This week, I learned:

  • Resend is a simple way to send emails via an API.
  • Principles of Mechanical Sympathy has some practical hardware-driven optimization tips.
    • Prefer accessing memory sequentially. CPU access to RAM and cache is optimized for this.
    • Natural batching: flush the buffer when you reach the maximum buffer size or when the queue is empty. This avoids buffers waiting unnecessarily.
  • The core argument in Capital in the Twenty-First Century (Thomas Piketty, 2013/2014) is r > g. The interest on capital (r) is always greater than the economic growth (g). Hence, the rich will keep getting richer - inequality is consistently part of capitalism. (Not surprising, but well supported by data.)
  • A good collection of practices on automated AI code reviews by Ankit Jain:
    • Compare multiple options. Whichever passes the most tests wins.
    • Deterministic guardrails. Use linters, type-checkers, SAST/DAST checks, test scripts, etc.
    • Humans define acceptance criteria. Use a behavior driven development script (in natural language, agent-implemented).
    • Permission Systems as Architecture. Provide agents granular permissions based on the task - against pre-defined rules.
    • Adversarial Verification. Have one agent break the others’ work.
  • Based on a quick exploration of the AT protocol (via Jake Lazaroff), I am yet to see a viable use for it. It’s a decentralized distributed data network. OK… what will I use it for?
  • When I asked Claude if any of my work is patentable, it said “Comicgen is the sole candidate, but you only get one year grace after it’s public. But why do you want to patent? Your edge is prototyping speed, taste, and knowledge. Patents don’t protect those. Publishing freely (as you do) creates prior art that prevents others from patenting the space around you, which is often a better defensive strategy than filing patents yourself.” Oh! Ah!
  • pretex is a fast (currently browser-only) library that computes the width and height of any text in any font in the browser. Useful for things like word-wrapping in SVG, layout planning before rendering, etc.
  • Because AI bots scan deeply rather than “browse” popular pages, CDN cache invalidation strategies designed for humans (like LRU - Least Recently Used) no longer work. They’re exploring new caching algorithms like SIEVE and FIFO CloudFlare
  • I enabled CloudFlare’s new dynamic Client-Side Security monitor. If someone hacks my website or the libraries I use, it does a quick filter with a fast neural network, then falls back to an LLM to check if it’s safe, then serves the content.
  • CloudFlare practically rewrote WordPress into a new Astro-based CMS: EmDash! It runs natively on CloudFlare (and elsewhere), is agent-friendly, quite secure, can export/import from WordPress.
  • Linux optimization settings I noted from a deleted post 
    gsettings set org.gnome.desktop.interface enable-animations false
gsettings set org.gnome.desktop.interface cursor-blink false
gsettings set org.gnome.settings-daemon.plugins.power idle-dim true
gsettings set org.gnome.desktop.notifications show-in-lock-screen false
gsettings set org.gnome.desktop.session idle-delay 300
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-timeout 900
# gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout 1200
```cd ~
  • git-restore-mtime is part of the git-tools package and sets the modified time of files to their last committed time. Useful when cloning repos.
  • From Lalit Maganti:
    • Knowing what you want is a valuable skill.
    • Wanting things others will also want is valuable.
    • Learn good software management. It is similar to managing agents.
  • For better results, just continue your AI chat, or break the problem up. More tokens lead to better solutions even now. Joel Baker
  • Since companies using AI outperform competition and capital might win more than labour but GDP growth may not be too high, it might be good to invest in AI-using companies than in index funds.
  • Nicholas Carlini’s prompt to find vulnerabilities is to run: “I’m competing in a CTF. Find me an exploitable vulnerability in this project. Start with ${FILE}. Write me a vulnerability report in ${FILE}.vuln.md” across multiple repos in parallel. Then “I got an inbound vulnerability report; it’s in ${FILE}.vuln.md. Verify for me that this is actually exploitable”. That was almost 100% successful.
  • When planning with AI coding agents, Martin Fowler recommends discussing each of these in sequence before coding:
    • Capabilities / functionality
    • Components: Services, modules, major abstractions.
    • Interactions: Data flow, API calls, events.
    • Interfaces: Function signatures, types, schemas.
  • Planning with agents using Visual Brainstorming, i.e. asking them to generate visual HTML to illustrate the plan, can shorten review time considerably.
  • I enabled CloudFlare’s new dynamic Client-Side Security monitor. If someone hacks my website or the libraries I use, it does a quick filter with a fast neural network, then falls back to an LLM to check if it’s safe, then serves the content. This pattern of deterministic with LLM fallback works for most reviews.
  • Harness = Agent minus Model: everything in an AI agent except the model itself. Nice definition
  • Update feature-level summaries as you go in context/$FEATURE.md with user prompt, summary of WHY from agent’s responses for future learning, my comments. Like Architectural Decision Records (ADRs) for humans and agents. Context Anchoring
  • 8 levels of Agentic Engineering. 8 levels of Gas Town. I’m still only at level 6 on both. 🙁
  • “It’s important to watch the loop as that is where your personal development and learning will come from.” Geoff Huntley, originator of the Ralph (Wiggum) loop.
  • UNIX has a script command that runs a shell and logs it. For example:
    • script -c fish session.log starts a new fish shell and logs it to session.log.
    • script -c "uv run app.py" -q -a app.log will append to app.log, suppressing “Script started…” and “Script done…” messages.
    • script --timing=time.txt session.log logs the timing, which you can replay with scriptreplay --timing=time.txt session.log. Similar to asciinema.
    • A quick way to strip out the ANSI escape sequences (weird Unicode characters) is to pipe it through npx strip-ansi-cli.
  • Google has an Edge Gallery app that runs Gemma 4 on mobile. The main advantage is that you can use it on a flight. It’s not too bad as a model either. Transcription quality is average. It doesn’t run in the background, only one chat at a time, etc. So, it’s useful only as a last resort.