Sabitlenmiş Tweet
New Episode out: Shit I found on the Internet - Episode 1 youtu.be/5B5GYN3rqIQ via @YouTube
YouTube
English
Tiago Henriques
27.5K posts
Tiago Henriques
@Balgan
CUO @solvecyberrisk - I help build the future of cyberinsurance . ex CEO/Founder @binaryedgeio (acquired) - Opinions=mine.
Switzerland Katılım Kasım 2008
1.1K Takip Edilen3.3K Takipçiler
I fucking love @im_roy_lee
Roy@im_roy_lee
BREAKING: Cluely CEO officially responds to TechCrunch
English
Tiago Henriques retweetledi
Guess My RGB - 2026-02-01
Score: 52/100
🟩🟩🟩🟩🟩⬜⬜⬜⬜⬜
Can you visualize RGB values? Try it!
rgb.day
English
Guess My RGB - 2026-01-30
Score: 83/100
🟩🟩🟩🟩🟩🟩🟩🟩⬜⬜
Can you visualize RGB values? Try it!
rgb.day
English
Tiago Henriques retweetledi
As a former PM,
We will never hire a PM
Three roles and nothing else:
Designers, engineers, teachers
Peter Yang@petergyang
Cursor scaled to $29B without any full-time PMs. Ryo (Cursor's Head of Design) walked me through how they work and it's the opposite of every big tech best practice: 1. Roles are muddy PM work is spread across designers and engineers. Everyone does what fits their strengths and uses AI to fill the gaps. 2. Most designs start with code directly Ryo barely uses Figma except for initial exploration. Most features start as live Cursor prototypes because "it feels more real than pictures." 3. No annual roadmap theater Just a "fuzzy direction" and features shipped to concentric circles (e.g., staff, nightly beta users, consumers, enterprises) to polish. Ryo also showed me exactly how he designs and codes new features using Cursor and how he avoid creating generic purple AI slop. 📌 Subscribe to watch our full tutorial tmr: @peteryangyt?sub_confirmation=1" target="_blank" rel="nofollow noopener">youtube.com/@peteryangyt?s…
English
Tiago Henriques retweetledi
Cursor scaled to $29B without any full-time PMs.
Ryo (Cursor's Head of Design) walked me through how they work and it's the opposite of every big tech best practice:
1. Roles are muddy
PM work is spread across designers and engineers. Everyone does what fits their strengths and uses AI to fill the gaps.
2. Most designs start with code directly
Ryo barely uses Figma except for initial exploration. Most features start as live Cursor prototypes because "it feels more real than pictures."
3. No annual roadmap theater
Just a "fuzzy direction" and features shipped to concentric circles (e.g., staff, nightly beta users, consumers, enterprises) to polish.
Ryo also showed me exactly how he designs and codes new features using Cursor and how he avoid creating generic purple AI slop.
📌 Subscribe to watch our full tutorial tmr: @peteryangyt?sub_confirmation=1" target="_blank" rel="nofollow noopener">youtube.com/@peteryangyt?s…
English
I've been playing with trying to build prompts injections to influence AI Browser Agents (@OpenAI Atlas and @perplexity_ai Cosmos), in doing so I've seen all sorts of weird behavior but also having LLMs themselves competing to trick those agents linkedin.com/pulse/breaking…
English
Tiago Henriques retweetledi
Our tech headcount strategy in a nutshell
1. Hire any engineer that clears our (extremely high) bar
2. Maintain ratios with xfunctional team ~1:5 design, ~1:10 PM, ~1:10 DS, ~1:30 PMM, ~1:20 POPs
3. Cap growth rate (<50% YoY) to maintain culture, onboarding productivity, and resource scarcity mindset
4. Revisit single prioritized list of placement across existing & new bets (80/20) quarterly
English
@robertgraham Also fortinet isnt any better or worse than Sonicwall, and Ivanti, palo is a lil better but not much.
English
So for each of the past several years, Fortinet vulnerabilities have been a major source of hacking and ransomware campaigns.
Why do customers continue to buy their products? I don't mean to suggest they shouldn't. I mean to ask why they do.
For context, their biggest vulnerabilities is in the web management interface, which should always be behind a firewall, VPN, or management segment. Yet, it's their firewalls that are vulnerable. Moreover, it seems that part of the reason is provisioning as-yet unmanaged clients, which needs to be exposed to the public Interent without authentication, so the normal practice of walling it off doesn't work.
Thus, they seem unsecurable.
So my question is what is motivating customers?
English
@robertgraham I fight this fight everyday - price and fortinet buying a lot of steak dinners to the right people.
English
Tiago Henriques retweetledi
🚨CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974: PoC code to exploit the IngressNightmare vulnerabilities
GitHub: github.com/hakaioffsec/In…
English
Tiago Henriques retweetledi
Arguably the most brilliant engineer in FFmpeg left because of this. He reverse engineered dozens of codecs by hand as a volunteer.
Then security "researchers" and corporate employees came along repeatedly insisted "critical" security issues were fixed immediately waving their CVEs.
This was hugely demotivating to the fun and enjoyment of reverse engineering.
FFmpeg@FFmpeg
The maintainer of libxml2 put it very well
English
Tiago Henriques retweetledi
🚨CVE-2025-33073: PoC Exploit for the NTLM reflection SMB flaw
GitHub: github.com/mverschu/CVE-2…
▪️GUI (Screenshot 1)
▪️CLI (2)
▪️Custom command (3)
▪️SOCKS (4)
English
Tiago Henriques retweetledi
At a past company, the head of engineering and the principal engineers decided to break our Ruby on Rails application into a Go microservices mesh.
They created very detailed design documents and architecture diagrams. They went all out and used Kubernetes, gRPC, service templates, the whole shebang.
The whole senior engineering leadership came from Amazon, where they were used to each team owning a distinct service. They tried to apply that model directly. But our issues were with code ownership and poor domain modeling.
The entire application could have run on just a handful of EC2 instances.
What was the result?
Five years later, 70% of the application is still running on the Ruby on Rails monolith. Never completed the migration. But now they have to maintain two systems.
None of the original leadership works there anymore.
English
Tiago Henriques retweetledi
This is so typical of eng leadership coming from Big Tech:
"The whole senior engineering leadership came from Amazon, where they were used to each team owning a distinct service. They tried to apply that model directly."
Copying *exactly* what they are used to. Though (cont'd)
Yatish Mehta@yatish_me
At a past company, the head of engineering and the principal engineers decided to break our Ruby on Rails application into a Go microservices mesh. They created very detailed design documents and architecture diagrams. They went all out and used Kubernetes, gRPC, service templates, the whole shebang. The whole senior engineering leadership came from Amazon, where they were used to each team owning a distinct service. They tried to apply that model directly. But our issues were with code ownership and poor domain modeling. The entire application could have run on just a handful of EC2 instances. What was the result? Five years later, 70% of the application is still running on the Ruby on Rails monolith. Never completed the migration. But now they have to maintain two systems. None of the original leadership works there anymore.
English
Listen, Head of Research and Discovery (RAD) was a pretty dope title. But today I'm pleased to announce I was selected to be Head of Global Signals Operations for Google Threat Intelligence Group. I would say this is the most significant role change since joining Mandiant.
GIF
English
@luk__up I would maybe argue models involve a lot more context and knowledge about the business than direct code does. If code fails you see errors, with models? Hard to know, lots of nuance.
English
Tiago Henriques retweetledi
@JonnyBones My pleasure Jon. Told you I’m not an asshole. Glad you’re enjoying retirement 👍🦆
English