@ibuildthecloud You mean using things like e2b.dev for sandboxing or something like /sandbox in claude code?
English
sontek
2.5K posts
sontek
@sontek
Python, Golang, Kubernetes, and DevOps!
Puerto Rico Katılım Mayıs 2007
807 Takip Edilen766 Takipçiler
sontek retweetledi
Fork your dependencies, trim them to only your use case, never update unless it breaks for your users. I’ve been vocal about this for 10+ years. I’ve always said that updating is way riskier than latent bugs (which can be tracked and CVEs monitored).
If you are updating a dependency, it’s on you to analyze every single commit in the full transitive set of dependencies. If you dont see anything compelling, dont update!
I remember at HashiCorp once in awhile an engineer would try to update a dep or replace a DIY lib with an external one and id always ask “show me the commit we need.” Dont update for the sake of it.
Feeling pretty swell about this mentality with all the supply chain attacks happening.
English
today in vibe coding land: people seem to have learned what feature flags are
agents do not change how we design and ship software. if it used to be a good idea, it still is.
feature flags are useful but shouldn't be overdone. they're not an excuse to ship broken code.
English
@ibuildthecloud Have you seen brokk.ai ? Its a lot more intelligent than all those VSCode forks
English
The problem is I can personally build a better coding agent... Should I just throw my hat into the ring? Take on the world? Why not?
English
sontek retweetledi
This is crazy. The hacker installed a dead-man's switch that will wipe your computer if you revoke the GitHub token they stole from you. Revoking the token is what triggers the wipe.
TANSTACK@tan_stack
SECURITY ADVISORY — TanStack npm packages A supply-chain compromise affecting 42 @tanstack/* packages (84 versions total) was published to npm earlier today at approximately 19:20 and 19:26 UTC. Two malicious versions per package. Status: ACTIVE — packages are deprecated, npm security engaged, publish path being shut down. Severity: HIGH — payload exfiltrates AWS, GCP, Kubernetes, and Vault credentials, GitHub tokens, .npmrc contents, and SSH keys. If you installed any @tanstack/* package between 19:20 and 19:30 UTC today, treat the host as potentially compromised: • Rotate cloud, GitHub, and SSH credentials immediately • Audit cloud audit logs for the last several hours • Pin to a prior known-good version and reinstall from a clean lockfile Detection — the malicious manifest contains: "optionalDependencies": { "@tanstack/setup": "github:tanstack/router#79ac49ee..." } Any version with this entry is compromised. The payload is delivered via a git-resolved optionalDependency whose prepare script runs router_init.js (~2.3 MB, smuggled into each tarball at the package root). Unpublish is blocked by npm policy for most affected packages due to existing third-party dependents. All 84 versions are being deprecated with a SECURITY warning, and npm security has been engaged to pull tarballs at the registry level. Full technical breakdown, complete package and version list, and rolling status updates: github.com/TanStack/route… Credit to the security researcher for responsible disclosure.
English
@ibuildthecloud What are your top tips? Maintaining custom skills and update them as the AI makes mistakes has been the biggest game changer for me
English
Programming with AI is a serious skill. It's been a very tricky thing to learn. I'm about 6 months in of embracing AI coding. I wish I had started earlier but oh well.
English
Anyone else employ engineers full time to reduce their datadog bill or is it just us? 😱
English
@trashh_dev NixOS will keep the ladies away and provide you a wonderful repeatable desktop experience
English
@Jordy_vD_ I've thought that my entire career.
But I wanted to "move fast" on my side project so I went with Django and used the ORM.
Now I'm finding surprise N+1 queries that were easy to introduce through the ORM but never would've happened if I wrote the query myself.
English
At this point it's not even worth it to use an ORM for many cases.
Just use SQL. It's not _that_ difficult of a language, you won't blow up your server bc some shitty ORM doesn't support joins the way you need them and instead runs 900 queries, and you have AI now.
Seriously, use a skill/MCP or export database DDL from datagrip into your AI, tell it what you want, and it happens.
Prob get better results too as you'll be able to use whatever database you're using to its fullest extent vs the smallest set that the ORM supports as it has to support every db engine under the sun.
English
@Shpigford Pro-tip: Its not a new business if its still operating under the same umbrella LLC!
English
wife says I can’t start any new businesses unless I get rid of some.
English
@filearts @bentlegen Half of my opinions around software development are from hard lessons I learned maintaining my "perfect design" many years later
English
@bentlegen I would also go further to say that you need to see and feel the long-term consequences of your "seemed like a good idea at the time" decisions.
It is humbling and critical to pragmatism and maturity.
English
job hopping can maximize short term gains
but the most valuable people in tech are those who've gone deep on problems for years
hard to get there if you're always hitting the reset button
kache@yacineMTB
Unless you are early at a startup, you should be job hopping as much as possible Every time I job hopped I've doubled my income. If I didn't switch jobs every time someone wanted to hire me, I would be much much poorer today
English
sontek retweetledi
Good companies don't hand their hardest, most critical projects to engineers that just walked in the door with a history of leaving early
If you want to solve those problems (and add them to your resume), you've got to stick around and earn it
English
Is there any good reason to not do internal expense management at an org through publishing a live feed of all expenses (tagged by project, employee) across the org? (Assuming a <50 person company and nothing classified/all employees roughly same level of trust).
English
@Shpigford I've needed good OCR on PDFs and images so many times. I prefer storing everything in google drive but it doesn't do a great job of that.
I agree that something like good search + AI Integration on top of a "drive" (dropbox/google drive) would be perfect.
English
evernote is doubling the price of my subscription to an arguably insane price, even for a PE-acquired business.
we've got 15+ years of docs stored there (huge % are scanned PDFs).
trying to figure out my move here.
i don't want another note taking app. i kind of just want a vault for dumping all our random document files (again, mostly PDFs) that's thoroughly indexed/searchable.
big caveat: needs to be also be easily shared with my wife.
wonder if there's something there from a biz perspective? 🤔
English
@zeeg @ryanvogel @dok2001 @jessicathelee I’ll join for the sous vide steaks. I’ll make the mashed potatoes
English
English
i am headed back to SF in early june for a secret event, but this time i am bringing my girlfriend ( @jessicathelee ) and I want to take her on the best date ever
what are good date spots in SF 👀
English
@OhNoNima I can give you one lesson. The lesson is:
if your statement starts with "train me", you don't get Open Source.
If that interests you then understand Open Source first, then revisit that statement
English
I wish we had more people contributing to Turso OSS from America.
English
@ibuildthecloud I get more nitpicks from non-AI reviews. AI reviews usually give actionable feedback
English
I find some people saying that they reject a lot of AI review comments. But I wonder how much of that is rejected because it's not that important and the developer doesn't want to waste their time. So if AI reported it and fixed it, small useless nits are fine. Let AI churn.
Darren Shepherd@ibuildthecloud
Reviews are mostly theater, but there's something still needed. Like it's better for your team to play make believe than nothing at all. I really think the issue is that people focus on the wrong things. So I hope AI can be like a logic linter. Like I don't want to argue about formatting so you put in an auto formatter and nobody can argue. I want a certain level of code issue to be reported by and just automatically fixed by AI so we can just review the important things. The actual meat of the change.
English