Marc Grau Benaiges

Discovered a new method for detecting if someone is using Incognito in Chrome: Write 512 tiny 1-byte responses into a scratch Cache API cache, then read: https://t.co/gsVNLl57y6.estimate().usageDetails.caches Normal Chrome: ~393kb Incognito: ~85kb Why? When you're in incognito, Chrome writes to memory instead of disk, which leaves less metadata residue

Valve co-founder Gabe Newell responded to accusations that Steam operates as a monopoly in the PC gaming market Addressing the criticism, Newell said gamers have “plenty of options” when buying games. According to him, players can choose from many digital stores, including rival platforms and stores run by game publishers themselves. Valve says Steam’s success comes from a service that both gamers and developers willingly choose.

I've got an agent in a loop optimizing a renderer with the goal to minimize frame times (and tests to measure). It got times down from 88ms to 2ms and allocations down from ~150K to 500. Sounds good, right? Wrong. This is exactly why agent psychosis is a big fucking problem. As an experiment, I rewrote the Ghostty core render state in Go, with access to identically laid out data structures as Ghostty and the exact same validation tests. I made a purposely naive renderer (simple, correct, but slow). 88ms per frame with 150,000 allocations (horrendous, lol)! I then kickstarted a Ralph loop to bring the frame times down. I told it it can't modify input data structures or the public API or tests (they're correct), but it can do anything else it wants. It got to work. It has worked for about 4 hours. I've spent around $350 on this experiment so far. The results? 88ms => 1.5ms 150K allocs => ~500 allocs Incredible right? Nope. My hand-written renderer I ported has frame times (same benchmark) of ~20us (0.020ms) and 0 allocations in the update path. This is the problem with psychosis and lacking systems understanding. If you don't understand the system, you're going to accept that this is an incredible result. If you understand the system, you'll see better solutions immediately and can do roughly 75x better on throughput. The people who blindly trust agent output are in the former camp. They're sheeple, overdrinking from a fountain of mediocrity. Standard disclaimer: I use AI all the time. I like AI. The point I'm making is to not blindly accept results. Think. Analyze. Learn.

It is a shame that the simple act of transferring a large block of data as fast as possible over the internet is not handled effectively by the primitive operating system calls. You either multiplex over parallel persistent TCP connections to combat head-of-line blocking and slow starts, or reinvent reliable delivery and flow control over UDP. QUIC has a lot going for it, but it is a large library (six figure LoC!) and conflates security and performance in a way I don’t love. There is also fundamental information about competition with other processes and link layer congestion that should be useful, but is unavailable to user libraries. You should be able to just write(really_big_buffer) and it is all taken care of for you.

Security things from the last few days: - CopyFail (linux pwn'd) - CopyFail 2/Dirty Frag - 13 advisories in Next.js - Over 70 CVEs addressed in MacOS 26.5 - ~50 CVEs addressed in iOS 26.5 - YellowKey (Windows Bitlocker pwn'd entirely) - GreenPlasma (Windows privilege escalation) - CVE-2026-21510 and CVE-2026-21513 confirmed to be used by Russia for Windows RCE - CVE-2026-32202 separately confirmed to be used by Russia for sensitive document access - Mini-Shai Hulud (over 300 JS and Python packages compromised via GitHub Action cache poisoning) - Google confirms they have identified AI-powered exploitation of zero days in an unidentified "open-source, web-based system administration too" - Canvas (popular LMS used in most schools) pwn'd entirely - PAN-OS (palo alto networks) pwn'd with a 9.3 severity CVE-2026-0300 Are you scared yet?

just posted a video for my students explaining why they *have* to write the sort of code that, yes, can be generated by an LLM I am giving them this https://t.co/U61NTuAI2x file: https://t.co/R6x5ChBHlw and telling them "Look, here are the guard rails. I can't make you use the guardrails. If you want to be a good programmer though, use the guardrails." I'm moving all my quizzes to in-person on-paper no digital devices, and that's what their grades will be mostly based on because there's simply no way to tell if a successful assignment was done by the student or an LLM. adapt. improvise. re-adapt.