Artemis II launches humanity's first crewed deep-space mission in 50 years, quantum computing advances cut encryption timelines, and Cloudflare unveils EmDash as a security-first WordPress successor

Scott Aaronson's Blog

Quantum Computing Bombshells That Are Not April Fools

Scott Aaronson reports on two significant quantum computing advances that substantially accelerate the threat timeline to current encryption: a Caltech breakthrough reducing physical qubits required for fault-tolerant computation to approximately 25,000 (down from millions estimated a year prior), and a Google advance publishing a more efficient Shor's algorithm implementation that could break elliptic curve cryptography — with Bitcoin signatures now assessed as vulnerable sooner than previously thought. The Google results were released via cryptographic zero-knowledge proofs rather than traditional academic disclosure, an unprecedented approach raising questions about responsible disclosure in quantum research. Together the breakthroughs shorten practical attack timelines by a year or more, adding urgency to post-quantum cryptography migration efforts.

Cloudflare Blog

EmDash: Cloudflare Launches a Security-First WordPress Successor Built on Workers

Cloudflare has released EmDash v0.1.0, an open-source (MIT) CMS built on Astro 6.0 and Cloudflare Workers, designed from scratch as a modern alternative to WordPress — which powers over 40% of the internet but sources 96% of its security vulnerabilities from plugins. The key architectural innovation is plugin sandboxing: EmDash plugins run in isolated Dynamic Workers with explicit OAuth-style permission declarations, preventing any single plugin from accessing unrestricted site data. The platform ships with native x402 micropayment support, a built-in MCP server for programmatic management, and AI agent skills for content migration — and was itself developed using AI coding agents over two months.

GitHub Blog

Securing the Open Source Supply Chain Across GitHub

GitHub has published a detailed breakdown of the emerging attack pattern targeting open source supply chains: adversaries compromise GitHub Actions workflows to exfiltrate secrets, then publish malicious packages from attacker-controlled machines and use those packages to propagate further. GitHub scans every npm package version for malware — detecting hundreds of malicious publishes daily out of 30,000+ — and has expanded trusted publishing (replacing secrets with OIDC tokens) across npm, PyPI, NuGet, RubyGems, and Crates. The post outlines both immediate developer actions (pin Actions to full commit SHAs, enable CodeQL, avoid pull_request_target triggers) and GitHub's accelerated security roadmap prompted by last year's Shai-Hulud campaign.

GitHub Blog

GitHub Copilot CLI Gets /fleet: Parallel Agent Dispatch for Large Tasks

GitHub has shipped /fleet, a Copilot CLI slash command that introduces an orchestrator layer capable of decomposing a task into independent work items and dispatching multiple AI subagents to execute them simultaneously across different files and modules. Each subagent gets its own context window but shares the filesystem, with the orchestrator handling dependency ordering and final synthesis — functioning like a project lead assigning parallel tracks to a team. The feature targets tasks with natural parallelism (cross-file refactors, multi-component feature implementations, concurrent documentation generation) and supports custom agents defined in .github/agents/ with per-track model and tool specifications.

Trail of Bits

Mutation Testing for the Agentic Era: Trail of Bits Releases MuTON and mewt

Trail of Bits has released MuTON (TON blockchain language support) and mewt (language-agnostic core), two mutation testing tools built for AI agent workflows using Tree-sitter for AST-based parsing rather than regex — enabling correct multi-line statement mutations across Solidity, Rust, Go, FunC, Tolk, and Tact. Both tools persist campaign results to SQLite, allowing paused campaigns to resume without lost progress and enabling SARIF export for integration with existing security review workflows. The tools grew out of real incident impact: mutation testing using their earlier slither-mutate tool uncovered a high-severity Arkis protocol vulnerability missed by coverage metrics, and the post includes an honest discussion of the unsolved challenge of ensuring AI-generated tests encode correct requirements rather than propagating bugs.

Meta Engineering

Meta Open-Sources BOxCrete: AI-Optimized Concrete Mixes for U.S. Data Centers

Meta has released BOxCrete under MIT license, a Bayesian optimization model for designing domestic cement and concrete mixes that reduces reliance on imported materials (currently 20–25% of U.S. consumption). Deployed at Meta's Rosemount data center, BOxCrete-optimized concrete reached full structural strength 43% faster than standard mixes while reducing cracking risk by nearly 10%. The initiative targets a sector that contributes over $130 billion annually to the U.S. economy and employs 600,000 workers, and Meta is releasing the model openly to accelerate adoption across academic and commercial concrete platforms.

Oliver Seifert

pgit: The Entire Linux Kernel Git History — Imported Into PostgreSQL

Oliver Seifert built pgit, a Git-like version control system that stores repositories inside PostgreSQL instead of the filesystem, then validated it by importing the Linux kernel's full 20-year git history: 1.4 million commits, 24.4 million file versions, and 171,525 unique paths in roughly 2 hours. The result occupies only 2.7 GB — modestly more than git's 1.95 GB — while achieving 7.9x deduplication on blobs and 114.4x on text content using delta compression via pg-xpatch. The payoff is SQL queryability across 20 years of history: a full-text search across the entire kernel runs in 44 seconds, and statistics like David S. Miller merging 7.9% of all commits emerge from simple queries.

LeadDev

Why AI Isn't Writing Most of Your Code (Yet)

LeadDev examines the gap between AI's code generation capabilities and its actual share of production code, arguing that the bottleneck has shifted from code writing to architectural judgment, quality oversight, and system design — areas where human developers remain essential. The analysis suggests the developer role is actively evolving: raw coding speed is depreciating as a differentiator while skills around AI tool management, code review, and strategic technical decision-making become the primary markers of seniority. The piece positions the current moment not as AI replacing developers but as a restructuring of what development work actually means.

isbgpsafeyet.com

Is BGP Safe Yet? Tracking RPKI Adoption Across Major ISPs

The isbgpsafeyet.com tracker highlights that BGP — the protocol routing all internet traffic — still lacks cryptographic validation by default, leaving it vulnerable to route hijacks and leaks that can silently redirect traffic at a global scale. RPKI (Resource Public Key Infrastructure) is the established fix, but adoption remains uneven: over 200 major ISPs and cloud providers including some large carriers have deployed it, while approximately 150+ operators remain without implementation. The site calls on network operators to join MANRS and on users to pressure ISPs, framing universal RPKI deployment as a prerequisite for baseline internet stability.