Agents, Trust, and Practical Patterns
NEWSLETTER | Amplifi Labs
Machine-Centered Design Arrives: Building for Agent Identity and Trust
Amplifi Labs • November 13, 2025
This piece argues that AI agents are becoming first‑class “users” of the web, shifting UX from human‑centered to machine‑centered design where content is optimized for machine reading, verification, and translation back to humans. It forecasts agent‑mediated intents replacing browsing, driving needs for delegated identity, machine‑to‑machine authentication, richer structured metadata (AIX), and browsers evolving into protocol hubs as standards like OAuth adapt to agent credentials and verifiable actions. Developers should prepare with intentful APIs, semantic markup, and trust/consent primitives to enable agent payments and identity while addressing security, transparency, and governance risks.
Security, Abuse, and Zero‑Trust in Practice
Coinbase Breach Timeline Challenged: Evidence Points to Earlier Exploitation
Around the web •November 16, 2025
A detailed firsthand account alleges attackers used stolen Coinbase customer data in a Jan 7, 2025 phishing/call combo—months before Coinbase says it became aware of the breach on May 11 and disclosed it on May 15. Evidence includes email headers showing Amazon SES routing with dual DKIM, a recorded call, and an SMS-flooding attempt, raising questions about insider data misuse, vendor access controls, and incident triage. Coinbase has said TaskUs contractors were bribed to exfiltrate PII, account balances, and IDs, impacting under 1% of users with an estimated $180–$400M cost and 200 terminations, intensifying regulatory and trust implications.
Open-source Heretic automates LLM decensoring with Optuna-tuned abliteration
Around the web •November 16, 2025
Heretic is an AGPL-licensed CLI that removes “safety alignment” from transformer LLMs without retraining by applying directional ablation (“abliteration”) across attention and MLP projections, with parameters automatically tuned via Optuna to minimize refusals while keeping KL divergence to the original model low. It installs via pip, auto-benchmarks hardware, and can decensor Llama‑3.1‑8B on an RTX 3090 in ~45 minutes; requires Python 3.10+ and PyTorch 2.2+. The release lowers the barrier to producing uncensored models—useful for red-teaming and research but with significant safety, compliance, and AGPL licensing implications for organizations.
Demystifying Cloudflare Zero Trust: Warp, Cloudflared, Tunnels, Policies
Around the web •November 16, 2025
A practical deep dive explains how Cloudflare Zero Trust works end-to-end, clarifying the roles of Warp (client) and cloudflared (tunnels) to route traffic via Argo tunnels, avoid NAT issues, and enforce granular access controls. It breaks down tunnels, routes, and targets; shows how to publish services via DNS CNAME to cfargotunnel.com or private IP routing; and covers enrollment, Gateway vs Warp selectors, and device posture for seamless SSO. The guide contrasts Cloudflare’s relay-based model with Tailscale’s p2p approach and provides reusable config snippets for common dev and homelab setups.
Web Platform and Performance Playbook
Build a Token-Weighted Search Engine on Your Database
Around the web •November 16, 2025
A pragmatic blueprint for implementing full-text search directly on your existing database using multiple tokenizers (word, prefix, 3-gram) and a minimal schema (index_tokens, index_entries). Indexing computes final weights as fieldWeight × tokenizerWeight × ceil(sqrt(tokenLength)); searching mirrors tokenization and runs optimized SQL that sums weights, boosts token diversity and average weight, penalizes long documents, and normalizes scores. Ideal when you want relevance, autocomplete, and typo tolerance without the operational overhead of Elasticsearch or Algolia.
Developer Playbook: Monitor Web Performance with Synthetic and RUM
Smashing Magazine •November 11, 2025
A practical workflow pairs controlled synthetic tests with Real User Monitoring to find, fix, and prevent web performance issues across Core Web Vitals. Use an Identify–Diagnose–Monitor cycle: RUM highlights slow, high-traffic pages; lab tests validate and iterate on fixes (e.g., LCP/FCP), while RUM pinpoints INP bottlenecks by element, script, and device/network segment. For regressions, distinguish traffic/behavior shifts (e.g., ad campaigns) from code changes using component breakdowns (LCP subparts), view properties, and custom milestones via the User Timing API.
Master XPath in the Browser: Practical Patterns amid XSLT Deprecation
Smashing Magazine •November 13, 2025
This piece shows how to combine XPath with CSS selectors in the browser, including a small JS shim to chain document.evaluate with querySelectorAll. It walks through advanced XPath queries and functions (e.g., text(), normalize-space, substring, translate) and where they outperform CSS—especially for resilient UI tests and complex DOM/string transforms—while calling out context and return‑type gotchas. It also flags Chrome’s planned deprecation of XSLT 1.0, argues XPath will remain relevant, and notes SaxonJS as a path to modern XML tooling.
Data and Protocol Engineering
Ditch NOTIFY: Stream Postgres Changes via WAL in Elixir
Around the web •November 11, 2025
A deep dive shows why NOTIFY/pg_notify bottlenecks at scale and demonstrates Change Data Capture via Postgres logical decoding of the WAL. It covers enabling wal_level=logical, defining publications, and creating replication slots (with trade-offs between temporary and persistent), plus Ecto migrations, Docker/CI flags, and an Elixir Postgrex.ReplicationConnection consumer that decodes pgoutput (BEGIN/RELATION/INSERT/COMMIT) and handles keep‑alives/acknowledgments. The piece emphasizes crash recovery semantics and idempotent processing, with Supabase Realtime referenced for production-ready patterns.
Fastmcpp brings MCP to C++ with multi-transport, native performance
Around the web •November 14, 2025
Fastmcpp is a high-performance C++ port of the Python fastmcp library implementing the Model Context Protocol (MCP), now at v2.13.0 and in beta. It supports tools, resources, prompts, and multiple transports (STDIO, HTTP/SSE, WebSocket) with JSON Schema validation and middleware, enabling native MCP servers and clients across Windows, Linux, and macOS with a small dependency set. Ideal for teams standardizing on C++, it tracks the Python reference behavior while noting a smaller C++ test suite.
