DotFreeRave

Building the future of dev tools 🚀 🛠️ #DotCommand 🔐 #DotEnvy 🧠 #DotSense All #OpenSource & built for you. 🔗 linktr.ee/DotFreeRave #BuildInPublic #VSCode #TypeScript

Lost 2,800 words of a Dev.to article to a VS Code WebView reset. Wrote for 2 hours. Switched tabs. Came back to an empty form. So I built a proper drafts system. Here's what I shipped in DotShare v3.2.5 The problem with WebViews: they're iframes. They suspend when hidden. They wipe on restart. Any state you haven't explicitly saved is gone the moment you look away. For a tweet that's annoying. For a 3,000-word article — it's devastating. The fix: one Draft interface covering everything. Social posts. Blog articles. Dev.to drafts pulled from the API. All the same type, all resumable with one click. No two separate systems. No branching logic. One union type does the job. The part I'm most proud of: Two-Way Sync. Loading a draft rewrites BOTH the WebView form AND the active .md editor file simultaneously. One click. Two surfaces. Always identical. Never out of sync. Remote drafts too. DotShare pulls your existing Dev.to articles from the API and shows them alongside local drafts in the same grid. Load one → Two-Way Sync fires → article lands in both the WebView and your Markdown editor. Also shipped: → Split-Editor: opening Dev.to/Medium auto-creates dotshare-devto.md beside the panel → Reset Boilerplate button: one click back to clean state → Upsert saves: no duplicates no matter how many times you hit save All in v3.2.5 "Nexus" Watch it in action 👇 youtube.com/watch?v=AIb4Ye… Here is the deep dive into the Two-Way Sync and UI code: Read Part 2 here: dev.to/freerave/build… (If you missed it, Part 1 on Types & Storage is here: dev.to/freerave/build… ) Install free on VS Code: marketplace.visualstudio.com/items?itemName… VSCodium / Open VSX: open-vsx.org/extension/free… Source: github.com/kareem2099/Dot… #VSCodeExtensions #DotShare #VSCode #OpenSource #FreeRave

@unbankedgroup Wow, what an incredibly original thought! Someone should definitely put that in tweet 7/8 of this exact thread... oh wait. 💀😂

🚨 Vercel confirmed a security breach today. GitHub tokens. NPM tokens. Internal employee systems. API keys. Thread on what happened, why it's serious, and what you need to do right now. --- 1/ First — what's confirmed vs claimed. ✅ Confirmed by Vercel: - Unauthorized access to internal systems - Limited subset of customers affected - Incident response team engaged - Services still operational ⚠️ Claimed (unverified): - GitHub + NPM tokens stolen - ~580 employee records exposed - $2M ransom demanded --- 2/ Why Vercel specifically? Because it's a crown jewel target. It holds: → Secrets for thousands of apps → Deep GitHub integration → NPM publish access → DB credentials → OAuth tokens to literally everything One breach. Thousands of blast radii. This is textbook Supply Chain Compromise. --- 3/ The misconception killing people right now: ❌ "They encrypt env vars, I'm safe." Encryption at rest ≠ access control. If the attacker has authenticated access to internal systems, the system decrypts for them on request. The encryption layer never even sees the attack. --- 4/ The Linear exposure is underrated. Vercel uses Linear internally. Alleged access means: → Unpatched bug reports → Architecture discussions → Accidentally pasted credentials in comments → Post-mortems documenting past weaknesses An issue tracker is a treasure map. --- 5/ NPM tokens are the scariest part. Publish access to any package = push malicious code to everyone downstream. npm audit won't save you here. You need to think about WHO has publish access to your deps, not just what the current code does. --- 6/ 🔴 Do these RIGHT NOW: → Revoke Vercel's GitHub OAuth → re-authorize → Rotate Upstash / Redis / DB credentials → Revoke + reissue NPM tokens → Audit connected OAuth apps on GitHub → Review recent build logs for leaked secrets --- 7/ The real lesson: If rotating your secrets takes more than 30 minutes — you don't have a Vercel problem. You have a resilience problem. Build rotation infrastructure BEFORE you need it. --- 8/ Wrote a full deep-dive: → Full attack surface breakdown → Why GitHub tokens are catastrophic → NPM ecosystem risk → Exact steps to take dev.to/freerave/the-v… RT if this helped someone in your timeline.

We hit 2,500 followers on dev.to in 15 days. The goal was April 30th. We finished April 15th. Here's the honest story behind 20+ tools, a chaotic scoreboard, and why laziness is actually engineering. You didn't just follow — you engaged. Comments that pushed me to think harder. DMs with Easter egg screenshots from dotUniverse. Real people sharing real work. 2,631 of you did that. I don't take it lightly. The real origin story: I'm lazy. Every single tool in the DotSuite ecosystem exists because past-me refused to do something the hard way ever again. Laziness, scaled properly, is just engineering. VS Code Extensions I built out of spite: DotShare — post to 8 platforms at once (1,979+ DLs) dotenvy — .env manager + AI secret detection (1,130+) dotcommand — command manager + ML suggestions (909+) CodeTune — Quran, prayer times in your editor (899+) More VS Code tools: DotFetch — HTTP client with .env support (692+) DotReadme — README quality auditor, A+ to F (515+) dotsense — AI burnout detection + wellness (129+) Total across Marketplace + Open VSX: 6,253+ downloads. CLI + Telegram: DotGhostBoard — AES-256 encrypted clipboard manager DotScramble — auto face/plate blur, 8 effects, Arabic RTL support DotDownloader — Instagram/TikTok/YouTube/Reddit/Spotify bot DotFormate — PDF/DOCX/PPTX conversion with OCR Mobile Apps: DotReminder — AI reminders, biometric auth, location-based DotBurn — Gym & calorie system management app DOTShredzilla — offline-first workout tracker, Kotlin + Jetpack Compose The April scoreboard. Some of it is painful. ✅ dev.to: 2,631 / 2,500 — DONE 💼 LinkedIn: 396 / 500 — 79% 🎵 TikTok: 33 / 100 — 33% ▶️ YouTube: 29 / 100 — 29% 𝕏 Twitter: 16 / 500 — 3% X at 3% is basically a comedy sketch. The scoreboard stays public. What's shipping next: → DotShare v3.2 — Reddit media uploads, S3 pipeline almost stable → dotenvy — LLM layer for config management, full release article incoming → dotUniverse Terminal 2.0 — piping, SSH sim, VIM-lite (Q2) → dotsuite — full portfolio platform this year I'm self-taught. Building all of this from a small city in Egypt. Mostly at night. Mostly alone. No team, no VC, no algorithm boost. Next target: 3,000. I give it two weeks. Live portfolio: kareem2099.github.io/dotuniverse Type `ls ~/tools` in the terminal 🦥

7/7 Known issue in v1.5.1: DEB theme inconsistency on first launch + manual migration step from v1.4.x not surfaced in UI. Both fixed in v1.5.2 — tomorrow. I'd rather ship honest software than pretend it's perfect. Full architecture write-up is live on Dev.to! 👇 🔗 dev.to/freerave/engin… Next: v2.0.0 Cerberus — a Zero-Knowledge Password Vault with pattern-based secret detection. No keywords. Pure entropy. github.com/kareem2099/Dot… Follow @FreeRave2 for more #OpenSource Linux tools.

6/7 The API also has a sliding window rate limiter. 3 pairing attempts per 60s per IP. Shared state protected by threading.Lock. Sounds obvious. Took a real race condition under concurrent requests to learn it the hard way. Every release artifact — AppImage + DEB — is GPG-signed in CI. SHA256SUMS.txt ships with every release. A secure app with an unsigned binary is still a supply chain risk.

1/6 I built a clipboard manager that syncs across Linux machines with zero cloud, zero server, zero plaintext on the wire. No more leaking passwords in plain SQLite. Full architecture + v1.5.1 (Nexus) just dropped github.com/kareem2099/Dot… #DotGhostBoard #GhostProtocol

Here are the links to get started! VS Code Marketplace: marketplace.visualstudio.com/items?itemName… Open VSX (For VSCodium): open-vsx.org/extension/free… Check out the code and leave a star on GitHub: github.com/kareem2099/Dot… Let me know what platform you want to see integrated next!

The Thread Composer: You can now chain multiple posts together, each with its own media, and publish massive dev logs natively from your IDE. No browsers. No distractions. Just pure flow state.

Context switching is the silent killer of productivity. Today, I'm launching DotShare v3.2.1 — bringing social publishing right into your VS Code editor with full Bluesky support. 🦋 Here’s why this update changes everything: #FreeRave #VSCode #WebDev

If you want the full incident report — root cause analysis, investigation notes, and photographic evidence of the missing badge: 🔗 dev.to/freerave/i-got… Badge #3 is still missing. The case remains open. 🕵️

Badge #3 is out there somewhere. Living its best life. Probably deployed on a competitor's platform. I'm fine. (I'm not fine.) cc: @ThePracticalDev — P2 ticket. Not urgent. Just emotionally damaging. 🐛

🧵 I debug production systems for fun. I was NOT ready for this one. (a thread) 👇