jfmelo

@theo optimization isn't one of Microsoft's quality...

I sent a single message on Copilot and it did over 60m tokens. It's still going. $30 of inference so far. In their current billing model, you get 1,500 messages, regardless of how expensive each is. I'm pretty sure I can do $45,000 of messaging on this plan

I accidentally figured that my volume button keys actually work on my Linux... Who would have guessed that?

@maxcallstack yes, that's the point of the trade-off.. for this specific use-case, the scope was so tiny that I wouldn't benefit from Rust's power.. thus, I choose Go for the sake of simplicity and handiness.. It's like you said, it depends on the task..

@jfmelo_ I mean, (I'm not taking a stance) If in this scenario Golang can perform just as good as Rust with 6 libs then it's doesn't. But if Rust is significantly outperforming Go here then yes the 6 libs are worth it. I guess it just depends on the task.

Trade-off: 6 libs with Rust x 0 libs with Go to get the exact same feature done! Many times I've faced this...

GPT5.5 isn't good at Rust... it suggested adding 5 libs and writing 17 lines of code for parsing the response stream from a model into a vector of structs... I've done that with no extra lib and 3 lines of code!

@maxcallstack yes, absolutely!

@jfmelo_ With Rust is the end result warranted?

@Cloudflare there's nothing like Hugo

Static sites are having a renaissance. What is your favorite static site generator right now and why do you prefer it? #CloudflareChat

❗️ Apple accidentally shipped Claude[.]md files in the Apple Support app update (v5.13). For context, Claude[.]md is the instruction file Anthropic's Claude Code uses to understand a project's structure, conventions, and developer guidance. They typically live in source repos and are not meant to ship inside production apps. Source: @aaronp613

‼️🚨 BREAKING: An AI found a Linux kernel zero-day that roots every distribution since 2017. The exploit fits in 732 bytes of Python. Patch your kernel ASAP. The vulnerability is CVE-2026-31431, nicknamed "Copy Fail," disclosed today by Theori. It has been sitting quietly in the Linux kernel for nine years. Most Linux privilege-escalation bugs are picky. They need a precise timing window (a "race"), or specific kernel addresses leaked from somewhere, or careful tuning per distribution. Copy Fail needs none of that. It is a straight-line logic mistake that works on the first try, every time, on every mainstream Linux box. The attacker just needs a normal user account on the machine. From there, the script asks the kernel to do some encryption work, abuses how that work is wired up, and ends up writing 4 bytes into a memory area called the "page cache" (Linux's high-speed copy of files in RAM). Those 4 bytes can be aimed at any program the system trusts, like /usr/bin/su, the shortcut to becoming root. Result: the next time anyone runs that program, it lets the attacker in as root. What should worry most: the corruption never touches the file on disk. It only exists in Linux's in-memory copy of that file. If you imaged the hard drive afterwards, the on-disk file would match the official package hash exactly. Reboot the machine, or just put it under memory pressure (any normal system load that needs the RAM), and the cached copy reloads fresh from disk. Containers do not help either. The page cache is shared across the whole host, so a process inside a container can use this bug to compromise the underlying server and reach into other tenants. The original sin was a 2017 "in-place optimization" in a kernel crypto module called algif_aead. It was meant to make encryption slightly faster. The change broke a critical safety assumption, and nobody noticed for nine years. That bug then rode every kernel update from 2017 to today. This vulnerability affects the following: 🔴 Shared servers (dev boxes, jump hosts, build servers): any user becomes root 🔴 Kubernetes and container clusters: one compromised pod escapes to the host 🔴 CI runners (GitHub Actions, GitLab, Jenkins): a malicious pull request becomes root on the runner 🔴 Cloud platforms running user code (notebooks, agent sandboxes, serverless functions): a tenant becomes host root Timeline: 🔴 March 23, 2026: reported to the Linux kernel security team 🔴 April 1: patch committed to mainline (commit a664bf3d603d) 🔴 April 22: CVE assigned 🔴 April 29: public disclosure Mitigation: update your kernel to a build that includes mainline commit a664bf3d603d. If you cannot patch immediately, turn off the vulnerable module: echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf rmmod algif_aead 2>/dev/null || true For environments that run untrusted code (containers, sandboxes, CI runners), block access to the kernel's AF_ALG crypto interface entirely, even after patching. Almost nothing legitimate needs it, and blocking it shuts the door on this whole class of bug...

@YourAnonOne who would guess?

#BREAKING: Elon Musk says most cryptocurrencies are "scams" during OpenAI court testimony.

GitHub stars aren't reliable anymore... Just in case you don't know, "creators" are paying for "fake" stars now...

🚨 BREAKING: Wiz Research discovered Remote Code Execution on GitHub.com with a single git push The flaw in @github allowed unauthorized access to millions of repositories belonging to other users and organizations 🤯

This is what AI was created for...

the world is changing... we're getting more Agent Framework/SDK than JS frameworks... who would guess?

@YourAnonOne pension

Name a huge scam.

while everyone is talking about claude, codex, openclaw... don't forget our friend n8n, that's still one of the best workflow automation tools

Google Cloud Next x.com/i/events/20386…

🛡️ Claude Code, Gemini CLI, & GitHub Copilot Vulnerable to Prompt Injection via GitHub Source: cybersecuritynews.com/prompt-injecti… A critical cross-vendor vulnerability class dubbed "Comment and Control" is a new category of prompt injection attacks that weaponizes GitHub pull request titles, issue bodies, and issue comments to hijack AI coding agents and steal API keys and access tokens directly from CI/CD environments. The attack name is a deliberate play on the classic Command and Control (C2) framework used in malware campaigns. Three widely deployed AI agents, Anthropic's Claude Code Security Review, Google's Gemini CLI Action, and GitHub Copilot Agent (SWE Agent), were confirmed vulnerable. #cybersecuritynews

⚠️ Critical Anthropic’s MCP Vulnerability Enables Remote Code Execution Attacks Source: cybersecuritynews.com/anthropics-mcp… A critical flaw in Anthropic’s Model Context Protocol (MCP) exposes over 150 million downloads to potential compromise. The vulnerability could enable full system takeover across up to 200,000 servers. Unlike a traditional coding bug, this vulnerability is architectural, meaning any developer building on Anthropic's MCP foundation unknowingly inherits the exposure from the ground up. The flaw enables Arbitrary Command Execution (RCE) on any system running a vulnerable MCP implementation. Successful exploitation grants attackers direct access to sensitive user data, internal databases, API keys, and chat histories, effectively handing over complete control of the affected environment. #cybersecuritynews