When a user sends me a screenshot of their bug with zero context ⌘ Read more

Zig Quits GitHub, Says Microsoft’s AI Obsession Has Ruined the Service
The Zig Software Foundation has quit GitHub after years of unresolved GitHub Actions bugs – including a “safe_sleep” script that could spin forever and cripple CI runners. Zig leadership puts the blame on Microsoft’s growing AI-first priorities and declining engineering quality. Other open-source developers are voicing similar frustrations. … ⌘ Read more

When I find out the bug comes from a piece of code I never suspected at all ⌘ Read more

A Windows Update Broke Login Button, and Microsoft’s Advice is To Click Where It Used To Be
Microsoft has acknowledged that a recent Windows preview update, KB5064081, contains a bug that renders the password icon invisible on the lock screen, leaving users to click on what appears to be empty space to enter their credentials.

The issue affects Windows Insider channel users who instal … ⌘ Read more

Linux 6.18 Adding New Option For More Detailed Bug Reporting But Cost Of Greater Memory
Among the big flow of pull requests today for this first day of the Linux 6.19 merge window are some core kernel bug handling improvements… ⌘ Read more

@movq@www.uninformativ.de All good! 👌 Likely bug on my end (bridge)

Better Technology, Worse Motivation: GenAI’s Mediocrity Trap

While generative AI (GenAI) promises productive efficiency, it can paradoxically lead to lower-quality work. We conducted an experiment with professional illustrators and found that AI assistance flattens the quality curve—it accelerates initial gains but sharply diminishes the returns on sustained effort. Faced with this, a significant number of professionals made a strategic choice: they sacrificed the final quality to save time.

From http://www.jin-li.org/uploads/1/1/4/5/114595093/ai_and_motivation.pdf

I haven’t read this and can’t vouch for it; seems vaguely AI-boostery. Still, the conclusions are interesting. This seems to be the picture that is emerging about generative AI generally: most people don’t like it and find that degrades the quality of work. Coders seem to like it and think that it helps them, but in fact it makes the slower, less productive, and more bug prone.

By all measures it’s a bad technology. We should just be honest about it. There is no need to make excuses for multi-trillion-dollar corporations.

When I try to fix the intern’s bug even though I don’t understand it myself ⌘ Read more

When I manage to dodge the blocking bug during my demo ⌘ Read more

When a client calls us first thing in the morning to report a bug ⌘ Read more

Apple iOS 27 to Be No-Frills ‘Snow Leopard’ Update, Other Than New AI
Apple’s next major iPhone software update will prioritize stability and performance over flashy new features, according to Bloomberg’s Mark Gurman, who reports that iOS 27 is being developed as a “Snow Leopard-style” release [non-paywalled source] focused on fixing bugs, removing bloat and improving underlying code after this year’s swe … ⌘ Read more

And regarding those broken URLs: I once speculated that these bots operate on an old dataset, because I thought that my redirect rules actually were broken once and produced loops. But a) I cannot reproduce this today, and b) I cannot find anything related to that in my Git history, either. But it’s hard to tell, because I switched operating systems and webservers since then …

But the thing is that I’m seeing new URLs constructed in this pattern. So this can’t just be an old crawling dataset.

I am now wondering if those broken URLs are bot bugs as well.

They look like this (zalgo is a new project):

https://www.uninformativ.de/projects/slinp/zalgo/scksums/bevelbar/

When you request that URL, you get redirected to /git/:

$ curl -sI https://www.uninformativ.de/projects/slinp/zalgo/scksums/bevelbar/
HTTP/1.0 301 Moved Permanently
Date: Sat, 22 Nov 2025 06:13:51 GMT
Server: OpenBSD httpd
Connection: close
Content-Type: text/html
Content-Length: 510
Location: /git/

And on /git/, there are links to my repos. So if a broken client requests https://www.uninformativ.de/projects/slinp/zalgo/scksums/bevelbar/, then sees a bunch of links and simply appends them, you’ll end up with an infinite loop.

Is that what’s going on here or are my redirects actually still broken … ?

Firefox 147 Will Support The XDG Base Directory Specification
Phoronix’s Michael Larabel reports: A 21 year old bug report requesting support of the XDG Base Directory specification is finally being addressed by Firefox. The Firefox 147 release should respect this XDG specification around where files should be positioned within Linux users’ home directory.

The XDG Base Directory specification lays out where applic … ⌘ Read more

Firefox 147 Will Support The XDG Base Directory Specification
A 21 year old bug report requesting support of the XDG Base Directory specification is finally being addressed by Firefox. The Firefox 147 release should respect this XDG specification around where files should be positioned within Linux users’ home directory… ⌘ Read more

When I realize I’ve been trying to fix a bug all day in the wrong project ⌘ Read more

When QA sends me a bug with no context, just a screenshot ⌘ Read more

Qt Moves Away From Direct RDRAND/RDSEED Usage For Better Performance & Less Bugs
The Qt toolkit is moving away from directly relying on the CPU’s RDRAND and RDSEED instructions for random number generation and to instead rely on the OS-supplied entropy… ⌘ Read more

@bender@twtxt.net It’s good enough ti iron out any bugs 🐛 Can I haz an account? 🙏

For those curious, the new Twtxt <-> ActivityPub bridge I’m building (bidirectional) simply requires three things:

1. You register your Twtxt feed to the bridge: https://bridge.twtxt.net
   
2. You verify that you in fact own/control the feed by putting the verification code somewhere on/in your feed (doesn’t matter where or how)
   
3. You proxy/forward requests for /.well-known/webfinger to the Bridge bridge.twtxt.net.
   

I’m still testing through and ironing out bugs 🐛 Please be patient! 🙏

whoo fix a long stnading bug with identicons for feeds with no avatar in their metadata

Hint:

# nick = ...
# avatar = ...

sudo-rs Affected By Multiple Security Vulnerabilities - Impacting Ubuntu 25.10
The Ubuntu 25.10 transition to using some Rust system utilities continues proving quite rocky. Beyond some early performance issues with Rust Coreutils, breakage for some executables, and broken unattended upgrades due to a Rust Coreutils bug, it’s also sudo-rs now causing Ubuntu developers some headaches. There are two moderate security issues affecting sudo-rs, the Rust version of sudo being used by Ubuntu 25.10… ⌘ Read more

FFmpeg To Google: Fund Us or Stop Sending Bugs
FFmpeg, the open source multimedia framework that powers video processing in Google Chrome, Firefox, YouTube and other major platforms, has called on Google to either fund the project or stop burdening its volunteer maintainers with security vulnerabilities found by the company’s AI tools. The maintainers patched a bug that Google’s AI agent discovered in code for decoding a 1995 vi … ⌘ Read more

FFmpeg to Google: Fund us or stop sending bugs
Article URL: https://thenewstack.io/ffmpeg-to-google-fund-us-or-stop-sending-bugs/

Comments URL: https://news.ycombinator.com/item?id=45891016

Points: 508

# Comments: 384 ⌘ Read more

Ignite Realtime Blog: First release candidate of Smack 4.5 published
The Smack developers are happy to announce the availability the first release candidate (RC) of Smack 4.5.0.

The upcoming Smack 4.5 release contains many bug fixes and improvements. Please consider testing this release candidate in your integration stages and report back any issues you may found. The more people are actively testing release candidates, the less issues will remain in the actual release.

Smac … ⌘ Read more

KDE Plasma 6.6 Shaving Off 100MB Of Memory Use, Fixing DrKonqi Crash Reporter Crashing
KDE developers were off to a busy start for the month of November. A lot of feature activity continues happening for Plasma 6.6 while a lot of bug fixing is still going on for Plasma 6.5 and related KDE components… ⌘ Read more

@prologic@twtxt.net Let’s go through it one by one. Here’s a wall of text that took me over 1.5 hours to write.

This section says AI should not be treated as an authority. This is actually just what I said, except the AI phrased/framed it like it was a counter-argument.

The AI also said that users must develop “AI literacy”, again phrasing/framing it like a counter-argument. Well, that is also just what I said. I said you should treat AI output like a random blog and you should verify the sources, yadda yadda. That is “AI literacy”, isn’t it?

My text went one step further, though: I said that when you take this requirement of “AI literacy” into account, you basically end up with a fancy search engine, with extra overhead that costs time. The AI missed/ignored this in its reply.

Okay, so, the AI also said that you should use AI tools just for drafting and brainstorming. Granted, a very rough draft of something will probably be doable. But then you have to diligently verify every little detail of this draft – okay, fine, a draft is a draft, it’s fine if it contains errors. The thing is, though, that you really must do this verification. And I claim that many people will not do it, because AI outputs look sooooo convincing, they don’t feel like a draft that needs editing.

Can you, as an expert, still use an AI draft as a basis/foundation? Yeah, probably. But here’s the kicker: You did not create that draft. You were not involved in the “thought process” behind it. When you, a human being, make a draft, you often think something like: “Okay, I want to draw a picture of a landscape and there’s going to be a little house, but for now, I’ll just put in a rough sketch of the house and add the details later.” You are aware of what you left out. When the AI did the draft, you are not aware of what’s missing – even more so when every AI output already looks like a final product. For me, personally, this makes it much harder and slower to verify such a draft, and I mentioned this in my text.

You, @prologic@twtxt.net, also mentioned this in your car tyre example.

In my text, I gave two analogies: The gym analogy and the Google Translate analogy. Your car tyre example falls in the same category, but Gemini’s calculator example is different (and, again, gaslight-y, see below).

What I meant in my text: A person wants to be a programmer. To me, a programmer is a person who writes code, understands code, maintains code, writes documentation, and so on. In your example, a person who changes a car tyre would be a mechanic. Now, if you use AI to write the code and documentation for you, are you still a programmer? If you have no understanding of said code, are you a programmer? A person who does not know how to change a car tyre, is that still a mechanic?

No, you’re something else. You should not be hired as a programmer or a mechanic.

Yes, that is “skill evolution” – which is pretty much my point! But the AI framed it like a counter-argument. It didn’t understand my text.

(But what if that’s our future? What if all programming will look like that in some years? I claim: It’s not possible. If you don’t know how to program, then you don’t know how to read/understand code written by an AI. You are something else, but you’re not a programmer. It might be valid to be something else – but that wasn’t my point, my point was that you’re not a bloody programmer.)

Gemini’s calculator example is garbage, I think. Crunching numbers and doing mathematics (i.e., “complex problem-solving”) are two different things. Just because you now have a calculator, doesn’t mean it’ll free you up to do mathematical proofs or whatever.

What would have worked is this: Let’s say you’re an accountant and you sum up spendings. Without a calculator, this takes a lot of time and is error prone. But when you have one, you can work faster. But once again, there’s a little gaslight-y detail: A calculator is correct. Yes, it could have “bugs” (hello Intel FDIV), but its design actually properly calculates numbers. AI, on the other hand, does not understand a thing (our current AI, that is), it’s just a statistical model. So, this modified example (“accountant with a calculator”) would actually have to be phrased like this: Suppose there’s an accountant and you give her a magic box that spits out the correct result in, what, I don’t know, 70-90% of the time. The accountant couldn’t rely on this box now, could she? She’d either have to double-check everything or accept possibly wrong results. And that is how I feel like when I work with AI tools.

Gemini has no idea that its calculator example doesn’t make sense. It just spits out some generic “argument” that it picked up on some website.

The AI makes two points here. The first one, I might actually agree with (“bad bot behavior is not the fault of AI itself”).

The second point is, once again, gaslighting, because it is phrased/framed like a counter-argument. It implies that I said something which I didn’t. Like the AI, I said that you would have to adjust the copyright law! At the same time, the AI answer didn’t even question whether it’s okay to break the current law or not. It just said “lol yeah, change the laws”. (I wonder in what way the laws would have to be changed in the AI’s “opinion”, because some of these changes could kill some business opportunities – or the laws would have to have special AI clauses that only benefit the AI techbros. But I digress, that wasn’t part of Gemini’s answer.)

Except for one point, I don’t accept any of Gemini’s “criticism”. It didn’t pick up on lots of details, ignored arguments, and I can just instinctively tell that this thing does not understand anything it wrote (which is correct, it’s just a statistical model).

And it framed everything like a counter-argument, while actually repeating what I said. That’s gaslighting: When Alice says “the sky is blue” and Bob replies with “why do you say the sky is purple?!”

But it sure looks convincing, doesn’t it?

This took so much of my time. I won’t do this again. 😂

When Your Hash Becomes a String: Hunting a Ruby Million-to-One Memory Bug
Comments ⌘ Read more

When I have to explain the same bug to QA for the third time ⌘ Read more

MacOS Tahoe 26.1 Update Released for Mac
Apple has released macOS Tahoe 26.1 for all Mac users, being the first major point release software update for macOS Tahoe since it debuted a few months ago. macOS Tahoe 26.1 includes a few new features, some bug fixes, and security patches, making it an important update to install for any Mac user that is … Read More ⌘ Read more

iOS 26.1 Update Released for iPhone & iPad
Apple has released iOS 26.1 for iPhone, and iPadOS 26.1 for iPad. These are the first major point release updates for iOS 26, and offer a few changes, new features, bug fixes, and security enhancements, and are therefore recommended for users running iOS 26 or iPadOS 26. You will find a new toggle for Liquid … Read More ⌘ Read more

When someone asks me for help with a bug just as I’m about to leave the office ⌘ Read more

#4 RFI: From an External URL Into your Application

Image

Understanding RFI isn’t just about finding a bug; it’s about recognizing a critical design flaw that, if exploited, hands an attacker the…

[Continue reading on InfoSec Write-ups »](https://infosecwrit … ⌘ Read more

When I end my day fixing a bug ⌘ Read more

When I fix a bug in prod before anyone notices ⌘ Read more

The $2,000 Bug That Changed My Life: How a Tiny URL Parameter Broke Web-Store Pricing !! ⌘ Read more

“The $10,000 Handlebars Hack: How Email Templates Led to Server Takeover”

Image

While studying advanced template injection techniques, I came across one of the most fascinating bug bounty stories I’ve ever encountere … ⌘ Read more

How I Reported a Pre-Account Hijack Affecting Any Gmail User (Even Google Employees)- My Bug… ⌘ Read more

DietPi October 2025 Update Adds Support for NanoPi R3S, R76S, and Reworked Dashboard
The October 18th release of DietPi v9.18 introduces support for new FriendlyELEC single-board computers, a redesigned DietPi-Dashboard with improved security, and the addition of the LazyLibrarian eBook and audiobook manager. The update also includes bug fixes, filesystem improvements, and expanded compatibility for virtual devices   DietPi: DietPi is a lightweight, Debian-base … ⌘ Read more

Release Candidate for iOS 26.1, macOS Tahoe 26.1, iPadOS 26.1 Available for Testing
Release Candidate builds of iOS 26.1, macOS Tahoe 26.1, and iPadOS 26.1, are now available for users participating in the beta testing programs for Apple system software. Release Candidate (RC) builds are typically the final version in a beta period, absent any major bugs, and the release of an RC build indicates the final versions … [Read More](https://osxdaily.com/202 … ⌘ Read more

the bug that taught me more about PyTorch than years of using it
Comments ⌘ Read more

@movq@www.uninformativ.de I guess I wasn’t talking about the speed of interesting text/context, but more the “slowness” of these tools. I think I can build/ solutions and fix bugs faster most of the time? Hmmm 🤔 I think the only thing it’s able to do better than me is grasp large codebases and do pattern machines a bit better, mostly because we’re limited by the interfaces we have to use and in my ase being vision impaired doesn’t help :/

Date bug affects Ubuntu 25.10 automatic updates
Comments ⌘ Read more

Fixed following page template bug so cached feed counts render without errors. cc @bender@twtxt.net

Tuckr - Stow alternative with symlink checking
I’ve been using Stow for a few years now. At the time (2020) Stow had a bug where it would just fail with a cryptic error and the maintainer didn’t have time to fix it, the bug was there for 2 years or so. So I got fed up and decided to try and fix it but I didn’t know perl nor did I want to learn it, so I decided to rewrite Stow and fix the issue. To fix it I decided that I track all symlinks and give users a nice way to see what was going on. So the entire project was based on having a n … ⌘ Read more

Top security researcher shares their bug bounty process
For this year’s Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to put the spotlight on a talented security researcher—@dev-bio!

The post Top security researcher shares their bug bounty process appeared first on The GitHub Blog. ⌘ Read more

Beta 4 of iOS 26.1, macOS Tahoe 26.1, iPadOS 26.1 Available for Testing
Apple has issued the fourth beta of iOS 26.1, iPadOS 26.1, and macOS Tahoe 26.1, for users enrolled in the beta testing programs for Apple system software. The betas continue to offer refinements, adjustments, improvements, and bug fixes to the various OS 26 operating systems. The latest 4th beta build includes a new Liquid Glass … [Read More](https://osxdaily.com/2025/10/20/beta-4-of-ios-26-1 … ⌘ Read more

Mathieu Pasquet: slixmpp v1.12
This version is out mostly to provide a stable version with compatibility with the newly released Python 3.14, there are nonetheless a few new things on top.

Thanks to all contributors for this release!

• Bug in MUC self-ping ( XEP-0410) that would create a traceback in some uses
  
• Bug in SIMS ( XEP-0447) where all media would be marked as inline
  
• Python 3.14 breakage
  

• Prono … ⌘ Read more

25. Monetizing Your Skills Beyond Bug Bounty

Image

Turn your hacking expertise into a thriving career beyond bounties.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/25-monetizing-your-skills-beyond-bug-bounty-a6b503d6b6dc?source=rss—-7b722bf … ⌘ Read more

When I run into a bug I thought I had fixed weeks ago ⌘ Read more

How I Found a $250 XSS Bug After Losing Hope in Bug Bounty

Image

📌 Free Link

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-found-a-250-xss-bug-after-losing-hope-in-bug-bounty-8ab557df4d1d?source=rss—-7b722bf … ⌘ Read more