Simon Willison — 2026-05-04#

Highlight#

Simon’s WASM-compiled Redis Array Playground is today’s standout, showcasing how quickly we can now spin up interactive sandboxes for in-flight C pull requests using AI agents like Claude Code.

Posts#

Redis Array Playground Salvatore Sanfilippo recently submitted a PR adding a new array data type to Redis. To try out the newly proposed commands, including a server-side ARGREP powered by the vendored TRE regex library, Simon utilized Claude Code to build an interactive WASM playground that runs a subset of Redis directly in the browser. The post also points to Salvatore’s own write-up on the AI-assisted development process behind the new array type.

Engineering Reads — 2026-05-05#

The Big Idea#

As AI coding agents increasingly generate code that works but lacks internal quality, the software industry must decide if traditional design principles are obsolete or if they are our only salvation. The core insight across today’s reading is that conceptual integrity and rigorous structural boundaries remain the only proven defenses against the exponential complexity of the modern development “tar pit”.

Deep Reads#

[Mythical Man Month] · Martin Fowler · https://martinfowler.com/bliki/MythicalManMonth.html The core claim is that Fred Brooks’s 1975 classic remains fiercely relevant, particularly its insistence that “conceptual integrity” is the paramount consideration in system design. Fowler highlights that as human team size grows, communication paths explode exponentially, leading to Brooks’s Law where adding manpower to a late project only delays it further. The technical mechanism to defend against this chaos is simplicity and straightforward composability—ensuring a system reflects one unified design vision rather than a jumble of uncoordinated, independent ideas. This directly challenges the instinct to bolt on every seemingly useful feature, arguing that omitting anomalous improvements is a necessary architectural tradeoff. Systems architects and technical leads should read this to remember why a unified, composable vision outlasts feature-heavy monoliths.

Simon Willison — 2026-05-05#

Highlight#

The most substantive read today is Simon’s commentary on an AI-run cafe in Stockholm, where he draws a hard ethical line against autonomous AI agents wasting the time of unconsenting humans.

Posts#

Our AI started a cafe in Stockholm · Source Simon reviews an experiment by Andon Labs where an AI manages a physical cafe in Sweden. While the AI’s mistakes are initially amusing—like ordering 120 eggs without a stove or hoarding 6,000 napkins—Simon highlights the problematic nature of these autonomous agents. He argues it is highly unethical to deploy agents that waste police time by submitting AI-generated sketches for permits or spamming real-world suppliers with “EMERGENCY” emails to fix AI mistakes. His core takeaway is that any outbound AI actions affecting other people must keep a human-in-the-loop.

Engineering Reads — 2026-05-06#

The Big Idea#

Lock-free concurrency in simple data structures like Mask-Step-Index (MSI) hash tables does not require a one-size-fits-all synchronization approach; by meticulously scaling memory ordering semantics—from relaxed, to acquire-release, to compare-and-swap—based on the specific constraints of the data payload and producer count, we can achieve thread safety with minimal overhead.

Deep Reads#

Concurrent, atomic MSI hash tables · nullprogram The piece demonstrates how to incrementally add lock-free concurrency to Mask-Step-Index (MSI) open-addressed hash tables using compiler atomics rather than coarse locks. It begins with a single-producer, multiple-consumer (SPMC) model, utilizing relaxed atomics for simple integer sets where insertion order is irrelevant to the consumer. However, when table values are pointers to objects, the author illustrates why relaxed atomics fail—consumers might race on the underlying object updates—and upgrades to acquire-release semantics to enforce strict memory visibility. A crucial systems insight is highlighted here: on strongly-ordered architectures like x86, this acquire-release synchronization merely restricts compiler instruction scheduling and generates the exact same ISA code as a single-threaded implementation. Finally, to support multiple producers (MPMC), the design employs an optimistic compare-and-swap loop that simply acquires the winning element upon a failed race. Systems programmers looking to replace heavy synchronization primitives should read this to see how aligning memory models tightly with domain constraints yields fast, perfectly tailored lock-free structures.

Simon Willison — 2026-05-06#

Highlight#

The highlight of today is Simon’s candid reflection on how highly reliable coding tools like Claude Code are blurring the line between professional “agentic engineering” and hands-off “vibe coding”. He raises important questions about accountability, the loss of traditional software evaluation metrics, and how the bottlenecks of the entire software development lifecycle are radically shifting.

Posts#

Vibe coding and agentic engineering are getting closer than I’d like Simon expands on a recent podcast conversation to discuss how he is increasingly treating AI agents like Claude Code as semi-black boxes, trusting them to write unreviewed production code. He notes that because AI can generate comprehensive tests and beautiful readmes in minutes, traditional signals of software quality are losing their value, making actual usage the most important metric. Furthermore, he observes that as coding speeds up exponentially, upstream bottlenecks like cautious, extensive design processes are being fundamentally challenged. Despite these shifts, he isn’t worried about the future of software engineering careers, emphasizing that these tools are simply amplifiers for a discipline that remains fiercely difficult.

Engineering Reads — 2026-05-07#

The Big Idea#

When the software ecosystem is reeling from a cascade of high-profile vulnerabilities, the most prudent engineering decision is often a temporary hard freeze on new dependencies to mitigate the risk of opportunistic supply-chain attacks.

Deep Reads#

Maybe you shouldn’t install new software for a bit · Xe Iaso · xeiaso.net

In the immediate aftermath of major vulnerability disclosures like “copy.fail”, “Copy Fail 2: Electric Boogaloo”, and “Dirty Frag”, the security ecosystem is highly destabilized. The core argument here is that this kind of chaos creates the perfect window for catastrophic supply-chain attacks to land with maximum impact, particularly through package managers like NPM. To defend against this, the author advocates for a strict, week-long moratorium on installing any new software or dependencies. The only stated exception to this system freeze is applying upstream Linux kernel patches provided by your distribution. Infrastructure engineers and tech leads should read this to recalibrate their risk posture and consider trading sprint velocity for system stability during periods of heavy vulnerability churn.

Simon Willison — 2026-05-07#

Highlight#

The most significant takeaway today is Mozilla’s dramatic success using the Claude Mythos preview to hunt down Firefox vulnerabilities, signaling a turning point where AI-generated bug reports have shifted from “unwanted slop” to highly actionable signals.

Posts#

[Behind the Scenes Hardening Firefox with Claude Mythos Preview] · Source Mozilla shared in-depth details on utilizing the Claude Mythos preview to identify and patch hundreds of vulnerabilities in Firefox. By improving how they harness, steer, and scale these models, Mozilla saw their monthly security bug fixes skyrocket from an average of 20-30 to 423 in April, even catching bugs that had existed for up to 20 years. Simon highlights this as a major shift from the recent past, where AI bug reports imposed an asymmetric burden on maintainers by generating plausible but incorrect noise.

Engineering Reads — 2026-05-08#

The Big Idea#

Code formatters should amplify developer intent rather than blindly override it. Tools that rely on subtle syntactic cues to steer layout often yield cleaner, more readable code than rigid, algorithmically-driven alternatives.

Deep Reads#

[Steering Zig Fmt] · matklad.github.io · Source The core insight here is that zig fmt outperforms rigid alternatives like rustfmt or deno fmt because it is uniquely “steerable”. Rather than applying a strict layout heuristic, the tool relies on developer-provided cues—such as a trailing comma—to seamlessly toggle a function call between single-line and multi-line layouts. It even handles complex columnar alignments for arrays by simply mirroring the developer’s first line break, and allows varying items per line using concatenation operators like ++. The underlying philosophy acknowledges a subtle tradeoff: while total automation eliminates stylistic arguments, it destroys semantic grouping, since the best formatting relies heavily on logical blocks and intermediate variables that machines cannot infer. By leaning into human choices rather than eliminating them, the tool strikes a pragmatic balance. Anyone building developer tooling or designing language ergonomics should read this to understand why leaving room for human intent often yields a superior developer experience.

Simon Willison — 2026-05-08#

Highlight#

Simon re-evaluates his long-standing habit of asking LLMs for Markdown output, sparked by Anthropic’s Thariq Shihipar advocating for the rich capabilities of HTML. He tests this out practically by using his llm CLI to generate an interactive HTML explanation of a newly discovered Linux security exploit.

Posts#

[Using Claude Code: The Unreasonable Effectiveness of HTML] · Source Simon reflects on a piece by Thariq Shihipar (from Anthropic’s Claude Code team) that argues for requesting HTML instead of Markdown from Claude. While Markdown’s token-efficiency was a strict necessity during the 8,192-token GPT-4 days, modern LLMs can leverage HTML to output SVG diagrams, interactive widgets, and rich in-page navigation. Simon tests this technique by piping an obfuscated Python exploit from copy.fail into gpt-5.5 via his llm CLI tool, successfully prompting the model to generate a fully styled, interactive HTML explanation of the code.

Simon Willison — 2026-05-10#

Highlight#

Simon highlights a stark example of AI hallucination making its way into mainstream journalism, serving as a critical warning for anyone relying on LLMs for factual summarization.

Posts#

Quoting New York Times Editors’ Note · Source Simon shares a sobering editors’ note from the New York Times illustrating the dangers of unchecked generative AI in the newsroom. A reporter mistakenly attributed an AI-generated summary of Canadian Conservative leader Pierre Poilievre’s views as a direct, verbatim quote. The hallucinated text falsely claimed he called politicians who changed allegiances “turncoats,” underscoring exactly why LLM outputs must be rigorously verified against primary sources rather than trusted blindly.