Thoughts on AI, the tech stack, and the indie hacker journey.
Google priced the new workhorse model at $0.25 input and $1.50 output per million tokens — roughly 1/8 the cost of Gemini 3 Pro, and aggressively below anything Anthropic or OpenAI offer at the "good enough to ship" tier. There are exactly three workflows where a solo dev should swap. And one where it will break things you care about.
Google Cloud Next 2026 confirmed Ironwood (TPU v7) is going GA, with 10× peak perf over v5p, a 9,216-chip superpod, 1.77 PB of shared HBM, and 2× perf/watt. AI Twitter read this as a nuclear event. For any solo operator who pays for inference instead of building it, the correct reaction is: nothing. And the "nothing" is the entire point.
MRR Scout analyzed 708 monetized indie hacker sites. Shopify shows up on 63 of them. Stripe shows up on 10. That's a 6× gap. The mental model of "everyone ships on Stripe" is just not how things look in 2026. Here's why solo ops are drifting away, and a decision tree for picking a processor that fits what you're actually selling.
CVE-2026-34197 is an RCE in Apache ActiveMQ that's been sitting in the code since 2013. A security researcher found it during a casual Claude session. It's now on CISA's KEV list with a federal patch deadline of April 30. The real story for solo operators isn't "AI finds bugs." It's that the rate of newly-discovered legacy bugs is about to go up sharply.
OpenAI shipped "Codex for (almost) everything" on April 16. Computer use, integrated browser, 90+ plugins, PR review, SSH devboxes, and a Claude Code plugin for cross-provider review. I spent five days actually using it on production code. It's good. It's not a drop-in replacement. The real solo-dev decision is more interesting than the launch posts made it sound.
Scroll through Indie Hackers today and you'll notice the MRR screenshots are thinner. Several loud founders have scrubbed their profiles. The reason isn't burnout — it's that AI vibe-coding has made good ideas trivially cloneable, and transparency has become a clone signal. If "build in public" was your whole growth strategy, the game just changed.
OpenAI announced on March 24 that the Sora app shuts down April 26 and the API shuts down September 24. Seven months from launch to grave for a product that was supposed to own AI video. If you built a pipeline on Sora, you have a long weekend to migrate — and a specific lesson to take with you about building on anyone's consumer AI app.
A Context.ai employee got infected with Lumma infostealer while downloading Roblox cheats. Two months later, ShinyHunters was selling Vercel customer tokens on BreachForums. The attack path is a straight line through the AI productivity tools you've been clicking "Allow all" on. Here's the 30-minute OAuth audit every solo operator should run this week.
Amazon just announced that every Kindle shipped in 2012 or earlier loses Store access on May 20. Factory reset the device after that and it literally cannot be re-registered. It only affects ~3% of users — and that's exactly the point. If you're building a subscription product, this is the clearest case study in platform risk and graceful deprecation I've seen this year.