| Google API Keys Weren't Secrets. But then Gemini Changed the Rules. |
https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules |
Yikes! It turns out Gemini and Google Maps (and other services) share the same API keys... but Google Maps API keys are designed to be public, since they are embedded directly in web pages. Gemini API keys can be used to access private files and make billable API requests, so they absolutely should not be shared.
If you don't understand this it's very easy to accidentally enable Gemini billing on a previously public API key that exists in the wild already.
> What makes this a privilege escalation rather than a misconfiguration is the sequence of events.
>
> 1. A developer creates an API key and embeds it in a website for Maps. (At that point, the key is harmless.)
> 2. The Gemini API gets enabled on the same project. (Now that same key can access sensitive Gemini endpoints.)
> 3. The developer is never warned that the keys' privileges changed underneath it. (The key went from public identifier to secret credential).
Truffle Security found 2,863 API keys in the November 2025 Common Crawl that could access Gemini, verified by hitting the `/models` listing endpoint. This included several keys belonging to Google themselves, one of which had been deployed since February 2023 (according to the Internet Archive) hence predating the Gemini API that it could now access.
Google are working to revoke affected keys but it's still a good idea to check that none of yours are affected by this. |
2026-02-26 04:28:55+00:00 |
| tldraw issue: Move tests to closed source repo |
https://github.com/tldraw/tldraw/issues/8082 |
It's become very apparent over the past few months that a comprehensive test suite is enough to build a completely fresh implementation of any open source library from scratch, potentially in a different language.
This has worrying implications for open source projects with commercial business models. Here's an example of a response: tldraw, the outstanding collaborative drawing library (see [previous coverage](https://simonwillison.net/2023/Nov/16/tldrawdraw-a-ui/)), are moving their test suite to a private repository - apparently in response to [Cloudflare's project to port Next.js to use Vite in a week using AI](https://blog.cloudflare.com/vinext/).
They also filed a joke issue, now closed to [Translate source code to Traditional Chinese](https://github.com/tldraw/tldraw/issues/8092):
> The current tldraw codebase is in English, making it easy for external AI coding agents to replicate. It is imperative that we defend our intellectual property.
Worth noting that tldraw aren't technically open source - their [custom license](https://github.com/tldraw/tldraw?tab=License-1-ov-file#readme) requires a commercial license if you want to use it in "production environments".
**Update**: Well this is embarrassing, it turns out the issue I linked to about removing the tests was [a joke as well](https://github.com/tldraw/tldraw/issues/8082#issuecomment-3964650501):
> Sorry folks, this issue was more of a joke (am I allowed to do that?) but I'll keep the issue open since there's some discussion here. Writing from mobile
>
> - moving our tests into another repo would complicate and slow down our development, and speed for us is more important than ever
> - more canvas better, I know for sure that our decisions have inspired other products and that's fine and good
> - tldraw itself may eventually be a vibe coded alternative to tldraw
> - the value is in the ability to produce new and good product decisions for users / customers, however you choose to create the code |
2026-02-25 21:06:53+00:00 |
| Claude Code Remote Control |
https://code.claude.com/docs/en/remote-control |
New Claude Code feature dropped yesterday: you can now run a "remote control" session on your computer and then use the Claude Code for web interfaces (on web, iOS and native desktop app) to send prompts to that session.
It's a little bit janky right now. Initially when I tried it I got the error "Remote Control is not enabled for your account. Contact your administrator." (but I *am* my administrator?) - then I logged out and back into the Claude Code terminal app and it started working:
claude remote-control
You can only run one session on your machine at a time. If you upgrade the Claude iOS app it then shows up as "Remote Control Session (Mac)" in the Code tab.
It appears not to support the `--dangerously-skip-permissions` flag (I passed that to `claude remote-control` and it didn't reject the option, but it also appeared to have no effect) - which means you have to approve every new action it takes.
I also managed to get it to a state where every prompt I tried was met by an API 500 error.
<p style="text-align: center;"><img src="https://static.simonwillison.net/static/2026/vampire-remote.jpg" alt="Screenshot of a "Remote Control session" (Mac:dev:817b) chat interface. User message: "Play vampire by Olivia Rodrigo in music app". Response shows an API Error: 500 {"type":"error","error":{"type":"api_error","message":"Internal server error"},"request_id":"req_011CYVBLH9yt2ze2qehrX8nk"} with a "Try again" button. Below, the assistant responds: "I'll play "Vampire" by Olivia Rodrigo in the Music app using AppleScript." A Bash command panel is open showing an osascript command: osascript -e 'tell application "Music" activate set searchResults to search playlist "Library" for "vampire Olivia Rodrigo" if (count of searchResults) > 0 then play item 1 of searchResults else return "Song not found in library" end if end tell'" style="max-width: 80%;" /></p>
Restarting the program on the machine also causes existing sessions to start returning mysterious API errors rather than neatly explaining that the session has terminated.
I expect they'll iron out all of these issues relatively quickly. It's interesting to then contrast this to solutions like OpenClaw, where one of the big selling points is the ability to control your personal device from your phone.
Claude Code still doesn't have a documented mechanism for running things on a schedule, which is the other killer feature of the Claw category of software.
**Update**: I spoke too soon: also today Anthropic announced [Schedule recurring tasks in Cowork](https://support.claude.com/en/articles/13854387-schedule-recurring-tasks-in-cowork), Claude Code's [general agent sibling](https://simonwillison.net/2026/Jan/12/claude-cowork/). These do include an important limitation:
> Scheduled tasks only run while your computer is awake and the Claude Desktop app is open. If your computer is asleep or the app is closed when a task is scheduled to run, Cowork will skip the task, then run it automatically once your computer wakes up or you open the desktop app again.
I really hope they're working on a Cowork Cloud product. |
2026-02-25 17:33:24+00:00 |
| go-size-analyzer |
https://github.com/Zxilly/go-size-analyzer |
The Go ecosystem is *really* good at tooling. I just learned about this tool for analyzing the size of Go binaries using a pleasing treemap view of their bundled dependencies.
You can install and run the tool locally, but it's also compiled to WebAssembly and hosted at [gsa.zxilly.dev](https://gsa.zxilly.dev/) - which means you can open compiled Go binaries and analyze them directly in your browser.
I tried it with a 8.1MB macOS compiled copy of my Go [Showboat](https://github.com/simonw/showboat) tool and got this:
 |
2026-02-24 16:10:06+00:00 |
| Ladybird adopts Rust, with help from AI |
https://ladybird.org/posts/adopting-rust/ |
Really interesting case-study from Andreas Kling on advanced, sophisticated use of coding agents for ambitious coding projects with critical code. After a few years hoping Swift's platform support outside of the Apple ecosystem would mature they switched tracks to Rust their memory-safe language of choice, starting with an AI-assisted port of a critical library:
> Our first target was **LibJS** , Ladybird's JavaScript engine. The lexer, parser, AST, and bytecode generator are relatively self-contained and have extensive test coverage through [test262](https://github.com/tc39/test262), which made them a natural starting point.
>
> I used [Claude Code](https://docs.anthropic.com/en/docs/claude-code) and [Codex](https://openai.com/codex/) for the translation. This was human-directed, not autonomous code generation. I decided what to port, in what order, and what the Rust code should look like. It was hundreds of small prompts, steering the agents where things needed to go. [...]
>
> The requirement from the start was byte-for-byte identical output from both pipelines. The result was about 25,000 lines of Rust, and the entire port took about two weeks. The same work would have taken me multiple months to do by hand. We’ve verified that every AST produced by the Rust parser is identical to the C++ one, and all bytecode generated by the Rust compiler is identical to the C++ compiler’s output. Zero regressions across the board.
Having an existing conformance testing suite of the quality of `test262` is a huge unlock for projects of this magnitude, and the ability to compare output with an existing trusted implementation makes agentic engineering much more of a safe bet. |
2026-02-23 18:52:53+00:00 |
| The Claude C Compiler: What It Reveals About the Future of Software |
https://www.modular.com/blog/the-claude-c-compiler-what-it-reveals-about-the-future-of-software |
On February 5th Anthropic's Nicholas Carlini wrote about a project to use [parallel Claudes to build a C compiler](https://www.anthropic.com/engineering/building-c-compiler) on top of the brand new Opus 4.6
Chris Lattner (Swift, LLVM, Clang, Mojo) knows more about C compilers than most. He just published this review of the code.
Some points that stood out to me:
> - Good software depends on judgment, communication, and clear abstraction. AI has amplified this.
> - AI coding is automation of implementation, so design and stewardship become more important.
> - Manual rewrites and translation work are becoming AI-native tasks, automating a large category of engineering effort.
Chris is generally impressed with CCC (the Claude C Compiler):
> Taken together, CCC looks less like an experimental research compiler and more like a competent textbook implementation, the sort of system a strong undergraduate team might build early in a project before years of refinement. That alone is remarkable.
It's a long way from being a production-ready compiler though:
> Several design choices suggest optimization toward passing tests rather than building general abstractions like a human would. [...] These flaws are informative rather than surprising, suggesting that current AI systems excel at assembling known techniques and optimizing toward measurable success criteria, while struggling with the open-ended generalization required for production-quality systems.
The project also leads to deep open questions about how agentic engineering interacts with licensing and IP for both open source and proprietary code:
> If AI systems trained on decades of publicly available code can reproduce familiar structures, patterns, and even specific implementations, where exactly is the boundary between learning and copying? |
2026-02-22 23:58:43+00:00 |
| London Stock Exchange: Raspberry Pi Holdings plc |
https://www.londonstockexchange.com/stock/RPI/raspberry-pi-holdings-plc/company-page |
Striking graph illustrating stock in the UK Raspberry Pi holding company spiking on Tuesday:
The Telegraph [credited excitement around OpenClaw](https://finance.yahoo.com/news/british-computer-maker-soars-ai-141836041.html):
> Raspberry Pi's stock price has surged 30pc in two days, amid chatter on social media that the company's tiny computers can be used to power a popular AI chatbot.
>
> Users have turned to Raspberry Pi's small computers to run a technology known as OpenClaw, [a viral AI personal assistant](https://www.telegraph.co.uk/business/2026/02/07/i-built-a-whatsapp-bot-and-now-it-runs-my-entire-life/). A flood of posts about the practice have been viewed millions of times since the weekend.
Reuters [also credit a stock purchase by CEO Eben Upton](https://finance.yahoo.com/news/raspberry-pi-soars-40-ceo-151342904.html):
> Shares in Raspberry Pi rose as much as 42% on Tuesday in a record two‑day rally after CEO Eben Upton bought stock in the beaten‑down UK computer hardware firm, halting a months‑long slide, as chatter grew that its products could benefit from low‑cost artificial‑intelligence projects.
>
> Two London traders said the driver behind the surge was not clear, though the move followed a filing showing Upton bought about 13,224 pounds worth of shares at around 282 pence each on Monday. |
2026-02-22 23:54:39+00:00 |
| How I think about Codex |
https://www.linkedin.com/pulse/how-i-think-codex-gabriel-chua-ukhic |
Gabriel Chua (Developer Experience Engineer for APAC at OpenAI) provides his take on the confusing terminology behind the term "Codex", which can refer to a bunch of of different things within the OpenAI ecosystem:
> In plain terms, Codex is OpenAI’s software engineering agent, available through multiple interfaces, and an agent is a model plus instructions and tools, wrapped in a runtime that can execute tasks on your behalf. [...]
>
> At a high level, I see Codex as three parts working together:
>
> *Codex = Model + Harness + Surfaces* [...]
>
> - Model + Harness = the Agent
> - Surfaces = how you interact with the Agent
He defines the harness as "the collection of instructions and tools", which is notably open source and lives in the [openai/codex](https://github.com/openai/codex) repository.
Gabriel also provides the first acknowledgment I've seen from an OpenAI insider that the Codex model family are directly trained for the Codex harness:
> Codex models are trained in the presence of the harness. Tool use, execution loops, compaction, and iterative verification aren’t bolted on behaviors — they’re part of how the model learns to operate. The harness, in turn, is shaped around how the model plans, invokes tools, and recovers from failure. |
2026-02-22 15:53:43+00:00 |
| Andrej Karpathy talks about "Claws" |
https://twitter.com/karpathy/status/2024987174077432126 |
Andrej Karpathy tweeted a mini-essay about buying a Mac Mini ("The apple store person told me they are selling like hotcakes and everyone is confused") to tinker with Claws:
> I'm definitely a bit sus'd to run OpenClaw specifically [...] But I do love the concept and I think that just like LLM agents were a new layer on top of LLMs, Claws are now a new layer on top of LLM agents, taking the orchestration, scheduling, context, tool calls and a kind of persistence to a next level.
>
> Looking around, and given that the high level idea is clear, there are a lot of smaller Claws starting to pop out. For example, on a quick skim NanoClaw looks really interesting in that the core engine is ~4000 lines of code (fits into both my head and that of AI agents, so it feels manageable, auditable, flexible, etc.) and runs everything in containers by default. [...]
>
> Anyway there are many others - e.g. nanobot, zeroclaw, ironclaw, picoclaw (lol @ prefixes). [...]
>
> Not 100% sure what my setup ends up looking like just yet but Claws are an awesome, exciting new layer of the AI stack.
Andrej has an ear for fresh terminology (see [vibe coding](https://simonwillison.net/2025/Mar/19/vibe-coding/), [agentic engineering](https://simonwillison.net/2026/Feb/11/glm-5/)) and I think he's right about this one, too: "**Claw**" is becoming a term of art for the entire category of OpenClaw-like agent systems - AI agents that generally run on personal hardware, communicate via messaging protocols and can both act on direct instructions and schedule tasks.
It even comes with an established emoji 🦞 |
2026-02-21 00:37:45+00:00 |
| Taalas serves Llama 3.1 8B at 17,000 tokens/second |
https://taalas.com/the-path-to-ubiquitous-ai/ |
This new Canadian hardware startup just announced their first product - a custom hardware implementation of the Llama 3.1 8B model (from [July 2024](https://simonwillison.net/2024/Jul/23/introducing-llama-31/)) that can run at a staggering 17,000 tokens/second.
I was going to include a video of their demo but it's so fast it would look more like a screenshot. You can try it out at [chatjimmy.ai](https://chatjimmy.ai).
They describe their Silicon Llama as “aggressively quantized, combining 3-bit and 6-bit parameters.” Their next generation will use 4-bit - presumably they have quite a long lead time for baking out new models! |
2026-02-20 22:10:04+00:00 |