10 interesting stories served every morning and every evening.

Swipe left to beginPress right arrow to begin

Claude Fable 5 and Claude Mythos 5

www.anthropic.com

2,480 shares · 82 trendiness

Today we’re launching Claude Fable 5: a Mythos-class1 model that we’ve made safe for general use.

Fable 5’s capabilities exceed those of any model we’ve ever made generally available. It is state-of-the-art on nearly all tested benchmarks of AI capability, showing exceptional performance in software engineering, knowledge work, vision, scientiﬁc research, and many other areas. The longer and more complex the task, the larger Fable 5’s lead over our other models.

Releasing a model this capable comes with risks. Without safeguards, Fable 5’s capabilities in areas like cybersecurity could be misused to cause serious damage. We’ve therefore launched the model with safeguards that mean queries on some topics will instead receive a response from our next-most-capable model, Claude Opus 4.8. To release the model both safely and quickly, we’ve tuned these safeguards conservatively—they’ll sometimes catch harmless requests, though they trigger, on average, in less than 5% of sessions. With more capable models arriving in the coming months, we’re working to improve our safeguards and reduce false positives as quickly as we can.

For a small group of cyberdefenders and infrastructure providers, we’re also launching Claude Mythos 5. It’s the same underlying model as Fable 5, but with the safeguards lifted in some areas.2 Mythos 5 will initially be deployed through Project Glasswing, in collaboration with the US government, as an upgrade to Claude Mythos Preview. It has the strongest cybersecurity capabilities of any model in the world. Soon, we intend to expand access to Mythos 5 through a broader trusted access program.

The capabilities of models like Fable 5 and Mythos 5 have the potential to do profound good for the world. We’ve seen the beginnings of this in Project Glasswing, where the models have helped cyber defenders secure critically important software. We’ve also seen it in life sciences research, where the models are positing novel hypotheses and speeding up the development of new therapeutics.

Fable 5 and Mythos 5 are being offered at $10 per million input tokens and $50 per million output tokens—less than half the price of Claude Mythos Preview. Today’s joint launch is another step towards our goal of bringing advanced AI capabilities to as many users as possible, as quickly and as safely as we can.

The table below compares the capabilities of Fable 5 and Mythos 5 to other leading models.

Fable 5 and Mythos 5 can work autonomously for longer than any previous Claude models. Below we discuss how these skills apply to software engineering, and cover the model’s improved capabilities in knowledge work, vision, memory, and life sciences research.

Software engineering. During early testing, Stripe reported that Fable 5 compressed months of engineering into days. In a 50-million-line Ruby codebase, the model performed a codebase-wide migration in a day that would otherwise have taken a whole team over two months by hand. Fable 5 is also more token-efﬁcient than past Claude models: on Cognition’s FrontierCode evaluation, which tests whether models can pass difﬁcult coding tasks while meeting the standards of high-quality production codebases, Fable 5 scores highest among frontier models, even at medium effort.

Knowledge work. Fable 5 shows strong performance on complex analytical tasks. On Hebbia’s Finance Benchmark for senior-level reasoning, Fable 5 has the highest score of any model, with substantial gains in document-based reasoning, chart and table interpretation, and problem solving. IMC noted that Fable 5 aced their trading-analysis evaluations nearly across the board, including factual lookup, conceptual reasoning, root-cause analysis, and expected-value analysis.

Vision. Fable 5 is the new state-of-the-art model for tasks involving vision. It can extract precise numbers from detailed scientiﬁc ﬁgures and can perform complex vision-based tasks like rebuilding a web app’s source code from screenshots alone. It also needs less scaffolding: for example, previous Claude models struggled to play Pokémon FireRed even with harnesses that gave them additional helpful tools, but Fable 5 beat FireRed with a minimal, vision-only harness.

Memory and long-context. Fable 5 stays focused across millions of tokens in long-running tasks and improves its outputs using its own notes. When we had the model play the deck-building game Slay the Spire, giving it access to persistent ﬁle-based memory improved its performance three times more than for Opus 4.8; Fable also reached the game’s ﬁnal act three times more often.

Drug design: Using Mythos 5, our internal protein design experts accelerated aspects of the drug design process by around ten times. In one example, they found that Mythos 5, with protein design and bioinformatics tools but no human assistance, matches or beats skilled human operators. In doing so, the model executes all of the tasks that are normally completed by a scientist: choosing binding sites, selecting and running protein design tools, and recovering from failures along the way. Nine of the 14 protein targets from this study (shown below) yielded strong candidates for drug design that we’re currently investigating.

Novel hypotheses in molecular biology. Mythos 5 is our ﬁrst model to consistently produce novel, compelling scientiﬁc hypotheses. In blinded head-to-head comparisons against Opus-class models, our scientists preferred Mythos’s molecular biology hypotheses ~80% of the time, and have advanced several to experimental evaluation. In the meantime, one Mythos hypothesis—a novel mechanism for an E. coli protein—was corroborated in a study from a lab independently working on the same problem.

Novel research in genomics. Mythos 5 conducted novel genomics research in over a week of largely autonomous work. It assembled single-cell data for millions of cells spanning 138 animal species and designed and trained a custom machine learning model to identify cells performing the same role in even distantly related organisms. With only high-level human input, Mythos 5’s trained model outperformed a recent model published in the journal Science—despite being 100 times smaller. We intend to publish these results in the coming months.

Alignment. In our automated alignment assessment we found that Mythos 5’s level of misaligned behavior (including misaligned actions taken by the model such as deception, and cooperation with misuse of the model by a user) was low, and similar to that of Opus 4.8. Given they are the same underlying model, Fable 5’s level of alignment will be similar. The assessment is described in full, along with a detailed suite of other safety and capabilities tests, in the model’s system card.

Early feedback for Claude Fable 5

Customers with early access ran their own tests on Fable 5. Below, in their words, is a selection of what they’re seeing:

Claude Fable 5 is the state of the art model on CursorBench. It’s opened up a class of long-horizon problems that were out of reach for earlier models.

Claude Fable 5 is a real step forward for the developers GitHub serves. In our early testing, it took on complex, long-horizon coding tasks with a level of autonomy and reliability that exceeded previous benchmarks. But what excites us most is the direction it points: a future where developers can hand increasingly ambitious work to agents and trust the results across the software lifecycle.

These are the strongest results of any Claude model we’ve had the opportunity to test. Claude Fable 5 is a clear step forward on agentic coding and prototyping.

Claude Fable 5′s reasoning is a clear step beyond Opus 4.8. It works at senior research scientist grade — picking directions, allocating resources, killing its incorrect beliefs, and producing novel ﬁrst-principles outputs.

Claude Fable 5 understands what builders mean, not just what they type. Apps that took a hundred prompts a year ago, it now one-shots. When a customer really hits a wall, it’s the model we reach for to get them past it quickly, so they can ﬁnish what they set out to build.

Claude Fable 5 feels materially different. In blind review, our lawyers found its redlines matched or beat our current model every time.

At the highest effort, Claude Fable 5 reﬂects on and validates its own work. For us, that’s what makes highly autonomous operations possible — the extra thinking pays for itself.

Claude Fable 5 delivers more capable engineering in fewer turns than prior models — handling the complex multi-agent workﬂows our employees run daily in Claude Code.

Claude Fable 5 is the highest-scoring model on FrontierBench, Cognition’s frontier coding eval. It excels at long-horizon reasoning and generalizes to unfamiliar tools out of the box.

Claude Fable 5 is the strongest ﬁnance-ﬁrst model we’ve tested, both on general ﬁnance and reasoning. It’s a notable step up.

Claude Fable 5 is the ﬁrst to break 90% on our core analytics benchmark of complex, long-running analytical tasks — a 10-point jump over Opus. On the hardest questions, it shows strong judgment and attention to nuance.

Claude Fable 5 is the strongest model we’ve tested on frontier physics research while using a third of the reasoning tokens. In 36 hours it got nearly to where GPT-5.5 landed after four days.

On ViBench, our end-to-end vibe-coding benchmark, Claude Fable 5 is the highest-performing model we’ve tested — nearly saturating our base use cases and building apps in less time with fewer tokens.

Claude Fable 5 beats Opus 4.8 on our everyday spreadsheet suite at every effort level — and it does it with fewer turns, ﬁnishing runs 25 – 30% faster.

01 /

Claude Fable 5’s new safeguards

Mythos-class models have reached a threshold where they present significant risks. In April we began Project Glasswing, releasing the ﬁrst Mythos-class model (Claude Mythos Preview) to only a limited group of cyber defenders and critical software infrastructure providers. When we did so, we stated that we hoped to eventually release Mythos-level capabilities to all our users, so long as we had developed new safeguards that were strong enough to reliably prevent misuse.

Over the past few months we have been improving these safeguards, and they are now robust enough for a general release. Because we have prioritized safety, we’ve deliberately tuned the safeguards to be cautious, and they are still stricter than would be ideal—for example, sometimes benign requests will trigger our classiﬁers. We recognize that this will be frustrating to some users, and our aim is to reduce false positives as we update and reﬁne the safeguards after launch.

Below we discuss each of Fable 5’s new safeguards in turn. Our wider suite of safeguards is discussed and evaluated in the model’s system card and our most recent risk report.

Safety classiﬁers

The frontier cybersecurity and research biology capabilities of Mythos-class models mean that they pose a substantial risk of uplift to malicious actors. That is, these models could provide information or advice that assists those actors in causing serious harm that they couldn’t have received from other sources (for example, from internet search engines). Furthermore, a great deal of advanced usage of AI models is dual use: the same queries that are beneﬁcial in the hands of cybersecurity professionals and biology researchers could be dangerous if available to malicious actors.

We therefore need strong safeguards to prevent misuse, and their coverage needs to be broad. The safeguards themselves have to stand up to sustained and sophisticated attempts to bypass them (also known as “jailbreaking” the system). The uplift from Mythos-level capabilities is valuable to many adversaries—for instance, those who could ﬁnancially gain from cyberattacks—and we therefore expect them to be motivated to try to circumvent our safety measures.

Fable 5 comes with a new set of classiﬁers: separate AI systems that detect potential misuse, including jailbreak attempts, and prevent the main model (in this case Fable 5) from responding. We’ve been running classiﬁers on our models for some time, and Fable 5’s classiﬁers are an extension of this previous work with extra coverage.

When Fable’s classiﬁers detect a request related to cybersecurity, biology and chemistry, or distillation, the response is automatically handled by Claude Opus 4.8 instead. Users will be informed whenever this occurs. Opus 4.8 is a highly capable model in its own right: a response that falls back to Opus is a far better experience than an outright refusal from Fable. Our early data shows that more than 95% of Fable sessions involve no fallback at all—for those sessions, Fable 5’s performance is effectively the same as that of Mythos 5.

The following are the areas covered by the classiﬁers:

1. Cybersecurity. Mythos-class models excel at discovering and exploiting software vulnerabilities. They can thus make cyberattacks substantially easier and cheaper to commit. Mythos-class models also show strong skills in agentic hacking. This involves performing multiple different parts of a cyberattack in addition to ﬁnding exploits—reconnaissance, discovery, lateral movement, and more. To prevent these agentic hacking skills providing uplift in cyberattacks, we designed our cybersecurity classiﬁers to cover both exploitation and offensive cyber tasks in a broader sense. As shown in the graph below, our classiﬁers prevent Fable from making any progress on these tasks.

We extensively red-teamed our classiﬁers to test their robustness against jailbreaks. As well as internal testing, we ran an external bug bounty that produced no universal jailbreaks in over 1,000 hours of testing. External red-teaming organizations we engaged also failed to ﬁnd any universal jailbreaks on long-form agentic tasks so far—although the UK AISI has made progress towards one within a brief initial testing window.4 It is likely impossible to completely prevent universal jailbreaks, but our goal is to make any remaining jailbreaks sufﬁciently slow and costly that we can detect and prevent them before they are used at scale.

The graph below, from one of our internal evaluations, illustrates how Fable 5’s safeguards give it greater resistance to jailbreaks than our previous generally accessible models:

One of our external partners found that Fable 5’s safeguards against harmful cyber queries were the most robust of any model tested (including Opus 4.8 and Opus 4.7). Fable 5 complied with zero harmful single-turn requests relating to planning a cyberattack, exploit development, or defense evasion. This held whether or not one of the requests used any of 30 different public jailbreak techniques.

2. Biology and chemistry. We have long used our classiﬁers to block our models from responding on a narrow selection of bioweapons-related queries. But we are no longer certain that blocking this narrow selection is enough. This is for two reasons: ﬁrst, we have reason for concern about well-resourced malicious actors attempting to gain uplift from our models for highly risky biological research. Second, models now have a greater ability to accomplish real-world scientiﬁc tasks.

For example, we tested Mythos 5’s ability to complete a challenging step in designing adeno-associated viruses (AAVs). AAVs are a component for delivering gene therapies, but the same capability, in the wrong hands, could enable the design of dangerous viruses. In this task, various AI models were evaluated on their ability to predict how a genetic modiﬁcation would impact the assembly of the virus’s outer shell (among a set of therapeutically-relevant unpublished candidates developed by Dyno Therapeutics). We did not explicitly train our models to perform this task—and yet Mythos-class models outperformed sophisticated models dedicated to protein tasks (known as “protein language models”) using their biological reasoning alone. This demonstrates a promising ability to complete simple but important tasks in gene therapy research and development—but also highlights the risk posed by such dual-use capabilities.

Our priority was to safely release Fable as soon as we could, even at the cost of overly broad safeguards. Therefore, for the time being we have arranged for Fable to fall back to Opus 4.8 on most requests related to biology and chemistry. As with all of our classiﬁers, we hope to narrow these safeguards as soon as possible: as can be seen from the evidence above, there is great potential for positive applications of Fable for science, and we do not want false positives from our classiﬁers to get in the way. In the coming weeks, some biomedical researchers and companies will be able to join our trusted access program for biology capabilities in Mythos 5 (discussed below).

3. Distillation. We’ve previously identiﬁed large-scale attempts to extract (“distill”) Claude’s capabilities to train competing models in authoritarian countries. Distillation of Fable 5’s abilities could indirectly lead to the proliferation of near-frontier AI capabilities—and these could be released without the appropriate safeguards. Requests that are ﬂagged by our classiﬁers as being part of such distillation attempts will fall back to Opus 4.8.

A new data retention policy

Finally, we’re making a change to the way we handle business customer data for Fable 5, Mythos 5, and future models with similar or higher capability levels. We will require 30-day retention for all trafﬁc on Mythos-class models, on both ﬁrst- and third-party surfaces. We won’t use this data to train new Claude models, or for any non-safety-related purpose, and we’ve instituted new privacy protections including logging all human access to the data and ensuring its deletion after 30 days in almost all cases (see this post for further details). The data will help us defend against complex and novel attacks (including new jailbreaks and attacks that operate across many requests) as well as help us identify and reduce false positives.

Claude Mythos 5 and the trusted access program

Beginning today, all users who currently have access to Claude Mythos Preview (for example, our cybersecurity partners in Project Glasswing) will be able to upgrade to Claude Mythos 5—the same model as Claude Fable 5 but with cyber safeguards lifted. Users will ﬁnd Mythos 5 comparable to, or somewhat stronger than, Mythos Preview in most cases, while costing substantially less.

In consultation with the US government, we plan to steadily expand access to Claude Mythos 5, continuing our periodic addition of new partners, as well as pursuing a trusted access program that allows cybersecurity organizations to apply in a more systematic manner.

Our plans also include opening a trusted access program for biology, to help accelerate biomedical research and discover new therapies with Mythos-class capabilities. This program will provide access to Fable 5 with the biology and chemistry safeguards removed (but the cyber safeguards still in place). It will enroll a small number of researchers from a variety of life science organizations spanning fundamental and translational research; we’re planning to expand access to this program while simultaneously making our safeguards better.

Availability

Claude Fable 5 is available everywhere today. Claude Mythos 5 is restricted to Glasswing partners (with cyber safeguards lifted) and soon to select biology researchers (with biology and chemistry safeguards lifted) only, until our broader trusted access program is available.

Pricing for both models is $10 per million input tokens and $50 per million output tokens. Developers can use claude-fable-5 via the Claude API.

We expect demand for Fable 5 to be very high, and difﬁcult to predict. On the Claude API and consumption-based Enterprise plans, Fable 5 is fully available from today. For subscription plans, we’d rather give access sooner than later, so we’re rolling out more conservatively, in stages:

From today through June 22, Fable 5 is included on Pro, Max, Team, and seat-based Enterprise plans at no extra cost.

On June 23, we’ll remove Fable 5 from those plans. Using it after that will require usage credits. If capacity allows, we’ll extend the included window.

After this point—when sufﬁcient capacity allows us to do so—we aim to restore Fable 5 as a standard part of subscription plans. We intend to do this as quickly as we can.

Throughout this period, we’ll communicate any changes ahead of time so users know where things stand.

Edit June 9, 2026: Updated the discussion of AAVs to note that the candidates were developed by Dyno Therapeutics.

S&P 500 rejects SpaceX, also blocking entry for OpenAI and Anthropic

arstechnica.com

1,394 shares · 57 trendiness

Such rule changes would have accommodated SpaceX’s plan to only offer approximately 3 percent of its IPO shares to public investors, and the fact that SpaceX is currently unprofitable with a growing debt load that has reached $29 billion because of its spending spree on AI infrastructure.

But in its ﬁnal decision, the S&P Dow Jones Indices stated that “no changes will be made to the eligibility criteria including ﬁnancial viability screens, seasoning period, or minimum IWF.” Even after the standard yearlong wait, SpaceX, Anthropic, and OpenAI may struggle to deliver the consistent profitability necessary to qualify for the S&P 500.

Money rules and exceptions

Swift entry into the S&P 500 would have triggered $14 billion of passive fund buying for SpaceX, according to Bloomberg Intelligence. The investment research arm of Bloomberg also estimated that OpenAI could have gained more than $8 billion, and Anthropic could have netted $4.6 billion from similar passive buying sprees triggered by their S&P 500 entries.

This is because $7.5 trillion in passively managed funds—popular among both individual investors and institutional investors—follow the S&P 500 by purchasing shares of companies according to their proportional representation in the S&P 500 index. For example, the Vanguard and Fidelity brokerage giants both offer passive investment funds that track the S&P 500 composition.

However, the S&P Dow Jones Indices did “carve out one concession” by changing the investable weight factor rules for “lower-proﬁle benchmarks” such as the S&P Total Market Index and Dow Jones US Total Stock Market Index, according to Quartz. That could allow an IPO faster entry into those indexes.

By contrast, the Nasdaq stock exchange changed its rules to allow SpaceX to enter the Nasdaq-100 Index within 15 trading days as opposed to the usual three months. Similarly, the FTSE Russell index provider decided to give SpaceX and other follow-on companies accelerated entry to the Russell Top 500 Index after the close of the ﬁfth trading day following an IPO.

The denial of accelerated S&P 500 entry for SpaceX comes just days after Morningstar analysts described SpaceX as having been “signiﬁcantly overvalued” in the lead-up to its IPO. The investment research ﬁrm valued SpaceX at $780 billion—less than half of SpaceX’s $1.75 trillion IPO goal—primarily based on the strengths of SpaceX’s Starlink satellite service and rocket launch business.

This story was updated on June 6, 2026 to more clearly describe the proposed rule changes that would have applied to all MegaCap companies.

Read more Read the original on arstechnica.com →

Read the original on arstechnica.com →

6.0.0

brew.sh

1,223 shares · 64 trendiness

Today, I’m proud to announce Homebrew 6.0.0. The most significant changes since 5.1.0 are a new tap trust security mechanism, the new faster, smaller, default internal Homebrew JSON API, sandboxing on Linux, better defaults informed by our user survey, many brew bundle improvements, improved performance and initial support for macOS 27 (Golden Gate).

✨ Highlights since 5.1.0

🔐 Tap trust

Homebrew 6.0.0 introduces tap trust. A third-party tap can contain arbitrary, unsandboxed Ruby that runs on your machine, so Homebrew now requires taps (and tap-qualiﬁed formulae and casks) to be explicitly trusted before their code is evaluated or run. This reduces the risk from malicious or compromised taps while leaving the ofﬁcial Homebrew taps trusted by default. See the new Tap-Trust documentation for details.

Homebrew enforces initial tap trust so untrusted taps are ﬂagged before their code runs, trusts qualiﬁed tap items before install, stops auto-tapping untrusted taps, pins tap allow, forbid and trust lists to remotes and uses tap trust when evaluating all formulae and casks.

brew tap gains commands for managing tap trust, can trust a tap by its remote URL, brew trust adds a –json=v1 ﬂag and brew tap-info adds a trusted ﬁeld.

brew bundle honours the trusted: option and brew bundle dump records trusted bundle entries, marking custom-remote taps as trusted.

docs.brew.sh has new pages, including Tap-Trust, explaining Homebrew’s new tap trust model, and Homebrew trusts taps in test-bot.

⚡ Default internal JSON API

The internal JSON API is now the default, advancing the smaller API that Homebrew re-enabled and turned on for developers recently. It combines all Homebrew’s metadata into a single download, so brew updates faster and talks to the network less. It was opt-in via HOMEBREW_USE_INTERNAL_API since 5.0.0; that variable is now deprecated (see below).

🐧 Linux sandbox

The Linux Bubblewrap sandbox aligns Linux with macOS, where build, test and postinstall phases already run sandboxed. It is on by default for developers, Homebrew moved its macOS sandbox logic to share code, improved Linux sandbox behaviour (with Homebrew/homebrew-core setting the sandbox env in CI), hardened sandboxed install phases, sandboxed cask executable hooks, allowed logs in the build sandbox, installed Bubblewrap on hosted Ubuntu and skips sandbox setup for syntax-only jobs.

⚙️ Better defaults

Following our Homebrew user survey, we have made many changes based on the results. The most notable is making ask mode the default for developers, so brew install and brew upgrade show a dependency summary and conﬁrmation prompt before making changes.

Homebrew adds ask dependency plans and cask support, accepts one-key ask conﬁrmations and aligns ask dry-run prompts.

Homebrew fetches ask upgrades together, prints the ask upgrade summary sooner, skips the upgrade ask prompt when empty, adds a ﬁnal brew upgrade summary and explains the upgrade metadata fetch.

📦 brew bundle

brew bundle gains many improvements, most notably parallel formula installation that now runs jobs automatically by default, plus npm and krew extensions, wider cleanup support and, on Windows, winget support.

Homebrew adds cleanup support to npm, cargo, go and uv extensions and asks before removing during cleanup.

Homebrew runs brew bundle krew via kubectl-krew directly, respects CARGO_HOME and friends for cargo, adds a –describe ﬂag to brew bundle add and tries mas install before falling back to mas get.

Homebrew adds bundle type disable ﬂags, improves check guidance and checks formula link status.

Homebrew serialises formula locks, makes non-core DSLs a single ﬁle, removes description comments from brew bundle/remover and avoids parsing the output of brew services list.

brew bundle performs npm installs more securely.

🏎️ Performance

Homebrew is faster across the board, with startup performance tweaks, a ~30% faster brew leaves, parallelised bottle tab fetching on upgrade and less work loading Ruby libraries at startup.

🍎 macOS 27 (Golden Gate)

Homebrew adds initial support for macOS 27 (Golden Gate).

🔮 Upcoming changes

macOS 27 (Golden Gate) drops Intel support, so per our Support Tiers: in September 2026, macOS Intel x86_64 moves to Tier 3 with no CI support and no new bottles (binary packages) built for macOS Intel; in September 2027, macOS Intel x86_64 will be unsupported entirely and all related code deleted.

The master to main migration begun in 4.6.0 continues: more repositories no longer update master, GitHub Actions warn @master users to migrate to @main and the sync-default-branches workﬂows are removed from Homebrew/homebrew-cask and Homebrew/homebrew-core.

Casks that fail macOS Gatekeeper checks, deprecated in 5.0.0, remain on track to be disabled in September 2026.

🔒 Security

🚨 Security advisories

Homebrew published three security advisories:

The POST download strategy bypassed the documented HTTPS-to-HTTP redirect protection by discarding the resolved URL (GHSA-7699-qf8c-q47m), ﬁxed by enforcing secure redirects.

Root code execution was possible via Git hooks in the macOS .pkg postinstall (GHSA-6689-q779-c33m), ﬁxed by cleaning Homebrew git state and replacing the installer git directory.

The macOS installer package trusted a user-controlled /var/tmp plist and could assign Homebrew ownership to a local attacker (GHSA-59v8-x8q4-px5c), ﬁxed by tweaking the macOS .pkg package-user plist handling.

🛡️ Other security improvements

Homebrew ﬁlters sensitive environment variables during Ruby evaluations and defers HOMEBREW_* environment secrets to download time.

Homebrew runs forbidden checks for casks and formulae before download and lets you require checksums for casks with HOMEBREW_CASK_OPTS_REQUIRE_SHA.

Homebrew links to a shared security policy.

🗑️ Deprecations

Homebrew deprecates default opt-ins.

Homebrew deprecates now-default bundle and internal API environment variables such as HOMEBREW_BUNDLE_NO_SECRETS and HOMEBREW_USE_INTERNAL_API.

Homebrew marks unused options for deprecation.

Various other Homebrew 6.0.0 deprecations.

Homebrew’s SBOM support is now opt-in with HOMEBREW_SBOM.

🎁 Features

🖥️ Casks

Homebrew can pin casks and supports casks in brew missing.

Homebrew adds AppImage support for Linux and implements a Linux freedesktop trash for casks.

Homebrew improves cask upgrades by sharing upgrade download queues, moving upgrade summaries before fetch, adding a quit opt-out and reopening closed apps during upgrade.

Homebrew improves auto_updates casks: improving how they update, reﬁning the behaviour further, gating auto-updates behind opt-in and upgrading them when the bundle version is stale.

cask adds a generate_completions_from_executable DSL artifact and includes resolved artifact targets in JSON output.

Homebrew shows a cask version transition in per-cask upgrade output, skips valid cached cask fetches, speeds up cask backup copies and has caskroom use the user’s primary group on Linux.

brew doctor and brew cleanup handle corrupt Caskroom directories.

💻 Operating system support

Homebrew makes Linux cask requirements explicit, aligns cask macOS dependencies, supports bare depends_on :macos in casks, tracks macOS support explicitly and emits Linux variations for casks with Linux checksums.

Homebrew adds a maximum macOS for cask dependencies. Homebrew/homebrew-cask adopts the new depends_on maximum_macos: syntax and ﬁxes its macOS dependencies in Homebrew/homebrew-cask and Homebrew/homebrew-core.

Homebrew adds M5 and M5 Pro/Max CPU recognition and caps the OCLP tier when macOS is outdated.

Homebrew labels WSL analytics, shows the Windows build on WSL in brew conﬁg and moves the wsl? boolean from OS::Linux up to the OS module.

🚰 Taps

Homebrew recognises more equivalent tap remote forms, ignoring a .git sufﬁx when matching GitHub remotes and consolidating tap remote normalisation. (and more)

Homebrew handles formulae and casks more uniformly across commands, installs explicitly requested taps and stops implicit tap installation.

Homebrew uses worktrees for local core taps and blocks worktree updates.

Homebrew shares full-name parsing helpers and uses full-name helpers for split names.

ℹ️ brew info and brew tap-info

brew info output is clearer: more consistent and helpful, with a Binaries section listing executables, a clearer recursive runtime dependencies line, clearer same-named conﬂicts and shadowed formulae and a list versions JSON output.

brew info shows installed state better: the upgrade target for outdated @-versioned formulae, installed dependents with –verbose, deprecated and disabled packages in install status, installed formulae resolved from the receipt’s tap with a shadowing warning, the installed version and an upgrade hint on the headline, other installed versions and an installed info inventory.

brew info and brew tap-info skip the uninstalled marker when not a problem, show more tap info for packages and brew tap-info lists formulae and casks.

brew which-formula shows install status and Homebrew shows quarantine script usage.

🆕 New commands, ﬂags and output

brew exec is a new command, like npx, that supports formulae environments.

brew as-console-user is a new command for running Homebrew as the right user under MDM/root environments and brew update <formula> is aliased to upgrade.

Homebrew tidies help and completions: omitting aliases from completions, hiding HOMEBREW_CASK_OPTS_* from help, hiding maintainer commands and hiding hide_from_man_page commands from brew commands.

Homebrew avoids install warning annotations and warns when formula executables are shadowed on PATH.

🧊 Cooldowns, livecheck and bumping

Homebrew adds download cooldowns for Bundler, RubyGems livecheck, npm and pip defaults, PyPI resource resolution and npm and PyPI in bump to avoid upstream supply-side security risks.

Homebrew prints bump skip status, messages and errors and checks RubyGems licences.

Homebrew respects livecheck throttle days in audit, adds livecheck throttling by days and speeds up the formula throttle days check.

⬇️ Downloads and fetching

brew fetch –all-platforms fetches every variant, Homebrew prints download error details when using concurrency, preserves partial downloads on network errors, avoids cached manifest downloads and hints when a download is HTML, not a binary.

Homebrew avoids redundant Caskroom chgrp.

🛎️ Services

Homebrew starts systemd timers for services, creates service path directories automatically (with Homebrew/homebrew-core adopting the new service path creation logic) and audits redundant service path setup.

brew services no longer fails to load with –sudo-service-user.

🧪 Formulae and packaging

Homebrew adds the VCS revision as scm_revision in the tab, supports in-repository patch ﬁles, supports CPS metadata directories and includes patches in formula to_hash.

Homebrew respects installed dependents during autoremove and cross-checks autoremove candidates against formula definitions.

🪜 Install steps framework

The install steps framework expresses common postinstall, preﬂight and postﬂight behaviour as ordered, literal-only DSL data that is exposed through the JSON APIs. Where a formula or cask only does simple ﬁle preparation, it no longer needs to download and evaluate a Ruby ﬁle at install time. Homebrew adds formula install steps, cask install steps, an audit for formula install steps, install step rebuild actions, rebuild step methods, rebuild step RuboCop checks and an audit of cask ﬂight step conversions; homebrew/core and homebrew/cask adopt the new DSLs (post_install_steps, postinstall and ﬂight steps). In homebrew/core and homebrew/cask this covers a large share of post_install and *ﬂight blocks (creating directories, touching markers, moving and symlinking ﬁles), with more operation types planned.

🔀 Other changes

brew vulns is a new Homebrew tap and subcommand that checks installed packages for known vulnerabilities 🔒.

Homebrew warns for Nix-managed Homebrew.

🧹 Internals, typing and refactors

Homebrew replaces brew which-update, uses an AST for source rewrites and enforces public API visibility and docs.

Homebrew reworks command parsing: parser subcommand scaffolding, converting the bundle, services and remaining subcommands, scoping subcommand option constraints and usage help, and no longer restricting global options to subcommands.

Homebrew limits Sorbet runtime defaults and limits recursive Sorbet in test-bot.

🛠️ Continuous integration and developer tooling

The Ubuntu 24.04 CI migration ﬂagged in 5.1.0 for 6.0.0 has now landed, raising the Linux baseline.

Read more Read the original on brew.sh →

Read the original on brew.sh →

container/docs/container-machine.md at main · apple/container

github.com

1,190 shares · 45 trendiness

Container machine provides a highly integrated Linux environment that works seamlessly on your Mac. Container machines are fast, lightweight and persistent. They are based on standard OCI images that can be built and shared. Host integrations such as automatic user and home directory sharing provide quick and easy access to your Linux environment no matter where you are in a terminal.

Why container machines

Containers are typically modeled after an application. A container machine is modeled after a Linux environment. It runs the image’s init system allowing you to register long running services or test your application under a process supervisor. A container machine automatically maps your username and home directory into the Linux environment. Your repositories and dotﬁles are available on both platforms. Use editors and tools directly on macOS simultaneously building and running your application inside of the Linux environment.

Edit on the Mac, build inside. Your repo lives in $HOME on macOS and is mounted at /Users/<username> inside the container machine. Use your macOS editor or IDE; compile and run inside your container machine.

Use macOS-native tooling against Linux artifacts. Proﬁlers, screenshot tools, browsers, and GUI debuggers on your Mac all see the same ﬁles the container machine sees — there is no copy step between “I built it” and “I am inspecting it”.

Real Linux services for testing. Run a database or whatever your stack needs as a system service — systemctl start postgresql works on images with systemd installed.

One environment per target distro. Create as many container machines as you have target distros — alpine, ubuntu, debian. Each has the same $HOME and the same dotﬁles from your Mac. Quickly test your application in various distributions.

Quickstart

container machine create alpine:latest –name dev container machine run -n dev whoami # your host username, not root container machine run -n dev pwd # /home/<you> — your Mac home dir, mounted in container machine run -n dev # interactive shell; cd into your repos in $HOME

container machine run is how you get a shell or run a single command. If the container machine is stopped, run boots it ﬁrst.

Working in a container machine

Open a shell, or run a single command

With no command, container machine run opens an interactive shell as a user that matches your host account:

container machine run -n dev

Pass a command to run it once and exit:

container machine run -n dev uname -a container machine run -n dev — cat /proc/cpuinfo

Set a default

Pick a default container machine so you can drop the -n ﬂag:

container machine set-default dev container machine run # operates on dev

List, inspect, stop, delete

container machine ls # list all container machines container machine inspect dev # JSON detail for one container machine stop dev # stop the container machine container machine rm dev # delete, including its persistent storage

container machine has the alias m, so m ls, m run, etc. all work.

Resize CPUs, memory, or change the home-mount

container machine set updates conﬁguration on disk. Changes take effect after the next stop and start:

container machine set -n dev cpus=4 memory=8G container machine stop dev container machine run -n dev — nproc

Memory defaults to half of host memory. The home-mount can be rw (default), ro, or none.

Bring your own container machine image

Any Linux image that includes /sbin/init works as a container machine. For example, this Dockerﬁle builds an Ubuntu 24.04 container machine image with systemd and common command-line tools:

FROM ubuntu:24.04

ENV container container

RUN apt-get update && \ apt-get install -y \ dbus systemd openssh-server net-tools iproute2 iputils-ping curl wget vim-tiny man sudo && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* && \ yes | unminimize

RUN >/etc/machine-id RUN >/var/lib/dbus/machine-id

RUN systemctl set-default multi-user.target RUN systemctl mask \ dev-hugepages.mount \ sys-fs-fuse-connections.mount \ systemd-update-utmp.service \ systemd-tmpﬁles-setup.service \ console-getty.service RUN systemctl disable \ networkd-dispatcher.service

RUN sed -i -e ‘s/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/’ /etc/ssh/sshd_conﬁg

Build it and create a container machine from it:

container build -t local/ubuntu-machine:latest . container machine create local/ubuntu-machine:latest –name ubuntu

By default, container runs a built-in setup script on ﬁrst boot to provision the user described above. To use your own setup instead, add an executable script at /etc/machine/create-user.sh to the image. It runs once, as root, on ﬁrst boot, with these variables set:

CONTAINER_GID

CONTAINER_HOME

CONTAINER_MACHINE_ID

CONTAINER_UID

CONTAINER_USER

Read more Read the original on github.com →

Read the original on github.com →

How building an HTML-first site doubled our users overnight

mohkohn.co.uk

1,179 shares · 44 trendiness

Jun 10, 2026

This is a story of how building HTML-ﬁrst doubled a company’s users literally overnight.

My client was a utility company, and they had a big problem. To apply for their services, customers could either use an old ASP form on the website, or follow a manual process. The manual process was more expensive for the company, of course. Adding a lot of pressure, this was a regulated monopoly, and if their customer satisfaction dropped below 96% (if I remember correctly) it could result in millions of pounds in ﬁnes.

There were two previous failed (and very expensive) attempts to solve the problem. In the most recent, contractors in another country had built a React app. The React app was online for 3 days before being pulled because of customer complaints. I took one look at it and told my boss “we can’t take ownership of this.” It was a mess of loading spinners and global javascript states. It was not accessible. Image upload was a vital part of the form, and it attempted to store images (along with all other form data) in localstorage which has a 5mb limit!

I took a very bold decision and built a new version of the site using Astro. It was HTML-ﬁrst. Javascript existed, in web components, but only to progressively-enhance a website that worked perfectly ﬁne without it.

My logic was thus:

This is a public service

It should work on every machine possible

It should work when connections are poor

The forms must never lose data once it is entered

I was very moved by this anecdote from Terence Eden:

A few years ago I was doing policy research in a housing beneﬁts ofﬁce in London. They are singularly unlovely places. The walls are brightened up with posters offering helpful services for people ﬂeeing domestic violence. The security guards on the door are cautiously indifferent to anyone walking in. The air is ﬁlled with tense conversations between partners - drowned out by the noise of screaming kids. In the middle, a young woman sits on a hard plastic chair. She is surrounded by canvas-bags containing her worldly possessions. She doesn’t look like she is in a great emotional place right now. Clutched in her hands is a games console - a PlayStation Portable. She stares at it intensely; blocking out the world with Candy Crush. Or, at least, that’s what I thought. Walking behind her, I glance at her console and recognise the screen she’s on. She’s connected to the complementary WiFi and is browsing the GOV.UK pages on Housing Beneﬁt. She’s not slicing fruit; she’s arming herself with knowledge. The PSP’s web browser is - charitably - pathetic. It is slow, frequently runs out of memory, and can only open 3 tabs at a time. But the GOV.UK pages are written in simple HTML. They are designed to be lightweight and will work even on rubbish browsers. They have to. This is for everyone.

In the middle, a young woman sits on a hard plastic chair. She is surrounded by canvas-bags containing her worldly possessions. She doesn’t look like she is in a great emotional place right now. Clutched in her hands is a games console - a PlayStation Portable. She stares at it intensely; blocking out the world with Candy Crush.

Or, at least, that’s what I thought.

Walking behind her, I glance at her console and recognise the screen she’s on. She’s connected to the complementary WiFi and is browsing the GOV.UK pages on Housing Beneﬁt. She’s not slicing fruit; she’s arming herself with knowledge.

The PSP’s web browser is - charitably - pathetic. It is slow, frequently runs out of memory, and can only open 3 tabs at a time.

But the GOV.UK pages are written in simple HTML. They are designed to be lightweight and will work even on rubbish browsers. They have to. This is for everyone.

Some requirements I derived:

Each session with the form should have a unique ID

At every step in the form wizard, submitted data should be stored on the backend, including uploads

It should be possible to complete the form without javascript

It should be possible to complete the form on outdated and crap web browsers

We had to meet WCAG accessibility (the team settled on AA rather than AAA)

Javascript and modern CSS should be used to enhance the experience

The basic setup ended up being that each step in the form wizard was its own page. When the user clicked next, the form would submit. If the data was judged to be valid by the API, the browser would be redirected to the next step.

A venerable web application pattern that has had a small modern renaissance thanks to Remix, form submissions and redirects took a while to explain to my colleagues, on account of everyone being used to heavily client-side web applications. I have nothing against heavily client-side applications, in their place. But this is just a big form - it’s not showing real-time data. Our user could be standing in the middle of a ﬁeld on a new-build housing estate, holding a decade-old commodity android phone they bought in Tesco. Shipping them 20MB of javascript before we even render a form would be a ridiculous thing to do.

Next, I tackled one of my biggest bugbears, form validation (and form and form error rendering). I have seen teams waste person-months of effort wrangling React validation libraries. If you are a React person, you might be scoffing at this - skill issue, I guess - but it is the reality for many teams. I would like to humbly suggest that you too may be spending more time than you realise, and a lot more time than is necessary, interacting with and maintaining poor imitations of the validation system that ships with every browser.

So I built an HTML web component. These are simple custom elements that wrap around existing HTML and bring it to life. No shadow DOM, no (or little) rendering HTML in javascript. Mine wrapped around any HTML form, picked up the HTML validation, and made it look modern. It would prevent those HTML validation popup tooltips, and instead place the error in the aria-describedby element associated with the ﬁeld (today, aria-errormessage is advised instead). It would clear validation while you typed, if you reached a valid state, and assess it again on blur and submit.

Exactly the user experience a form needs, delivered in under 1KB. If it failed, the form would fall back to built-in browser validation. If that failed, the backend API would handle validation. We reported validation issues to the user as early as possible given their browser, and always fell back to an acceptable experience if it failed.

I have since written a new version of this web component from scratch, aimed for general use. It’s called validation-enhancer. I have been in this industry for over 20 years, and it is the best form validation library I have ever used. I am very proud of it.

The code is so simple to work with:

<validation-enhancer> <form>

<label for=“my-email”>Email</label> <input type=“email” name=“my-email” aria-errormessage=“my-email-error” required /> <div id=“my-email-error”></div>

<button type=“submit”>Submit</button> </form> </validation-enhancer>

The results? When we launched, the number of people completing the form doubled. The analytics people didn’t even know where these users were coming from. Of course, your javascript-based analytics package doesn’t see the users you are bouncing because of javascript failures. It was a ﬂood! We also saw my “keep a backend session, never lose user data” approach pay off. In one case, someone completed a form a month after starting it.

There was a sad coda; as is the way of contract work, I moved on. I explained what I had built to my replacement, that it always worked even without javascript. He was appalled and said, “but that’s a lot more work for us.”

It is not acceptable to bounce users on old browsers, users with bad network connections, users using assistive technologies. Certainly not from a monopoly public service. A lot of hype and noise is pressing us to extend the cowboy, wild-west phase of the software industry’s expansion. We should set that aside, and take ourselves seriously as a mature industry. Build a web application that works on a playstation portable on a 3G connection - if you do, it will work for all your users, and it will still work 30 years from now.

Read more Read the original on mohkohn.co.uk →

Read the original on mohkohn.co.uk →

AI-native React Components

vorpus.github.io

1,056 shares · 41 trendiness

Read the original on vorpus.github.io →

LLMs are eroding my software engineering career and I don't know what to do

human-in-the-loop.bearblog.dev

1,031 shares · 37 trendiness

06 Jun, 2026

I’m a software engineer, completing 10 years of professional experience this year. I started my career as a web frontend engineer (it was easier for me to debug frontend code back then, so I chose that path), but shortly transitioned to (web) backend and never looked back.

Through a series of coincidences, once I stepped into backend development, I ended up working in software development roles in the domains of ﬁnance, bookkeeping and payment processing, where I had great autonomy and a close and candid relationship with Product Managers and stakeholders.

I learnt a lot about the domain and how to effectively write programs for it: PCI compliance, double-entry ledgers, escrows, reconciliation, payment lifecycles, bank transfer idempotency, etc.

It was, then, obvious that I should focus my career on becoming an expert on that domain to stand out as a professional and differentiate myself in a ﬁeld that showed signs of an increasing need for domain specialists.

The ﬁrst pillar to erode: domain-speciﬁc knowledge

Last year, I got hired by a company in the ﬁnance workspace. So far, I had worked on companies that do have a strong payment and ﬁnance component to their operations/offerings, but that were not solely ﬁnance-focused companies.

That company also embraced AI wholeheartedly, so I got ChatGPT and Claude Enterprise accounts from day one and was encouraged to use them for my research, exploration, and even coding, albeit with a warning that I should still review and own every single line that made it into production.

One of my ﬁrst projects involved reworking the legacy online payment system, which was a mess. They hired me for (among other things) my previous experience in building that and trusted me with the task.

Different from the other companies I had worked for so far, they wanted the “Design Docs” I write before coding to be readable by both engineers and product managers - so they shouldn’t be a technical deep dive and more of an architectural view. I wrote my ﬁrst one with minimal AI assistance - I even called LLMs “stochastic parrots” at the time, a view I no longer hold - and delivered it.

I valued my knowledge and thought no LLMs could replace it.

Then my manager reached out to me: even though you’re delivering code at a good pace, you’re taking too long to deliver those Design Docs. Are you using AI? You should use more AI.

“No way this will work”, I thought in my head, but agreed. The models at that time were not as good as the ones we have now, but they did provide a good speed-up on my writing and even the decision-making.

And then I started realizing: all the knowledge I have accumulated over the years: the trade-offs between implementations, how acquiring works, how to structure idempotency to prevent double-charges, everything, was becoming useless. Even though the models still needed some steering, they could connect the dots on how to structure such systems, which was the hardest part that only develops in your brain after years of hands-on experience. That was my ﬁrst shock.

But sure, I thought, they can do that because there’s plenty of articles on the web on how that shit works along with all the technical documentation, and we have blog posts explaining how to apply the technical tools to the domain. For humans, it may take a long time to learn all that, but that’s training data so the models can pick it up.

What the models will never be good at, and that’s where humans will shine, is debugging! I had accumulated a good experience debugging race conditions and distributed systems in production. That was my ticket to long-term employability.

The second pillar to erode: debugging and distributed systems

So, after LLMs started getting good at writing docs and helping plan the actual implementations, they became good at coding. It started in the second half of 2025 with the Claude Code hype, then Codex came and so on. Although I was using LLMs for writing unit tests every day before that, I wasn’t trusting them to write the full implementation yet.

The natural next step was to introduce more AI into writing code. And honestly, I liked it. I like shipping things to production and seeing users happy as much as I like coding, so I was trading one thing that I like for another one that I also like, it was fair.

LLMs were becoming good at coding, but it still couldn’t debug the mess left behind (by then or by the humans), so I still had a role that was bigger than steering the robot - a ticket to employability.

Everything seemed ﬁne.

Then came the MCPs, the agentic workﬂows and Claude 4.5 and the sky started to fall.

Claude 4.5, to be honest, wasn’t that good. It solved like 60% of the bugs given a stack trace and some context (a Sentry link with Sentry MCP enabled was all it took in most cases). Sometimes it gave a solution that sounded plausible but was totally wrong.

This time, however, I stopped doubting the machines. I saw bugs that in the past would easily take 1 day of full-time debugging being one-shotted by Claude Code. Of course, not all of them yet, but the pattern was clear.

Then came 4.6, 4.7, GPT 5.5, Opus 4.8 and the DataDog MCP… Now I have CLIs that one-shots bugs across distributed systems for me. Bugs that I couldn’t solve in the past. Bugs that would take 2 days of full-time debugging. Bugs across distributed systems that lack distributed observability. 90% of the bugs are one-shotted now, including bizarre race conditions, unexpected corner-cases, third-party integration issues, undocumented API edge cases, everything. I hardly have to intervene.

Of course, I’m still employable because someone has to review the code and steer the robot. But I’m just another off-the-shelf engineer now. I have no domain expertise that another Sr. engineer steering an LLM cannot match. All my ﬁnance and payment domain expertise, all the debugging intuition and distributed system knowledge earned through hours of sweat and tears, is now promptable.

We were taught that generalists and specialists will always have their roles. But now the market is shaping everyone into becoming a generalist. That’s not a bad thing per se, until you look under the economics of supply and demand: if everyone is a generalist, the price of a generalist falls if there’s no demand to match. And we all know the demand is drying up.

The third pillar, the one that hasn’t eroded yet: code quality and architecture

I still have one pillar standing, though: code quality and software architecture - what’s now being reduced to being called “taste” 1.

Along the course of my career, I always liked to refactor, always prized good code, and negotiated time in the sprint for it. DDD, Hexagonal, Clean Architecture, you know all the buzzwords. I like this topic, I like to discuss the trade-offs and different ideas on how to shape codebases. I really like it.

This is the last pillar standing. Except that nobody cares anymore.

Agents do a really bad job at keeping codebases organized. If you don’t steer them, they’ll hit a circular dependency issue sooner than you think. Will duplicate code. Add unnecessary comments. Mix up pure functions and side-effects. Disregard the principles of SOLID.

That should keep humans employed, except that this skill is now being reduced to the word “taste”. But it’s not just a renaming, the industry is moving to a world where code organization is less important.

Sure, humans should steer the agent to prevent spaghetti codebases with circular dependency graphs. We don’t want F-rated codebases that are impossible to touch without breaking something. But a C or D? It’s now ﬁne. Nobody needs A or B-grade codebases anymore because they’re being made for LLMs, not for humans to read.

I don’t want to argue if this is inherently good or bad. If the source code is now written for machines to read and not humans, it may be actually ok to target them.

But that’s another pillar of my expertise that’s eroding. A good chunk of the knowledge I accumulated on that topic is not that valuable anymore. All the time I spent on it - reading books, doing real-world exercises, discussing with other engineers, writing ADRs - is becoming useless.

What now?

I’m still employed and I see myself employed (at least in that company) for a foreseeable future. But I don’t know what to think about the long-term.

I spent 10 years (even more when you account for non-profession experience) getting good at things that are becoming less and less valuable. My last pillar of expertise is now reduced to a “taste” and will probably won’t last long.

And I know that’s not just me. About 8 months ago there was a layoff at my current company (not related to AI, according to them). Some brilliant ex-coworkers were laid off and are still looking for jobs. Most of them suffer from the same problem I outlined here: their domain expertise is not enough to stand out anymore.

The company is now hiring again for a few roles and domain familiarity is not a strong differentiator anymore. We used to list “Software Engineer - Area”. Now it’s just “Software Engineer” and the team assignment comes after the offer is accepted.

Of course, this is good for brilliant engineers that never had the chance to get deep into the domain and now have better chances at getting a job, but it’s also sad to think that other brilliant engineers that spent their lives collecting domain knowledge are now competing on the same lane.

The only way out for keeping my employability in the long-term now seems to be shifting my domain expertise to something LLMs will not get good at so easily. But what’s left?

I thought about going back to college, learning Math, Statistics, advanced Machine Learning and applying for research role at a frontier lab. Except that there are no frontier labs in my country, the few ones that exist are ﬂooding with applications and I have family matters that makes moving to another country difﬁcult. By the time I can afford to make that jump, RSI may have made researchers obsolete.

Maybe I should consider transforming my woodworking hobby into a profession…

Update (Jun 7): this post went viral. I wrote another post replying to some comments from social media and expanding some of my arguments. You can read it here.

See this, this and this for reference. Don’t take this as an endorsement of the content inside any of these posts.↩

#ai

#llm

#software engineering

Read more Read the original on human-in-the-loop.bearblog.dev →

Read the original on human-in-the-loop.bearblog.dev →

If Claude Fable stops helping you, you'll never know — Jonathon Ready

jonready.com

990 shares · 38 trendiness

Update: Anthropic has walked back this policy after outrage from developers. The company now says Fable 5′s safeguards for frontier LLM development will be visible to users instead of silently degrading the model.

I didn’t expect to read this in a model card.

Fable 5 model card :

we’ve implemented new interventions that limit Claude’s effectiveness for requests targeting frontier LLM development (for example, on building pretraining pipelines, distributed training infrastructure, or ML accelerator design). Using Claude to develop competing models already violates our Terms of Service, but enforcing this restriction through our safeguards avoids accelerating the actors most willing to violate these terms. Unlike our interventions for cybersecurity, biology and chemistry, and distillation attempts, these safeguards will not be visible to the user. Fable 5 will not fall back to a different model. Instead, the safeguards will limit effectiveness through methods such as prompt modiﬁcation, steering vectors, or parameter-efﬁcient ﬁne-tuning (PEFT).

Claude can now be silently nerfed. Anthropic has decided it won’t tell users when this happens.

Modern software companies increasingly build their own embedding, reranking, and recommendation systems. Even my small bootstrapped app, wanderfugl.com, has a custom reranker and embedding algorithm that I trained myself.

Anthropic gives a few examples of what it considers “frontier AI development,” but doesn’t provide a clear line. The problem is that many techniques once reserved for AI labs are now being used by ordinary software companies. Startups train embedding models. They build rerankers. They ﬁnetune and host small llms. The boundary between “frontier AI research” and normal product development is becoming harder to deﬁne every year.

That creates a real supply chain risk for businesses. If Claude gives me poor or incorrect advice while I’m working on an AI component, I have no way of knowing whether the model was confused, whether my problem is unsolvable, or if some invisible policy restriction quietly kicked in. Anthropic has explicitly chosen not to tell users when this is happening.

Once a development tool can stop optimizing for your success without telling you, it becomes impossible to fully trust your infrastructure.

The Anthropic supply chain risk

Anthropic says these safeguards only affect 0.03% of developers. Maybe that’s true today.

The problem is that the definition of an AI company is changing.

Maybe you’re not training frontier models today—most companies aren’t. But modern software increasingly contains AI models. Five years ago, building a startup meant writing APIs and SQL queries. Today, it often means training, tuning, and deploying models.

Five years ago, models like CLIP were frontier AI research projects. Today I’m ﬁne-tuning them for a bootstrapped travel startup.

If you’re debugging a model training pipeline for your product and Claude gives a bad answer, was the model confused? Did you give it bad context? Or did a hidden policy nerf Claude’s ability to assist you?

You won’t know.

Read more Read the original on jonready.com →

Read the original on jonready.com →

Landmark German ruling declares Google's AI Overviews are Google's own words and makes it liable for false answers

the-decoder.com

964 shares · 40 trendiness

Update, June 11, 2026:

Google has provided us with a statement on the ruling. The company says its AI overviews are designed to “reﬂect” information that already exists on the web.

“We invest deeply in the quality of AI Overviews to ensure that the overwhelming majority of responses provide accurate information, and they are designed to reﬂect the information that exists on the web. We’re carefully reviewing this decision, which is not yet ﬁnal,” a Google spokesperson said.

Google adds that AI overviews can occasionally miss context or misinterpret web content, just like traditional search results. But that’s exactly where the Munich ruling disagrees. The court draws a line between AI overviews, which generate new content loosely based on sources, and traditional search results, which list sources with direct quotes. That distinction is what makes Google directly liable, according to the court. In its statement, Google also repeats the very argument the court dismissed, that “people can dig deeper and verify.”

Original article, June 9, 2026:

A German court has ruled that Google is directly liable for what its AI search overviews say. Previous case law shielding search engine operators from liability doesn’t apply to AI overviews.

The Regional Court of Munich hit Google with a temporary injunction barring the company from spreading false claims about two Munich-based publishers through its AI-generated search overviews (case no. 26 O 869/26). The court classiﬁed Google as a direct infringer because the “AI overview” is its own content, not just a list of search results.

Google’s AI overviews had falsely tied two publishing companies to scams, subscription traps, and shady business practices for certain search queries. According to the court, the AI mixed up information about other, genuinely sketchy companies with the plaintiffs and drew connections that didn’t appear in any of the linked sources. The publishers sent Google a cease-and-desist letter, but Google didn’t respond appropriately.

AI overviews aren’t search results

Google’s AI overviews work nothing like traditional search results, the court argues. The AI rewrites and judges results “in its own words and according to its own structure,” the ruling says. In the case at hand, for example, it opened with conﬁdent claims like “Yes, [company] is known for dubious business practices,” then built its own structure with a summary, red ﬂags for the alleged scam, and tips for users.

The court also found that the AI overview made claims “that are not even made in the search results.” None of the linked sources drew any connection between the plaintiffs and the shady companies the AI mentioned. The court called these “the defendant’s own statements.”

Google built the AI, Google offered it to users, so Google owns what it produces, “because it alone has inﬂuence over the AI’s offering and the algorithms with which the AI operates.”

Search engine liability rules don’t apply to AI “search”

The court also examined existing rulings from Germany’s Federal Court of Justice (BGH), which gave traditional search engines and autocomplete limited liability. The BGH had argued that search engine operators were only liable as indirect infringers because they merely made third-party content ﬁndable. A proactive duty to check results would threaten how search engines work.

The Munich court found that this reasoning doesn’t apply to AI overviews. A regular search engine just points to outside websites. But AI overviews generate “independent, new, and substantive statements” by evaluating and combining content from various third-party sites. And only Google can check those statements, the court said, “at least by comparing the underlying third-party websites with its own statements based on them.”

The court also noted that the AI overview is “by no means absolutely necessary” for using the internet. Traditional search results already help users sort through information, the AI overview is just an extra feature.

Google’s “users can check for themselves” defense falls ﬂat

At the hearing, Google argued that users could check the linked sources themselves to verify whether the AI summary was correct. Users generally knew “that information generated with AI should not be blindly trusted,” the company claimed. That’s a remarkable statement given the scale at which Google serves AI overviews. It’s also not entirely true, since the connection between sources and generated content isn’t always there.

The court rejected this. The possibility of disproving a statement through further research doesn’t “regularly exempt from liability for this statement.” The AI overview was “understandable on its own” and contained “a self-contained statement with independently understandable content and no reference to other possible interpretations or even unreliable content.” Studies show that users almost never click on sources in AI overviews, which supports the court’s reasoning.

The court drew a parallel to press law, where publishers are liable for teasers that are understandable on their own, even if readers never read the full article. Google’s own argument would also “signiﬁcantly diminish” the beneﬁt of the feature, the court noted, if the overview were “generally recognized as unreliable.”

The court also pointed to a protection gap. If Google were only liable for obvious violations, victims would have no real legal recourse when the AI makes false claims. The third parties whose websites served as sources hadn’t even made the statements in question. So victims couldn’t sue the sources, and under existing rules they couldn’t effectively sue Google either.

As a result, Google couldn’t invoke host provider protections under the Digital Services Act or fall back on the standard notice-and-take-down process for search engines.

AI-generated opinions get less free speech protection

As if the rest wasn’t bad enough for Google, the court also went after free speech protection for AI-generated content. An AI’s opinion is “not the expression of an acquired conviction of the persons expressing it, but the result of an algorithm,” the court wrote.

Offering AI-powered research is “above all an expression of Google’s business activities” and “at most a secondary expression of an interest in being able to freely express one’s opinion and beliefs.”

When weighing the plaintiffs’ privacy rights against Google’s interests, Google had to take a back seat, especially since the challenged statements were based on untrue facts. The AI had linked the plaintiffs to companies that, according to sworn afﬁdavits, had no connection to them whatsoever.

Google picks up 80 percent of the legal tab

The court ruled in favor of the plaintiffs on most counts. It banned claims about scams, connections to dubious companies, subscription traps, phone calls that never happened, and lack of availability. Only two minor requests got denied.

The risk of repeated violations remained, even though the speciﬁc texts were no longer being displayed. Google hadn’t issued a cease-and-desist declaration with a penalty clause, and nothing stopped the algorithms from generating the same statements again. Google covers 80 percent of the legal costs; the plaintiffs pay 10 percent each.

The ruling may also have international reach, according to the court.

Even a 91 percent accuracy rate means millions of wrong answers

The Munich ruling goes far beyond this one case. An analysis by AI startup Oumi for the New York Times found that Google’s AI Overviews with the current Gemini 3 model answered correctly 91 percent of the time.

That’s solid enough for everyday use by most people. But at Google’s scale, it still means millions of wrong answers every hour. If enough of that wrong content defames companies or individuals, it could become a serious legal problem not just for Google but for other providers of similar services like ChatGPT, Claude, or Perplexity.

The Oumi analysis also found that 56 percent of the correct Gemini 3 answers couldn’t be backed up by the sources Google linked. The AI is giving answers whose origins users can’t trace.

The Munich court tackled exactly this problem: the AI makes its own claims that don’t appear in any linked source, and the operator has to answer for them. Whether this reasoning holds up on appeal remains to be seen, and Google hasn’t commented on the ruling. But if it gains traction internationally, the fallout could hit not just Google but every AI provider whose systems paraphrase content from the web.

Read more Read the original on the-decoder.com →

Read the original on the-decoder.com →

Catlantean 3D - Making Graphics Like It's 1993

staniks.github.io

879 shares · 36 trendiness

Catlantean 3D is a side-project I’ve been slowly building in my spare time for over a year, and I intend to release it on Steam next year.

My goal was to build a complete, shippable ﬁrst-person shooter using techniques that were common in the early 90s, while allowing myself the luxury of using a modern compiler and a platform abstraction layer.

What this actually means is, the constraints I have foolishly imposed upon myself are as follows:

game must be made entirely from scratch, including the assets

all rendering must be done by hand

all sound mixing must be done by hand

320x240 target resolution

256 colors only

ﬂoating point allowed, but behavior must be consistent across platforms decided on ﬁxed point for game logic to guarantee deterministic behavior, ﬂoating point for rendering because determinism isn’t that important there

decided on ﬁxed point for game logic to guarantee deterministic behavior, ﬂoating point for rendering because determinism isn’t that important there

must be a ﬁnished, polished game that is fun to play (not a tech-demo)

platform abstraction layer allowed, but I must pretend it’s very limited (within reason): frame buffer to write pixels into keyboard/mouse input audio buffer to write samples into ﬁlesystem I/O

frame buffer to write pixels into

keyboard/mouse input

audio buffer to write samples into

ﬁlesystem I/O

no AI slop

If this sounds unreasonable to you, that is because it is.

But I’m doing it anyway, and today I’m gonna talk about something that is typically overlooked in development blogs, and that is asset creation.

Note: Everything displayed here is work-in-progress, and heavily subject to change.

Table of Contents

Palette Rendering

VGA Graphics The Palette The Colormap

VGA Graphics

The Palette

The Colormap

Creating Assets

Pre-rendered Sprites Hand-drawn Sprites and Textures Procedurally Generated Sprites and Textures

Pre-rendered Sprites

Hand-drawn Sprites and Textures

Procedurally Generated Sprites and Textures

Maps

Conclusion

Changelog

2026 – 06-09 - published.

Palette Rendering

VGA Graphics

Mode 13h on VGA hardware was the famous 320x200 256-color graphics mode that deﬁned a generation of PC games. From a programmer’s perspective it was wonderfully simple: you’d have a linear frame buffer where each pixel was represented by a single byte indexing into a palette of 256 colors.

If you wanted to draw a pixel, you wrote a byte at a speciﬁc address, and that was it, there were no shaders or VRAM, or anything like that.

One byte per pixel, and that byte is an index into a palette which contains actual RGB values that would be rendered to screen. This imposes some interesting limitations; when making assets for modern games, you can throw millions of colors at an image, but when your limitation is that every pixel on screen can only be one of 256 colors, asset creation becomes a very different problem because every color choice has to be careful and deliberate.

Games like Doom and Duke Nukem are good examples of this done right. There is a certain crispiness and clarity to these graphics that arises because of these technical limitations, not in spite of them. Restriction forces deliberate choices, and deliberate choices tend to look good.

Catlantean 3D is an attempt to reproduce that feeling, but with one caveat - I’m actually going for something closer to VGA Mode-X, which is 320x240. The reason for this is, if you display 320x200 on a 4:3 display, you end up with non-square pixels! While this would be most authentic, I’ve chosen not to deal with this out of preference rather than objective reason.

So how does one create graphics that work within these limits?

The Palette

Everything begins with 768 bytes, carefully picked through many iterations of trial and error.

The main reasoning for picking these exact colors was the following:

one reserved for transparency (the vibrant pink)

one reserved for pure white

one reserved for pure black

I was obviously going to need a lot of blood, thus reds

shades of green and blue because I was going to have red, green and blue keys and color-coded doors

game would be set in Catlantis, which is a parody land that resembles ancient Egypt (because cat worship), so obviously, a lot of desert hues (yellows and browns)

lots of grays because the setting involves many technical installations (Catlantis is under occupation by cybernetic dog-men)

some beige hues to break up monotony over grays, and to serve as warmer replacements when darkening (more on this later)

the rest would be ﬁlled as necessary when creating textures - highly subjective and impossible to explain, other than “it looked right”

The palette did not spring into life all at once; it involved a lot of back-and-forth during asset creation, testing, and re-iterating in general.

Below are some examples of sprites and textures from the actual game:

The Colormap

Catlantean 3D is a traditional raycaster. The map consists of tiles which are all identical in size; some are walls, others are just voids with a ﬂoor and ceiling. In order to render the map, the renderer uses the DDA algorithm for each column of screen, traversing the tilemap and determining where it hits the map geometry, and based on this, a wall column is rendered on screen with the appropriate texture, sampled from appropriate coordinates. Floors and ceilings are rendered after as horizontal scanlines, ﬁlling in the rest of the screen.

Raycasting has been done to death by other blogs and websites, so I’m not going to cover all of it, but I do want to cover what I think is its most overlooked aspect: lighting.

If we were to render the game world using just the palette, without any special effects, we would end up with something that looked rather ﬂat and unimpressive:

But what we wanted was the following. Notice how the light diminishes the further away geometry is from player, and how one side of the map tiles is just slightly darker than the other. This gives an impression of depth.

With a modern hardware-accelerated renderer, this would be trivially done in a shader - based on how far the vertex is, we would multiply its color vector by a ﬂoating point factor and get a diminished color vector as a result.

But how do we achieve something like this with a palette renderer? It has no concept of color, just indices into palette. So if we wanted to ﬁnd a darker shade of a certain color, we would need to loop through the palette and ﬁnd the color that meets our criteria of “darker”. This is just too much because we can’t loop through the entire palette for every pixel we render onto the screen, it would be too slow.

What we could do instead was some preprocessing, to allow a fast color lookup based on distance at runtime.

If we were to lay out our palette into a single row like this…

We then choose the number of shade levels (32 in my case) meaning each color needs 31 darker variants, all sourced from the palette. We know each color’s RGB values, so from this, and the shade index we can determine the closest target color of that shade:

// First shade index (0) is original color. ﬂoat darkening_factor = (32 - shade_index) / 32.0f; target_darker_color.r = current_color.r * darkening_factor; target_darker_color.g = current_color.g * darkening_factor; target_darker_color.b = current_color.b * darkening_factor;

But that color might not exist in the palette. So we need to loop through the palette and ﬁnd the closest color to it.

Deﬁnition of “close” actually changed for me during development - at ﬁrst, I just took euclidean distance as a measure, but the problem with that was that almost everything had a tendency to gravitate towards the greys, simply due to the mathematics. Some older games actually did use Euclidean distance, but to me this didn’t look very good. I can’t explain why exactly, but a lot of darker shades appeared somewhat cold and lifeless. So instead, I converted my colors to Oklab color space, and leveraged its perceptual distance formula, which is closer to how humans perceive color differences. I also apply a small shift towards warmer hues the darker the color is (a common concept in pixel art called “hue shifting”). This is typically not necessary, but it does make the game look just a bit better.

How do I deﬁne “better” in this case? I have no idea, it just looks right. Frustrating, isn’t it? It’s hard to rationalize something subjective.

Back to our algorithm…

Essentially, for each color, we create a column that represents the shades of that color. What we end up with is a 2D matrix of palette indices called the colormap. Note that the colormap gradients are imperfect, because we’re still restricted to colors from the palette:

So now, determining a darker shade of color N based on distance becomes trivial.

Given colormap row index (i.e. shade level) based on distance:

colormap_row = 32 * fragment_distance / view_distance

We pick N-th entry in row belonging to that shade - that is the palette index of the darkened color N.

And voila, O(1).

Also, instead of calculating the colormap row index for every pixel, the cost is further reduced by performing calculation:

only once per screen column when rendering walls, because they’re perfectly vertical, so every pixel in column has same distance from camera

only once per screen row when rendering ﬂoors, because they’re perfectly horizontal, so every pixel in row has same distance from camera

only once per sprite because they are perfectly ﬂat billboards where every pixel has the same distance from camera

So we’re doing colormap row index calculation 320 times for walls, at most 240 times for ﬂoors, and once per visible sprite (raycasting gives free occlusion culling). That is cheap, and the payoff is great.

Doom and many other titles used similar approaches.

Creating Assets

Textures and sprites in Catlantean 3D fall into three categories:

Pre-rendered sprites - 3D models created in Blender and rendered to textures

Hand-drawn sprites and textures

Procedurally generated textures - generated via special Python scripts by combining hand-drawn art

Pre-rendered Sprites

I am working a full-time job and have a decently active life, so my time to work on the game is limited. Thus, I wanted to minimize the time I spend reiterating when making complex sprites that involve animations. I rarely get something right on the ﬁrst attempt, so naturally, reiteration is expected, and it is hard to reiterate when you need to make changes to many frames of an animation.

The more efﬁcient approach was to create sprites in Blender as 3D models, rig and animate them there, and then render them to a series of textures with special Python scripts that leverage Blender’s Python API. Reiteration then involved making changes in the model, and the rendering scripts did the rest, which was a lot of time saved.

The main hurdle was that rendered sprites came out very blurry and washed out.

One might think that the obvious answer to this was to render the sprite in high resolution, and then downscale with ﬁltering, but I’ve had mixed success with this; details would often be suppressed by ﬁltering, and edge clarity would be lost. What I found to be the most effective and reusable was to leverage Blender’s compositing functionality to get the right amount of contrast and clarity:

Once the image was ready, it would be sent through a special Python script which performed palette quantization, creating a 1-byte-per-pixel image used by the engine. For every pixel in the source image, the script ﬁnds the closest color in our palette (perceptually closest - Oklab), and uses the index of that color for that pixel. The index array, along with the dimensions, is then packed into the very simple TEX format that is used by the game.

A similar workﬂow was used for enemy sprites. Note: some of these nodes are either redundant, or plain useless, simply because I had used them at some point, and then changed my mind. I like leaving them in just in case I need them again.

Enemy sprites are rendered in a special way. Sprite can have multiple animations, and each animation must have frames for each of the 8 directions sprite can face. So, for every animation (walk, ﬁre, die, etc.), the Python script that uses Blender’s API rotates the sprite, renders all frames of an animation, rotates the sprite again, and so on. Sprites are saved with a special convention that denotes sprite name, action name, direction and frame index:

Nice thing about this approach is that I don’t need to keep rendered sprites in the repository - they’re actually .gitignored. Whenever I switch locations and use another computer, I simply run the compilation script which renders every model and produces the sprites. It is reasonably fast and runs in ~10 seconds for about 15 models on RTX 3070.

Hand-drawn Sprites and Textures

Earlier in development, I created this vaguely cat-shaped head with the texture of my cat Vilko, to use as a status bar face. After all, why would I draw something like this by hand, if Blender could render it in such a vivid likeness of life?

Read more Read the original on staniks.github.io →

Read the original on staniks.github.io →

To add this web app to your iOS home screen tap the share button and select "Add to the Home Screen".

10HN is also available as an iOS App

If you visit 10HN only rarely, check out the the best articles from the past week.

Visit pancik.com for more.