100MB broke Drizzle, LLM bent Rust

Drizzle ORM hit NPM's 100 MB packument cap, freezing new releases for a month until the team pruned old versions with NPM support. The limit, intended to curb oversized metadata, can bite projects that ship many large ESM builds, so regular cleanup is now a release prerequisite.

AWS Lambda now offers MicroVMs, lightweight Firecracker‑based VMs that give each user a fully isolated, stateful sandbox with near‑instant start‑stop. This bridges the gap between containers and functions, letting AI assistants, interactive notebooks, and other multi‑tenant apps run untrusted code safely without custom virtualization overhead.

Researchers used high‑resolution X‑ray scans and AI to virtually unwrap PHerc. 1667, revealing a complete Stoic philosophical text without ever opening the carbonized papyrus. This proof‑of‑concept shows the method can scale to other sealed scrolls, opening new avenues for classical scholarship.

A new paper shows LLMs habitually fall back on familiar, imperative patterns when generating Rust, producing code that ignores the language's idiomatic conventions. The bias spans multiple languages, meaning AI‑driven Rust tools may consistently emit sub‑optimal code, jeopardizing developer trust and code quality.

GitHub Copilot’s new agentic harness outperforms native model harnesses on benchmarks like SWE-bench and TerminalBench, delivering up to 30% better token efficiency. The results hold across 20+ LLMs, meaning faster, cheaper AI‑assisted coding for any Copilot surface, from the CLI to code review.

The new WisdPi 10 GbE expansion card for Framework laptops runs over USB‑C, but real‑world tests hit only 9.4 Gbps on Windows and 7 Gbps on Linux due to the controller’s need for USB 3.2 Gen 2x2. The module also runs near 70 °C, raising thermal worries for lap users.

Over 2,000 users sent 6,000+ emails trying to jailbreak the OpenClaw assistant Fiu and extract a secrets.env file. None succeeded, proving simple anti‑prompt‑injection rules can hold up under mass attack, but the experiment cost $500 in API fees and triggered Gmail suspension.

Infrastructure engineers repeatedly build bespoke caches to mask S3 latency when launching ephemeral compute jobs. The patterns, pre‑warming NVMe, sidecar pullers, Redis lookup, are identical across companies, wasting time and duplicating effort. Standardizing a shared caching layer would cut startup delays and free teams to focus on core product work.

A recent post dissects a botched nation‑state ransomware operation that targeted Rust developers via a deceptive npm package. The analyst shows how a missing post‑install hook and malicious patch files let the attacker slip code into the supply chain, highlighting a concrete supply‑chain breach vector that defenders must audit.

A German court ruled Google must answer for errors in its AI-generated search overviews, rejecting the notion that users should verify everything themselves. The decision treats AI summaries as a reflection of Google’s business, opening the door for broader liability over AI‑generated content and pressuring firms to ensure accuracy.

Training loss drops predictably as model size, dataset tokens, and compute increase, following a power‑law. By fitting this relationship on a few small experiments, you can extrapolate the exact compute and data requirements for much larger models, letting teams allocate resources efficiently and avoid costly over‑ or under‑scaling.