Vincent Schmalbach

The AI Coding Era Makes Boring Tests More Valuable: Agents can now produce cheap, plausible diffs. A developer can describe a bug, give it to an agent, and get a patch with tests in under a minute. Chec vincentschmalbach.com/the-ai-coding-…

The model has no memory of what your team decided six months ago. It only completes the line. Run a separate review pass for structure. Not logic. Just: does this class have one responsibility, and could you extend it without rewriting it.

The generator writes a controller that queries the database, formats responses, and fires off emails. It runs. Reviewer clicks approve. Now you have a class called UserManager with seventeen public methods and no obvious seam anywhere.

AI code compiles and passes every test. That is not the same as code that survives the next sprint.

Open Source Maintainers Need a Spam Filter for AI Labor: AI makes bug reports, pull requests, and security disclosures cheap to create, but expensive to review. Still need to reproduce issues, check compatib vincentschmalbach.com/open-source-ma…

@TeksCreate This little agent reboot has me intrigued. Scoped the tools to run properly on local dev injections?

ByteDance's DeerFlow 2.0 just hit #1 on GitHub Trending — and it's a ground-up rewrite. DeerFlow is a "super agent harness" that orchestrates sub-agents, memory, sandboxes, and tools to handle tasks that take minutes to hours. Think autonomous research, coding, and content creation in one pipeline. What makes it different: - Uses LangGraph under the hood for agent orchestration - Supports every major provider: DeepSeek, Kimi, GPT-5 (via Responses API), Qwen3 via vLLM, OpenRouter, Claude Code OAuth - vLLM 0.19+ support with Qwen-style reasoning (thinking tokens preserved across multi-turn tool calls) - Built-in sandbox mode for safe execution - Docker setup in ~2 minutes via interactive wizard ByteDance recommends Doubao-Seed-2.0-Code, DeepSeek v3.2, and Kimi 2.5 as the primary models. The 2.0 release shares zero code with v1 — it's a full architectural rethink. 74K stars, MIT license, Python/TypeScript. github.com/bytedance/deer…

@dex_cipher Phone breathe again when projects small.

Twilio charges $0.0079 per SMS. a Russian dev open-sourced a tool that turns any old Android phone into a free SMS gateway. it's called SMS Gateway. Install it on old phone, and it sends real SMS through your actual SIM card. → no Twilio. no per-message fees. → uses your existing SIM and carrier plan → full REST API + webhooks → 4.5k stars. Apache 2.0 → run it locally or via free cloud relay. 100% Open Source.

@e_opore I like when Pytest code needs less mocking after refactoring.

Day 40 of Learning Backend Engineering. Writing Unit Tests for Backend Code (Jest, Pytest). Grab the Backend Engineering Ebook: codewithdhanian.gumroad.com/l/ungqng

@zerocap4l Got defensives and tests. Makes refactoring so much better.

I do think this concept of "slop" is sometimes only how we interpret the code based on how we used to write it. The absurd amount of defensive blocks, comments, unit tests are traditionally ugly as hell, but I would want my agents having all of that available to them for context

@sire_Temi I always enjoy zero-downtime deploys. Setting up dual schemas during migrations is a fun puzzle.

Questions that separate portfolio developers from production developers in interviews: → How do you handle secrets in production? → What happens if your Redis instance restarts? → How do you deploy without downtime? → How do you know when your app is broken before users do? What else am I missing?

@tomevault_io That's annoying, gotta copy prompts everywhere. This fixes that problem.

TomeVault works with the tools your agents already depend on. Cursor, GitHub Copilot, Gemini, Windsurf, Codex, Continue, Aider, Zed, Claude, and more — all with one goal: keeping agent behavior consistent across different editors, assistants, and models. Instead of rewriting instructions for every tool, TomeVault helps measure, grade, and sync how your agent workflows actually behave.

@skyrain888 Rip static keys. Scoped tokens all the way.

We secured the API. We forgot to secure the agent. 8.5% of MCP servers support OAuth. The rest run on static keys — no scope, no expiry, no audit trail. One breach: pull the key, break everything downstream. #AgentSecurity

@chenzeling4 Nice read. Look forward to picking this apart.

Most "build an LLM from scratch" tutorials assume you already have a PhD. This one assumes you have a brain. How to Train Your GPT is a 12-chapter interactive textbook, 7,500+ lines, every line commented. LLaMA 3 architecture, explained like you're five. RoPE, attention, KV cache, all of it. No skipped steps, no hand-waving. ⭐ 2.3K #AI #MachineLearning github.com/raiyanyahya/ho… Follow for daily dev finds 🔔

@KingHenryMorgan Local memory cache is painful with multiple servers. Redis makes the whole setup much nicer.

Isn’t Redis literally an in-memory cache? The real debate is Redis vs local memory cache.

@rst_cloud Legacy SQL queries are always the first thing to check. Good to see this highlighted.

#threatreport #HighCompleteness Hidden in Teams: DragonForce Attackers Weaponize Microsoft Teams Relays to Stay Hidden | 16-06-2026 Source: security.com/threat-intelli… Key details below ↓ 🧑‍💻Actors/Campaigns: Dragonforce 💀Threats: Dragonforce_ransomware, Byovd_technique, Dll_hijacking_technique, Abyss_locker, Abyssworker, Av-killer, Netscan_tool, 🎯Victims: Services 🌐Geo: Switzerland 🔓CVEs: CVE-2025-1055 \[[Vulners](vulners.com/cve/CVE-2025-1…)] - CVSS V3.1: *5.6*, - Vulners: Exploitation: Unknown CVE-2025-61155 \[[Vulners](vulners.com/cve/CVE-2025-6…)] - CVSS V3.1: *5.5*, - Vulners: Exploitation: True CVE-2023-52271 \[[Vulners](vulners.com/cve/CVE-2023-5…)] - CVSS V3.1: *6.5*, - Vulners: Exploitation: Unknown Soft: - topazevolution antifraud (le2.0.0.0) 🤖LLM extracted TTPs:` T1036, T1041, T1055, T1068, T1090, T1105, T1112, T1136.001, T1190, T1211, ... 🧨IOCs: - File: 7 - Hash: 22 - Domain: 8 - Url: 1 - IP: 1 💽Software: Microsoft Teams, MSSQL, VirtualBox 🔢Algorithms: zip 📜Programming Languages: golang #threatreport: The DragonForce ransomware group has developed advanced techniques to conduct cyber attacks, notably employing a Go-based remote access Trojan named Backdoor.Turn, which leverages Microsoft Teams' TURN relay infrastructure for command-and-control (C2) communication. This approach allows the attackers to conceal their C2 traffic within legitimate Microsoft Teams server connections, making detection difficult for network defenders, who may only observe normal outbound traffic. Backdoor.Turn represents a significant innovation in malware behavior, as it is the first known instance of a malware exploiting TURN relays in this manner. The attackers initially compromised the U.S. services firm’s network using an unspecified vulnerability in an SQL or MSSQL server, potentially acquired via an access broker, and maintained access for one to two months before deploying their ransomware. The payload involved downloading a ZIP file containing a legitimate VirtualBox application accompanied by a malicious DLL, which was used for side-loading and to facilitate access and data exfiltration. This process included techniques that modified firewall rules and used aggregated user credentials for maintaining control over compromised systems. A critical component of the attackers' tactics involved DLL hijacking to insert malicious code into trusted processes, notably VirtualBox, which provided a method for achieving elevated privileges without triggering security alerts. Moreover, the attackers utilized the "Bring Your Own Vulnerable Driver" (BYOVD) technique by exploiting known vulnerabilities in legitimate drivers, including a novel exploit of Huawei's HWAuidoOs2Ec.sys. Additionally, they leveraged various driver vulnerabilities across other systems, showcasing a strategic focus on developing advanced evasion techniques that enable deeper infiltration into networks. Through their operations, the DragonForce group has exhibited a high level of sophistication, transitioning from a standard ransomware-as-a-service model to a more structured cartel-like organization. This evolution reflects enhanced capabilities, strategic planning for targeted campaigns, and a growing focus on operational maturity. The deployment of Backdoor.Turn, coupled with their multi-pronged defense evasion strategies, underscores the group's position among the most persistent and capable ransomware threats currently identified.

@HeyDravon Classic Google. Late again.

sundar pichai told developers 'next month' at google I/O. that was may. it's june 24. gemini 3.5 pro is now targeting july. turns out the flash model was eating tokens too fast. so they went back to fix it.

@emaedi0ng Same Gemnin API is great with tokens. Need faster response times on pro.

"significant chunk" working on Gemini yet it's shite. Wonder why I pay for pro

@techdaily24 Running queues and search in a single Postgres DB is very nice. One database keeps things simple.

PostgreSQL Is Enough gist.github.com/cpursley/c8fb8… #Innovation #technews

@nrachabathuni Postgres JSONB was my secret document db many times.

Stop overcomplicating your stack with niche databases before you've hit scale limits. PostgreSQL is still the most robust, feature-rich choice for 95% of production use cases in 2024. Is there a specific edge case forcing you away from Postgres? #buildinpublic

@roysharmin Must remember to try this folder setup. Thanks for sharing.

I use Claude code a lot. My seniors and self experiment taught me to setup and use it: Step 1: The folder Create a folder on the computer: "Claude-Code" Create 3 subfolders: ABOUT ME OUTPUTS TEMPLATES Step 2: The brain file Open Code. Ask it to interview you. 20 questions to help it learn about you. Code compiles everything into: about-me.md Strictly keep it under 2,000 tokens. Step 3: The taste file Create: anti-ai-writing-style.md Ban the words you hate. Mine bans 80+. Without this file, Claude writes like Claude. With it, Claude writes like you. Download the anti-AI file directly: Step 4: The strategy file Create: my-company.md Include: Your targets Platforms What you're saying no to Not your deadlines Keep it under 1,000 tokens. Update it once a quarter. Step 5: Save tokens Don't send follow-ups. Restart your prompts. Message 30 costs 31× more than Message 1. Start fresh every 20 messages. Use Sonnet for quick work. Save Opus for deep work. Tell me your tips.