DAN

@yk_verse @victorfatanmi Thank you ❤

@victorfatanmi @arowolodaniel

Please tag full-time, high-taste web designers in Nigeria. Not product designers who also design website interfaces. I mean designers focused on websites.

@Olusegun_AdeAde @TosinOlugbenga 😅

@TosinOlugbenga I saw one of my perpetual clients post a website his son built using AI. In my mind I just knew otilo

I have said this since last year but people said it will only take the job of those that don’t know how to use AI. Whether you know how to use AI or not, you are not safe. A client just deployed an app in a month that should take four people to build in 6 months.

I really think what people do for LIVING is different from what gives them money

@rauchg @greaterheights_

Here's my update to the broader community about the ongoing incident investigation. I want to give you the rundown of the situation directly. A Vercel employee got compromised via the breach of an AI platform customer called Context.ai that he was using. The details are being fully investigated. Through a series of maneuvers that escalated from our colleague’s compromised Vercel Google Workspace account, the attacker got further access to Vercel environments. Vercel stores all customer environment variables fully encrypted at rest. We have numerous defense-in-depth mechanisms to protect core systems and customer data. We do have a capability however to designate environment variables as “non-sensitive”. Unfortunately, the attacker got further access through their enumeration. We believe the attacking group to be highly sophisticated and, I strongly suspect, significantly accelerated by AI. They moved with surprising velocity and in-depth understanding of Vercel. At the moment, we believe the number of customers with security impact to be quite limited. We’ve reached out with utmost priority to the ones we have concerns about. All of our focus right now is on investigation, communication to customers, enhancement of security measures, and sanitization of our environments. We’ve deployed extensive protection measures and monitoring. We’ve analyzed our supply chain, ensuring Next.js, Turbopack, and our many open source projects remain safe for our community. The recommendation for all Vercel customers is to follow the Security Bulletin closely (vercel.com/kb/bulletin/ve…). My advice to everyone is to follow the best practices of security response: secret rotation, monitoring access to your Vercel environments and linked services, and ensuring the proper use of the sensitive env variables feature. In response to this, and to aid in the improvement of all of our customers’ security postures, we’ve already rolled out new capabilities in the dashboard, including an overview page of environment variables, and a better user interface for sensitive env var creation and management. As always, I’m totally open to your feedback. We’re working with elite cybersecurity firms, industry peers, and law enforcement. We’ve reached out to Context to assist in understanding the full scale of the incident, in an effort to protect other organizations and the broader internet. I also want to thank the Google Mandiant team for their active engagement and assistance. It’s my mission to turn this attack into the most formidable security response imaginable. It’s always been a top priority for me. Vercel employs some of the most dedicated security researchers and security-minded engineers in the world. I commit to keeping you updated and rolling out extensive improvements and defenses so you, our customers and community, can have the peace of mind that Vercel always has your back.

what’s hard about programming is everything except writing the code

I use this analogy a lot. This is what a room full of computers looked like in old times:

I will probably end up paying over $500B in taxes, inclusive of death

WebMCP is available for early preview → goo.gle/4rML2O9 WebMCP aims to provide a standard way for exposing structured tools, ensuring AI agents can perform actions on your side with increased speed, reliability, and precision.

Google and Microsoft just co-authored the spec that turns every website into an API for AI agents. The second-order effects here are massive. Right now, browser agents work by taking screenshots, parsing the DOM, and guessing which buttons to click. It works about as well as you’d expect. Fragile, expensive, slow. WebMCP replaces all of that with a single browser API: navigator.modelContext. Websites register structured tools directly in client-side JavaScript. The agent reads a menu of available actions, calls them, gets structured data back. No scraping. No backend MCP server in Python or Node. The tools run inside the browser tab and share the user’s existing auth session. Early benchmarks show ~67% reduction in computational overhead compared to visual agent-browser interactions. Task accuracy around 98%. The second-order effect is where this gets wild. Today, when a browser agent visits two competing airline sites, it’s guessing at both interfaces equally. Once WebMCP adoption spreads, the site that exposes structured tools gives the agent a clean, reliable path to complete the task. The site that doesn’t forces the agent to fumble through the UI. Agents will prefer the cheaper path. Every time. This means “Agent Experience Optimization” becomes a real discipline. Tool naming, schema design, description quality. Sound familiar? It’s the same shift that happened when meta descriptions and structured data became optimization surfaces for search engines. Except this time, the traffic source isn’t Google’s crawler. It’s every AI agent on the internet. Bots already make up 51% of web traffic. Google just gave them a front door.

We just released 𝚛𝚎𝚊𝚌𝚝-𝚋𝚎𝚜𝚝-𝚙𝚛𝚊𝚌𝚝𝚒𝚌𝚎𝚜, a repo for coding agents. React performance rules and evals to catch regressions, like accidental waterfalls and growing client bundles. How we collected them and how to install the skill ↓ vercel.com/blog/introduci…

We're encapsulating all our knowledge of @reactjs & @nextjs frontend optimization into a set of reusable skills for agents. This is a 10+ years of experience from the likes of @shuding, distilled for the benefit of every Ralph

Vercel just dropped 10+ years worth of Claude Code Skills with all their frontend learnings & optimizations 🤯 Ralph is going to love looping this

To our users: Thank you for your patience, your trust, and for keeping us laughing even when the pressure is on.

I have never been so happy to be "afflicted by divers troubles." But the "smooth path" isn't just poetry. It’s backed by data. Since the fix: 📷 4,482 Virtual Accounts generated 📷 3,850 Successful payments 📷 ₦13.2M+ successfully processed

Startups are hard. Downtime is harder. Few months ago, we had some network instability on iNPAY. It was stressful. My team and I didn't sleep much until it was fixed. Once we stabilized, I went back after a while to our Beta Users group to ask for their honest experience.

@unblogd @grok can you give me backstory

Hello EU, how is this different than X?

The merchant kept selling. It's one thing to build for scale on a whiteboard. It's another to watch your code stretch under the weight of real money and hold the line. That day didn't just give us revenue. It gave us proof. iNPAY is ready.

This wasn't a code error; it was a scale error. I had to hotfix the core uniqueness logic while the traffic was still hammering the gateway. I added a unique backend layer, merged it, and held my breath. The system stabilized. The money settled instantly.

Concurrency is a myth, until it isn't. We've processed over ₦350M across our products, so money moving isn't new to us. But iNPAY Checkout is. Up until last week, this specific product had processed about ₦11M lifetime. Then came Black Friday.