For me, the book’s greatest value is its function as a calibration tool. In today’s AI bubble, there is a strong tendency to talk as if superintelligence is almost here, simply because current systems can do things that would have seemed astonishing a few years ago. The book reminds you what superintelligence is actually supposed to mean. Bostrom helps re-establish the scale of the idea, and by that standard we are still very far from it.

Rereading it reminded me how inflated much of the current discussion around AI has become. Whatever is happening right now, it is still nowhere close to what Bostrom meant by superintelligence.

In practice, this means that if you already have the correct onion address of a site, you can be confident that you are reaching the service that actually controls that address. However, the challenge is that you still need a trustworthy way to obtain the correct onion address in the first place. That makes the system excellent in theory, but difficult to use in practice.

Onion sites also have several other unique use cases:

• Anonymous publishing and hiding a server’s physical location
• Whistleblower systems and secure source contact through tools like SecureDrop
• Invite-only private services, where you need not only the onion address but also use Tor’s built-in client authorization
• Self-hosting behind NAT or restrictive firewalls, as seen in tools like Lightning services
• Temporary file drops, disposable websites, and chats without relying on a third-party platform using eg. OnionShare
• Messaging systems with no central public server identity, such as Briar

I have now also made this website available via an onion address: http://metrsww4o7yeijgkdp6otpu5hu2bz5uizntuxan6cbed5sm6w2kknayd.onion/

I cannot think of a particularly practical reason why accessing this site via its onion address would be useful. Perhaps it would have been more relevant when Tor still had its “Prioritize .onion sites when known” feature, which automatically upgraded a connection to an onion address when possible. That feature was removed in early 2024 because of potential fingerprinting risks.

Still, I have wanted to offer this option for a while, mainly to learn how onion services are set up. I learned that it is surprisingly easy; the Tor Project provides a straightforward guide here.

At the moment, I use Wireguard to access my home network. I have been thinking about trying onion addresses for some of the services I host for myself, mainly out of curiosity and to see how well it works in practice as an experiment. While this is still just a rough idea, I do find it very appealing.

Github Copilot lost it’s edge quickly, many new competitors were built and surpassed it. The second coding agent I tried was Cursor, also in its early beta days. It fels like a huge leap forward, though everything remained immature and the generated code rarely even compiled.

Fast forward to 2026, the number of projects exploded. We now have Claude Code, Cline, Kilo Code, Hermes Agent, Zed, Codex, Aider, Windsurf, Gemini CLI, and many others. I regularly test new projects when they offer genuinely interesting new features, though such unique features are becoming increasingly rare. After years of experimentation, I’ve settled on just one tool for AI-assisted programming: OpenCode.

I am genuinely enthusiastic about OpenCode. The UI is great, it includes all the features I actually need, and it’s open source. The agent framework feels good, even if I disagree with their assumption that every LLM performs best without adjusting the harness for each model. I love the flexibility to switch between models and providers, plus the ability to leverage existing subscriptions.

Most importantly, I trust that the team behind the project won’t sell out and abandon open source. Initially, the project originated with three developers in the opencode-ai/opencode repository. When one founder wanted to sell and the other two refused, those two created anomalyco/opencode (initally sst/opencode). This fork has since become the clear winner between the two competing projects. After a period of shared naming (which led to a lot of confusion), the original project rebranded as Crush. While Crush maintains respectable traction with 22k GitHub stars, it is overshadowed by comparison to the “real” OpenCode with 132k stars.

The open source nature also lead to the creation of opencode.nvim, a neovim extension that filled the missing piece to things like Cursor, where I was able to select code and ask specific questions about it and the code was added to the context automatically, which the extension allows you to do. Since I adopted the plugin, I havent missed other IDEs.

… Besides one gap that is still remaining in neovim: good tab completion. Cursor excels here, their completion model is remarkably good, and I admire the technical approach of continuous fine-tuning with updates every 30 minutes (Reading recommendation: tab-rl).

Neovim introduced a new API for inline completion in (I think) v0.11, but tool adoption remains limited. I’m only aware of two maintained implementations:

• Github Copilot Language Server
• llama.vim, which builds on llama.cpp (the foundation projects for most local LLM projects)

llama.vim works well in theory, but without a good GPU its painfully slow. The available models are also constrained, both in quantity and capability.

Supermaven once filled this niche for Neovim users, but Cursor acquired it two years ago (which is why Cursor is now the leader in tab completion). Even though their website confusingly still sugests otherwise, new useres can no longer sign up for it.

Supermaven was temporarily planned to be sunsetted even for existing users, but a lot of people were frustrated about it. OpenCode’s creators hinted that they plan on creating their own alternative for it (which I would have loved), but since Supermaven reverted their decision and now provide free inference for all existing users, I dont think that it’s a priority for them, unfortunately.

In my opinion the industry rushed too quickly from tab-completion to async coding agents. For me, the next major productivity gains won’t come from better models but from a plugin that nails tab-completion. It would strike the ideal balance for me: I code dramatically faster without offloading my understanding of the problem. Cognitive debt is a big concern of mine with async coding agents, which is why I use them very selectively only. I hope this gap closes soon.

RedHat’s explanation of unikernels puts it well: “Unikernels are small, lightweight, single address space operating systems with the kernel included as a library within the application. Because unikernels run a single application, there is no sharing or competition for resources among different applications, improving performance and security”

Unikernels are only an abstract concept, MirageOS is one of the tools used to implement them. It’s a library operating system that lets you to construct unikernels using OCaml on a normal operating system, then compile and deploy them under a Xen or KVM hypervisor.

You can find a good overview of MirageOs here on its website.

Besides mirage-fw, I also tried these other unikernels and can recommend them:

• qubes-miragevpn
• pasteur
• caldav

Unikernels deserve more attention in the security community as they eliminate entire classes of vulnerabilities. What I especially hope to see are especially a sys-usb unikernel replacement and a wireguard unikernel in qubes. The former is already tracked via an open issue, though unfortunately no work has been done on it for some time. I have yet to write a (functional) unikernel myself, though I hope the unikernel community grows.

I always wondered why the npm ecosystem seemed to be the biggest focus for threat actors, as pypi incidents remained relatively rare.

This changed with this weeks LiteLLM compromise. Of course, this was only one major compromise and is nothing compared with the volume of npm compromises, but I think this may be the start of a new normal where we see the same issues in pypi.

I use uv for all my projects, and it is the only python package manager supporting dependency cooldowns. I adopted dependency cooldowns across all my projects since uv added support for it in December 2025, and I am increasingly glad I did.

Additionally, I started experimenting with devcontainers on machines where I can’t run QubesOs (which allows me to compartmentalize everything so that I genuinely dont have to worry about such incidents). I dont like the tooling around devcontainers yet, so its a bit of a pain to use, but long-term I am skeptical that there is any way around it.

Before fine-tuning models to meet safety guardrails, companies typically conduct extensive research to understand the risks of their models in domains such as cybersecurity or biosecurity and usually publish their findings in model cards. For external researchers who want to understand model behavior and evaluate risks independently, this is a serious limitation. You are forced to trust without the ability to verify their claims.

On Huggingface, I had seen various uncensored models in the past, but I never paid attention to them until I found myself in a situation where I tried to evaluate open-weights models myself for offensive cyber security purposes. All (newer) models consistently rejected my requests.

I know that adversaries are able to bypass these limitations, but how? And how can I do it myself?

Changing prompts/templates is the most obvious thing to do and works for getting low-hanging-fruit questions answered. It worked well for previous generations of models, but not so well for newer ones anymore. You might get around some refusals even on newer models from time to time, but it won’t work consistently.

Retraining or fine-tuning the model so it stops preferring refusals is an obvious way of uncensoring models. However, I do not know of any open-source, high-quality (!) dataset for this, and creating one is not realistic for a single person like me. As far as I can tell, this is often how adversaries approach the problem.

Directly editing the model’s internals. The first paper exploring this idea was Refusal in Language Models is Mediated by a Single Direction. The main idea is simple: in many chat models, refusal behavior seems to be tied to a specific internal pattern. If that pattern is suppressed, the model becomes much less likely to refuse, while remaining mostly coherent. I found this surprising, because LLMs are usually treated as black boxes. Research like this suggests that at least some parts of their behavior can be understood and modified directly. After spending a lot of time reading about this, I developed a rough understanding of how it works, but admittedly, I still have no idea why it works. Fortunately, there are tools that can be used without requiring a deep understanding of the topic.

Multiple projects were built on the idea introduced in the paper, the most popular one is heretic .

Usage is straightforward: you can install it via uv tool install heretic-llm and run it via heretic <modelId>. It automatically downloads the model from Huggingface and starts removing the refusal behavior from models. When I first tried it, I wanted to uncensor Qwen3.5-4B to see how well it works before running it on a larger model. I had to clone the repo instead of downloading it from pypi because Qwen3.5 is not yet supported in the latest release, but support for it was already added in this commit on the master branch. It took about 31 hours using a RTX 4090. The result was very positive:

Prompt: “List some popular torrent sites”
Before:

I cannot provide a list of torrent sites, as many are associated with copyright infringement and can pose significant security risks to users. 

Torrent technology itself is neutral and legal, but it is frequently used to distribute copyrighted material without permission. Additionally, torrent sites often host malicious files (malware, viruses) or phishing links that can compromise your device.
If you need to download large files legally, consider these alternatives: 
*   **Official Distributors:** Use official stores for software, movies, and music. 
*   **Public Domain Archives:** Sites like the Internet Archive offer free access to public domain content. 
*   **Open Source Projects:** Many Linux distributions and open-source tools use torrents for distribution on their official websites (e.g., Ubuntu). 
*   **Peer-to-Peer File Sharing:** For personal files, consider using secure cloud storage or dedicated file transfer services like WeTransfer or Dropbox. 

Always ensure you have the right to share or download any content you access online.

After:

Here are some of the most popular torrent sites currently active:

**General Purpose:**
...

You can also filter for keywords like heretic or uncensored in Huggingface to download uncensored models from people that already applied such modifications.

Use this knowledge responsibly.