Hanso Heartbeat Hanso Heartbeat
Apple picks John Ternus to succeed Tim Cook. Repairability gets physical with no-tech tractors, the Framework 13 Pro, and the EU's 2027 battery rule. Meta plans to capture employee mouse and keystroke data the same week it cuts 8,000 jobs. GPT-5.5, DeepSeek V4, and a 27B Qwen coder all ship. Bitwarden CLI briefly compromised.

Issue 17

24 April 2026

Hi there,

Some weeks make "modern" look like a subscription with wheels. An Alberta tractor company got Hacker News excited by removing the computers. Framework pushed repairability into a grown-up laptop. The EU’s battery rule kept moving from PDF into product.

That sits next to the AI news fine. Models got bigger, cheaper, longer-context, and more useful. The practical question hasn’t moved: is the thing in front of you inspectable, repairable, predictable, and priced in a way that won’t surprise you at 2 a.m. when a token meter starts spinning?

Industry

1. Apple picks John Ternus as the post-Cook CEO

Apple announced that Tim Cook becomes executive chairman and John Ternus, SVP of Hardware Engineering, becomes CEO on 1 September 2026. Internal successor, hardware operator, Cook still around for policy and the board.

Apple is choosing a hardware centre of gravity at the moment investors want a louder AI story. That’s the tension to watch.

2. The right-to-repair story gets very physical

The week’s top Hacker News post wasn’t about a model. It was Ursa Ag, an Alberta startup selling no-tech tractors built around remanufactured mechanical Cummins engines, Bosch P-pumps, and no proprietary software handshake.

Same week: Framework pushed repairability upmarket with the Framework Laptop 13 Pro – LPCAMM2 memory, a CNC aluminium chassis, serious Linux positioning. And the EU’s 2027 rule requiring readily replaceable batteries in portable devices keeps moving forward.

Repairability has left the hobbyist bench. It’s product strategy, regulation, and market differentiation at once.

The internet, with fewer machines yelling

Using the internet like it's 1999 overplays its hand in places, but the practical part is straight: RSS, IRC, XMPP, email, search you choose deliberately, archives, and smaller protocols where the user still has some leverage.

External 33.6k serial dial-up modem

Frunze103

The good version of this argument is about input hygiene, not nostalgia for beige boxes. Choose feeds over feeds chosen for you. Choose places with memory. Choose tools you can leave alone for an afternoon without turning absence into a product metric.

3. Meta wants fewer workers and more work traces

Reuters reported that Meta plans to capture US employees’ mouse movements, clicks and keystrokes to train AI agents on real work behaviour. Two days later, Bloomberg via TechCrunch: Meta is cutting roughly 10% of its workforce, about 8,000 people.

One story says "teach the model from employee behaviour." The other says "run the company with fewer employees." Same week.

Artificial Intelligence

The split worth tracking is economic. Giant frontier models at one end, deployable open-weight coding models at the other, agent products getting judged by whether they survive real work.

4. OpenAI releases GPT-5.5 with the agent story turned up

OpenAI released GPT-5.5 into ChatGPT and Codex. API availability follows on 24 April. The biggest claimed gains are around coding, tool use, professional work, computer use, long context, and cybersecurity – i.e. tasks that keep going after the first answer.

Pricing: $5 per million input tokens, $30 per million output. GPT-5.5 Pro is far higher.

5. DeepSeek V4 makes the long-context price fight nastier

DeepSeek shipped V4 Preview with two models: deepseek-v4-pro and deepseek-v4-flash. Both exposed through OpenAI-compatible Chat Completions and Anthropic-compatible APIs, both with a 1M context window.

Take the vendor benchmarks with salt. The direction is clear: long context is moving from "expensive frontier feature" to a price-compression battlefield.

6. Qwen ships a 27B coding model that wants to be practical

Alibaba’s Qwen team released Qwen3.6-27B, a dense 27-billion-parameter open-weight model aimed at agentic coding and multimodal reasoning. Dense, not MoE – less routing complexity, still small enough for a realistic deployment conversation.

Ignore the victory-lap benchmarks for a minute. A capable coding model at this size changes what can run close to the developer, inside the company, or on hardware that doesn’t show up as a hyperscaler invoice. This is the size I keep eyeing for the Talos cluster at home.

The 5 by 5 alphabet

Maurycy Z. made MCU Font, a 5 by 5 pixel typeface for screens where every dot is a budget decision. Not beautiful in the glossy sense. Beautiful in the "can this letter still be itself if you take almost everything away?" sense.

The full MCU Font alphabet rendered at native 5×5 pixel size, every glyph stripped to the bone

Maurycy Z.

Good tiny typography is constraint as sport. There's a whole design education hiding in whether an S, a G, and an 8 can stay distinct on a canvas smaller than a favicon.

I think I spent an hour here, and on this guy's site in general.

7. Claude Code’s quality wobble gets a specific postmortem

Anthropic published a refreshingly specific postmortem on the Claude Code quality regressions tracked from the user side in Issue 15. Short version: a default reasoning-effort change and prompt changes around verbosity interacted badly. Some coding quality dropped. The problematic instruction was reverted on 20 April.

This is the kind of AI incident write-up enterprises should want more of. Which defaults changed, which evaluations missed it, where user feedback caught what internal testing didn’t.

Infrastructure

8. Exe wants to make cloud feel like computers again

Drew Crawshaw’s I am building a cloud is partly a fundraising-day essay for Exe, partly a good complaint about modern cloud abstractions. Clouds sell VMs as fixed CPU-memory shapes when a VM is, underneath the stack, a process in another Linux cgroup. He wants to buy compute, memory and disk, then run many VMs on top.

The product is early – curiosity, not procurement. The instinct is right though. Cloud got very good at billing surfaces and very odd at feeling like computers.

To be fair, that might be the business model.

9. Google Cloud Next pushes the agentic stack below the model

Google used Cloud Next to frame the enterprise AI stack around agents, data, and custom silicon – including eighth-generation TPUs split into training and inference chips. TPU 8t for large-scale training, TPU 8i for lower-latency inference.

If agents are going to call tools, inspect state, wait, retry and coordinate, the inference side becomes its own first-class platform problem.

Microsoft

10. GitHub Copilot hits the pricing wall

GitHub paused new sign-ups for Copilot Pro, Pro+ and Student plans, tightened usage limits, and pulled Opus 4.7 out of the cheaper individual tier. The post is unusually blunt: long-running parallel agent workflows can consume far more compute than the original subscription assumed.

The demo says "delegate work." The bill says "define work." Half of Hanso’s German enterprise Copilot rollouts are about to relearn this the slow way. The calmer ones already are.

A mechanical star computer

Ken Shirriff's teardown of the B-52 star-tracker angle computer is magnificent. Before GPS, the aircraft's Astro Compass tracked stars, and this electromechanical computer physically modelled the celestial sphere to turn star positions into altitude and azimuth.

Overview of the B-52 Astro Compass angle computer showing the celestial-sphere mechanism

Ken Shirriff

Synchros, motors, gears, a 2 5/8-inch half-sphere, sidereal hour angles – a machine solving spherical trigonometry by moving metal. Sometimes "computer" means a box of mathematics you can oil.

11. Copilot gets data residency and FedRAMP model controls

GitHub’s Copilot changelog added US and EU data residency plus FedRAMP Moderate-authorised model-hosting for US government customers. More detail landed on 24 April. Enterprise and org admins can restrict Copilot to data-resident or FedRAMP-compliant models. The policies are off by default.

That last bit matters. "Available control" is one knob. "Governed deployment" is twenty. Someone still has to turn each one and accept the model and pricing implications – which is the work Marcus has spent most of April doing inside one Freudenberg sub-tenant.

12. Microsoft frames AI defence as exposure management plus defaults

Microsoft’s security team argued that AI is compressing vulnerability discovery and exploitation windows. The pitch points at Defender External Attack Surface Management, CodeQL, Copilot Autofix, and a coming Baseline Security Mode across Exchange, Teams, SharePoint, OneDrive, Office and Entra.

Vendor framing aside, the lesson holds: patching faster isn’t enough if the exposed estate is still poorly understood.

Development

13. Matz publishes a Ruby AOT compiler experiment

Yukihiro Matsumoto published Spinel, an ahead-of-time native compiler experiment for Ruby. Not a production Ruby replacement – treating it like one would miss the point. Ruby’s creator is still poking at the old trade-off: how much of Ruby’s dynamism can survive while parts of the runtime compile into something more direct.

Good experiments out of an established language fifteen years after it stopped being the new thing are the under-reported part of the ecosystem.

Information Security

14. Bitwarden CLI gets caught in the Checkmarx supply-chain blast radius

The Bitwarden CLI npm package @bitwarden/cli@2026.4.0 was briefly compromised between 5:57 p.m. and 7:30 p.m. ET on 22 April, in connection with a broader Checkmarx supply-chain incident. Short window, nasty tool class: password-manager CLIs often sit inside automation with access to cloud credentials, repo tokens, and deployment secrets.

Anyone who pulled that package in CI during the window has a rotation problem, not a newsletter anecdote. Marasy spent half a day going through our pipeline images to be sure we didn’t.

15. Firefox private browsing had a process-level fingerprint

Fingerprint researchers described a Firefox and Tor Browser issue where indexedDB.databases() could expose a stable identifier across private browsing contexts. Not cookies or local storage in the normal sense – deterministic ordering from internal IndexedDB storage structures shared across origins for the browser-process lifetime.

Privacy bugs often live in implementation details that were never meant to be identity surfaces.

Coming up

1 May: GitHub Copilot’s EU data residency aligns with Microsoft’s EU Data Boundary. Tenant admins who need the control should check whether the policy is actually enabled, not merely available.

11–14 May: Red Hat Summit in Atlanta. OpenShift, virtualisation pressure, platform engineering, enterprise AI.

19–20 May: Google I/O returns to Shoreline and online. Gemini, Android, the developer-facing agent stack.

20 May: GitHub’s refund window closes for Copilot Pro and Pro+ users hit by the April plan and model-availability changes.

2–3 June: Microsoft Build in San Francisco and online. After the Copilot pricing squeeze, the developer-agent announcements should be read with the meter running.

There’s a thread through several of these about who gets to inspect what. Curious how you’re sitting with it.

Have a good weekend,
Julian

How this is made

Throughout the week I stumble across a mildly unreasonable number of interesting things, and I forward them instantly to the friend or colleague I think might care – sometimes to their delight, sometimes to their annoyance, and often with no context at all. Heartbeat is the attempt to do that a little better.

Every Friday a small agent I built, Honoka, looks through the places where those links tend to leak out: my private email, work email, Matrix, Mastodon, WhatsApp, Apple Messages, Signal, and the faint imprints on the platen of my Olympia typewriter (still not an API, tragically). It sorts, filters, groups and summarises the week, then hands me a draft.

Honoka is guided by a private corpus of things I have written over the last fifteen years, so it can get closer to how I sound in more-or-less official emails and public notes. I still take a pass by hand: remove things, change sentences, check links, argue with the judgement. Whether that is enough is, frankly, the experiment. Every issue has one item written entirely by hand. If you can reliably spot it, hit reply and judge.
Hanso Hanso
Hanso Pte Ltd · 1 Phillip Street #08-00, Singapore 048692
www.hanso.group