Joined May 2018
- Tweets 11,436
- Following 1,444
- Followers 759
- Likes 16,482
487 Photos and videos
Jun 9
Here is your monthly reminder that you dont have unlimited tokens
Jun 7
Here’s your monthly reminder that you shouldn’t be prompting coding agents anymore.
You should be designing loops that prompt your agents.
1
43
Jun 9
if coding is solved why the hell we have to debug 🥲
Jun 9
Coding is just one part of engineering. There’s also debugging, operating services, scaling up infrastructure, deciding what to optimize, setting up hardware and capacity, talking to users, product planning, etc. Coding is the easy part, everything else is not yet solved (but is also becoming increasingly automated).
95
May 29
is this a ghostty issue or claude code issue? when i resize the ghostty window text disappears from cc
this never happened :|
1
2
175
Kasun Vithanage retweeted
May 21
Always loved lean frameworks for quick work and as such I'm really happy to share that me and @nelsonmestevao built a "Sinatra" for @elixirlang based on Plug and Bandit 🧵(1/7)
francis.build/
5
23
96
6,757
May 17
A genuine question
Can’t Microsoft rewrite Typescript in Rust with one sprint? they said Rust was hard because of borrow checker
but due to recent events wouldn’t it be possible in one sprint and call it a day?
1
2
108
May 14
Laravel got pipe operator before TS
May 14
🚀 We just released spatie/piper, a pipe operator-first utility library for #PHP.
It ports many of Laravel's array helpers as standalone functions, designed to flow through the new |> operator in PHP 8.5.
ALT Code snippet demonstrating PHP array functions using Spatie Piper library's filter and map for filtering posts based on views.
2
85
May 14
So bun became the first official slop?
1
86
Kasun Vithanage retweeted
May 13
In 2022, my YouTube channel was growing and I had about 100k subscribers.
I had tons of people reaching out wanting me to mentor them... so I started a Mentorship side business!
It was fairly simple. I took on 5 people at a time and mentored them 1-2 times per month and charged 75$ per month. It was really successful and lots of people got jobs within the first 3 months I worked with them.
I felt like it was well worth the money so I finally started advertising it and my backlog started growing. First to 50 people, then 100, 250, 500, and eventually over 1000 people.
I felt terrible that I knew I would never get to 99% of those people because there were just too many people.
This was the main thing that drove me to create AnalystBuilder.com!
What I wanted to do was create a platform where all 1000 of those people could go and be mentored by me - and make it cheaper. So I did just that, I got a team together and started building it out.
To many, it may look like just another course platform (and I get that), but if you take the courses, I go a lot deeper than just how to use the tools. I try to go in-depth to talk about how to actually implement the tools, my thought processes on when to use one tool vs another, and tips and tricks I've never seen other courses talk about.
We are almost 3 years into Analyst Builder and we've had over 150k people use the platform!
Analyst Builder is an amazing platform to learn, not just as a beginner, but also if you're already a data professional looking to level up your career and get more in-depth guidance from me.
I didn't set out to build Analyst Builder in the beginning, it just became a necessity over time. Thank you to everyone who has used/is using the platform and I hope you try it out if you haven't!
1
7
52
3,004
Kasun Vithanage retweeted
May 12
Microsoft is investigating mistralai PyPI package v2.4.6 compromise. Attackers injected code in mistralai/client/__init__.py that executes on import, downloads hxxps://83[.]142[.]209[.]194/transformers.pyz to /tmp/transformers.pyz, and launches a second-stage payload on Linux. The file name transformers.pyz appears deliberately chosen to mimic the widely used Hugging Face Transformers library and blend into ML/dev environments.
The main payload is a credential stealer, but it also includes country-aware logic; it avoids Russian-language environments and contains a geo fenced destructive branch that has 1-in-6 chance of executing rm -rf / when the system appears to be in Israel or Iran.
To mitigate this threat: isolate affected Linux hosts, block 83[.]142[.]209[.]194, hunt for /tmp/transformers.pyz, pgmonitor[.]py, and pgsql-monitor.service, and rotate exposed credentials.
ALT Screenshot of mistralai PyPI package v2.4.6 compromise
32
835
8,537
413,159
May 12
Im tired of this :/
May 11
SECURITY ADVISORY — TanStack npm packages
A supply-chain compromise affecting 42 @tanstack/* packages (84 versions total) was published to npm earlier today at approximately 19:20 and 19:26 UTC. Two malicious versions per package.
Status: ACTIVE — packages are deprecated, npm security engaged, publish path being shut down.
Severity: HIGH — payload exfiltrates AWS, GCP, Kubernetes, and Vault credentials, GitHub tokens, .npmrc contents, and SSH keys.
If you installed any @tanstack/* package between 19:20 and 19:30 UTC today, treat the host as potentially compromised:
• Rotate cloud, GitHub, and SSH credentials immediately
• Audit cloud audit logs for the last several hours
• Pin to a prior known-good version and reinstall from a clean lockfile
Detection — the malicious manifest contains:
"optionalDependencies": {
"@tanstack/setup": "github:tanstack/router#79ac49ee..."
}
Any version with this entry is compromised. The payload is delivered via a git-resolved optionalDependency whose prepare script runs router_init.js (~2.3 MB, smuggled into each tarball at the package root).
Unpublish is blocked by npm policy for most affected packages due to existing third-party dependents. All 84 versions are being deprecated with a SECURITY warning, and npm security has been engaged to pull tarballs at the registry level.
Full technical breakdown, complete package and version list, and rolling status updates:
github.com/TanStack/router/i…
Credit to the security researcher for responsible disclosure.
1
162
May 11
I hate when LLMs recommend Elixir because of "BEAM Concurrency" and "GenServers"
you wont even touch them, not at least directly for most programs
it has a place, but dont shove that into every damn response
3
8
308
May 10
Next we will land on LaTex
HTML is the new markdown.
I've stopped writing markdown files for almost everything and switched to using Claude Code to generate HTML for me. This is why.
1
92
May 6
its funny how fast Typescript influencers went to be permanent AI influencers
2
3
106
Kasun Vithanage retweeted
May 5
Sharing some of the reasons I switched to Mac after 10 years of using PC.
I'll make some videos upcoming comparing Microsoft OS and Mac OS.
youtube.com/watch?v=o2ehgG2V…
1
1
18
2,702