RT @_opencv_: Oh your founding engineers are MIT dropouts? Cool bro mine are divorced Eastern Europeans with drinking problems, 6 satellite….

RT @ngalongc: Building something useful is very hard, hacking is so much easier.

Blazing-fast image creation – using just your voice. Try Grok Imagine.

This is where GPT-5 was released. Then I tell him. Sam, GPT-5 is 🔥. But you’ve gotta fix security. Models keep dropping the databases and publishing unprotected endpoints. Devs trust the output too much, they need seatbelts. Him: You’re right, Dawid. Are you working on it?

This.

RT @zack_overflow: Why is no one talking about this? . This is why I don't use an AI browser. You can literally get prompt injected and you….

CodeRabbit: from one PR to RCE - and write access across ~1M repos. How did it happen?.This type of integration works by having GitHub grant your app (server) access to certain resources shared by the user. (typical OAuth integration) The user controls which repositories the.

6/ The uncomfortable truth. Don't roll your own auth. Your backend is only as secure as your rules for the S3 bucket. Implement these today.

5/ If you have users, use them. If not, bring some observability. It's nice to see when something breaks, simple error traces + uptime checks are fine. Don't overcomplicate it at the start.

4/ Secure session management. If you are not a bank, 1 to 12-hour sessions are fine. JWT in local storage is fine. If you use cookies instead, do:.- HttpOnly cookies (JavaScript can't steal them). - SameSite strict to prevent CSRF. And remember, don't roll your own auth!.

3/ Validate input on backend, and use a library like "zod" for it. Don't implement your own validation - use known validators for emails. Set min and max values for your numeric values. Validate data against your business rules, not just data types.

2/ It does not matter if you choose default database ports; you could get hacked anyway!. Attackers scan the whole range of ports. Changing the port is not a solution, but keeping the DB in a private network is. Don't call your DB over the internet.

1/ Don't roll your own auth, and you won't have to deal with:.- rate limiting auth endpoints.- managing sensitive flows like password reset.- storing super sensitive data such as passwords.

Security tips from an expert . Most backend devs think HTTPS + JWT = secure. And that's almost true!. Here are 6 tips to secure your apps ⬇️⬇️.

Vibe coders will literally go to jail instead of learning the basics of security.

Full post at

RL for coding tasks is turning LLMs into elite hackers. This is one of the emerging behaviours nobody is talking about

RT @levelsio: It's definitely Poland's century. I hope the center and thus the power of Europe shifts east towards Poland. Because they see….

AI is still worse than Polish devs. not a surprise if u know Polish devs. we are the last bastion, we need to hold on!.

You won’t be able to handle what we release this week 🥹. Literally, it will break your mind what LLMs can do, stay tuned!.

I am on a breakfast with our new devops, and he literally stunned me with his speed. Before we ordered, he started building docker image and deployed it to k8s cluster. He said that I can eat and he will finish the work for me. He did not order anything. His name is Cursor