Olivia
Online
Siim
@siim
Buiding stuff at @Coinkite | nostr:
Cyberspace
Joined July 2009
820 Following
637 Followers
2.4K Posts
just enabled a minimum age on npm package installs for my machine, should've done this sooner but if you haven't either here's a prompt for your coding agent to configure it for you:
""Find my package manager (bun/pnpm/npm/yarn) and configure a 3-day minimum-release-age / cooldown for installs to blunt supply-chain attacks. Exempt my workspace scopes. Verify the exact config key in current docs before writing."
SECURITY ADVISORY — TanStack npm packages
A supply-chain compromise affecting 42 @tanstack/* packages (84 versions total) was published to npm earlier today at approximately 19:20 and 19:26 UTC. Two malicious versions per package.
Status: ACTIVE — packages are deprecated, npm security engaged, publish path being shut down.
Severity: HIGH — payload exfiltrates AWS, GCP, Kubernetes, and Vault credentials, GitHub tokens, .npmrc contents, and SSH keys.
If you installed any @tanstack/* package between 19:20 and 19:30 UTC today, treat the host as potentially compromised:
• Rotate cloud, GitHub, and SSH credentials immediately
• Audit cloud audit logs for the last several hours
• Pin to a prior known-good version and reinstall from a clean lockfile
Detection — the malicious manifest contains:
"optionalDependencies": {
"@tanstack/setup": "github:tanstack/router#79ac49ee..."
}
Any version with this entry is compromised. The payload is delivered via a git-resolved optionalDependency whose prepare script runs router_init.js (~2.3 MB, smuggled into each tarball at the package root).
Unpublish is blocked by npm policy for most affected packages due to existing third-party dependents. All 84 versions are being deprecated with a SECURITY warning, and npm security has been engaged to pull tarballs at the registry level.
Full technical breakdown, complete package and version list, and rolling status updates:
https://t.co/Zy8qG7PA9f
Credit to the security researcher for responsible disclosure.
This is crazy. The hacker installed a dead-man's switch that will wipe your computer if you revoke the GitHub token they stole from you. Revoking the token is what triggers the wipe.
If the EU built Claude
Who to follow
Max DeMarco 
@itsmaxdemarco
Filmmaker & Co-Founder @21cstudios
Bitcoin Park
@bitcoinpark_
A community supported campus in Nashville, TN & Austin, TX focused on grassroots freedom tech adoption.
Proof of Paint
@proofofpaint
Bitcoiner, Painter |
Sound Art in Sound Money |
Hard money will bring structure back to Art
What I most desire doesn’t exist on the market yet: a coding agent model, but it’s only been trained on code reviews by Eastern Europeans.
>what do you think of the claude codebase?
brother, i'm not even reading my own code anymore. what makes you think i'm going to read someone else's?
The things we used to do before tailwind bro.
@halbkass @ikkaveellaila Tõmbasin ka täna. Pehmelt öeldes sitanikerdis.
"Kasutamiseks lülita välja VPN", ütleb tal mulle, kui olen tavalise Telia 5G küljes. Ja kui ka kasutanuks VPN-i, siis miks see üldse probleem peaks olema?
Pärast seda veel mitu imelikku veateadet, enne kui sisse sain. E-riik 🤔
BREAKING: STRATEGY'S $STRC HAS NOW RAISED ENOUGH TO BUY 3,000 #BITCOIN IN 1 DAY FOR THE FIRST TIME EVER
WATCH IT LIVE:
https://t.co/b5bLIPd7CS 🔥🔥
BREAKING: You can now track Strategy's $STRC #Bitcoin buying directly on our homepage
Watch live: https://t.co/RY38xpkgqt
@nvk @BitcoinConner Buy EURT with USD, wait a month, then sell. There will be gain/loss, however small.
Not sure how it works over there exactly but in my country it’s absolutely retarded. Stablecoin is still a “digital asset” so doesn’t get the same exemptions as normal EUR/USD currency exchange.
In case you missed, this beauty was announced yesterday.
The COLDCARD Mk5 is here. 🔥🔥🔥
Big Screen, Fantastic Keypad, Fast NFC, Backwards Compatible for seamless upgrade.
Quantum Bitcoin Awesomeness
Google has shipped a CLI for Google Workspace (Drive, Gmail, Calendar, Sheets, Docs, …) Huge!
Written in Rust, distributed through npm & https://t.co/egfC60tXum
$ npm i -g @googleworkspace/cli
$ npx skills add github:googleworkspace/cli
2026 is the year of Skills & CLIs
https://t.co/8jd16P5ncR
i gave Claude access to my financial data and asked for suggestions and it told me to leave California 💀
https://t.co/1r1ErE9tXY
@tonista_ Albanese ja Arderni mõttekaaslased hoiaks küll hea meelega igasuguse võimu juurest nii kaugel kui võimalik!
@hd8b9vfpqc Stall speed pigem 200km/h kanti
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers