Luke Phillips-Sheard

@dglsparsons @paw_lean Banger

@paw_lean even your phone thought you yapped too much

Ah yes, love recording a 40 minute video only to realise my phone died in the middle of it

@simhskal Now we really can ignore our partners all day

omg

@andrewqu @cramforce could fit a lot of agents in that lake

People really look at this and think: “agents”

@sonofalli @Waymo @brexton @paw_lean this is how you show people you’re married

what if we held hands in the @Waymo

@jacobmparis @paw_lean Only because it’s the wrong hand for the ring though

@paw_lean @SheardLuke this is the first photo of hand without a ring you’ve posted this year

Happy 1 year to my crash out tweet 😂

@paw_lean @jacobmparis It’s the only valid take tbh

@jacobmparis That’s your take away from this

@rough__sea Without a car

every american politician should be required to spend 1 month in europe and 1 month in asia

@dglsparsons @jacobmparis @BenjDicken Come on, we all know the best database is JSON

@jacobmparis @BenjDicken Meesa picksa best databasaa

This guy knows how to pick a database.

@techwraith @JinjingLiang @andrewqu @rauchg 👀

@JinjingLiang @andrewqu @rauchg Vergit ("just vergit")

Please @rauchg , we're ready for Gitcel

@javivelasco @david_bonilla @tomlienard please teach me neovim this week

@david_bonilla El 90% de los goats que conozco usan neovim con tmux y no salen de la “línea de comandos"

Creo que mucho vibecoder se quedaría pasmado al saber que la inmensa mayoría de programadores profesionales apenas tocan la linea de comandos durante su jornada porque... no les hace falta. Casi todo se puede lanzar desde el IDE, que es el verdadero centro de trabajo.

@paw_lean @dglsparsons Yeah, I don't miss them when I put my foot down 😂

@SheardLuke @dglsparsons But all the settings and features!!!!

My husband got a new car yesterday, the company emailed asking for feedback and he sends this:

@paw_lean @dglsparsons I'll take my V6, thanks

@dglsparsons @SheardLuke No thnx

@rauchg @v0 @vercel @github this is art

Asked @v0 what it would look like if @vercel shipped @github 😁 (2 prompts)

@paw_lean @Flighty Rookie numbers

Stacking stats

@javivelasco This man is the AI

Over the last 10 days I wrote a bunch of optimisations for one of the steps in Vercel's deployment process, making it 3x faster for deployments with thousands of outputs. Today, those optimisations can't be generated autonomously by AI. I did try. In my experience it just can't get there. So yeah, keep having AI generate all your code. Keep accumulating debt.

@andrewqu Stop reposting my slacks

underrated: public API token revocation endpoint so easy to lock down a service you use more API services should have this

What a week it's been already, eh?

Here's my update to the broader community about the ongoing incident investigation. I want to give you the rundown of the situation directly. A Vercel employee got compromised via the breach of an AI platform customer called Context.ai that he was using. The details are being fully investigated. Through a series of maneuvers that escalated from our colleague’s compromised Vercel Google Workspace account, the attacker got further access to Vercel environments. Vercel stores all customer environment variables fully encrypted at rest. We have numerous defense-in-depth mechanisms to protect core systems and customer data. We do have a capability however to designate environment variables as “non-sensitive”. Unfortunately, the attacker got further access through their enumeration. We believe the attacking group to be highly sophisticated and, I strongly suspect, significantly accelerated by AI. They moved with surprising velocity and in-depth understanding of Vercel. At the moment, we believe the number of customers with security impact to be quite limited. We’ve reached out with utmost priority to the ones we have concerns about. All of our focus right now is on investigation, communication to customers, enhancement of security measures, and sanitization of our environments. We’ve deployed extensive protection measures and monitoring. We’ve analyzed our supply chain, ensuring Next.js, Turbopack, and our many open source projects remain safe for our community. The recommendation for all Vercel customers is to follow the Security Bulletin closely (vercel.com/kb/bulletin/ve…). My advice to everyone is to follow the best practices of security response: secret rotation, monitoring access to your Vercel environments and linked services, and ensuring the proper use of the sensitive env variables feature. In response to this, and to aid in the improvement of all of our customers’ security postures, we’ve already rolled out new capabilities in the dashboard, including an overview page of environment variables, and a better user interface for sensitive env var creation and management. As always, I’m totally open to your feedback. We’re working with elite cybersecurity firms, industry peers, and law enforcement. We’ve reached out to Context to assist in understanding the full scale of the incident, in an effort to protect other organizations and the broader internet. I also want to thank the Google Mandiant team for their active engagement and assistance. It’s my mission to turn this attack into the most formidable security response imaginable. It’s always been a top priority for me. Vercel employs some of the most dedicated security researchers and security-minded engineers in the world. I commit to keeping you updated and rolling out extensive improvements and defenses so you, our customers and community, can have the peace of mind that Vercel always has your back.