overgeared

Has X always been like this, or did I just never notice? I've used Twitter for years - purely to lurk and keep up with what's happening. Then I made a fresh account for my project and only now saw what the platform has actually become.

Then come the "I'm a hacker, I'll teach you the secrets of engagement" types. The real secret is that you pay them, and a pile of bots starts following you. Is X ever going to take action against this?

The WAF and the application see the same HTTP request differently. The attacker only needs to live in the seam. https://t.co/dpBCCWWwha

If you want the full thesis behind Arcis - what it is, what it does NOT do, and the inside-the-app argument, the launch post is the cleanest place to start. 5-minute read. https://t.co/5WUeQ0Gebm

Arcis conformance status: 154/154 tests pass across Node + Python + Go Same input → same verdict in all three SDKs Drift = failed CI = no release Cross-SDK parity is the only metric that matters once a tool ships in multiple languages.

2026 reality: every app is now three apps. A request app. A model app. A tool app. The WAF protects the request app. Nothing protects the other two. That's the gap Arcis is in.

Hello world. Open-sourced Arcis. Security middleware that runs inside your web app instead of in front of it. For developers tired of WAFs that block `' OR 1=1` and miss everything else. Node, Python, Go. https://t.co/erAA6C1hbU

I love the vision behind it and also the user interface...