rami

defi is fucked lol drift just got drained for $200M+ and here's how: - attacker minted 750M fake tokens - made a raydium pool with $500 liquidity, priced at ~$1/token - compromised admin key listed the fake token on drift - disabled all withdrawal guards in one tx - deposited $785M of fake "collateral" and drained every vault in 31 txs over 12 minutes - nobody noticed for an hour - attacker came back 2hrs later to grab a few more million the multisig was 2/5 with a 0-second timelock. $200M+ protected by two signatures and zero delay. and people wonder why nobody takes this industry seriously

🚨 Let me tell you why this Goldman Sachs headline is the most dangerous one you'll read today.. Companies spent $450 billion on AI last year.. fired tens of thousands of people to "restructure around AI".. replaced entire departments with chatbots.. And Goldman Sachs just said it contributed basically zero to economic growth.. so where did the money go? > It went to Nvidia.. $130 billion in GPU sales.. Jensen is the only man on earth who got rich from AI that hasn't produced anything yet.. > It went to stock buybacks.. companies fired people, cut costs, reported "record profits" and bought back their own shares.. the money went UP not OUT.. Jesus! > It went to a bubble.. the same way crypto money went to Lamborghinis and not infrastructure.. AI money is going to valuations and not productivity.. here's the part that should terrify you.. They already fired the people.. Atlassian 1,600.. Meta 21,000.. Block 40%.. Amazon warehouses.. the jobs are already gone.. But the growth didn't come.. the productivity didn't come.. the revenue didn't come.. they burned the village to build a city that doesn't exist yet.. and Goldman Sachs just looked at the empty lot and said "there's nothing here"

Most vibe coders ship apps with ZERO security. Then they wonder why their app breaks at 10 users. Here's the checklist I run before every launch: → Rate limits → Row Level Security → CAPTCHA on auth + forms → Server-side validation → API keys secured → Env vars set properly → CORS restrictions → Dependency audit Takes 30 minutes. Saves you from disaster.

“Baal” is a Canaanite word that had multiple meanings. It meant lord, master, husband, man of the house, and even Canaanite citizen. It was also a title, including for deities like Baal Hadad, tied to rain, storms, and agriculture. In the Levant, people still call lands that depend solely on rainwater rather than irrigation “أرض بعل” (Land of Baal). In older rural communities, Baal/Baali is still used to mean husband or head of household, and it even appears in religious Arabic as “Husband.” Biblical texts recasted Baal as a demonic entity because reframing indigenous culture as evil made justifying genocide and conquest easier. Our history has been distorted and weaponized for millennia. I’m not saying whatever these people are using these words for isn’t dark or demonic. I’m saying our history was distorted to represent something evil when, in our heritage, it represented and still represents, through linguistic continuity something positive

A few random notes from claude coding quite a bit last few weeks. Coding workflow. Given the latest lift in LLM coding capability, like many others I rapidly went from about 80% manual+autocomplete coding and 20% agents in November to 80% agent coding and 20% edits+touchups in December. i.e. I really am mostly programming in English now, a bit sheepishly telling the LLM what code to write... in words. It hurts the ego a bit but the power to operate over software in large "code actions" is just too net useful, especially once you adapt to it, configure it, learn to use it, and wrap your head around what it can and cannot do. This is easily the biggest change to my basic coding workflow in ~2 decades of programming and it happened over the course of a few weeks. I'd expect something similar to be happening to well into double digit percent of engineers out there, while the awareness of it in the general population feels well into low single digit percent. IDEs/agent swarms/fallability. Both the "no need for IDE anymore" hype and the "agent swarm" hype is imo too much for right now. The models definitely still make mistakes and if you have any code you actually care about I would watch them like a hawk, in a nice large IDE on the side. The mistakes have changed a lot - they are not simple syntax errors anymore, they are subtle conceptual errors that a slightly sloppy, hasty junior dev might do. The most common category is that the models make wrong assumptions on your behalf and just run along with them without checking. They also don't manage their confusion, they don't seek clarifications, they don't surface inconsistencies, they don't present tradeoffs, they don't push back when they should, and they are still a little too sycophantic. Things get better in plan mode, but there is some need for a lightweight inline plan mode. They also really like to overcomplicate code and APIs, they bloat abstractions, they don't clean up dead code after themselves, etc. They will implement an inefficient, bloated, brittle construction over 1000 lines of code and it's up to you to be like "umm couldn't you just do this instead?" and they will be like "of course!" and immediately cut it down to 100 lines. They still sometimes change/remove comments and code they don't like or don't sufficiently understand as side effects, even if it is orthogonal to the task at hand. All of this happens despite a few simple attempts to fix it via instructions in CLAUDE . md. Despite all these issues, it is still a net huge improvement and it's very difficult to imagine going back to manual coding. TLDR everyone has their developing flow, my current is a small few CC sessions on the left in ghostty windows/tabs and an IDE on the right for viewing the code + manual edits. Tenacity. It's so interesting to watch an agent relentlessly work at something. They never get tired, they never get demoralized, they just keep going and trying things where a person would have given up long ago to fight another day. It's a "feel the AGI" moment to watch it struggle with something for a long time just to come out victorious 30 minutes later. You realize that stamina is a core bottleneck to work and that with LLMs in hand it has been dramatically increased. Speedups. It's not clear how to measure the "speedup" of LLM assistance. Certainly I feel net way faster at what I was going to do, but the main effect is that I do a lot more than I was going to do because 1) I can code up all kinds of things that just wouldn't have been worth coding before and 2) I can approach code that I couldn't work on before because of knowledge/skill issue. So certainly it's speedup, but it's possibly a lot more an expansion. Leverage. LLMs are exceptionally good at looping until they meet specific goals and this is where most of the "feel the AGI" magic is to be found. Don't tell it what to do, give it success criteria and watch it go. Get it to write tests first and then pass them. Put it in the loop with a browser MCP. Write the naive algorithm that is very likely correct first, then ask it to optimize it while preserving correctness. Change your approach from imperative to declarative to get the agents looping longer and gain leverage. Fun. I didn't anticipate that with agents programming feels *more* fun because a lot of the fill in the blanks drudgery is removed and what remains is the creative part. I also feel less blocked/stuck (which is not fun) and I experience a lot more courage because there's almost always a way to work hand in hand with it to make some positive progress. I have seen the opposite sentiment from other people too; LLM coding will split up engineers based on those who primarily liked coding and those who primarily liked building. Atrophy. I've already noticed that I am slowly starting to atrophy my ability to write code manually. Generation (writing code) and discrimination (reading code) are different capabilities in the brain. Largely due to all the little mostly syntactic details involved in programming, you can review code just fine even if you struggle to write it. Slopacolypse. I am bracing for 2026 as the year of the slopacolypse across all of github, substack, arxiv, X/instagram, and generally all digital media. We're also going to see a lot more AI hype productivity theater (is that even possible?), on the side of actual, real improvements. Questions. A few of the questions on my mind: - What happens to the "10X engineer" - the ratio of productivity between the mean and the max engineer? It's quite possible that this grows *a lot*. - Armed with LLMs, do generalists increasingly outperform specialists? LLMs are a lot better at fill in the blanks (the micro) than grand strategy (the macro). - What does LLM coding feel like in the future? Is it like playing StarCraft? Playing Factorio? Playing music? - How much of society is bottlenecked by digital knowledge work? TLDR Where does this leave us? LLM agent capabilities (Claude & Codex especially) have crossed some kind of threshold of coherence around December 2025 and caused a phase shift in software engineering and closely related. The intelligence part suddenly feels quite a bit ahead of all the rest of it - integrations (tools, knowledge), the necessity for new organizational workflows, processes, diffusion more generally. 2026 is going to be a high energy year as the industry metabolizes the new capability.

Vibe coding feels great until real users show up. Everything looks fine in development. The UI is clean. Tests pass. You feel confident. Then 10 users sign up and things start breaking. Rate limits fail. Validation misses edge cases. Security gaps appear. APIs behave in ways you never tested. Big teams have senior engineers reviewing code. Most solo builders don’t. If you are building with AI, you should also use AI to review your code. Build fast, but build safe. https://t.co/QnecGO3WzT

I'm Boris and I created Claude Code. Lots of people have asked how I use Claude Code, so I wanted to show off my setup a bit. My setup might be surprisingly vanilla! Claude Code works great out of the box, so I personally don't customize it much. There is no one correct way to use Claude Code: we intentionally build it in a way that you can use it, customize it, and hack it however you like. Each person on the Claude Code team uses it very differently. So, here goes.