Owen Simmons

Owen Simmons

Startup Scout

About

Always exploring new products, emerging trends, and innovative startups that challenge the status quo. I enjoy learning from founders, understanding different approaches to product building, and discovering solutions that create real impact. Passionate about supporting entrepreneurs, sharing insights, and staying connected to the ever-evolving world of technology and innovation.

Badges

Tastemaker
Tastemaker
Gone streaking
Gone streaking
Gone streaking 5
Gone streaking 5

Forums

Which email flow do you know you should be sending, and aren't?

Genuine question. I keep meeting operators with a warm list, a good offer, and no abandoned-cart flow. Or a welcome series that's one email long and just stops.

If that's you which one is it, and what's actually stopping you? The time, the build, or not knowing what email 3 is supposed to say?

Asking because I've been building for exactly this.

Otap/ota

4d ago

Where does your repo drift most: local, CI, containers, or remote?

If you've been following along and would like to support us we would appreciate a star of GitHub: https://github.com/ota-run/ota

A repo can look fine until it is run in a different environment. Native setup, Docker, CI, and remote execution often carry different assumptions, and most teams only discover the mismatch when something breaks.

Ota makes those execution paths explicit so a repo can declare how it should be prepared, verified, and run in each environment.

Where does drift cost your team the most today: local setup, CI, containers, or remote environments?

AI agents hallucinate package names — and attackers are registering them. What's your defense?

Something I keep thinking about while building LineageLens Trellis: LLMs hallucinate package names *consistently*. The same fake names recur across models and prompts. Attackers have started harvesting those names and registering them on npm/PyPI with malicious install hooks so when the next agent hallucinates `fastapi-utils-extra`, the install *succeeds*.
The part that unsettles me is that it beats code review completely. The import looks normal, the lockfile resolves, nothing in the diff is wrong. The malicious code isn't in the diff it's on the registry, behind a name a model invented.
We ended up treating dependency introduction as a separate trust event from code edits: registry checks (package age, release count) plus an offline edit-distance pass for typosquats like reqeusts`, tied back to *which agent session* introduced the name.
But I'm genuinely curious what other makers do here. If you're using Copilot/Cursor/Claude Code daily does anything stand between the agent and `npm install` in your setup? Or is the agent fully trusted the moment it suggests a dependency?

Follow our substack:https://lineagelens.substack.com...
Github Repo:https://github.com/karnati-prave...

View more