• How Does A Blind Model See The Earth?: If you divided up the earth into tiles, and each tile was given coordinates, and then asked an llm to say whether that tile was water or land for all tiles, you’d be able to construct a map of the way an llm perceives the world in theory. This chap did that and asked a bunch of different models about the world they saw. Interesting!
  • 5. Data Structures in python: A lovely documentation page in the python docs section talking about lists, dictionaries, sets, and tuples. These basic data structures are all the vast majority of us will likely need.
  • Cross-Site Request Forgery: Good overview of this vulnerability and how to prevent it.

Protecting against CSRF in 2025

In summary, to protect against CSRF applications (or, rather, libraries and frameworks) should reject cross-origin non-safe browser requests. The most developer-friendly way to do so is using primarily Fetch metadata, which requires no extra instrumentation or configuration.

  1. Allow all GET, HEAD, or OPTIONS requests.

    These are safe methods, and are assumed not to change state at various layers of the stack already.

  2. If the Origin header matches an allow-list of trusted origins, allow the request.

    Trusted origins should be configured as full origins (e.g. https://example.com) and compared by simple equality with the header value.

  3. If the Sec-Fetch-Site header is present:
    1. if its value is same-origin or none, allow the request;
    2. otherwise, reject the request.

    This secures all major up-to-date browsers for sites hosted on trustworthy (HTTPS or localhost) origins.

  4. If neither the Sec-Fetch-Site nor the Origin headers are present, allow the request.

    These requests are not from (post-2020) browsers, and can’t be affected by CSRF.

  5. If the Origin header’s host (including the port) matches the Host header, allow the request, otherwise reject it.

    This is either a request to an HTTP origin, or by an out-of-date browser.

  • JDK 24: Faster, Smarter, and Ready for the Future! 🚀🚀: Great java release here it looks like. A few of my favourite features : improved startup time (Application class data sharing CDS front-loads certain compiler optimizations at build time), and virtual threads continue to be cool :).
  • Five Practical Tips for Any Team to Reduce Risks, Increase Agility, and Deliver Value: Found an agile leader / coach blog today. Followed several links already! :)
    • Rank work
    • Find product minimums (actions that can be taken to create value outcomes). A value outcome is :
      • We learned something
      • We derisked something
      • We got good feedback about something
    • Limit wip (track cycle time not velocity)
    • Right size the work
    • Collaborate with others in team to help limit work in progress
  • My AI Skeptic Friends Are All Nuts: LLM agents are doing some heavy lifting in software teams now for people who are getting into them. This one fired people up!