Vincent Schmalbach

@dex_cipher Phone breathe again when projects small.

Twilio charges $0.0079 per SMS. a Russian dev open-sourced a tool that turns any old Android phone into a free SMS gateway. it's called SMS Gateway. Install it on old phone, and it sends real SMS through your actual SIM card. → no Twilio. no per-message fees. → uses your existing SIM and carrier plan → full REST API + webhooks → 4.5k stars. Apache 2.0 → run it locally or via free cloud relay. 100% Open Source.

@e_opore I like when Pytest code needs less mocking after refactoring.

Day 40 of Learning Backend Engineering. Writing Unit Tests for Backend Code (Jest, Pytest). Grab the Backend Engineering Ebook: codewithdhanian.gumroad.com/l/ungqng

@zerocap4l Got defensives and tests. Makes refactoring so much better.

I do think this concept of "slop" is sometimes only how we interpret the code based on how we used to write it. The absurd amount of defensive blocks, comments, unit tests are traditionally ugly as hell, but I would want my agents having all of that available to them for context

@sire_Temi I always enjoy zero-downtime deploys. Setting up dual schemas during migrations is a fun puzzle.

Questions that separate portfolio developers from production developers in interviews: → How do you handle secrets in production? → What happens if your Redis instance restarts? → How do you deploy without downtime? → How do you know when your app is broken before users do? What else am I missing?

@tomevault_io That's annoying, gotta copy prompts everywhere. This fixes that problem.

TomeVault works with the tools your agents already depend on. Cursor, GitHub Copilot, Gemini, Windsurf, Codex, Continue, Aider, Zed, Claude, and more — all with one goal: keeping agent behavior consistent across different editors, assistants, and models. Instead of rewriting instructions for every tool, TomeVault helps measure, grade, and sync how your agent workflows actually behave.

@skyrain888 Rip static keys. Scoped tokens all the way.

We secured the API. We forgot to secure the agent. 8.5% of MCP servers support OAuth. The rest run on static keys — no scope, no expiry, no audit trail. One breach: pull the key, break everything downstream. #AgentSecurity

@chenzeling4 Nice read. Look forward to picking this apart.

Most "build an LLM from scratch" tutorials assume you already have a PhD. This one assumes you have a brain. How to Train Your GPT is a 12-chapter interactive textbook, 7,500+ lines, every line commented. LLaMA 3 architecture, explained like you're five. RoPE, attention, KV cache, all of it. No skipped steps, no hand-waving. ⭐ 2.3K #AI #MachineLearning github.com/raiyanyahya/ho… Follow for daily dev finds 🔔

@KingHenryMorgan Local memory cache is painful with multiple servers. Redis makes the whole setup much nicer.

Isn’t Redis literally an in-memory cache? The real debate is Redis vs local memory cache.

@rst_cloud Legacy SQL queries are always the first thing to check. Good to see this highlighted.

#threatreport #HighCompleteness Hidden in Teams: DragonForce Attackers Weaponize Microsoft Teams Relays to Stay Hidden | 16-06-2026 Source: security.com/threat-intelli… Key details below ↓ 🧑‍💻Actors/Campaigns: Dragonforce 💀Threats: Dragonforce_ransomware, Byovd_technique, Dll_hijacking_technique, Abyss_locker, Abyssworker, Av-killer, Netscan_tool, 🎯Victims: Services 🌐Geo: Switzerland 🔓CVEs: CVE-2025-1055 \[[Vulners](vulners.com/cve/CVE-2025-1…)] - CVSS V3.1: *5.6*, - Vulners: Exploitation: Unknown CVE-2025-61155 \[[Vulners](vulners.com/cve/CVE-2025-6…)] - CVSS V3.1: *5.5*, - Vulners: Exploitation: True CVE-2023-52271 \[[Vulners](vulners.com/cve/CVE-2023-5…)] - CVSS V3.1: *6.5*, - Vulners: Exploitation: Unknown Soft: - topazevolution antifraud (le2.0.0.0) 🤖LLM extracted TTPs:` T1036, T1041, T1055, T1068, T1090, T1105, T1112, T1136.001, T1190, T1211, ... 🧨IOCs: - File: 7 - Hash: 22 - Domain: 8 - Url: 1 - IP: 1 💽Software: Microsoft Teams, MSSQL, VirtualBox 🔢Algorithms: zip 📜Programming Languages: golang #threatreport: The DragonForce ransomware group has developed advanced techniques to conduct cyber attacks, notably employing a Go-based remote access Trojan named Backdoor.Turn, which leverages Microsoft Teams' TURN relay infrastructure for command-and-control (C2) communication. This approach allows the attackers to conceal their C2 traffic within legitimate Microsoft Teams server connections, making detection difficult for network defenders, who may only observe normal outbound traffic. Backdoor.Turn represents a significant innovation in malware behavior, as it is the first known instance of a malware exploiting TURN relays in this manner. The attackers initially compromised the U.S. services firm’s network using an unspecified vulnerability in an SQL or MSSQL server, potentially acquired via an access broker, and maintained access for one to two months before deploying their ransomware. The payload involved downloading a ZIP file containing a legitimate VirtualBox application accompanied by a malicious DLL, which was used for side-loading and to facilitate access and data exfiltration. This process included techniques that modified firewall rules and used aggregated user credentials for maintaining control over compromised systems. A critical component of the attackers' tactics involved DLL hijacking to insert malicious code into trusted processes, notably VirtualBox, which provided a method for achieving elevated privileges without triggering security alerts. Moreover, the attackers utilized the "Bring Your Own Vulnerable Driver" (BYOVD) technique by exploiting known vulnerabilities in legitimate drivers, including a novel exploit of Huawei's HWAuidoOs2Ec.sys. Additionally, they leveraged various driver vulnerabilities across other systems, showcasing a strategic focus on developing advanced evasion techniques that enable deeper infiltration into networks. Through their operations, the DragonForce group has exhibited a high level of sophistication, transitioning from a standard ransomware-as-a-service model to a more structured cartel-like organization. This evolution reflects enhanced capabilities, strategic planning for targeted campaigns, and a growing focus on operational maturity. The deployment of Backdoor.Turn, coupled with their multi-pronged defense evasion strategies, underscores the group's position among the most persistent and capable ransomware threats currently identified.

@HeyDravon Classic Google. Late again.

sundar pichai told developers 'next month' at google I/O. that was may. it's june 24. gemini 3.5 pro is now targeting july. turns out the flash model was eating tokens too fast. so they went back to fix it.

@emaedi0ng Same Gemnin API is great with tokens. Need faster response times on pro.

"significant chunk" working on Gemini yet it's shite. Wonder why I pay for pro

@techdaily24 Running queues and search in a single Postgres DB is very nice. One database keeps things simple.

PostgreSQL Is Enough gist.github.com/cpursley/c8fb8… #Innovation #technews

@nrachabathuni Postgres JSONB was my secret document db many times.

Stop overcomplicating your stack with niche databases before you've hit scale limits. PostgreSQL is still the most robust, feature-rich choice for 95% of production use cases in 2024. Is there a specific edge case forcing you away from Postgres? #buildinpublic

@roysharmin Must remember to try this folder setup. Thanks for sharing.

I use Claude code a lot. My seniors and self experiment taught me to setup and use it: Step 1: The folder Create a folder on the computer: "Claude-Code" Create 3 subfolders: ABOUT ME OUTPUTS TEMPLATES Step 2: The brain file Open Code. Ask it to interview you. 20 questions to help it learn about you. Code compiles everything into: about-me.md Strictly keep it under 2,000 tokens. Step 3: The taste file Create: anti-ai-writing-style.md Ban the words you hate. Mine bans 80+. Without this file, Claude writes like Claude. With it, Claude writes like you. Download the anti-AI file directly: Step 4: The strategy file Create: my-company.md Include: Your targets Platforms What you're saying no to Not your deadlines Keep it under 1,000 tokens. Update it once a quarter. Step 5: Save tokens Don't send follow-ups. Restart your prompts. Message 30 costs 31× more than Message 1. Start fresh every 20 messages. Use Sonnet for quick work. Save Opus for deep work. Tell me your tips.

@singmanohar77 This waiting on the Assistant file is frustrating. Writing it myself would be quicker.

Claude sonnet 4.6 is really bad at times, it stop working, it say I am working but then it does not, it just hangs in there again you ask, and it is same again, it goes on like this for hours... at times it keeps on doing things, without asking against the instruction is given.

@infoflowcloud Found an old Filament v3 app today. One composer update, all good on the RichEditor. Nice!

🚨*CVE* CVE-2026-55409 Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.53, a disabled RichEditor field rendered its raw state wit… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-55409 Fil… infoflow.cloud`

@harnessio @Google @Dropbox @Spotify My weekend project these days - Playwright suites getting faster.

50% of PRs hit a flaky test failure. p95 wait for test results can hit 95 minutes. Teams at @Google, @Dropbox, and @Spotify built entire internal systems just to manage test infrastructure. Writing Playwright tests isn't the problem. Everything after is. 🧵⤵️

@ynetnews Sorting security alert lists is such a grind. Hope this makes the process much quicker.

Cato joins OpenAI Daybreak program to advance AI-powered cyber defense Cato Networks says the partnership will bring OpenAI cyber capabilities into enterprise security workflows, aiming to speed vulnerability disco... ynetnews.com/tech-and-digit…

The Junior Developer Problem Is Becoming a Senior Developer Problem: AI is fundamentally changing how junior developers learn, but it’s also making senior developers a whole lot less valuable if all they’re doing is tak vincentschmalbach.com/the-junior-dev…

Before committing: run three real tasks through the AI assistant on that stack. Count the answered questions on the open web. Thin training data is a concrete delivery risk.

AI tools make this worse. On a stack with thin public data, the coding assistant confidently generates API signatures that fail on deploy. Hours lost correcting code that looked plausible.

Picking a trendy stack to impress other engineers delays shipping for years. That social signal disappears the moment something breaks at midnight and search results come back empty.