nicolaj

Looking for a job in crypto? Now, LlamaAI can help you out. We now have job listing data integrated to find which companies are hiring, the most in-demand skills, benchmark compensation, and specific roles that are a good fit.

@Praha37v 1) you call him exploiting for moving ahead in his career, but you are the one paying him $400/m 2) you are acting like this over $400 3) read point 2 again "design house for legendary tech startups", more like temu design house with underpaid workers and eerie leadership.

@Praha37v This doesn’t give any context to the issues he raised, at all.. you just posted a completely different thing, and handled that weirdly too. doesn’t take a genius to figure out you are reaching.

I’m figuring out how to do GPDR compliance on one of my web apps. shout out @cursor_ai for the plan.

Preflight treats and coding.

> be lovable > worth 5 billion dollars > big startup in EU > vibe coding app thingy > coding is for nerds, vibe code is cool and badass > early march @weezerOSINT reports bug > "can see everyones prompts and stuff lol" > image 1 is it thinking stuff > lovable replies > image 2 hackerone stuff > "duplicate lol but ya misconfigured firebase stuff" > acknowledges > half-fixes, only fixes NEW projects > old projects still free real estate > used by nvidia, microsoft, uber, spotify, etc > make free lovable account > make api call and ask for stuff > image 3 is lovable giving free stuff stuff all images from weezerosint. subsequent post is full thread on the anime

Here's my update to the broader community about the ongoing incident investigation. I want to give you the rundown of the situation directly. A Vercel employee got compromised via the breach of an AI platform customer called Context.ai that he was using. The details are being fully investigated. Through a series of maneuvers that escalated from our colleague’s compromised Vercel Google Workspace account, the attacker got further access to Vercel environments. Vercel stores all customer environment variables fully encrypted at rest. We have numerous defense-in-depth mechanisms to protect core systems and customer data. We do have a capability however to designate environment variables as “non-sensitive”. Unfortunately, the attacker got further access through their enumeration. We believe the attacking group to be highly sophisticated and, I strongly suspect, significantly accelerated by AI. They moved with surprising velocity and in-depth understanding of Vercel. At the moment, we believe the number of customers with security impact to be quite limited. We’ve reached out with utmost priority to the ones we have concerns about. All of our focus right now is on investigation, communication to customers, enhancement of security measures, and sanitization of our environments. We’ve deployed extensive protection measures and monitoring. We’ve analyzed our supply chain, ensuring Next.js, Turbopack, and our many open source projects remain safe for our community. The recommendation for all Vercel customers is to follow the Security Bulletin closely (vercel.com/kb/bulletin/ve…). My advice to everyone is to follow the best practices of security response: secret rotation, monitoring access to your Vercel environments and linked services, and ensuring the proper use of the sensitive env variables feature. In response to this, and to aid in the improvement of all of our customers’ security postures, we’ve already rolled out new capabilities in the dashboard, including an overview page of environment variables, and a better user interface for sensitive env var creation and management. As always, I’m totally open to your feedback. We’re working with elite cybersecurity firms, industry peers, and law enforcement. We’ve reached out to Context to assist in understanding the full scale of the incident, in an effort to protect other organizations and the broader internet. I also want to thank the Google Mandiant team for their active engagement and assistance. It’s my mission to turn this attack into the most formidable security response imaginable. It’s always been a top priority for me. Vercel employs some of the most dedicated security researchers and security-minded engineers in the world. I commit to keeping you updated and rolling out extensive improvements and defenses so you, our customers and community, can have the peace of mind that Vercel always has your back.

oh?

and yes, i've been very hyperaware of not leaking it in the frontend, some git commit, committed .env or a log. however it does look like the API got compromised based on usage (attacker checked the models accessible). deactivating all paid API's for now. I got a bad feeling.

ah cool, some idiot abused the API in my workout tracking app yesterday. No idea how this happened, I've put rate limits in the code, and with Anthropic, but somehow ended in a small negative. will investigate.

Terminal automation + e2e testing solved Now as simple as snapshot, click, type: – wterm renders terminal-in-html, every cell in the a11y tree – agent-browser automates pages via the a11y tree Here's opencode in one browser driving Claude Code in another

@aaronjmars looked more into it, pretty sick. feel like there is so many fun things to test with this.

@gitpushnico simuating behavior, best ads, price action, etc

i urge you to try running miroshark, you can get started very quickly - a simple simulation can run for $1 and it really feels like magic

asciinator.app is live product feel > everything else you can just ship things with love

@pizzaboy stupid question perhaps, but can’t you just upload your little puffy guy so it doesn’t need to be recreated? or are you just pointing out a limitation

bro can't even recreate my little puffy guy.

@DrapzDZN so true, you need Nano Banana 2 and a few other tools as well.

"Its so over for designers" I have never seen claude AI create brand identities like these.

Us to our mentions

let it simmer, as @ryolu_ says.

Promised myself to sleep early today. dammit..