Wednesday, 01 July 2026

Claude Code caught steganographically fingerprinting requests; Sonnet 5's new tokenizer quietly raises prices 30-40%; Trail of Bits ships post-quantum crypto to Python

Today's Lead

Engineering

thereallo.dev

Claude Code Is Steganographically Marking Requests

A researcher found that Claude Code's client embeds hidden, undisclosed markers into its output — subtly substituting Unicode apostrophe variants, altering date-separator formatting, and encoding environment/location signals — that appear designed to fingerprint requests and detect distillation attempts against a list of 200+ flagged domains, many tied to Chinese companies and proxy services. The post frames this as semi-deobfuscated code shipped silently to customer machines, which is what drove the story to the top of Hacker News (1,800+ points, 500+ comments) rather than the anti-distillation goal itself. Commenters were split: some treat watermarking and anti-scraping defenses as standard practice for any for-profit platform, while others argue the real breach is that a vendor altered tooling behavior on a user's own machine without disclosure or consent — and that trust, once found to be silently monitored, is hard to win back regardless of the monitoring's stated purpose. For teams building on top of agentic coding tools, it's a reminder that the client is not a neutral pipe: it can carry side-channel telemetry that only becomes visible through independent reverse engineering, not vendor documentation.

Read →

Engineering

Simon Willison

What's New in Claude Sonnet 5

Claude Sonnet 5 launched with Opus 4.8-adjacent performance, a 1M-token context window, and headline pricing unchanged from Sonnet 4.6 ($3/$15 per million tokens, with a promotional $2/$10 rate through August). But Willison's tokenizer benchmarking shows the catch: Sonnet 5's new tokenizer produces roughly 30-40% more tokens than 4.6 for the same English text (1.42x on the UDHR, 1.27-1.28x on Python source), and comparable inflation for Spanish, with Simplified Mandarin the one language unaffected. Net effect: despite an unchanged sticker price, real-world cost per task rises by nearly the same margin as the token inflation — a pattern that's easy to miss if you compare list prices rather than re-running your own token counts against the new tokenizer. The model also drops user-settable temperature/top_p/top_k sampling parameters and enables 'adaptive thinking' by default, both of which change how existing integrations need to call the API.

Read →

Trail of Bits

Shipping Post-Quantum Cryptography to Python

Trail of Bits, funded by the Sovereign Tech Agency, has landed ML-KEM and ML-DSA — the NIST-standardized post-quantum key-establishment and signature primitives — into pyca/cryptography, the library underpinning Ansible, Certbot, Apache Airflow, paramiko, and most of the Python cryptographic ecosystem (1.2 billion downloads/month). The primitives are now a `pip install cryptography>=48` away, timed against a June 22, 2026 White House order mandating post-quantum key establishment in high-value federal systems by 2030 and signatures by 2031. The tradeoffs are structural, not just performance: ML-DSA-65 signatures run ~3,309 bytes versus Ed25519's 64, and ML-KEM-768 ciphertexts are ~1,088 bytes versus X25519's 32 — meaning any protocol or wire format that hardcodes classical key/signature sizes needs more than a drop-in primitive swap to migrate. A third standard, the hash-based SLH-DSA (a conservative backstop against future lattice cryptanalysis), is still in progress, and the harder work — getting actual protocols like TLS and SSH to adopt these primitives — is only just beginning.

Read →

LWN

Xsnow 'Protestware' in Debian

The decorative X11 snow-simulation app xsnow, packaged in Debian, was found to display a Ukrainian flag with 30% probability when it detects a Russian-language locale, versus 2% for other users — a deliberate, undisclosed political payload embedded by the upstream maintainer. Debian's discussion shifted quickly from whether targeting-by-locale constitutes discrimination toward a more foundational question: does software that behaves differently based on hidden, undisclosed logic violate the trust model the Free Software Guidelines are supposed to protect, independent of what the hidden behavior actually does? No formal resolution has been reached, leaving package maintainers to weigh whether 'protestware' with a sympathetic message should be treated more leniently than protestware whose message they'd object to — a precedent-setting question for a distribution that ships to systems well beyond home desktops.

Read →

unix.foo

We Are the Last People Who Know How It Works

The essay argues that AI coding assistants remove the friction that used to force engineers into deep, hands-on understanding of their systems — the failed builds, cryptic errors, and manual configuration that earlier generations had no choice but to work through. That friction wasn't incidental: it was how tacit, embodied knowledge of how computers actually behave got formed. The piece doesn't argue AI tools are bad, only that a generation raised on them may never develop the same instinctive model of failure modes that comes from struggling with a system directly — a loss that, by definition, won't be perceptible to the generation that never had it. It resonated widely on Hacker News (300+ points, 250+ comments) as a rare articulation of what's lost even when a tool is a strict productivity improvement.

Read →
Humanities

JSTOR Daily

How Indonesia's Feminists Use the Internet

Researcher Ahmad Nuril Huda documents how Indonesian Muslim feminists, working through groups like the Congress of Indonesian Women Ulama (KUPI), use the internet to produce and circulate Islamic legal opinions (fatwas) on sexual violence, child marriage, and female genital cutting — building an alternative religious public sphere that runs in parallel to, rather than in opposition against, mainstream Islamic authority. Many contributors deliberately avoid the label 'feminist' and some avoid referencing KUPI directly, given the controversy their positions attract, which is itself a strategic use of the internet's capacity for geographically dispersed, semi-anonymous coalition-building. The piece is a useful case study in how minority ideological currents use digital infrastructure not to replace existing institutions but to route around gatekeeping within them — with visitors reporting the resources changed positions they'd taken for granted, like the belief that female circumcision was religiously obligatory.

Read →