I just saw this useful table that Lemon.io put together for their article on how to onboard software engineers. I thought you might like it as well.
Even though a mature engineering culture makes onboarding easier, it doesn’t automate it.
You still have to set up the whole process.
Starting with a question: how do you onboard full-time and contract hires?
saw this survey from storyblok this week 58% of senior devs at medium to large companies are thinking about leaving because of outdated tech stacks. 86% said they feel embarrassed by the technology they work with daily
and like. yeah. i get it
i've been at my current company three years. we're running a rails monolith from 2011 that nobody fully understands anymore. there's a mysql database with tables that have columns named "temp2" and "new_field_backup" that are absolutely load bearing. we have a cron job that runs at 3am that one engineer wrote in 2014 before he left and the comments are just "don't touch this"
the thing that gets me isn't even the technical frustration. it's the cognitive load of knowing that everything you build has to work around this thing. you spend more time thinking about what might break than what you're actually building
and when you try to explain to non-technical stakeholders why something simple takes two weeks because you have to carefully route around seventeen years of accumulated decisions their eyes just glaze over
the embarrassment angle from the survey is real too. it's hard to talk about your work at meetups or even interviews when your honest answer to "what are you working with" makes people wince
curious how many people here are in the same situation and whether anyone has actually successfully convinced leadership to do something about it or if we're all just waiting for a rewrite that never comes
demo it for free and let me know your thoughts - toptiernewswire dot com
Pm here, I know estimates are a fairy tale, but I'm wondering
Should I ask developers to estimate Raw coding time so then I can do simple math like add focus factor + buffers
Or ask them to estimate fully done, after deployment and qa? I'm worried that this question is too loaded and that their accuracy would be more precise if they only estimated raw code.
Hello. Whenever I code, I have like 12 tabs open for color palettes, contrast checking, regex and lots more, and it’s quite difficult to navigate between them all the time. So i am building a tool (name tbc which has all the tools devs need in one website. So far I have got those three (color palterra, contrast checking and regex) and I was wondering if anyone had any suggestions to add to this list. Thanks)
​
The idea started after getting tired of re-implementing the same things every time I integrated third-party APIs:
* auth handling
* OAuth token refresh
* rate limiting
* quotas
* logging
* endpoint wrappers
* response formatting
So I built **Asstgr**: a self-hosted platform where you register external APIs once, define endpoints/params/methods, and then access everything through a unified REST interface.
Architecture is basically:
`Your App -> Asstgr -> Stripe/GitHub/OpenWeather/etc`
Features:
* OAuth2 (`client_credentials`, `authorization_code`, `password`)
* API key auth (`sk-...`)
* per-user quota system
* DRF throttling
* endpoint modeling
* audit logs
* unified `/execute/` endpoint
* response formatting modes
* Django admin support
* PostgreSQL + ASGI stack
One thing I wanted was to make external APIs behave more like internal services instead of every project having bespoke integration code.
Tech stack:
* Django 5
* Django REST Framework
* PostgreSQL
* Daphne / Channels
* SimpleJWT
It’s fully open source (MIT), and I also built a hosted SaaS version with a UI layer on top because the admin-only workflow wasn’t great for daily use.
Open source:
https://github.com/botyut/asstgr
Hosted version:
Would genuinely love feedback from people who’ve built internal API platforms / gateways before — especially around:
* schema design
* quota systems
* OAuth architecture
* execution abstraction
* scaling concerns
Curious if others ended up building similar internal tooling instead of using RapidAPI / Kong / Tyk / etc.
Most websites don’t fail because of design
they fail because users don’t understand what to do
I’m a UI/UX designer and I help fix:
• low conversions
• confusing layouts
• weak messaging
I don’t just “review design”
I show you exactly what’s stopping people from converting and how to fix it
Portfolio:
If your site isn’t bringing results, DM me 👍
I have a big problem with HTML-based login and persistence routines.
1: As far as login security goes, when the end-user is typing in the username and password, I just can't justify letting the user transmit that data "in the clear" over SSL/TLS. I lived through Heartbleed, so yes I do consider SSL/TLS encryption to be entirely "in the clear" even though we haven't heard of anything like Heartbleed for over a decade. I mean I have a hardcore psychological aversion, like a phobia, to transmitting the user-data as entered and without doing some pre-obfuscation like running a SHA-hash over the username and password before even sending it over an encrypted pipe.
2: As far as session security goes, when exchanging cookie data with an endpoint, I have a similar phobia about any use of PHP Sessions or other built-ins. I mean I get absolutely pedantic about it, creating my own class to represent an HTTP-level packet header and then I extend that into a cookie and I ultimately build the HTTP packet from the ground-up. Even though newer versions of PHP have finally introduced support for high-security cookie properties, I still just refuse to use it. Then I database my own user-IPs and user-agents and other data representing the physical characteristics of the session-owner, and I implement my own methods of validating a session.
So absolutely every project I try to start, for myself, ends up being a circular shitshow where I'm constantly tweaking this thing or that thing which never actually gets past the session/login procedures... or even better, gets months past that point before I come up with a tweak and then I basically just trash everything but the session/login and start over from there.
I'm looking for anybody who actually builds websites, not some WordPress Template or some DreamWeaver page, but full-stack ground-up developments which intertwine the CGI with the front-end GUI, who can explain to me why I'm acting like a paranoid retread in such a complete and rational way that I can learn to trust server/browser built-in security along with pipe-cryptography, and just get on with my life.
Alternately, I'd love to hear from anybody who doesn't think I'm being paranoid or retready but who can give me some advice to get my head out of my backside where it comes to worrying that I'm wasting time by feeding my security-centered phobias.
Edited 20h after posting: Just wanted to thank everybody who answered in good faith. Not just good advice for getting my head oriented right, but good advice for alternative/additional security measures. There were even a couple of plain common-sense suggestions that I would never have come up with my own!
What's the single piece of code (good or bad) that's permanently burned into your memory, and what did it teach you?
Hi all. I recently hired a developer to launch and host my website via AWS. After sending the credentials, they also asked for the .env file. I’m being told this usually isn’t normal, but I don’t know if I’m just being paranoid.
Is this normal? Is there a way to share this securely with the developer?
I’m currently in 6th semester CS and mostly work around n8n automations, APIs, AI workflows, integrations, etc. They reached out to me after reviewing my portfolio and I went through intro + technical interview rounds.
The internship is around 2.5 months, 4 hours/day, 5 days/week. Small team (basically founder + manager). They want me to learn enterprise integration tools and work on automation workflows.
The thing confusing me is that it’s unpaid, but at the same time it seems like genuine learning exposure instead of random busy work. They mentioned mentorship and real workflow exposure.
Part of me feels it could accelerate my career early on, especially since I’m trying to grow in AI automation/integrations. Another part of me feels unsure about spending 2.5 months unpaid while already having freelance/project experience.
Would you take this kind of opportunity at this stage or keep focusing on finding paid work instead?
Hi
Our head of technology (not technical at all, sales background) has discovered vibe coding and I'm genuinely worried. He's a good guy with good business ideas and I want to be supportive, but the idea of huge technical debt is stressing me out.
He's spent some time with ChatGPT and Claude Code and now believes that all of our enterprise systems are fair game, there to be replaced by vibe coded projects. I'm not exaggerating.
Surprisingly, after a few hours he's got working prototypes of a couple of apps.
I want to support AI innovation in the business but I thought using it as an adjunct was probably going to be the starting place (not vibe coding replacements for our industry standard production systems.)
As someone that has postgraduate studies in IT, I would have thought what he lacks in technical experience, he would make up for with some careful project management and consider the business risks of such an approach.
Am I just living in 2025? Like I said the proof of concept is impressive, is this actually becoming a viable approach in 2026? I don't see how it could scale or become trustworthy to start building business processes upon.
Interested to get people's thoughts
Thanks
Why do platforms keep matching us with… the same people? 🤔
Developers meet developers.
Doctors meet doctors.
Designers meet designers.
Cool for networking. Terrible for breakthroughs.
Most interesting ideas happen when different worlds collide.
A doctor curious about AI research → meets an ML engineer.
A filmmaker with a story → meets a brand strategist.
A scientist with an invention → meets an entrepreneur who knows distribution.
A coder with product skills → meets someone with industry vision.
That’s why we built NeeVibe.
It’s not “networking.”
It’s cross-domain collision matchmaking.
You set:
• your vibe
• your intention
• what world you want to explore
And the platform connects you with people outside your bubble.
We’re opening early access right now.
Founding users get lifetime priority matching + access to exclusive community events.
Curious:
What’s the most unexpected collaboration you’ve ever had?
Mini Shai-Hulud has yet again reportedly compromised 160+ packages, including parts of the TanStack and Mistral ecosystems. The interesting part is the attack path: instead of simple typosquatting, it abused GitHub Actions cache poisoning and trusted publishing/OIDC workflows, making the malicious packages appear legitimately built and published.
What are you building this week? If you’re in stealth, pitch only your background and story as a founder.
I’m a VC investor from Forum Ventures, a B2B accelerator and preseed fund managed by former founders.
At the early stage, VCs care most about you as a founder rather than the business concept.
Tell me about your background as a founder in a DM! I’ll connect if there’s a fit.
Feel free to also use this thread to get your own project out there.
i realized most beginners never actually try claude code because the setup feels intimidating & being asked to configure billing before even testing it makes a lot of people quit early
as of current testing i haven't encountered payment requirements or mandatory billing
install this. configure that. add extensions. fix PATH issues. install vs code first. restart terminal. retry again.
half the people quit before they even write their first prompt.
so i made a small open-source installer that does the setup automatically.
it installs:
basically the boring setup part nobody wants to spend hours doing.
works on:
the surprising part:
you don't need complicated setup knowledge
you don't need a GPU
the whole point of this project is making the experience beginner-friendly
one command
wait a couple minutes
start building stuff
i haven't encountered mandatory billing setup, payment requirements or hard token limits because it's using minimax M2.5 through opencode
minimax M2.5 is actually pretty decent and surprisingly fast:
https://www.clarifai.com/blog/minimax-m2.5-vs-gpt-5.2-vs-claude-opus-4.6-vs-gemini-3.1-pro
repo: claudefree-installer
i also made a short demo video
feedback genuinely appreciated. especially from beginners trying this for the first time
Disclaimer: I use AI and have no issues with it
Is it just me but why does it feel like out of no where we have so many AI experts? I mean from CEO’s to cooks, they talk like experts on this. It’s weird.
I have been learning to code for about a yearn now (as a challenge to myself), and last week I deployed my first project that I built from scratch (so a little proud moment). It was a lot harder than I had expected and took most of my weekends.
What I found tripped me up was:
What actually helped me:
What helped you when you were first getting into deployment?
Even with gpt-5.5 xhigh I've noticed chatgpt writing code in a manner that's not really easy to comprehend, even for tasks that aren't too complex. I was thinking that maybe it's just because it's not the way I would write it.. but then I remember doing PR reviews for many of my colleagues and most of the time it was more understandable than what the AI assistant generates. Is there anyone else with the same feeling?