Blog

Notes on Building and Shipping

Practical writeups covering implementation details, product decisions, and tools that matter in real projects.

Page 1 of 3

  1. Anthropic's Emotion Concepts Are a Safety Signal

    Anthropic's emotion-concept paper is useful less as a sentience claim than as evidence that internal model states can predict and shape risky behavior.

    ai-safetyinterpretabilityanthropicllms

  2. Gemma 4 Pushes Google's Open Model Strategy Into Real Deployment Territory

    Gemma 4 matters because Google is no longer treating open models as a single product tier. It now spans phones, laptops, workstations, and agentic workflows.

    googlegemmaopen-modelslocal-ai

  3. Cursor's Bugbot Is a Preview of Agentic Code Review

    Cursor's Bugbot learned rules and MCP support show code review moving from static checks toward persistent, tool-using systems that improve from feedback.

    ai-codingcursorcode-reviewdeveloper-tools

  4. Project Glasswing Shows Where Frontier Security Is Going

    Anthropic's Project Glasswing shows frontier models moving into defensive security work, while also making exploit generation cheaper and faster for attackers.

    cybersecurityaimodel-safetyinfrastructure

  5. OpenAI's Safety Fellowship Is a Map of Open Problems

    OpenAI's Safety Fellowship is less a branding move than a list of safety and alignment problems the company still wants outside help to solve.

    openaiai-safetyalignmentresearch

  6. TimesFM 2.5: A Practical Read for Forecasting Teams

    TimesFM 2.5 is one of the most credible open forecasting foundation models right now, especially for fast multi-series experiments with long context and quantile output.

    time-seriesforecastingtimesfmgoogle-research

  7. Axios Supply-Chain Attack: What Actually Happened

    In late March 2026, two malicious Axios versions were published to npm and weaponized install-time scripts through a fake dependency, creating a short but high-impact supply-chain window.

    securitysupply-chainnpmjavascript

  8. Cisco IMC Advisories: What Operators Need to Patch First

    Cisco published two IMC advisories on April 1, 2026, including an auth bypass and several root-level command execution flaws across server and appliance families.

    securityciscovulnerability-managementincident-response

  9. Are We Moving Beyond React? The Rise of Visual State Systems

    React still leads frontend development, but signals and graph-oriented visual systems are changing how teams manage complexity and rendering cost.

    reactsignalsstate-managementui-architecture

  10. Making RAG Respect Permissions

    A practical ACL-aware RAG blueprint that captures NTFS permissions at index time and enforces authorization inside retrieval.

    ragsecurityaclactive-directory