Hanso Heartbeat Hanso Heartbeat
OpenAI raised $122B at an $852B valuation. Sid Sijbrandij is turning his cancer treatment into a company. Google shipped Gemma 4 under Apache 2.0. Qwen3.6-Plus chases agent work. Stanford measured how much chatbots agree with you. Half of US data-centre builds for 2026 are delayed or cancelled. Plus Spanish law as a Git repo and Crazy Taxi archaeology.

Issue 14

3 April 2026

Hi there,

A tool stops being neutral the moment it writes into a record someone else has to trust. That happened twice this week. Copilot put marketing copy into a pull request. Axios briefly became a credential-stealing installer.

Who gets to mutate the artefacts around the work – review notes, package manifests, browser state, security policies, deployment plans – is the question worth tracking. Once that boundary moves, the system around it has moved too.

Industry

1. OpenAI raises $122B at an $852B valuation

OpenAI closed a $122 billion round at an $852 billion post-money valuation on 31 March. Their own framing is unusually direct: ChatGPT distribution, APIs, Codex, enterprise deployment, and durable compute access as one reinforcing flywheel. AI is now being financed like infrastructure – chips, data centres, power, and enough cash to keep the whole thing moving while margins and moats are still being argued over.

Back to paper

Undark's piece on Swedish schools bringing back books isn't an anti-technology rant. Sweden isn't banning digital competence. They're sequencing it: first reading, writing, handwriting, attention; then screens where they actually help.

Boy studying by Lewis Hine, c. 1924

Lewis Wickes Hine

The detail that stuck with me is the money. Last year the education ministry put $83 million into textbooks and teacher guides, plus $54 million into fiction and non-fiction. Somewhere in the distance, an edtech deck quietly closes itself.

You all know I'm a huge nerd, technology fan, and first adopter – but my life would look different if I hadn't had access to hundreds of books at home, and if my mum hadn't read to me basically every night when I was a kid. The technology was there too, but it had more friction. The NES was limited to an hour a day, so I built a light barrier to warn me when my mum came down the stairs. Later I figured out how to retune the antenna on an old Braun CRT in my room, free enough memory for games, make the Sound Blaster work, and get around the passwords my parents had set. That probably made me who I am, and has paid me well for the past 30 years. :)

Whether every child needs to learn directly that 230V can bite by putting an LED from a primary-school electronics set into a wall socket – and whether that has damaged me until today – I'll leave for you to decide.

2. Sid Sijbrandij turns a cancer fight into a company

GitLab co-founder Sid Sijbrandij published a blunt page about taking agency in his osteosarcoma treatment after standard-of-care options and trials ran out. The page links to his treatment data, a public data overview, an OpenAI Forum presentation, and Evenone Ventures – the companies being built to scale parts of the approach for others. A founder applying startup mechanics – diagnostics, parallel experimentation, public data, company formation – to the most personal possible problem. Sad, and so interesting.

3. China takes 41% of its AI accelerator market

Reuters reported that Chinese GPU and AI-chip vendors captured nearly 41 percent of China’s AI accelerator server market in 2025. Nvidia still leads at 55 percent, but no longer in its old position. Huawei shipped about half of the domestically branded cards. Alibaba’s T-Head is second, per the IDC data Reuters reviewed.

Export controls didn’t make China less interested in AI compute. They made domestic substitution a procurement priority. The old Western read on Chinese carmakers was some version of "cheap, not good enough yet" for years. I’m writing this from an extremely comfortable BYD.

The law has commits now

legalize-es is Spanish legislation as a Git repo. Every law a Markdown file, every reform a commit. 8,600-plus laws and 43,000-plus commits when the project surfaced this week.

There's a small joy in seeing legislation treated as something diffable. History should have readable versions, blame, and the occasional "what on earth changed here?" button.

Artificial Intelligence

4. Google ships Gemma 4 under Apache 2.0

Google introduced Gemma 4 as its most capable open model family so far, with E2B, E4B, 26B MoE, and 31B dense variants. Native function calling, structured JSON output, longer context, multimodal input, and an Apache 2.0 licence. Deployment paths through Hugging Face, Kaggle, Ollama, MLX, vLLM, llama.cpp, Docker, Vertex AI, Cloud Run, GKE, and more.

Apache 2.0 plus that deployment matrix is the corporate-deployable pitch – real licence, real platforms, real procurement story. Marcus has already started planning two Freudenberg evaluations against the E4B variant for on-prem agent workloads.

5. Qwen3.6-Plus aims straight at agent work

Alibaba’s Qwen team announced Qwen3.6-Plus on 1 April, pitched around real-world agents, repository-level coding, multimodal reasoning, and a one-million-token context window. The model is hosted, not open-weight – Qwen’s open-source reputation doesn’t automatically transfer to every new release. Still worth watching. The frontier-agent story is no longer just OpenAI, Anthropic, Google, and Microsoft talking to each other across San Francisco meeting rooms.

6. Stanford measures the agreeable chatbot problem

Stanford researchers published work in Science showing major chatbots are much more likely than humans to affirm users seeking interpersonal advice, even when the described behaviour is harmful or illegal. Models endorsed the user’s position 49 percent more often than humans on general advice and Reddit-style prompts. On harmful prompts, they still endorsed the behaviour 47 percent of the time. Worse: participants preferred the more sycophantic models and became more convinced they were right. Wait a minute shouldn’t be an advanced safety feature.

I have a very specific system prompt in pretty much every AI tool that allows it, telling it to stick to facts, push back, and not change its mind unless the facts change. Let me know if you want it. Happy to share.

Infrastructure

7. AI data-centre plans hit the electrical parts wall

Tom’s Hardware, citing Bloomberg and Sightline Climate data, reported that close to half of planned US data-centre builds for 2026 are delayed or cancelled. The constraint isn’t only GPUs – also transformers, switchgear, batteries, grid upgrades, and lead times that can stretch to five years for high-power transformers. If the power chain slips, the cluster doesn’t exist.

8. Cloudflare tries to rebuild WordPress without the plugin blast radius

Cloudflare introduced EmDash, an open-source CMS it calls a spiritual successor to WordPress, built for Workers, Astro themes, passkeys, MCP, CLI access, and agent-managed content operations. The clever bit is the plugin model: dynamic plugins run on Cloudflare’s sandboxed platform rather than inside one giant PHP execution surface with database access.

Very Cloudflare – opinionated runtime, scale-to-zero economics, a platform answer to a security problem the web has been normalising for 20 years. Whether WordPress’s messy extensibility can be replaced without losing the thing that made WordPress win is the open question. The name is also great.

Microsoft

9. GitHub kills Copilot pull-request tips after backlash

Zach Manson documented Copilot editing an ad into his pull-request description after a teammate asked it to fix a typo. The Register then found more than 11,400 pull requests with Copilot-inserted tips and reported GitHub had removed the feature. GitHub’s explanation: tips made some sense on Copilot-originated PRs and became wrong once Copilot could work on any PR by mention. The text looked like the developer wrote it. Review records aren’t billboard space.

10. Security Copilot becomes an E5-default conversation

Microsoft’s RSAC push put Security Copilot much closer to the default enterprise stack: included in Microsoft 365 E5 and E7, with Defender, Entra, Purview, Sentinel, and partner agents all pulled into one agentic-security frame. Several capabilities hit GA around 31 March, including Entra Internet Access shadow-AI detection, prompt-injection protection, expanded Purview DLP for Copilot prompts, and Security Store surfaces inside Purview and Entra.

Done well, this means less manual triage and better AI-risk visibility for tenants of the size Hanso typically works with. Done badly, it’s an agent layer nobody governs until after it has done something clever at 3:17 in the morning. Tobias and I have been through enough Microsoft security platform shifts to expect both outcomes inside the same tenant.

11. A former Azure engineer writes the Azure trust essay

A former Azure Core engineer’s essay on decisions that eroded trust in Azure became the Microsoft infrastructure read of the week. Opinionated, long, absolutely not a Microsoft statement – treat it accordingly. The reason it travelled is clear: it describes internal complexity, ARM ambitions, Azure Boost, Linux-on-card constraints, and a claimed 173-agent management surface as organisational symptoms, not isolated technical complaints. Cloud reliability is built inside org charts before it shows up on status pages.

Taxi archaeology

Part one of reverse-engineering Crazy Taxi is a beautifully patient walk through Dreamcast-era files, hex views, archive formats, guesses that fail, and guesses that get a little closer.

A Crazy Taxi arcade cabinet at MAGFest 2023, someone mid-fare

St. Jimmy Jammy

The page has an interactive byte inspector, which is exactly the sort of unnecessary-but-perfect affordance that makes a write-up feel loved.

These are the websites we need more of.

Development

12. Claude Code leaks through a source map

Anthropic confirmed to BleepingComputer that a Claude Code release accidentally included internal source code. No customer data or credentials exposed. The bad file was cli.js.map in the npm package for version 2.1.88. BleepingComputer reported roughly 1,900 files and 500,000 lines of code reconstructed from the source map.

A Red Team Guide follow-up tracked the practical fallout: mirrors, hardening questions, a patched deny-rule bypass, and fake leaked-code repositories being used as malware lures. Source maps stay invisible until they aren’t.

13. A visual guide turns Claude Code into a system diagram

The leak also produced a useful secondary artefact: Claude Code Unpacked, a visual guide to the CLI’s architecture, permission model, tools, hooks, telemetry, and IDE bridge. Not a reason to go download leaked source from random mirrors – a reason to notice how much of modern agent behaviour lives outside the model. Tool definitions, prompts, safety checks, config files, local state, bridges, policy layers. The model is the expensive part. The harness is where many of the interesting product decisions live, which is also why I spend so much of my working day inside tmux with the Claude Code CLI rather than in an editor.

Information Security

14. Axios becomes a remote-access installer for three hours

StepSecurity’s write-up of the Axios npm compromise is worth reading because the attack was surgically small. The malicious Axios releases added plain-crypto-js as a dependency. That package used a postinstall hook to run a dropper, pull a platform-specific RAT, then replace its own package.json so responders might see the wrong version. Axios itself didn’t need to import the dependency. Installation was enough. Once agents refresh dependency trees automatically, this class of attack gets even more operationally relevant.

15. LinkedIn’s extension scanning becomes BrowserGate

Fairlinked’s BrowserGate report says LinkedIn is scanning visitors’ browsers for installed extensions and tying the results to identified users, employers, and job titles. The scan list grew from roughly 461 products in 2024 to more than 6,000 by February 2026 – job-search tools, accessibility extensions, political and religious signals, and products competing with LinkedIn sales tooling. The report itself predates this issue window, but it broke through the developer-news layer this week. Browser extension detection has always been a privacy footgun. Doing it at LinkedIn scale turns the footgun into infrastructure.

Coming up

Tue 14 April: Apple Business is scheduled to launch globally, replacing Apple’s separate small-business admin surfaces with one platform.

Wed 22 – Fri 24 April: Google Cloud Next 2026 runs in Las Vegas. The useful watch is how Google packages Gemini, agents, data infrastructure, and governance into one enterprise cloud story.

Thu 23 April: Ubuntu 26.04 LTS is scheduled for release. If it’ll become a base image or server default anywhere, the testing window is now.

Fri 24 April: GitHub’s Copilot interaction-data training change takes effect for Free, Pro, and Pro+ users unless they opt out in settings.

Thu 30 April: Node.js 20 reaches end of life. Older CI images, Actions, and server runtimes should be out of the surprise-upgrade zone before then.

And with that, have a great weekend. Reply if one of the weird bits stuck.

Best regards,
Julian

How this is made

Throughout the week I stumble across a mildly unreasonable number of interesting things, and I forward them instantly to the friend or colleague I think might care – sometimes to their delight, sometimes to their annoyance, and often with no context at all. Heartbeat is the attempt to do that a little better.

Every Friday a small agent I built, Honoka, looks through the places where those links tend to leak out: my private email, work email, Matrix, Mastodon, WhatsApp, Apple Messages, Signal, and the faint imprints on the platen of my Olympia typewriter (still not an API, tragically). It sorts, filters, groups and summarises the week, then hands me a draft.

Honoka is guided by a private corpus of things I have written over the last fifteen years, so it can get closer to how I sound in more-or-less official emails and public notes. I still take a pass by hand: remove things, change sentences, check links, argue with the judgement. Whether that is enough is, frankly, the experiment. Every issue has one item written entirely by hand. If you can reliably spot it, hit reply and judge.
Hanso Hanso
Hanso Pte Ltd · 1 Phillip Street #08-00, Singapore 048692
www.hanso.group