When you’re ready for more per­for­mance, you can up­grade in­di­vid­ual com­po­nents in­stead of re­plac­ing your en­tire lap­top. Install a new Mainboard for gen­er­a­tional proces­sor up­grades, add mem­ory to han­dle heav­ier work­loads, or ex­pand your stor­age to in­crease ca­pac­ity or en­able dual boot­ing. The Framework Marketplace makes it easy to find the com­pat­i­ble parts you need.

Organizations de­sign sys­tems that mir­ror their own com­mu­ni­ca­tion struc­ture.

Premature op­ti­miza­tion is the root of all evil.

With a suf­fi­cient num­ber of API users, all ob­serv­able be­hav­iors of your sys­tem will be de­pended on by some­body.

Leave the code bet­ter than you found it.

YAGNI (You Aren’t Gonna Need It)

Don’t add func­tion­al­ity un­til it is nec­es­sary.

Adding man­power to a late soft­ware pro­ject makes it later.

A com­plex sys­tem that works is in­vari­ably found to have evolved from a sim­ple sys­tem that worked.

All non-triv­ial ab­strac­tions, to some de­gree, are leaky.

Every ap­pli­ca­tion has an in­her­ent amount of ir­re­ducible com­plex­ity that can only be shifted, not elim­i­nated.

A dis­trib­uted sys­tem can guar­an­tee only two of: con­sis­tency, avail­abil­ity, and par­ti­tion tol­er­ance.

Small, suc­cess­ful sys­tems tend to be fol­lowed by ov­erengi­neered, bloated re­place­ments.

A set of eight false as­sump­tions that new dis­trib­uted sys­tem de­sign­ers of­ten make.

Every pro­gram at­tempts to ex­pand un­til it can read mail.

There is a cog­ni­tive limit of about 150 sta­ble re­la­tion­ships one per­son can main­tain.

The square root of the to­tal num­ber of par­tic­i­pants does 50% of the work.

Those who un­der­stand tech­nol­ogy don’t man­age it, and those who man­age it don’t un­der­stand it.

In a hi­er­ar­chy, every em­ployee tends to rise to their level of in­com­pe­tence.

The min­i­mum num­ber of team mem­bers whose loss would put the pro­ject in se­ri­ous trou­ble.

Companies tend to pro­mote in­com­pe­tent em­ploy­ees to man­age­ment to limit the dam­age they can do.

Work ex­pands to fill the time avail­able for its com­ple­tion.

The first 90% of the code ac­counts for the first 90% of de­vel­op­ment time; the re­main­ing 10% ac­counts for the other 90%.

It al­ways takes longer than you ex­pect, even when you take into ac­count Hofstadter’s Law.

When a mea­sure be­comes a tar­get, it ceases to be a good mea­sure.

Anything you need to quan­tify can be mea­sured in some way bet­ter than not mea­sur­ing it.

Anything that can go wrong will go wrong.

Be con­ser­v­a­tive in what you do, be lib­eral in what you ac­cept from oth­ers.

Technical Debt is every­thing that slows us down when de­vel­op­ing soft­ware.

Given enough eye­balls, all bugs are shal­low.

Debugging is twice as hard as writ­ing the code in the first place.

A pro­ject should have many fast unit tests, fewer in­te­gra­tion tests, and only a small num­ber of UI tests.

Repeatedly run­ning the same tests be­comes less ef­fec­tive over time.

Software that re­flects the real world must evolve, and that evo­lu­tion has pre­dictable lim­its.

90% of every­thing is crap.

The speedup from par­al­leliza­tion is lim­ited by the frac­tion of work that can­not be par­al­lelized.

It is pos­si­ble to achieve sig­nif­i­cant speedup in par­al­lel pro­cess­ing by in­creas­ing the prob­lem size.

The value of a net­work is pro­por­tional to the square of the num­ber of users.

Every piece of knowl­edge must have a sin­gle, un­am­bigu­ous, au­thor­i­ta­tive rep­re­sen­ta­tion.

Designs and sys­tems should be as sim­ple as pos­si­ble.

Five main guide­lines that en­hance soft­ware de­sign, mak­ing code more main­tain­able and scal­able.

An ob­ject should only in­ter­act with its im­me­di­ate friends, not strangers.

Software and in­ter­faces should be­have in a way that least sur­prises users and other de­vel­op­ers.

The less you know about some­thing, the more con­fi­dent you tend to be.

Never at­tribute to mal­ice that which is ad­e­quately ex­plained by stu­pid­ity or care­less­ness.

The sim­plest ex­pla­na­tion is of­ten the most ac­cu­rate one.

Sticking with a choice be­cause you’ve in­vested time or en­ergy in it, even when walk­ing away helps you.

The Map Is Not the Territory

Our rep­re­sen­ta­tions of re­al­ity are not the same as re­al­ity it­self.

A ten­dency to fa­vor in­for­ma­tion that sup­ports our ex­ist­ing be­liefs or ideas.

We tend to over­es­ti­mate the ef­fect of a tech­nol­ogy in the short run and un­der­es­ti­mate the im­pact in the long run.

The longer some­thing has been in use, the more likely it is to con­tinue be­ing used.

Breaking a com­plex prob­lem into its most ba­sic blocks and then build­ing up from there.

Solving a prob­lem by con­sid­er­ing the op­po­site out­come and work­ing back­ward from it.

80% of the prob­lems re­sult from 20% of the causes.

The best way to get the cor­rect an­swer on the Internet is not to ask a ques­tion, it’s to post the wrong an­swer.

For work­loads that need to run in the US, US-only in­fer­ence is avail­able at 1.1x pric­ing for in­put and out­put to­kens. Learn more.

This is a heav­ily in­ter­ac­tive web ap­pli­ca­tion, and JavaScript is re­quired. Simple HTML in­ter­faces are pos­si­ble, but that is not what this is.

Learn more about Bluesky at bsky.so­cial and at­proto.com. It ap­pears that Anthropic has re­moved Claude Code from its $20-a-month pro sub­scrip­tion based on its pric­ing page. Anyone able to con­firm who has a $20 plan?

claude.com/​pric­ing

Listen to this ar­ti­cle in sum­ma­rized for­mat

Today we’re mak­ing the fol­low­ing changes to GitHub Copilot’s Individual plans to pro­tect the ex­pe­ri­ence for ex­ist­ing cus­tomers: paus­ing new sign-ups, tight­en­ing us­age lim­its, and ad­just­ing model avail­abil­ity. We know these changes are dis­rup­tive, and we want to be clear about why we’re mak­ing them and how they will af­fect you.

Agentic work­flows have fun­da­men­tally changed Copilot’s com­pute de­mands. Long-running, par­al­lelized ses­sions now reg­u­larly con­sume far more re­sources than the orig­i­nal plan struc­ture was built to sup­port. As Copilot’s agen­tic ca­pa­bil­i­ties have ex­panded rapidly, agents are do­ing more work, and more cus­tomers are hit­ting us­age lim­its de­signed to main­tain ser­vice re­li­a­bil­ity. Without fur­ther ac­tion, ser­vice qual­ity de­grades for every­one.

We’ve heard your frus­tra­tions about us­age lim­its and model avail­abil­ity, and we need to do a bet­ter job com­mu­ni­cat­ing the guardrails we are adding—here’s what’s chang­ing and why.

New sign-ups for GitHub Copilot Pro, Pro+, and Student plans are paused. Pausing sign-ups al­lows us to serve ex­ist­ing cus­tomers more ef­fec­tively.

We are tight­en­ing us­age lim­its for in­di­vid­ual plans. Pro+ plans of­fer more than 5X the lim­its of Pro. Users on the Pro plan who need higher lim­its can up­grade to Pro+. Usage lim­its are now dis­played in VS Code and Copilot CLI to make it eas­ier for you to avoid hit­ting these lim­its.

Opus mod­els are no longer avail­able in Pro plans. Opus 4.7 re­mains avail­able in Pro+ plans. As we an­nounced in our changelog, Opus 4.5 and Opus 4.6 will be re­moved from Pro+.

These changes are nec­es­sary to en­sure we can serve ex­ist­ing cus­tomers with a pre­dictable ex­pe­ri­ence. If you hit un­ex­pected lim­its or these changes just don’t work for you, you can can­cel your Pro or Pro+ sub­scrip­tion and re­ceive a re­fund for the time re­main­ing on your cur­rent sub­scrip­tion by vis­it­ing your Billing set­tings be­fore May 20..

GitHub Copilot has two us­age lim­its to­day: ses­sion and weekly (7 day) lim­its. Both lim­its de­pend on two dis­tinct fac­tors—to­ken con­sump­tion and the mod­el’s mul­ti­plier.

The ses­sion lim­its ex­ist pri­mar­ily to en­sure that the ser­vice is not over­loaded dur­ing pe­ri­ods of peak us­age. They’re set so most users should­n’t be im­pacted. Over time, these lim­its will be ad­justed to bal­ance re­li­a­bil­ity and de­mand. If you do en­counter a ses­sion limit, you must wait un­til the us­age win­dow re­sets to re­sume us­ing Copilot.

Weekly lim­its rep­re­sent a cap on the to­tal num­ber of to­kens a user can con­sume dur­ing the week. We in­tro­duced weekly lim­its re­cently to con­trol for par­al­lelized, long-tra­jec­tory re­quests that of­ten run for ex­tended pe­ri­ods of time and re­sult in pro­hib­i­tively high costs.

The weekly lim­its for each plan are also set so that most users will not be im­pacted. If you hit a weekly limit and have pre­mium re­quests re­main­ing, you can con­tinue to use Copilot with Auto model se­lec­tion. Model choice will be reen­abled when the weekly pe­riod re­sets. If you are a Pro user, you can up­grade to Pro+ to in­crease your weekly lim­its. Pro+ in­cludes over 5X the lim­its of Pro.

Usage lim­its are sep­a­rate from your pre­mium re­quest en­ti­tle­ments. Premium re­quests de­ter­mine which mod­els you can ac­cess and how many re­quests you can make. Usage lim­its, by con­trast, are to­ken-based guardrails that cap how many to­kens you can con­sume within a given time win­dow. You can have pre­mium re­quests re­main­ing and still hit a us­age limit.

Starting to­day, VS Code and Copilot CLI both dis­play your avail­able us­age when you’re ap­proach­ing a limit. These changes are meant to help you avoid a sur­prise limit.

If you are ap­proach­ing a limit, there are a few things you can do to help re­duce the chances of hit­ting it:

Use a model with a smaller mul­ti­plier for sim­pler tasks. The larger the mul­ti­plier, the faster you will hit the limit.

Consider up­grad­ing to Pro+ if you are on a Pro plan to raise your limit by over 5X.

Use plan mode (VS Code, Copilot CLI) to im­prove task ef­fi­ciency. Plan mode also im­proves task suc­cess.

Reduce par­al­lel work­flows. Tools such as /fleet will re­sult in higher to­ken con­sump­tion and should be used spar­ingly if you are near­ing your lim­its.

Why we’re do­ing this

We’ve seen us­age in­ten­sify for all users as they re­al­ize the value of agents and sub­agents in tack­ling com­plex cod­ing prob­lems. These long-run­ning, par­al­lelized work­flows can yield great value, but they have also chal­lenged our in­fra­struc­ture and pric­ing struc­ture: it’s now com­mon for a hand­ful of re­quests to in­cur costs that ex­ceed the plan price! These are our prob­lems to solve. The ac­tions we are tak­ing to­day en­able us to pro­vide the best pos­si­ble ex­pe­ri­ence for ex­ist­ing users while we de­velop a more sus­tain­able so­lu­tion.

Everything you need to mas­ter GitHub, all in one place.

Build what’s next on GitHub, the place for any­one from any­where to build any­thing.

Meet the com­pa­nies and en­gi­neer­ing teams that build with GitHub.

Catch up on the GitHub pod­cast, a show ded­i­cated to the top­ics, trends, sto­ries and cul­ture in and around the open source de­vel­oper com­mu­nity on GitHub.

We do newslet­ters, tooD­is­cover tips, tech­ni­cal guides, and best prac­tices in our bi­weekly newslet­ter just for devs.

Yes please, I’d like GitHub and af­fil­i­ates to use my in­for­ma­tion for per­son­al­ized com­mu­ni­ca­tions, tar­geted ad­ver­tis­ing and cam­paign ef­fec­tive­ness. See the GitHub Privacy Statement for more de­tails.

It’s the na­ture of busi­ness that the eu­logy for a chief ex­ec­u­tive does­n’t hap­pen when they die, but when they re­tire, or, in the case of Apple CEO Tim Cook, an­nounce that they will step up to the role of Executive Chairman on September 1. The one mor­bid ex­cep­tion is when a CEO dies on the job — or quits be­cause they are dy­ing — and the truth of the mat­ter is that that is where any hon­est re­count­ing of Cook’s in­cred­i­bly suc­cess­ful tenure as Apple CEO, par­tic­u­larly from a fi­nan­cial per­spec­tive, has to be­gin.

The num­bers, to be clear, are ex­tra­or­di­nary. Cook be­came CEO of Apple on August 24, 2011, and in the in­ter­ven­ing 15 years rev­enue has in­creased 303%, profit 354%, and the value of Apple has gone from $297 bil­lion to $4 tril­lion, a stag­ger­ing 1,251% in­crease.

The rea­son for Cook’s ac­ces­sion in 2011 be­came clear a mere six weeks later, when Steve Jobs passed away from can­cer on October 5, 2011. Jobs’ death is­n’t the rea­son Cook was cho­sen — Cook had al­ready served as in­terim CEO while Jobs un­der­went treat­ment in 2009 — but I think the tim­ing played a ma­jor role in mak­ing Cook ar­guably the great­est non-founder CEO of all time.

Peter Thiel in­tro­duced the con­cept of Zero To One thusly:

When we think about the fu­ture, we hope for a fu­ture of progress. That progress can take one of two forms. Horizontal or ex­ten­sive progress means copy­ing things that work — go­ing from 1 to n. Horizontal progress is easy to imag­ine be­cause we al­ready know what it looks like. Vertical or in­ten­sive progress means do­ing new things — go­ing from 0 to 1. Vertical progress is harder to imag­ine be­cause it re­quires do­ing some­thing no­body else has ever done. If you take one type­writer and build 100, you have made hor­i­zon­tal progress. If you have a type­writer and build a word proces­sor, you have made ver­ti­cal progress.

Steve Jobs made 0 to 1 prod­ucts, as he re­minded the au­di­ence in the in­tro­duc­tion to his most fa­mous keynote:

Every once in a while, a rev­o­lu­tion­ary prod­uct comes along that changes every­thing. First of all, one’s very for­tu­nate if one gets to work on one of these in your ca­reer. Apple’s been very for­tu­nate: it’s been able to in­tro­duce a few of these into the world.

In 1984, we in­tro­duced the Macintosh. It did­n’t just change Apple, it changed the whole com­puter in­dus­try. In 2001, we in­tro­duced the first iPod. It did­n’t just change the way we all lis­ten to mu­sic, it changed the en­tire mu­sic in­dus­try.

Well, to­day we’re in­tro­duc­ing three rev­o­lu­tion­ary prod­ucts of this class. The first one: a widescreen iPod with touch con­trols. The sec­ond: a rev­o­lu­tion­ary mo­bile phone. And the third is a break­through Internet com­mu­ni­ca­tions de­vice. Three things…are you get­ting it? These are not three sep­a­rate de­vices. This is one de­vice, and we are call­ing it iPhone.

Steve Jobs would, three years later, also in­tro­duce the iPad, which makes four dis­tinct prod­uct cat­e­gories if you’re count­ing. Perhaps the most im­por­tant 0 to 1 prod­uct Jobs cre­ated, how­ever, was Apple it­self, which raises the ques­tion: what makes Apple Apple?

“What Makes Apple Apple” is­n’t a new ques­tion; it was the cen­tral ques­tion of Apple University, the in­ter­nal train­ing pro­gram the com­pany launched in 2008. Apple University was hailed on the out­side as a Steve Jobs cre­ation, but while I’m sure he green lit the con­cept, it was clear to me as an in­tern on the Apple University team in 2010, that the pro­gram’s dri­ving force was Tim Cook.

The core of the pro­gram, at least when I was there, was what be­came known as The Cook Doctrine:

We be­lieve that we’re on the face of the Earth to make great prod­ucts, and that’s not chang­ing.

We be­lieve in the sim­ple, not the com­plex.

We be­lieve that we need to own and con­trol the pri­mary tech­nolo­gies be­hind the prod­ucts we make, and par­tic­i­pate only in mar­kets where we can make a sig­nif­i­cant con­tri­bu­tion.

We be­lieve in say­ing no to thou­sands of pro­jects so that we can re­ally fo­cus on the few that are truly im­por­tant and mean­ing­ful to us.

We be­lieve in deep col­lab­o­ra­tion and cross-pol­li­na­tion of our groups, which al­low us to in­no­vate in a way that oth­ers can­not.

And frankly, we don’t set­tle for any­thing less than ex­cel­lence in every group in the com­pany, and we have the self-hon­esty to ad­mit when we’re wrong and the courage to change.

And I think, re­gard­less of who is in what job, those val­ues are so em­bed­ded in this com­pany that Apple will do ex­tremely well.

Cook ex­plained this on Apple’s January 2009 earn­ings call, dur­ing Jobs’ first leave of ab­sence, in re­sponse to a ques­tion about how Apple would fare with­out its founder. It’s a bril­liant state­ment, but it is — as the last para­graph makes clear — ul­ti­mately about main­tain­ing, nur­tur­ing, and grow­ing what Jobs built.

That is why I started this Article by high­light­ing the tim­ing of Cook’s as­cent to the CEO role. The chal­lenge for CEOs fol­low­ing iconic founders is that the per­son who took the com­pany from 0 to 1 usu­ally sticks around for 2, 3, 4, etc.; by the time they step down the only way for­ward is of­ten down. Jobs, how­ever, by virtue of leav­ing the world too soon, left Apple only a few years af­ter its most im­por­tant 0 to 1 prod­uct ever, mean­ing it was Cook who was in charge of grow­ing and ex­pand­ing Apple’s most rev­o­lu­tion­ary de­vice yet.

Cook, to be clear, man­aged this bril­liantly. Under his watch the iPhone not only got bet­ter every year, but ex­panded its mar­ket to every car­rier in ba­si­cally every coun­try, and ex­panded the line from one model in two col­ors to five mod­els in a plethora of col­ors sold at the scale of hun­dreds of mil­lions of units a year.

Cook was, with­out ques­tion, an op­er­a­tional ge­nius. Moreover, this was clearly the case even be­fore he scaled the iPhone to unimag­in­able scale. When Cook joined Apple in 1998 the com­pa­ny’s op­er­a­tions — cen­tered on Apple’s own fac­to­ries and ware­houses — were a mas­sive drag on the com­pany; Cook me­thod­i­cally shut them down and shifted Apple’s man­u­fac­tur­ing base to China, cre­at­ing a just-in-time sup­ply chain that year-af­ter-year co­or­di­nated a world­wide net­work of sup­pli­ers to de­liver Apple’s ever-ex­pand­ing prod­uct line to cus­tomers’ doorsteps and a fleet of beau­ti­ful and brand-ex­pand­ing stores. There was not, un­der Cook’s lead­er­ship, a sin­gle sig­nif­i­cant prod­uct is­sue or re­call.

Cook also over­saw the in­tro­duc­tion of ma­jor new prod­ucts, most no­tably AirPods and Apple Watch; the “Wearables, Home, and Accessories” cat­e­gory de­liv­ered $35.4 bil­lion in rev­enue last year, which would rank 128 on the Fortune 500. Still, both prod­ucts are de­riv­a­tive of the iPhone; Cook’s sig­na­ture 0 to 1 prod­uct, the Apple Vision Pro, is more of a 0.5.

Cook’s more mo­men­tous con­tri­bu­tion to Apple’s top line was the el­e­va­tion of Services. The Google search deal ac­tu­ally orig­i­nated in 2002 with an agree­ment to make Google the de­fault search ser­vice for Safari on the Mac, and was ex­tended to the iPhone in 2007; Google’s mo­ti­va­tion was to en­sure that Apple never com­peted for their core busi­ness, and Cook was happy to take an ever in­creas­ing amount of pure profit.

The App Store also pre­dated Cook; Steve Jobs said dur­ing the App Store’s in­tro­duc­tion that “we keep 30 [percent] to pay for run­ning the App Store”, and called it “the best deal go­ing to dis­trib­ute ap­pli­ca­tions to mo­bile plat­forms”. It’s im­por­tant to note that, in 2008, this was true! The App Store re­ally was a great deal.

Three years later, in a July 28, 2011 email — less than a month be­fore Cook of­fi­cially be­came CEO — Phil Schiller won­dered if Apple should lower its take once they were mak­ing $1 bil­lion a year in profit from the App Store. John Gruber, writ­ing on Daring Fireball in 2021, won­dered what might have been had Cook fol­lowed Schiller’s ad­vice:

In my imag­i­na­tion, a world where Apple had used Phil Schiller’s memo above as a game plan for the App Store over the last decade is a bet­ter place for every­one to­day: de­vel­op­ers for sure, but also users, and, yes, Apple it­self. I’ve of­ten said that Apple’s pri­or­i­ties are con­sis­tent: Apple’s own needs first, users’ sec­ond, de­vel­op­ers’ third. Apple, for ob­vi­ous rea­sons, does not like to talk about the Apple-first part of those pri­or­i­ties, but Cook made ex­plicit dur­ing his tes­ti­mony dur­ing the Epic trial that when user and de­vel­oper needs con­flict, Apple sides with users. (Hence App Tracking Transparency, for ex­am­ple.)

These pri­or­i­ties are as they should be. I’m not com­plain­ing about their or­der. But putting de­vel­oper needs third does­n’t mean they should be ne­glected or over­looked. A large base of de­vel­op­ers who are ex­perts on de­vel­op­ing and de­sign­ing for Apple’s pro­pri­etary plat­forms is an in­cred­i­ble as­set. Making those de­vel­op­ers happy — happy enough to keep them want­ing to work and fo­cus on Apple’s plat­forms — is good for Apple it­self.

I want to agree with Gruber — I was crit­i­ciz­ing Apple’s App Store poli­cies within weeks of start­ing Stratechery, years be­fore it be­came a ma­jor is­sue — but from a share­holder per­spec­tive, i.e. Cook’s ul­ti­mate bosses, it’s hard to ar­gue with Apple’s un­com­pro­mis­ing ap­proach. Last year Apple Services gen­er­ated 26% of Apple’s rev­enue and 41% of the com­pa­ny’s profit; more im­por­tantly, Services con­tin­ues to grow year-over-year, even as iPhone growth has slowed from the go-go years.

Another way to frame the Services ques­tion is to say that Gruber is con­cerned about the long-term im­por­tance of some­thing that is some­what in­ef­fa­ble — de­vel­oper will­ing­ness and de­sire to sup­port Apple’s plat­forms — which is, at least in Gruber’s mind, es­sen­tial for Apple’s long-term health. Cook, in this cri­tique, pri­or­i­tized Apple’s fi­nan­cial re­sults and share­holder re­turns over what was best for Apple in the long run.

This is­n’t the only part of Apple’s busi­ness where this cri­tique has va­lid­ity. Cook’s great­est tri­umph was, as I noted above, com­pletely over­haul­ing and sub­se­quently scal­ing Apple’s op­er­a­tions, which first and fore­most meant de­vel­op­ing a heavy de­pen­dence on China. This de­pen­dence was not in­evitable: Patrick McGee ex­plained in Apple In China, which I con­sider one of the all-time great books about the tech in­dus­try, how Apple made China into the man­u­fac­tur­ing be­he­moth it be­came. McGee added in a Stratechery Interview:

Let me just re­fer back to some­thing that you wrote I think a few months ago when you called the last 20, 25 years, like the golden age for com­pa­nies like Apple and Silicon Valley fo­cused on soft­ware and Chinese tak­ing care of the hard­ware man­u­fac­tur­ing. That is a per­fect part­ner­ship, and if we were liv­ing in a sim­u­la­tion and it ended to­mor­row, you’d give props for Apple to tak­ing ad­van­tage of the sit­u­a­tion bet­ter than any­body else.

The prob­lem is we’re prob­a­bly not liv­ing in the sim­u­la­tion and things go on, and I’ve got this rather dis­qui­et­ing con­clu­sion where, look, Apple’s still re­ally good prob­a­bly, they’re not as good as they once were un­der Jony Ive, but they’re still good at in­dus­trial de­sign and prod­uct de­sign, but they don’t do any op­er­a­tions in our own coun­try. That’s all de­pen­dent on China. You’ve called this in fact the biggest vi­o­la­tion of the Tim Cook doc­trine to own and con­trol your des­tiny, but the Chinese aren’t just do­ing the op­er­a­tions any­more, they also have in­dus­trial de­sign, prod­uct de­sign, man­u­fac­tur­ing de­sign.

It re­ally is ironic: Tim Cook built what is ar­guably Apple’s most im­por­tant tech­nol­ogy — its abil­ity to build the world’s best per­sonal com­puter prod­ucts at as­tro­nom­i­cal scale — and did so in a way that leaves Apple more vul­ner­a­ble than any­one to the de­te­ri­o­rat­ing re­la­tion­ship be­tween the United States and China. China was cer­tainly good for the bot­tom line, but was it good for Apple’s long-run sus­tain­abil­ity?

This same cri­tique — of fa­vor­ing a fi­nan­cially op­ti­mal strat­egy over long-term sus­tain­abil­ity — may also one day be levied on the biggest ques­tion Cook leaves his suc­ces­sor: what im­pact will AI have on Apple? Apple has, to date, avoided spend­ing hun­dreds of bil­lions of dol­lars on the AI build­out, and there is one po­ten­tial fu­ture where the com­pany prof­its from AI by sell­ing the de­vices every­one uses to ac­cess com­modi­tized mod­els; there is an­other fu­ture where AI be­comes the means by which Apple’s 50 Years of Integration is fi­nally dis­rupted by com­pa­nies that ac­tu­ally in­vested in the tech­nol­ogy of the fu­ture.

If Tim Cook’s tim­ing was for­tu­nate in terms of when in Apple’s life­cy­cle he took the reins, then I would call his tim­ing in terms of when in Apple’s life­cy­cle he is step­ping down as be­ing pru­dent, both for his legacy and for Apple’s fu­ture.

Apple is, in terms of its tra­di­tional busi­ness model, in a bet­ter place than it has ever been. The iPhone line is fan­tas­tic, and sell­ing at a record pace; the Mac, mean­while, is poised to mas­sively ex­pand its mar­ket share as Apple Silicon — an­other Jobs ini­tia­tive, ap­pro­pri­ately in­vested in and nur­tured by Cook — makes the Mac the com­puter of choice for both the high end (thanks to Apple Silicon’s per­for­mance and uni­fied mem­ory ar­chi­tec­ture) and the low end (the iPhone chip-based MacBook Neo sig­nif­i­cantly ex­pands Apple’s ad­dress­able mar­ket). Meanwhile, the Services busi­ness con­tin­ues to grow. Cook is step­ping down af­ter Apple’s best-ever quar­ter, a mile­stone that very much cap­tures his tenure, for bet­ter and for worse.

At the same time, the AI ques­tion looms — and it sug­gests that Something Is Rotten in the State of Cupertino. The new Siri still has­n’t launched, and when it does, it will be with Google’s tech­nol­ogy at the core. That was, as I wrote in an Update, a mo­men­tous de­ci­sion for Apple’s fu­ture:

Apple’s plans are a bit like the al­co­holic who ad­mits that they have a drink­ing prob­lem, but promises to limit their in­take to so­cial oc­ca­sions. Namely, how ex­actly does Apple plan on re­plac­ing Gemini with its own mod­els when (1) Google has more tal­ent, (2) Google spends far more on in­fra­struc­ture, and (3) Gemini will be con­tin­u­ally in­creas­ing from the cur­rent level, where it is far ahead of Apple’s ef­forts? Moreover, there is now a new fac­tor work­ing against Apple: if this white-la­bel­ing ef­fort works, then the bar for “good enough” will be much higher than it is cur­rently. Will Apple, af­ter all of the trou­ble they are go­ing through to fix Siri, ac­tu­ally be will­ing to tear out a model that works so that they can once again roll their own so­lu­tion, par­tic­u­larly when that so­lu­tion has­n’t faced the mar­ket pres­sure of ac­tu­ally work­ing, while Gemini has?

In short, I think Apple has made a good de­ci­sion here for short term rea­sons, but I don’t think it’s a short-term de­ci­sion: I strongly sus­pect that Apple, whether it has ad­mit­ted it to it­self or not, has just com­mit­ted it­self to de­pend­ing on 3rd-parties for AI for the long run.

As I noted above and in that Update, this de­ci­sion may work out; if it does­n’t, how­ever, the sting will be felt long af­ter Cook is gone. To that end, I cer­tainly hope that John Ternus, the new CEO, was heav­ily in­volved in the de­ci­sion; truth­fully, he should have made it.

To that end, it’s right that Cook is step­ping down now. Jobs might have been re­spon­si­ble for tak­ing Apple from 0 to 1, but it was Cook that took Apple from 1 to $436 bil­lion in rev­enue and $118 bil­lion in profit last year. It’s a tes­ta­ment to his ca­pa­bil­i­ties and ex­e­cu­tion that Apple did­n’t suf­fer any sort of post-founder hang­over; only time will tell if, along the way, Cook cre­ated the con­di­tions for a crash out, by virtue of he him­self for­get­ting The Cook Doctrine and what makes Apple Apple.

It is in­tended only for pro­to­col study, sig­nal analy­sis, and con­trolled ex­per­i­ments on hard­ware you per­son­ally own or are ex­plic­itly au­tho­rized to test.

This repos­i­tory does not au­tho­rize ac­cess to, mod­i­fi­ca­tion of, or in­ter­fer­ence with any third-party de­ploy­ment, com­mer­cial in­stal­la­tion, or re­tail en­vi­ron­ment.

TagTinker is a Flipper Zero app for ed­u­ca­tional re­search into in­frared elec­tronic shelf-la­bel pro­to­cols and re­lated dis­play be­hav­ior on au­tho­rized test hard­ware.

It is fo­cused on:

This README in­ten­tion­ally avoids de­ploy­ment-ori­ented in­struc­tions and ex­cludes guid­ance for in­ter­act­ing with live com­mer­cial sys­tems.

Where is the .fap re­lease?

The Flipper app is source-first. Build the .fap your­self from this repos­i­tory with ufbt so it matches your firmware and lo­cal tool­chain.

What if it crashes or be­haves oddly?

The main­tainer pri­mar­ily uses TagTinker on Momentum firmware with as­set packs dis­abled and has not had is­sues in that setup. If you are us­ing a dif­fer­ent firmware branch, cus­tom as­set packs, or a heav­ily mod­i­fied de­vice setup, start by test­ing from a clean base­line.

What hap­pens if I pull the bat­tery out of the tag?

Many in­frared ESL tags store their firmware, ad­dress, and dis­play data in volatile RAM (not flash mem­ory) to save cost and en­ergy.

If you re­move the bat­tery or let it fully dis­charge, the tag will lose all pro­gram­ming and be­come un­re­spon­sive (“dead”). It usu­ally can­not be re­cov­ered with­out the orig­i­nal base sta­tion.

I found a bug or want to con­tribute — how can I get in touch?

You can con­tact me on:

I’m cur­rently trav­el­ing, so re­sponse times may be slower than usual. Feel free to open is­sues or Pull Requests any­way — con­tri­bu­tions (bug fixes, im­prove­ments, doc­u­men­ta­tion, etc.) are very wel­come and will help keep the pro­ject alive while I’m away.

TagTinker is built around the study of in­frared elec­tronic shelf-la­bel com­mu­ni­ca­tion used by fixed-trans­mit­ter la­bel­ing sys­tems.

* com­mu­ni­ca­tion is based on ad­dressed pro­to­col frames con­tain­ing com­mand, pa­ra­me­ter, and in­tegrity fields

* dis­play up­dates are car­ried as pre­pared pay­loads for sup­ported mono­chrome graph­ics for­mats

* lo­cal tool­ing in this pro­ject helps re­searchers pre­pare as­sets and per­form con­trolled ex­per­i­ments on au­tho­rized hard­ware

This pro­ject is in­tended to help re­searchers un­der­stand:

For the un­der­ly­ing re­verse-en­gi­neer­ing back­ground and deeper pro­to­col re­search, see:

TagTinker is lim­ited to home-lab and au­tho­rized re­search use, in­clud­ing:

It is not a re­tail tool, op­er­a­tional tool, or field-use util­ity.

You are solely re­spon­si­ble for en­sur­ing that any use of this soft­ware is law­ful, au­tho­rized, and ap­pro­pri­ate for your en­vi­ron­ment.

The main­tainer does not au­tho­rize, ap­prove, or par­tic­i­pate in any unau­tho­rized use of this pro­ject, and dis­claims re­spon­si­bil­ity for mis­use, dam­age, dis­rup­tion, le­gal vi­o­la­tions, or any con­se­quences aris­ing from such use.

If you do not own the hard­ware, or do not have ex­plicit writ­ten per­mis­sion to test it, do not use this pro­ject on it.

Any unau­tho­rized use is out­side the in­tended scope of this repos­i­tory and is un­der­taken en­tirely at the user’s own risk.

This is an in­de­pen­dent re­search pro­ject.

It is not af­fil­i­ated with, en­dorsed by, au­tho­rized by, or spon­sored by any elec­tronic shelf-la­bel ven­dor, re­tailer, in­fra­struc­ture provider, or sys­tem op­er­a­tor.

Any ref­er­ences to ex­ter­nal re­search, pub­lic doc­u­men­ta­tion, or re­verse-en­gi­neer­ing work are in­cluded strictly for ed­u­ca­tional and re­search con­text.

This pro­ject is a port and adap­ta­tion of the ex­cel­lent pub­lic re­verse-en­gi­neer­ing work by fur­rtek / PrecIR and re­lated com­mu­nity re­search.

Licensed un­der the GNU General Public License v3.0 (GPL-3.0).

See the LICENSE file for de­tails.

This soft­ware is pro­vided “AS IS”, with­out war­ranty of any kind, ex­press or im­plied.

In no event shall the au­thors or copy­right hold­ers be li­able for any claim, dam­ages, or other li­a­bil­ity aris­ing from the use of this soft­ware.

This repos­i­tory is main­tained as a nar­rowly scoped ed­u­ca­tional re­search pro­ject.

The main­tainer does not au­tho­rize, en­cour­age, con­done, or ac­cept re­spon­si­bil­ity for use against third-party de­vices, de­ployed com­mer­cial sys­tems, re­tail in­fra­struc­ture, or any en­vi­ron­ment where the user lacks ex­plicit per­mis­sion.

Your en­vi­ron­ment, your choice — de­ploy Trend Vision One™ as SaaS or cus­tomer hosted

See more

Stop ad­ver­saries with un­ri­valed vis­i­bil­ity, pow­ered by the in­tel­li­gence of XDR, Agentic SIEM, and Agentic SOAR to leave at­tack­ers with nowhere left to hide

Learn more

The most trusted cloud se­cu­rity plat­form for de­vel­op­ers, se­cu­rity teams, and busi­nesses

Learn more

Extend vis­i­bil­ity to the cloud and stream­line SOC in­ves­ti­ga­tions

Learn more

Secure your data cen­ter, cloud, and con­tain­ers with­out com­pro­mis­ing per­for­mance by lever­ag­ing a cloud se­cu­rity plat­form with CNAPP ca­pa­bil­i­ties

Learn more

Simplify se­cu­rity for your cloud-na­tive ap­pli­ca­tions with ad­vanced con­tainer im­age scan­ning, pol­icy-based ad­mis­sion con­trol, and con­tainer run­time pro­tec­tion

Learn more

Proactive Protection for Every Phase of the Software Development Lifecycle

Learn more

Defend the end­point through every stage of an at­tack

Learn more

Stop ad­ver­saries faster with a broader per­spec­tive and bet­ter con­text to hunt, de­tect, in­ves­ti­gate, and re­spond to threats from a sin­gle plat­form

Learn more

Optimized pre­ven­tion, de­tec­tion, and re­sponse for end­points, servers, and cloud work­loads

Learn more

Expand the power of XDR with net­work de­tec­tion and re­sponse

Learn more

Stop ad­ver­saries faster with a broader per­spec­tive and bet­ter con­text to hunt, de­tect, in­ves­ti­gate, and re­spond to threats from a sin­gle plat­form

Learn more

Protect against known, un­known, and undis­closed vul­ner­a­bil­i­ties in your net­work

Learn more

Ensure uni­fied vis­i­bil­ity and con­trol for every GenAI ser­vice, user, and in­ter­ac­tion

Learn more

Stay ahead of phish­ing, BEC, ran­somware and scams with AI-powered email se­cu­rity, stop­ping threats with speed, ease and ac­cu­racy

Learn more

End-to-end iden­tity se­cu­rity from iden­tity pos­ture man­age­ment to de­tec­tion and re­sponse

Learn more

Discover AI so­lu­tions de­signed to pro­tect your en­ter­prise, sup­port com­pli­ance, and en­able re­spon­si­ble in­no­va­tion

Learn more

Strengthen your de­fenses with the in­dus­try’s first proac­tive cy­ber­se­cu­rity AI - no blind spots, no sur­prises

Proactive AI Security

Harness un­par­al­leled breadth and depth of data, high-qual­ity analy­sis, cu­ra­tion, and la­bel­ing to re­veal mean­ing­ful, ac­tion­able in­sights

Learn more

Secure your AI jour­ney and elim­i­nate vul­ner­a­bil­i­ties be­fore at­tacks hap­pen — so you can in­no­vate with con­fi­dence

Learn more

Shaping the fu­ture of cy­ber­se­cu­rity through AI in­no­va­tion, reg­u­la­tory lead­er­ship, and trusted stan­dards

Learn more

Defend against na­tion-state threats, ac­cel­er­ate com­pli­ance, and se­cure hy­brid en­vi­ron­ments with AI-driven se­cu­rity

Learn more

Bolster your dig­i­tal se­cu­rity and pri­vacy with cy­ber in­sur­ance

Learn more

Outsmart cy­ber threats by prepar­ing with an Incident Response Plan

Learn more

How Trend can help es­tab­lish el­i­gi­bil­ity with mul­ti­ple ca­pa­bil­i­ties

Learn more

Stop threats with easy-to-use so­lu­tions de­signed for your grow­ing busi­ness

Learn more

Extend your team with trusted 24/7 cy­ber­se­cu­rity ex­perts to pre­dict, pre­vent, and man­age breaches.

Learn more

Augment threat de­tec­tion with ex­pertly man­aged de­tec­tion and re­sponse (MDR) for email, end­points, servers, cloud work­loads, and net­works

Learn more

Our trusted ex­perts are on call whether you’re ex­pe­ri­enc­ing a breach or look­ing to proac­tively im­prove your IR plans

Learn more

Stop breaches with the best re­sponse and de­tec­tion tech­nol­ogy on the mar­ket and re­duce clients’ down­time and claim costs

Learn more

Run real-world at­tack sce­nar­ios to build readi­ness and for­tify your de­fenses

Learn more

Grow your busi­ness and pro­tect your cus­tomers with the best-in-class com­plete, mul­ti­lay­ered se­cu­rity

Learn more

Stand out to cus­tomers with com­pe­tency en­dorse­ments that show­case your ex­per­tise

Learn more

Deliver proac­tive se­cu­rity ser­vices from a sin­gle, part­ner-cen­tric se­cu­rity plat­form built for MSPs, MSSPs, and DFIR teams

Learn more

We work with the best to help you op­ti­mize per­for­mance and value

Learn more

Discover re­sources de­signed to ac­cel­er­ate your busi­ness’s growth and en­hance your ca­pa­bil­i­ties as a Trend Micro part­ner

Learn more

Accelerate your learn­ing with Trend Campus, an easy-to-use ed­u­ca­tion plat­form that of­fers per­son­al­ized tech­ni­cal guid­ance

Learn more

Access col­lab­o­ra­tive ser­vices de­signed to help you show­case the value of Trend Vision One™ and grow your busi­ness

Learn more

Locate a part­ner from whom you can pur­chase Trend Micro so­lu­tions

Learn more

Real-world sto­ries and case stud­ies of how global cus­tomers use Trend to pre­dict, pre­vent, de­tect, and re­spond to threats

Learn more

See how cy­ber re­silience led to mea­sur­able im­pact, smarter de­fense, and sus­tained per­for­mance.

Learn more

Hear di­rectly from our users. Their in­sights shape our so­lu­tions and drive con­tin­u­ous im­prove­ment.

Learn more

Meet the peo­ple be­hind the pro­tec­tion — our team, cus­tomers, and im­proved dig­i­tal well-be­ing.

Learn more

Crowdstrike pro­vides ef­fec­tive cy­ber­se­cu­rity through its cloud-na­tive plat­form, but its pric­ing may stretch bud­gets, es­pe­cially for or­ga­ni­za­tions seek­ing cost-ef­fec­tive scal­a­bil­ity through a true sin­gle plat­form

Let’s go

Microsoft of­fers a foun­da­tional layer of pro­tec­tion, yet it of­ten re­quires sup­ple­men­tal so­lu­tions to fully ad­dress cus­tomers’ se­cu­rity prob­lems

Let’s go

Palo Alto Networks de­liv­ers ad­vanced cy­ber­se­cu­rity so­lu­tions, but nav­i­gat­ing its com­pre­hen­sive suite can be com­plex and un­lock­ing all ca­pa­bil­i­ties re­quires sig­nif­i­cant in­vest­ment

Let’s go

Under Attack?

Content has been added to your Folio

The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables

An OAuth sup­ply chain com­pro­mise at Vercel ex­posed how trusted third party apps and plat­form en­vi­ron­ment vari­ables can by­pass tra­di­tional de­fenses and am­plify blast ra­dius. This ar­ti­cle ex­am­ines the at­tack chain, un­der­ly­ing de­sign trade­offs, and what it re­veals about mod­ern PaaS and soft­ware sup­ply chain risk.

A com­pro­mised third‑party OAuth ap­pli­ca­tion en­abled long‑lived, pass­word‑in­de­pen­dent ac­cess to Vercel’s in­ter­nal sys­tems, demon­strat­ing how OAuth trust re­la­tion­ships can by­pass tra­di­tional perime­ter de­fenses.

The im­pact was am­pli­fied by Vercel’s en­vi­ron­ment vari­able model, where cre­den­tials not ex­plic­itly marked as sen­si­tive were read­able with in­ter­nal ac­cess - mean­ing that for any team whose ac­cess was com­pro­mised, non-sen­si­tive en­vi­ron­ment vari­ables were ex­posed with­out ad­di­tional con­trols.

This in­ci­dent fits a broader 2026 con­ver­gence pat­tern (LiteLLM, Axios) in which at­tack­ers con­sis­tently tar­get de­vel­oper‑stored cre­den­tials across CI/CD, pack­age reg­istries, OAuth in­te­gra­tions, and de­ploy­ment plat­forms.

Effective de­fense re­quires ar­chi­tec­tural change: treat­ing OAuth apps as third‑party ven­dors, elim­i­nat­ing long‑lived plat­form se­crets, and de­sign­ing for the as­sump­tion of provider‑side com­pro­mise.

MNT Reform is an open hard­ware lap­top, de­signed and as­sem­bled in Berlin, Germany.

2023.04.17: mnt re­form #000120 is now be­ing of­fered as a loaner by sdf.org.

The track­ball can press against the screen when the lid is closed, caus­ing a small mark to ap­pear on the screen.

Lid, screen bezel, key­board frame, and wrist rest are made from milled alu­minium. Side pan­els and trans­par­ent bot­tom panel are made from acrylic.

Screws in the LCD bezel are not cov­ered, and over time the one in the cen­ter can start to rub the paint off of the wrist rest.

My friend kindly sent me a pair of metal re­place­ment side pan­els. First I tried paint­ing them with a paint brush and a bot­tle of Vanta Black. This flaked off eas­ily, so I sanded them down and re­painted them with black spray­paint (satin fin­ish). Managed to chip that as well dur­ing in­stal­la­tion. I don’t know what I’m do­ing.

2022.03.03 Update: MNT has now made avail­able steel re­place­ment side pan­els.

2022.04.27 Update: I ended up just stretch­ing the orig­i­nal molex an­tenna down un­der the track­ball, which im­proved re­cep­tion even more than buy­ing an ex­pen­sive new an­tenna. Because of its shape and the ori­en­ta­tion of its ca­bles, the Laird an­tenna would­n’t quite reach.

io­gear gwu637 eth­er­net to wifi n adapter - for op­er­at­ing sys­tems where wifi does­n’t (yet) work

piña­tex sleeve - note: pull tabs broke off in the first week

2022.02.22 Update: MNT sent me a re­place­ment sleeve with new, all-metal zip­per pulls that are now stan­dard equip­ment on the sleeve.

2022.07.16 Update: One of the all-metal zip­per pulls shat­tered as I tried to un­zip the sleeve.

mbk-col­ors: 1u and 1.5u hom­ing - re­place­ment key caps, some with raised edges to help with ac­cli­mat­ing to the non-stan­dard key­board lay­out

void linux -

sd­card im­age (does not boot on my ma­chine)

By de­fault, the speaker out­put of MNT Reform is a bit quiet, and

chang­ing the vol­ume with PulseAudio won’t dra­mat­i­cally change it.

There’s one more knob you can turn up that is only ac­ces­si­ble via

ALSA.

Open a Terminal and type al­samixer. Then press F6 and se­lect

the wm8960-au­dio card. Navigate with Cursor keys to the Playback

slider and turn it up

Well, there is no wm8960-au­dio listed on my sys­tem, only (default). And Master is al­ready cranked to 100. Investigating, I no­ticed:

sl@re­form:~$ dmesg | grep 8960

[ 3.613559] wm8960 2-001a: Failed to is­sue re­set

Usually a re­boot gets the au­dio go­ing for me if I see failed to is­sue

re­set (happens on boot­ing from power off). Lukas spec­u­lates on a fix

here[1] and an­other per­son[2] pro­vided this line in or­der to re­bind the

de­vice with­out a re­boot:

echo 2-001a > /sys/bus/i2c/drivers/wm8960/bind

I was able to repli­cate the is­sue and test the above line out just

now. I had to “sudo su” first. Then the au­dio de­vice showed up in

al­samixer again just fine.

This worked for me, as well.

Update 2022.06.20: After nu­mer­ous up­dates, sound no longer works for me in Alpine Linux.

echo 0 > /sys/class/leds/ath9k-phy0/brightness # needs root per­mis­sions