Xcode gets AI agents 🚀, Notepad++ supply chain attack 🥷, Slack hacks 💬

Xcode 26.3 introduces agentic coding, allowing developers to integrate AI agents directly into their app development workflow ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ 

Sign Up |Advertise|View Online TLDR  TLDR Dev 2026-02-04 🧑‍💻 Articles & Tutorials Deep Dive: How Claude Code's /insights Command Works (14 minute read) The `/insights` command in Claude Code generates an HTML report that analyzes users' interaction patterns across all their sessions. This process involves filtering session logs, extracting metadata, and using an LLM to perform qualitative "facet extraction" on session transcripts. The aggregated data and LLM insights then identify interaction styles, successful workflows, and friction points, and proposes actionable suggestions. Subagents: When and How to Use Them (10 minute read) Subagents are specialist agents that your main AI agent can spawn to handle focused tasks in their own clean context, keeping your main conversation readable instead of cluttered with noise. The two useful patterns are chaining them sequentially (like scout files → implement → verify) or running them in parallel for exploration. 🧠 Opinions & Advice 7 Slack hacks for engineers and managers (7 minute read) To improve productivity when using Slack or Teams, organize channels into priority-based categories (read now/daily/weekly), mute lower-priority groups until scheduled check-ins, and use message reminders instead of leaving things unread. I left FAANG for a startup and regretted it (7 minute read) A dev left Amazon for a $300K startup in SF and got let go after 3 weeks when he admitted he didn't actually like the work. Startups need obsession and not just talent, and he wasn't willing to sacrifice everything for someone else's vision. What, then, are we paying for? (2 minute read) Despite AI making it easier to build custom solutions, the true value of buying software lies in paying another entity to own and continually maintain a specific problem domain, freeing the buyer from that ongoing responsibility. 🚀 Launches & Tools Xcode 26.3 unlocks the power of agentic coding (6 minute read) Xcode 26.3 introduces agentic coding, allowing developers to integrate AI agents directly into their app development workflow. This new capability enables agents like Anthropic's Claude Agent and OpenAI's Codex to autonomously tackle complex tasks, interact with project architecture, and visually verify their work. Introducing Deno Sandbox (4 minute read) Deno Sandbox is a new platform designed to securely run untrusted code, especially LLM-generated code, that frequently calls external APIs with sensitive credentials. It provides lightweight Linux microVMs with defense-in-depth security with features like granular network egress control and a unique mechanism that protects secrets from exfiltration by only materializing them during approved outbound requests. Introducing the new v0 (5 minute read) Vercel's v0 now allows users to work directly on existing codebases, integrates Git workflows for entire teams, has secure database connections, and guarantees enterprise-grade security by default. 🎁 Miscellaneous Lessons Learned Shipping 500 Units of my First Hardware Product (12 minute read) A former software engineer ventured into hardware by launching "Brighter," a powerful lamp, after a successful crowdfunding campaign. He immediately faced numerous challenges, including prototype brightness issues, unexpected tariff hikes, manufacturing errors with parts like heatsinks and knobs, and quality control problems with wiring and accessories. Despite these hurdles, the team iteratively fixed problems, produced the 500 units, and delivered them to customers. Resurrecting Crimsonland (23 minute read) Banteg embarked on a project to resurrect the cult classic 2003 game Crimsonland by reverse engineering its binary to achieve a pixel-perfect, behaviorally identical rewrite. This process involved static and runtime analysis using tools like Ghidra, Binary Ninja, Windbg, and Frida to understand the game's undocumented architecture and logic. A large part of the project was using AI, particularly GPT-5.2 and Codex, to automate tasks like function renaming and deciphering custom file formats. ⚡ Quick Links Notepad++ supply chain attack breakdown (9 minute read) From June to October 2025, the Notepad++ update infrastructure was compromised in a supply chain attack, allowing threat actors to deploy malware. 1 kilobyte is precisely 1000 bytes (4 minute read) While a kilobyte is commonly understood as 1,024 bytes in computing due to binary systems, its precise and standardized definition is 1,000 bytes. Engine failure (6 minute read) Google's Project Genie is an AI world-builder that triggered stock declines for Unity and Roblox. Unless That Claw Is The Famous OpenClaw (8 minute read) OpenClaw, an autonomous AI agent with full shell access and browser control, has security risks, including prompt injection and session theft, so developers must use dedicated hardware and burner accounts to keep their main accounts safe. Love TLDR? Tell your friends and get rewards! Share your referral link below with friends to get free TLDR swag! https://refer.tldr.tech/d0af4569/3 Track your referrals here. Want to advertise in TLDR? 📰 If your company is interested in reaching an audience of web developers and engineering decision makers, you may want to advertise with us. Want to work at TLDR? 💼 Apply here, create your own role or send a friend's resume to jobs@tldr.tech and get $1k if we hire them! TLDR is one of Inc.'s Best Bootstrapped businesses of 2025. If you have any comments or feedback, just respond to this email! Thanks for reading, Priyam Mohanty, Jenny Xu & Ceora Ford Manage your subscriptions to our other newsletters on tech, startups, and programming. Or if TLDR Dev isn't for you, please unsubscribe.