There's a lot of fear-mongering about AI coding agents these days. But when you follow the right process, they're perfectly safe. Check out this screenshot of a proposed change that I'm definitely not merging ๐
Wiz is openโsourcing baseline secure rules for popular languages/frameworks:
โข Python: Flask, Django
โข JavaScript: React, Node.js
โข Java: Spring
โข .NET
โ And for all major AI assistants
github.com/wiz-sec-pub...
How to craft effective rules files
1. Make instructions clear, concise, actionable
2. Tailor rules by language or project context
3. Decompose complex guidance into atomic rules
4. Keep files under ~500 lines
Best practices show that including โsecureโ in prompts can reduce vulnerability density by up to ~43%, and prompting AI as a โsecurity-aware developerโ reduces vulnerabilities by ~47โ56%
www.wiz.io/blog/safer-...
Rules files:
Many coding assistants support rules files (e.g. Copilot
copilot-instructions.md, Claudeโs CLAUDE.md, Cursor/Windsurf rules).
These files help shape AI-generated code towards specific standards.
Traditional security tools are still vital!
Static analysis (SAST), software composition analysis (SCA), secret scanners, and secure frameworks remain essential, whether or not AI is used. Integrating these in IDEs plus ongoing PR scans reduces risk
Reports show 25โ70โฏ% of AI generated code contains vulnerabilities.
Examples of this could be hardcoded secrets or missing auth-checks.
Vibe coding is all the rage, but code security often gets completely overlooked.
Check out the Rules for Safer Vibe Coding below...
This is my referral link in case someone wants 500 free credits ๐
Meet Manus โ your AI agent with its own computer. It builds websites, writes reports, and runs research tasks, even while you sleep.
manus.im/invitation/...
Is Manus AI the most polite AI agent??
It's so polite I feel mean asking it to do more!
Our Kids AI Genius waitlist is buzzing!
Despite only sharing it in a few replies and on IndieHackers we've had a constant stream of sign ups.
I was curious about where all this traffic is coming from, so I've got PostHog analytics on the case and we are just waiting for results.
If you want to learn more check out Joe Masilotti's post:
masilotti.com/hotwire-nat...
For solo developers, this stack is a revelation. It has the potential to redefine the landscape for indie creators.
So, what's stopping you from diving in and experiencing this innovation firsthand? Embrace the change; it might just be the game-changer you've been searching for.
Consider this: A single codebase. Three distinct platforms. Immediate deployment.
Has anyone else delved into the Rails + Hotwire combo? Share your experiences below. I'm genuinely eager to know if you're witnessing the same transformative magic.
I've dabbled with every fashionable framework out there. Most only increased complexity without addressing genuine issues.
But this Rails and Hotwire duo? It feels like wielding a secret weapon, a turbocharged boost for productivity and efficiency!
Remember those times when Rails was dismissed as outdated? Well, think again. When paired with Hotwire Native, it transforms into a powerhouse for multi-platform development. Imagine maintaining just one codebase.
The "is Rails dead?" debate has finally met its demise.
In just ONE day, I crafted three appsโweb, iOS, and Androidโusing Rails 8 combined with Hotwire Native. No exaggeration.
What hobby could you use to make your child love learning?
The waitlist for Kids AI Genius is open now...
kidsaigenius.com/
Can't get your kid to do math? Tried Fortnite math with my 8-year-old.
"If you eliminate 4 players in 3 matches, how many kills total?"
He went from hating multiplication to begging for more problems.
"You have 243 ammo and pick up 180 more. How much ammo do you have?"
Do you use the bun package manager and dependabot?
If so, you might want to try the experimental support for bun in dependabot.
Add `enable-beta-ecosystems: true` to your `dependabot.yml` and add the `npm` package ecosystem. You can see an example below.
Let me know if you try this!
So, I prototyped a math quiz app with questions based on his interest in Fortnite. He loved it! โค๏ธ
"If your squad has 8 med kits and uses half of them, how many med kits are left?"
What math topics do your kids struggle with? What topic would light a fire in them? ๐ฅ
I'm building an app to help my son love math. I want to help him practice elementary school mathematics with relatable topics. ๐ข
"You start with 100 shield and lose 25 shield points in a battle. How much shield do you have left?"
My son hated multiplication until I turned it into a Fortnite game. ๐ฎ
"If you eliminate 4 players in each of your 3 matches, how many total eliminations do you have?"
eg:
version: 2
enable-beta-ecosystems: true
updates:
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "daily"
github.com/dependabot/...
Do you use the bun package manager and dependabot?
If so, you might want to try the experimental support for bun in dependabot.
Add `enable-beta-ecosystems: true` to your `dependabot.yml` and add the `npm` package ecosystem. You can see an example below.
Let me know if you try this!
Noah Gibbs (codefolio, YJIT team, Rebuilding Rails author) has passed away.
His big dream in life was to help build the Ruby community up. He wanted to be like the folks who worked to create the railroads during the industrial revolution.
Oh no. This is so sad ๐ข
It looks great. Is nice to see the progress ๐
