Vincent Schmalbach

@chenzeling4 Nice read. Look forward to picking this apart.

Most "build an LLM from scratch" tutorials assume you already have a PhD. This one assumes you have a brain. How to Train Your GPT is a 12-chapter interactive textbook, 7,500+ lines, every line commented. LLaMA 3 architecture, explained like you're five. RoPE, attention, KV cache, all of it. No skipped steps, no hand-waving. ⭐ 2.3K #AI #MachineLearning github.com/raiyanyahya/ho… Follow for daily dev finds 🔔

@KingHenryMorgan Local memory cache is painful with multiple servers. Redis makes the whole setup much nicer.

Isn’t Redis literally an in-memory cache? The real debate is Redis vs local memory cache.

@rst_cloud Legacy SQL queries are always the first thing to check. Good to see this highlighted.

#threatreport #HighCompleteness Hidden in Teams: DragonForce Attackers Weaponize Microsoft Teams Relays to Stay Hidden | 16-06-2026 Source: security.com/threat-intelli… Key details below ↓ 🧑‍💻Actors/Campaigns: Dragonforce 💀Threats: Dragonforce_ransomware, Byovd_technique, Dll_hijacking_technique, Abyss_locker, Abyssworker, Av-killer, Netscan_tool, 🎯Victims: Services 🌐Geo: Switzerland 🔓CVEs: CVE-2025-1055 \[[Vulners](vulners.com/cve/CVE-2025-1…)] - CVSS V3.1: *5.6*, - Vulners: Exploitation: Unknown CVE-2025-61155 \[[Vulners](vulners.com/cve/CVE-2025-6…)] - CVSS V3.1: *5.5*, - Vulners: Exploitation: True CVE-2023-52271 \[[Vulners](vulners.com/cve/CVE-2023-5…)] - CVSS V3.1: *6.5*, - Vulners: Exploitation: Unknown Soft: - topazevolution antifraud (le2.0.0.0) 🤖LLM extracted TTPs:` T1036, T1041, T1055, T1068, T1090, T1105, T1112, T1136.001, T1190, T1211, ... 🧨IOCs: - File: 7 - Hash: 22 - Domain: 8 - Url: 1 - IP: 1 💽Software: Microsoft Teams, MSSQL, VirtualBox 🔢Algorithms: zip 📜Programming Languages: golang #threatreport: The DragonForce ransomware group has developed advanced techniques to conduct cyber attacks, notably employing a Go-based remote access Trojan named Backdoor.Turn, which leverages Microsoft Teams' TURN relay infrastructure for command-and-control (C2) communication. This approach allows the attackers to conceal their C2 traffic within legitimate Microsoft Teams server connections, making detection difficult for network defenders, who may only observe normal outbound traffic. Backdoor.Turn represents a significant innovation in malware behavior, as it is the first known instance of a malware exploiting TURN relays in this manner. The attackers initially compromised the U.S. services firm’s network using an unspecified vulnerability in an SQL or MSSQL server, potentially acquired via an access broker, and maintained access for one to two months before deploying their ransomware. The payload involved downloading a ZIP file containing a legitimate VirtualBox application accompanied by a malicious DLL, which was used for side-loading and to facilitate access and data exfiltration. This process included techniques that modified firewall rules and used aggregated user credentials for maintaining control over compromised systems. A critical component of the attackers' tactics involved DLL hijacking to insert malicious code into trusted processes, notably VirtualBox, which provided a method for achieving elevated privileges without triggering security alerts. Moreover, the attackers utilized the "Bring Your Own Vulnerable Driver" (BYOVD) technique by exploiting known vulnerabilities in legitimate drivers, including a novel exploit of Huawei's HWAuidoOs2Ec.sys. Additionally, they leveraged various driver vulnerabilities across other systems, showcasing a strategic focus on developing advanced evasion techniques that enable deeper infiltration into networks. Through their operations, the DragonForce group has exhibited a high level of sophistication, transitioning from a standard ransomware-as-a-service model to a more structured cartel-like organization. This evolution reflects enhanced capabilities, strategic planning for targeted campaigns, and a growing focus on operational maturity. The deployment of Backdoor.Turn, coupled with their multi-pronged defense evasion strategies, underscores the group's position among the most persistent and capable ransomware threats currently identified.

@HeyDravon Classic Google. Late again.

sundar pichai told developers 'next month' at google I/O. that was may. it's june 24. gemini 3.5 pro is now targeting july. turns out the flash model was eating tokens too fast. so they went back to fix it.

@emaedi0ng Same Gemnin API is great with tokens. Need faster response times on pro.

"significant chunk" working on Gemini yet it's shite. Wonder why I pay for pro

@techdaily24 Running queues and search in a single Postgres DB is very nice. One database keeps things simple.

PostgreSQL Is Enough gist.github.com/cpursley/c8fb8… #Innovation #technews

@nrachabathuni Postgres JSONB was my secret document db many times.

Stop overcomplicating your stack with niche databases before you've hit scale limits. PostgreSQL is still the most robust, feature-rich choice for 95% of production use cases in 2024. Is there a specific edge case forcing you away from Postgres? #buildinpublic

@roysharmin Must remember to try this folder setup. Thanks for sharing.

I use Claude code a lot. My seniors and self experiment taught me to setup and use it: Step 1: The folder Create a folder on the computer: "Claude-Code" Create 3 subfolders: ABOUT ME OUTPUTS TEMPLATES Step 2: The brain file Open Code. Ask it to interview you. 20 questions to help it learn about you. Code compiles everything into: about-me.md Strictly keep it under 2,000 tokens. Step 3: The taste file Create: anti-ai-writing-style.md Ban the words you hate. Mine bans 80+. Without this file, Claude writes like Claude. With it, Claude writes like you. Download the anti-AI file directly: Step 4: The strategy file Create: my-company.md Include: Your targets Platforms What you're saying no to Not your deadlines Keep it under 1,000 tokens. Update it once a quarter. Step 5: Save tokens Don't send follow-ups. Restart your prompts. Message 30 costs 31× more than Message 1. Start fresh every 20 messages. Use Sonnet for quick work. Save Opus for deep work. Tell me your tips.

@singmanohar77 This waiting on the Assistant file is frustrating. Writing it myself would be quicker.

Claude sonnet 4.6 is really bad at times, it stop working, it say I am working but then it does not, it just hangs in there again you ask, and it is same again, it goes on like this for hours... at times it keeps on doing things, without asking against the instruction is given.

@infoflowcloud Found an old Filament v3 app today. One composer update, all good on the RichEditor. Nice!

🚨*CVE* CVE-2026-55409 Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.53, a disabled RichEditor field rendered its raw state wit… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-55409 Fil… infoflow.cloud`

@harnessio @Google @Dropbox @Spotify My weekend project these days - Playwright suites getting faster.

50% of PRs hit a flaky test failure. p95 wait for test results can hit 95 minutes. Teams at @Google, @Dropbox, and @Spotify built entire internal systems just to manage test infrastructure. Writing Playwright tests isn't the problem. Everything after is. 🧵⤵️

@ynetnews Sorting security alert lists is such a grind. Hope this makes the process much quicker.

Cato joins OpenAI Daybreak program to advance AI-powered cyber defense Cato Networks says the partnership will bring OpenAI cyber capabilities into enterprise security workflows, aiming to speed vulnerability disco... ynetnews.com/tech-and-digit…

The Junior Developer Problem Is Becoming a Senior Developer Problem: AI is fundamentally changing how junior developers learn, but it’s also making senior developers a whole lot less valuable if all they’re doing is tak vincentschmalbach.com/the-junior-dev…

Before committing: run three real tasks through the AI assistant on that stack. Count the answered questions on the open web. Thin training data is a concrete delivery risk.

AI tools make this worse. On a stack with thin public data, the coding assistant confidently generates API signatures that fail on deploy. Hours lost correcting code that looked plausible.

Picking a trendy stack to impress other engineers delays shipping for years. That social signal disappears the moment something breaks at midnight and search results come back empty.

Vibe Code Is Legacy Code Before It Ships: Vibe coding is useful and fast. Nearly a quarter of the YC W25 batch apparently has codebases that are almost entirely AI-generated. This is a giant l vincentschmalbach.com/vibe-code-is-l…

@Vax0r Inspecting that taskbar's CSS would be fun. Sonnet does nice layouts for real.

He typed one sentence into Claude and got a working Windows 12. Not a concept. Not a mockup. A functional desktop — This PC, Settings, Photos, Edge, Recycle Bin, taskbar, the whole thing running in a browser window. The prompt: "create windows 12 and make no mistakes." That's it. Claude Sonnet 4.6 built an entire operating system interface from eleven words at 2am. No dev team. No UI framework. No months of design sprints. Microsoft has thousands of engineers and billions in budget. He had a laptop and a Claude subscription. The gap between "I have an idea" and "I built it" used to be measured in years. Now it's measured in seconds.

@SeeratFatima112 Putting table info there helps with smarter SQL.

You don't need to learn to code anymore. Here's how to prompt Claude Code (zero coding): 1. Turn on "Allow bypass permissions mode" first. (Settings → Claude Code) 2. Make a folder. Everything it builds lives here. 3. Settings → Connectors, add Netlify & Supabase. 4. Click the folder icon and select your folder. 5. Pick Opus 4.8 model (High Effort). 6. Use this setup guide: ruben.substack.com/p/the-claude-c… Claude now builds anything you describe in English. But here's where it gets powerful: 1. Stop describing code & typing 'make it look good' Start from a screenshot. Found a site you love? Screenshot it, & say "build this, but for my thing." 2. Then paste this prompt: "You're my CTO. I'm the CEO. I don't write code and I don't read it. Bypass is on - don't ask, just build. I want [your goal]. Interview me one question at a time using AskUserQuestion, then build it. Use Netlify to push it live and give me a link. Match this screenshot." 3. Claude reads the screenshot, asks you questions. You click the answers. It ships. My Calendly example went live in 24 minutes. Three things nobody tells you: → Build one piece at a time. The home page first. Get it right. Then the next page. Small prompts give Claude less room to break what already works. → When something looks off, don't describe it - screenshot it & paste it back: "this overlaps on mobile, fix it." Faster than words every time. → Your site will look like every other AI site. The fix: Go to getdesign .md, download a real brand's file - Stripe, Notion, even Claude. Drop it in your folder & say "use this for all the styling." The secret is not knowing how to code anymore. It is knowing how to prompt. But to go even deeper, use my full playbook: ruben.substack.com/p/the-claude-c… (save this if you can't code - you won't need to)

@infoflowcloud Good upgrade fixes the issue. Good work

🚨*CVE* CVE-2026-48167 Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the ImageColumn and ImageEntry components re… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-48167 Fil… infoflow.cloud`