raditya gumay

Here's my update to the broader community about the ongoing incident investigation. I want to give you the rundown of the situation directly. A Vercel employee got compromised via the breach of an AI platform customer called Context.ai that he was using. The details are being fully investigated. Through a series of maneuvers that escalated from our colleague’s compromised Vercel Google Workspace account, the attacker got further access to Vercel environments. Vercel stores all customer environment variables fully encrypted at rest. We have numerous defense-in-depth mechanisms to protect core systems and customer data. We do have a capability however to designate environment variables as “non-sensitive”. Unfortunately, the attacker got further access through their enumeration. We believe the attacking group to be highly sophisticated and, I strongly suspect, significantly accelerated by AI. They moved with surprising velocity and in-depth understanding of Vercel. At the moment, we believe the number of customers with security impact to be quite limited. We’ve reached out with utmost priority to the ones we have concerns about. All of our focus right now is on investigation, communication to customers, enhancement of security measures, and sanitization of our environments. We’ve deployed extensive protection measures and monitoring. We’ve analyzed our supply chain, ensuring Next.js, Turbopack, and our many open source projects remain safe for our community. The recommendation for all Vercel customers is to follow the Security Bulletin closely (vercel.com/kb/bulletin/ve…). My advice to everyone is to follow the best practices of security response: secret rotation, monitoring access to your Vercel environments and linked services, and ensuring the proper use of the sensitive env variables feature. In response to this, and to aid in the improvement of all of our customers’ security postures, we’ve already rolled out new capabilities in the dashboard, including an overview page of environment variables, and a better user interface for sensitive env var creation and management. As always, I’m totally open to your feedback. We’re working with elite cybersecurity firms, industry peers, and law enforcement. We’ve reached out to Context to assist in understanding the full scale of the incident, in an effort to protect other organizations and the broader internet. I also want to thank the Google Mandiant team for their active engagement and assistance. It’s my mission to turn this attack into the most formidable security response imaginable. It’s always been a top priority for me. Vercel employs some of the most dedicated security researchers and security-minded engineers in the world. I commit to keeping you updated and rolling out extensive improvements and defenses so you, our customers and community, can have the peace of mind that Vercel always has your back.

@gandharva Fantastic updates! Kudos to the measure team!

Most app issues aren't hard to fix. The hard part is figuring out what happened. We kept running into this ourselves. You open Crashlytics, then analytics, then a few more tools. You jump between tabs trying to reproduce the issue yourself. Hours spent just reconstructing context. That's the real problem. Not fixing. Understanding. @measure_sh gives you a session timeline. User actions, network calls, logs, lifecycle events, device signals, all in one place. Most of it is collected automatically, so you don't run into "we forgot to log this". That already makes correlation much easier. This week we added MCP support. Now you don't have to break your flow to analyze everything. Instead of reading through logs and traces step by step, you can just ask "What caused this issue?" in your favorite coding agent like Claude Code or Codex. And get a clear breakdown of what happened, where it broke, why it broke, and what needs to change. No tab switching. No breaking your flow. More shipping. Measure is now generally available, just sign up and get to the root cause → measure.sh

@YahooFinance Well, is that gross or net?

Nvidia CEO Jensen Huang thinks developers making $500k should be consuming at least $250K of tokens.

@claudeai Submitted!

Our developer conference Code with Claude returns this spring, this time in San Francisco, London, and Tokyo. Join us for a full day of workshops, demos, and 1:1 office hours with teams behind Claude. Register to watch from anywhere or apply to attend: claude.com/code-with-clau…

How to address this then? Optimize your prompt by Metapromting or in context learning or even with MCP

When you work with LLMs, it’s easy to fall into the sunk-cost fallacy, where you accept the output as “good enough” even though you don’t think it’s that good because you’ve already sunk time and effort into generating it

@JorgeCastilloPr Really?

Launching a private club for Android devs who want to tinker with AI and shape the future of Android development. First batch: 50 seats. Price raises with every batch, better jump in now than later. 500 total. When it’s full, it’s full. Link below 👇

@kayintveen @Forbes Align

unpopular take but IDE-based AI tools were always gonna hit this wall. too much abstraction between you and the model the terminal is just... closer to how AI actually thinks. less noise, more signal 18 years shipping code and claude code is the first tool that feels like pair programming, not autocomplete on steroids

On January 5, employees at Cursor returned from the holiday weekend to an all-hands meeting with a slide deck titled “War Time.” After becoming the hottest, fastest growing AI coding company, Cursor is confronting a new reality: developers may no longer need a code editor at all. Check out the full story: forbes.com/sites/annatong… (📸:  Kimberly White via Getty Images for Fortune Media)

@bcherny Promise done right

Hooks can now run in the background without blocking Claude Code's execution. Just add async: true to your hook config. Great for logging, notifications, or any side-effect that shouldn't slow things down.

Any better way?

GitHub repo: github.com/VectifyAI/Page… (don't forget to star it ⭐ )

@tikurahul Meanwhile DexGuard users

PSA: Starting Android Gradle Plugin 9.0 (or the latest stable version of R8): R8 will automatically optimize all Intrinsics.check* APIs in Kotlin automatically ! This should greatly help improve app performance (especially Compose given the large Kotlin library API surface).

Read “The Silent Performance Killer: How a Single Lambda Nearly Destroyed My Compose UI“ by raditya gumay on Medium: medium.com/gojekengineeri…

Does that sound reasonable to you? Feel free to leave a comment. I’d love to hear other perspectives.

5. You act as a force multiplier. Amplifying impact and execution by enabling teams, removing friction, and creating clarity so others can move faster and more effectively

You are truly an engineering leader when: 1. You move from being a fixer to becoming a driver, someone who can ‘see’ what’s next and understand what technologies should be leveraged to help the business grow exponentially.