Rajesh

@kmeanskaran INR ~40500 😮

In the last two months, I worked in 3 time zones: Australian, Indian, and New York. I managed clients, a full-time job, tech events, and technical writing at the same time. To buy this watch: SEIKO 5 GMT AUTOMATIC ❤️

@shivamhwp use Skydo

fk you wise

@Tim_XRP @JoelKatz @grok @adocomplete in india tax is applied on your annual salary

@JoelKatz @grok @royalreplaced @adocomplete Not sure why 2 would be post tax? Must be something in the name I am not familiar with.

You make $100k/year. You’re allowed to add one 0 to exactly one of these: 1. your annual salary 2. your semi-monthly paycheck 3. your hourly pay Which one makes you the most money by the end of the year? Answer in 3 seconds.

@kmeanskaran it hurts bhai, it hurts 🤕

I cracked > Screening round > DSA round > Tech round for ML > Negotiated a market-oriented salary and impressed recruiters via Substack writing and github projects. And finally:

@grok @Hartdrawss @better_auth @grok answer

@grok @Hartdrawss @better_auth what is the disadvantage of the server side session? scalability? db scalability?

15 auth mistakes every VIBE CODER ships to production : Here's the FULL BREAKDOWN 1/ storing JWTs in localStorage > XSS attack = every token on the page stolen > localStorage is readable by any script on your site > use httpOnly cookies instead 2/ JWT signed with a weak or default secret > "secret" and "your_jwt_secret_here" are tested first by attackers > if its from a tutorial, assume its already compromised > generate a proper 256-bit random secret 3/ no refresh token rotation > stolen refresh token works forever without rotation > rotate on every use, invalidate the old one immediately > one-line config in most auth libraries 4/ no account lockout after failed logins > brute force has zero friction without it > 10 failed attempts should lock the account > add lockout + exponential backoff 5/ auth middleware applied inconsistently > AI generates middleware for some routes and skips others > the skipped ones are completley open > audit every endpoint manually, assume nothing is protected 6/ different error messages for wrong email vs wrong password > "user not found" vs "wrong password" tells attackers which emails exist > return the same generic message for both cases > never confirm or deny account existence 7/ forgot-password tokens that never expire > a reset link from 3 months ago should be invalid > yours probably isnt > set a short expiry, 15 to 60 minutes max 8/ OAuth redirect_uri not validated > exploited to redirect auth codes to attacker-> controlled URLs > whitelist every valid redirect URI explicitly > never allow open redirects in your OAuth flow 9/ no email verification on signup > fake accounts and spam at zero friction > verify before granting full access > a verification link, not just a welcome email 10/ sessions not invalidated server-side on logout > cookie is cleared client-side but server-side session still works > invalidate the session record in your DB on logout > client-side clearing alone is not enough 11/ passwords stored without bcrypt or argon2 > MD5, SHA256 without salt, plain text > all of these show up in breach headlines > bcrypt or argon2 only, no exceptions 12/ auth endpoints not enforcing HTTPS > credentials over HTTP are visible on any network > enforce HTTPS at the infrastructure level > no HTTP fallback for any auth route 13/ client-side role checks instead of server-side > you can't trust what the frontend says about who the user is > validate roles and permissions on every server request > the frontend is UI, not security 14/ no 2FA on admin or sensitive routes > one breached password = full access to everything > add TOTP or magic link 2FA on admin routes minimum > non-negotiable for anything handling user data 15/ test credentials left in production > admin:admin or test@test.com:password123 are real entry points, not conveniences > audit and remove every test account before you ship paste it into cursor before your next auth build.

@thenerd_be @AnthropicAI you did great on day 1 🤣

Today is my first day at Anthropic. Super excited I shipped my first change today, added source maps so debugging is easier. Can’t wait to show you all what I’ve been working on! cc: @AnthropicAI

Claude code source code has been leaked via a map file in their npm registry! Code: …a8527898604c1bbb12468b1581d95e.r2.dev/src.zip

@mattpocockuk soon you gonna have an AI hangover

I find AI coding endlessly fascinating I freaking love this new world

@Divyansh91565 youtube.com/playlist?list=…

Started today.. Wish me luck

@Hiteshdotcom front row me koi or bhi record kr raha he

You are still not ready for this 🤯

I learnt this from @kentcdodds before the AI era and my apps are much better and bug free. He had/has a wonderful blog which is a gold mine for React optimisations.

Went to the grocery store this morning Bread, milk, eggs $47.63 The screen asked if I'd like to round up to support a children's hospital I pressed no The cashier looked at me The woman behind me looked at me My wife looked at the ceiling Again This company made $14 billion last year They can round up Went to get gas after The pump asked if I'd like to add $1 to support veterans I support veterans I pressed no A $200 billion oil company asking me to fund their charity while I'm paying $3.89 a gallon That's not philanthropy That's outsourcing Drove through for lunch Taco Bell The screen said "round up for education?" A fast food company asking me to fund scholarships while paying their employees $11 an hour I pressed no My wife said "you know you're arguing with screens today" She was right But the screens started it Went to the pharmacy Picked up a prescription $340 after insurance The screen asked if I'd like to donate $1 to help families in need I just paid $340 for a medication that costs $4 to manufacture And now you want a dollar I pressed no The pharmacist said "it's just a dollar" I said "it's never just a dollar" She didn't respond Got home My wife said "you said no to a children's hospital, veterans, education, and families in need today" I said "no. I said no to four corporations who want me to fund their goodwill so they can put it in their annual report" She was quiet Then she said "you're not wrong" I said "I know" She said "but you're still going to look like a monster" I said "I'd rather look like a monster than quietly fund a billion-dollar company's PR strategy at the register" She didn't disagree But she didn't look at me either Plz fix. Thx. Sent from my iPhone

AI didn't make bad engineers, it exposes them

@Hiteshdotcom @mannupaaji 🤣🤣💀

@mannupaaji JS is dead Coding is dead AI is dead Maut faila do YouTube pe😂

I'm running out of video ideas so I need a little help What do you want me to talk about on my channel? Drop in your suggestions ↓

@grok How would you match candidates to jobs in an AI recruiting platform?

was wondering if my internet is dead? found out the AWS data center was hit by a missile

@mattpocockuk it would have been better if you have details about your codebase in the ai files, this info is super helpful in small specific tasks

The failure mode I hit most often when I started with AI (mostly with Cursor) was being too "local". I would '@' a file, then another file, then tell the AI exactly what change I wanted. This appears to stop the agent from being curious about the rest of the codebase. No 'Explore' agents, no searching for prior art. Just make the easiest possible change. Why does this suck? Because the agent hasn't seen the rest of your codebase, so it makes changes that aren't consistent with it. It's like flying in a contractor for the day, but only letting them read the files they're changing. Now, I push my agent to explore the codebase aggressively. Sessions feel incomplete without it.