Nicholas

Verifying myself: I am nick241 on Keybase.io. _wKbigiz91zDRQUak6Xk7M7BGWJm0mEeDUfC / keybase.io/nick241/sigs/_…

@buildwithsid Looks clean!

updated my portfolio website my cleanest design yet 👀

🏳️Time to face obvious facts. iOS Dev courses are no longer viable income for me. I've been disrupted. I'm looking to join a team working on a cool iOS project (full-time or part-time contract). Remote. RT's are appreciated! DMs open.

@seanallen_dev Sucks to hear this! Your videos have been a massive help when I was first learning about iOS development years ago. I hope you're able to find a team to join. ❤️

@josevalim Are there any other tasks that Claude Code handles better than Codex?

Here is a simple but good example of how Codex tends to handle tasks better than Claude Code. A user reported that some actions in tidewave.ai had keyboard shortcuts but were not displaying them on mouseover. I asked Codex to find and fix the missing cases. Codex found all of them and additionally introduced a small helper called shortcutLabel that maps a ShortcutAction to its label (see code screenshot). The benefits are two: * It uses the ShortcutAction type to ensure we don't accidentally forget the label of any shortcut * The helper was added to shortcut.ts, colocating labels with the shortcuts themselves, making future additions more foolproof Codex also updated the other places where we listed shortcuts to use the new helper. I didn't ask Codex to create the helper but it was the right call. Maybe we would have suggested it during code review, maybe we would not. But I'd say Codex left the codebase in a better state than it found it. I gave Claude Code the exact same prompt three different times. In every case, it just inlined the shortcuts in the templates, duplicating information across multiple files. I rarely feel Claude Code improves the codebase unless I explicitly tell it to do so. Now the flipside is that sometimes Codex is going to go ahead and create abstractions when they are not needed, but so far I have seen more hits than misses.

I am telling you, if you consistently build projects and share them publicly, opportunities eventually start finding you

@shadcn ❤️

thank you everyone.

@dracaeon @Parcanss

discord really the place where u can make ur name literally anything and ppl will call u that. ur name could be doorhandle and ppl will hop in vc talkin bout “yo doorhandle u gonna get on the game” 😭

@jarredsumner Can't wait for the read!

Still writing blog post hopefully will post tomorrow

@mehulmpt how many tokens was bro allowed? 😭

First in my bloodline to see 1 million line change PR getting merged (Bun's master branch is now rust, it's official)

@ehewess bro talking to himself 😭

great joke dude

The answer was O(🪵 N).

Exciting news! The Authentication Experience team at Apple, which brings you the Passwords app, passkeys, AutoFill of codes from Messages and such, and a lot more, is hiring a software engineer! [1/2] jobs.apple.com/en-us/details/…

@WallisDev Happy birthday! 🎉

fuck i'm old now

@rauchg ❤️

Here's my update to the broader community about the ongoing incident investigation. I want to give you the rundown of the situation directly. A Vercel employee got compromised via the breach of an AI platform customer called Context.ai that he was using. The details are being fully investigated. Through a series of maneuvers that escalated from our colleague’s compromised Vercel Google Workspace account, the attacker got further access to Vercel environments. Vercel stores all customer environment variables fully encrypted at rest. We have numerous defense-in-depth mechanisms to protect core systems and customer data. We do have a capability however to designate environment variables as “non-sensitive”. Unfortunately, the attacker got further access through their enumeration. We believe the attacking group to be highly sophisticated and, I strongly suspect, significantly accelerated by AI. They moved with surprising velocity and in-depth understanding of Vercel. At the moment, we believe the number of customers with security impact to be quite limited. We’ve reached out with utmost priority to the ones we have concerns about. All of our focus right now is on investigation, communication to customers, enhancement of security measures, and sanitization of our environments. We’ve deployed extensive protection measures and monitoring. We’ve analyzed our supply chain, ensuring Next.js, Turbopack, and our many open source projects remain safe for our community. The recommendation for all Vercel customers is to follow the Security Bulletin closely (vercel.com/kb/bulletin/ve…). My advice to everyone is to follow the best practices of security response: secret rotation, monitoring access to your Vercel environments and linked services, and ensuring the proper use of the sensitive env variables feature. In response to this, and to aid in the improvement of all of our customers’ security postures, we’ve already rolled out new capabilities in the dashboard, including an overview page of environment variables, and a better user interface for sensitive env var creation and management. As always, I’m totally open to your feedback. We’re working with elite cybersecurity firms, industry peers, and law enforcement. We’ve reached out to Context to assist in understanding the full scale of the incident, in an effort to protect other organizations and the broader internet. I also want to thank the Google Mandiant team for their active engagement and assistance. It’s my mission to turn this attack into the most formidable security response imaginable. It’s always been a top priority for me. Vercel employs some of the most dedicated security researchers and security-minded engineers in the world. I commit to keeping you updated and rolling out extensive improvements and defenses so you, our customers and community, can have the peace of mind that Vercel always has your back.

@ehewess @aidaniil 😭

@aidaniil the guy who applied seeing this

github is not a huge indicator for me, but why even bother applying to a founding eng role with this commit graph?

Our investigation has revealed that the incident originated from a third-party AI tool with hundreds of users whose Google Workspace OAuth app was compromised. We recommend that Google Workspace Administrators check for usage of this app immediately. #indicators-of-compromise-iocs" target="_blank" rel="nofollow noopener">vercel.com/kb/bulletin/ve…

@vercel "originated from a third-party AI tool" 💀

We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems, impacting a limited subset of customers. Please see our security bulletin: vercel.com/kb/bulletin/ve…

@GeorgeJeffersn a necessary purchase

first purchase i made for the apartment in SF 🇬🇧

@Mrwhosetheboss Nice one!

90 days of good habits changed everything

Wishing everyone celebrating a wonderful Easter Sunday!