overgeared

Once you've been here a while, you auto-filter all of it. But for someone just walking in? It's chaos. The new-user experience isn't just declining - it's buried under portfolios and follow-for-follow. #TWITTER

Then come the "I'm a hacker, I'll teach you the secrets of engagement" types. The real secret is that you pay them, and a pile of bots starts following you. Is X ever going to take action against this?

Has X always been like this, or did I just never notice? I've used Twitter for years - purely to lurk and keep up with what's happening. Then I made a fresh account for my project and only now saw what the platform has actually become.

The WAF and the application see the same HTTP request differently. The attacker only needs to live in the seam. arcis-website.pages.dev/blog/posts/why…

If you want the full thesis behind Arcis - what it is, what it does NOT do, and the inside-the-app argument, the launch post is the cleanest place to start. 5-minute read. arcis-website.pages.dev/blog/posts/int…

What one `app.use(arcis())` line replaces in a typical Express app: helmet express-rate-limit csurf sanitize-html hpp express-mongo-sanitize Five fewer libraries to keep updated. #Cyber_Security #security

Arcis conformance status: 154/154 tests pass across Node + Python + Go Same input → same verdict in all three SDKs Drift = failed CI = no release Cross-SDK parity is the only metric that matters once a tool ships in multiple languages.

2026 reality: every app is now three apps. A request app. A model app. A tool app. The WAF protects the request app. Nothing protects the other two. That's the gap Arcis is in.

The fix for fullwidth XSS bypasses is three lines per language: JS: input.normalize Python: unicodedata.normalize Go: norm.NFKC.String Catches: fullwidth, ligatures, math letterlikes. Skip it and your sanitizer has a permanent backdoor.

The full Arcis install: npm install @arcis/node Two lines. Thirty attack vectors at the request boundary. OWASP Top 10 plus prompt injection, MCP toolcall, deserialization, and 20 more. github.com/Gagancm/arcis #cybersecurity #security #appsec #devtools #opensource

Hello world. Open-sourced Arcis. Security middleware that runs inside your web app instead of in front of it. For developers tired of WAFs that block `' OR 1=1` and miss everything else. Node, Python, Go. github.com/Gagancm/arcis

Arcis ships first-party adapters for: Express  Fastify  Hono  Next.js  Koa FastAPI  Django  Litestar  Flask Gin  Echo  Chi  Fiber  net/http One config object. Same defense across all of them. github.com/Gagancm/arcis

@getarcis wait, in-app instead of a reverse proxy? curious how you handle the per-route config overhead...

I love the vision behind it and also the user interface...

@CodeAndConsole Watching "india got latent" 😂🤣

You get a text from ‘Unknown.’ It simply says: ‘Don’t go outside at 7:30 PM.’ What’s your next move?