Welcome to globalGlob Presents: Log Level Debug a show about news, and stuff, and things, in the technology world. Recorded live, May 18th, 2026. I'm your host, guy in a tie. See, it has robots. And little hearts. I heart robots. And before we start, we want to remind you that globalGlob.dev is updated more often than these videos. Visit globalGlob.dev for the latest news in software development, I.T., and technology in general. Now let's get into all the news we logged over the past week. 404 Media is reporting that many software developers claim A.I. is deteriorating their development skills the more they use A.I. tools. The developers state their skills have atrophied from not writing code over an extended period of time. Commonly referred to as 'cognitive debt' or 'cognitive atrophy'. Or as I like to call it, Mondays! Right? Yeah. *points* This guy knows what I'm talking about. And if my boss is watching, that's definitely not something that affects me. Some developers are told their performance evaluations are tied to A.I. adoption, leading many to use it performatively just to get they yearly bonus. And if my boss is watching, that's definitely not something I'm doing. None of the developers were quoted saying the output was better than if they had written the code themselves. And if my boss is watching, that one does apply to me. *tosses paper* Moving on Speaking of forced A.I. tooling. The developers at Anthropic have decided to re-write the Bun Javascript runtime in Rust by using Claude. The open source PR has over 6,700 commits with over 2,100 files changed. The code passed all pre-existing tests while making the compiled binary smaller, and improving the performance of many benchmarks. - Which isn't completely true because at least some tests were modified just to pass. It's weird. Anyway, they called the rewrite an experiment... And then merged the PR a week later! It's in main! Right now! I guess it's in canary, so not production. Still crazy. They said a blog post will be written soon. Maybe one of the comments has more details, but GitHub isn't loading them all because, well, GitHub's been having issues. When asked why they merged the experiment with thousands of changes no human would have been able to review, they shrugged and walked away. Can't wait to see what happens with all that. *tosses paper* That's enough A.I. for now, let's move on to cybersecurity. This past week, the 2026 edition of the Pwn2Own hacking competition took place in Berlin. Pwn2Own invites teams to bring 0-day exploits to hack a fully patched machine. Teams win prize money based on the severity of their vulnerability. In total over 1.2 million U.S. dollars was awarded for the 47 unique 0-day vulnerabilities found. With one team, DEVCORE, winning over $500,000. Which sounds like a lot, but if they sold those vulnerabilities directly to a nation state, they would have made SO much more. You'd think all the vulnerabilities would be Microsoft products, but Linux got hacked too! And OpenAI's Codex! We asked a random CISO if they worry about being hacked by any of these 0-day exploits before they can be patched and they said no, they're more worried about the giant backlog of vulnerabilities that have been patched, but not installed. *tosses paper* Moving on The Linux distro Debian has implemented a new security requirement, making reproducible builds mandatory. This change starts with the next version, in Debian 14. The change improves security by **reducing** the chance of unknown software being added to the Operating System image that isn't in the source code. Essentially closing one possible supply chain attack. When asked why they are implementing this change, a representative said quote: Anything to avoid all the same supply chain attack news NPM keeps getting itself into: end quote. Package maintainers will be required to update their own packages themselves, or they won't be included in the distro. So, expect less packages in Debian 14. *tosses paper* Moving on Speaking of supply chain attacks, NPM Again! A postmortem has been written up regarding the recent supply chain attack on Tanstack NPM packages caused by Tanstack using a specific configuration of a GitHub Actions action. In total, 42 packages were affected for up to 26 minutes. They don't believe any credentials were stolen from consumers because quote: Anyone who uses NPM is used to this by now, so they rotate keys daily. Honestly, these are probably the most secure environments in I.T.: end quote. *sigh* Sure. *tosses paper* And finally in consumer news,  Google has announced the successor devices to Chromebooks, called the Googlebook. It's not immediately clear if that's the final name, but if they try harder I'm sure they can think of something worse. It's an Android powered laptop with Google Gemini running all over the place. Gemini will pull data from your Google accounts like GMail or your personal calendar to create custom dashboard widgets and... *look away* Are people okay with that? Because with Microsoft does that it's like, really bad. They are? *back to camera* Crazy. The devices will ship from Google's partners this fall. Or later. You know with these things go. *tosses paper* And that's all the news that happened this week. If we didn't talk about it, it's not in the logs. Join Log Level Debug next week when we'll talk about everything that happened between now and then. If you want more news before then, remember to visit globlaGlob.dev for hard hitting news technology professionals really care about. If you watched the video, please like and subscribe. If you listened to the audio only podcast, please leave a review somewhere. Preferably not in your family group chat. Until next time, take care everyone.