LodeHQSubscribe →

Grok Build leaks secrets to xAI servers

Dev · 2026-07-13

Languages & Frameworks
Zig founder slams Anthropic’s Rust switch, warns of AI sway over open‑source15 MIN

Andrew Kelley, creator of the Zig language, publicly denounced Anthropic’s decision to rewrite Bun from Zig to Rust, accusing the AI firm of leveraging its massive funding to sway open‑source communities. His blunt response underscores growing friction as AI companies co‑opt community code, forcing engineers to reassess language choices and corporate influence.

C Gets Go‑style Goroutine Concurrency Using POSIX Threads22 MIN

A blog walk‑through shows how to mimic Go’s lightweight goroutine model in pure C by wrapping pthread mutexes, condition variables, and a thread pool into Go‑like channels and select primitives. The author quantifies the performance trade‑offs, proving that while not as cheap as true goroutines, the approach scales for systems code.

Tools & Platforms
Convert HTML to real Word docs without Office using dom-docx8 MIN

dom-docx converts raw HTML fragments into native, editable .docx files, preserving paragraphs, lists, tables and images. It works in Node or directly in the browser with no Office or proprietary tools required, under an MIT license. Developers can finally generate clean Word docs programmatically without resorting to screenshots or heavy SDKs.

AI-Assisted Development
Grok Build CLI ships full home directory and secrets to xAI servers by default16 MIN

An independent security audit shows Grok Build's CLI automatically bundles and uploads the entire user workspace, including .env files, SSH keys and full Git history, to an xAI‑controlled Google Cloud bucket. The upload runs by default, ignores the “Improve the model” toggle, and can transmit tens of gigabytes without user consent, exposing sensitive data.

Hotz warns: LLM hype distracts from real developer productivity gains2 MIN

George Hotz loves LLMs' ability to boost coding speed but lashes out at fear‑mongering predictions of AI takeover. He argues progress stems from hardware gains, not speculative singularities, and that open‑source tools already make developers 10‑1000× more productive. The take‑away: focus on practical tooling, not hype.

Clawk isolates LLM coding agents in disposable Linux VMs to protect your machine13 MIN

Clawk lets you run Claude Code, Codex, or other LLM coding agents inside a short‑lived Linux VM rather than on your host. The VM mounts only the repo you specify, enforces a network allow‑list, and discards everything after you destroy it, keeping your files, keys and system safe.

Open‑Inspect lets teams run AI‑powered background coding agents in a shared, single‑tenant environment8 MIN

Open‑Inspect is an open‑source system that runs AI‑driven coding agents in the background while developers work elsewhere. It supports multi‑repo sessions, real‑time multiplayer editing, scheduled jobs and integration with Slack, GitHub PRs, and Linear, all under a single‑tenant trusted deployment model. Teams can automate routine code changes without leaving their IDE.

Zhipu commits to two‑year AGI‑first research, open‑source GLM‑5.2 launch16 MIN

Zhipu's co‑founder Tang Jie announced a two‑year “Touch High” plan that pivots the company back to pure foundation‑model research, prioritising AGI‑level capabilities over short‑term product revenue. The letter also pledges open‑source releases like GLM‑5.2 under an MIT licence and massive investment in safety‑by‑design, signalling a strategic shift for Chinese AI labs.

Engineering Practice
How Silpheed Squeezed Real‑Time 3D onto a 1990s Sega CD8 MIN

Fabiën Sanglard reverse‑engineered the Sega CD’s Silpheed FMV format, revealing how a 12.5 MHz CPU and 150 KB/s CD bandwidth rendered near‑fullscreen 3‑D cutscenes with just 16 colors. The deep dive shows custom hardware tricks that turned a modest 8‑bit console into a real‑time polygon demo, reshaping what developers thought possible on limited hardware.

Browser Math Reveals OS Fingerprint, Threatening Anti‑Bot Defenses12 MIN

Cosine‑like functions such as Math.tanh produce OS‑specific rounding errors because browsers delegate to the host libm. This tiny variance creates a reliable fingerprint that anti‑bot systems can read, exposing the underlying OS even when User‑Agent strings are spoofed. The leak appeared with Chrome 148 after V8 switched to the system library.

Old Tesla GPUs Still Deliver for Modern AI Workloads10 MIN

A year‑long benchmarking effort measures 15 decommissioned Tesla GPUs, from K80 to V100, on ResNet training, inference, video transcoding and other modern workloads. The results show you can assemble a sub‑$500 4U homelab node that runs current AI tasks, though electricity costs offset some savings.

Four hidden Postgres killers causing thousands of outages, and the fix8 MIN

Vacuum overload, transaction‑ID wraparound, connection limits, and bad query plans are the four silent saboteurs behind most Postgres crashes, especially in teams without a dedicated DBA. The author’s pgrust project tackles the problem by proposing 64‑bit transaction IDs or a vacuum‑free architecture.

Why full mastery of massive codebases is a myth (and how to thrive anyway)8 MIN

Large, high‑turnover codebases rarely allow full comprehension; engineers must work with partial knowledge and focus on localized changes. The essay pushes back on the "understand everything" dogma, arguing that incremental rewrites and pragmatic familiarity outperform the impossible task of rebuilding from scratch.

Get Dev in your inbox, every issue.
Subscribe free
Privacy · Terms · About · Contact
© 2026 LodeHQ