Mohammdd Alhalwachi

Published ScoutlyAI 🥳🎉🎊 A platform for businesses to track and monitor their competitors and receive the insights they need! Give it a try: scoutlyai.com

@mahdi_tcs_ If I had to guess, some scripts or code depend on the opened file name. Returning multiple files for the same name would break them.

One of the stupidest limitations of all time:

@wiedymi @jarredsumner React is more of a templating engine that can be used anywhere. That’s a significant advantage. Without React, you’d have to build something similar for your project, maybe with a simpler feature set. I’ve seen monstrosities that React would have been a better choice for.

@jarredsumner That make sense, but we really need react outside of browser?

today I learned react is slower outside the browser than in the browser react-reconciler needs to integrate with the event loop well Fiber creates too many objects react-compiler slightly helps

@__silent_ @theo @deadair3210 If it doesn’t compile wouldn’t that mean you haven’t tested if the changes even fix the issue?

@theo @deadair3210 github.com/lsh123/xmlsec/… github.com/lsh123/xmlsec/… I submitted equivalent PRs to multiple other projects in the same batch and slightly slipped on this particular one as it was done through the web UI; just let me know it doesn't compile and I'd fix it 3 minutes later, no big deal.

Sure, close my PR without giving me a chance to fix my mistake, and then re-open it yourself, you're welcome.

@thdxr Would love to see OpenCode integrated with Microsoft Copilot (not GitHub Copilot). Would be helpful for enterprises that only have access to that. It doesn’t seem to have limits either.

in opencode v1.1.11 you can now use your ChatGPT Plus/Pro plans in OpenCode /connect to set it up

I am building Runes: a graph-based personal task tracker. Instead of lists, tasks are connected as a graph: showing dependencies, relationships, and how work evolves over time. Built on @zero__ms for local-first and instant updates. Would love feedback 🙌 Link is below.

@jjmata @tebayoso @GithubProjects @maybe Thank you for keeping the project alive!

@tebayoso @GithubProjects @maybe Nope! We changed only what they requested for trademark/confusion avoidance. Not hiding any of that! Love what they built and didn’t want to see it rot. ❤️

Self-host a $1m personal finance app for free.

@sashank_ps @SumitM_X If you’re fetching roles from the database, a simple session with cookies or an API token is the appropriate approach. JWT is designed to be self-sufficient, allowing it to authorize the user. You should resolve the role from the JWT. JWT has its applications.

@SumitM_X I'd say it's more secure to fetch the roles from the db. It just comes to what u need, speed or security.

A user edits the payload of their JWT , changes his role to Admin and sends it to access a protected API. How does your system detect the tampering, which JWT part is responsible, and what happens during authentication and authorization when the token is invalid?

@cameronpetitti Veryyy cool video! Which software used?

Years of work is finally ready. Introducing Crosspost.

@mork1e @sorenblank Thats true. But usually users will refresh to check it was sent. If it is then they trust your software and appreciate how fast it is.

@sorenblank I disagree. We’ve kinda been trained to expect loaders. If it’s missing you don’t trust it actually got sent. Like on your second one my reaction was “mm, something went wrong and it’s a bug”

for such case where the request is almost instant ( <100ms ), jumping directly to a `success state` is much more cleaner than adding artificial delay imo. imo loading states are generally ambiguous and means nothing without a proper `success state`.

@shadcn More content (either components or just docs) on the best practices for some UI components or UI in general. For example, complex select inputs should have a search and a quick-add feature embedded with the ability to open a table for more complex selection. And how to compose.

What would you like to see in shadcn/ui next year?

@aboodman @dimaip @convex I switched from Convex to Zero for one reason, Convex didn’t sync locally first. It waited for data to come from the server. It did play well with my app paradigm. But I like the instant feel of Zero.

@dimaip @convex I think in many ways they are similar now. Convex also lacks a first-class concept of permissions: stack.convex.dev/row-level-secu…

Simple vs Easy: A Parable From Rocicorp. From the start, Zero had both "CRUD" and "Custom" mutators. The custom ones were more powerful, and what users wanted. With one flexible abstraction, devs could implement validation, business logic, permissions, side-effects, and more.

Banks relying on client side protection gives them false sense of security and makes it harder to work with (or around) it. Avoid if not required by regulations.

The only time where encryption and protection on the client makes sense is in multiplayer games, where you have to trust client validation as doing all the processing and validation on the server is prohibitively inefficient. /2

HTTPs is sufficient. Adding your own layer doesn’t protect you from a malicious actor altering data in transit, it only makes it a bit harder. The only fail-proof approach is simply validating on the server and treat client side validation as a UX improvement. 1/

@damengchen I am not convinced this provides enough security to justify the friction.

🇨🇳 The number keypad in banking apps is never the same. It randomizes the digits, so every time you enter your password, the layout is completely different.

@phonefuturist In this case, uniqueness provides no (or arguably less) value. Seems the consensus that the Apple design is the better approach.

We've gotten to a time where all UI are just different version on the same architecture. Zero uniqueness.

@SethGRosenberg Take a look at ScoutlyAI.com

May I fund you?

@brankopetric00 Isn’t the premise of Lambda’s that it allocates granular resources on demand? Why not just normal servers at this point?

API Gateway had 500ms of added latency. Turned out to be Lambda cold starts we didn't know about. The symptoms: - API latency increased - P50: 150ms (fine) - P99: 750ms (bad) - Some requests crazy slow - No pattern What we checked: - Database query time: fast - Application code: optimized - Network: good - Load balancer: healthy - Everything looked fine The investigation: - Added detailed timing - Request enters API Gateway: 0ms - Request reaches Lambda: 500ms - Lambda executes: 150ms - Total: 650ms - Where's the 500ms? The discovery: - Lambda cold starts - We knew about them - But thought we solved it - Provisioned concurrency: 10 - Should be enough The actual problem: - Traffic spiked to 50 concurrent - Provisioned: 10 - Remaining 40: cold start - Each cold start: 500ms - Happens on 80% of requests Why provisioned concurrency wasn't enough: - We set it based on average - Not peak traffic - Peaks were 5x average - Provisioned concurrency doesn't auto-scale - It's fixed number The options: 1. Increase provisioned concurrency: - Cost: $40/month -> $200/month - Wasteful during low traffic 2. Optimize cold start: - Reduce package size - Got it: 500ms -> 200ms - Better but still present 3. Keep Lambda warm: - Scheduled pings - Hacky We combined all three. The results: - P99: 750ms -> 180ms - Less cold starts (~ 15% requests) - More predictable What we learned: - Lambda cold starts are real - Provisioned concurrency is tricky - Best for constant load - Peak traffic needs different approach Know your architecture limits. Lambda isn't always the answer. Cold starts matter for user-facing APIs. Consistent latency beats sometimes-fast.

@InfraScaler @levelsio Might as well ask them to install malware.

@levelsio You don't need to compromise the CA, you can convince the user to install your root CA cert. At the end of the day, the threats are more related to social engineering than to technical marvels.

DNS hijacking is close to impossible these days because browsers verify HTTPS certificates, and reject if the SSL cert doesn't match They can't generate a proper fake SSL cert without compromising a CA (certificate authority) HTTPS is extremely safe because it's encrypted even on untrusted WiFi Worst that can happen is NSA has a backdoor in the encryption standards and the US gov can read what you do (probably)

@darrenjr Thats exactly what I am building!!!! scoutlyai.com I am more than happy to offer extended trial and discuss which you additional source types to monitor

i still want an ai competitor watcher just 24/7 monitor my competitors - blog posts, rss feeds, git commits, tweets, linkedin, openapi spec updates etc summarize it and alert me in slack i’d pay for this right now