Youssef BenAli @ysfBenAli - Twitter Profile

Pinned Tweet

almost 5 years ago

Hey Folks, I have been thinking for a long time about developing something that will increase my visibility and online presence. So I decided to create my website where I can showcase my work. Wow🙋! I finally made it, my website is live at: https://t.co/CrwCE4b86B .

1

7

0

ysfBenAli retweeted

Nils 🤠

@neilbgg

8 days ago

Les gars je vais mourir de rire comment on n’a pas vu ça 😭

491

245K

17K

13K

5M

ysfBenAli retweeted

Soulyy_6 @Soulyy_49

9 days ago

📌

0

379

35

66

5K

ysfBenAli retweeted

vinoypastis

@vinoypastillas

about 1 month ago

**La anestesia se inventa en el 1846** Los doctores en 1845:

397

55K

8K

5K

3M

Who to follow

Farah 🔻

@ahmadiF__

Embracing the challenges with a heart full of passion and a curious mind! 💪

Nasser

@NBvBJS

Full stack Javascript developer

wassim nassour

@WassimNassour

React ⚛️ | Node.js 📦 | Golang 🐿 , Teakwando player

ysfBenAli retweeted

Tibo

@thsottiaux

about 1 month ago

Some of you noticed limits drained faster in Codex, we root caused it to an optimization that we rolled back that had an impact on cache hit rates when compacting across long running sessions. We fixed this and have now reset usage limits for all accounts. Enjoy the weekend.

940

10K

481

610

1M

ysfBenAli retweeted

TANSTACK

@tan_stack

about 2 months ago

SECURITY ADVISORY — TanStack npm packages A supply-chain compromise affecting 42 @tanstack/* packages (84 versions total) was published to npm earlier today at approximately 19:20 and 19:26 UTC. Two malicious versions per package. Status: ACTIVE — packages are deprecated, npm security engaged, publish path being shut down. Severity: HIGH — payload exfiltrates AWS, GCP, Kubernetes, and Vault credentials, GitHub tokens, .npmrc contents, and SSH keys. If you installed any @tanstack/* package between 19:20 and 19:30 UTC today, treat the host as potentially compromised: • Rotate cloud, GitHub, and SSH credentials immediately • Audit cloud audit logs for the last several hours • Pin to a prior known-good version and reinstall from a clean lockfile Detection — the malicious manifest contains: "optionalDependencies": { "@tanstack/setup": "github:tanstack/router#79ac49ee..." } Any version with this entry is compromised. The payload is delivered via a git-resolved optionalDependency whose prepare script runs router_init.js (~2.3 MB, smuggled into each tarball at the package root). Unpublish is blocked by npm policy for most affected packages due to existing third-party dependents. All 84 versions are being deprecated with a SECURITY warning, and npm security has been engaged to pull tarballs at the registry level. Full technical breakdown, complete package and version list, and rolling status updates: https://t.co/Zy8qG7PA9f Credit to the security researcher for responsible disclosure.

138

4K

977

2K

4M

ysfBenAli retweeted

Cormac

@cormachayden_

about 2 months ago

software engineers before vs after agents

467

20K

1K

5M

ysfBenAli retweeted

Abderrahim @soub4i

about 2 months ago

Ever struggle to share a private GitHub repo with a someone without adding them as a collaborator? I built gh-relay to solve this! Share a temporary, read-only browser view of your code via a simple CLI. Check out https://t.co/F8fGWAGAHU

soub4i's tweet photo. Ever struggle to share a private GitHub repo with a someone without adding them as a collaborator?

I built gh-relay to solve this! Share a temporary, read-only browser view of your code via a simple CLI.

Check out https://t.co/F8fGWAGAHU https://t.co/QweOMn7rcO

5

67

15

4K

ysfBenAli retweeted

NZ ☄️

@CodeByNZ

about 2 months ago

Apple accidentally left Claude.md files in today's Apple Support app update (v5.13)

268

17K

600

4K

2M

ysfBenAli retweeted

Tawanda Nyahuye👨‍💻 @towernter

about 2 months ago

Developers: We have the MVP ready The MVP:

121

5K

220

599

621K

ysfBenAli retweeted

Abhijit

@abhijitwt

3 months ago

Anthropic CEO, wasn't lying when he said “I have engineers within anthropic who don’t write any code, they just let Claude write the code and they edit it and look it over” he gave us live examples and respect for the transparency 🫡

137

5K

346

829

644K

ysfBenAli retweeted

Andrej Karpathy

@karpathy

3 months ago

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

1K

28K

5K

14K

67M

ysfBenAli retweeted

Polymarket

@Polymarket

3 months ago

JUST IN: Meta announces they'll be shutting down the Metaverse, after pouring $80,000,000,000.00 into the project.

3K

37K

4K

5K

34M

ysfBenAli retweeted

Mary Ha ☁️

@maryha_here

4 months ago

@claudeai Claude writes code Claude reviews code Claude finds bugs written by Claude Claude suggests a fix to Claude

7

527

45

37

31K

ysfBenAli retweeted

ℏεsam

@Hesamation

5 months ago

- you wake up - it was all a dream - openai never released chatgpt - vibe coding isn’t invented at all - you just have a $100K coding job - no need to scroll twitter 5hrs/day - life is calm

234

16K

523

1K

696K

ysfBenAli retweeted

Claude

@claudeai

5 months ago

448

36K

2K

4K

6M

ysfBenAli retweeted

Remarks

@remarks

5 months ago

JUST IN: 🇺🇸 Head of US cyber defense agency CISA Madhu Gottumukkala uploaded sensitive documents into public ChatGPT, prompting a DHS investigation.

remarks's tweet photo. JUST IN: 🇺🇸 Head of US cyber defense agency CISA Madhu Gottumukkala uploaded sensitive documents into public ChatGPT, prompting a DHS investigation. https://t.co/EHh7J94BRb

2K

56K

4K

7K

13M

ysfBenAli retweeted

Guillermo Rauch

@rauchg

5 months ago

We're encapsulating all our knowledge of @reactjs & @nextjs frontend optimization into a set of reusable skills for agents. This is a 10+ years of experience from the likes of @shuding, distilled for the benefit of every Ralph