Today's Overview
A developer spent 95 days logging how often Claude Code and OpenAI's Codex actually solved real engineering tasks without assistance. The data tells a more nuanced story than the usual "models are getting dumber" discourse. Claude's Opus 4.7 baseline held steady at 65% for a month, then slid to 52% this past week-a drop that crosses the significance threshold. It's not placebo. But here's the thing that gets missed in every thread: Claude Code is both much better than six months ago *and* drifting down right now. The vibes can't hold two truths at once. Data can.
Where the Actual Security Gaps Live
In a 44,000-star repository on GitHub, someone was building API keys with Math.random(). That's not careless-it's how most tutorials show you to do it. The problem: an attacker who sees a handful of these keys can predict the next one. Math.random() uses xorshift128+, a fast deterministic algorithm. Recover the internal state from 20 observations, and every future token becomes knowable. This shows up in Cal.com's Make integration, in Stack Overflow's most popular token pattern, in session ID generators across the web. An ESLint rule catches it automatically, but nobody's running it. The fix is one line: swap Math.random().toString(36) for crypto.randomBytes(24).toString('hex'). Same interface, cryptographically sound. The fact that this pattern survives code review in major projects tells you something about where security conversations actually happen-and where they don't.
Memory management got its own lesson this week. A developer processing a 2GB CSV in Node hit the wall: JavaScript heap out of memory. The obvious fix (bump --max-old-space-size) just delayed the crash. The real insight: you never needed to hold the entire file at once. Generators let you pull rows through one at a time, like water through a pipe instead than trying to fill an ocean in a bucket. Same data, one pipeline reduced memory use from 238MB to 89MB on a 45MB file. Scale that ratio to 2GB and the difference becomes survival.
The Infrastructure Layer Nobody's Talking About
AI capex doesn't flow as one bucket of "AI stocks." It moves through a chain: hyperscalers decide to spend, that spending passes through chips, semiconductor equipment, servers, networking, data centers, power systems, cooling, and construction before it becomes usable compute. A researcher mapped this chain across 27 companies using fundamentals and price data from the past year. The result: the market has already rewarded the physical infrastructure layer. Comfort Systems, Vertiv, Quanta Services, Dell, and Applied Materials showed stronger market recognition than you'd expect. Construction and engineering ranked highest by median return. That matters because it means the AI capex trade isn't waiting quietly somewhere. It's already pricing in the buildout.
On the quantum side, a diamond-based quantum sensor just entered trials that could detect altermagnets-a third category of magnetic material discovered only a decade ago that combines the speed of ferromagnets with the technological potential of antiferromagnets. And a 50-qubit ion-trap system just announced plans to scale to 200 qubits. These aren't speculative bets. They're infrastructure moving into place.