cuppa

brewed 03:06 AM
← Jun 23

Wednesday

jun24

2026

Jun 25 →

the brief

Tooling and agents led today’s pulse: Datasette 1.0a35, Next.js canary tweaks, Anthropic’s Claude Code sandbox hardening, and new harnesses from Hugging Face/IBM and Simon Willison push practical developer workflows. On the infra side, Coinbase’s failover miss fuels reliability lessons, while a U.S. post‑quantum EO sets a 2030 migration clock and OpenAI leans into shared safety standards.

the poursit · sip · 11 items

alerts

(01)
  • cloudflare/blog· feedJun 23, 06:25 PM

    US post-quantum EO sets 2030 deadline

    Cloudflare breaks down the Executive Order mandating post-quantum cryptography migration by 2030 and offers a concrete migration playbook for agencies and vendors.

    The post-quantum EO is an important milestone. Now it’s time to get to work — The new post-quantum executive order sets a 2030 migration deadline and establishes a powerful foundation for post-quantum resilience. We look at what it gets right, where it can go further, and our migration playbook for government and industry.

    signal 7hype 1post_quantumsecuritypolicy_analysissource ↗

pulse

(07)
  • anthropics/claude-code· feedJun 23, 09:03 PM

    Anthropic Claude Code v2.1.187 hardens sandbox

    Adds sandbox.credentials to block secret leakage from sandboxed commands, enforces org model restrictions in picker/CLI, improves UI clicks, and fixes resume errors.

    v2.1.187 — What's changed Added sandbox.credentials setting to block sandboxed commands from reading credential files and secret environment variables Added org-configured model restrictions to the model picker, --model, /model, and ANTHROPIC_MODEL, with a "restricted by your organization's settings" message when a restricted model is selected Added mouse click support to select menus (permission prompts, /model, /config, etc.) in fullscreen mode Fixed --resume failing with "No conversation f...

    signal 9hype 1release_notesclaude_codesecuritysource ↗
  • huggingface/blog· feedJun 23, 12:51 PM

    CUGA harness ships agentic app examples

    Hugging Face and IBM Research release two dozen working examples on a lightweight agent harness, making it easier to build real, auditable multi-tool agent workflows.

    Build real agentic apps using CUGA: two dozen working examples on a lightweight harness

    signal 8hype 1agent_frameworktutorialexamplessource ↗
  • simonw/blog· feedJun 23, 06:58 PM

    OPFS + Pyodide test harness released

    Simon Willison publishes a browser test rig exploring persistent SQLite editing via OPFS and Pyodide, advancing fully client-side data apps and offline-friendly developer workflows.

    OPFS + Pyodide test harness — <p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/opfs-pyodide">OPFS + Pyodide test harness</a></p> <p>I've been pondering if <a href="https://lite.datasette.io/">Datasette Lite</a> - the Python Datasette application run entirely in the browser using Pyodide and WebAssembly - might be able to edit persistent SQLite files stored on the user's computer.</p> <p>That's what <a href="https://developer.mozilla.org/en-US/docs/Web/API/File_System_API/Ori...

  • vercel/next.js· feedJun 24, 12:00 AM

    Next.js 16.3.0-canary.63 tweaks navigation

    Canary adds ISR fallback shells for prefetch, shifts partial prefetching into cached nav runtime, polishes Insights UI, and pulls several Turbopack fixes.

    v16.3.0-canary.63 — Misc Changes Serve ISR fallback shells in response to prefetch requests: #94534 Insights: drop irrelevant fix cards from instant errors: #94926 Navigation inspector UI updates: #94959 skill(next-cache-components-adoption): clarify prereqs: #95082 Turbopack: Delete dead AttachedFileSystem type: #94960 Opt Partial Prefetching routes into the runtime stage of Cached Navs: #95097 Fix #95015 by pulling a fix to scattered-collect: #95098 docs(caching): clarify generateStaticPara...

  • simonw/blog· feedJun 23, 09:34 PM

    Datasette 1.0a35 adds table creation UI

    Big alpha adds a new Create table interface backed by a JSON API, easing schema changes and automation for self-hosted data browsers.

    datasette 1.0a35 — <p><strong>Release:</strong> <a href="https://github.com/simonw/datasette/releases/tag/1.0a35">datasette 1.0a35</a></p> <p>I'll write more about this one tomorrow, but it's a big release. Three highlights from the release notes:</p> <blockquote> <ul> <li>New "Create table" interface in the database actions menu, backed by the <code>/&lt;database&gt;/-/create</code> <a href="https://docs.datasette.io/en/latest/json_api.html#tablecreateview">JSON API</a>. It can define column...

    signal 7hype 2release_notesopen_sourcedatasettesource ↗
  • hn/frontpage· feedJun 24, 12:15 AM

    Y: a malleable coding-agent desktop app

    New open-source Electron app provides a “malleable” coding agent interface on the desktop, aiming for adaptable workflows beyond chat for code generation and editing.

    Show HN: Y – A malleable coding-agent desktop app built with Electron — Article URL: https://github.com/y-times-y/y Comments URL: https://news.ycombinator.com/item?id=48653476 Points: 18 # Comments: 11

    signal 6hype 1show_hnagent_frameworkdesktop_appsource ↗
  • openai/blog· feedJun 23, 01:00 PM

    OpenAI backs shared AI safety standards

    OpenAI announces support for Appia Foundation efforts on evaluations and safety practices, signaling industry coordination around shared benchmarks and governance for advanced AI systems.

    Helping build shared standards for advanced AI — OpenAI helps build shared standards for advanced AI, supporting evaluation frameworks, safety practices, and global cooperation through the Appia Foundation.

    signal 5hype 2standardsgovernanceai_safetysource ↗

findings

(01)
  • hn/frontpage· feedJun 23, 08:23 PM

    Stop verifying emails by spamming them

    A practical teardown shows why sending unsolicited probes to verify addresses is abusive and counterproductive, with better techniques for validation and deliverability suggested.

    Don't verify email addresses by sending spam to them — Article URL: https://milek7.pl/mailverifyspam/ Comments URL: https://news.ycombinator.com/item?id=48650837 Points: 151 # Comments: 46

    signal 5hype 1emailbest_practicesanti_patternsource ↗

voices

(02)
  • pragmatic/engineer· feedJun 23, 04:30 PM

    Coinbase outage lacked zone failover

    Pragmatic Engineer dissects Coinbase’s global trading disruption as an avoidable reliability gap—no automated multi-zone failover—and distills concrete resiliency practices for high-availability systems.

    Reliability fail: No automated zone failover for Coinbase’s global trading service — Hi, this is Gergely with a bonus, free issue of the Pragmatic Engineer Newsletter. In every issue, I cover Big Tech and startups through the lens of senior engineers and engineering leaders. Today, we cover one out of four topics from this past The Pulse issue. Full subscribers received the

    signal 6hype 2reliabilitypostmortemfailoversource ↗
  • hn/frontpage· feedJun 23, 11:42 PM

    Vulnerability reports aren’t special anymore

    Security engineer Filippo Valsorda argues vuln report handling should be normalized into product bugs with clear SLAs and channels, pushing back on broken “security theater” processes.

    Vulnerability reports are not special anymore — Article URL: https://words.filippo.io/vuln-reports/ Comments URL: https://news.ycombinator.com/item?id=48653216 Points: 95 # Comments: 23

    signal 5hype 1securityvuln_disclosureengineering_processsource ↗