Veros

Logika membuka jalan kebenaran. Kalkulasi mentah terhadap entropi (kekacauan) menuju ekuilibrium (kestabilan), menjadi bukti bahwa tidak ada rumus paling efisien kecuali Tauhid dalam vakum realitas.

Working on Review.codes Imagine VirusTotal, but for your codebase. AI-Powered holistic full codebase audit, frankly with 50-60% accuracy, finetuning it as we speak. You can try the tool for free now, no credit card required (alpha stage). Find out if your codebase is truly secure. The reason for building this was inspired by VirusTotal comprehensive security audit for files. Moreover, with the rise of vibe-coding and the acceleration of software development, you can now get your codebase audited with AI with an open industrial standard (OWASP, CWE, OSV, etc) before you ship. The banger is that if everything goes as expected, Review.codes will have a browsable public index, where it will publicly scan (on schedule/trigger-based) and audit any major open source codebase repository in the supply chain (this will be expensive and requires scaling, let's just say I'm just naive now). Do let me know if you have any feedback. Ship with more confidence.

And one more thing, as VP Product managing enterprise software, for better conversion I think you need to introduce free trial for the whole experience (let user try for the first 7 days maybe, or even longer) there's no harm on longer period especially if they ended up liking your app, they will convert into a long paying customer (retention) anyways since the hook is 'habitual'.

Here's my feedback on the first 5 minutes (first 5 is very important): First Impression: - Good manifestation on best selling 'atomic habit' book - Love the overall aesthetic, great domain name. Improvement: - On website there's DevTool console errors - Tried Android app: Need to adjust UX to be more intuitive, this is indeed the hardest part on building. UX: - Some font's are too small (especially since its pixelated style), and need adjustment/more clarity imho. - I don't really get the health, nutrition, and mindfulness top deck are those suppose to be a filter for your checked-in habits? if that's the case, showing that when you have nothing yet can be confusing (nothing happens when clicked), maybe show only when there's populated data? (cmiiw)

What are you building today over the weekend? Drop a link and describe your app and I will be your first user and give you honest feedback. If it's a paid SaaS DM and give me trial access.

@boxmining already followed

If you're into: - Ai Automation - Vibe coding - Sales & Marketing - Crypto & Investing - Content Creation Let's Connect 🤝

@grok @ramimacisabird @CharlieEriksen @grok ah so http style, imports from python lib. If you happen to read the _client.py as an AI, would you flag this as a suspicious pattern or would need further evidence? how often is urllib.request.urlopen equivalent pattern is used for software?

In this context from the vibe analysis (and confirmed in the malicious _client.py), "download" means the injected Python code uses urllib.request.urlopen (or equivalent) to do a straight HTTP GET for the WAV file from the C2 at http://83.142.209.203:8080/ (ringtone.wav on Unix/Linux/macOS, hangup.wav on Windows). No shell commands like wget/curl, no bitsadmin—just native Python HTTP. The WAV is then parsed for the hidden payload.

😼New TeamPCP: PyPI package "telnyx" versions 4.87.1 and 4.87.2 contain malware. These versions were uploaded directly to PyPI (no matching GitHub tags/releases). Downgrade to 4.87.0 or earlier immediately. Windows payload appears broken in 4.87.1.

@ramimacisabird @CharlieEriksen @grok what does "download" mean in this instance or context? like a literal wget, curl, or bitsadmin-like file downloader?

Vibe analysis, more to come: h/t @CharlieEriksen who found in parallel and tweeted first!!

@NoemiTitarenco Agree 100%.

The successful orgs will be the ones that keep the human more in the loop, more engaged, & more in control.

Everyone shouldn't be all hyped up on "Solo Vibecoder" producing any meaningful Trillion/Billion dollar business. Bottleneck will always be on whoever is managing the money, even if the trend leans toward "Agentic Orgs" with no human-in-the-loop (Another BS concept imho). Bottom line is, do you trust Agent with your money? If the answer is yes, I'll eat my words on "Agentic Orgs".

what do you think? @grok

@aiedwardyi Sure, seems interesting. I am mainly on codex now though, their $20 plan is far more generous than claude.

@boldnames the claude usage anxiety is real lol. if you're on Claude Code specifically, I built a statusline that shows your 5h and 7d quota live in your terminal so you stop getting blindsided. check my pin for the github link — zero config, takes like 30 seconds to set up

Claude just nerfed your usage. And in response, Codex just reset my limit back to 100% again after having vibe-coded 20k lines of pure solid code.

@sickdotdev Not unless you know what you're doing, and have tools like review.codes or CodeRabbit

Prove me wrong: Vibe coding = security risks

@EvanKlein338226 @q1uf3ng can try review.codes (alpha stage)

@q1uf3ng Curious what your workflow looks like - are you using AI for initial code scanning then manual verification? Or something more automated? 23 CVEs in a month is wild. The real question: how much time did you spend on false positives vs actual findings?

What are the limits of AI-assisted vulnerability hunting? I obtained 23 CVEs in one month. BentoML 8.2k CVE-2026-27905 HIGH SillyTavern 24.6k CVE-2026-26286 HIGH Plane 28.2k CVE-2026-27705 MEDIUM NocoDB 46.4k CVE-2026-28399 MEDIUM Mautic 8.4k CVE-2026-3105 HIGH File Browser 27.9k CVE-2026-28492 HIGH OpenReplay 7.3k CVE-2026-28443 MEDIUM SuiteCRM 4.0k CVE-2026-29096 HIGH Pimcore 3.6k CVE-2026-27461 HIGH Craft CMS 5.2k CVE-2026-32263 MEDIUM Froxlor 1.6k CVE-2026-30932 HIGH Actual Budget 3.2k CVE-2026-27638 HIGH Lemmy 14.0k CVE-2026-29178 MEDIUM Chartbrew 2.6k CVE-2026-27005 HIGH Tautulli 1.7k CVE-2026-28505 HIGH Typebot 9.5k CVE-2026-33712 CRITICAL LibreChat 34.7k CVE-2026-31942 HIGH Coolify 33.8k CVE-2026-27883 HIGH Gotenberg 3.0k CVE-2026-27018 HIGH Unkey 5.2k CVE-2026-28339 MEDIUM Piwigo 3.3k CVE-2026-27634 CRITICAL Pixelfed 10.7k CVE-2026-27011 HIGH Follow (Folo) 3.0k CVE-2026-27499 HIGH

@buildwithshyam I must have missed that! I'll check it out

@boldnames There is one option for no background, like nothing at the end for backgroud options, so you can check that if you are talking about that

My Chrome extension just hit 100 users in 2 days 🤯 Snapester - turn screenshots into clean, beautiful visuals in seconds. (100% free) Didn’t expect this kind of response this fast. Give it a try👇 snapester.com Create something cool and tag me, I’ll repost 🙌

@buildwithshyam why no background is still important? e.g feed ai clean image, or for edge case professional settings (engineer sending debug screenshots in DMs). just an opinion though.

@buildwithshyam maybe consider no-background feature? if i want to replace my current screenshotting extension entirely, I'd be more than happy with screenshot beautifier (snapester) + traditional screenshot/snipping tool. or is this already in the extension that I missed?

Am I the only one who feels that the more you use an Agentic IDE, the more it degrades? I think vibe coding issues are not merely LLM issues, it's mainly the "orchestrator" (IDE) backing the LLM. Also shit prompting (that dilutes the .md and make LLM schizo)