On 2026-05-11, an attacker chained a pull_request_target Pwn Request, GitHub Actions cache poisoning across the fork↔base trust boundary, and OIDC token extraction from runner memory to publish 84 malicious versions across 42 @tanstack/* packages on npm. Full postmortem.

The Red Hot Chili Peppers have sold their recorded catalog for $350 million to Warner Music Group through WMG's joint venture with Bain Capital.

Stephen Brennan's personal website and blog.

Experiments with getting usable outputs out of local models on a standard Macbook

A series of unfortunate events.

Local AI models should be the default.

Idempotency is not just an HTTP header or a key lookup. This article covers the failure cases that bite real APIs: different requests with the same key, concurrent retries, partial success, downstream uncertainty, response replay, expiry, and duplicate message handling.