✈️📷 Challenge accepted! Saw
@Arxiv_Daily
’s “LLM-over-DNS on a flight” magic and
@levelsio
’s 15-minute build flex… so I went full hackathon mode. Result: DNSChat – a native iOS + Android app that lets you chat via DNS, sip-coffee-slow Wi-Fi, or whatever connection you’ve got. 📷https://t.co/QvBDczwxty 📷 Built with React Native, Swift & Kotlin, buttery-smooth on both stores. 📷 Works with
for the Claude-code wizardry that made this ship 📷 Give it a spin, fork it, meme it—let’s see what you break build next! #IndieDev #DNS #LLM #OpenSource #claude #openai.at service out-of-the-box. Huge shout-out also to steipete
In Brussels for the first time. My hotel tells me I can't control the A/C because of the environment. They promise they will keep it at 26C for me the whole time.
We are staying for only 3 days, so they will not clean my room or change my towels. I have to take the trash out of the room myself.
This is so bizarre.
I want to find a way to make sense of this, but it's hard not to make the cynical observation that the hotel is benefiting at the guests' expense.
As someone who lives in Portugal which already stops every single package you get from outside EU with no exceptions for a decade or more:
I can tell you how this will go
From now on if you receive a package from outside EU, it'll first go missing for weeks and nobody will know where it is, then you'll receive an email from your country's customs agency
They'll make you login to some extremely unusable and outdated web portal which breaks half the time and where you have to classify your shipment in one of 10,000 confusing category codes
Depending on the category code you'll pay a different tax rate, sometimes it's 5% sometimes it's 60%
Then you have to pay the customs duty in some archaic way that will also be broken half the time
And then you'll finally receive your package from outside EU after months
Experiencing this for a few times you'll realize you will never ever try to order or receive anything from outside EU ever because the ordeal is too painful and expensive
I get asked a lot here by people from US to test out new products (like the guy who made the Minimal Phone) and it's just literally impossible for me to receive it even for testing. I tried to classify it as samples for testing but you need to go through a bureaucratic process of insane lengths to get that through so I just gave up
Realistically all this does is make Europeans live even more in the stone ages, as now they can't use modern AI, nor get modern products from outside EU because it'll be too much hassle to order
We’ve received notice that the Department of Commerce has lifted export controls on Claude Fable 5 and Mythos 5.
We'll begin restoring access tomorrow, and will share an update soon.
We’re grateful to our users for their patience, and to everyone who worked with us on redeploying the models.
Codex usage limits will be fully reset again in the next hour and we will credit one additional reset into your bank for your own usage over the next 24 hours.
We investigated reports that Codex usage was being consumed faster than expected. There wasn't one central issue, but a few smaller problems compounded for some users.
Here's what we found and changed:
- Actual usage: Auto-review had become more proactive, another change was triggering more subagent work, and background suggestions could run twice or retry too frequently after failures. We reverted the changes and fixed suggestion scheduling, duplicate generation, and retry behavior. This should reduce unnecessary background token consumption while preserving the work users explicitly request.
- Usage reporting: Auto-review was incorrectly appearing as GPT‑5.4 usage, and failed or rate-limited requests were still shown as turns. Auto-review now appears as its own category, and only successful requests count toward the turn graphs. Rate-limited requests were never charged, but they were being displayed incorrectly.
- Immediate relief: We reset usage limits while rolling out the fixes, then shipped hotfixes across the CLI, desktop app, and usage backend.
- What to expect: New usage data should be clearer and actual consumption should be lower. Historical charts may still show auto-review under GPT‑5.4 because older turn data was not relabeled. Features that intentionally perform more work; such as /goal, subagents, and higher reasoning levels will still naturally use more capacity.
All fixes are now deployed, and we've added more detailed monitoring so we can detect background-usage regressions sooner. We'll continue watching the results closely.
Thank you for building and doing all sorts of things with Codex.
Two months ago I was fired by Google for creating the Google Workspace CLI. It went viral, hit #1 on Hacker News, gained thousands of GitHub stars and many thousands of actual users in just a couple days.
It was an incredible, confusing journey, from directors and leaders asking what they could learn from the tool to getting grilled by legal about why the Google logo and brand colors are on the Google Workspace GitHub code repositories.
I think the cause was that Workspace and certain leaders (and projects) were afraid of being disrupted. But the fear wasn't specific to my CLI, it was a broader fear in what agents meant for Workspace. Either way, the irony of my termination was the announcement at Google Cloud Next two days before I was fired that an official Workspace CLI was coming.
I want this out there because it is easier for me to explain my story and it is an experience I want to fully own. It's also part of my healing.
Nearly 7 years at Google was an incredible opportunity for me and I was fortunate to have wonderful teammates and a manager that fully supported me through these last few months. Thank you.
MiniSwift Studio is now an installable, fully-offline Swift IDE.
The question that started it: why do you need a Mac and Xcode just to try SwiftUI?
MiniSwift Studio runs a Swift compiler and runtime entirely in your browser — WebAssembly, 100% client-side, no server round-trips. Live SwiftUI preview, a real breakpoint debugger, SwiftData, Foundation, Metal, GameKit etc.
And as of today you can install it like a native app and use it completely offline.
The part I'm proud of: the live debugger relies on SharedArrayBuffer, which needs cross-origin isolation.
Making that survive offline, served from a service-worker cache instead of the network, was the hard part.
Now you can board a plane, launch it from your dock, and compile + run + step through real SwiftUI with zero connection.
Also new:
• Open a real folder from disk and save back to it (File System Access)
• ~16 MB cached once → instant, and offline forever
• A clean update flow that never drops your unsaved code
No Mac. No Xcode. No server. Just a browser.
Try it: https://t.co/6jRu741qZG
Install it: hit "Install app" on https://t.co/CHKxAzOcuB
Would love your feedback.
#Swift #SwiftUI #WebAssembly #PWA #iOSDev #WebDev #DeveloperTools
Announcing mattpocock/skills v1
- Achieved a 63% reduction in token cost for skill descriptions
- Split skills into model-invocable and user-invocable skills, adding /codebase-design, /domain-modeling, and /grilling
- (UPDATED) /writing-great-skills - rewritten from the ground up, encoding my skill-writing best practices
- (UPDATED) /diagnose -> /diagnosing-bugs - now model-invocable, awesome for fixing hard bugs
- (NEW) /ask-matt: a router skill that teaches you how all the engineering skills work together
Microsoft has identified a supply chain attack on the Mastra-AI npm ecosystem, with 80+ packages compromised through npm account takeover. The attacker introduced a phantom dependency into the compromised packages. The malicious dependency was published by a single anonymous maintainer less than 24 hours ago.
The compromised [email protected] adds the dependency easy-day-js@^1.11.21 (typosquat of "dayjs"), which resolves to v1.11.22. The post-install script runs node setup.cjs, which downloads and executes a remote payload.
The post-install script in [email protected]:
1. Bypasses TLS: Disables SSL verification (NODE_TLS_REJECT_UNAUTHORIZED=0) to communicate with attacker C2 without certificate errors
2. Writes tracking files: Creates ~/.pkg_history (infected machine path) and ~/.pkg_logs (XOR-encoded marker) to prevent re-infection
3. Downloads hidden payload: Fetches second-stage .js from 23[.]254[.]164[.]92:8000/update/49890878
4. Executes as invisible process: Spawns downloaded payload with C2 endpoint 23[.]254[.]164[.]123:443 passed as argument, runs detached and hidden (windowsHide=true)
5. Covers tracks: Deletes setup.cjs to remove all evidence of initial infection
This attack affects [email protected], mastra/pg, mastra/mcp, mastra/schema-compat, mastra/ai-sdk, mastra/rag, and 80+ other packages.
Microsoft Defender for Endpoint customers should monitor and act on alerts with Trojan:JS/ObfusNpmJs in the title. Customers can also check for the following IOCs:
- ls ~/.pkg_history ~/.pkg_logs
- random .js files in home/temp directory
Users are advised to downgrade to previous versions immediately, use [email protected] explicitly, and use lockfiles.
The Municipal IT company of Rio de Janeiro's city government has reportedly gotten early access to Le Chaton Fat, and combined with their learnings from Rio 3.5 Open 397B, has trained "O Gatinho Gordo" which boasts a whopping 1 Quadrillion parameters and has supersaturated all known benchmarks
GLM-5.2 is now fully available for GLM Coding Plan users.
ZCode 3.0 is deeply optimized for GLM-5.2, bringing stronger Agent task execution, better long-context coding, and the new Goal feature for managing larger development objectives from planning to completion.
Coding Plan subscribers get 150% usage quota inside ZCode. New users get 5 days free with 5M tokens per day.
Download: https://t.co/HYwjwRO9bE