Zed is a type system that was developed with one question in mind: what do readers actually need? Not what looks good in a type specimen, but what works for the widest possible range of readers. We tested Zed with visually impaired patients at a French ophthalmology hospital and found that Zed Text outperformed Helvetica in terms of reading speed across all patient groups. Designed from scratch to perform different functions, it comes in two optical versions — Text and Display — with four variable axes and support for 547 languages, including endangered ones. It is available directly from the designers.

Samual Axon, reporting last week for Ars Technica:

Early this morning, Anthropic published version 2.1.88 of Claude Code npm package — but it was quickly discovered that package included a source map file, which could be used to access the entirety of Claude Code’s source — almost 2,000 TypeScript files and more than 512,000 lines of code.

Security researcher Chaofan Shou was the first to publicly point it out on X, with a link to an archive containing the files. The codebase was then put in a public GitHub repository, and it has been forked tens of thousands of times.

Anthropic publicly acknowledged the mistake in a statement to VentureBeat and other outlets, which reads:

Earlier today, a Claude Code release included some internal source code. No sensitive customer data or credentials were involved or exposed. This was a release packaging issue caused by human error, not a security breach. We’re rolling out measures to prevent this from happening again.

Not exactly confidence inspiring, given how incredibly sensitive much of the material users give Claude and Claude Code access to. To say the least, it undermines the message that companies should trust their source code to Claude Code when Anthropic accidentally leaked their own source code.

Juli Clover, at MacRumors:

Apple has shared nine Little Finder Guy videos this week, and on TikTok, the thumbnails for the videos come together to make a Little Finder Guy mosaic on the Apple TikTok page.

I hope this doesn’t jinx the negotiations, but I’m working on getting Little Finder Guy as my guest for The Talk Show Live From WWDC this June.

Donald Trump, sitting president of the United States, on his blog:

Tuesday will be Power Plant Day, and Bridge Day, all wrapped up in one, in Iran. There will be nothing like it!!! Open the Fuckin’ Strait, you crazy bastards, or you’ll be living in Hell - JUST WATCH! Praise be to Allah. President DONALD J. TRUMP

The Iranian embassy in Japan, quoting Trump:

This low level of civility and intelligence shown by a leader of a country is regrettable; the shameful fervor with which intentions to commit war crimes are repeated is staggering; and the fact that the Divine is invoked regardless of ill intentions clearly exposes deep fanaticism. Apologies for sharing this language.

It’s getting harder to tell which side is the authoritarian theocratic regime run by demented hateful nut jobs. (You Crazy Bastards would be an excellent title for a book on the Trump 2.0 administration.)

My thanks to Material Security for sponsoring this week at DF. Most security teams don’t have a talent problem, they have a noise problem. Manual phishing remediation, chasing risky OAuth permissions, and auditing file shares shouldn’t be a full-time job.

Material Security unifies your cloud workspace, bringing detection and response for email, files, and accounts into one place. It’s security that actually works: augmenting the native gaps in Google and Microsoft without the usual enterprise bloat. Stop fighting fragmented consoles and start focusing on strategy. It’s time to simplify your SecOps.

See for yourself how Material scales.