2026-04-06

Simon Willison — 2026-04-06#

Highlight#

The most substantial update today is Simon’s look at the Google AI Edge Gallery, an official iOS app for running local Gemma 4 models directly on-device. It stands out as a major milestone for local AI, being the first time a local model vendor has shipped an official iPhone app with built-in tool-calling capabilities.

Posts#

Google AI Edge Gallery Simon highlights Google’s strangely-named but highly effective official iOS app for running Gemma 4 (and 3) models natively. The 2.54GB E2B model runs fast and includes features like vision, up to 30 seconds of audio transcription, and an impressive “skills” demo showcasing tool calling against eight different HTML widgets. Despite a minor app freeze bug and the unfortunate lack of permanent chat logs, Simon considers it a significant release as the first official iOS app from a local model vendor.

2026-04-09

Simon Willison — 2026-04-09#

Highlight#

Today’s most substantive update is the release of asgi-gzip 0.3, which serves as a great practical reminder of the hidden risks in automated maintenance workflows. A silently failing GitHub Action caused his library to miss a crucial upstream Starlette fix for Server-Sent Events (SSE) compression, which ended up breaking a new Datasette feature in production.

Posts#

[asgi-gzip 0.3] · Source Simon released an update to asgi-gzip after a production deployment of a new Server-Sent Events (SSE) feature for Datasette ran into trouble. The root cause was datasette-gzip incorrectly compressing event/text-stream responses. The library relies on a scheduled GitHub Actions workflow to port updates from Starlette, but the action had stopped running and missed Starlette’s upstream fix for this exact issue. By running the workflow and integrating the fix, both datasette-gzip and asgi-gzip now handle SSE responses correctly.

2026-04-14

Simon Willison — 2026-04-14#

Highlight#

Simon highlights a fascinating paradigm shift in AI security: treating vulnerability discovery as an economic “proof of work” equation where spending more tokens yields better hardening. This creates a compelling new argument for the enduring value of open-source libraries in the age of vibe-coding, as the massive cost of AI security reviews can be shared across all of a project’s users.

Posts#

[datasette PR #2689: Replace token-based CSRF with Sec-Fetch-Site header protection] · Source Simon has replaced Datasette’s cumbersome token-based CSRF protection with a new middleware relying on the Sec-Fetch-Site header, inspired by Filippo Valsorda’s research and recent changes in Go 1.25. This modern approach eliminates the need to scatter hidden CSRF token inputs throughout templates or selectively disable protection for external APIs. Interestingly, while Claude Code handled the bulk of the commits under Simon’s guidance with cross-review by GPT-5.4, Simon chose to hand-write the PR description himself as an exercise in conciseness and keeping himself honest.

2026-04-15

Simon Willison — 2026-04-15#

Highlight#

The standout exploration today is Simon’s hands-on dive into Google’s new Gemini 3.1 Flash TTS API. It perfectly captures his rapid-prototyping ethos: encountering a surprisingly complex new prompting paradigm for an audio model and immediately using Gemini 3.1 Pro to “vibe code” a UI to stress-test regional British accents.

Posts#

Gemini 3.1 Flash TTS Google released Gemini 3.1 Flash TTS, an audio-only output model controlled via standard Gemini API prompts. Simon points out that the prompting guide is highly unusual, so he put it to the test by prompting for charismatic Newcastle and Exeter accents. To speed up his experimentation, he used Gemini 3.1 Pro to instantly vibe code a custom UI for the API.

2026-04-16

Simon Willison — 2026-04-16#

Highlight#

The most fascinating takeaway today is a surprising win for local AI: a 21GB quantized Qwen3.6 model running on a laptop beat Anthropic’s brand-new Claude Opus 4.7 at Simon’s “pelican riding a bicycle” SVG generation benchmark. This result leads Simon to conclude that his joke benchmark’s long-standing correlation with a model’s general utility has finally broken down.

Posts#

Qwen3.6-35B-A3B on my laptop drew me a better pelican than Claude Opus 4.7 · Source Simon put the day’s two major model releases—Alibaba’s Qwen3.6-35B-A3B and Anthropic’s Claude Opus 4.7—through his infamous “pelican riding a bicycle” SVG generation benchmark. Running locally on a MacBook Pro via LM Studio, the quantized Qwen model produced a better bicycle frame than Opus, and even won a “secret backup test” generating a flamingo riding a unicycle. Simon admits this breaks the historical correlation between his SVG benchmark and a model’s general usefulness, noting he highly doubts the 21GB local model is actually more capable than Anthropic’s proprietary flagship.

2026-04-17

Simon Willison — 2026-04-17#

Highlight#

The most exciting news today is the addition of a dedicated AI track at PyCon US 2026, signaling the deep integration of AI engineering into the core Python community. With talks covering everything from local LLM quantization to async patterns for AI agents, it’s a clear indicator of where the Python ecosystem is heading this year.

Posts#

[Join us at PyCon US 2026 in Long Beach - we have new AI and security tracks this year] · Source PyCon US heads to Long Beach this May, and Simon highlights the addition of dedicated AI and Security tracks to the conference. He shares the full AI track schedule—which he naturally scraped using Claude Code and his Rodney tool—featuring highly relevant sessions on local quantization, browser-based inference, and async agent patterns. Simon also emphasizes the value of the conference’s open spaces, where he plans to instigate discussions around Datasette and agentic engineering.

2026-05-05

Simon Willison — 2026-05-05#

Highlight#

The most substantive read today is Simon’s commentary on an AI-run cafe in Stockholm, where he draws a hard ethical line against autonomous AI agents wasting the time of unconsenting humans.

Posts#

Our AI started a cafe in Stockholm · Source Simon reviews an experiment by Andon Labs where an AI manages a physical cafe in Sweden. While the AI’s mistakes are initially amusing—like ordering 120 eggs without a stove or hoarding 6,000 napkins—Simon highlights the problematic nature of these autonomous agents. He argues it is highly unethical to deploy agents that waste police time by submitting AI-generated sketches for permits or spamming real-world suppliers with “EMERGENCY” emails to fix AI mistakes. His core takeaway is that any outbound AI actions affecting other people must keep a human-in-the-loop.

2026-05-12

Simon Willison — 2026-05-12#

Highlight#

The standout update today is the alpha release of llm 0.32a2, which adapts to OpenAI’s new endpoints to expose interleaved reasoning across tool calls for GPT-5 class models. It’s a great example of Simon quickly evolving his CLI tools to make the latest LLM reasoning capabilities highly visible and practical for developers.

Posts#

llm 0.32a2 · Source Simon dropped a crucial update to his llm CLI to support the latest reasoning-capable OpenAI models (like the GPT-5 class), which now use a different endpoint rather than /v1/chat/completions. This shift enables interleaved reasoning across tool calls, and the CLI now natively displays these summarized reasoning tokens in a distinct color directly in the terminal. For those who prefer a cleaner output, you can easily suppress the reasoning steps using the new -R or --hide-reasoning flags.

2026-05-13

Simon Willison — 2026-05-13#

Highlight#

Simon’s standout experiment today demonstrates a clever UX workaround for sandboxed iframes, intercepting Content Security Policy (CSP) errors and passing them to the parent window for user approval. It is a great example of his hands-on AI-assisted programming, notably built using GPT-5.5 xhigh in the Codex desktop app.

Posts#

[CSP Allow-list Experiment] · Source This technical experiment explores how to load an app within a CSP-protected sandboxed iframe while maintaining a smooth user experience. Simon implemented a custom fetch() that catches CSP errors and passes them up to the parent window. The parent window can then prompt the user to add the blocked domain to an allow-list before refreshing the page. He built the tool using GPT-5.5 xhigh via the Codex desktop app.

2026-05-14

Simon Willison — 2026-05-14#

Highlight#

The single most interesting theme today is the changing paradigm of programming languages from being a permanent “lock-in” to fungible, replaceable assets, driven by AI coding agents. Simon highlights this shift through Mitchell Hashimoto’s commentary on Bun’s recent language rewrite and a real-world anecdote of agent-assisted mobile app migration.

Posts#

[Not so locked in any more] · Source Expanding on thoughts about modern software architecture, Simon shares an anecdote from a recent conference about a tech company that used coding agents to rewrite their legacy iPhone and Android apps into React Native. The development team wasn’t overly concerned about committing to React Native, reasoning that if it turned out to be the wrong choice, the lowered cost of agent-driven development means they could just port it back to native code later. This underscores a major industry shift where programming language choices are increasingly no longer the permanent lock-in they once were.