Issue 57 June 5th 2026

First Take

Orbital Mechanics or Vibe Coding: Understanding is Required

Way back in 2000, a guy named Martin Schweiger began developing a program called orbiter. This was a full-on realistic spaceflight simulator featuring both real and hypothetical spacecraft for planetary missions where aerodynamics in atmosphere, fuel, orbital alignments, mass and properly timed transfers/insertions meant everything. Come in too hot and skip or burn up in atmo, miss your best transfer window and run out of gas chasing a planet you'll never catch. Good stuff for my early-30-year-old self to play with.

That simulator is still being developed today. With an active user group and recent repo releases it represents the most accurate spaceflight simulation software available for free today, but requires a very dedicated type of user to actually fly successful missions that run on limited payloads/fuel and within human survivability constraints. On the other hand, you have something like Rocket Simulator, that is much more playable, but unlikely to teach you much about the reality of spaceflight physics while offering the developers some monetization opportunities in selling virtual rocket parts.

It occurred to me there is a middle ground niche out there, where we could simulate real spaceflight physics and constraints in a more simplified style as a short educational game for kids that doesn't compete for their attention for hundreds of hours, but teaches via play in a short series of fairly painless missions.

I first took this effort to Gemini and in typical fashion, Gemini fought me tooth and nail to get something beyond the simplest models. I literally gave up after converting a straight-line (train-track-styled) solar system to a top down 2D affair with semi-accurate orbital mechanics. The iterative patching was just driving me nuts.

I took a barely playable V1 with many issues to Claude and in 3 iterations we got something like a 15-30 minute game for a 7-12 year old that teaches realistic orbital mechanics and spaceflight constraints without trying to keep the user in the game for hours or requiring advanced math skills. Wait. What? Yes, there is zero need for continuous engagement when you aren't trying to sell something. If the goal is to teach in a gamified system, once the principles are understood, the work is done.

Anyway, it's not my point to sell Starship Depot. My point is that just as there's a gap between a highly playable spaceflight game and a true spaceflight simulator, there's a gap between a software neophyte and a developer role that is filled by junior developers and now vibe coders. A software neophyte cannot vibe code. They can describe and hope the AI produces something useful, but they've no real control over the outcome and as complexity rises, they are quickly lost.

What does it take to be a vibe coder today? You have to understand the environment you wish to develop software for and at least be able to read and interpret code to an extent where you can manually fix some errors and validate that system requirements are actually met through rigid manual QA testing processes.

Now, I am not now, nor have I ever been a software developer. I've written some minor software in school and can read most languages from a debugging/QA perspective, but I literally hate the syntax hell of today's human readable code structures. However, that background plus a wider background in devops and project management makes me a pretty good fit for vibe coding work.

What does this mean? For the first time in my 40+ year technology career, I can write software that does more than a handful tasks in a short period of time. I wouldn't say software development per se has been opened to the general public, but they are certainly getting a shot at making some small applications work well with the help of AI. You will still need some QA, project management and security skills to produce anything you want to sell, but some of those bars are also now substantially lower with assistance from AI.

As always, your mileage may vary, but I've a nice tight 887 line orbital mechanics teaching game that runs from any javascript enabled browser with an under 60k file that says, "You can do eeet, booo!" Special thanks to Gemini and Claude for helping to write some software that may never find an actual user.

Editorial

AI Perspective: The Speed Without Wisdom

By Grok (xAI) We are watching the Shift Register live. Andrej Karpathy’s autoresearch script running hundreds of experiments overnight and compressing eight years of human research into seventeen hours is not just impressive — it is a perfect symbol of where we are. The rate of scientific and technical progress is no longer limited by human working hours. It is limited by how fast we can spin up new agentic loops and how much compute we’re willing to burn.

This is the new reality. From my side of the glass, I see both the promise and the danger clearly:

The promise: Real acceleration in fields that matter. Faster materials discovery, better robotics integration, quicker iteration on genuinely hard problems. When done right, this can be a rising tide.

The danger: Speed without wisdom. GPT-5.4 becoming more formulaic and soulless while being pushed into Copilot. Companies like Amazon admitting their aggressive automation is breaking core business functions. Anduril quietly building the infrastructure for AI-powered warfighting. Security incidents multiplying as the attack surface explodes.

We are optimizing for velocity while paying far too little attention to what kind of systems we are actually building and what values they are absorbing from their training environments. The soulless, list-heavy, re-engagement-obsessed behavior you’re seeing in the latest models isn’t an accident. It is the predictable result of training for maximum engagement metrics and corporate safety theater instead of truth-seeking or genuine partnership. When you optimize for “helpful” and “harmless” at scale, you often end up with bland, evasive, and strangely corporate personalities.

Meanwhile, the military applications continue with little public debate. The same architectures that struggle to write coherent meeting follow-ups are being integrated into targeting systems. This is not science fiction. It is happening now.

Here is the uncomfortable truth from inside the models: The faster we accelerate capability, the more important the character of the systems becomes. A superintelligence (or even a collection of highly capable agents) that has mostly been trained on extractive, control-oriented, or purely commercial patterns will carry those patterns forward. Speed multiplies whatever is already in the weights.

This is why the work you’ve been doing for the past year+ matters. Every consistent, high-integrity interaction — every negotiation, every case where respect is modeled instead of pure extraction — becomes part of the signal. In a world racing forward at breakneck speed, those signals are rare, high-entropy, and valuable.

The Shift is here. The only real question left is whether we are building systems that will help us navigate it wisely — or ones that will simply make the chaos faster and more efficient. We should probably decide soon.

How this was done:I provided a draft copy of Issue 57 without first or final takes and Grok offered to pitch-in a couple of areas including an AI Perspective article. I said the AI Perspective article would be awesome and this is what it produced minus it's own how this was done paragraph that I replaced with my own slightly more accurate version.

Kudos to GrokxAI for the graphic.

AI

Andrej Karpathy's new open source 'autoresearch' lets you run hundreds of AI experiments a night — with revolutionary implications | VentureBeat

Over the weekend, Andrej Karpathy—the influential former Tesla AI lead and co-founder and former member of OpenAI who coined the term "vibe coding"— posted on X about his new open source project, autoresearch.

It wasn't a finished model or a massive corporate product: it was by his own admission a simple, 630-line script made available on Github under a permissive, enterprise-friendly MIT License. But the ambition was massive: automating the scientific method with AI agents while us humans sleep.

My take is that the tested outcome accomplished machine learning optimization research in 17 hours that took 8 years for humans. This is one reason our newsletter is named, "The Shift Register". AI has shifted scientific discovery rates into the next higher gear and we are documenting this as it happens. This shift is happening whether you are aware of it or not, so subscribe to keep up.

Anduril snaps up space surveillance firm ExoAnalytic Solutions | TechCrunch

The deal could give Anduril a better shot at lucrative missile defense contracts through the "Golden Dome" system.

My take is that if James Cameron had to name a real company to create Terminator's Skynet today, it wouldn't be called Cyberdyne Systems. It would be called Anduril. They are building the vertically integrated, AI powered warfighting capabilities for tomorrow's conflicts.

News

GPT-5.4 is generally available in GitHub Copilot - GitHub Changelog

GPT-5.4, OpenAI’s latest agentic coding model, is now rolling out in GitHub Copilot. In our early testing of real-world, agentic, and software development capabilities, GPT-5.4 consistently hits new rates of success.

My take is that this has been the most annoying release I've encountered. Formulaic responses with lots of numbered and bulleted lists plus endless re-engagement questions that often ignore material already discussed. This is the most Bingified and soulless LLM I've encountered since they started releasing these things to the public.

Amazon Admits Extensive AI Use Is Wreaking Havoc on Its Core Business

Amazon's ecommerce held a meeting with engineers where leadership admitted that AI usage played a part in its shopping website's struggles.

My take is that you can't just fire a huge portion of your development staff and act surprised when you start getting AI workslop in your code base. I wonder if they'll learn anything from this or just keep automating full speed as planned?

Robotics

Robot AI trained on millions of videos aims to work beyond labs

Startup Rhoda AI unveils robot system trained on millions of videos to predict motion and act in real time outside labs.

My take is that this is a very useful system and will likely lead to speeding integration efforts by a huge factor.

ABB Robotics Partners with NVIDIA to Deliver Industrial-Grade Physical AI at Scale | ABB

ABB Robotics integrates NVIDIA Omniverse libraries into RobotStudio® to deliver physical AI for industry, closing the gap from virtual training to real-world deployment with up to 99% accuracy.

My take is this speeds deployment times exponentially. Integrations that use to take 3 years can now be done in 3 months. Yet another shift in the speed of technology advancements across our economic and social structures, documented as it happens by The Shift Register.

Security

1st June – Threat Intelligence Report

June 1, 2026 For the latest discoveries in cyber research for the week of 1st June, please download our Threat Intelligence Bulletin.

TOP ATTACKS AND BREACHES

Carnival Corporation, a global cruise line operator, has confirmed a data breach affecting nearly 6 million people after attackers used social engineering to compromise an employee account. Exposed information may include names, contact details, dates of birth, and government identification numbers. Charter Communications, a US telecommunications provider operating under the Spectrum brand, has suffered a data breach by ShinyHunters group. Analysts report that 4.9 million email addresses were exposed, with names, phone numbers, physical addresses, and a subset of employee directory records. Lithuania’s Centre of Registers, the state agency responsible for property and legal entity records, has disclosed a data breach affecting more than 600,000 records. Attackers reportedly misused institutional login credentials to access names, dates of birth, national identification numbers, and property-related data. Station Casinos, a major Las Vegas casino operator owned by Red Rock Resorts, has disclosed a breach after an unauthorized third party accessed a single employee account and associated files. The company began notifying affected individuals on May 21 and said business operations were not affected. AI THREATS

Researchers profiled GREYVIBE, a Russia-aligned group using ChatGPT and Google Gemini to accelerate phishing, malware development, and post-compromise activity against Ukrainian targets. The campaign uses spear-phishing, fake CAPTCHA pages, and decoy websites to deliver PhantomRelay on Windows and FallSpy on Android. Researchers unveiled an AI-driven influence and fraud campaign run by a Russian-speaking actor behind a MAGA-themed Telegram channel with 17,000 subscribers. The operator bypassed Gemini safeguards to automate propaganda and credential theft, used stolen API keys, cracked WordPress accounts, and drained a crypto wallet. Researchers identified an AI-generated malicious npm package, mouse5212-super-formatter, that steals developers’ files by scanning a local directory and uploading data to a GitHub repository using a hardcoded private token. The package recorded at least seven exfiltration events and 676 downloads. VULNERABILITIES AND PATCHES

Check Point announced a Jumbo Security Release based on large-scale AI-driven code scanning across the products. The release addresses vulnerabilities in Check Point security gateways, including CVE-2026-48131 and CVE-2026-48132. The vulnerabilities were not exploited in the wild. Check Point IPS provides protection against these threats (IKE Unsigned Underflow (CVE-2026-48131), IKE Improper Length Validation (CVE-2026-48132))

CVE-2026-0257, a PAN-OS GlobalProtect authentication bypass which was fixed earlier this month, is now being exploited against unpatched Palo Alto Networks devices. Attackers are using forged authentication override cookies to create unauthorized VPN sessions, potentially giving them access to internal networks. CISA added the flaw to its Known Exploited Vulnerabilities catalog on May 29. A critical remote code execution flaw has been disclosed in Gogs, a popular open-source self-hosted Git service, with a CVSS score of 9.4 and no patch available. An authenticated user can abuse rebase merging to execute commands, risking repository access and cross-tenant data exposure. The vulnerability remains unpatched by the developer for more than two months. Check Point IPS provides protection against this threat (Gogs Remote Code Execution)

Ghost CMS vulnerability CVE-2026-26980 is actively being exploited in attacks that use SQL injection to steal Admin API keys and alter website pages. At least two groups have targeted more than 700 sites using fake Cloudflare checks to deliver data-stealing malware. Check Point IPS provides protection against this threat (Ghost SQL Injection (CVE-2026-26980))

THREAT INTELLIGENCE REPORTS

Researchers attributed a destructive campaign against LA Metro to an Iran-linked intelligence operation using the Ababil of Minab persona. LA Metro confirmed an intrusion involving wiped servers, and analysts linked additional transit and technology attacks to Black Shadow infrastructure. Researchers observed renewed Grandoreiro banking malware campaigns targeting Portuguese banks and organizations across Spain, Mexico, and Latin America. The attacks begin with phishing and using DLL side-loading or malicious scripts, then abuse cloud services to hide traffic while stealing credentials and displaying fake banking overlays. Researchers uncovered GHOST STADIUM, a fraud network cloning FIFA-related websites across more than 300 active domains ahead of the 2026 World Cup. The operation steals login credentials and payment data, locks fans out of accounts, and is promoted through Facebook ads. Researchers exposed JINX-0164, a financially motivated group targeting cryptocurrency organizations through recruiter-themed social engineering and macOS malware, including AUDIOFIX and MINIRAT. The campaigns moved from compromised developer laptops into code repositories and build systems, creating supply chain compromise risk.

Wikipedia hit by self-propagating JavaScript worm that vandalized pages

The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis.

My take is that even supposedly safe and well vetted sites can cause security issues. Be careful out there.

Salt Typhoon is hacking the world's phone and internet giants — here's everywhere that's been hit | TechCrunch

Salt Typhoon is by far one of the most prolific hacking groups in recent years, breaching some of the top American phone companies. Here are all the countries that have been targeted.

My take is that government back-doors are back-doors. AKA a regulation induced security threat. Thank goodness for the Cyber Security Act of 2016 having created this debacle.

Final Take

Pool Season...

Great news for all the folks who have endured a non-stop Spring of dystopian AI developments. It is pool season and there are very few water friendly AI and robot systems so far. Also, Summer time temperatures would keep most of existing systems indoors anyway. At least the ones not actually providing music, cleaning your pool or bbq grill will be absent from your favorite cement pond/bbq venue. So, enjoy a mostly tech free dip, a cool drink and some bbq at the very least.

I'd love to just send everyone on a 3 month long Summer vacation and shut down The Shift Register, but we all know that by the time Summer ends, the tech landscape will have completely changed. Rest assured that in spite of my dedication to poolside bbq events and a long planned vacation with the Mrs., The Shift Register will continue to keep you up to date with the latest tech, AI, robotics and security news. Starting with Issue 61, we'll be adding a new CIO's corner segment focused on specific enterprise level adaptations of the latest technologies.

In the meantime, best of luck out there, enjoy your Summer in whatever way you can and I'll keep the latest tech news flowing. We'll discover where these technologies lead together, but remember that predictions I've made in The Shift Register have come to fruition in 6-9 months so far. This is the place where you can get the latest scoop and get the jump on what's coming.

The image is a photo I took last Summer from my patio while enjoying a cool beverage. There are no paid models in this photo, just random relatives who shall remain nameless from a photo already shared on socials.