kolade

@bvchidra What would you rather use?

happy for you. I wouldn’t use bcrypt to hash my passwords though.

There is a surge of supply chain attacks (and it is only going to get worse) If you are using pnpm, take these steps to protect yourself: * set minimumReleaseAge to 7 days * set blockExoticSubdeps to true * configure onlyBuiltDependencies npm / yarn have similar settings

🚨 SECURITY ALERT: The popular PyPI package lightning has been compromised in a supply chain attack. ⚠️ Affected Versions: 2.6.2 and 2.6.3

The Ubuntu website and Canonical web services are under attack (reportedly a DDoS). Core OS and updates remain unaffected.

Canonical’s web infrastructure is under a sustained, cross-border attack and we are working to address it. We will provide more information in our official channels as soon as we are able to.

Everyone's talking about becoming a VA. Almost no one shows you how. That's the gap Everything VA solves. No confusion. No random learning. Just a clear system from I'm interested to job-ready. Join the waitlist everythingva.lovable.app

‼️🚨 BREAKING: An AI found a Linux kernel zero-day that roots every distribution since 2017. The exploit fits in 732 bytes of Python. Patch your kernel ASAP. The vulnerability is CVE-2026-31431, nicknamed "Copy Fail," disclosed today by Theori. It has been sitting quietly in the Linux kernel for nine years. Most Linux privilege-escalation bugs are picky. They need a precise timing window (a "race"), or specific kernel addresses leaked from somewhere, or careful tuning per distribution. Copy Fail needs none of that. It is a straight-line logic mistake that works on the first try, every time, on every mainstream Linux box. The attacker just needs a normal user account on the machine. From there, the script asks the kernel to do some encryption work, abuses how that work is wired up, and ends up writing 4 bytes into a memory area called the "page cache" (Linux's high-speed copy of files in RAM). Those 4 bytes can be aimed at any program the system trusts, like /usr/bin/su, the shortcut to becoming root. Result: the next time anyone runs that program, it lets the attacker in as root. What should worry most: the corruption never touches the file on disk. It only exists in Linux's in-memory copy of that file. If you imaged the hard drive afterwards, the on-disk file would match the official package hash exactly. Reboot the machine, or just put it under memory pressure (any normal system load that needs the RAM), and the cached copy reloads fresh from disk. Containers do not help either. The page cache is shared across the whole host, so a process inside a container can use this bug to compromise the underlying server and reach into other tenants. The original sin was a 2017 "in-place optimization" in a kernel crypto module called algif_aead. It was meant to make encryption slightly faster. The change broke a critical safety assumption, and nobody noticed for nine years. That bug then rode every kernel update from 2017 to today. This vulnerability affects the following: 🔴 Shared servers (dev boxes, jump hosts, build servers): any user becomes root 🔴 Kubernetes and container clusters: one compromised pod escapes to the host 🔴 CI runners (GitHub Actions, GitLab, Jenkins): a malicious pull request becomes root on the runner 🔴 Cloud platforms running user code (notebooks, agent sandboxes, serverless functions): a tenant becomes host root Timeline: 🔴 March 23, 2026: reported to the Linux kernel security team 🔴 April 1: patch committed to mainline (commit a664bf3d603d) 🔴 April 22: CVE assigned 🔴 April 29: public disclosure Mitigation: update your kernel to a build that includes mainline commit a664bf3d603d. If you cannot patch immediately, turn off the vulnerable module: echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf rmmod algif_aead 2>/dev/null || true For environments that run untrusted code (containers, sandboxes, CI runners), block access to the kernel's AF_ALG crypto interface entirely, even after patching. Almost nothing legitimate needs it, and blocking it shuts the door on this whole class of bug...

my daily non-negotiable habits: • no phone 10pm → 9am • 4 hours of deep work • 10 pages of reading • 2 hour workout • 3L of water these 5 helped me build meloze and grow my account

if youre in your 20s: lock in. delete tiktok. ship something real. walk daily. start posting on x. read books. watch films. be weird. promote your work without shame. ignore the news cycle. make life easier for 30 year old you. your future self will thank you for the reps you put in now

web3 boys signing the 100k naira per month job after swearing in 2024 that they’d never do 9-5 in their lives.

We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems, impacting a limited subset of customers. Please see our security bulletin: vercel.com/kb/bulletin/ve…

Physical AI is going crazy right now, quick update for April 15, 2026. The brain + body integration is accelerating today. Here’s the latest wave hitting hardware, factories, and Big Tech all at once: 1. NVIDIA + Cadence: Solving the “Sim-to-Real” Gap.
NVIDIA and Cadence just expanded their partnership to integrate physics engines directly with AI training models. This is pure firepower for robotics: smarter perception, reasoning, and actuation. We are talking about 100x faster simulations for factories and warehouses. If you’re building for the physical world, this is the new gold standard. 2. Accenture’s Massive Bet on “General Robotics.”
Accenture just made a strategic investment in General Robotics to deploy their “GRID” orchestration layer. It’s no longer about a single robot; it’s about a unified “brain” that manages entire fleets of different robots across a factory. The era of the “hybrid agentic workforce” (humans + robots + AI) is officially here. 3. DeepMind Launches Gemini Robotics-ER 1.6.
Google DeepMind just dropped a new foundation model specifically for robots. Robotics-ER 1.6 brings precise spatial reasoning and “agentic vision” to hardware. It can read gauges, understand complex tools, and plan tasks in messy, real-world environments. 4. ASML Crushes Q1: The AI Chip Boom is Accelerating.
ASML just reported record sales and raised its 2026 revenue forecast to €36–40B. Why? Because the demand for chips to power robotics and agentic systems is outstripping manufacturing capacity. Infrastructure is the silent engine of this boom, this is the ultimate “picks and shovels” play 5. The Wildest Pivot: Allbirds => NewBird AI.
In the most “2026” move yet, the shoe company Allbirds is officially rebranding as NewBird AI. They’ve raised $50M to pivot entirely into GPU-as-a-Service and AI infrastructure. When a footwear brand exits the market to buy AI chips, you know the hardware wave has reached peak velocity. 6. Big Tech & Dev Tools:
• Google: Launched the native Gemini app for Mac today. With the Option + Space shortcut and screen-sharing context, it’s a total game-changer for workflows.
• Meta: Scaled Muse Spark toward personal superintelligence and released SAM 3.1 for real-time video tracking of 16+ objects. Physical AI is no longer demos, it’s fleets, simulations, orchestration layers, and custom silicon all shipping now. The gap between code and real-world action is collapsing in real time.

Lovable Payments just changed the game. Describe what you want to sell → one chat sets up global checkout, VAT/tax, and a natural-language revenue dashboard. You get the speed of AI with dev-level control: auto-handled webhooks for the basics, but full freedom to customize Stripe/Paddle logic and export your code. The jump from “cool prototype” to “real business” just got reduced to minutes. Huge for indie makers and anyone shipping fast.

We’ve moved from “one model fits all” to Compound AI Systems: orchestrating foundation models, RAG, guardrails, and execution layers. The brain and the body of tech are finally integrating.

Software side is moving just as quick: • Google’s Gemma 4 (dropped April 2) delivers huge leaps in coding & agentic performance perfect for your local Ollama setup. • Meta’s Llama 4 Scout just dropped a 10-million-token context window. You can now feed an entire codebase into one prompt.

AI & Physical AI Breakthroughs – April 2026 The “Robot Butler” isn’t a meme anymore. SoftBank, NEC, Sony & Honda just formed a new company to build Japan’s own foundation model with a heavy focus on Physical AI for autonomous robots and machines. SoftBank/NEC on the “brain,” Honda/Sony applying it to real hardware. This is the merger of trillion-parameter reasoning with actual movement. 👇

@Sarthak4Alpha Versioning

You're redesigning a public API that 10,000 developers already use. You need to make breaking changes. How do you do it without destroying everyone's integration?

Backend developers who thought their job was safe

@vivoplt Cache frequent queries, implement rate limiting as well

Interviewer: Your API works perfectly with 1K users. It falls apart at 100K. You can't change the infrastructure. What would you use to fix it?