[1.0.0b260107] - 2026-01-07

Added

• agent-framework-devui: Improve DevUI and add Context Inspector view as a new tab under traces (#2742) by @victordibia
• samples: Add streaming sample for Azure Functions (#3057) by @gavin-aguiar

Changed

• repo: Update templates (#3106) by @eavanvalkenburg

Fixed

• agent-framework-ag-ui: Fix MCP tool result serialization for list[TextContent] (#2523) by @claude89757
• agent-framework-azure-ai: Fix response_format handling for structured outputs (#3114) by @moonbox3

Full Changelog: python-1.0.0b260106...python-1.0.0b260107

With the Snapdragon X2 Elite Extreme, Windows 11 on Arm is finally catching up with Apple’s M4 lineup, but it’s still behind Apple’s 10-core M5 in single-core performance. The most powerful Windows 11 on Arm chip is Snapdragon X2 Elite Extreme X2E-96-100, and it posted a Geekbench single-core score of 4,072 and 23,611 in multi-core.

These results are impressive, and Snapdragon X2 Elite Extreme is not the only CPU in the “X2” lineup. Windows Latest previously obtained benchmarks for a reference design (not an actual device) running Snapdragon X2 Elite, and it posted a score of 3,849 in single-core and up to 16,222 in multi-core.

Before I talk about the numbers for the SKUs, let’s take a look at Elite and Elite Extreme SKUs in the Snapdragon X2 series:

There’s also a Snapdragon X2 Plus SKU that I have not included in the table because we don’t have details of the chip. Plus is particularly for low-end hardware, so it’s not going to be better than any of these “X2E” chips listed above. It doesn’t deserve our attention for now, as we’re looking at the best-performing Windows on Arm CPUs.

YouTuber Alex Ziskind, who had early access to Snapdragon chips, shared Geekbench screenshots of the reference units running X2 Elite “Extreme.” Here are all the screenshots of Geekbench for the Snapdragon X2 lineup:

1 of 3

I used these numbers and compared them against the existing Apple M chips.

How powerful are the Snapdragon X2 Elite and Extreme chips compared to the Apple M3 and Apple M4 variants?

X2E-80-100

According to internal Geekbench tests (not available on the Geekbench website yet), Snapdragon X2 Elite’s 12-core X2E-80-100 chip, which is the base variant in the Elite lineup, gives us a score of 3850 in single-core and 16,171 in multi-core.

X2E-80-100 already sits well above Apple M3, which is about 2,997 in single-core and 11,464 multi-core. This chip also edges past M3 Pro on multi-core (M3 Pro is typically around the mid-15K range).

Against Apple’s base M4, it’s basically in the same single-core class (3.7K to 3.8K), and it can even come out slightly ahead on multi-core because it has more cores to throw at the workload.

X2E-88-100

Next up, we’ve Snapdragon X2 Elite X2E-88-100, which has 18 cores, and it fetches up to 3,838 score in single-core. This is more or less at the same level as the 12-core variant, but it meaningfully raises multi-core to 20,320. For comparison, Apple M3 Max is typically in the low 21K multi-core tests.

X2E-88-100 is a bit below M4 Pro multi-core (typically low-23K). Single-core is still close to base M4, but usually behind M4 Pr or M4 Max.

X2E-96-100 “Elite Extreme” is the most powerful Arm processor for Windows 11

But the beast processor is the Snapdragon X2 X2E-96-100 “Elite Extreme.” This has 4,072 points in single-score and a whopping 23,611 in multi-core. On single-core, it’s effectively in M4 Max territory, which is usually 4.07K.

On multi-core, Snapdragon X2 Elite Extreme is slightly ahead of what you usually see for M4 Pro (we spotted multiple listings showing M4 Pro at 23K for multi-core).

However, Elite Extreme is still behind M4 Max, which can go above 26,000 points in multi-core tests.

Here’s a table comparing Snapdragon X2 X2E-80-100, X2E-88-100, and X2E-96-100 (Elite Extreme) with Apple M lineup:

Snapdragon X2 is clearly a strong platform, and now the ball is in Microsoft’s court. The company needs to meaningfully improve Windows 11 if it wants to compete with Apple.

The post Windows 11 finally has a MacBook killer chip, Snapdragon X2 Elite Extreme just posted monster scores on Geekbench appeared first on Windows Latest

Derick Schaefer, author of CLI: A Practical Guide to Creating Modern Command-Line Interfaces, talks with host Robert Blumen about command-line interfaces old and new. Starting with a short review of the origin of commands in the early unix systems, they trace the evolution of commands into modern CLIs. Following the historic rise, fall, and re-emergence of CLIs, they consider innovative examples such as git, github, WordPress, and warp. Schaefer clarifies whether commands are the same as CLIs and then discusses a range of topics, including implementation languages, packages in the golang ecosystem for CLI development, CLIs and APIs, CLIs and AIs, AI tooling versus MCP, the object-command pattern, command flags, API authentication, whether CLIs should be stateless, and output formats - json, rich text.

Brought to you by IEEE Computer Society and IEEE Software magazine.

If you maintain a CSI driver that uses service account tokens, Kubernetes v1.35 brings a refinement you'll want to know about. Since the introduction of the TokenRequests feature, service account tokens requested by CSI drivers have been passed to them through the volume_context field. While this has worked, it's not the ideal place for sensitive information, and we've seen instances where tokens were accidentally logged in CSI drivers.

Kubernetes v1.35 introduces a beta solution to address this: CSI Driver Opt-in for Service Account Tokens via Secrets Field. This allows CSI drivers to receive service account tokens through the secrets field in NodePublishVolumeRequest, which is the appropriate place for sensitive data in the CSI specification.

Understanding the existing approach

When CSI drivers use the TokenRequests feature, they can request service account tokens for workload identity by configuring the TokenRequests field in the CSIDriver spec. These tokens are passed to drivers as part of the volume attributes map, using the key csi.storage.k8s.io/serviceAccount.tokens.

The volume_context field works, but it's not designed for sensitive data. Because of this, there are a few challenges:

First, the protosanitizer tool that CSI drivers use doesn't treat volume context as sensitive, so service account tokens can end up in logs when gRPC requests are logged. This happened with CVE-2023-2878 in the Secrets Store CSI Driver and CVE-2024-3744 in the Azure File CSI Driver.

Second, each CSI driver that wants to avoid this issue needs to implement its own sanitization logic, which leads to inconsistency across drivers.

The CSI specification already has a secrets field in NodePublishVolumeRequest that's designed exactly for this kind of sensitive information. The challenge is that we can't just change where we put the tokens without breaking existing CSI drivers that expect them in volume context.

How the opt-in mechanism works

Kubernetes v1.35 introduces an opt-in mechanism that lets CSI drivers choose how they receive service account tokens. This way, existing drivers continue working as they do today, and drivers can move to the more appropriate secrets field when they're ready.

CSI drivers can set a new field in their CSIDriver spec:

#
# CAUTION: this is an example configuration.
# Do not use this for your own cluster!
#
apiVersion: storage.k8s.io/v1
kind: CSIDriver
metadata:
 name: example-csi-driver
spec:
 # ... existing fields ...
 tokenRequests:
 - audience: "example.com"
 expirationSeconds: 3600
 # New field for opting into secrets delivery
 serviceAccountTokenInSecrets: true # defaults to false

The behavior depends on the serviceAccountTokenInSecrets field:

When set to false (the default), tokens are placed in VolumeContext with the key csi.storage.k8s.io/serviceAccount.tokens, just like today. When set to true, tokens are placed only in the Secrets field with the same key.

About the beta release

The CSIServiceAccountTokenSecrets feature gate is enabled by default on both kubelet and kube-apiserver. Since the serviceAccountTokenInSecrets field defaults to false, enabling the feature gate doesn't change any existing behavior. All drivers continue receiving tokens via volume context unless they explicitly opt in. This is why we felt comfortable starting at beta rather than alpha.

Guide for CSI driver authors

If you maintain a CSI driver that uses service account tokens, here's how to adopt this feature.

Adding fallback logic

First, update your driver code to check both locations for tokens. This makes your driver compatible with both the old and new approaches:

const serviceAccountTokenKey = "csi.storage.k8s.io/serviceAccount.tokens"

func getServiceAccountTokens(req *csi.NodePublishVolumeRequest) (string, error) {
 // Check secrets field first (new behavior when driver opts in)
 if tokens, ok := req.Secrets[serviceAccountTokenKey]; ok {
 return tokens, nil
 }

 // Fall back to volume context (existing behavior)
 if tokens, ok := req.VolumeContext[serviceAccountTokenKey]; ok {
 return tokens, nil
 }

 return "", fmt.Errorf("service account tokens not found")
}

This fallback logic is backward compatible and safe to ship in any driver version, even before clusters upgrade to v1.35.

Rollout sequence

CSI driver authors need to follow a specific sequence when adopting this feature to avoid breaking existing volumes.

Driver preparation (can happen anytime)

You can start preparing your driver right away by adding fallback logic that checks both the secrets field and volume context for tokens. This code change is backward compatible and safe to ship in any driver version, even before clusters upgrade to v1.35. We encourage you to add this fallback logic early, cut releases, and even backport to maintenance branches where feasible.

Cluster upgrade and feature enablement

Once your driver has the fallback logic deployed, here's the safe rollout order for enabling the feature in a cluster:

1. Complete the kube-apiserver upgrade to 1.35 or later
2. Complete kubelet upgrade to 1.35 or later on all nodes
3. Ensure CSI driver version with fallback logic is deployed (if not already done in preparation phase)
4. Fully complete CSI driver DaemonSet rollout across all nodes
5. Update your CSIDriver manifest to set serviceAccountTokenInSecrets: true

Important constraints

The most important thing to remember is timing. If your CSI driver DaemonSet and CSIDriver object are in the same manifest or Helm chart, you need two separate updates. Deploy the new driver version with fallback logic first, wait for the DaemonSet rollout to complete, then update the CSIDriver spec to set serviceAccountTokenInSecrets: true.

Also, don't update the CSIDriver before all driver pods have rolled out. If you do, volume mounts will fail on nodes still running the old driver version, since those pods only check volume context.

Why this matters

Adopting this feature helps in a few ways:

• It eliminates the risk of accidentally logging service account tokens as part of volume context in gRPC requests
• It uses the CSI specification's designated field for sensitive data, which feels right
• The protosanitizer tool automatically handles the secrets field correctly, so you don't need driver-specific workarounds
• It's opt-in, so you can migrate at your own pace without breaking existing deployments

Call to action

We (Kubernetes SIG Storage) encourage CSI driver authors to adopt this feature and provide feedback on the migration experience. If you have thoughts on the API design or run into any issues during adoption, please reach out to us on the #csi channel on Kubernetes Slack (for an invitation, visit https://slack.k8s.io/).

You can follow along on KEP-5538 to track progress across the coming Kubernetes releases.

When I was younger, in my 20s, I assumed that everyone was working “hard,” meaning a solid 35 hours of work a week. Especially, say, university professors and professional engineers. I’d feel terribly guilty when I would be messing around, playing video games on a workday.

Today I realize that most people become very adept at avoiding actual work. And the people you think are working really hard are often just very good at focusing on what is externally visible. They show up to the right meetings but unashamedly avoid the hard work.

It ends up being visible to the people “who know.” Why? Because working hard is how you acquire actual expertise. And lack of actual expertise ends up being visible… but only to those who have the relevant expertise.

And the effect compounds. The difference between someone who has honed their skills for 20 years and someone who has merely showed up to the right meetings becomes enormous. And so, we end up with huge competency gaps between people who are in their 30s, 40s, 50s. It becomes night and day.

We know that readers don’t carry on reading if you write a poor beginning. Read this post to find out how write epic beginnings.

A while ago, we published a series of ‘epic’ posts on writing beginnings by Mia Botha. In today’s post, we’ve put them all together in one convenient article for you.

First impressions are everything when it comes to a book. What was it that first grabbed your attention? The first line, the first page, the first scene, or the first time they described the characters? We will be looking at all the firsts involved in the beginning of book and how a writer can use them to their advantage. Mia uses five books as examples for each post and examines what makes them epic.

How To Write Epic Beginnings

Read the series in this order:

1. How To Write An Epic First Page — ‘The first page sells the book, the last page sells the next book.’ ~ Mickey Spillane. Find out what you need on your first page to get your reader’s attention and orientate them.
2. How To Write An Epic First Line — In the previous post we spoke about how to write an epic first page. In this post I want to spend a bit more time talking about the first lines. Your first line sets the tone for the scene and ultimately the book. You need to grab your reader’s attention and keep it.
3. How To Write An Epic First Scene — The opening scene of your novel continues to build on the hard work you put into your first line and your first page.  Find out the formula for writing an epic first scene.
4. How To Make The First Time We Meet A Character Epic — We’ve discussed all the firsts. The first line, the first page, and the first scene. Now, we need to concentrate on character. First impressions are a big deal when we meet someone and it is no different in a book.

Use these four posts to create epic beginnings that will hook your readers straight away and keep them turning the page.

The Last Word

If you are looking for more posts on beginnings, click the beginnings tag to explore them on our website.

by Mia Botha

If you enjoyed this post, you will love:

1. How Much Magic Do You Need In A Fantasy Novel?
2. Why Do Writers Fail To Finish Their Books?
3. How Much Does It Cost To Write A Book?
4. A Quick Start Guide To Writing YA Fiction
5. A Quick Start Guide To Writing For Children
6. The Importance Of Paper When You Plan Your Story
7. 6 Important Things About Flash Fiction
8. 7 Ways For Writers To Avoid Getting Overwhelmed By Research
9. Help! My Protagonist Is A Bore

Top Tip: Find out more about our workbooks and online courses in our shop.

The post How To Write Epic Beginnings appeared first on Writers Write.