Please support this podcast by checking out our sponsors: - Discover the Future of AI Audio with ElevenLabs - https://try.elevenlabs.io/tad - Lindy is your ultimate AI assistant that proactively manages your inbox - https://try.lindy.ai/tad - SurveyMonkey, Using AI to surface insights faster and reduce manual analysis time - https://get.surveymonkey.com/tad Support The Automated Daily directly: Buy me a coffee: https://buymeacoffee.com/theautomateddaily Today's topics: PyPI lightning supply-chain malware - A supply-chain compromise hit the PyPI package "lightning" (PyTorch Lightning), with credential-stealing malware that can leak secrets from dev machines and CI. Keywords: PyPI, supply chain, malware, tokens, CI security. Linux CopyFail backport dilemma - The Linux kernel "CopyFail" local privilege escalation fix is tricky to backport to older long-term branches, leaving many systems waiting or relying on mitigations. Keywords: Linux kernel, LPE, CVE, backport, mitigation. Room 641A and NSA spying - EFF recounts how AT&T whistleblower evidence pointed to backbone-level internet traffic copying in a secret room, shaping the modern debate on mass surveillance and legality. Keywords: NSA, AT&T, EFF, mass surveillance, Patriot Act. Rethinking GitHub-style code forges - A critique argues modern forges overfit the GitHub model, and proposes workflows with earlier feedback, richer review states, and better offline-first collaboration. Keywords: GitHub, GitLab, forge, PRs, CI workflow. OpenWarp brings your own AI - OpenWarp, a community fork of Warp, aims to make terminal AI provider-agnostic so users can choose their own models and endpoints with a privacy-first posture. Keywords: terminal, AI, BYOP, privacy, open source. USB-C cable truth on macOS - WhatCable is a macOS menu bar tool that translates USB-C capabilities into plain language, helping diagnose slow charging and mismatched cables. Keywords: USB-C, Thunderbolt, charging, macOS, diagnostics. Fixing Bluetooth MIDI on Windows - A new Windows utility bridges Bluetooth LE MIDI devices into Windows MIDI Services so keyboards reliably appear in traditional DAWs and Web MIDI apps. Keywords: Windows 11, BLE MIDI, DAW, interoperability, MIDI ports. Websites derailed by stakeholder taste - A web design essay explains how leadership “taste edits” can slowly override research, turning a site into an internal mood board instead of a tool that converts users. Keywords: UX, research, stakeholders, conversions, usability. Lost Caedmon’s Hymn manuscript found - Researchers uncovered an early ninth-century manuscript containing Caedmon’s Hymn embedded in the main text, strengthening evidence that Old English was actively valued and copied. Keywords: Caedmon’s Hymn, Old English, manuscript, Bede, discovery. - Websmith Studio: Why Your Website Should Serve Users, Not Leadership Tastes - Open-source utility bridges Bluetooth LE MIDI into Windows MIDI Services for DAWs - WhatCable for macOS reveals the real capabilities of USB-C cables and charging setup - AT&T Whistleblower Exposed NSA Backbone Surveillance via Secret Room 641A - xAI Releases Grok-4.3 API Model Documentation with 1M-Token Context and Tooling Features - Ninth-Century Rome Manuscript Reveals Rare Early Copy of Caedmon’s Hymn - Kernel CopyFail (CVE-2026-31431) Fix Doesn’t Cleanly Backport to Older LTS, Workaround Shared - Author Proposes a Modular, Offline-Friendly Replacement for Modern GitHub-Style Forges - OpenWarp Fork Lets Warp Users Plug In Custom AI Providers and Keep Keys Local - PyTorch Lightning PyPI Package Compromised, Malware Steals Secrets and Spreads via npm Episode Transcript PyPI lightning supply-chain malware First up in security: researchers are warning about a supply-chain compromise of the PyPI package “lightning,” better known to many as PyTorch Lightning. Two recent versions were published with malicious code that can run simply through normal install-and-import behavior, aiming to siphon off secrets from developer machines and CI—think repo tokens, environment variables, and cloud credentials. What makes this one especially concerning is the attempted cross-ecosystem spread: the campaign doesn’t just want to steal—it wants to propagate, using whatever publishing credentials it can find to hop into other package registries and workflows. If your org builds AI models or training pipelines, this is a sharp reminder that “just a library update” can become an incident across your entire automation stack. Linux CopyFail backport dilemma Staying with security, there’s a tense discussion around the Linux kernel vulnerability dubbed “CopyFail.” The fix landed upstream, but backporting it cleanly to older long-term kernels is proving difficult, which is where the real-world pain shows up. Distributions and operators often rely on long-lived branches specifically for stability, yet those same branches can be the hardest places to land a complicated security change safely. In the meantime, maintainers are sharing mitigations—pragmatic stopgaps that reduce risk, but aren’t the same as a proper patch. The takeaway: if you run older kernel lines at scale, plan for a window where mitigations and careful configuration matter as much as updates do. Room 641A and NSA spying And now, a reminder that the security debates of today have long roots. Cindy Cohn revisits the moment in 2006 when retired AT&T technician Mark Klein walked into EFF with documents describing what appeared to be mass, untargeted internet surveillance—centered on a secret room at an AT&T facility where backbone traffic could be copied. The significance isn’t just the history lesson. It’s how concrete evidence changed the conversation: from rumors about surveillance to something that could be argued in court, contested in public, and scrutinized by experts. It also highlights a recurring tension: when national security secrecy collides with constitutional challenges, simply getting claims heard can become its own battle. Rethinking GitHub-style code forges Switching gears to software development workflows: one essay argues that code forges—GitHub, GitLab, and the rest—have converged on a familiar shape that doesn’t reflect how many teams actually work anymore. The point is less “Git is broken” and more “the forge has become the product”: reviews, CI, identity, issues, releases, automation—those are the center of gravity. The proposal is basically a next-generation forge that tightens feedback loops so quality checks happen earlier, supports more nuanced review states than a binary approve-or-reject, and treats stacked changes as first-class. Why it matters: as teams push for faster shipping with more automation, the ergonomics of collaboration tools start to influence both code quality and developer sanity. OpenWarp brings your own AI On the tooling side, an open-source fork called OpenWarp is trying to make AI inside the terminal more flexible by letting users bring their own AI provider. Instead of locking you into one model or one endpoint, the idea is a provider-agnostic layer where you control where prompts go and what they cost. This matters for two reasons. One is privacy and compliance—teams increasingly need to decide where data is sent. The other is resilience: model availability, pricing changes, and product decisions can shift quickly, and developers are looking for setups that don’t collapse when a single vendor changes the rules. USB-C cable truth on macOS If you’ve ever stared at a pile of identical USB‑C cables and guessed wrong, there’s a new macOS menu bar app called WhatCable that tries to end the guessing. It translates what macOS can see about a connected cable, charger, or device into plain English—so you can tell whether you’re actually getting fast data, video output, or the charging speed you expected. The broader point here is that USB‑C’s “one connector for everything” promise has a usability tax: when performance varies wildly but looks the same, troubleshooting becomes a time sink. Tools that turn invisible negotiation into readable explanations save real time, especially for people hopping between docks, monitors, and travel chargers. Fixing Bluetooth MIDI on Windows Windows musicians also got a practical win: a developer released a free, open-source utility aimed at making Bluetooth LE MIDI keyboards behave reliably with DAWs and Web MIDI apps. The core problem on Windows 11 is that devices can pair successfully, yet not show up in the places musicians expect—because different apps rely on different MIDI stacks. By bridging BLE MIDI into the newer Windows MIDI Services layer and presenting it like a normal MIDI port, this tool tries to turn a fragile workaround into a predictable setup. The interesting footnote: the author also uncovered a silent “nothing works but nothing errors” failure mode tied to unexpected MIDI channel behavior—exactly the kind of issue that wastes hours when the system gives you zero feedback. Websites derailed by stakeholder taste Now for the human side of tech: a Websmith Studio piece argues that company websites often fail for a surprisingly simple reason—leaders treat the site like personal expression instead of a user-focused tool. Designers come with research, testing, and evidence, but decisions get overridden by preferences about colors, layout, or what “feels right.” The author calls it an expert paradox: in high-stakes domains, stakeholders defer to specialists, but in web design, familiarity creates overconfidence. The slow damage comes from tiny compromises—each one seemingly harmless—until the site becomes polished, expensive, and quietly worse at helping customers complete tasks. If you own a website roadmap, the practical filter is strong: is feedback improving the user’s outcome, or just reflecting internal taste? Lost Caedmon’s Hymn manuscript found Finally, a di
