ً

fun fact: you can also do setTimeout(“debugger”, 3000)

Confirmed the fuma-content repository was affected by Shai-Hulud: - it happened likely during the transition to pnpm v11 (which should disable any postinstall scripts unless explicitly allowed), the postinstall script in affected Tanstack Start packages was triggered while pnpm was still v9. - there's no affected versions of following being published (from what I have verified manually): fuma-content, fumadb, fumadocs. I suspect it's because (1) .npmrc file only contained hoist options (2) pnpm v11 was used since then. (3) I don't use Claude Code. It's possible that I overlooked some versions/packages, but all recently published package versions are manually verified. - fuma-content is already deprecated, repo history is kept to analyse the cause. - my machine has finished factory reset, all secrets are revoked, this will cause some sites to break temporarily. Will be back soon once I get more information & some sleep.

@fuma_nama Sweet, thanks for moving on this so quickly

@user2jz Revoked all secrets I'm aware of, some of my sites might breaks due to this, confirmed GitHub & npm accounts are not affected

Hi @fuma_nama, your repository got compromised with the malicious Shai-Hulud setup script. I encourage you to take quick action Commit: github.com/fuma-nama/fuma…

@mattpocockuk yup, using posthog feature flags

Is anyone doing feature flag development with agents? Not tried it, but in theory feature flagging is an alternative model to PR's to getting work on main. 1. Put it on main, disabled by a flag 2. Deploy with the rest of the system 3. Unflag to selected users early 4. Fix bugs for those users 5. Unflag to more users 6. Repeat until shipped Feels like a perfect strategy to pair with agents

basically kie.ai's business model

Never use a claude code prompt without /grill-with-docs by the way

@vxunderground they're still creating repos on hacked accounts

Shai-Hulud, that spoopy Git worm thingy everyones been yapping about, was open-sourced. Unfortunately, GitHub has removed the repo. This is terrible news. It can no longer be studied... unless there was someone who collected this sort of thing and has a local copy...

@mattpocockuk try running `npx skills@latest add handwriting` jk matt :D

First day in a while trying time blocking I think I love it now, not sure what changed

❌ Se acabaron los "daños colaterales" de Javier Tebas: el Congreso frena los bloqueos indiscriminados de IPs por parte de LaLiga. ➡️ Tras años de bloqueos masivos sin control, se impondrán límites para que el Internet español no se paralice cada... larazon.es/tecnologia-con…

This weeks' skills changelog: - /ubiquitous-language deprecated, use /grill-with-docs instead - /grill-with-docs for codebases, /grill-me everywhere else - Skills can now be used with any issue tracker - Experimental /diagnose and /triage skills

@mattpocockuk it sometimes outputs the options using the super nested labels directly (A2.1.b.i, A2.1.b.ii, A2.1.b.iii, A2.1.b.iv …). it makes it a bit tough to read and reply to cleanly, although not a big deal

Anyone who's tried my new /domain-model skill - any feedback? Hearing positive noises but would love more detail. It replaces /grill-me in my stack, adding a thin layer of docs and ADRs during ideation.

it's been 10 years since µWebSockets (𝚞𝚆𝚜) released imo one of the most underrated yet more powerful libraries out there

@PunGrumpy @cursor_ai Same issue for me @cursor_ai

Hey @cursor_ai, My dashboard shows “Failed to load usage data” 🥲 Tried refresh but still broken.

@benln favorite key ⌨️

@benln everyday, locked in 🎯

Who’s building today?

claimed the 100$ credit on cursor's cloud agents to ship even faster 🐐 currently using cloud agents to tackle high impact pending tasks in my backlog, while in parallel I keep building with the desktop app, honestly it feels amazing

@initjean damn

added Cursor support npx slopmeter@latest --cursor --dark

introducing slopmeter a cli tool to create a sharable nice looking graph to show off your Codex, Claude Code, or OpenCode usage npx slopmeter@latest

bike ride + late night coding session, name a better plan :)

a person who commits to something for a thousand days straight becomes a force that most people will encounter once in their lifetime and never forget. a thousand days. hardly anyone can commit to something for thirty. which means the field thins dramatically by day sixty. and by day two hundred you are essentially alone. and by day five hundred the results have started compounding so aggressively that people will use the word talent to describe what is actually just the accumulated residue of a person who refused to leave the room.