Закреплённый твит
In today’s episode of “Spending way to much time and money on a stupid idea”, I proudly present you my PoE-powered can of spam.
English
Daniel Hepper
2.6K posts
Daniel Hepper
@danielhepper
CTO @userlike 🐍 Pythonista 🏃♂️ Amateur runner 👨👩👦 Dad
Cologne Присоединился Mart 2008
673 Подписки740 Подписчики
@ReimarBauer We have an SBOM of our dependencies across all languages with dependency track. But that doesn‘t tell me which of our dependencies used Trivy as part of their CI pipeline, meaning they were potentially compromised. Haven heard of Pixi, since we are not in the Conda ecosystem.
English
@danielhepper You do have a full SBOM by the pixi.lock file. This includes any dependency.
Consider for a future issue.
English
Is there a list of packages that used a compromised version of Trivy in their CI? I can check my dependency graph, but I can‘t check the Github workflow history of all our dependencies.
Daniel Hnyk@hnykda
@Callum_McMahon_ @karpathy @simonw PyPI quarantined it in 46 minutes, but that was enough for 47k downloads. 2,337 packages on PyPI depend on litellm. 88% had no version pin. We analyzed that, check if you were exposed: futuresearch.ai/blog/litellm-h…
English
@RyanHoliday How do you cure „the slows“? Asking for a friend.
English
New benchmark just dropped:
“Task so boring the AI does it twice” 🫠
English
@arvidkahl I was quite impressed by Shannon: github.com/KeygraphHQ/sha…
It will happily use up half your weekly quota though
English
What do you use to have Claude Code do a full security sweep of your codebase?
My go-to is “Run a deep OWASP security sweep of the full app, all APIs and any internal services. Report in descending severity and suggest solutions using the AskUserQuestion tool.” in plan mode.
English
@d4m1n We are using @withgraphite Diamond. It catches issues on a regular basis, but there are also many false-positives.
English
@jasonfried @adamjcolvin Your designers write HTML/CSS, right? Our designers use Figma, frontend devs write React/TS, and backend devs use Python. Without a common workpiece, collaboration between design and frontend is challenging. As a result, designers sometimes don‘t get involved at all.
English
@adamjcolvin Our teams are one designer and one programmer. That’s the split you’re describing. No one waits - they work together. It’s a dance. Someone leads, but both are moving.
English
Working on the Second Edition of Shape Up and we want to make sure we're addressing common open questions, snags, or things people wonder about.
Got any Q's you'd really like to see answered in the updated book?
English
@forgebitz I was thinking in terms of security, but if you think of competition, absolutely.
English
@arvidkahl “experienced open-source developers working on their own repositories” - I’d argue that’s not representative of most software development.
English
Okay this is pretty wild:
"When developers are allowed to use AI tools, they take 19% longer to complete issues—a significant slowdown that goes against developer beliefs and expert forecasts. This gap between perception and reality is striking: developers expected AI to speed them up by 24%, and even after experiencing the slowdown, they still believed AI had sped them up by 20%.
Source: metr.org/blog/2025-07-1…
English
Last day of PyCon DE & PyData 2025 being kicked of by @lvwerra giving a glimpse into the future of AI
English
It’s been a while since my last major tech conference, so I’m very excited to be speaking at PyConDE & PyData 2025 in Darmstadt today!
I’ll be presenting “Conquering the Queue: Lessons from processing one billion Celery tasks” with insights from using Celery at Userlike.
English
@GergelyOrosz I agree that 16 GB should be enough, but it really isn’t anymore. Unless you are very disciplined with your open apps (and tabs!), you just have to bite the bullet and upgrade to >32 GB. Our dev machines have been 32 GB for a few years now.
English
Amusing the replies suggesting I use a Mac or an M series machine.
I am using an M-series Mac with 16GB of RAM.
But then I actually use it: e.g. browser tabs, VS Code, Slack, video editor, DB manager open. Some of them struggle to resume in a snappy way.
The app layer remains bloated.
English
Just incredible how often waking up my computer from sleep in 2025 makes it feel as sluggish as it felt in 1995 to do so.
We have so much better hardware 30 years later - but software bloat negates the hardware efficiency gains all too often.
Sigh.
English
On my way home from PyConWeb. Thanks for the team putting together a great event and getting me back on the conference bandwagon. Looking forward to next year!
PyConWeb@pyconweb
The wrap-up of our #PyConWeb 2035 full of insights, discussions, coffee, lightning talks and fun. A huge thanks you from our team to each of you who was with us on-site and online 🙌✨
English
Somehow I managed to get my Facebook account restricted, and now all things Meta keep breaking in random ways, including the account status page in Facebook Business Support.
English
@CristianRus4 Is it possible to customize the special events in the life view?
English
this was a fun project while working on other apps
what's next?
- more views apart of the current three
- widgets customization
- travel in time
- more fun stuff!
English
hey 👋 I made an app!
Meet Left, a new way to visualize time
inspired by @waitbutwhy, I decided to build an app to see the time left as dots
it's completely free and now available on the App Store
English
@nikitabier Don’t forget that someone has to push the fuel rods into the nuclear power plants. So many opportunities!
English
We’re on the last few months to build an app. It’s time to pick a new career; maybe GPU cleaner, data center slave, or OnlyFans.
English
Ready to reflect on the past year & kickstart 2025?
Then use my Yearly Review In-Depth Reflection Guide:
• Review 2024
• Pinpoint what worked & what didn't
• Turn your biggest takeaways into content
Like & reply "review" and I'll DM it to you for free!
English