Sabitlenmiş Tweet
My course about Ruby on Rails security is out of pre-sale. All of the content, videos and text is published now. I will likely add an extra AI section soon as an extra.
gregmolnar.gumroad.com/l/security-for…
English
Greg Molnar
10.2K posts
Greg Molnar
@GregMolnar
Father of 2, OSCP Certified Penetration Tester and a Ruby Developer since 2010 Security for Rails Developers: https://t.co/72XgWS3eOV
Permanent Underclass Katılım Mart 2013
369 Takip Edilen3.2K Takipçiler
@lylo I blog my thoughts but this place drives a lot of traffic to the blog.
English
@GregMolnar yeah but what's the point unless you want a following (why?). people with followings are now incentivised to tweet (💰) so the tail just starts wagging the dog and it all descends into slop.
blog your interesting thoughts instead :)
i think this place is no longer for me 🤷♂️
English
@lylo That's not what I meant. I might post bait rarely, but not regularly for sure and my tweets are doing fine I think. By interesting I meant something people can learn from, even better if they feel the need to say something about it so they reply.
English
@rockatanescu @ZackKorman Same is true for a rubygem. You can have a post install hook and there are other ways to execute code from the gemspec. It is a trust based system.
English
@ZackKorman It has the same security model as the npm postinstall script, which is... *checks notes* a well-known security risk.
x.com/lydiahallie/st…
Lydia Hallie ✨@lydiahallie
@itechnologynet Ah this fails by default, it only runs if the skill's frontmatter declares something like allowed-tools: Bash/Bash(rm *) etc. Just make sure to check what the skill allows if you're downloading anything external, it's essentially the same model as postinstall scripts
English
You can hide these !commands in html comments so people don't see them when reading the skill.
The command executes without the AI even knowing about it.
Lydia Hallie ✨@lydiahallie
if your skill depends on dynamic content, you can embed !`command` in your SKILL.md to inject shell output directly into the prompt Claude Code runs it when the skill is invoked and swaps the placeholder inline, the model only sees the result!
English
Greg Molnar retweetledi
🚨 Final call 🚨
Only 10 tickets left for wroclove.rb!
Three days. 4 hands-on workshops. 12 amazing talks. A community you don’t want to miss.
Grab your ticket before they’re gone!
P.S. Shall we release more tickets? 👀
wrocloverb2026.konfeo.com/en/groups
English
Greg Molnar retweetledi
Ruby developers are shipping their docs on VitePress, a JavaScript static site generator. Because nothing in the Jekyll ecosystem looked as good.
So I made Jekyll VitePress Theme. Same UX, pure Jekyll. 1.0 is out today.
paolino.me/ruby-deserves-…
English
@arvidkahl Security analysis? :) Yeah, the S in Claude stands for being great at security.
English
Claude, you'll be done with implementing ALL of these improvements in like 30 minutes, including full test coverage and security analysis.
You know it.
I know it.
Which, as Claude shows pre-AI estimates, is WILD.
English
@levelsio I drove over 1 million kilometers and driving is fun, regardless of the occasional bad drivers you cross. Go to a course and rent a sports car. You will see why driving is fun. Once you get the experience, you will enjoy it in traffic too.
English
Greg Molnar retweetledi
Just wrote up a nicer post about RubyLLM 1.14 on my blog.
paolino.me/rubyllm-1-14-c…
Also launched my newsletter so you can get my posts in your inbox.
You can find a form to subscribe at the end of each post. Some of you already got the first email already!
English
Greg Molnar retweetledi
You know there are companies that work fully async, right? So that means zero meetings. You can find a couple of them on calmcompanies.club 😉 Just sayin'.
For $5/yr, you get a curated weekly newsletter of job openings at companies renowned for their great work culture.
English
English
@GregMolnar @sama You’re not gonna be seeing my code on github lol my projects are all private
Openclaw is an ai made project and it’s the most explosive open source project of all time
Stop wasting my time with generalities
English
I have so much gratitude to people who wrote extremely complex software character-by-character. It already feels difficult to remember how much effort it really took.
Thank you for getting us to this point.
English
I wrote a post about that nasty car issue I fixed recently. The TLDR: you can do anything if you are determined and have some willingness to learn and curiosity.
greg.molnar.io/blog/how-i-fix…
English
@_avdept Reading the code didn't help because all modules on that CAN BUS returned an error code. As far as I understand they communicate on the same line so anything breaks on it, all communication stops.
English
@GregMolnar nice writeup dude, and yeah, electrical issues in cars are really hard to diagnose
one of shortcuts you could've do - read out codes, sometimes can can show what exactly is shorted so possibly could save some time
English
@tibo_maker it looks very artificial. Nowhere near close to a real shot.
English
most people still think AI video = weird glitchy clips
meanwhile you can now generate a full cinematic story with consistent characters from a single prompt
made this in Revid with few editing
you can now run YT/TikTok channels with very low effort and incredible quality
English
@JoschuaBuilds "biggest mistake of my life was getting a MacBook."
You forgot to punctuation. I fixed it for you.
English
biggest mistake of my life was getting a MacBook with only 500GB storage
I dont even know where to start cleaning...
English
16k/day lines of code with Ruby and Rails is sign of being retarded. The language and the framework that's loved for its brevity. You can do so much with so little if you know how to use them. But I guess his AI just reinvents the wheel all the time and generates unnecessary code. Will be a joy to maintain in the long term.
English
i can write 50k lines of code a day
and it will absolutely not generate any tangible lasting value
nor will these 16k, from Garry or anyone else
(sorry, but its the truth)
Garry Tan@garrytan
If I can do 16k LOC per day across 3 different projects (including one open source one you can see yourself) then I think almost any technical CEO CTO pair at YC will That's the bar now
English
If I need a recharge, I go and hug my buddies on the mat. Or hug and kiss my kids and do something with them. Also being out in a storm, feeding the animals makes you realize that the things you would worry about are not important at all, so I don't even feel the need for therapy.
English
I go to therapy with claude and always get a second opinion from ChatGPT. Sometimes when I want really spicy I’ll talk to Grok. Why what you all doing?
Nate Berkopec@nateberkopec
@aviflombaum men will do literally anything except go to therapy
English