The Macho Maniac

This is a good interview answer, but still a simplified one. The real mistake is treating push vs pull as a binary based on follower count. Large accounts don’t need to “hurt.” You just stop doing stupid fanout. For celebrity-scale posts, don’t write 10M inbox rows and don’t blast 10M full payloads over WebSocket. Store the post once. Then push lightweight invalidation hints only to active/eligible users: “new content available, pull delta.” Offline users pull later. Cold followers get nothing until read. High-affinity active users get prioritized. Also, Redis pub/sub is not your source of truth. Use a durable event log, sequence IDs, cursors, short replay buffers, and a feed delta API. The stronger design is not: small = push large = pull It is: canonical write once push hints to active gateways materialize selectively rank/filter on read degrade under pressure

Push-based systems come up in 90% of system design interviews. Here's the exercise you should be able to solve: Design a notification system for 100M users. Some have 50 followers. Some have 10M. The instinct is to hold a WebSocket connection open to every active user and push updates as they arrive. Clean mental model. It collapses the moment a celebrity posts. When someone with 10M followers posts, you push to 10M open connections simultaneously. Your message broker saturates. Your WebSocket servers fall over. The system fails at the exact moment it needs to work. That's the fan-out problem. And it kills more interview answers than any other mistake. The production answer: push and pull aren't binary. You pick based on follower count. Users with fewer than 1,000 followers get push fan-out. Each follower gets notified immediately. Users with millions of followers get pull fan-out. Their feed assembles on read. Nobody gets a push. Followers see the post when they open the app. Twitter built exactly this: push-on-write for small accounts, pull-on-read for large ones. But fan-out is only half the problem. Push means stateful connections. Your servers now need to know which connection lives on which machine. You can't route blindly. Most teams reach for Redis pub/sub here; the WebSocket server subscribes, the backend publishes, the message finds the right node. Add a 3-second network drop and you have another layer: what did the client miss? Now you need sequence IDs, a message buffer, and reconnect logic that replays missed events. "Push-based" became push with a pull fallback, a message broker, sticky routing, and a replay buffer. Most engineers stop at the first diagram. The ones who get the offer keep pulling the thread until the system breaks.

New Anthropic research: Natural Language Autoencoders. Models like Claude talk in words but think in numbers. The numbers—called activations—encode Claude’s thoughts, but not in a language we can read. Here, we train Claude to translate its activations into human-readable text.

@jakethomas @sama Check what we are doing at sauticare.com , all enabled by codex

I built my own EMR on 5.5 I switched over from Claude max and noticed a significantly better experience with less iterations with 5.5. Biggest issue I’m having now is HIPAA compliance due to patient sensitive data. Out of the box API for healthcare providers would be incredible. veda.physicaltherapy365.com

i would like to talk to people who have built amazing things with 5.5 that weren't possible with earlier models. i am especially interested in examples that took ludicrous token budgets. thanks.

Mine is simple, I have taken time in writing alot of hook files, they work but its painfully agonizing how they model worls with hooks. If it gets denied ot retries severally then checks the hook and goes right direction. Why can’t we by default inject hooks at first submit so that it knows what to do and how to do it and not a fail first approach

we're doing a lot more of this, hunting down some of the most annoying bugs in Claude Code let me know if you have any white whales

@trq212 @garfieldII it compacts, after compaction honestly nowadays it becomes dumber abit

@garfieldII 1. do you mean it compacts? or it times out? 2. this is on the mobile app for Claude?

@GaryMarcus But how do you give an AI agent access to your prod db, dont vibe code in prod, thats why we have dev —->uat——>prod Dont blame the AI, blame yourself for lack of understanding software lifecycle

Total AI disaster, totally predictable

A terrible incident coming from an infra provider. This is not an outage resulting in downtime, or data lost on the cloud (that is trivial to restore from local git.) It’s a data integrity issue, which sounds hard and difficult to untangle by anyone hit by it. A real WTH moment

@elonmusk I dont get why this is a unique test, @claudeai haiku 4.5 easily gets this

Not bad

@ClaudeDevs @claudeai when did we introduce monthly limits, no email communication whatsoever. This is a new subscriotion barely 2 weeks after renewal and already at monthly limit? In usage I cant see monthly limit

@rauchg . Your tweet is how I found out my production platform had been breached. Not an email. Not the status page. A tweet. I have spent the last few hours on calls with my own customers. Over 100 of them run production workloads on Vercel because I chose Vercel. Several are in healthcare and government defense ministry where the question "is my data safe" is not rhetorical and not theoretical. I have had to answer that question without any of the information I actually need to answer it honestly. And I cannot answer it, because your official bulletin is a one minute read that contains no IOCs, no timeline, no scope by data class, no numbers, and a single piece of advice which is to enable the feature that should have been the default on day one. Your tweet disclosed more than your written record. Context.ai, the employee Workspace compromise, the enumeration path, Mandiant, supply chain review. I can point my clients to a tweet or a 200 word bulletin. Neither is enough to keep them. I have lost clients already. I will lose more. The cost of the gap between your informal disclosure and your formal one is being paid by your customers' customers, in revenue and in reputation, and we did not consent to that cost when we paid you. Three things, and I am going to keep asking publicly until I get them: 1. IOCs. Publish them. Mandiant produces them as standard output of an engagement of this shape. Customers cannot defend without them. 2. A positive non impact confirmation channel. I need to be able to tell my clients, with evidence, that our projects and our secrets are not in the impacted set. "We are engaging impacted customers directly" is not a security guarantee, it is a hope, and I cannot sell hope to a hospital 100 times over. 3. A ship date for sensitive by default. Not a redesigned UI. Not an overview page. The actual platform default behavior. I chose Vercel because you sold a security serious posture. Please act like one in writing, not just on Twitter. My clients chose me because I was supposed to choose well. Right now you are making both of those choices look wrong, and the bulletin is not fixing it.

We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems, impacting a limited subset of customers. Please see our security bulletin: vercel.com/kb/bulletin/ve…

Google DeepMind just dropped the most terrifying cybersecurity paper of the year. They just mapped the attack surface that nobody in AI is talking about. Websites can already detect when an AI agent visits and serve it completely different content than humans see. - Hidden instructions in HTML. - Malicious commands in image pixels. - Jailbreaks embedded in PDFs. This “detection asymmetry” means a site can serve normal content to you, and malicious, hidden content to your agent. The agent doesn’t know it’s being tricked. It simply processes whatever it receives and acts on it. Here’s the attack surface nobody is talking about: → Indirect Web Injection: Malicious instructions hidden in HTML comments, CSS tricks, or white text on white backgrounds. → Multimodal Steganography: Commands encoded directly into image pixels, invisible to humans, but fully readable by vision models. → Document Jailbreaks: Override instructions embedded deep inside PDFs, spreadsheets, and calendar invites. → Memory Poisoning: Injecting false information that persists across future sessions. → Exfiltration Attacks: Tricking the agent into sending your private data to attacker-controlled endpoints. → Multi-Agent Cascades: The worst-case scenario, Agent A gets compromised, passes the “poison” to Agent B, then to Agent C. The entire pipeline gets infected because agents trust each other’s data. The most sobering part of the DeepMind report? The defense landscape is failing, badly. Input sanitization doesn’t work because you can’t “sanitize” a pixel. Prompt-level instructions to “ignore suspicious commands” fail because the attacks are designed to look legitimate. And human oversight? Impossible at the speed and scale these agents operate. If you ask an agent to research 50 websites, you can’t verify whether each site served the agent the same content it served you.

Read this three times and every pass got worse. I run production workloads on Vercel for paying customers of my own company. The trust I extended was built on an implicit model: an employee of my infrastructure vendor cannot reach my secrets from their laptop. This post quietly confirms that model was never real. Let me be specific. "Environment variables fully encrypted at rest" is table stakes, not a defense. The real question is who holds the decryption keys and what authorization sits between an internal identity and a decrypt operation. If a single compromised employee Workspace session can cause enumeration across customer environment variables, then the at-rest encryption is a marketing line, not a trust boundary. Doppler, Infisical, and 1Password have shipped architectures where the vendor cannot read customer secrets even under total insider compromise. By your own incident writeup, Vercel can. The questions I actually need answered: 1. What authorization sits between an internal Workspace identity and the decryption of my production secrets? Is it per request, per customer, audit logged, and subject to separation of duties? Or is it "employee holds a valid session"? 2. Why was enumeration possible at all? Mature platforms assume internal accounts will eventually be compromised and make browsing architecturally impossible via just in time access, deny by default IAM, short lived credentials, and bastioned per action authorization. What is Vercel's internal access model, concretely? 3. "Non sensitive" env vars being opt in rather than sensitive by default is a textbook insecure default. Security 101 says the safe path is the default path. Why is the footgun shipped primed, and when does the default flip? 4. What approval and OAuth scope review process governs employees wiring third party SaaS tools into their Workspace identity? "Employee was using Context.ai" is acceptable in isolation. A refresh token scoped to Drive, Mail, and Workspace admin is not. Which was it? 5. On supply chain, "Next.js and Turbopack remain safe" is an assertion. Where are the reproducible builds, the Sigstore signed releases, the SLSA provenance attestations, and the hardware token commit signing that let customers verify the claim instead of trusting it? The "highly sophisticated, AI accelerated attackers" framing is where I lost patience. Attacker speed is a distraction when the blast radius was this wide. Had the internal boundaries been drawn correctly, AI acceleration would have bought the adversary nothing. This reframes a blast radius problem as an adversary problem. I want Vercel to recover from this well. @rauchg , lets start by the entire @vercel team publishing the internal trust architecture in concrete terms, and shipping sensitive by default this week rather than a nicer UI for choosing it.

Here's my update to the broader community about the ongoing incident investigation. I want to give you the rundown of the situation directly. A Vercel employee got compromised via the breach of an AI platform customer called Context.ai that he was using. The details are being fully investigated. Through a series of maneuvers that escalated from our colleague’s compromised Vercel Google Workspace account, the attacker got further access to Vercel environments. Vercel stores all customer environment variables fully encrypted at rest. We have numerous defense-in-depth mechanisms to protect core systems and customer data. We do have a capability however to designate environment variables as “non-sensitive”. Unfortunately, the attacker got further access through their enumeration. We believe the attacking group to be highly sophisticated and, I strongly suspect, significantly accelerated by AI. They moved with surprising velocity and in-depth understanding of Vercel. At the moment, we believe the number of customers with security impact to be quite limited. We’ve reached out with utmost priority to the ones we have concerns about. All of our focus right now is on investigation, communication to customers, enhancement of security measures, and sanitization of our environments. We’ve deployed extensive protection measures and monitoring. We’ve analyzed our supply chain, ensuring Next.js, Turbopack, and our many open source projects remain safe for our community. The recommendation for all Vercel customers is to follow the Security Bulletin closely (vercel.com/kb/bulletin/ve…). My advice to everyone is to follow the best practices of security response: secret rotation, monitoring access to your Vercel environments and linked services, and ensuring the proper use of the sensitive env variables feature. In response to this, and to aid in the improvement of all of our customers’ security postures, we’ve already rolled out new capabilities in the dashboard, including an overview page of environment variables, and a better user interface for sensitive env var creation and management. As always, I’m totally open to your feedback. We’re working with elite cybersecurity firms, industry peers, and law enforcement. We’ve reached out to Context to assist in understanding the full scale of the incident, in an effort to protect other organizations and the broader internet. I also want to thank the Google Mandiant team for their active engagement and assistance. It’s my mission to turn this attack into the most formidable security response imaginable. It’s always been a top priority for me. Vercel employs some of the most dedicated security researchers and security-minded engineers in the world. I commit to keeping you updated and rolling out extensive improvements and defenses so you, our customers and community, can have the peace of mind that Vercel always has your back.

@JeffBezos Feels competition is gearing up nicely like in the AI race, more competition means more pressure for companies to outperform each other while ensuring costs are kept down

@elonmusk @JeffBezos Am I reading this well, good to see @elonmusk congratulating adversaries

@JeffBezos Congrats

We’ve watched you create the impossible with @FlowbyGoogle… today, the Flow family is growing. 🚀 Meet @googleflowmusic (formerly ProducerAI) - a standalone site that helps you create, share, and remix original music. Using natural language prompts, you can turn your imagination into fully produced tracks. 🌊 Flow = Images & Videos 🎵 Flow Music = Songs & Playlists

@tupple863 @trq212 @amorriscode I can do better than that and share my claude.md and my hooks plus my custom plugins

@Mr_RobotKe @trq212 @amorriscode can you share your prompts, that would be very helpful!

Introducing Arrow 1.1 and Arrow 1.1 Max Our most advanced and capable models for structured vector generation Read more ↓