gmarik 🇺🇦

What comes next: The govt will rollout an emergency citizenship program for any foreign-born employee working in a lab contingent on them immediately moving to the U.S. Everyone will be heavily vetted via the same screening construct already utilized by the defense primes. Google will have to move the entirety of DeepMind to the U.S. and fire whoever refuses to relocate. People will gleefully assume Demis will just start his own UK lab instead before realizing the next step is the US is about to gut foreign “unmonitored” access to compute. You can pull a LeCun but you won’t have sufficient compute to do shit. Greencards will be given to family members too. Foreign govts will freak out when they realize what is happening. We are gatekeeping and hoarding intelligence preemptively. Why? Because by GPT 7 France will be like “oh you just destroyed our services sector we are going to tax the labs to pay for the necessary benefits to prevent riots” and it’s a lot easier to do that if labs have critical employees based in Paris. Ditto for every other foreign nation. Anyone acting like this is surprising is simply incapable of thinking four steps ahead. We are going to see industries nuked over night. There will be civil unrest. The only way to navigate that is to tax and gatekeep. The only way you can tax something is if it lives in your borders. We are repatriating exposure points preemptively. Compute gatekeeping comes next. 🫡

The US government, citing national security authorities, has issued an export control directive to suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees. The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance. Access to all other Claude models is not affected. We apologize for this disruption to our customers. We believe this is a misunderstanding and are working to restore access as soon as possible. Read our full statement: https://t.co/bwn0sximKZ

⚡️The hiring machine is being dismantled before the broader workforce is. A 24% cut to HR, talent acquisition, and recruiters means management no longer expects headcount expansion to be the core growth engine. They are not trimming fat around the edges. They are cutting the organ that exists to bring more humans into the company. That is the tell. Recruiting gets cut first when a company believes the next phase is lower-hiring, higher-automation, margin-protection, and operating leverage. Uber is saying future scale comes from software, AI workflows, tighter process, and fewer coordination layers, not from rebuilding a giant human-support apparatus. This is absolutely part of the white-collar repricing. The old cycle was simple: slowdown hits, recruiters get cut, growth returns, recruiters get rehired. This cycle is different. AI lets companies resume growth without restoring the same back-office headcount. That is the break. Revenue can grow. Market cap can rise. Margins can improve. Professional job security can deteriorate at the same time. That is why people are confused. They keep looking for recession signals. This is not clean recession behavior. This is corporate metabolism changing. Uber does not need to be falling apart for this to be a serious labor signal. Stronger companies can do this faster because they have the cash, systems, data, and managerial confidence to automate, centralize, and cut. The weakest companies fire because they are desperate. The strongest companies fire because they discovered the old org chart is inefficient. That is the brutal part. HR and recruiting are early because they are exposed to three pressures at once: slower hiring, AI automation, and executive impatience with coordination labor. After that, the same logic spreads into finance, legal ops, sales ops, marketing ops, customer support, compliance support, analytics, procurement, project management, and middle management. The real read: This is not a one-off Uber story. This is the corporate world learning that many white-collar coordination functions were built for a pre-AI labor model. The next phase of capitalism will try to scale revenue without scaling people. That means margin upside for certain companies and a much harsher job market for the professional middle. Companies will not say “AI replaced these people” cleanly. They will say efficiency, restructuring, focus, simplification, operating discipline, flattening, automation, productivity. Same machine, softer language. The deepest version: Uber just cut part of the human-hiring layer because it does not believe the future requires as many humans to run the company. That is the signal.

This is big... Anthropic just announced a model so powerful they won't release it to the public out of fear over the damage it will cause 😨 Claude Mythos Preview found thousands of zero-day exploits in every major operating system and web browser... The numbers are hard to believe: > $50 to find a 27-year-old bug in OpenBSD, one of the most security-hardened operating systems ever built > Under $1,000 to find AND build a fully working remote code execution exploit on FreeBSD that grants unauthenticated root access from anywhere on the internet > Under $2,000 to chain together multiple Linux kernel vulnerabilities into a complete privilege escalation exploit For context: these are the kinds of findings that previously required elite security researchers working for weeks. Anthropic engineers with no formal security training asked Mythos to find exploits overnight. They woke up to working code the next morning. The results were so impressive Anthropic assembled Apple, Google, Microsoft, Amazon, NVIDIA, and seven other organizations into Project Glasswing: A $100M defensive coalition. They're not releasing this model publicly. Instead, they're racing to patch the world's infrastructure before models like this proliferate.

My dear front-end developers (and anyone who’s interested in the future of interfaces): I have crawled through depths of hell to bring you, for the foreseeable years, one of the more important foundational pieces of UI engineering (if not in implementation then certainly at least in concept): Fast, accurate and comprehensive userland text measurement algorithm in pure TypeScript, usable for laying out entire web pages without CSS, bypassing DOM measurements and reflow

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

Is Traditional Software Engineering Dead? “Does this mean that traditional software engineering is dead? Absolutely not. Software engineers—even the ones who are not necessarily tuning or training AI models—these are now among the most leveraged people on earth. Sure, the guys who are training and tuning models are even more leveraged because they’re building the tool set that software engineers are using. But software engineers still have two massive advantages on you. First, they think in code, so they actually know what’s going on underneath. And all abstractions are leaky. So when you have a computer programming for you—when you have Claude Code or equivalent programming for you—it’s going to make mistakes. It’s going to have bugs. It’s going to have suboptimal architecture. So it’s not going to be quite right. And someone who understands what’s going on underneath will be able to plug the leaks as they occur. So if you want to build a well-architected application, if you want to be able to even specify a well-architected application, if you want to be able to make it run at high performance, if you want it to do its best, if you want to catch the bugs early, then you’re going to want to have a software engineering background. The traditional software engineer is going to be able to use these tools much better. And there are still many kinds of problems in software engineering that are out of scope for these AI programs today. The easiest way to think about those is problems that are outside of their data distribution. For example, if they need to do a binary sort or reverse a linked list, they’ve seen countless examples of that, so they’re extremely good at it. But when you start getting out of their domain—where you have to write very high-performance code, when you’re running on architectures that are novel or brand new, when you’re actually creating new things or solving new problems, then you still need to get in there and hand code it. At least until either there are so many of those examples that new models can be trained on them, or until these models can sufficiently reason at even higher levels of abstraction and crack it on their own… And remember: there is no demand for average. The average app—nobody wants it, at least as long as it’s not filling some niche that is filled by a superior app. The app that is better will win essentially a hundred percent of the market. Maybe there’s some small percentage that will bleed off to the second-best app because it does some little niche feature better than the main app, or it’s cheaper, or something of the sort. But generally speaking, people only want the best of anything. So the bad news is there’s no point in being number two or number three—like in the famous Glengarry Glen Ross scene where Alec Baldwin says, “First place gets a Cadillac Eldorado, second place gets a set of steak knives, and third place you’re fired.” That’s absolutely true in these winner-take-all markets. That’s the bad news: You have to be the best at something if you want to win. However, the set of things you can be best at is infinite. You can always find some niche that is perfect for you, and you can be the best at that thing. This goes back to an old tweet of mine where I said, “Become the best in the world at what you do. Keep redefining what you do until this is true.” And I think that still applies in this age of AI.”

“Coding” was never the source of value, and people shouldn’t get overly attached to it. Problem solving is the core skill. The discipline and precision demanded by traditional programming will remain valuable transferable attributes, but they won’t be a barrier to entry. Many times over the years I have thought about a great programmer I knew that loved assembly language to the point of not wanting to move to C. I have to fight some similar feelings of my own around using existing massive codebases and inefficient languages, but I push through. I had somewhat resigned myself to the fact that I might be missing out on the “final abstraction”, where you realize that managing people is more powerful than any personal tool. I just don’t like it, and I can live with the limitations that puts on me. I suspect that I will enjoy managing AIs more, even if they wind up being better programmers than I am.