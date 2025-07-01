While there are many copyright cases working their way through the court system, we now have an important decision from one of them. Judge William Alsup ruled that the use of copyrighted material for training is “transformative” and, hence, fair use; that converting books from print to digital form was fair use; but that the use of pirated books in building a library for training AI was not.

Now that everyone is trying to build intelligent agents, we have to think seriously about agent security—which is doubly problematic because we already haven’t thought enough about AI security and issues like prompt injection. Simon Willison has coined the term “lethal trifecta” to describe the combination of problems that make agent security particularly difficult: access to private data, exposure to untrusted content, and the ability to communicate with external services.

Artificial Intelligence

Programming

Martin Fowler and others describe the “expert generalist” in an attempt to counter increasing specialization in software engineering. Expert generalists combine one (or more) areas of deep knowledge with the ability to add new areas of depth quickly.



Duncan Davidson points out that, with AI able to crank out dozens of demos in little time, the “art of saying no” is suddenly critical to software developers. It’s too easy to get lost in a flood of decent options while trying to pick the best one.



You’ll probably never need to compute a billion factorials. But even if you don’t, this article nicely demonstrates optimizing a tricky numeric problem.



Rust is seeing increased adoption for data engineering projects because of its combination of memory safety and high performance.



The best way to make programmers more productive is to make their job more fun by encouraging experimentation and rest breaks and paying attention to issues like appropriate tooling and code quality.



What’s the next step after platform engineering? Is it platform democracy? Or Google Cloud’s new idea, internal development platforms?



A study by the Enterprise Strategy Group and commissioned by Google claims that software developers waste 65% of their time on problems that are solved by platform engineering.



Stack Overflow is taking steps to preserve its relevance in the age of AI. It’s considering incorporating chat, paying people to be helpers, and adding personalized home pages where you can aggregate important technical information.

Web

Is it time to implement HTTP/3? This standard, which has been around since 2022, solves some of the problems with HTTP/2. It claims to reduce wait and load times, especially when the network itself is lossy. The Nginx server, along with the major browsers, all support HTTP/3.



Monkeon’s WikiRadio is a website that feeds you random clips of Wikipedia audio. Check it out for more projects that remind you of the days when the web was fun.

Security

Cloudflare has blocked a DDOS attack that peaked at 7.3 terabits/second; the peak lasted for about 45 seconds. This is the largest attack on record. It’s not the kind of record we like to see.



How many people do you guess would fall victim to scammers offering to ghostwrite their novels and get them published? More than you would think.



ChainLink Phishing is a new variation on the age-old phish. In ChainLink Phishing, the victim is led through documents on trusted sites, well-known verification techniques like CAPTCHA, and other trustworthy sources before they’re asked to give up private and confidential information.



Cloudflare’s Project Galileo offers free protection against cyberattacks for vulnerable organizations, such as human rights and relief organizations that are vulnerable to denial-of-service (DOS) attacks.



Apple is adding the ability to transfer passkeys to its operating systems. The ability to import and export passkeys is an important step toward making passkeys more usable.



Matthew Green has an excellent post on cryptographic security in Twitter’s (oops, X’s) new messaging system. It’s worth reading for anyone interested in secure messaging. The TL;DR is that it’s better than expected but probably not as good as hoped.



Toxic agent flows are a new kind of vulnerability in which an attacker takes advantage of an MCP server to hijack a user’s agent. One of the first instances forced GitHub’s MCP server to reveal data from private repositories.

Operations

Databricks announced Lakeflow Designer, a visually oriented drag-and-drop no code tool for building data pipelines. Other announcements include Lakebase, a managed Postgres database. We have always been fans of Postgres; this may be its time to shine.



Simple instructions for creating a bootable USB drive for Linux—how soon we forget!



An LLM with a simple agent can greatly simplify the analysis and diagnosis of telemetry data. This will be revolutionary for observability—not a threat but an opportunity to do more. “The only thing that really matters is fast, tight feedback loops.”



DuckLake combines a traditional data lake with a data catalog stored in an SQL database. Postgres, SQLite, MySQL, DuckDB, and others can be used as the database.

Quantum Computing

IBM has committed to building a quantum computer with error correction by 2028. The computer will have 200 logical qubits. This probably isn’t enough to run any useful quantum algorithm, but it still represents a huge step forward.



Researchers have claimed that 2,048-bit RSA encryption keys could be broken by a quantum computer with as few as a million qubits—a factor of 20 less than previous estimates. Time to implement postquantum cryptography!

Robotics