felippe

There is nothing worse than a „IHK Beitragsbescheid“. Founders in Germany know ..

Ran out of cursor ultra + additional budget :( 10 days before renewal. First it was a bummer but being forced to use composer 2 for some time really helped me to understand the nuances in output quality. newest opus and gpt is way too expensive in comparison

@MOOOOrion @thdxr I felt the same lol

There was a paragraph in the middle of the issue report that was so insanely complicated it almost gave me a stroke. First I was like "I should understand this", then I was like "wait, does anyone understand this?" "after stealing credentials from one CI/CD pipeline, it enumerates every package that maintainer controls and publishes infected versions of each. The 2.3 MB obfuscated payload reads GitHub Actions runner process memory to extract every secret, harvests credentials from over 100 file paths spanning cloud providers, cryptocurrency wallets, AI tools, and messaging apps, and installs persistence hooks in Claude Code, VS Code, and OS-level services that survive reboots. Stolen data is encrypted and exfiltrated through the Session Protocol CDN and GitHub's own GraphQL API, where dead-drop commits are authored as claude@users.noreply.github.com and disguised with Dependabot-style branch names drawn from Frank Herbert's Dune universe."

everyone's ideas for fixing the npm security issue shows how basically no one is capable of thinking at the scale of this problem

@hirbod What the hell? :)

My replacement iPhone is having a good time. Apples Quality is superb!

@daniel_dot_xyz @tan_stack @TansTack Great advice

@tan_stack @TansTack Glad I added minimumReleaseAge to my Bun config earlier this year. Can’t recommend it enough.

SECURITY ADVISORY — TanStack npm packages A supply-chain compromise affecting 42 @tanstack/* packages (84 versions total) was published to npm earlier today at approximately 19:20 and 19:26 UTC. Two malicious versions per package. Status: ACTIVE — packages are deprecated, npm security engaged, publish path being shut down. Severity: HIGH — payload exfiltrates AWS, GCP, Kubernetes, and Vault credentials, GitHub tokens, .npmrc contents, and SSH keys. If you installed any @tanstack/* package between 19:20 and 19:30 UTC today, treat the host as potentially compromised: • Rotate cloud, GitHub, and SSH credentials immediately • Audit cloud audit logs for the last several hours • Pin to a prior known-good version and reinstall from a clean lockfile Detection — the malicious manifest contains: "optionalDependencies": { "@tanstack/setup": "github:tanstack/router#79ac49ee..." } Any version with this entry is compromised. The payload is delivered via a git-resolved optionalDependency whose prepare script runs router_init.js (~2.3 MB, smuggled into each tarball at the package root). Unpublish is blocked by npm policy for most affected packages due to existing third-party dependents. All 84 versions are being deprecated with a SECURITY warning, and npm security has been engaged to pull tarballs at the registry level. Full technical breakdown, complete package and version list, and rolling status updates: github.com/TanStack/route… Credit to the security researcher for responsible disclosure.

@starter_story Can somebody analyse his tweet behavior, please? Sounds almost too good to be true :)

Dude makes $77k a month and doesn’t check his phone until noon > no emails > no socials > no notifications just 4 to 6 hours of deep work every single morning he’s built 35 startups and says most people lose before they even start not because they’re not good enough but because they’re distracted

@TweetsOfSumit „Deutsch“ ist in weiten Teilen der Gesellschaft in der Tat negativ konnotiert. Traurig

Für viele Deutsche ist dieser stinknormale Satz problematisch und ruft folgende Gedanken/Interpretationen hervor: - NUR Deutsche können es lesen - Wer ist „Deutsch“, meint er das rassistisch - Wer es nicht lesen kann ist kein Deutscher / nicht als solcher akzeptiert - Migranten können es nicht lesen Nichts davon habe ich geschrieben oder gemeint - aber es wird rein interpretiert (siehe Kommentare). Und das verrückte ist, auch ich hatte diese Vibes als ich den Satz geschrieben habe. Mit jeder anderen Nationalität wäre das kein Problem. „Jeder Russe kann das lesen.“ Da merkt man, wie wir alle einfach von Kind an trainiert wurden, dass man beim Begriff „Deutsch“ quasi schon zusammen zuckt. Mir geht’s jedenfalls so. Gefällt mir nicht.

@cursor_ai Amazing. A wish came true

You can now see a breakdown of your agent's context usage in Cursor 3.3. Use these stats to diagnose context issues and improve your setup across rules, skills, MCPs, and subagents.

Hey @Apple @tim_cook, If you need an innovation for the iPhone: Make touch work with wet fingers and screen. Would literally pay a 25% markup. Thank you!

@Spreeathen1 Wtf man.

Weil er eine Roma-Familie aus Rumänien aufs Grillverbot hinweist, wird der Vater einer drei Monate alten Tochter brutal zusammengeschlagen. Mit solchen Menschen ist keine Zivilisation möglich. bz-berlin.de/polizei/so-bru…

@TweetsOfSumit Do you have a nanny or is your wife covering most of it?

I have 3 kids now. I’d go for 5 if we started sooner. My top recommendations to couples in their 20s: start having kids in your mid/late 20. You’ll be grateful when you’re 35.

@karrisaarinen I just want it to be as snappy as linear. Simple as that

What is unclear to me is what people actually want some new GitHub to be. To me, the biggest challenge GitHub has always had is that it is trying to serve two very different worlds. On one side, it is a social network around code and open source. On the other, it is infrastructure for companies building software. Those two groups operate almost in opposite ways, so the product has always been some kind of compromise between them. Because those users are so far apart, it can fail both of them in different ways. Inside a company, you mostly just want to review and merge code. You are not discovering new code, and you are probably not forking things. You may have a monorepo, a known team, and a trusted environment. What you want from GitHub is efficiency and safety: PRs, review, ownership, CI, Actions, tests, security checks, and a clear path to getting code merged. Open source is different. It is much more public and much less trusted. You need better ways to figure out who is contributing, what to accept, how to manage the project, how to handle issues, and how to maintain trust with people you may not know. So are people asking for a new open source code hosting and social network, or do they want better private infrastructure for software teams? Or both? I would never choose to build both from the start. I think every product gets better when it is more purpose-built and designed around a specific need. You could maybe imagine some nested model, where private repos have a much simpler and more focused mode, but you can still exit that mode and browse around the public space.

@cormachayden_ Dude, so true :D

software engineers before vs after agents

@haukejung Let‘s gooo!

GM builders, From tomorrow I will be officially self-employed in Germany. Three products already. No sales so far, but I will continue shipping. Lets connect!

@bundeskanzler Peinlich

Arbeitgeberinnen und Arbeitgeber können für 2026 sozialversicherungs- und steuerfrei eine Entlastungsprämie von bis zu 1.000 Euro zahlen und steuerlich geltend machen. Das ist ein weiterer Beitrag zur Entlastung der Geldbeutel angesichts gestiegener Benzinpreise.

@ThePrimeagen gain speed but no productivity?

I am slowly coming around to AI assisted programming. I am genuinely trying to codify every rule about programming that I have and using that + several stages to build out small changes. Not sure the productivity changes, but I think I can see a modest gain in speed. I am also trying to be concerned about every line produced, not just slop trebucheting code over the wall.

Rewatching LOTR Part 3 since yesterday… I was almost in tears when the Rohirrim charged Minas Tirith. What’s wrong with me? 😂

@planert41 I have a similar experience. Easter holidays basically consisted of childcare :)

Dads with young kids Is it normal to just feel tired and burnt out all the time? It’s like you don’t even really get the weekend to recover because it’s all just kid stuff the moment you wake up Arguably the only personal time you have is when they nap (and you’re already dead tired by that time) or the hour after they go to bed but before you pass out Just trying to figure out if I’m doing something wrong

@jamonholmgren So, your children < 3y old play / played by themselves? Not imaginable with my 2y old daughter 😚

I genuinely do not get why kids take up 100% of their parents’ time these days. My dad and mom raised us 9 kids and didn’t spend every waking moment with us. I raised 4 of my own and didn’t spend every waking moment with them. And yet every reply is telling this burned out dad that he is doing the right thing, or even to go harder. Super weird to me.

Since programming is mostly solved, how is everyone managing their image asset creation (graphics, icons, illustrations, images)? Is there a great creative studio saas / agent skill set I should know of? I envision a workbench where I can create various assets in line with a corporate identity. Does this exist?