Wednesday, 03 June 2026
Microsoft launches MAI-Code-1-Flash coding model; Stanford study finds AI outperforms law professors; VSCode bug enables 1-click GitHub token theft
Today's Lead
Microsoft AI
Microsoft Launches MAI-Code-1-Flash Coding Model for GitHub Copilot
Microsoft launched MAI-Code-1-Flash, a new coding model integrated into GitHub Copilot and Visual Studio Code, outperforming Claude Haiku 4.5 across benchmarks—including a +16-point lead on SWE-Bench Pro (51.2% vs. 35.2%)—while using up to 60% fewer tokens to reduce latency and costs. Built on clean, appropriately licensed data and trained directly on production GitHub Copilot workflows, the model features adaptive reasoning that adjusts response depth based on task complexity. The launch is part of a broader suite of seven new MAI models Microsoft announced simultaneously, including MAI-Thinking-1.
Also today
Stanford Law
AI Outperforms Law Professors in Stanford Law Study
A Stanford Law study found AI systems significantly outperformed human law professors in a blind evaluation of contract law instruction, winning roughly 75% of head-to-head comparisons when assessed by 16 law professors across multiple U.S. law schools. The research evaluated nearly 3,000 anonymized responses to 40 representative contract law questions, with AI responses flagged as potentially misleading only 3.5% of the time versus 12% for professor-generated answers. The findings demonstrate that AI has reached performance levels comparable to the best human instructors in a domain requiring nuanced reasoning and the ability to navigate legal ambiguity.
Read →Ammar Askar's Blog
1-Click GitHub Token Stealing via a VSCode Bug
A critical vulnerability in VSCode's webview sandbox allows attackers to steal GitHub authentication tokens through a single malicious link by exploiting keyboard event handling in untrusted webviews to execute JavaScript, simulate keystrokes, install a malicious workspace extension, and extract GitHub API tokens with full repository access. The author disclosed the vulnerability publicly after frustrations with Microsoft's security response process.
Read →TechRadar Pro
Larry Ellison Envisions AI Surveillance State
Oracle CTO Larry Ellison envisions a surveillance state where AI systems process video feeds from ubiquitous cameras and drones to automatically detect and report infractions in real time, fundamentally altering citizen behavior through constant monitoring. The remarks, drawing Orwellian comparisons, arrive alongside broader surveillance expansion trends including DHS AI monitoring of social media and Meta's AI-based employee behavior tracking.
Read →ModdedBear
Gmail Thinks I'm Stupid, So I Left
After 16 years, one user ditched Gmail over Google's aggressive AI integration—unsolicited message summaries, auto-generated reply drafts, and persistent 'help me write' prompts that felt designed to boost AI product metrics rather than improve the email experience. They migrated to Fastmail, citing a desire for an email client that respects user agency; the post resonated broadly on Hacker News with nearly 900 points and 520 comments.
Read →Microsoft GitHub
Microsoft Releases Coreutils for Windows in Rust
Microsoft released a Windows distribution of core Unix utilities—cat, cp, ls, find, grep, and others—packaged as a single executable built primarily in Rust and installable via WinGet. The project aims to reduce friction when switching between operating systems and allow existing scripts to run on Windows without modification, while documenting specific Windows incompatibilities around POSIX signals, permissions, and line endings.
Read →Lumafield
CT Scans of BYD Car Parts Reveal EV Engineering Details
Lumafield used computed tomography scanning to non-destructively analyze a Chinese BYD electric vehicle, revealing internal construction, component arrangement, and engineering approaches that differ notably from Western EV manufacturers. The high-resolution CT imaging offers a rare comparative look at Chinese automotive engineering techniques without disassembly.
Read →GitHub
Use Your Nvidia GPU's VRAM as Swap Space on Linux
nbd-vram exposes Nvidia GPU VRAM as a Network Block Device for Linux, enabling users to leverage their GPU's unused memory—around 8GB on RTX cards—as swap space to avoid slow SSD-based swapping. The daemon achieves roughly 1.3 GB/s sequential throughput without custom kernel modules and includes battery-aware power management that automatically disables GPU swapping when unplugged, making it particularly useful for memory-constrained laptops.
Read →blog.zgp.org
The Advertising Cartel Coming to Your Web Browser
A detailed critique of Attribution Level 1, a browser-based ad measurement system proposed by Meta, Google, Apple, and Mozilla, argues it would create a de facto advertising cartel—disadvantaging independent publishers relative to search and social platforms while obscuring which data drives conversions and incentivizing riskier tracking practices. The author calls on the W3C to reject the proposal as 'surveillance oligarchs' using standards bodies to entrench market dominance.
Read →Medium
rsync Maintainer Defends AI-Assisted Security Work
Andrew Tridgell, original author and maintainer of rsync, responded to community backlash over AI-assisted changes in v3.4.3 by defending his use of AI tools to handle a flood of security reports and rapidly improve testing, code coverage, and security hardening—while emphasizing he maintained his own review standards and extensive CI validation throughout. He acknowledged regressions introduced in the release and committed to addressing them in either a 3.4.4 patch or a larger 3.5.0 release.
Read →