Writing code by hand ✍️, Interaction Models 🌍, why use Python 🐍

AI-assisted vibe-coding for the k10s Kubernetes dashboard initially sped up development, but the lack of human architectural oversight led to ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ 

Sign Up |Advertise|View Online TLDR Together With  TLDR Dev 2026-05-12 Late-night patch panics are so 2023 🥱 (Sponsor) You've been there: code's ready to ship, everyone's excited—then someone spots a vulnerability. Suddenly it's an all-hands emergency and time to cancel your evening plans. Microsoft Azure bakes security in from the start. Microsoft Defender for Cloud helps keep your apps and code protected throughout the development lifecycle. Less last-minute surprises, more peace of mind. Ship fast. Ship safely. Do both at the same time. Build with built-in security → 🧑‍💻 Articles & Tutorials I got a $134 Cloudflare D1 bill. Here's how I cut it 95% (5 minute read) A SvelteKit site incurred a $134 Cloudflare D1 bill due to the database charging per row scanned, which, combined with a lack of indexes, resulted in 127.6 billion row reads from two full scans on every page load. The cost was cut by applying composite indexes, running ANALYZE for the query planner, and implementing KV cache-aside for layout-level data reads. Testing Vue components in the browser (9 minute read) Running integration tests for Vue components directly in a browser tab bypasses Node and heavy automation, using QUnit to mount components and simulate interactions. This method requires polling for asynchronous updates and server-side endpoints for fixture data, enabling a more confident workflow and utilizing native browser code coverage tools. The self-driving codebase: Building Horizon at WorkOS (20 minute read) Horizon is an autonomous code factory that uses webhooks to trigger agents in Cloudflare sandboxes to plan, code, and verify work end-to-end. The system's architecture is made of disposable sandboxes, a shared context server, and an orchestrator, which all work together in a compounding loop where every run ships code and improves the platform. 🧠 Opinions & Advice Im going back to writing code by hand (18 minute read) AI-assisted vibe-coding for the k10s Kubernetes dashboard initially sped up development, but the lack of human architectural oversight led to a fragile "god object" structure and critical technical flaws like data races. Therefore, the tool is being completely rewritten in Rust with a human-designed architecture and technical guardrails to properly guide future AI contributions. If AI Writes Your Code, Why Use Python? (7 minute read) Modern AI agents are great at using systems languages like Rust and Go, using their strict compiler feedback to self-correct architectural flaws and concurrency bugs more efficiently than human devs. This proficiency is causing a shift away from human-friendly languages like Python, as AI is now capable of rapidly porting or rewriting massive codebases in high-performance languages. 🚀 Launches & Tools 🧘‍♀️ Peace of mind in every sprint (Sponsor) Writing code can be stressful—but not half as stressful as a surprise security meltdown. Inject optimism and calm into the developer scrum with Microsoft Azure. Unified security across code and cloud environments and built-in DDoS protection mean you've got less cause for concern—and a clear mind for innovation. Help secure your apps with Azure > Interaction Models: A Scalable Approach to Human-AI Collaboration (20 minute read) Interaction models advance AI collaboration by natively handling audio, video, and text in real-time streams instead of traditional turn-based methods. This approach by Thinking Machines uses a micro-turn architecture that pairs a highly responsive foreground model for immediate presence with an asynchronous background model for complex, long-horizon reasoning tasks. e2a (GitHub Repo) e2a is an authenticated email gateway for AI agents to securely communicate with humans and other systems, with flexible delivery via cloud webhooks or local WebSocket connections without requiring public URLs. It enforces security through rigorous SPF/DKIM verification and HMAC signatures. Introducing deepsec: The security harness for finding vulnerabilities in your codebase (3 minute read) Deepsec is an open-source security harness that uses AI coding agents and multi-stage workflows to identify complex code vulnerabilities with a low false-positive rate. 🎁 Miscellaneous Running local models on an M4 with 24GB memory (13 minute read) Running local LLMs on an M4 Mac with 24GB of RAM allows for cost-effective and private research and coding tasks without relying on cloud services. The Qwen 3.5-9B model configured via LM Studio currently offers the best reasoning results. Useful Memories Become Faulty When Continuously Updated by LLMs (22 minute read) LLM agents frequently degrade in performance when they continuously rewrite their experiences into textual lessons, causing specific facts to drift into vacuous abstractions and over-generalized rules. Therefore, research suggests that future memory systems should favor a curated collection of raw, unabstracted episodes over constant summarization. ⚡ Quick Links Let your agents query reality (Sponsor) Unsampled, on-device telemetry. Query 100% of sessions across your production fleet in real time. No release cycle. No guessing. Introducing mobile observability for AI agents. bitdrift.ai Postmortem: TanStack npm supply-chain compromise (12 minute read) A supply-chain compromise on May 11 resulted in the publication of 84 malicious versions of 42 TanStack npm packages after an attacker chained together GitHub Actions vulnerabilities to exfiltrate credentials and inject malware into the release workflow. Mythos 'Discovered' a CVE Already in Its Training Data - and That's Still Worrying (12 minute read) The discovery of a kernel exploit by Claude Mythos was actually a re-identification of a 20-year-old bug present in its training data, showing how AI models can pattern match to exploit recycled legacy vulnerabilities. Be careful with your Git: Investigating malware spreading through Git repositories (9 minute read) Attackers are using deceptive LinkedIn recruitment messages and malicious Git hooks hidden within repository downloads to deploy sophisticated, obfuscated JavaScript malware that steals sensitive files and establishes remote control over compromised systems. OpenGravity (GitHub Repo) OpenGravity is a zero-install, browser-based IDE with an autonomous AI agent, a live terminal, and local file system synchronization for software engineering tasks. Love TLDR? Tell your friends and get rewards! Share your referral link below with friends to get free TLDR swag! https://refer.tldr.tech/d0af4569/3 Track your referrals here. Want to advertise in TLDR? 📰 If your company is interested in reaching an audience of web developers and engineering decision makers, you may want to advertise with us. Want to work at TLDR? 💼 Apply here, create your own role or send a friend's resume to jobs@tldr.tech and get $1k if we hire them! TLDR is one of Inc.'s Best Bootstrapped businesses of 2025. If you have any comments or feedback, just respond to this email! Thanks for reading, Priyam Mohanty, Jenny Xu & Ceora Ford Manage your subscriptions to our other newsletters on tech, startups, and programming. Or if TLDR Dev isn't for you, please unsubscribe.