When writing on the web or posting in online communities like Reddit and Discord, your posts can be formatted using the plaintext coding system called Markdown. Here are the basics.

While there are many copyright cases working their way through the court system, we now have an important decision from one of them. Judge William Alsup ruled that the use of copyrighted material for training is “transformative” and, hence, fair use; that converting books from print to digital form was fair use; but that the use of pirated books in building a library for training AI was not.

Now that everyone is trying to build intelligent agents, we have to think seriously about agent security—which is doubly problematic because we already haven’t thought enough about AI security and issues like prompt injection. Simon Willison has coined the term “lethal trifecta” to describe the combination of problems that make agent security particularly difficult: access to private data, exposure to untrusted content, and the ability to communicate with external services.

Artificial Intelligence

• Researchers have fine-tuned a model for locating deeds that include language to prevent sales to Black people and other minorities. Their research shows that, as of 1950, roughly a quarter of the deeds in Santa Clara county included such language. The research required analyzing millions of deeds, many more than could have been analyzed by humans.
  
• Google has released its live music model, Magenta RT. The model is intended to synthesize music in real time. While there are some restrictions, the weights and the code are available on Hugging Face and GitHub.
  
• OpenAI has found that models that develop a misaligned persona can be retrained to bring their behavior back inline.
  
• The Flash and Pro versions of Gemini 2.5 have reached general availability. Google has also launched a preview of Gemini 2.5 Flash-Lite, which has been designed for low latency and cost.
  
• The site lowbackgroundsteel.ai is intended as a repository for pre-AI content—i.e., content that could not have been generated by AI.
  
• Are the drawbridges going up? Drew Breunig compares the current state of AI to Web 2.0, when companies like Twitter started to restrict developers connecting to their platforms. Drew points to Anthropic cutting off Windsurf, Slack blocking others from searching or storing messages, and Google cutting ties with Scale after Meta’s investment.
  
• Simon Willison has coined the phrase “lethal trifecta” to describe dangerous vulnerabilities in AI Agents. The lethal trifecta arises from the combination of private data, untrusted content, and external communication.
  
• Two new papers, “Design Patterns for Securing LLM Agents Against Prompt Injections” and “Google’s Approach for Secure AI Agents,” address the problem of prompt injection and other vulnerabilities in agents. Simon Willison’s summaries are excellent. Prompt injection remains an unsolved (and perhaps unsolvable) problem, but these papers show some progress.
  
• Google’s NotebookLM can turn your search results into a podcast based on the AI overview. The feature isn’t enabled by default; it’s an experiment in search labs. Be careful—listening to the results may be fun, but it takes you further from the actual results.
  
• AI-enabled Barbie? This I have to see. Or maybe not.
  
• Institutional Books is a 242B token dataset for training LLMs. It was created from public domain/out-of-copyright books in Harvard’s library. It includes over 1M books in over 250 languages.
  
• Mistral has launched their first reasoning model, Magistral, in two versions: a Small version (open source, 24B) and a closed Medium version for enterprises. The announcement stresses traceable reasoning (for applications like law, finance, and healthcare) and creativity.
  
• OpenAI has launched o3-pro, their newest high-end reasoning model. (It’s probably the same model as o3, but with different parameters controlling the time it can spend reasoning.) LatentSpace has a good post on how it’s different. Bring lots of context.
  
• At WWDC, Apple announced a public API for its on-device foundation models. Otherwise, Apple’s AI-related announcements at WWDC are unimpressive.
  
• Simon Willison’s “The Last Six Months in LLMs” is worth reading; his personal benchmark (asking an LLM to generate a drawing of a pelican riding a bicycle) is surprisingly useful!
  
• Here’s a description of tool poisoning attacks (TPA) against systems using MCP. TPAs were first described in a post from Invariant Labs. Malicious commands can be included in the tool metadata that’s sent to the model—usually (but not exclusively) in the description field.
  
• As part of the New York Times copyright trial, OpenAI has been ordered to retain ChatGPT logs indefinitely. The order has been appealed.
  
• Sandia’s new “brain-inspired” supercomputer, designed by SpiNNcloud, is worth watching. There’s no centralized memory; memory is distributed among processors (175K cores in Sandia’s 24-board system), which are designed to mimic neurons.
  
• Google has updated Gemini 2.5 Pro. While we wouldn’t normally get that excited about an update, this update is arguably the best model available for code generation. And an even more impressive model, Gemini Kingfall, was (briefly) seen in the wild.
  
• Here’s an MCP connector for humans! The idea is simple: When you’re using LLMs to program, the model will often go off on a tangent if it’s confused about what it needs to do. This connector tells the model how to ask the programmer whenever it’s confused, keeping the human in the loop.
  
• Agents appear to be even more vulnerable to security vulnerabilities than the models themselves. Several of the attacks discussed in this paper involve getting an agent to read malicious pages that corrupt the agent’s output.
  
• OpenAI has announced the availability of ChatGPT’s Record mode, which records a meeting and then generates a summary and notes. Record mode is currently rolling out to Team users.
  
• OpenAI has made its Codex agentic coding tool available to ChatGPT Plus users. The company’s also enabled internet access for Codex. Internet access is off by default for security reasons.
  
• Vision language models (VLMs) see what they want to see; they can be very accurate when answering questions about images containing familiar objects but are very likely to make mistakes when shown counterfactual images (for example, a dog with five legs).
  
• Yoshua Bengio has announced the formation of LawZero, a nonprofit AI research group that will create “safe-by-design” AI. LawZero is particularly concerned that the latest models are showing signs of “self-preservation and deceptive behavior,” no doubt referring to Anthropic’s alignment research.
  
• Chat interfaces have been central to AI since ELIZA. But chat embeds the results you want, in lots of verbiage, and it’s not clear that chat is at all appropriate for agents, when the AI is kicking off lots of new processes. What’s beyond chat?
  
• Slop forensics uses LLM “slop” to figure out model ancestry, using techniques from bioinformatics. One result is that DeepSeek’s latest model appears to be using Gemini to generate synthetic data rather than OpenAI. Tools for slop forensics are available on GitHub.
  
• Osmosis-Structure-0.6b is a small model that’s specialized for one task: extracting structure from unstructured text documents. It’s available from Ollama and Hugging Face.
  
• Mistral has announced an Agents API for its models. The Agents API includes built-in connectors for code execution, web search, image generation, and a number of MCP tools.
  
• There is now a database of court cases in which AI-generated hallucinations (citations of nonexistent case law) were used.

Programming

• Martin Fowler and others describe the “expert generalist” in an attempt to counter increasing specialization in software engineering. Expert generalists combine one (or more) areas of deep knowledge with the ability to add new areas of depth quickly.
  
• Duncan Davidson points out that, with AI able to crank out dozens of demos in little time, the “art of saying no” is suddenly critical to software developers. It’s too easy to get lost in a flood of decent options while trying to pick the best one.
  
• You’ll probably never need to compute a billion factorials. But even if you don’t, this article nicely demonstrates optimizing a tricky numeric problem.
  
• Rust is seeing increased adoption for data engineering projects because of its combination of memory safety and high performance.
  
• The best way to make programmers more productive is to make their job more fun by encouraging experimentation and rest breaks and paying attention to issues like appropriate tooling and code quality.
  
• What’s the next step after platform engineering? Is it platform democracy? Or Google Cloud’s new idea, internal development platforms?
  
• A study by the Enterprise Strategy Group and commissioned by Google claims that software developers waste 65% of their time on problems that are solved by platform engineering.
  
• StackOverflow is taking steps to preserve its relevance in the age of AI. It’s considering incorporating chat, paying people to be helpers, and adding personalized home pages where you can aggregate important technical information.

Web

• Is it time to implement HTTP/3? This standard, which has been around since 2022, solves some of the problems with HTTP/2. It claims to reduce wait and load times, especially when the network itself is lossy. The Nginx server, along with the major browsers, all support HTTP/3.
  
• Monkeon’s WikiRadio is a website that feeds you random clips of Wikipedia audio. Check it out for more projects that remind you of the days when the web was fun.

Security

• Cloudflare has blocked a DDOS attack that peaked at 7.3 terabits/second; the peak lasted for about 45 seconds. This is the largest attack on record. It’s not the kind of record we like to see.
  
• How many people do you guess would fall victim to scammers offering to ghostwrite their novels and get them published? More than you would think.
  
• ChainLink Phishing is a new variation on the age-old phish. In ChainLink Phishing, the victim is led through documents on trusted sites, well-known verification techniques like CAPTCHA, and other trustworthy sources before they’re asked to give up private and confidential information.
  
• Cloudflare’s Project Galileo offers free protection against cyberattacks for vulnerable organizations, such as human rights and relief organizations that are vulnerable to denial-of-service (DOS) attacks.
  
• Apple is adding the ability to transfer passkeys to its operating systems. The ability to import and export passkeys is an important step toward making passkeys more usable.
  
• Matthew Green has an excellent post on cryptographic security in Twitter’s (oops, X’s) new messaging system. It’s worth reading for anyone interested in secure messaging. The TL;DR is that it’s better than expected but probably not as good as hoped.
  
• Toxic agent flows are a new kind of vulnerability in which an attacker takes advantage of an MCP server to hijack a user’s agent. One of the first instances forced GitHub’s MCP server to reveal data from private repositories.

Operations

• Databricks announced Lakeflow Designer, a visually oriented drag-and-drop no code tool for building data pipelines. Other announcements include Lakebase, a managed Postgres database. We have always been fans of Postgres; this may be its time to shine.
  
• Simple instructions for creating a bootable USB drive for Linux—how soon we forget!
  
• An LLM with a simple agent can greatly simplify the analysis and diagnosis of telemetry data. This will be revolutionary for observability—not a threat but an opportunity to do more. “The only thing that really matters is fast, tight feedback loops.”
  
• DuckLake combines a traditional data lake with a data catalog stored in an SQL database. Postgres, SQLite, MySQL, DuckDB, and others can be used as the database.

Quantum Computing

• IBM has committed to building a quantum computer with error correction by 2028. The computer will have 200 logical qubits. This probably isn’t enough to run any useful quantum algorithm, but it still represents a huge step forward.
  
• Researchers have claimed that 2,048-bit RSA encryption keys could be broken by a quantum computer with as few as a million qubits—a factor of 20 less than previous estimates. Time to implement postquantum cryptography!

Robotics

• Denmark is testing a fleet of robotic sailboats (sailboat drones). They’re intended for surveillance in the North Sea.

The age of the AI scraping free-for-all may be coming to an end. At least if Cloudflare gets its way.

The concept of remote development is deceptively simple: spin up your development environment somewhere that’s not your local machine. The perks range from freeing up local resources to not panicking when your laptop gets stolen.

Yet, there are plenty of pitfalls, including flaky setups, poor visibility, and lousy monitoring. Let’s look at some best practices of remote development and see what JetBrains has to offer.

1. Get rid of RDP/VNC/VDS

If you’re still “remote developing” by pixel-streaming, you’re wasting your time. Real remote development feels local, handles flaky networks gracefully, and scales far beyond your laptop.

Reality check: Streaming your whole desktop is like lugging a cinema projector over SSH. Every keystroke triggers massive pixel redraws, your IDE becomes sluggish, and one lost packet freezes everything. Why move video frames instead of code diffs? Modern remote protocols only send keystrokes and UI deltas. Latency plunges, and your IDE snaps back to life.

2. Stay online, even when you’re not

Flaky Wi-Fi isn’t an excuse anymore. A proper remote development client buffers your edits locally, shows a “reconnecting” notice, and pushes your changes when you’re back online. Linting, inspections, breakpoints – they pick up seamlessly. You keep context, and your work never vanishes into thin air.

3. Enterprise-grade orchestration

One VM or container remotely? Sure, great for demos. But ten teams? A dozen projects? Manual SSH scripts crumble fast. You need a Cloud Dev Environment (CDE) orchestrator that addresses the following pain points:

Paint Point	Hand-Rolled SSH/Docker/VM	CDE Orchestrator (e.g., CodeCanvas)
Resource scaling	Static, brittle	Auto-scale, auto-stop, snapshots
Environment drift	“Works on my machine”	Versioned templates, pre-built images
Provisioning	Manual installs	Pre-warmed toolchains, secrets, plugins
Security	Open SSH risks	Zero-trust relays, jump servers, air-gapped lockdown
Visibility	Dark – no metrics	Dashboards for usage, health, failures

If you’re not automating this stuff, you’re putting your team at a disadvantage.

4. CodeCanvas: JetBrains’ answer

We built CodeCanvas to cover every base:

• Dev environment templates: Versioned, shareable, based on Docker images (build your own if needed), IDE backends included.
• Auto-provisioning: Plugins, VS Code extensions, secrets – everything installs itself.
• Cost control: Idle workspaces auto-stop, warm-up snapshots and standby pools minimize startup delays.
• Zero-trust security: WebSocket relays (no inbound pods), SSH jump servers as needed, and strict clipboard restrictions.
• Observability: Real-time dashboards to monitor environment creation, adoption rates, crashes, and idle times.

5. Borrow, don’t reinvent – follow the leaders

• GitHub Codespaces: Uses devcontainer.json, spins up on GitHub’s infrastructure.
• Gitpod: Declares workspace configuration via .gitpod.yml, provides consistent branch environments.
• AWS Cloud9: Automates EC2 provisioning and Docker setup via AWS APIs, browser-based and fully scriptable.
• CodeCanvas: Scalable Kubernetes-based environments (EKS, AKS, GKE, or your bare-metal clusters) designed for distributed teams.

If you’re building your own, ask yourself: what do these platforms handle that I’m missing?

6. Workflow orchestration beats task automation

Creating a VM is just a task. Combining container builds, secret management, post-hooks, health checks, and cleanup – that’s orchestration. True CDE platforms handle this complexity gracefully. If you’re still scripting “docker run” in shell scripts, you’re reinventing the wheel.

7. Short-lived environments are mandatory

If you try to cram everything into a single long-living environment, you’ll just be stuck twiddling your thumbs during branch switches and rebuilds. When environments spin up in seconds, they become disposable. This allows a fresh environment for each feature or code review, tossed away as soon as you’re done with it. Warm-up snapshots and standby pools have turned “cold start” into a thing of the past. Short-lived CDEs ensure consistency, security, and predictable costs.

8. Security and compliance: don’t get pwned

• Zero trust: Authenticate and authorize every single IDE connection.
• Network isolation: Use per-cluster relays and jump servers with no direct SSH. Restrict clipboard actions to prevent data leaks.
• Policy enforcement: Align your practices with security benchmarks – development environments are vulnerable if left unguarded.

9. Metrics that actually matter

Dashboards aren’t just window dressing – they drive optimization. Get an overview of:

• Startup latency: From spin-up to first build or indexing.
• Resource utilization: CPU, memory, and I/O per workspace.
• Idle time: Triggers for auto-shutdown.
• Failure rates: Backend crashes, reconnections.

Use tools like Prometheus/Grafana, Dynatrace, or cloud-native monitoring to correlate developer efficiency with infrastructure health.

10. AI agent support – no longer optional

Your CDE orchestration now has to treat AI agents like first-class citizens, not just humans. That means clean APIs, bulletproof permissions, and tight resource controls. Mistakes here mean you’ll find yourself quickly outdated in a landscape where AI isn’t optional anymore.

Bottom line

If you’re clinging to RDP, VDI, manual SSH hacks, or one-off VMs, you’re consciously choosing friction over productivity. Embrace protocol-smart remote dev clients, short-lived environment orchestration, zero-trust security, and meaningful metrics. Whether you adopt CodeCanvas, Codespaces, Gitpod, or AWS Cloud9 – these patterns aren’t optional if you care about scale, security, and developer velocity.

1095. Is “sick” really “good”? This week, we explore how words flip their meanings and why language changes over time. Then, we look at the 1950s idea of "U and Non-U English" and what it tells us about social climbing.

The "sick" segment was written by Natalie Schilling, a professor emerita of linguistics at Georgetown University in Washington, DC, and who runs a forensic linguistics consulting firm. You can find her on LinkedIn.

The "posh" segment was by Karen Lunde, a former Quick & Dirty Tips editor and digital pioneer who's been spinning words into gold since before cat videos ruled the internet. She created one of the first online writing workshops, and she's published thousands of articles on the art of writing. These days, she leads personal narrative writing retreats and helps writers find their voice. Visit her at ChanterelleStoryStudio.com.

🔗 Share your familect recording in a WhatsApp chat.

🔗 Watch my LinkedIn Learning writing courses.

🔗 Subscribe to the newsletter.

🔗 Take our advertising survey. 

🔗 Get the edited transcript.

🔗 Get Grammar Girl books. 

🔗 Join Grammarpalooza. Get ad-free and bonus episodes at Apple Podcasts or Subtext. Learn more about the difference. 

| HOST: Mignon Fogarty

| VOICEMAIL: 833-214-GIRL (833-214-4475).

| Grammar Girl is part of the Quick and Dirty Tips podcast network.

• Audio Engineer: Dan Feierabend
• Director of Podcast: Holly Hutchings
• Advertising Operations Specialist: Morgan Christianson
• Marketing and Video: Nat Hoopes

| Theme music by Catherine Rannus.

| Grammar Girl Social Media: YouTube. TikTok. Facebook.Threads. Instagram. LinkedIn. Mastodon. Bluesky.

Download audio: https://dts.podtrac.com/redirect.mp3/tracking.swap.fm/track/0bDcdoop59bdTYSfajQW/media.blubrry.com/grammargirl/stitcher.simplecastaudio.com/e7b2fc84-d82d-4b4d-980c-6414facd80c3/episodes/f25ed147-46fd-482f-9af4-299c3d082e4e/audio/128/default.mp3?aid=rss_feed&awCollectionId=e7b2fc84-d82d-4b4d-980c-6414facd80c3&awEpisodeId=f25ed147-46fd-482f-9af4-299c3d082e4e&feed=XcH2p3Ah