**The Authorization Circus: Where Security Was the Main Clown **
Free Link đ
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-authorization-circus-where-security-was-the-main-clown-f4b84ca9356f?source=rssâ-7b ⊠â Read more
Bombshell Report Exposes How Meta Relied On Scam Ad Profits To Fund AI
âInternal documents have revealed that Meta has projected it earns billions from ignoring scam ads that its platforms then targeted to users most likely to click on them,â writes Ars Technica, citing a lengthy report from Reuters.
Reuters reports that Meta âfor at least three years failed to identify and stop an avalanche of ads that ⊠â Read more
âStratosphericâ AI Spending By Four Wealthy Companies Reaches $360B Just For Data Centers
âMaybe youâve heard that artificial intelligence is a bubble poised to burst,â writes a Washington Post technology columnist. âMaybe you have heard that it isnât. (No one really knows either way, but that wonât stop the bros from jabbering about it constantly.)â
âBut I can confidently tell you that the m ⊠â Read more
↳
In-reply-to
»
Just a small update, on my birthday (on the 5th), I accidentally deleted the main page, of my website, so I'm using that as an opportunity, to try something new, at https://thecanine.smol.pub or gemini://thecanine.smol.pub - depending on your preferred protocol.
†Read More
Double congrats, @thecanine@twtxt.net! \o/
Iâm not a fan of the gemtext limits. This being only a single page (which probably doesnât get updated a whole lot), the efforts of having two dedicates files are not all that big, or so Iâd at least naively imagine.
I always recommend checking the W3C validator results, even though Iâm very guilty of not doing that myself. It just doesnât occur to me in the heat of the moment. I reckon if I were writing HTML on a more regular basis, I would pick up on making that a real habit. Anyway, your HTML being generated, you probably canât address the findings, though. So, might not be even worth the time heading over to the validator.
From a privacy point of view, personally, I would definitely host the CSS myself. Other than that, nice link collection. :-)
âVibe Codingâ Named Word of the Year By Collins Dictionary
Collins Dictionary has named âvibe codingâ its 2025 word of the year â a term coined by Andrej Karpathy for when a user makes an app or website by describing it to AI rather than writing programming code manually. The term, which is confusingly made up of two words, was âone of 10 words on a shortlist to reflect the mood, language and preoccupations of 2025,â repo ⊠â Read more
âNintendo Has Too Many Appsâ
The Vergeâs Ash Parrish writes: Nintendo has released a new store app on Android and iOS giving users the ability to purchase hardware, accessories, and games for the Switch and Switch 2. When I open my phone and scroll down to the Nâs, I get a neat, full row dedicated entirely to Nintendo. Thatâs four apps: the Switch app, the music app, the Nintendo Today news app, and now the store. (The tally increases to five if ⊠â Read more
↳
In-reply-to
»
@bender Thanks for this illustration, it completely âmisunderstoodâ everything I wrote and confidently spat out garbage. đ
†Read More
@prologic@twtxt.net Letâs go through it one by one. Hereâs a wall of text that took me over 1.5 hours to write.
The criticism of AI as untrustworthy is a problem of misapplication, not capability.This section says AI should not be treated as an authority. This is actually just what I said, except the AI phrased/framed it like it was a counter-argument.
The AI also said that users must develop âAI literacyâ, again phrasing/framing it like a counter-argument. Well, that is also just what I said. I said you should treat AI output like a random blog and you should verify the sources, yadda yadda. That is âAI literacyâ, isnât it?
My text went one step further, though: I said that when you take this requirement of âAI literacyâ into account, you basically end up with a fancy search engine, with extra overhead that costs time. The AI missed/ignored this in its reply.
Okay, so, the AI also said that you should use AI tools just for drafting and brainstorming. Granted, a very rough draft of something will probably be doable. But then you have to diligently verify every little detail of this draft â okay, fine, a draft is a draft, itâs fine if it contains errors. The thing is, though, that you really must do this verification. And I claim that many people will not do it, because AI outputs look sooooo convincing, they donât feel like a draft that needs editing.
Can you, as an expert, still use an AI draft as a basis/foundation? Yeah, probably. But hereâs the kicker: You did not create that draft. You were not involved in the âthought processâ behind it. When you, a human being, make a draft, you often think something like: âOkay, I want to draw a picture of a landscape and thereâs going to be a little house, but for now, Iâll just put in a rough sketch of the house and add the details later.â You are aware of what you left out. When the AI did the draft, you are not aware of whatâs missing â even more so when every AI output already looks like a final product. For me, personally, this makes it much harder and slower to verify such a draft, and I mentioned this in my text.
Skill Erosion vs. Skill EvolutionYou, @prologic@twtxt.net, also mentioned this in your car tyre example.
In my text, I gave two analogies: The gym analogy and the Google Translate analogy. Your car tyre example falls in the same category, but Geminiâs calculator example is different (and, again, gaslight-y, see below).
What I meant in my text: A person wants to be a programmer. To me, a programmer is a person who writes code, understands code, maintains code, writes documentation, and so on. In your example, a person who changes a car tyre would be a mechanic. Now, if you use AI to write the code and documentation for you, are you still a programmer? If you have no understanding of said code, are you a programmer? A person who does not know how to change a car tyre, is that still a mechanic?
No, youâre something else. You should not be hired as a programmer or a mechanic.
Yes, that is âskill evolutionâ â which is pretty much my point! But the AI framed it like a counter-argument. It didnât understand my text.
(But what if thatâs our future? What if all programming will look like that in some years? I claim: Itâs not possible. If you donât know how to program, then you donât know how to read/understand code written by an AI. You are something else, but youâre not a programmer. It might be valid to be something else â but that wasnât my point, my point was that youâre not a bloody programmer.)
Geminiâs calculator example is garbage, I think. Crunching numbers and doing mathematics (i.e., âcomplex problem-solvingâ) are two different things. Just because you now have a calculator, doesnât mean itâll free you up to do mathematical proofs or whatever.
What would have worked is this: Letâs say youâre an accountant and you sum up spendings. Without a calculator, this takes a lot of time and is error prone. But when you have one, you can work faster. But once again, thereâs a little gaslight-y detail: A calculator is correct. Yes, it could have âbugsâ (hello Intel FDIV), but its design actually properly calculates numbers. AI, on the other hand, does not understand a thing (our current AI, that is), itâs just a statistical model. So, this modified example (âaccountant with a calculatorâ) would actually have to be phrased like this: Suppose thereâs an accountant and you give her a magic box that spits out the correct result in, what, I donât know, 70-90% of the time. The accountant couldnât rely on this box now, could she? Sheâd either have to double-check everything or accept possibly wrong results. And that is how I feel like when I work with AI tools.
Gemini has no idea that its calculator example doesnât make sense. It just spits out some generic âargumentâ that it picked up on some website.
3. The Technical and Legal Perspective (Scraping and Copyright)The AI makes two points here. The first one, I might actually agree with (âbad bot behavior is not the fault of AI itselfâ).
The second point is, once again, gaslighting, because it is phrased/framed like a counter-argument. It implies that I said something which I didnât. Like the AI, I said that you would have to adjust the copyright law! At the same time, the AI answer didnât even question whether itâs okay to break the current law or not. It just said âlol yeah, change the lawsâ. (I wonder in what way the laws would have to be changed in the AIâs âopinionâ, because some of these changes could kill some business opportunities â or the laws would have to have special AI clauses that only benefit the AI techbros. But I digress, that wasnât part of Geminiâs answer.)
tl;drExcept for one point, I donât accept any of Geminiâs âcriticismâ. It didnât pick up on lots of details, ignored arguments, and I can just instinctively tell that this thing does not understand anything it wrote (which is correct, itâs just a statistical model).
And it framed everything like a counter-argument, while actually repeating what I said. Thatâs gaslighting: When Alice says âthe sky is blueâ and Bob replies with âwhy do you say the sky is purple?!â
But it sure looks convincing, doesnât it?
Never againThis took so much of my time. I wonât do this again. đ
Mark Zuckerberg Opened an Illegal School At His Palo Alto Compound. His Neighbor Revolted
Mark Zuckerberg opened an unlicensed school named after the familyâs pet chicken â and it was the final straw for his neighbors, writes Slashdot reader joshuark, citing a report from Wired. The magazine obtained 1,665 pages of documents about the neighborhood dispute â âincluding 311 records, leg ⊠â Read more
Magika 1.0 Goes Stable As Google Rebuilds Its File Detection Tool In Rust
BrianFagioli writes: Google has released Magika 1.0, a stable version of its AI-based file type detection tool, and rebuilt the entire engine in Rust for speed and memory safety. The system now recognizes more than 200 file types, up from about 100, and is better at distinguishing look-alike formats such as JSON vs JSONL, TS ⊠â Read more
↳
In-reply-to
»
For the innocent bystanders (because I know that I wonât change @benderâs opinion):
†Read More
@movq@www.uninformativ.de Gemini liked your opinion very much. Here is how it countered:
1. The User Perspective (Untrustworthiness)The criticism of AI as untrustworthy is a problem of misapplication, not capability.
- AI as a Force Multiplier: AI should be treated as a high-speed drafting and brainstorming tool, not an authority. For experts, it offers an immense speed gain, shifting the work from slow manual creation to fast critical editing and verification.
- The Rise of AI Literacy: Users must develop a new skillâAI literacyâto critically evaluate and verify AIâs probabilistic output. This skill, along with improving citation features in AI tools, mitigates the âgaslightingâ effect.
The fear of skill loss is based on a misunderstanding of how technology changes the nature of work; itâs skill evolution, not erosion.
- Shifting Focus to High-Level Skills: Just as the calculator shifted focus from manual math to complex problem-solving, AI shifts the focus from writing boilerplate code to architectural design and prompt engineering. It handles repetitive tasks, freeing humans for creative and complex challenges.
- Accessibility and Empowerment: AI serves as a powerful democratizing tool, offering personalized tutoring and automation to people who lack deep expertise. While dependency is a risk, this accessibility empowers a wider segment of the population previously limited by skill barriers.
The legal and technical flaws are issues of governance and ethical practice, not reasons to reject the core technology.
- Need for Better Bot Governance: Destructive scraping is a failure of ethical web behavior and can be solved with better bot identification, rate limits, and protocols (like enhanced
robots.txt). The solution is to demand digital citizenship from AI companies, not to stop AI development.
oss-security - runc container breakouts via procfs writes: CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881
Comments â Read more
GitHub Copilot tutorial: How to build, test, review, and ship code faster (with real prompts)
How GitHub Copilot works todayâincluding mission controlâand how to get the most out of it. Hereâs what you need to know.
The post [GitHub Copilot tutorial: How to build, test, review, and ship code faster (with real prompts)](https://github.blog/ai-and-ml/github-copilot/a-developers-guide-to-writing-debugging-reviewing-and-shipping-co ⊠â Read more
The XMPP Standards Foundation: XMPP Summit 28
The XMPP Standards Foundation (XSF) is exited to announce the 28th XMPP Summit taking place in Brussels, Belgium next year - just before FOSDEM 2026.
The XSF invites everyone interested in development of the XMPP protocol to attend, and discuss all things XMPP - both in person and remotely!
The XMPP Summit is a two-day event for the people who write and implement XMPP extensions (XEPs).
The event is no ⊠â Read more
**How I Used Sequential IDs to Download an Entire Companyâs User Database (And The Joker Helped) **
Hey there!đ
[Continue reading on InfoSec Write-ups »](https://infosec ⊠â Read more
**The Great Tenant Mix-Up: How I Accidentally Became Every Companyâs Employee **
Free Link đ
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-great-tenant-mix-up-how-i-accidentally ⊠â Read more
Show HN: Why write code if the LLM can just do the thing? (web app experiment)
Comments â Read more
↳
In-reply-to
»
Javaâs Swing is allegedly in âmaintenance modeâ, so I doubt itâs a good idea to use it for new programs. For example, I very much doubt that it will ever support Wayland.
†Read More
@movq@www.uninformativ.de That and no sane person writes Javaâą anymore right? đ€Ł
Everyone Wants to HackâââNo One Wants to Think
Everyone chases exploits. Few chase understanding.
#4 RFI: From an External URL Into your Application
Understanding RFI isnât just about finding a bug; itâs about recognizing a critical design flaw that, if exploited, hands an attacker theâŠ
[Continue reading on InfoSec Write-ups »](https://infosecwrit ⊠â Read more
**How I Made ChatGPT My Personal Hacking Assistant (And Broke Their âAI-Poweredâ Security) **
Free Link đ
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-m ⊠â Read more
**How I Hacked JWT Tokens and Became Everyone on the Internet (Temporarily) **
Hey there!đ
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-hacked-jwt-tokens-and-became-everyone-on-t ⊠â Read more
Exposed API Keys and Secrets with AI
Quick Disclosure of API Key and Secret to guess parameter value
$1000 Bounty: GitLab Security Flaw Exposed
How a $1000 Bounty Hunt Revealed a GraphQL Type Check Nightmare Allowing Maintainers to Nuke Repositories
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/1000-bounty-gitlab-security-flaw-exposed-dd30978 ⊠â Read more
**How I Became the Unofficial Company Archivist (And Saw Things I Canât Unsee) **
Free Linkđ
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-became-the-unofficial-company-archiv ⊠â Read more
**The Day I Became Everyone: How User Swapping Turned Me into a Digital Shapeshifter **
Hey there!đ
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-day-i-became-ev ⊠â Read more
âThe $12,500 DNS Trick That Hacked Snapchatâs Cloud Serversâ
While studying advanced SSRF techniques, I came across a fascinating case where researchers @nahamsec, @daeken, and @ziot combined DNSâŠ
[Continue reading on InfoSec Write-ups ⊠â Read more
Property-Based Testing in Practice
Property-based testing (PBT) is a testing methodology where users
write executable formal specifications of software components and
an automated harness checks these specifications against many
automatically generated inputs. From its roots in the QuickCheck
library in Haskell, PBT has made significant inroads in mainstream
languages and industrial practice at companies such as Amazon,
Volvo, and Stripe. As PBT extends its reach, it is important to understand
how developers are usin ⊠â Read more
Simple, minimal SQL database migrations written in Go with generics. Std lib database/sql and SQLX supported OOTB
I built GoSMig for personal projects and open-sourced it. Itâs a tiny library for writing migrations in Go (compile-time checks via generics). Supports both transactional and non-transactional steps, rollback, status/version commands, and a built-in CLI handler so you can ship your own tool.
- Zero dependencies (std lib; golang.org/x/term used for pager support)
- database/sql and sqlx supported out of the box, others w ⊠â Read more
Vim Settings For Writing Prose â Read more
Scaling Postgres to the next level at OpenAI
TIL OpenAI uses (used?) one primary write instance for their PostgreSQL cluster with dozens of read replicas. This powers the core ChatGPT service which has hundreds of millions of users and, needless to say, is a critical backbone to it.
The talk implies they shard now, but the whole video emphasises all the optimizations they did in order to support their workload through a single primary. It isnât mentioned at what time they switched to sharding, but itâs heavily implied that ⊠â Read more
How to add MCP Servers to OpenAIâs Codex with Docker MCP Toolkit
AI assistants are changing how we write code, but their true power is unleashed when they can interact with specialized, high-precision tools. OpenAIâs Codex is a formidable coding partner, but what happens when you connect it directly to your running infrastructure? Enter the Docker MCP Toolkit. The Model Context Protocol (MCP) Toolkit acts as a⊠â Read more
**How I Became an Accidental Admin and Almost Got Fired (From Someone Elseâs Company) **
Free Link đ
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-became-an-acci ⊠â Read more