these days. This piece of Full HD is literally a pound. My notepad weighs more.

Revelation two: a single USB-C port is enough. Not very bright, I'll grant that, but definitely workable.

Revelation three: this stand with a negative angle (facing down) does work. Before buying the stand I used to put this screen on top of a few books conveniently available here, and it's quite enjoyable to work looking up at it, with the screen tilted slightly downwards.

Revelation four: the stand is actually quite stable. It's not too heavy, but with a large enough desk-touching surface area, the screen is very much well fixed where it should be.

What I need now is pretty much three things:

1) A much larger screen. Ideally, foldable. But about as light — at least about as light per square inch.

2) A stand that has a large power bank built into it. Both for stability and as a power station, with perhaps a USB hub, so that it's just one cable.

3) A "computer without screen" to work from.

For text-only work (i.e. where no mouse is needed, a.k.a. vim), I believe I can work with this setup on an external keyboard on my lap, with the CPU/GPU powering this screen being my phone or my tablet.

But for heavy workloads, some "keyboard + touchpad" combo is absolutely a must. It is also a must when I eventually buy into working from VR headsets while on a plane.

Somehow Apple does not sell its keyboard + trackpad as a combo. So for now I still keep my laptop open, on the table or on my lap.

But if and where there exists a big lightweight foldable monitor on a portable stand like this — count me in pls. I'll give it a shot. My travel backpack is rather large, so it's not impossible for me to imagine a tri-fold 30" screen that I can pack with me at all times — and that will be quite a game-changer from my away-from-home-office these days.

Seriously, the best use case may well be to have a compact yet powerful phone that I can plug into this external monitor and use as a touchpad.

Somehow the iPhone can neither stream full-resolution video nor act as a touchpad.

But if some Android is good for this use case, I'd be totally sold. Already travel with my keyboard regardless, so the setup with the phone-shaped device acting as my workstation-in-a-touchpad, augmented with an external screen and an external keyboard — that would definitely be cyberpunk enough to my taste!

(This Android phone would need to run some window manager, at least for me to have a terminal and a web browser — but these appear to be well-solved problems as of 2026.)

So I implemented a fairly large end-to-end UI harness test using Playwright over the past several days.

Even got yet another compliment from the CEO that I’m indeed a weird engineer. Which is fair — most engineers can’t be made to write UI tests, and I literally volunteered to build one. Ask forgiveness, not permission. My take was and still is: if you actually care about data isolation across user accounts and system boundaries, end-to-end tests are the best tool we have.

Here comes the punchline though.

Playwright is enormously good in the age of AI. So good that I’m starting to think instrumented Chromium may be one of the most overlooked security risks.

Take online banking or brokerage accounts. Leaking a password is not that scary (sic!), because:

- there’s two-factor
- a new device or location triggers extra checks
- even with access, moving funds to new accounts requires more verification

Now imagine the attacker acting on your behalf from your own browser. Your own headless browser. Which most humans have no idea can exist.

Headless browsers can open your email, grab the 2FA code, complete the login, and delete that email.

And no alarm will ring. Because from the system’s perspective, this is your device. Your browser. Your session. We don’t use CAPTCHAs for bank logins, after all.

And you won’t notice anything. Until it’s way too late.

So, three thoughts. First: I’m scared.

Not so much for myself — my personal paranoia (separate browsers, isolated cookies, etc.) probably protects me from most unsophisticated attacks.

But I am scared for the industry. Once this kind of attack becomes widespread, it’s going to be a disaster.

Second: I’m annoyed.

Because this is exactly the kind of problem the Web3 folks solved at the protocol level a decade ago.

Air-gapped device. QR code. Explicit confirmation. Signed response.

You see exactly what you approve.

Why aren’t we doing this for GitHub commits, pull requests, AWS production changes — anything high impact?

No idea. Guess we’ll learn the hard way. The industry has framed the Web3 crowd as a bunch of unsophisticated enthusiasts, unwisely dismissing all the great things built there.

And third: the upside.

Security in the age of AI is going to become a huge deal, very quickly. And that is actually a good thing!

Because this is one of the few areas where first-principles thinking really matters. Security is always an arms race, and the ability to reason clearly about systems will be in very high demand.

As for me — with all due disrespect to things like Kubernetes and Terraform — I can kind of see where this is going.

Less writing code.

More defining invariants, reviewing (semi-AI-generated) rules, and building harnesses that ensure no higher-order policy can be violated by any lower-level implementation.

That seems like a good place to invest the time, energy, and passion of hardcore geeks like yours truly.

I learned about the concept of the Merchant of Record. And I can’t shake it off.

We have near-instant means of payment that cost fractions of a cent. And we’re working hard, as technologists, to make it faster, cheaper, and safer.

At the same time regulators are working hard to make it more difficult for legitimate businesses to collect payments that legitimate customers are consciously willing to pay for legitimate services.

And the official justification is that smaller countries got tired of Netflix et. al. being tax-free since it comes from overseas, while local competitors have to pay those extra sales taxes.

First, why tab online services at all? Just tax the land, electricity, Internet, fire insurance etc. That the servers are physically located in your country or region should be subject to market forces and market forces alone. Make the terms good and the very Netflix will build a data center in your region. Make it more difficult and your customers will be streaming from elsewhere. You can tax their internet traffic if you wish. But that’s how it should work.

And then: say, your citizens are okay paying the “Netflix tax”. Fine. But why push it on to Netflix when it comes to collecting those payments? Have them declare those outbound credit cards fees on their tax returns. Introduce the means to chase and fine offenders. But leave Netflix as the service provider the f**k alone.

It’s still beyond my comprehension how the entire international taxation model is designed. If it continues like this, books will end up requiring payment for every word I’ve read while being on the soil of country X. Insane? Indeed.

But to me it is as insane that selling the same trivial online service is subject to price differentiation based on where the customer is — with the party collecting those payments held accountable for tracing their customers’ location.

Good thing most of the above does not apply to B2B invoicing. That’s one reason I believe Big Governments are against the Web3 space.

Because opening an international LLC should be a sub-millisecond operation that costs milicents, so that in a sane world 99+% of potentially taxable transactions should take place under this “limited liability” clause. Easy-peasy, and everybody wins, except the blood-sucking vampires that want to control every single financial drop of a perfectly consensual peer-to-peer financial transaction.

Been digging deeper into Claude Code leak lately [1], and a few things are becoming clearer.

First, it doesn’t actually use a vector database. That confirms my earlier intuition, and honestly makes me feel better about still paying for Cursor. In practice, Opus via Cursor often feels faster and more responsive anyway. There’s now a Rust port/fork of Claude Code floating around, though — I’d expect that direction to eventually introduce some kind of retrieval or vector layer.

Second, Claude Code really isn’t designed around persistent external memory. It’s basically the model’s context window plus whatever lives in-repo (Markdown, notes, etc.). Even its “self-notes” just eat into context. That feels like a strange design choice, especially given how aggressively it uses sub-agents. You’d think it would evolve lightweight internal rules or mini-linters over time — but not really.

Third, philosophically, it’s not very “model-first.” In fact, it’s the opposite. Claude Code wraps the model in a heavy harness with lots of guardrails and restricted autonomy — which is ironic, given Anthropic builds some of the safest models out there.

Compare that to OpenCode — which basically trusts the model and lets it operate more freely. If you assume a properly sandboxed environment, you could even argue that approach is safer long-term. Less rigid scaffolding, more adaptive behavior.

It raises a bigger question: where is all of this heading?

Do we end up with every major company building its own agentic coding framework?

Or do we converge toward full-blown “agentic operating systems” for development — the Linux / FreeBSD / Windows / macOS equivalents of AI-native coding environments?

Personally, I’m still leaning toward curated, manually reviewed extensions layered on top of these systems — scoped per repo or per org. Not fully open (at least for now), but composable and controlled.

Either way — this space is getting interesting fast.

[1] https://arxiv.org/pdf/2604.14228v1

Lol, I didn't proofread this AI edit from English into English, and it said "plus" in Russian mid-way =) edited

Folks, a geopolitical question that I would not be comfortable asking in my other social media.

Assuming the US is interested in slowing down China's growth by constraining oil supply (Hormuz, then Malacca), what about nuclear?

In my mind, this question splits into two major ones:

1. Does China need to import raw materials to derive nuclear power from? If yes, is this something that is plausible to attempt to control? (I mean, those will not be huge and heavy tankers, after all.)

2. Can it so happen that starving a big country off oil would just result in them advancing on nuclear faster? (Much like cutting Assange et. al. from wire transfers pushed the leaking crowd towards crypto, ultimately yielding the opposite result.)

Of course, if there are major other directions / sub-questions to ask, I'd love to know of that.

Truly curious, and thx in advance!

I literally thought whether ChatGPT could generate this, and the first thing it said was "Hey, check out this new image generation model!"

Well, looks good indeed. Me happy.

TIL: most asteoids are not solid at all!

Decades of spacecraft visits and spin-rate surveys have revealed that the vast majority of asteroids larger than a few hundred meters are rubble piles — loose aggregates of rock, dust, and boulders held together almost entirely by their own weak self-gravity, with essentially zero tensile strength. Think of a gravel pile in space, not a boulder.

The key evidence:

The spin barrier. When astronomers plot spin rate vs. size for thousands of asteroids, there's a sharp cutoff: essentially no asteroid larger than ~200 meters spins faster than once per ~2.2 hours. That's exactly the rate at which a cohesionless rubble pile would fly apart under centrifugal force. If large asteroids were monoliths, we'd see plenty spinning faster. We don't. They're rubble.

Direct imaging. Missions like Hayabusa2 (Ryugu) and OSIRIS-REx (Bennu) found surfaces covered in boulders, with bulk densities well below solid rock — Bennu is ~1,190 kg/m³ vs. ~3,000 for its constituent material, implying ~50% porosity. When OSIRIS-REx touched Bennu, the surface behaved like a ball pit; the spacecraft sank in. Ryugu was similar.

Shapes. Many are "spinning top" shapes (Bennu, Ryugu, Didymos) — the equatorial bulge you'd get from a gravitationally-bound pile of gravel slowly redistributing itself under rotation.

Are there any solid ones?

Yes, but with caveats:

Small monoliths (< ~200 m) are common and genuinely solid — they're fragments of larger collisions.

Metallic (M-type) asteroids like 16 Psyche (~220 km) are thought to be exposed cores of differentiated planetesimals — likely much more coherent, possibly solid iron-nickel. Psyche is the current NASA target precisely to find out.

A few near-Earth asteroids show signs of some internal cohesion — spinning faster than the rubble-pile limit — suggesting they have at least modest tensile strength (maybe a few hundred Pa to a few kPa, nowhere near solid rock's ~10 MPa). These are "weakly bound" rather than truly monolithic.

What's actually near Earth at 50 km scale?

Near-Earth asteroids (NEAs) in the 50-km class basically don't exist. The largest NEA is 1036 Ganymed at ~38 km, and it's the only one above ~20 km. Almost all NEAs are sub-kilometer. The 50-km-radius (100-km diameter) bodies live in the main belt — Ceres, Vesta, Pallas territory — and those are dwarf-planet-scale objects with their own geology.

Rephrasing a co-worker, C in harness stands for clarity.

Something's broken, I definitely used Cursor extensively in the past few days.

But oh my, these numbers are insane.

Thought of the day.

In the age of AI, it's the LLM tokens that are expensive.

Compute, as in EC2 or ECS or Hetzner, is merely collateral damage. Nobody cares about those costs as long as the LLM tokens are burned with high utility.

AI did to compute what compute did to storage.

Which also means there's tons of money to be made in compute in the years to come — much like there's tons of money to be made in storage as of the past 5+ years.

My bet is the consistency and durability is what will sell well. Both with storage, as of a few years already. And with compute, which is starting about now, since compute becomes the fungible auxiliary unit next to LLM tokens utilized at scale.