@davidmytton.social.bsky.social
Security as code at http://arcjet.com. Writing the http://console.dev devtools newsletter.
Moving to NYC! πΊπΈ Packing the essentials
05.08.2025 15:25 β π 1 π 0 π¬ 0 π 0
Today's the day!
We're releasing a new major feature of @tanstack.com Form for all adapters that allows you to change the validation mode based on submission.
(For React nerds that's how RHF works OOTB)
No breaking changes, trivial to implement; try it out!
tanstack.com/form/latest/...
Wow - CNNβs front page is the investigation βInside North Koreaβs effort to infiltrate US companies.β
4 months ago covered this same threat in @pragmaticengineer.com with exactly this AI filter.
If youβre hiring full remote as a tech company, you NEED to expect NK to try and infiltrate
π₯ The MacOS Stickies app is so underrated.
- Little floating windows to take notes throughout the day
- Can pin/float on top of whatever you're doing
- Can color-coat to organize thoughts
...Probably hasn't been changed since the 90s, but you can't knock stable software
Reviewed github.com/9001/copyparty for the @console.dev newsletter this week. Makes anything a file server with resumable downloads/uploads + web UI.
Also a great example of a super comprehensive README!
Great writeup: buttondown.com/whatever_jam...
02.08.2025 12:53 β π 0 π 0 π¬ 0 π 0
So many JS runtimes. Node.js. Edge runtime. Bun. Deno. workerd. At least one of these has already been deprecated, which is an issue if you've built your entire app around its APIs!
02.08.2025 12:53 β π 0 π 0 π¬ 1 π 0
TypeScript 5.9 is now available! π£
This release brings:
β
An updated tsc --init
β
Type-checking for the new 'import defer'
β
Actual summaries in more DOM APIs
β
Expandable quick info hovers (β¨previewβ¨)
and more! Read up more on our blog:
devblogs.microsoft.com/typescript/a...
The S in MCP stands for security
02.08.2025 05:29 β π 517 π 93 π¬ 18 π 6
A prize to anyone who can name all my laptop stickers π
www.youtube.com/watch?v=Cuem...
Useful security assumptions for 2025:
- All your personal data has already been "lost"
- A random dependency has been compromised with a malware post-install script
- Your washing machine has a zero day and is now part of a botnet
That you need to use react-hook-form to do anything more than the most basic form...
The next Next.js <Form> component is a good first step, but it only supports POST requests right now
yorickpeterse.com/articles/thr...
With Tom Lehrer's passing, I suppose this is a moment to share the story of the prank he played on the National Security Agency, and how it went undiscovered for nearly 60 years.
27.07.2025 21:01 β π 8544 π 3604 π¬ 143 π 714One of the best examples of LLM developer tooling I've heard is from a team that supports software from the 80s-90s. Their only source of documentation is *video interviews* with retired employees. So they feed them into transcription software and get summarized searchable notes out the other end.
03.06.2025 23:20 β π 51 π 7 π¬ 1 π 1Join us at another episode of Tech on the Rocks, this time with @davidmytton.social of Arcjet. We talk about security as code, security in a world of AI and dev tooling.
Check the episode here: https://buff.ly/4ggWGeO
A friend got her (Android) phone stolen and the thieves were able to quickly pivot into her Google account and then bank.
Iβve been wondering how they did that and my best guess is SMS password resets (aka SMS 1FA).
So yeah, SIM PINs (or eSIMs) might help. Also no text body on lock screens.
'AI Engineer' means you build things that contain AI - LLM chains, agents, multi-modal stuff.
So, what is its opposite? What do we call a 'normal' software engineer?
Creating an email parser requires combining local part parsing with domain parsing to ensure we validate the syntax against the RFCs...but of course just following the RFC doesn't quite work in the real world!
15.11.2024 10:56 β π 0 π 1 π¬ 1 π 0π
14.11.2024 19:56 β π 2 π 0 π¬ 0 π 0Isn't that's something AI should be able to help with? π€
14.11.2024 19:52 β π 0 π 0 π¬ 0 π 0How can we improve the DX?
- Meet developers in their workflow - the code editor e.g. Trunk & Semgrep.
- Idiomatic toolkits that feel natural where developers work - in code e.g. Clerk & WorkOS.
- Interact with developers where they're comfortable - the CLI e.g. Trufflehog and Socket.
2) The product team forwards a customer security questionnaire or has a compliance certification requirement.
Developers are forced into a rapid sprint to rebuild, reimplement or refactor as quickly as possible to close a deal.
1) The security team finds a problem. Developers are forced into painful refactoring or installing bad security software.
Things break, usually in production because you can't test locally.
Developer <-> security interaction today is pretty negative. After coding, testing, deploying...they get hit from 2 angles:
14.11.2024 19:51 β π 1 π 0 π¬ 1 π 0
iCloud Mail web UI
Love the minimalism of iCloud Mail on the web especially now it has primary inbox, and dark mode that works properly. Gmail's "dark" theme really is terrible - the web UI is such a mess.
12.11.2024 09:59 β π 0 π 0 π¬ 0 π 0
The ultimate Next.js SaaS template: next-forge.com
ORM, auth, billing, analytics, website, blog, cron jobs, dark mode, email, testing.
Built with @nextjs.org @vercel.com @prisma.io and a great set of amazing tools
Go is the best
08.11.2024 15:17 β π 2 π 0 π¬ 0 π 0
Building arcjet.com to help full stack developers integrate security features as code with native support for modern platforms & frameworks.
Using Rust, Wasm, Go, gRPC, Next.js, Astro
π«
02.11.2024 00:33 β π 1 π 0 π¬ 0 π 0Yeah I've seen it being dropped into quite a few new projects recently. And it's not just 1 tool, there's an ecosystem of other useful tools that all work nicely together
02.11.2024 00:26 β π 2 π 0 π¬ 0 π 0
