#85
Long Live the Qwen, CSS Masonry, Surge Rollups, Supermaven joins Cursor, Okta’s blunder, India GMap fixes, Dubious DRMs, Paradigm inits Solar, Title Drops, Just be stupid, Ethiopian Time and more
👋🏻 Welcome to the 85th!
📰 Read #85 on Substack for the best formatting
🎧 You can also listen to the podcast version of Powered by NotebookLM (a little glitchy)
What’s happening 📰
⤴️ OpenAI bought chat.com the domain for a few million (said to cost $15.5M) and redirected it to chatgpt.com. The forwarding suggests that reconfiguring DNS was hard even for people who can build frontier-level LLMs. The domain was earlier owned by Dharmesh Shah from HubSpot.
🔑 Our favorite security company, Okta, had another security vulnerability. And this time users with usernames longer than 52 characters, could technically log in with any past previously cached auth creds. The root cause was they were caching a hash of a combined string of userId, username, and password using bcrypt and forgot/missed the fact that bcrypt has a limit of 72bytes, so when the username exceeds 52 chars, the password becomes useless for cache key. (remember, caching is one of the two hardest things in computer science)
✨ AGI Digest
⚓️ Model and Dataset Drops:
🧑💻 Alibaba’s Qwen introduced Qwen-2.5-Coder-32B-Instruct, which competes with the frontier-level GPT-4o on most code writing and editing benchmarks making it the current SOTA open-source code model. We already had the Qwen-2.5-Coder 1.5B and 7B versions from an earlier release and along with the 32B, we also got the 0.5B, 3B, and 14B — all of which (except the 3B) are under the Apache 2.0 license. We are so backkkk!
Source: Qwen Blog 🧑💻 Researchers from InfAI and MAP released OpenCoder, an open and reproducible code LLM of 1.5B and 8B base + chat models, supporting English and Chinese. The release is actually open-source, providing not only model weights and inference code, but also reproducible training data, the complete data processing pipeline, rigorous experimental ablation results, and detailed training protocols. And it beats the previous Qwen-2.5-Coder-7B on the Humaneval benchmark by some points.
🧮 EpochAI launched Frontier Math — a benchmark for evaluating advanced mathematical reasoning in AI made with a collaboration of 60+ leading mathematicians. Even with extended thinking time (10k tokens), Python access, and the ability to run experiments, success rates of leading models on this benchmark remained below 2%—compared to over 90% on traditional benchmarks indicating how these models are not really that good at doing Maths as we thought they were (ahem ahem Moravec's paradox).
Source: Tweet by @EpochAIResearch 🤝 AI4Bharat and IBM Research jointly put in efforts to make MILU: A Multi-task Indic Language Understanding Benchmark for evaluating LLMs better for 11 Indian Languages. It includes questions from 8 diverse domains and over 40 subjects taken from Indian national, regional, and state-level exams with India-specific knowledge — something that’s overlooked by other benchmarks. While GPT-4o leads the benchmark, all models report lower accuracy in culturally specific domains like Arts & Humanities compared to Science & Math.
🏞️ BlackForestLabs introduced new high-resolution capabilities to its FLUX1.1 [pro] model called “Ultra Mode” supporting the generation of images with resolutions up to 4MP at fast speeds while maintaining good prompt adherence. Along with this, they also introduced a “Raw Mode” which generates images with a less synthetic, more natural aesthetic.
🤖 Microsoft released Magentic-One: A Generalist Multi-Agent System for Solving Complex Tasks which is a multi-agent architecture where a lead agent, the Orchestrator, directs other agents to solve tasks. The Orchestrator plans, tracks progress, and re-plans to recover from errors while directing specialized agents to perform tasks like operating a web browser, navigating local files, or writing and executing Python code. It is implemented using Microsoft’s own agentic framework AutoGen.
Source: Magentic-One announcement page 📚 API and Library Changes:
♊️ Google FINALLYYY listened to developer feedback and made accessing Gemini models easier by making it accessible from the OpenAI Library and REST API. Big W for all the devs out there. They also are streamlining the API key generation process pretty soon.
🌬️ Following suit from the likes of OpenAI and Anthropic, Mistral introduced a Batch API to give devs a more efficient way to process high-volume requests with 50% cost reductions compared to a synchronous API call. They also introduced a multilingual Moderation API costing $0.1/M input tokens which classifies text into different categories that can be used to implement guardrails.
🛍️ Supermaven joined forces with Cursor. For context, Supermaven is a really fast, context-aware copilot (made by folks who built TabNine, back in 2019). This partnership makes a lot of sense, as they were missing pieces of the puzzle, both companies were anyways going to build what the other has, this just speeds up the process and you should expect a better AI coding experience.
🔐 0x Digest
A lot of launches this week, as the whole industry is in Bangkok for Devcon.
👻 Privy launched Delegated actions. This lets users give an app the ability to perform specific on-chain actions on their behalf. This lets app developers obtain consent from users and let the app automate some actions on their behalf, making the UX even smoother than before.
🪙 Since it was very easy to track the coins and chains already, Coinbase has launched their wrapped Bitcoin (cbBTC) on Solana. And addressing the elephant in the room Solana has been doing well for the last week (trumping them all?), so are BTC wrappers across different L1s.
⚡ Nethermind released “Surge Rollup”, an ultra-based rollup for
usersbuilders, devs, and agents pushing Ethereum’s limit”. It will be based (Sequencing by Ethereum validators) rollup, built on Taiko Stack, and using ETH for gas.👛 Avara, the parent org behind Aave, launched a beautifully designed, feature-rich, and non-custodial crypto wallet with built-in messaging (whaattt?, yes!) Family. Right now the wallet is only available on iOS and has iCloud backup and support for a few L2s (from gazillions out there).
💼 Charles Hoskinson (the man behind Cardano) plans to open a DC crypto policy office and make the crypto-friendly (or as he calls it fair) laws for and by the people. This all is happening amid the rumors that he’s gonna be Trump’s crypto guy. (good times for crypto ahead?)
🏷️ The team at ENS announced Namechain, a purpose-built Layer 2 solution. They’ve not quite clarified the stack they’ll be using or the whole roadmap, but hey, one more L2 😉
🪙 Detroit officials announced that they’ll accept cryptocurrency payments for taxes, and other fees. This makes it the largest city in the US to accept crypto for official stuff.
💨 Paradigm unveiled Solar, a blazingly fast, high-performant Solidity compiler (written in of course Rust). The project is still in the early stages and open to contributions. The idea is to bring customization and performance without compromising with developer experience. (just like all other Rust projects).
🛠️ Dev & Design Digest
⛓️ No, Quantum Computers Won't Break All Encryption by Trevor reminds us all that Quantum Computers are not a magic wand that’ll break everything it’s quite the opposite, most of our daily use encryption can’t be broken by Quantum Computer. They will just be able to break the “Prime Factor” problem and hence the different key encryptions (ECC), but the same key encryption like AES will remain safe.
✨ TypeScript magician Matt shows how he made the
Object.assigntype-safe and that is a good watch to see exactly why you wouldn’t do it unless your life depends on it. (just kidding, it’s really neat how he builds the utility from native and simpler types available.)🛟 Alex wrote about how you can make dangerouslySetInnerHTML Safer by Disabling Inline Event Handlers, but of course, it isn’t that easy and it’s easier said than done. It’s straightforward to shoot yourself in the leg with
dangerouslySetInnerHTML, but sometimes the product requires you to give control to the user to write or inject some HTML. So, you sanitize it. (Pro tip: We have used rehype in the past to solve the same problem, stay safe from HTML injections.)🧱 Should masonry be part of the CSS grid? The CSS Working Group is actively discussing whether “masonry” should be part of CSS Grid or a new layout module. What is masonry? It’s like a grid with variable rows (like Pinterest, you pack as much as you can). Debates are going over the name “masonry” too. People are suggesting names like “fluid”, “dense”, “pack” etc over masonry.
What brings us to awe 😳
🗺️ How Google Maps fixed a big navigation problem in India. Maps weren’t working well in India, the left → left → right thing was messy.
The Google Map teams traveled to India and did ground research. They found that, unlike most countries that rely on Street names, India relies on Landmarks and affirmations in between. They added extra cues just for India to make the navigation smoother.🔫 Somebody made a PUBG clone (a fully functional one) all on their own from scratch in C++ within six months, using Unreal Engine (unreal fr fr!) [Source: @championswimmer on Twitter]
🌓 In xkcd’s What If, we have What if everyone pointed a laser at the moon? (The bottom line is not to do it.)
🫳 A title drop is when a character in a movie says the title of the movie they're in. Full Of Themselves is a large-scale analysis of over 73k movies from the last 80 years on how often, when, and maybe even why that happens.
Today I (we) Learnt 📑
🎮 Elon Musk is one of the world's top 20 Diablo IV 4 players, and only TWO Americans are in the top 20. (he’s a playa fr)
Source: Tweet by @PeterGazdik ⌛Ethiopian time is quite different from the rest of the world. They follow a 12-hour clock system rather than a 24-hour one, and they start counting hours from sunrise instead of midnight.
📺 DRMs are nasty, a little centralized, and secure by obscurity (to an extent, if you believe in TEE, maybe not?!?). Also, there is a limit to the quality of content you can browse on sites like Netflix based on your browser, OS, and hardware. Eg: on Mac, you can go max 1080p on Chrome but up to 4k on Safari for Netflix. Ah! And one more thing, DRMs are not a foolproof way to stop people from pirating content (if you know you know).
📹 Apple's iPhone and iPod Touch included a “Send to YouTube” feature between 2009 and 2012 (partnership with Google) led to a flood of videos of the title “IMG_XXXX” on YouTube. If you search for them you’ll find a bunch of personal and old videos, not optimized for views or engagement. [a tweet put us in this rabbit hole]
🤝 You have read ~50% of Nibble, the following section brings tools out from the wild.
What we have been trying 🔖
🌓 Monicon: a universal icon library with over 200,000+ icons.
⌨️ ASCII Control Characters: list of 32 "control characters" of terminal, that you might use daily without thinking about.
📺 BetterDisplay: Flexible HiDPI scaling, XDR/HDR extra brightness, virtual screens, DDC control, extra dimming, PIP/streaming, EDID override, and lots more for Mac
🔩 Bolt: A free platform by Stackblitz to prompt, edit, run & deploy full-stack apps. (no more developer moat in 2025, seriously). This is scary and super useful.
Builders’ Nest 🛠️
🚀 quicky: A simple CLI tool to self-host Node & Next.js applications.
🔗 next-validate-link: a powerful tool that ensures all your Markdown links in your Next.js app are valid and up-to-date.
🔵 cobalt.tools: A single place to save anything (videos, images, audio, etc) from the internet (plus it is fully open-sourced)
😏 Emoji-Fallback.js: a tool that replaces emoji characters with emoji images on devices that do not have emoji support with image emojis using Twemoji if needed.
Meme of the week 😌
Off-topic reads/watches 🧗
🤷🏻♂️ Please stop saying “Just”, as this enforces that something is “simple”, while most things in real life are not. Just don’t use “just”, it’s just not justified.
✨ Morgan Housel is one of our favorite people regarding mental models and understanding the world around us using simple stories. A short episode on his podcast called Rare and Powerful Skills (which is not your typical self-help, by the way) lays out some unconventional and useful little skills that we found very enlightening. He highlights that “the ability to accept nonsense and hassle” is such an important skill.
🤷🏻♀️
wrote about How we should normalize being stupid for the greater good. Don’t let your inner creative voice get suppressed by what people think of you, read well, and ask more questions than you have to.👷♂️ John Arundel in If You Need The Money, Don't Take The Job has some advice on how things work as a consultant and how you should see your job and price your work accordingly.
Wisdom Bits 👀
“Before you worry about how to win the game, figure out whether the game is worth winning.”
— Andrea Gibson
Wallpaper of the week 🌁
🌌 Grab the week’s wallpaper at wow.nibbles.dev.
Weekly Standup 🫠
Nibbler P is back on the field again running his second 10km run. He progressed things at work, got back to reading more research papers, and caught up with some movies he long wanted to watch.
Nibbler A had quite an unusual off-screen week (down to 3hr/day) and finished his side-quests apart from on-screen ones. Travelled back to BLR to meet a few folks, touched some chalk 🧗🏻 (turns out he’s barely at L3), and watched DAN DA DAN. He was reading about DRMs and went into the rabbit hole for a day, might come up with something handy (who knows?)
If you liked what you just read, recommend us to a friend who’d love this too 👇🏻