Tuesday, April 07
Daily News Stuff 7 April 2026
The Command Line Cometh Edition
The Command Line Cometh Edition
Top Story
- A critical security vulnerability has been discovered in the leaked version of Claude Code. (Adversa)
If you've used Claude Code, you've noticed that it loves running shell commands to examine your codebase, rather than, say, reading it. Or having simple fixed-function code built into the software to do it on your computer.
And it also loves to ask you for permission to run those shell commands.
The vulnerability comes into play when a very long string of shell commands are run together. For the first fifty commands it will check - manually if needed, and in its history of permitted and denied commands if it's in there already.
And on the fifty-first command, it rests. And executes it regardless.
So if someone triggers a long string of commands and the first fifty are innocuous, after that they can take full control of your computer - because Claude Code runs on your computer, and just communicates with the Claude AI service as needed.
The particularly lovely thing here is that Anthropic already fixed this.
But both versions are present inside Claude Code and it using the broken one.
- The cult of vibe coding is insane. (Bram Cohen)
Claude Code is the preeminent vibe coding tool.
Guess how it was coded? Guess how that horrible bug stayed in, even how it was fixed.
You'll never guess.
Oh, you guessed.
Tech News
- Why the majority of vibe coded projects fail. (Reddit)
It's a war zone in that thread, between the crusty old hardboiled engineers and the idiots vibe coders no, idiots.
- Intel's Bartlett Lake CPUs are here - sort of - and the top of the line 12 core model competes with AMD's 9900X3D and Intel's own 13900K. (Tom's Hardware)
Bartlett Lake has up to 12 performance cores, the most of any mainstream Intel processor. Except that while it runs on common Socket 1700 motherboards, it's not a mainstream processor and only sells to industrial users, and is not supported by common Socket 1700 motherboard BIOSes.
Except it turns out that by changing one digit in the BIOS and reflashing it, it works fine.
- OpenAI is once again calling for public funds to clean up the mess it is creating. (Business Insider)
The best time for a Butlerian Jihad is now.
- What various Nova Lake models bring to the table. (WCCFTech)
Anything from 6 cores at 15W to 52 cores at 200W.
Base TDP. Intel's peak TDP can be several times higher.
Musical Interlude
Disclaimer: Do not bam the lamb.
Posted by: Pixy Misa at
06:27 PM
| Comments (2)
| Add Comment
| Trackbacks (Suck)
Post contains 430 words, total size 4 kb.
1
The "vibe-coded" projects that actually succeed, as best I can tell, are the ones built for an individual need. Some guy has a workflow that requires him to get data out of three spreadsheets (on his company network, never exposed to the Internet) and two different online APIs and do some calculations on that data. He's wanted for years to automate the task, he has some basic coding skills so he knows what would need to happen to automate it, he just hasn't found the time. An AI tool will write that for him while he's doing other things, he'll do a couple of fix-it passes to fix the mistakes the tool made, and voila, now he has the tool he's been wanting to have for years. Almost entirely vibe-coded, may be hard to maintain and have half a dozen security holes, but that doesn't matter, because he's not going to give it to other people to use, and he's not going to make any major changes to it in the future. He might want to add some new graphs to it later, but he'll just go back to the AI tool and get those graphs added with about thirty minutes' work total.
THAT guy is going to be a vibe-coding success story. The guys trying to build an app to be used, in theory, by millions? There, the half-dozen security holes MATTER. A LOT. Plus, two or three of them will be completely obvious to anyone with knowledge of computer security (which the vibe-coder probably doesn't have) so they'll be found within days, maybe within hours, of the vibe-coded app being made publicly available.
P.S. Pixy, the ai.mee.nu comment form is doing the "sfleeb" thing again.
THAT guy is going to be a vibe-coding success story. The guys trying to build an app to be used, in theory, by millions? There, the half-dozen security holes MATTER. A LOT. Plus, two or three of them will be completely obvious to anyone with knowledge of computer security (which the vibe-coder probably doesn't have) so they'll be found within days, maybe within hours, of the vibe-coded app being made publicly available.
P.S. Pixy, the ai.mee.nu comment form is doing the "sfleeb" thing again.
Posted by: at Tuesday, April 07 2026 07:30 PM (+0ym7)
2
The previous comment was from me. (Robin Munn, in case this one also fails to have the name/email fields go through).
Posted by: Robin Munn at Tuesday, April 07 2026 07:31 PM (+0ym7)
54kb generated in CPU 0.0134, elapsed 0.136 seconds.
58 queries taking 0.1269 seconds, 365 records returned.
Powered by Minx 1.1.6c-pink.
58 queries taking 0.1269 seconds, 365 records returned.
Powered by Minx 1.1.6c-pink.
