Jonathan

What if your AI coding assistant actually understood developer marketing? I made 30+ skills that teach Claude Code, Cursor, and Windsurf how to: • Write Show HN posts that don't get flagged • Create docs that actually convert • Engage Reddit without getting roasted • Build newsletters devs actually read Open source. MIT licensed. github.com/jonathimer/dev…

@garrrikkotua @austinywang nice one!

I completely stopped using VS Code / Cursor Terminal + Claude Code / Codex is my entire workflow now (shoutout @austinywang for cmux.dev). But still sometimes I need reviewing what the agent actually changed. git diff is unreadable for multi-file changes. Opening an IDE just to glance at a diff is a context-switch tax. So I built cdiff - a Claude Code skill that opens a browser-based diff viewer. VS Code-style file tree, syntax highlighting, unified/split views, live reload as the agent writes code. Type /cdiff and it just works. It works amazingly with cmux, browser pane right next to Claude Code, diffs update in real time. Open source, runs on Bun, zero config. github.com/garrrikkotua/c…

i see so many people on X trying to scale SEO with AI and 1000s of auto-generated pages (aka programmatic SEO) expect your GSC chart to look like this - or worse if you want to do it right: - build domain authority first (backlinks backlinks backlinks) - use your robots.txt to control which pages get indexed - only give crawlers access to new pages once 80% of existing pages rank well - and most importantly: build high quality pages with unique & rich content otherwise you will waste crawler budget, Google will label your website as low quality and remove indexing, and it will take months if not years to recover i learned this the hard way

@ohryansbelt why am I not surprised the whole compliance industry is a pyramid scheme to begin with

Delve, a YC-backed compliance startup that raised $32 million, has been accused of systematically faking SOC 2, ISO 27001, HIPAA, and GDPR compliance reports for hundreds of clients. According to a detailed Substack investigation by DeepDelver, a leaked Google spreadsheet containing links to hundreds of confidential draft audit reports revealed that Delve generates auditor conclusions before any auditor reviews evidence, uses the same template across 99.8% of reports, and relies on Indian certification mills operating through empty US shells instead of the "US-based CPA firms" they advertise. Here's the breakdown: > 493 out of 494 leaked SOC 2 reports allegedly contain identical boilerplate text, including the same grammatical errors and nonsensical sentences, with only a company name, logo, org chart, and signature swapped in > Auditor conclusions and test procedures are reportedly pre-written in draft reports before clients even provide their company description, which would violate AICPA independence rules requiring auditors to independently design tests and form conclusions > All 259 Type II reports claim zero security incidents, zero personnel changes, zero customer terminations, and zero cyber incidents during the observation period, with identical "unable to test" conclusions across every client > Delve's "US-based auditors" are actually Accorp and Gradient, described as Indian certification mills operating through US shell entities. 99%+ of clients reportedly went through one of these two firms over the past 6 months > The platform allegedly publishes fully populated trust pages claiming vulnerability scanning, pentesting, and data recovery simulations before any compliance work has been done > Delve pre-fabricates board meeting minutes, risk assessments, security incident simulations, and employee evidence that clients can adopt with a single click, according to the author > Most "integrations" are just containers for manual screenshots with no actual API connections. The author describes the platform as a "SOC 2 template pack with a thin SaaS wrapper" > When the leak was exposed, CEO Karun Kaushik emailed clients calling the allegations "falsified claims" from an "AI-generated email" and stated no sensitive data was accessed, while the reports themselves contained private signatures and confidential architecture diagrams > Companies relying on these reports could face criminal liability under HIPAA and fines up to 4% of global revenue under GDPR for compliance violations they believed were resolved > When clients threaten to leave, Delve reportedly pairs them with an external vCISO for manual off-platform work, which the author argues proves their own platform can't deliver real compliance > Delve's sales price dropped from $15,000 to $6,000 with ISO 27001 and a penetration test thrown in when a client mentioned considering a competitor

sounds almost too good to be true

who will be at KubeCon in Amsterdam next week?

Summary of the MCP vs. CLI debate on X this week.

The gap between "I have an idea" and "I have a product someone can use" is gone. It feels like we are living through the biggest power transfer in the history of the internet. I don't know how else to describe it. It's all I can think about. Please tell me I'm not alone.

this would be huge for Europe

We've raised $6.5M to kill vector databases. Every system today retrieves context the same way: vector search that stores everything as flat embeddings and returns whatever "feels" closest. Similar, sure. Relevant? Almost never. Embeddings can’t tell a Q3 renewal clause from a Q1 termination notice if the language is close enough. A friend of mine asked his AI about a contract last week, and it returned a detailed, perfectly crafted answer pulled from a completely different client’s file. Once you’re dealing with 10M+ documents, these mix-ups happen all the time. VectorDB accuracy goes to shit. We built @hydra_db for exactly this. HydraDB builds an ontology-first context graph over your data, maps relationships between entities, understands the 'why' behind documents, and tracks how information evolves over time. So when you ask about 'Apple,' it knows you mean the company you're serving as a customer. Not the fruit. Even when a vector DB's similarity score says 0.94. More below ⬇️

@matthausk @samuelcolvin Nice! @samuelcolvin would love to hear your thoughts on this

@jonathimer Great ! This was one of the ideas @samuelcolvin threw into the room re on how to defend vs AI slop on the "Open Source in the Age of AI" panel at PyAI SF this week.

Open source has an AI slop problem. If we don't find solutions, more projects will shut down outside contributions entirely. I built Contributor Score, a simple trust score (0-100) for GitHub contributors based on public signals like PR acceptance rate, account age, repo diversity, and spam patterns. The idea: Install a GH action on your repo to check every incoming PR and triage contributions based on it. For now, this is a thought experiment. I'd love to get feedback from maintainers on this. Prototype: jonathimer.github.io/contributor-sc…

@mitchellh how about a "credit score" for contributors? i built a prototype for this: jonathimer.github.io/contributor-sc…

I've been doing open source since I was a teenager (over 20yrs). And for the first time ever, I'm considering closing external PRs to my OSS projects completely. This will throw the baby out with the bathwater and I hate that, but we close auto-opened slop PRs every single day.

@peer_rich perhaps this could be part of a solution x.com/jonathimer/sta…

open source contributions are dead unless things change drastically

now that I’m no longer doing a startup and won’t for many years, some early stage startup fundraising advice: don’t spend any time at all with investors until you’re ready. tell them you’re too busy. do not meet with them. yes especially if an associate emails you 5 times

just picked up this bad boy. can't wait to write some software with it

“So you vibe coded HubSpot and Slack replacements to save $500 per month” “Yes Dave” “And it cost you $25,000 worth of tokens to do this” “Yes Dave” “And it costs your company $50,000 per year to maintain” “Yes Dave” “And your startup is at zero revenue” “Yes Dave”

@pmarquees makes sense! German companies somehow think it's a good idea to cap compensations

@jonathimer I also measure compensation when I think about it too. There were also lots of jobs and companies in Germany but getting a proper “big” salary on those was much harder.

It is honestly insane how Amsterdam used to be at the epicenter of tech in Europe but it has now shifted to Stockholm and Paris. Stockholm makes sense but Paris for me came out of left field.