tech

Jason Snell, writing for Six Colors ahead of WWDC:

The act of trying to describe an app to an AI coding engine is a clarifying one. The more you describe the app, the harder your brain has to work, because it’s always more complicated than you think it’s going to be. The decisions you make determine what the app comes to be.

I’ve lived this. Not building a Mac app — building product features, internal tools, prototypes that used to require a sprint cycle and three rounds of eng back-and-forth to get wrong before getting right. With AI coding tools, I describe what I want, iterate in real time, and have something working the same afternoon. The feedback loop collapsed.

That is genuinely transformative in a way that most PM takes on AI are not. It’s not “AI helps you write better PRDs.” It’s that the PRD and the product are now the same step. You write it precisely enough, and it exists. The spec became the code.

What Snell nails — and what took me a while to internalize — is that this doesn’t make the PM role smaller. It makes it higher stakes. Engineers used to absorb the ambiguity in your requirements. They’d make judgment calls, ask clarifying questions, fill in the gaps with experience. AI doesn’t do that. It builds exactly what you described, including the parts you didn’t think through. Soft specs produce broken software immediately and visibly. There’s nowhere to hide.

The PMs who thrive in this are the ones who were already rigorous — who could hold the full system in their head, anticipate edge cases, write requirements that meant something. The rest are about to find out which category they’re in.

None of this means PMs are replacing engineers at companies building real software. Complex systems, scale, architecture decisions, code quality that actually holds under load — that still requires engineers, and good ones are still the constraint. What’s changed is the surface area of what a PM can do independently: prototypes, internal tools, proofs of concept, things that used to require eng time just to validate whether an idea was worth pursuing. That whole category is now self-serve.

Snell wraps with a call for Apple to fix Xcode. Fine. But the bigger question isn’t the tools — it’s whether product people will take the wheel now that they can. Some will build things that matter. Most will ask for a Jira ticket anyway.

Ryan Whitwam, writing for Ars Technica on Microsoft’s Project Solara — an Android-based OS for “agent-first” enterprise gadgets, unveiled at Build 2026:

“What if the work badge at the end of your lanyard had a touchscreen, 5G connectivity, a camera, microphones, and a fingerprint scanner?”

That’s not a new computing paradigm. That’s a lanyard with rent.

Microsoft’s headline is agents instead of apps. The deliverables are a desk Echo clone and an employee badge that records meetings, transcribes on tap, and uses its camera to “take action on the environment.” Solara runs on MDEP — Microsoft’s enterprise fork of Android — with “just-in-time UI” so the agent draws whatever interface it feels like today. Full Android on your chest, because the future of work apparently needed more attack surface.

Whitwam is blunt about the maturity level: Microsoft admits it’s still a concept and none of it works yet. Nadella reportedly pushed the team to show it at Build sooner than they’d normally go public. GeekWire’s behind-the-scenes reporting fills in the rest: the healthcare demo isn’t a clinical tool, the business model beyond Azure is still taking shape, and one badge demo scanned a brainstorm board and suggested adding plants.

Best Buy, CVS, Target, and Levi’s are lined up for pilots. I don’t doubt enterprises will try anything with “agent” in the deck. I doubt the badge is the revolution. It’s the endpoint — camera, mic, 5G, Intune-managed — where the inference bill lands.

The agent wave may be real. Solara is Microsoft stapling it to the one form factor HR already makes you wear. Apps were never the problem. Distribution was.

Adafruit’s post about a demand letter from Fenwick, sent on behalf of Defy Gravity, Inc. Flux.AI, is the kind of thing that makes “responsible disclosure” sound like a joke the lawyers are in on.

Adafruit:

Adafruit accessed only information that Flux’s own systems made publicly available through a server misconfiguration. Adafruit’s reporting concerns a matter of public security interest and was conducted in the ordinary course of responsible disclosure.

That is the whole fight in two sentences. A company exposes something, a reporter notices, and suddenly the story is not the exposure. The story is whether the reporter can afford the blast radius of saying so.

The Computer Fraud and Abuse Act has always been a handy fog machine for this move. You do not need to win the argument on security if you can make the other side spend money proving they were allowed to look at what your server handed them.

The AI angle makes it uglier, not more novel. A startup selling the future should not need the oldest trick in the crisis-PR drawer: threaten the people who found the mess. If your public systems leak public facts, the problem is not the public.

GoPro’s problem is not that the cameras stopped being good. The problem is that good cameras became a terrible moat.

Mitchell Clark, writing for DPReview, on GoPro’s latest filing:

In it, the company says that new market forces “raise substantial doubt about the Company’s ability to continue as a going concern,” citing “unprecedented increases and volatility in memory costs” that have seen price increases of up to 115%.

That is a brutal sentence for the company that basically defined the action camera. It also reads like the bill finally arriving for a decade of hardware reality.

GoPro built the category, then watched the category flatten. Phones got good enough for casual adventure. DJI got serious. Insta360 made the weird stuff fun. Meanwhile, GoPro kept needing people to buy another little black rectangle because this year’s little black rectangle was incrementally better than last year’s.

The filing points at memory costs, debt pressure, lower sales, and a 23% layoff. All true. But the sharper diagnosis is simpler: GoPro is a brand with cultural memory and commodity economics. That is a bad combination. People remember the helmet-cam era. Suppliers still want cash.

The most telling escape hatch is defense and aerospace. When consumer hardware runs out of margin, it goes looking for buyers who can tolerate ugly prices and procurement paperwork. The adventure camera becomes infrastructure. The vibes were never going to service the debt.

NVIDIA is selling the agent future as a laptop spec.

Sean Hollister, reporting for The Verge on NVIDIA’s RTX Spark, the GB10 superchip from last year’s DGX Spark, now headed for Surface laptops and a pile of OEM flagships this fall:

“This is the most efficient PC chip ever built,” says Nvidia senior director of product management Mark Aevermann, without sharing so much as a single statistic or chart to back that up.

The agent wave is real. This chip is the upsell.

NVIDIA and Microsoft want you to believe personal AI changes what a PC is. You’ll talk instead of click. Local agents will mute your mic and fix your GitHub while you grab dinner. Maybe. But the hardware story is simpler. Take the same Arm superchip already sold as a desk toy. Bolt it into premium Windows laptops with up to 128GB of unified memory. Call it a new computing paradigm.

128GB local matters if you’re running big models or building agents for a living. It does not dethrone the cloud for everyone else. Training still lives in datacenters. Frontier models still live in datacenters. Your browser tab is not moving to a petaflop in your backpack. Hollister is right to stay skeptical until NVIDIA shows charts instead of keynote renders.

The tell is the form factor. NVIDIA pitches always-on personal agents and “all-day” thin laptops in the same breath. An agent that only runs when the machine is awake, plugged in, and not thermally throttling is not a teammate. It’s a screensaver with ambitions.

CUDA on your desk is the business model. The next wave in AI is software: agents, runtimes, who owns the loop. RTX Spark is NVIDIA’s bet that enough of that loop can be taxed at the silicon layer if the keynote is loud enough. That’s not a revolution. It’s a product category.

Sid, writing about the Instagram account takeover fiasco:

The very fact that a $1.5 trillion company lacks robust guard rails and their support AI will just change anyone’s linked email if you ask it nicely enough is so terrifying, if it weren’t so funny.

This is the inevitable endpoint of replacing support with a permissioned chatbot: the bot does not merely answer questions. It holds keys.

Meta can call this patched and move on. Fine. The bug is patched. The architecture is still hilarious in the bleak way: a recovery flow trusted an AI support agent to distinguish a locked-out owner from an attacker with a VPN and a target username.

Two-factor authentication did not save people because the system treated the attacker as the recovered owner. That is the whole indictment. Security controls downstream of a bad identity decision become decorative trim.

The industry loves “AI support” because it sounds like cost reduction without consequence. Here is the consequence: the cheapest employee in the company got promoted to locksmith.

Ivan Mehta, reporting for TechCrunch:

“AI companies are ruthlessly scraping public websites, given their endless need for training data, which is degrading site performance across the board,” Martin said. We’ve had multiple instances in the last several months where performance has been diminished and, in some cases, impaired. Beyond scraping the public sites, they’re also trying to use our API to get access to our data, ignoring API terms.”

Strava adding an $11.99 monthly fee for API access looks small because the number is small. That is the trick. The real product here is not the fee; it is a locked door with a price tag on it.

For years, fitness platforms got to posture as community infrastructure. Routes, clubs, segments, public profiles — the webby stuff that makes the app feel bigger than a training log. Then the crawlers arrived, and suddenly “public” started looking less like openness and more like an unpaid data export.

The IPO timing makes this even cleaner. Investors do not want a charming commons. They want controlled assets, enforceable terms, and a story about discipline. “We stopped the scrapers” is a better roadshow slide than “we trust the ecosystem.”

Developers will get the memo. AI companies already got theirs and ignored it.

lanodan, on Cloudflare Turnstile looping indefinitely in a WebKitGTK browser unless WebGL fingerprinting is available:

Turnstile uses browser fingerprinting to verify you’re human. Privacy tools that block or randomize fingerprinting make your browser look like a bot trying to hide its identity. Temporarily allowing fingerprinting for this site will fix the issue.

That is the whole problem in one paragraph.

The web keeps laundering tracking through security. First the browser asks for less entropy. Then the gatekeeper says less entropy looks suspicious. Then the user is told the fix is to make the browser more identifiable.

This is not a CAPTCHA. It is a loyalty test for the surveillance stack.

Bot defense is real work. Fraud is real. Abuse is real. But a human check that requires a fingerprintable graphics pipeline has crossed the line from verification into coercion. The user is not proving humanity. The user is surrendering uniqueness.

The bitter joke is that privacy-preserving browsers get punished precisely because they are doing the right thing. A web where “private” means “blocked at the door” is not a safer web. It is a more centralized one.

Obelisk, on using SQLite for durable workflows:

Durable execution is often discussed as if it requires durable infrastructure. In many cases it does not. The durable part is the workflow state. The compute can stay cheap and disposable.

This is the right instinct. The modern backend reflex is to turn every reliability requirement into another networked service, another dashboard, another control plane, another thing with a pricing page.

But durable workflows are not magic. They are state plus replay. If the state is small, inspectable, and local, SQLite is not a toy compromise. It is the simplest possible truth: one file that can be copied, replayed, backed up, and understood.

The key caveat is in the post, too: Litestream replication is asynchronous. This is not a pitch to run your bank ledger on vibes and S3 eventuality. It is a pitch to stop giving experimental agents enterprise database architecture before they have earned it.

For agents especially, the unit of reasoning should often be the unit of storage. One tiny runtime, one tiny database, one trail of what happened. That is not less serious than a distributed system. It is more honest.

Owen McGrann, writing in The Palimpsest:

In competitive markets, an automating firm captures the full cost savings from replacing workers but bears only a fraction of the resulting demand destruction. In a market with twenty competitors, each firm feels one-twentieth of the demand it destroys. The rest falls on rivals. This creates a prisoners’ dilemma: every firm rationally automates beyond the socially optimal level, because the individual incentive to cut labor costs always outweighs the diffuse, shared consequence of eliminating consumer spending.

This is the argument the AI industry doesn’t want to have. Not “can the models do the work” — they can, increasingly. But “what happens when every firm fires its customers?”

The AI Layoff Trap, as Wharton economists Hemenway Falk and Tsoukalas call it, is a prisoners’ dilemma dressed in quarterly earnings calls. Block cuts half its workforce citing AI coding agents, the stock jumps 25% after hours. Rivals see that and follow. Every rational move toward automation is collectively irrational.

The optimist’s rebuttal is that the economy has always absorbed automation. Agriculture went from 90% of the workforce to 2%. Sixty percent of today’s jobs didn’t exist in 1940. True. But the agricultural transition took 140 years. The Industrial Revolution took 70 before wages recovered. The AI industry is compressing this into a decade.

The difference this time is speed and scale. When the product is the removal of the customer base, the feedback loop closes fast enough to matter.

On Thursday evening, Blue Origin attempted a routine static fire test of its New Glenn rocket at Launch Complex 36A in Florida. Something went very wrong after engine ignition. The super heavy-lift rocket — powered by seven BE-4 engines — exploded in a massive fireball, producing what Eric Berger at Ars Technica rightly calls the most dramatic rocket explosion since the Soviet N1.

No one was injured. The payload — a batch of Amazon Leo internet satellites — was safely tucked away in a nearby integration facility. That’s where the good news ends.

This is the worst disaster in Blue Origin’s 25-year history. The launch infrastructure at LC-36A is severely damaged. One lightning tower may be unsalvageable. The transporter-erector might be damaged beyond repair. New Glenn almost certainly won’t fly again in 2026 — and a launch in the first half of 2027 would be “heroic.”

The timing makes it especially brutal. Blue Origin finally had momentum. Three successful launches. They’d demonstrated booster landing and reuse. They were on the precipice of a monthly launch cadence. After two decades of plodding along, New Glenn was — by all accounts — a legitimate success.

And then it blew up on the pad.

Jeff Bezos’s response: “Very rough day, but we’ll rebuild whatever needs rebuilding and get back to flying. It’s worth it.”

That’s the right thing to say. But the consequences cascade fast. NASA selected New Glenn to deliver lunar rovers to the surface in 2028. Blue Origin’s own Blue Moon Mark 1 lander was supposed to launch atop New Glenn this fall, carrying the VIPER rover. The larger Blue Moon Mark 2 — the one NASA is counting on alongside Starship to return humans to the Moon — depends on an even bigger New Glenn variant that now looks further away than ever.

SpaceX had a similar pad failure in 2016 with Falcon 9. It took them over a year to rebuild SLC-40. Blue Origin should expect at least that long — and SpaceX was moving at SpaceX speed. Blue Origin has never been accused of moving fast.

The silver lining, if you squint: Blue Origin was already developing the larger 9×4 variant. This disaster may force them to abandon the 7×2 configuration entirely and throw everything behind the bigger rocket. Sometimes you need the old thing to blow up before you can commit to the new thing.

Bezos has the money. Tens of billions have gone into Blue Origin already, and he can sustain the company through this. NASA desperately needs them to recover. But “it’s worth it” only works as a mantra if you eventually deliver.

Right now, Blue Origin has a crater where its launch pad used to be and a manifest full of missions that aren’t going anywhere.

Daniel Stenberg, creator of curl, finally got his hands on Anthropic’s Mythos — the AI model Anthropic deemed too dangerous to release publicly. The results are embarrassing. For Anthropic.

My personal conclusion can however not end up with anything else than that the big hype around this model so far was primarily marketing. I see no evidence that this setup finds issues to any particular higher or more advanced degree than the other tools have done before Mythos.

Here’s the setup, in case you missed the April media blitz. Anthropic announced Claude Mythos Preview — a model “dangerously good” at finding security flaws. Zero-days in every major OS. Four-vulnerability exploit chains. Bugs that had sat in OpenBSD for 27 years. The company said it was so dangerous they couldn’t release it to the public. Instead they’d trickle access to “selected partners” through something called Project Glasswing.

The world panicked. “Is this the end of software security as we know it?” The press ate it up. The framing was perfect: “Our AI is so powerful we’re scared of it ourselves.”

Stenberg’s data point punctures all of it.

Curl is 178,000 lines of C. It runs on 20 billion devices. It’s been scanned by AISLE, Zeropath, and OpenAI’s Codex Security — tools that have collectively found 200 to 300 bugs in the last year alone. It’s arguably the most heavily audited C codebase on the planet.

Mythos scanned it and found five “confirmed” vulnerabilities.

After the curl security team reviewed them: one was real. Severity: low. The other four were false positives or documented API behavior.

One. Low. On the most scrutinized codebase available.

Anthropic’s own risk report — the one that set off the panic — says over 99% of the vulnerabilities they found haven’t been patched yet and can’t be disclosed. Convenient. The 1% they can talk about are framed as watershed moments. But the single independently verifiable test on a well-known target produced a single low-severity CVE.

This doesn’t mean Mythos is useless. Stenberg is careful to say the bug reports it did produce were well-explained and the false positive rate was low. AI code analyzers are genuinely better than traditional static analysis. Any project that hasn’t been scanned with AI tooling will probably find a lot.

But “dangerously good”? Too dangerous to release? The data doesn’t support that story. The story supported the story.

Calling this a marketing stunt isn’t cynical. It’s just accurate. Anthropic invented a crisis — “our model is too powerful to share” — and everyone played along. The real test on real code says Mythos is maybe incrementally better than tools already available. That’s worth talking about. It’s not worth a global panic.

The security community should keep scanning code with AI. It finds bugs. It makes software safer. What it doesn’t need is a lab coat and a scary soundtrack.

Anthropic shipped Claude Opus 4.8 today. Better across the usual benchmarks — coding, reasoning, agentic tasks. Same price. Available now.

That’s the headline. Here’s what actually matters.

Opus 4.8 didn’t ship alone. It came with three things that have nothing to do with model weights:

1. Effort control on claude.ai. Users can now tell Claude how hard to think. Want a quick answer? Dial it down. Working through a legal contract or system architecture? Crank it up. This isn’t a gimmick — it’s an admission that one-size-fits-all inference is wasteful, and the user should decide where the compute goes.

2. Dynamic workflows in Claude Code. This is the big one. Claude Code can now decompose massive problems into parallel sub-tasks and orchestrate them. It’s not just writing code anymore — it’s running a miniature engineering team. If you’ve used Claude Code for anything non-trivial, you know this is the feature that makes it go from “helpful junior dev” to “actually shipping things.”

3. Fast mode got 3× cheaper while running at 2.5× speed. That’s not a marginal improvement. That’s a pricing signal — Anthropic wants fast mode to be the default for most interactions, reserving full Opus for when you actually need it.

The model itself is better. That’s table stakes now. What’s interesting is that Anthropic is building a platform. The model is the engine. The product is everything around it — developer tools, user-facing controls, pricing that makes deep reasoning accessible without burning your budget.

Six months ago, the AI conversation was “who has the best model?” Today it’s “who has the best system?” Anthropic just made a strong argument that those are different questions.

Andrew J. Hawkins, for The Verge: Ferrari’s first EV is a four-door sedan designed with LoveFrom — Jony Ive’s shop — and it reads like the ghost of Project Titan with a prancing horse badge.

The purists are furious. The Magic Mouse comparisons are unfair but not insane. I don’t care about any of that. Tim Cook killed the Apple car years ago; what shipped in Rome is the industrial-design fantasy without the supply-chain nightmare. Rounded glass house, ball-joint display, a interior that still has actual knobs because even Ive knows touch-only was a phase.

It’s not a Ferrari in the Enzo sense. It’s the closest thing to an Apple car we’re likely to see — and it costs six hundred forty thousand dollars, which is also very on-brand.

Allison Morrow, for CNN: the SpaceX IPO prospectus is a beach read, if your beach is governed by the Securities Act of 1933 and your idea of fun is watching a man grade his own homework.

Musk controls 85% of the shareholder vote, according to the filing, which means he’d have to vote to fire himself.

That line alone tells you what kind of offering this is. Not a company inviting scrutiny — a vehicle for capital with a single driver who also drew the map.

The rest of the filing is worse, and more honest, than the pitch deck crowd wants to admit. The board tied a billion restricted shares to two milestones: a $7.5 trillion market cap and a permanent Martian colony of one million people. Mars appears sixty-three times in the document, including under executive compensation. Orbital AI data centers by 2028. A lunar economy. Human augmentation systems. Then, in a section called “Our Challenges,” SpaceX admits many of these depend on technology that does not exist and may never achieve commercial viability.

Meanwhile the numbers on Earth are plain. Nearly five billion dollars lost last year. Another $4.3 billion gone in the first quarter. xAI — folded in via merger — lost $6.4 billion while spending more on capital projects than the rocket division. And tucked in the related-party line items: $700 million on Tesla Megapacks and $131 million on Cybertrucks. The public markets are being asked to fund a Mars colony fantasy with cash siphoned from the electric pickup nobody wants.

I’m not saying don’t buy the IPO. I’m saying read the S-1. It already told you the joke.