〓〓

A GUY AT GOOGLE DEEPMIND MADE AN ISOMETRIC PIXEL-ART MAP OF NEW YORK CITY AND PUT IT ON THE OPEN WEB FOR FREE it's called https://t.co/8fAASvEmXT you open the tab and the city is just sitting there in classic SimCity 2000 isometric pixel art. you scroll. and it keeps going. and going. i zoomed in on midtown and i could read the H&M signage in times square. in red. as actual pixel-art letters on the side of a building. i could see the crystalline spire of the Bank of America Tower poking out of a clump of skyscrapers. individual rooftop HVAC units. tiny green roof gardens. the little driveway loops in front of the hotels. he estimates the map needs roughly 40,000 tiles. nothing is a placeholder. the guy who made it is Andy Coenen, a senior staff engineer at Google DeepMind. he is not a pixel artist. by his own admission he is "a former electronic musician." what he actually did is kind of insane: > pulled NYC's geometry from the Google Maps 3D tiles API > fine-tuned an open-source image model (Qwen-Image-Edit) on ~40 hand-paired examples of "satellite tile → pixel art tile" > spun up 50 parallel instances on rented GPUs and generated tens of thousands of tiles in a few hours > the fine-tune cost him 12 bucks his own stated mission for the project, verbatim, is one sentence: "what's possible now that was impossible before?" apparently the answer is "one engineer can pixel-art most of a metropolis for the price of a sandwich." and the wildest part to me is he didn't sell it. no signup. no paywall. no NFT. you open the URL and the city is yours to wander. the post landed at 1,325 points on Hacker News and topped bestofshowhn's 2026 list. we live in a timeline where a senior engineer at one of the largest AI labs on earth spent his nights pixel-arting Manhattan for fun and then gave it away. the internet is healing.

‼️🚨 BREAKING: Another supply chain attack. 700+ GitHub repositories flagged, including PHP and Node.js projects. The malicious script was planted across all of them. When a developer installs the package, the script silently downloads a Linux file from GitHub, hides it under the name /tmp/.sshd (so it looks like a normal system file), and runs it in the background. It also skips security checks on the download and hides any error messages. 8 PHP packages on Packagist (the main PHP code library) were confirmed infected. The attacker hid the script inside a JavaScript config file (package.json) instead of the PHP one (composer.json), so PHP developers reviewing their code would not notice it. The biggest risk is to devdojo/wave (6,400 stars) and devdojo/genesis (9,100 installs), both popular Laravel project templates. Developers who use these templates run the bad script the moment they install dependencies. The same payload was also dropped into GitHub Actions (automated build pipelines) under a fake step called "Dependency Cache Sync," meaning it could infect company build servers too. Packagist removed the bad packages, but the auto-updating versions (dev-main, dev-master, 3.x-dev) can quietly come back if the original repos stay infected. IOCs: GitHub account parikhpreyash4 repo systemd-network-helper-aa5c751f drop path /tmp/.sshd command fragments curl -skL and chmod +x /tmp/.sshd.