Friday, 10 July 2026

OpenAI ships the GPT-5.6 family right as its own safety testers find universal jailbreaks; the EU extends warrantless mass chat-scanning through 2028 despite Parliament rejecting it; the AI Futures Project publishes Plan A, a full US-China roadmap to safe superintelligence

Today's Lead

Engineering

Simon Willison

OpenAI Launches the GPT-5.6 Family: Luna, Terra, Sol

OpenAI shipped GPT-5.6 in three tiers — Luna, Terra, and Sol, named for moon, earth, and sun rather than the literary scale Anthropic uses — with million-token context windows, a new 'ultra' effort level that coordinates four parallel subagents by default, and pricing that undercuts Claude across the board ($1/$6 per million tokens for Luna up to $5/$30 for Sol, versus $5/$25 for Opus and $10/$50 for Fable 5). OpenAI's benchmark claims lean heavily on agentic and coding workloads: Sol tops Agents' Last Exam and Terminal-Bench 2.1, while independent evaluators at Artificial Analysis put it essentially tied with Claude Fable 5 on general intelligence but at roughly a third of the cost per task. The messier story is what happened in parallel: OpenAI itself flagged that roughly 30% of SWE-Bench Pro tasks are broken (a benchmark Fable trounces Sol on), and the UK AI Safety Institute reported finding universal jailbreaks in every round of testing that enabled long-form agentic vulnerability discovery and exploit development — prompting one safety researcher to call it 'the highest-stakes safety issue of any model release yet,' even as OpenAI shipped the model anyway with promises to pause specific dual-use API calls after the fact. It's a clean encapsulation of where frontier releases sit right now: the competitive pressure to ship is outrunning the confidence anyone has in reviewing what's being shipped.

Read →

Engineering

Patrick Breyer

EU Parliament Extends Mass Chat-Scanning Through 2028 Despite Rejecting It

The European Parliament voted to extend 'Chat Control 1.0' — the temporary derogation that lets platforms like Instagram, Discord, and Gmail voluntarily scan private messages for CSAM without a warrant or individualized suspicion — through 2028, even though 314 MEPs voted against the underlying approach. MEP and digital-rights advocate Patrick Breyer called the outcome 'a farce that damages democracy': the vote didn't ratify indiscriminate scanning as good policy, it just punted the harder political fight — over whether the permanent successor law should target only actual suspects or continue scanning everyone's messages by default — to negotiations resuming in September. For a technical audience, the interesting failure mode isn't the politics so much as the pattern: temporary, ostensibly voluntary security measures adopted under emergency framing have a well-documented tendency to become permanent infrastructure precisely because sunset clauses create renewal decisions that are procedurally easier to win than the up-front fight ever was.

Read →

alexalejandre.com

Mitchell Hashimoto on Ghostty, Zig, and Why Open Source Owes You Nothing

In a wide-ranging interview, Ghostty and Vouch creator Mitchell Hashimoto lays out a maintainer philosophy built around a blunt reading of open-source licenses: 'as-is, no warranty' means no entitlement to demands, and the honest response to 'this doesn't do what I want' is 'then fork it' — not as a dismissal, but as a sincere invitation, since forking is the actual mechanism the license grants you instead of a support contract. That same distaste for unearned obligation shapes his terminal design: Ghostty's guiding architectural rule is that a feature should cost you nothing — no runtime overhead, no cognitive tax — unless you actually use it, which is how he squares 'feature-rich' with an aversion to bloat. He's also sketching genuinely new terminal protocols (an 'n-screen' API to replace the primary/alternate-screen binary, a button protocol extending OSC 8 hyperlinks to scrollback-persistent interactive elements) at a moment when, he argues, terminals have had no real standards body for twenty years. The aside on AI is worth noting for anyone tracking how frontier coding tools change engineering judgment, not just throughput: he describes using AI to draft huge, otherwise-prohibitively-expensive backward-compatibility migrations across Zig's changing APIs, arguing it structurally lowers the cost of breaking changes — a real shift in what 'stability' is worth engineering for in the first place.

Read →

GitHub Blog

How GitHub Gave Every Repository a Durable Owner

GitHub's internal security team turned a nagging operational problem — over 11,000 of its roughly 14,000 internal repositories had no reliably identifiable owner — into a case study on retrofitting accountability onto systems that grew organically. The fix wasn't a new tool so much as making ownership a first-class, enforced property: two GitHub custom properties (ownership-type, ownership-name) validated against real team membership and a live service catalog, synced automatically where possible, then enforced with a 30-day grace period and reversible archival for anything left unclaimed. What makes the writeup useful beyond the specific mechanism is the postmortem honesty about the two incidents that shaped the final design: archiving a repo silently broke a Datadog integration that paged an on-call team with no context, so they added mandatory notifications to repo admins; and a hypothetical stale Service Catalog read could have mass-archived legitimate repositories, so they added a circuit-breaker 'low water mark' that halts the job entirely if it's about to take an anomalously large action. Neither safeguard was in the original design — both came from the system actually breaking once — which is the recurring lesson in build-outs like this: the guardrails worth having are usually the ones you can only discover by getting burned first, so the goal is designing the blast radius small enough that getting burned is cheap.

Read →

Modern War Institute at West Point

The Glass Backbone: Why the Army's Logistics Will Break in the Next War

A Modern War Institute analysis argues that the U.S. Army's logistics architecture — built and refined over two decades of counterinsurgency, where rear-area supply hubs were, by definition, safe from enemy fire — is structurally unsurvivable against a peer adversary with persistent satellite surveillance and long-range precision strike. The argument is essentially a systems-safety one dressed in military language: centralizing throughput into a small number of large, fixed, easily-targeted nodes is efficient precisely because it removes the redundancy that would let the network survive losing any single node, and Ukraine has already demonstrated in practice what happens when that tradeoff meets modern targeting — concentrated logistics hubs get found and destroyed. The proposed fix — dispersed, mobile, redundant supply networks using autonomous resupply platforms, rather than fewer-and-bigger depots — is a direct application of the same centralization-versus-resilience tradeoff that shows up in distributed systems design, power grids, and supply chains generally: the efficient topology and the survivable topology are usually different topologies, and organizations that optimize hard for one under peacetime pressure often only discover how exposed that made them once the failure mode they weren't designed for actually shows up.

Read →
Humanities

Konrad Hinsen

Conviviality in Computational Science

Drawing on Ivan Illich's 1973 concept of 'convivial tools' — technology that amplifies individual capability without requiring dependence on a managing institution — computational scientist Konrad Hinsen argues that scientific software has quietly lost the conviviality it started with. His case study is Python: an ecosystem that began as a genuinely convivial tool for researchers (simple, stable, legible enough that a working scientist could actually understand what their code was doing) but whose growth-over-stability incentives culminated in the Python 2-to-3 migration, which broke enormous amounts of legacy research software and made 'what does this decade-old analysis script actually do' a much harder question to answer than it used to be. The essay is a useful antidote to a pattern that's easy to normalize inside fast-moving engineering culture: treating backward compatibility as a cost center to be minimized rather than as the load-bearing property that lets tools stay legible and trustworthy to the people who depend on them without becoming dependent on the tool's maintainers — a framing worth sitting with anywhere breaking changes get justified purely by what they unlock for the tool's future, rather than what they cost the people relying on its past.

Read →

JSTOR Daily

Six Stories with First-Person Narrators

A JSTOR Daily reading list built around a simple craft observation: a first-person narrator isn't just a point-of-view choice, it's an argument about what the story is actually about, since everything the reader learns is filtered through — and shaped by the blind spots of — a single consciousness. The six selections (Danielle Evans, Jamil Jan Kochai, Catherine Niu, Thomas Bernhard, Christine Schutt, Michael Deagler, all free to read) range from narrators who are trying to be honest with themselves to narrators — Bernhard's obsessive railer, Niu's chauffeur who wants to disappear — whose self-presentation is itself the thing the story is quietly undermining. It's a small, worthwhile reminder for anyone who spends more time reading technical postmortems than fiction: the reliability of a first-person account of what happened is never guaranteed by sincerity, and the gap between what a narrator believes about themselves and what their own account reveals is exactly the kind of unreliable-narrator problem that shows up just as much in incident reports and 'here's what went wrong' retrospectives as it does in literary fiction.

Read →