DevDiary

1.9K posts

DevDiary

@devdiary0x

25, Ex-SWE | Vibing until I get my next hustle | Relearning stuff in Public | AI & Tech Navigator | Building @Minmailist

Terminal Katılım Ekim 2025

269 Takip Edilen281 Takipçiler

DevDiary@devdiary0x·32m

@Manixh02 Not at all. It now boils down to taste. Plus security and architecture

English

Manish Kumar@Manixh02·4h

Ai is killing every fking field! Is Game development and App development still safe ?

English

1.7K

DevDiary@devdiary0x·35m

@wholyv There is a reason it's called "artificial" intelligence XD

English

lyv ⌘@wholyv·2h

wait until you realise artificial intelligence is not intelligent at all.

English

279

DevDiary@devdiary0x·39m

@GeekyVaishnavi Popular opinion: One algo change and your reach might die. OR you might run out of ideas. In Google, even if you are kicked out, the name tag is enough to get another job elsewhere. And if you survive layoffs, you can make more money It's not X OR Google It's X AND Google

English

Vaishnavi@GeekyVaishnavi·2h

Unpopular opinion: You can make more money on X than working at Google. I just saw someone with 20K followers making ₹2L/month. Yeah… I was shocked too.

English

2.4K

DevDiary@devdiary0x·1h

Had to wait ~8 hrs to download pmtiles, absolutely worth it

English

DevDiary@devdiary0x·1h

@kapilansh_twt I was the biggest glazer buddy, now it's unusable😂

English

kapilansh@kapilansh_twt·1h

@devdiary0x antigravity catching strays again 😭

English

kapilansh@kapilansh_twt·1h

some of the worst things to ever exist - windows laptop - windows laptop with 16GB ram - android phone - android phone with 8GB ram + 128GB storage - claude's $20 plan did I miss anything ?

English

427

DevDiary@devdiary0x·1h

@tekbog 100% Very few companies have a dedicated sec team And even if they have, they only check for things like leaked credentials, rate limits, access controls, etc Very very rare for CI tooling

English

135

terminally onλine εngineer@tekbog·2h

the big secret in software engineering is that nobody audits anything, in small or big companies it doesn’t matter, you can have processes and rules and CI tooling to catch specific cases, package analysis, binary analysis, even cybersec on payroll - som1 will just npm i virus

Feross@feross

🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest axios @1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.

English

392

17.6K

DevDiary@devdiary0x·1h

@ThePrimeagen It was 6 months from last 3 years

English

ThePrimeagen@ThePrimeagen·3h

Should I stay the 6 months countdown again? We are month 1 into 6 months from AGI

Hadley Harris@Hadley

I’ve heard from 2 people in the last 2 days that internally Anthropic expects to have AGI in 6-12 months. That’s faster than Dario has stated publicly. Plan your business and personal finances appropriately.

English

570

22.4K

DevDiary@devdiary0x·1h

@georgehanu @wesbos I'm just a solopreneur dude, even I got scared 😂

English

George Hanu ⚡ Dev. Educator + Builder@georgehanu·2h

@wesbos Nothing unites JavaScript developers like a random package turning into a national emergency 😬 How many teams are about to learn what is buried in their dependency tree today?

English

8.3K

DevDiary retweetledi

Wes Bos@wesbos·3h

‼️Do not npm install or deploy anything right now Supply chain attack on axios 1.14.1 - even if you don’t use axios it may be a nested dep. Pin versions or wait until this is resolved

Maxwell@mvxvvll

@npmjs @GHSecurityLab there is an active supply chain attack on axios@1.14.1 which pulls in a malicious package published today - plain-crypto-js@4.2.1 - someone took over a maintainer account for Axios

English

125

1.3K

6.5K

904.8K

DevDiary retweetledi

Vanshika@vanyaSile·2h

✅ Quick actionable checklist right now: 1. Check immediately: npm ls axios npm ls plain-crypto-js 2. If you see 1.14.1 → Pin safe version: In package.json: "axios": "1.14.0" ← exact version, no ^ or \~ 3. Then: rm -rf node_modules package-lock.json npm install (same for yarn/pnpm) Malicious versions (1.14.1 & 0.30.4) are already being taken down from npm, but any install in the last few hours may be affected. Already ran npm install today? Rotate secrets + check temp folders. Who else found it in transitive deps? Share below 👇 #npm #SupplyChainAttack #JavaScript

English

5.5K

DevDiary@devdiary0x·1h

@Hesamation This was pointless lol

English

163

ℏεsam@Hesamation·6h

this thing disappeared like smoke in a thunderstorm.

English

62.3K

DevDiary@devdiary0x·1h

@wesbos @syntaxfm Pheww

English

332

Wes Bos@wesbos·1h

Looks like affected versions have been taken down. Back to work. Follow me, Enjoy @syntaxfm

English

108

16.5K

DevDiary@devdiary0x·21h

@dishantwt_ That's the neat part - you don't. It's unreadable lol

English

Dishant Miyani@dishantwt_·23h

imagine the reading experience how tf am i supposed to read the moving words?!??!!!

Nucleus☕️@EsotericCofe

finally the web has become interesting again

English

203

DevDiary retweetledi

SE Hozaifa@SeHozaifa·1d

If you're building a SaaS with AI, remember this: - AI gives output, not product - You still need taste - Iteration is everything Most people quit too early.

English

456

DevDiary retweetledi

Your MVP Guy@Sherifdeenolat2·1d

I am convinced 2026 is the best time to start a 1 man company. Agreed ?

English

346

DevDiary@devdiary0x·1d

@igor_os777 On the bright side, he spawned a multibillion dollar productivity fixing industry: labels, mass unsubscribers, inbox zero clients, AI sorters lol😂

English

Igor Os@igor_os777·2d

In 1971, Ray Tomlinson slapped together an email program as a side hack to ARPANET, choosing ‘@’ to separate user from host simply because it wasn’t commonly used. He didn’t consider it very significant. Fast forward: email is now humanity’s main productivity killer. Thanks a lot, Ray.

English

1.2K

DevDiary@devdiary0x·1d

@FerrandHor76788 But acc to lore, don't mermaids actually hunt us humans? 🥲 Luring us to shipwreck our focus and drag us straight to the depths of unread inboxes

English

Hortense Ferrand@FerrandHor76788·2d

productivity is like a mythical island where meetings go to die, and email notifications are the mermaids luring us back to shore #techlife

English

Keşfet

@Manixh02 @wholyv @GeekyVaishnavi @kapilansh_twt @tekbog @ThePrimeagen @georgehanu @wesbos