Amine

SECURITY ADVISORY — TanStack npm packages A supply-chain compromise affecting 42 @tanstack/* packages (84 versions total) was published to npm earlier today at approximately 19:20 and 19:26 UTC. Two malicious versions per package. Status: ACTIVE — packages are deprecated, npm security engaged, publish path being shut down. Severity: HIGH — payload exfiltrates AWS, GCP, Kubernetes, and Vault credentials, GitHub tokens, .npmrc contents, and SSH keys. If you installed any @tanstack/* package between 19:20 and 19:30 UTC today, treat the host as potentially compromised: • Rotate cloud, GitHub, and SSH credentials immediately • Audit cloud audit logs for the last several hours • Pin to a prior known-good version and reinstall from a clean lockfile Detection — the malicious manifest contains: "optionalDependencies": { "@tanstack/setup": "github:tanstack/router#79ac49ee..." } Any version with this entry is compromised. The payload is delivered via a git-resolved optionalDependency whose prepare script runs router_init.js (~2.3 MB, smuggled into each tarball at the package root). Unpublish is blocked by npm policy for most affected packages due to existing third-party dependents. All 84 versions are being deprecated with a SECURITY warning, and npm security has been engaged to pull tarballs at the registry level. Full technical breakdown, complete package and version list, and rolling status updates: github.com/TanStack/route… Credit to the security researcher for responsible disclosure.

30 mins into the claude code keynote and every speaker so far has been a woman. just saying 🫶🏻 @asvora @angjiang @katelyn_lesse @_catwu Dianne Penn @claudeai

Issue tracking is dead. We are building what comes next. linear.app/next

👨‍💼 People always ask me how I invest my money, so I open sourced my investment portfolio at levels.vc There's no big strategy here and no certainty that this is a good portfolio either, right now it returns about $120K/mo I try buy mostly ETFs and they have the highest return for me overall Sometimes stocks rise so much though it becomes disproportionate % of portfolio (like NVIDIA) I don't invest in startups now, but maybe one day I will. Why not now? From my studies of VC funds: you need to invest 100 to 1000 times @ $100K = $10M to $100M to have one home run exit that makes your fund profitable statistically Unless you for example put in $1M yourself and then raise another $9M to $99M from rich people and pension funds (via LPs) that means you statistically you make no chance of ever making a profit on your investments. So not sure I should do it at all now. ETFs though are nice, they let me invests in tens of thousands of companies all around the world while paying for ex 0.07% in fees (called TER, Total Expense Ratio)! That means investing $100K in 10,000 companies costs me only $7 per year! The cheapest investment products on the planet. Since I'm not American I buy the European versions (but still in USD) of ETFs (called UCITS), for ex VOO in US is called VUSD in EU, there's some tax savings if you buy it in Europe (if you're not American) etc. Anyway I don't know much about it, just trying to do the right thing and not chasing short term profits but long term 20-30 years Some of my inspirations for investing are John Bogle (inventor of ETFs) and Ray Dalio (tl;dr Asia is the future) and those depict my investment strategy

Private schools are the most expensive placebo in America. Nowhere else will you pay $250k+ for something that has so little impact on school achievement. My latest on why private school isn't worth the cost: ofdollarsanddata.com/why-private-sc…

@itsolelehmann Why would you live in the shithole that is Germany?