What a week. Anthropic dropped Opus 4.6 and OpenAI released GPT-5.3 Codex within 15 minutes of each other. Heroku is basically dead. GitHub went down twice in a single day. OpenAI started putting ads in ChatGPT. And Mitchell Hashimoto built a whole trust system because AI-generated PRs have gotten that bad. Oh, and I found an autonomous AI pentester that actually exploits your app instead of just flagging warnings. Here's everything worth your time.
Learn AI in 5 minutes a day
What’s the secret to staying ahead of the curve in the world of AI? Information. Luckily, you can join 2,000,000+ early adopters reading The Rundown AI — the free newsletter that makes you smarter on AI with just a 5-minute read per day.
📖 Featured
Explicit Resource Management in JavaScript (8 min)
JavaScript is finally getting automatic cleanup. The new using keyword and Symbol.dispose give you a language-level way to guarantee resources are cleaned up when they leave scope — no more verbose try/finally blocks. Works with web streams, observers, subscriptions, and more. This is one of those features that will quietly change how you write code.
Stop Installing Libraries: 10 Browser APIs That Already Solve Your Problems (11 min)
Structured Clone for deep copying, BroadcastChannel for multi-tab communication, Web Locks API for preventing duplicate work — the browser already does a lot of what you're reaching for npm packages for. 216 hearts on Dev.to and worth bookmarking.
CSS @scope: An Alternative to Naming Conventions and Heavy Abstractions (9 min)
Smashing Magazine digs into CSS @scope as a replacement for BEM, CSS Modules, and other naming conventions. Practical examples showing how scoped styles simplify component-based architectures without the JavaScript overhead.
Server-Sent Events Beat WebSockets for 95% of Real-Time Apps (12 min)
A practical breakdown of when SSE is the better choice over WebSockets — spoiler: most of the time. Covers implementation patterns, browser support, and the specific use cases where WebSockets still win.
AI Makes the Easy Part Easier and the Hard Part Harder (6 min)
The most-shared article of the week. When AI handles code generation, you're left with only the hard stuff — understanding context, reviewing unfamiliar code, and debugging problems you didn't create. Worth reading if you've ever spent more time fixing AI output than it would have taken to write it yourself.
Mitchell Hashimoto: My AI Adoption Journey (18 min)
The HashiCorp co-founder shares his six-phase journey from AI skeptic to running continuous background agents. His biggest insight: drop chatbots entirely and go straight to agents with file access and program execution. The tips on engineering the harness (AGENTS.md files, verification mechanisms) are genuinely practical.
Combobox vs. Multiselect vs. Listbox: How to Choose the Right One (5 min)
Vitaly Friedman's practical guide to picking the right selection component. When to use radio buttons vs. combobox vs. dual listbox, with clear thresholds (under 5 items? Over 200?) and accessibility requirements. Bookmark this for your next form build.
The Silent Death of Good Code (3 min)
A short, provocative piece mourning the decline of thoughtfully crafted code. The author's colleague hand-wrote a Rust rewrite that vastly outperformed the AI-assisted version of the same project. Quick read that will make you think about what we're trading away.
💡 Growth
96% of Engineers Don't Fully Trust AI Output, Yet Only 48% Verify It (5 min)
A striking disconnect: nearly all engineers are skeptical of AI-generated code, but less than half actually verify it before shipping. The implications for code quality and team culture are worth discussing with your team.
Meta Distinguished Engineer (IC9) on Influencing Engineers, Failures, and Learnings (30 min)
Adam Ernst shares lessons from building iOS infrastructure at Meta. Not generic career advice — specific observations about influence at scale, handling failures publicly, and what changes at the highest individual contributor levels.
The Third Golden Age of Software Engineering — with Grady Booch (6 min)
The Pragmatic Engineer sits down with Grady Booch to put today's AI automation claims in historical context. A useful perspective check when the discourse swings between "AI will replace us all" and "AI is useless."
🛠️ Tools
Shannon — Autonomous AI Pentester (96% Success Rate)
This one caught my eye. Shannon is a fully autonomous AI hacker that finds actual exploits in your web apps — not just flagging potential issues, but delivering copy-paste proof-of-concepts. Built with TypeScript and Claude's Agent SDK, it handles authentication (including 2FA), browser navigation, and reporting with zero human intervention. 18.1k stars. If you ship code continuously but only pentest annually, this fills a real gap.
Vouch — Community Trust Management for Open Source
Mitchell Hashimoto's answer to the deluge of low-quality AI-generated PRs. Projects can require contributors to be vouched for by trusted community members before submitting changes. Already in use by Ghostty. 2.3k stars in days.
LocalGPT — Local-First AI Assistant in Rust
A ~27MB binary that runs an AI assistant entirely on your machine with persistent memory, autonomous task scheduling, and multiple interfaces (CLI, web, desktop, Telegram). Supports Claude, OpenAI, and Ollama. 785 stars and growing fast.
GitHub Agentic Workflows
GitHub's new system for repository automation using coding agents in Actions. Write workflows in markdown instead of YAML, with support for Copilot, Claude, Codex, and custom processors. Security-first with sandboxed execution. Still early but worth watching.
Bun v1.3.9
Fixes 23 issues and adds parallel/sequential script execution with --parallel and --sequential flags. Also includes ESM bytecode compilation optimizations and faster Bun.markdown processing.
Deno Sandbox
A new hosted sandbox product from the Deno team for running untrusted code safely. Useful if you're building anything that needs to execute user-provided or AI-generated code in isolation.
▶️ Videos
Experts Have World Models. LLMs Have Word Models (16 min)
Latent Space explores why expert work isn't about producing probable artifacts but choosing good moves under adversarial conditions. A deeper look at the fundamental gap between what LLMs do and what experts do.
Trying to Make the Perfect Pie Chart in CSS (12 min)
CSS-Tricks explores building semantic, flexible pie charts without JavaScript. A fun deep dive into modern CSS capabilities including conic gradients and custom properties.
CSS Bar Charts Using Modern Functions (4 min)
More CSS-only data visualization — this time bar charts using modern CSS functions. Short and practical.
Beyond Agentic Coding (15 min)
A contrarian take arguing that agentic coding doesn't actually improve productivity. The author advocates for "calm technology" that preserves developer flow state. Cites research showing candidates using agentic tools performed worse in interviews.
⚡ Quick Links
Heroku Is Effectively Dead (5 min) - Salesforce moves Heroku to "sustaining engineering" with no new features, halts enterprise sales to focus on AI
OpenAI Testing Ads in ChatGPT (3 min) - Free and Go-tier users in the US will start seeing ads below responses; paid subscribers unaffected
GitHub Down Twice in One Day (3 min) - Major outages on February 9 affecting Actions, Copilot, and Pages
Claude Opus 4.6 Released (5 min) - 1M-token context, 128K output, agent teams, highest-ever Terminal-Bench score
GPT-5.3 Codex Released (5 min) - OpenAI's most capable agentic coding model, 25% faster, first model rated "High" for cybersecurity risk
Claude Fast Mode Preview (3 min) - Lower-latency variant of Claude for speed over maximum reasoning depth
Anthropic Built a C Compiler Using Parallel Agents (5 min) - An interesting experiment that still has trouble compiling hello world
GitHub Pick Your Agent: Claude and Codex on Agent HQ (5 min) - Claude and OpenAI Codex now available in public preview on GitHub
What's New in Svelte: February 2026 (5 min) - Custom select elements, new button props, adapter improvements, and 5 security patches
Cloudflare Q4 2025 DDoS Report: Record 31.4 Tbps Attack (8 min) - DDoS attacks more than doubled in 2025; network layer under particular threat
Deepdive: How 10 Tech Companies Choose Dev Tools (13 min) - The Pragmatic Engineer surveys how companies evaluate and adopt AI development tools
Pydantic's Monty Rust Sandboxed Python Subset in WASM (5 min) - Everyone's building sandboxes for untrusted code — here's Pydantic's Rust-based approach running in WebAssembly
DoNotNotify Is Now Open Source (3 min) - Popular notification management tool goes open source
We Are QA Engineers Now (6 min) - As agents handle implementation, our job is shifting to building testing harnesses for verification
How Vercel Built AEO Tracking for Coding Agents (5 min) - Analytics for how AI coding agents interact with your platform
Continuous AI in Practice: Agentic CI (11 min) - GitHub's practical guide to background agents for issue triage, PR reviews, and CI failure analysis
Vercel Introduces Geist Pixel (5 min) - A new monospace variant of Vercel's Geist font family
This Week in Rust 637 (5 min) - Latest from the Rust ecosystem
Introducing the New v0 (5 min) - Vercel's AI code generation tool gets a major refresh
UEFI Bindings for JavaScript (5 min) - Yes, someone wrote JavaScript bindings for UEFI. A proof of concept that's equal parts impressive and terrifying
Vercel AI Accelerator Returns with $6M in Credits (5 min) - If you're building an AI startup, applications are open
The Logo Soup Problem (5 min) - The math behind making mismatched brand logos look visually balanced, plus a React library that does it for you
That's it for this week. Reply if you have something I should include next time.
Until next week,
Niall