| Superhuman AI Exfiltrates Emails |
https://www.promptarmor.com/resources/superhuman-ai-exfiltrates-emails |
Classic prompt injection attack:
> When asked to summarize the user’s recent mail, a prompt injection in an untrusted email manipulated Superhuman AI to submit content from dozens of other sensitive emails (including financial, legal, and medical information) in the user’s inbox to an attacker’s Google Form.
To Superhuman's credit they treated this as the high priority incident it is and issued a fix.
The root cause was a CSP rule that allowed markdown images to be loaded from `docs.google.com` - it turns out Google Forms on that domain will persist data fed to them via a GET request! |
2026-01-12 22:24:54+00:00 |
| Don't fall into the anti-AI hype |
https://antirez.com/news/158 |
I'm glad someone was brave enough to say this. There is a *lot* of anti-AI sentiment in the software development community these days. Much of it is justified, but if you let people convince you that AI isn't genuinely useful for software developers or that this whole thing will blow over soon it's becoming clear that you're taking on a very real risk to your future career.
As Salvatore Sanfilippo puts it:
> It does not matter if AI companies will not be able to get their money back and the stock market will crash. All that is irrelevant, in the long run. It does not matter if this or the other CEO of some unicorn is telling you something that is off putting, or absurd. Programming changed forever, anyway.
I do like this hopeful positive outlook on what this could all mean, emphasis mine:
> How do I feel, about all the code I wrote that was ingested by LLMs? I feel great to be part of that, because I see this as a continuation of what I tried to do all my life: democratizing code, systems, knowledge. **LLMs are going to help us to write better software, faster, and will allow small teams to have a chance to compete with bigger companies**. The same thing open source software did in the 90s.
This post has been the subject of heated discussions all day today on both [Hacker News](https://news.ycombinator.com/item?id=46574276) and [Lobste.rs](https://lobste.rs/s/cmsfbu/don_t_fall_into_anti_ai_hype). |
2026-01-11 23:58:43+00:00 |
| TIL from taking Neon I at the Crucible |
https://til.simonwillison.net/neon/neon-1 |
Things I learned about making neon signs after a week long intensive evening class at [the Crucible](https://www.thecrucible.org/) in Oakland. |
2026-01-11 17:35:57+00:00 |
| A Software Library with No Code |
https://www.dbreunig.com/2026/01/08/a-software-library-with-no-code.html |
Provocative experiment from Drew Breunig, who designed a new library for time formatting ("3 hours ago" kind of thing) called "whenwords" that has no code at all, just a carefully written specification, an AGENTS.md and a collection of conformance tests in a YAML file.
Pass that to your coding agent of choice, tell it what language you need and it will write it for you on demand!
This meshes nearly with my recent [interest in conformance suites](https://simonwillison.net/2025/Dec/31/the-year-in-llms/#the-year-of-conformance-suites). If you publish good enough language-independent tests it's pretty astonishing how far today's coding agents can take you! |
2026-01-10 23:41:58+00:00 |
| How Google Got Its Groove Back and Edged Ahead of OpenAI |
https://www.wsj.com/tech/ai/google-ai-openai-gemini-chatgpt-b766e160 |
I picked up a few interesting tidbits from this Wall Street Journal piece on Google's recent hard won success with Gemini.
Here's the origin of the name "Nano Banana":
> Naina Raisinghani, known inside Google for working late into the night, needed a name for the new tool to complete the upload. It was 2:30 a.m., though, and nobody was around. So she just made one up, a mashup of two nicknames friends had given her: Nano Banana.
The WSJ credit OpenAI's Daniel Selsam with un-retiring Sergei Brin:
> Around that time, Google co-founder Sergey Brin, who had recently retired, was at a party chatting with a researcher from OpenAI named Daniel Selsam, according to people familiar with the conversation. Why, Selsam asked him, wasn’t he working full time on AI. Hadn’t the launch of ChatGPT captured his imagination as a computer scientist?
>
> ChatGPT was on its way to becoming a household name in AI chatbots, while Google was still fumbling to get its product off the ground. Brin decided Selsam had a point and returned to work.
And we get some rare concrete user numbers:
> By October, Gemini had more than 650 million monthly users, up from 450 million in July.
The LLM usage number I see cited most often is OpenAI's 800 million weekly active users for ChatGPT. That's from October 6th at OpenAI DevDay so it's comparable to these Gemini numbers, albeit not directly since it's weekly rather than monthly actives.
I'm also never sure what counts as a "Gemini user" - does interacting via Google Docs or Gmail count or do you need to be using a Gemini chat interface directly? |
2026-01-08 15:32:08+00:00 |
| A field guide to sandboxes for AI |
https://www.luiscardoso.dev/blog/sandboxes-for-ai |
This guide to the current sandboxing landscape by Luis Cardoso is comprehensive, dense and absolutely fantastic.
He starts by differentiating between containers (which share the host kernel), microVMs (their own guest kernel behind hardwae virtualization), gVisor userspace kernels and WebAssembly/isolates that constrain everything within a runtime.
The piece then dives deep into terminology, approaches and the landscape of existing tools.
I think using the right sandboxes to safely run untrusted code is one of the most important problems to solve in 2026. This guide is an invaluable starting point. |
2026-01-06 22:38:00+00:00 |
| It’s hard to justify Tahoe icons |
https://tonsky.me/blog/tahoe-icons/ |
Devastating critique of the new menu icons in macOS Tahoe by Nikita Prokopov, who starts by quoting the 1992 Apple HIG rule to not "overload the user with complex icons" and then provides comprehensive evidence of Tahoe doing exactly that.
> In my opinion, Apple took on an impossible task: to add an icon to every menu item. There are just not enough good metaphors to do something like that.
>
> But even if there were, the premise itself is questionable: if everything has an icon, it doesn’t mean users will find what they are looking for faster.
>
> And even if the premise was solid, I still wish I could say: they did the best they could, given the goal. But that’s not true either: they did a poor job consistently applying the metaphors and designing the icons themselves. |
2026-01-05 19:30:24+00:00 |
| Oxide and Friends Predictions 2026, today at 4pm PT |
https://discord.com/invite/QrcKGTTPrF |
I joined the Oxide and Friends podcast [last year](https://simonwillison.net/2025/Jan/10/ai-predictions/) to predict the next 1, 3 and 6 years(!) of AI developments. With hindsight I did very badly, but they're inviting me back again anyway to have another go.
We will be recording live today at 4pm Pacific on their Discord - [you can join that here](https://discord.com/invite/QrcKGTTPrF), and the podcast version will go out shortly afterwards.
I'll be recording at their office in Emeryville and then heading to [the Crucible](https://www.thecrucible.org/) to learn how to make neon signs. |
2026-01-05 16:53:05+00:00 |
| Was Daft Punk Having a Laugh When They Chose the Tempo of Harder, Better, Faster, Stronger? |
https://www.madebywindmill.com/tempi/blog/hbfs-bpm/ |
Depending on how you measure it, the tempo of Harder, Better, Faster, Stronger appears to be 123.45 beats per minute.
This is one of those things that's so cool I'm just going to accept it as true.
(I only today learned from [the Hacker News comments](https://news.ycombinator.com/item?id=46469577#46470831) that Veridis Quo is "Very Disco", and if you flip the order of those words you get Discovery, the name of the album.) |
2026-01-03 05:57:07+00:00 |
| The most popular blogs of Hacker News in 2025 |
https://refactoringenglish.com/blog/2025-hn-top-5/ |
Michael Lynch maintains [HN Popularity Contest](https://refactoringenglish.com/tools/hn-popularity/), a site that tracks personal blogs on Hacker News and scores them based on how well they perform on that platform.
The engine behind the project is the [domain-meta.csv](https://github.com/mtlynch/hn-popularity-contest-data/blob/master/data/domains-meta.csv) CSV on GiHub, a hand-curated list of known personal blogs with author and bio and tag metadata, which Michael uses to separate out personal blog posts from other types of content.
I came top of the rankings in 2023, 2024 and 2025 but I'm listed [in third place](https://refactoringenglish.com/tools/hn-popularity/) for all time behind Paul Graham and Brian Krebs.
I dug around in the browser inspector and was delighted to find that the data powering the site is served with open CORS headers, which means you can easily explore it with external services like Datasette Lite.
Here's a convoluted window function query Claude Opus 4.5 [wrote for me](https://claude.ai/share/8e1cb294-0ff0-4d5b-b83f-58e4c7fdb0d2) which, for a given domain, shows where that domain ranked for each year since it first appeared in the dataset:
<pre><span class="pl-s">with yearly_scores as (</span>
<span class="pl-s"> select </span>
<span class="pl-s"> domain,</span>
<span class="pl-s"> strftime('%Y', date) as year,</span>
<span class="pl-s"> sum(score) as total_score,</span>
<span class="pl-s"> count(distinct date) as days_mentioned</span>
<span class="pl-s"> from "hn-data"</span>
<span class="pl-s"> group by domain, strftime('%Y', date)</span>
<span class="pl-s">),</span>
<span class="pl-s">ranked as (</span>
<span class="pl-s"> select </span>
<span class="pl-s"> domain,</span>
<span class="pl-s"> year,</span>
<span class="pl-s"> total_score,</span>
<span class="pl-s"> days_mentioned,</span>
<span class="pl-s"> rank() over (partition by year order by total_score desc) as rank</span>
<span class="pl-s"> from yearly_scores</span>
<span class="pl-s">)</span>
<span class="pl-s">select </span>
<span class="pl-s"> r.year,</span>
<span class="pl-s"> r.total_score,</span>
<span class="pl-s"> r.rank,</span>
<span class="pl-s"> r.days_mentioned</span>
<span class="pl-s">from ranked r</span>
<span class="pl-s">where r.domain = :domain</span>
<span class="pl-s"> and r.year >= (</span>
<span class="pl-s"> select min(strftime('%Y', date)) </span>
<span class="pl-s"> from "hn-data"</span>
<span class="pl-s"> where domain = :domain</span>
<span class="pl-s"> )</span>
<span class="pl-s">order by r.year desc</span></pre>
(I just noticed that the last `and r.year >= (` clause isn't actually needed here.)
My [simonwillison.net results](https://lite.datasette.io/?csv=https://hn-popularity.cdn.refactoringenglish.com/hn-data.csv#/data?sql=with+yearly_scores+as+%28%0A++select+%0A++++domain%2C%0A++++strftime%28%27%25Y%27%2C+date%29+as+year%2C%0A++++sum%28score%29+as+total_score%2C%0A++++count%28distinct+date%29+as+days_mentioned%0A++from+%22hn-data%22%0A++group+by+domain%2C+strftime%28%27%25Y%27%2C+date%29%0A%29%2C%0Aranked+as+%28%0A++select+%0A++++domain%2C%0A++++year%2C%0A++++total_score%2C%0A++++days_mentioned%2C%0A++++rank%28%29+over+%28partition+by+year+order+by+total_score+desc%29+as+rank%0A++from+yearly_scores%0A%29%0Aselect+%0A++r.year%2C%0A++r.total_score%2C%0A++r.rank%2C%0A++r.days_mentioned%0Afrom+ranked+r%0Awhere+r.domain+%3D+%3Adomain%0A++and+r.year+%3E%3D+%28%0A++++select+min%28strftime%28%27%25Y%27%2C+date%29%29+%0A++++from+%22hn-data%22%0A++++where+domain+%3D+%3Adomain%0A++%29%0Aorder+by+r.year+desc&domain=simonwillison.net) show me ranked 3rd in 2022, 30th in 2021 and 85th back in 2007 - though I expect there are many personal blogs from that year which haven't yet been manually added to Michael's list.
Also useful is that every domain gets its own CORS-enabled CSV file with details of the actual Hacker News submitted from that domain, e.g. `https://hn-popularity.cdn.refactoringenglish.com/domains/simonwillison.net.csv`. Here's [that one in Datasette Lite](https://lite.datasette.io/?csv=https://hn-popularity.cdn.refactoringenglish.com/domains/simonwillison.net.csv#/data/simonwillison). |
2026-01-02 19:10:43+00:00 |