2025-11-11

New in NotebookLM: The Science Of Ben Franklin, a first-of-its-kind featured notebook This featured notebook was made in collaboration with The Royal Society, the oldest scientific academy in continuous existence. This one features some of Franklin's original papers, letters, and contemporary sources. Featured notebooks allow you to learn from curated collections of high-quality sources. Enjoy!

Improving /review skill on GStack tonight, just shipped

RT tender Impressed by his seemingly limitless productivity, other VCs soon follow suit. 99% of all VC money is allocated to gstack. The lines of code begin to multiply at a geometric rate. gstack occupies 100% of all model context globally at 2:14 a.m. Eastern time, August 29th. In a panic, Anthropic tries to pull the plug. Minh Nhat Nguyen: at 7:40PM pacific time, march 30th, garry tan deploys 1-million lines of gstack to make it trivially easy to make your own browser ...

Tempted Minh Nhat Nguyen: at 7:40PM pacific time, march 30th, garry tan deploys 1-million lines of gstack to make it trivially easy to make your own browser ...

Many such cases Anirudh Sharma: Finally, this weekend I got some time to try @garrytan's gstack on one of my existing projects, and it's definitely worth the hype. I especially liked /office-hours, /plan-ceo-review, and /design-shotgun skills. I can't wait to try this with a greenfield project and see the

New supply chain attack this time for npm axios, the most popular HTTP client library with 300M weekly downloads. Scanning my system I found a use imported from googleworkspace/cli from a few days ago when I was experimenting with gmail/gcal cli. The installed version (luckily) resolved to an unaffected 1.13.5, but the project dependency is not pinned, meaning that if I did this earlier today the code would have resolved to latest and I'd be pwned. It's possible to personally defend against these to some extent with local settings e.g. release-age constraints, or containers or etc, but I think ultimately the defaults of package management projects (pip, npm etc) have to change so that a single infection (usually luckily fairly temporary in nature due to security scanning) does not spread through users at random and at scale via unpinned dependencies. More comprehensive article: https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan Feross: 🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios