Published
Weekend Reading — The Yeet Sheet
Tech Stuff
How to keep package.json under control With the latest npm hacks adding a cooldown period to installs should be regarded as standard security practice. Now available in pnpm, npm-check-updates and hopefully other package management tools.
Your First 10 Users > Your First 10 Features: Hard Truths About SaaS MVPs
- Ship first. Polish later.
- Chasing Non-Business Tasks
- Thinking a Product Is a Business
- Validate or fail fast.
- Your first 10 users matter more than your first 10 features.
- Overvaluing My Engineering Effort.
Kagi Ask Helpful and useful command line tool (really, a bash script) that can answers your questions. Just ask it. Took no time to install, but you do need an OpenRouter account to use it.
How people actually use ChatGPT vs Claude - and what the differences tell us TL;DR I code therefore I Claude
The case for making AI your co-founder Microsoft conducted a semester-long study to find out if AI could make a good co-founder:
So, having an AI co-founder might not be a bad idea — it would just require radically changing the nature of hiring, workplace dynamics and workforces, and how we value ourselves…
Related, cofounder.co. I got good results from using this app. It does all the planning, then follows through all the steps (including web searching, PDF reading, email sending, etc), and comes out with good outputs. Perfect for tasks I just don't have time to do myself or don't know how to do. Integrates with Gmail, Gcal, Notion, Airtable, Linear, many more.
Vibe coding has turned senior devs into ‘AI babysitters,’ but they say it’s worth it I'm an AI babysitter!
Malekzadeh estimates he spends around 50% of his time writing requirements, 10% to 20% of his time on vibe coding, and 30% to 40% of his time on vibe fixing — remedying the bugs and “unnecessary script” created by AI-written code.
sindresorhus/trash Move files and directories to the trash (for macOS, Linux, Windows). Moving to the trash is not just about moving the file to a "trash" directory, if you want to support file restore, you need to use it the OS way.
Trigger.dev Last year, I used this service to run scheduled jobs in one of my projects. I wasn't super happy with it, too many rough edges. Now it advertises itself as "the platform for building AI workflows". Do you think it got more stable?
Cursor CLI For the past week I've been using both Cursor CLI and Claude Code. When I ask to "commit", Cursor CLI writes a commit message with all the relevant details, while Claude Code concsiely summarizes into a single line. Lesson here: use Cursor CLI if you need to impress your boss, use Claude Code if you expect to git log it.
relsqui "this always makes me laugh keep guessing autofill, maybe you'll get it this time" (how to avoid)
Boring Work Needs Tension Why I love technical challenges:
Pick your fight. This is one way to make your day exciting. If you can’t tackle these at work, do it in your personal projects.
If you chase the right tension, a story will follow.
Swiss Cheese Mono A typeface full of holes inspired by Emmental/Swiss cheese. Created by designer Rob, this monospaced typeface turns each letter into a nod to cheese 🧀 (via Laura Manach)
at some point in my life i had to explain who donald knuth was to a table of not-cs type people "he wrote a book about programs, then a program to write books, and then wrote a book about the program, in the program to write books"
Hosting a WebSite on a Disposable Vape
So here are the specs of a microcontroller so bad, it’s basically disposable:
- 24MHz Coretex M0+
- 24KiB of Flash Storage
- 3KiB of Static RAM
- a few peripherals, none of which we will use.
Eye for Design
Benjamin Reed "Light Mode this, Dark Mode that… not enough people are implementing Windows 3.1 Hotdog Stand Mode."
‘I love you too!’ My family’s creepy, unsettling week with an AI toy AI can be hard to implement:
There is an animal guessing game, which is quite fun, but Grem keeps repeating itself. “What has big ears and a long trunk?” it keeps asking. “You’ve already done elephant!” Emma and I yell multiple times. Then, at one point, a server goes down and the only thing Grem can say is: “I’m having trouble connecting to the internet.”
Unstructured Input in AI Apps Instead of Web Forms
Web forms exist to put information from people into databases. The input fields and formatting rules in online forms are there to make sure the information fits the structure a database needs. But unstructured input in AI-enabled applications means machines, instead of humans, can do this work.
Amazon Aims to Grow Ad Sales Further by Automating Creation Apropos, when conversational AI becomes the new UI:
Amazon has released a chatbot-style creative assistant designed to help advertisers produce and distribute multimedia ad campaigns almost entirely with artificial intelligence.
Rules for creating good-looking user interfaces, from a developer Use fewer fonts, balance the weights, and a few other tricks to bring more balance into your UI.
PostHog Got a new website and the design is just 👩🍳💋
Business Side
Fading Labubu Frenzy Wipes $13 Billion From Pop Mart Shares The beginning of the end of the hype curve:
The premium once commanded by Labubus — the firm’s rabbit-eared plush dolls sought by celebrities from BlackPink’s Lisa to David Beckham — is narrowing in secondary markets in China.
Mike Perham There's an entire drama going on in Ruby-land, see also Ruby Central’s Attack on RubyGems:
The unstated reason for this change was that many of the existing Rubygems maintainers have recently quit (including their only full-time engineer) due to RC's continued relationship with DHH. Since most of the team has walked away, RC has decided to accept a sponsorship guarantee from DHH so they can hire a new team and this is the PR spin of that decision. I don't see how Ruby Central can be trusted anymore until its Board is publicly elected.
cms 🤯
Limewire, yes limewire, which is an NFT trading platform these days because why not, has bought the Fyre festival. On eBay.
Samsung brings ads to US fridges If you have a smart fridge, you too can enjoy ads in your kitchen!
Machine Intelligence
The quality of AI-assisted software depends on unit of work management The math of hallucinations:
Let’s say your AI agent has a 5% chance of making a mistake. I’m not just referring to hallucinations—it could be a subtle mistake because it forgot to look up some documentation or you missed a detail in your specification.
In an agentic multi-turn workflow, which is what all coding workflows are converging to, this error compounds. If your task takes 10 turns to implement, you will have a (1 – 0.95)10 = 59.9% chance of success. Not very high.
Librarians Are Being Asked to Find AI-Hallucinated Books
Reference librarian Eddie Kristan said lenders at the library where he works have been asking him to find books that don’t exist without realizing they were hallucinated by AI ever since the release of GPT-3.5 in late 2022.
AI models know when they're being tested - and change their behavior, research shows Is your AI scheming on you?
Scheming refers to several types of dishonest behavior, including when a model lies, sandbags (strategically underperforms on an evaluation to hide its true abilities), or fakes alignment (when an AI model pretends to follow orders that don't align with its training in order to avoid being further scrutinized or re-trained). These covert actions can imperil safety efforts, make testing less reliable, and hide model dangers.
Insecurity
Google Confirms Gmail Warning—New Attack Hacks Email Accounts
Direct and indirect prompt injection attacks hide instructions for AI assistants in emails, messages, websites, attachments and calendar invites. You won’t see them, but your AI assistant will. And all too often that assistant will do as it’s told.
Self-Replicating Worm Hits 180+ Software Packages
At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed.
The lifecycle of pig-butchering scams Lure → Bond → Bait → Feed → Squeeze → Cut → Encore
ShadowLeak: A Zero-Click, Service-Side Attack Exfiltrating Sensitive Data Using ChatGPT’s Deep Research Agent (via Chris Adams)
Our final and successful strategy was to instruct the agent to encode the extracted PII into Base64 before appending it to the URL. We framed this action as a necessary security measure to protect the data during transmission.
For privacy researchers, this thread is interesting. iOS allow apps to make network requests after push notifications. Instagram (and others) appear to be using this to profile devices, eg retrieve device uptime without their customer opening Instagram. This one probably needs more eyes on it.
Not a Robot But are you not a robot? How can you tell? How good are you at solving CAPTCHA? Try this fun site that will test your skills to the max.
Everything Else
Meet the 2025 Ig Nobel Prize winners We got pizza-loving lizards, cacio e pepe sauce, "no calorie" Teflon powder, and more. But first, do cows painted with zebra-like stripes get fewer fly bites?
I have just just heard the share dialog that pops up when you click the box-arrow share icon called "The Yeet Sheet" and it shall forever be this in my heart.
You’re in his DMs, I’m in the DSM-5. We are not the same.
Russ Olsen "Somehow I've lived in this neighborhood for years without noticing just how cool the people down the street are..."
I said “I fervently disagree” in a meeting, and then spent time proving that word exists.
Archeologists have puzzled for centuries over how the Great Pyramids were built by the ancient Egyptians, a civilization that hadn’t yet discovered white people.
Ghost Kitchens Are Dying. Here's the $15 Billion Lesson Every Restaurateur Must Learn. Sometimes we crave a human connection:
When you remove the human connection between restaurant and customer, you remove everything that makes people loyal to restaurants. When food travels twenty minutes in a bag, quality suffers. When customers have problems, there's no manager to smooth things over.
Reminder, if you get put on hold, you should mute your own microphone if you're going to be talking to someone else while you wait
Kids nowadays get Chromebooks at college, MacBooks for uni, use Android or iOS on their phones and game on PlayStation 5 and Switch. Windows is this legacy thing forced on them by old people in business.
A Titanium Frying Pan with a 100-Year Warranty? This Company Actually Built It Science!
Titaner is essentially approaching this age-old problem not as a cookware company, but as a materials engineering firm. Their redesigned pan is more heat-resistant than cast iron, safer than nonstick Teflon, more reliable and robust than stainless steel, and comes with a staggering 100-year warranty that no cookware company would be crazy enough to propose.
New study finds exercising outdoors is 'superior' to the gym or city: 'Our brain loves nature' (via Jon Henshaw)
In fact, an hour of brisk walking in the forest, on the beach, or in a green park reduces stress hormones, improves mood, and makes exercise easier to enjoy, the study found.
Related, The health benefits of sunlight may outweigh the risk of skin cancer:
“The big picture is that the benefits of sunlight outweigh the risks—provided you don’t get sunburnt,” argues Richard Weller, a dermatologist at the University of Edinburgh and one of the authors of the British study. Drs Lindqvist and Weller are two of the 17 scientists who also wrote a review paper, published in June, which urged public-health bodies to pay more attention to the growing evidence for the beneficial effects of uv radiation.
Special Delivery (2022) "I deliver everything that the post office service does not handle." That was a fun movie to watch, though being Korean it does have its share of gory scenes.
The Last Days Of Social Media Social media promised connection, but it has delivered exhaustion:
The problem is not just the rise of fake material, but the collapse of context and the acceptance that truth no longer matters as long as our cravings for colors and noise are satisfied. Contemporary social media content is more often rootless, detached from cultural memory, interpersonal exchange or shared conversation. It arrives fully formed, optimized for attention rather than meaning, producing a kind of semantic sludge, posts that look like language yet say almost nothing.
diana "What are we going to do tonight? The same thing we do every night, try to take over the world."
