Aayush Tirmanwar
316 posts
Aayush Tirmanwar
@tiru299
Building cool backends | I debug productions so you don't have to | Hard-won lessons from building real systems | Open to work and freelance projects 🚀
Nagpur Katılım Eylül 2024
35 Takip Edilen21 Takipçiler
wow @garrytan just exposed Anthropic as total frauds
Claude Code was ONLY 512K LOC ☹️
Gary is shipping 37K LOCs PER DAY
so Gary could recreate all of Claude Code in ONLY 13 days!
a supposedly $380 billion is big trouble
English
@tiru299 The review gap is real. Generated code outpaces anyone's ability to audit it.
English
Vibe coding and ai bubble has been bursted finally after so many large scale and brutal attacks happening ai is able to generate a lot of code but the devs reviewing them are losing the context of it and not able to review the security vulnerabilities.
Anthropic's CEO literally said nobody in their team is not writing code manually , and yesterday the claude code src code map file was
leaked and some parts of it are genuinely questionable and funny for a company evaluated at 2 Billion $ .
English
The downfall of bun has begun. Time to switch back to Node. @jarredsumner thanks for selling out.
Bun@bunjavascript
In the next version of Bun Bun goes ad-supported!
English
What the fucking hell is happening today dude , first axios got hacked and now claude code's src code got leaked , CRAZY DAY!!!!
Chaofan Shou@Fried_rice
Claude code source code has been leaked via a map file in their npm registry! Code: …a8527898604c1bbb12468b1581d95e.r2.dev/src.zip
English
Exactly what I think about ai , attackers are exploiting the exact targets that ai simply doesn't consider
Feross@feross
AI is playing a role in two ways: 1.Far more code is being written (1.5-2x by some estimates) and far more people are vibe coding without reviewing what their agents install. Every unreviewed dependency is an attack surface. 2.Attackers have woken up. We saw the first NPM worm last year. The recent TeamPCP attacks (against Trivy and LiteLLM) have stolen a massive number of credentials that most teams haven’t rotated yet. We’ll be dealing with the long tail of these compromises for 6-12 months. Not that developers were good at reviewing dependencies before. But AI has mass-produced the exact behavior attackers exploit.
English
Aayush Tirmanwar retweetledi
🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages.
The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise.
This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now.
Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that:
• Deobfuscates embedded payloads and operational strings at runtime
• Dynamically loads fs, os, and execSync to evade static analysis
• Executes decoded shell commands
• Stages and copies payload files into OS temp and Windows ProgramData directories
• Deletes and renames artifacts post-execution to destroy forensic evidence
If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.
English
There is this really interesting theorem in software engineering called the CAP theorem.
In distributed systems, the CAP theorem says you can only have two:
Consistency, Availability, Partition Tolerance.
Most real systems choose Availability + Partition Tolerance, and settle for eventual consistency , meaning the data will be synced eventually after some time.
Life works the same way.
If you stay available (show up daily) and tolerate chaos (bad days, distractions), you won’t be perfectly consistent every day.
But over time?
𝐘𝐨𝐮 𝐛𝐞𝐜𝐨𝐦𝐞 𝐞𝐯𝐞𝐧𝐭𝐮𝐚𝐥𝐥𝐲 𝐜𝐨𝐧𝐬𝐢𝐬𝐭𝐞𝐧𝐭.
How cool is that .
English
@ashoKumar89 These are some really cool points , but most of them work if most of the requests are read requests , but how do you scale if write heavy requests are more in number than read requests ? Would love to know from you ...
English
If your API is getting slow under load, you don’t need a faster server.
You need this 👇
1. Caching
Don’t hit database every time. Use Redis for hot data.
2. Rate limiting
Protect your system from abuse.
3. Connection pooling
Database connections are expensive.
4. Indexing
Without indexes, your database is guessing.
5. Async processing
Move heavy work to queues.
Most systems don’t fail because of traffic.
They fail because of bad design.
English
working on my sniffer cli today and things got messy real quick
npm registry started hitting rate limits because I was sending too many requests at once 😭
so now adding some batch throttling to control it
then tried ctrl + c to stop it… and it just didn’t stop lol
so yeah, building a proper shutdown handler to kill everything cleanly
realized again , writing code is easy, making it behave properly is the real work 😅
English
@kumarukutkarsh @piyushgarg_dev Any guy who is not new , can 100 % tell this is a clickbait @piyushgarg_dev sirji aage kiska number hai 😂??
English
first of all if its a ragebait then ignore , if not then here are some suggestions.
the layout looks good. you might want to refine the colors a bit. the current shades feel a bit strong and can be harsh on the eyes. using more subtle and consistent tones would improve the overall feel. you could stick to a minimal palette with one or two shades like gray, black, and white to keep the ui clean and simple.
English
Unpopular opinion :
Most full stack developers are frontend developers .
#softwareengineering
English
@alisaesage Yeah you shouldn't , but even if you have to, you can always encrypt your key before storing in db . I don't see a reason why people are making a fuss here .
English
Dear web dev,
Don't put Stripe API keys into the database.
One SQL injection and a script kiddie drains your bank account via direct debit
English
