Gabriele De Rosa
2.9K posts
Gabriele De Rosa
@derogab
focused builder @ https://t.co/0KsUfxswg3
Earth Katılım Mayıs 2011
1.6K Takip Edilen656 Takipçiler
DeepSeek V4 Pro and Flash now available in Go
We rushed to get this released, still working out the capacity and usage limits
Thanks to the @deepseek_ai team for the PRs and fixes
English
JUST IN: OpenAI is reportedly developing a smartphone designed to "make apps obsolete" by replacing them with AI agents.
English
We’re sorry our initial statement didn't properly address our mistake. Here's what a public project on Lovable means, and how we got to where we are today:
In the early days, people didn't know what Lovable was capable of. So we wanted to make it easy to explore what others were building, as a way to spark ideas and lower the barrier to getting started. Like scrolling GitHub or Dribbble: you browse projects to see what's possible, then go build your own.
When you create a project on GitHub, you can make it private or public. Lovable worked the same. Users had a "Public" or "Private" option right in the chatbox. A public project meant the entire project was public, both chat and code. “Just like a public project on GitHub," we thought.
Over time, we realized this was confusing. Many users thought "public" just meant others could see their published app, not the chat of an unpublished project. That's reasonable.
On the free tier, users originally couldn't create private projects. They had to upgrade to a paid plan to do so. In May 2025, we changed this: users on the free tier could choose to make their projects private. For enterprise customers, the public visibility setting was disabled altogether. And in December 2025, we switched to private by default across all tiers.
We also retroactively patched our API so public project chats couldn't be accessed, no matter what. Unfortunately, in February, while unifying permissions in our backend, we accidentally re-enabled access to chats on public projects.
This was reported through our vulnerability disclosure program (via HackerOne). Unfortunately, the reports were closed without escalation because our HackerOne partners thought that seeing public projects’ chats was the intended behaviour.
Upon learning this, we immediately reverted the change to make all public projects’ chats private again. We appreciate the researchers who uncovered this.
We understand that pointing to documentation issues alone was not enough here. We’ll do better.
Lovable@Lovable
We were made aware of concerns regarding the visibility of chat messages and code on Lovable projects with public visibility settings. To be clear: We did not suffer a data breach. Our documentation of what “public” implies was unclear, and that’s a failure on us. Specifically for public projects, chat messages used to be visible — this is now no longer possible. When it comes to code of public projects: That is intentional behavior. We have experimented with different UX for how the build history is surfaced on public projects, but the core behavior has been consistent and by design. Importantly, for enterprise customers, being able to set visibility to public for new projects has been disabled since May 25, 2025.
English
So prompt engineers learned English is imprecise for coding and started using stricter syntax. I wonder how long it will take before they come full circle and land back at programming languages again.
Sukh Sroay@sukh_saroy
Prompt engineering is dead. Nobody is writing english to chatbots anymore. The best outputs are coming from people who write prompts like code. It's called json prompting. and once you see it, you can't go back:
English
can't wait to see the amazing companies that will come out of SR007 🔥
a16z speedrun 🧊@speedrun
SR007 APPLICATIONS ARE OPEN NOW If you're building the next great company, we want to give you up to $1M in funding and $5M+ in credits, plus the most powerful launch platform in tech. Apply before 11:59pm PT on May 17, 2026. It only takes 5 min 👉 speedrun007.a16z.com/x
English
@Polymarket No issue: the average Lovable user had already exposed all their credentials themselves months ago.
English
BREAKING: Vibe-coding platform Lovable reportedly suffered a breach that exposed users’ AI chat histories, source code, & database credentials.
English
Everyone is 18+ in the EU 🇪🇺
Paul Moore - Security Consultant @Paul_Reviews
Bypassing #EU #AgeVerification using their own infrastructure. I've ported the Android app logic to a Chrome extension - stripping out the pesky step of handing over biometric data which they can leak... and pass verification instantly. Step 1: Install the extension Step 2: Register an identity (just once) Step 3: Continue using the web as normal The extension detects the QR code, generates a cryptographically identical payload and tells the verifier I'm over 18, which it "fully trusts". This isn't a bug... it's a fundamental design flaw they can't solve without irrevocably tying a key to you personally; which then allows tracking/monitoring. Of course, I could skip the enrolment process entirely and hard-code the credentials into the extension... and the verifier would never know.
English
It seems Spain has the same problem Italy has with the #PiracyShield. Same sport, same bullshit.
zeb@zebassembly
The situation in Spain where LaLiga can force ISPs to ban any IP range they want without a court order is ridiculous and so aggressively anti-internet that it's causing real harm to Spain's citizens. Docker is one thing, but the other comments in this HN post are way worse (anti-theft alarms, apps for helping people suffering from dementia). It's horrible that clouds that serve multiple sites from the same IPs are being strong-armed into either taking down anything LaLiga wants without a court order or suffering mass ip blocks.
English
English
Gabriele De Rosa retweetledi
Gabriele De Rosa retweetledi
Please write to your MEPs to oppose untargeted mass scanning of private communications (Chat Control). On March 11 Parliament voted 458-103 to limit scanning. Today they vote again (!!!) and those protections could be watered down. Act now: fightchatcontrol.eu
English
Gabriele De Rosa retweetledi
And after voting that out too...
🇪🇺 ChatControl is back with a vengeance
The Conservatives (EPP) are attempting to force a new vote TODAY (March 26) seeking to reverse the European Parliament's NO on indiscriminate scanning of ALL your private messages, emails and photos
This is a direct attack on democracy and blatant disregard for your right to privacy
If you're European contact your representatives now, with this handy form:
#contact-tool" target="_blank" rel="nofollow noopener">fightchatcontrol.eu/?foo=bar#conta…
If not, please share this tweet so more people see it and we can block the vote
It's crazy they keep just bringing back whatever they want until it's passed!
Obviously now we see the European Commission is controlled by powerful evil lobbying groups 👺
@levelsio@levelsio
Just a month later and... 🇪🇺 ChatControl is back! Now they're trying to pass an even more far reaching ChatControl law through the back door, in a form even more intrusive than the originally rejected plan, without needing any of the EU countries votes The new proposal: - total mandatory surveillance of ALL text chats, emails and social media in the EU - obligatory registration of your ID/passport to your chat, email or social media account - minimum age requirement for chat, email and social media apps of 16 (!) The only way to stop this law is if EU countries veto it Read more here by @echo_pbreyer: patrick-breyer.de/en/chat-contro…
English
Devs are writing less code, but reading & understanding it matters more than ever.
Thank god I learned coding the old way — now I can actually use these tools without getting fucked.
Alex Sidorenko@asidorenko_
What happens to your codebase when you stop reviewing your agents' output
English
Gabriele De Rosa retweetledi
Back in my days, this meant you got infected by a Remote Access Trojan
Claude@claudeai
You can now enable Claude to use your computer to complete tasks. It opens your apps, navigates your browser, fills in spreadsheets—anything you'd do sitting at your desk. Research preview in Claude Cowork and Claude Code, macOS only.
English
Gabriele De Rosa retweetledi
If you are using LiteLLM directly, or any python utility with AI, do this NOW:
Simone Margaritelli@evilsocket
LiteLLM versions 1.82.7 and 1.82.8 contain a credential-stealing payload that exfiltrates SSH keys, cloud credentials, and crypto wallets to a lookalike domain. The package has 97 million monthly downloads. awesomeagents.ai/news/litellm-s…
English
Gabriele De Rosa retweetledi
Anthropic knows that all LLMs will have the same performance soon and no AI provider will have a massive advantage.
AI models will be commoditized.
So they want to lock you into Claude Code or Cowork now before you get too comfortable using open source alternatives.
dax@thdxr
opencode 1.3.0 will no longer autoload the claude max plugin we did our best to convince anthropic to support developer choice but they sent lawyers it's your right to access services however you wish but it is also their right to block whoever they want we can't maintain an official plugin so it's been removed from github and marked deprecated on npm appreciate our partners at openai, github and gitlab who are going the other direction and supporting developer freedom
English