Trump says it might be better to let Ukraine and Russia ‘fight for a while’ ⌘ Read more
**☠️ CORS of Destruction: How Misconfigured Origins Let Me Read Everything **
Free Link 🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/%EF%B8%8F-cors-of-destruction-how-m … ⌘ Read more
JWT the Hell?! How Weak Tokens Let Me Become Admin with Just a Text Editor ️
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/jwt-the-hell-how-weak-to … ⌘ Read more
Deals: M4 MacBook Air for $812! MacBook Pro 16″ M4 Max 48GB/1TB for $3440, & More
Amazon isn’t letting up on the great deals, with the M4 Macbook Air 13″ model now being offered at just $812 for the base 13″ model with 16GB RAM, 256GB SSD, and Midnight color. You can also get great deals on other colors, but the cheapest by far is the dark Midnight color at the … [Read More](https://osxdaily.com/2025/06/03/deals-m4-macbook-air-for-812-macbook-pro-16 … ⌘ Read more
An Alfred workflow to open GCP services and browse resources within
An Alfred workflow that lets you instantly open Google Cloud services or search GCP resources—fast, simple, and right from your Alfred.
↳
In-reply-to
»
I had a lot of fun with my modems these past few days:
⤋ Read More
@kat@yarn.girlonthemoon.xyz A blast from the past! 😅 And all of it still works, that’s quite the surprise. I mean, I’m making real phone calls here and let the modems talk over that connection … Almost like in the 90ies. 😅
Harpoom: of course the Apple Network Server can be hacked into running Doom
Of course you can run Doom on a $10,000+ Apple server running IBM AIX. Of course you can. Well, you can now. Now, let’s go ahead and get the grumbling out of the way. No, the ANS is not running Linux or NetBSD. No, this is not a backport of NCommander’s AIX Doom, because that runs on AIX 4.3. The Apple Network Server could run no version of AIX later than 4.1.5 and there are substan … ⌘ Read more
$540 Bounty: How a Misconfigured Warning Endpoint in Apache Airflow Exposed DAG Secrets
CVE-2023–42780: An Improper Access Control Bug That Let Low-Privileged Users View DAG Impo … ⌘ Read more
**From Forgot Password to Forgot Validation: A Broken Flow That Let Me Take Over Accounts **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/from … ⌘ Read more
The Copilot delusion
And the “copilot” branding. A real copilot? That’s a peer. That’s a certified operator who can fly the bird if you pass out from bad taco bell. They train. They practice. They review checklists with you. GitHub Copilot is more like some guy who played Arma 3 for 200 hours and thinks he can land a 747. He read the manual once. In Mandarin. Backwards. And now he’s shouting over your shoulder, “Let me code that bit real quick, I saw it in a Slashdot comment!” At that point, you’re not working … ⌘ Read more
Two fantastic weeks in Scotland
I am back from Scotland, and my first days back at work are behind me. Let me tell you about my awesome vacation! ⌘ Read more
Two fantastic weeks in Scotland
I am back from Scotland, and my first days back at work are behind me. Let me tell you about my awesome vacation! ⌘ Read more
Two fantastic weeks in Scotland
I am back from Scotland, and my first days back at work are behind me. Let me tell you about my awesome vacation! ⌘ Read more
**From CSP to OMG: How a Tiny Misconfigured Header Let Me Run JS Anywhere **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/from-csp-to-omg-how-a-tiny-misconfigured-header-let- … ⌘ Read more
TrueNAS uses “AI” for customer support, and of course it goes horribly wrong
Let’s check in on TrueNAS, who apparently employ “AI” to handle customer service tickets. Kyle Kingsbury had to have dealings with TrueNAS’ customer support, and it was a complete trashfire of irrelevance and obviously wrong answers, spiraling all the way into utter lies. The “AI” couldn’t generate its way out of a paper bag, and for a paying customer who is entitled to support, tha … ⌘ Read more
Let me and my husband draw your cats terribly! ⌘ Read more
…why- just why. Let me pee in peace ⌘ Read more
↳
In-reply-to
»
@bender @prologic Jokes aside, I don't think that's the right approach either. We had spell checkers, since I can remember, as well as other tools, like the smart image select, used mostly to remove backgrounds. These are tools, that just simplify the process of either opening up a dictionary and looking up a word, you can't remember the spelling of, or the process of placing a billion little dots around the part of an image you want to select - none of these are creative or enjoyable tasks, we already had tools for them, decades before AI. I don't think we need to go back to cave paintings, to be free of AIs influence on our creative work.
⤋ Read More
@thecanine@twtxt.net right. Spell checkers are not AI. Full grammar checking, and correction? That one I have not seeing, but on AI. So, what I meant was, let the grammar gaffes show; we type as we speak (most of the time). About spelling mistakes, well, let them be corrected as we have done since 1971(?).
Let him cook ⌘ Read more
↳
In-reply-to
»
@thecanine @movq So I actually agree with you! I think Dustin is taking a bit of a "deep and dark" path here (depression), and there are many parallels to other types of activities that we can all talk to. "AI" or "LLM"(s) here should be no different. Use them, Don't use them. I don't really see how it takes away our creativity or critical thinking.
⤋ Read More
@prologic@twtxt.net to err is human, to forgive is divine, right? I say let us err, and forgive. My grammatical errors make me me. Misspellings? Well, we need no stinky AI for that!
should i let him in? he comes everyday and just stands there ⌘ Read more
I let the street cat into my apartment ⌘ Read more
**Token of Misfortune: How a Refresh Token Leak Let Me Regenerate Unlimited Sessions **
Free Link 🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/token-of-misfortune … ⌘ Read more
↳
In-reply-to
»
@bender Sure! 👍
⤋ Read More
@bender@twtxt.net It’s still a straight-through to the Eris backend that itself uses a Let’s Encrypt cert now. Haven’t tried to also terminate TLS at the Edge yet.
$500 Bounty: Race Condition in Hacker101 CTF Group Join
$500 for discovering a timing flaw in Hacker101’s invite system that let users join the same team multiple times
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/50 … ⌘ Read more
** Blog Title: Not Your File: How Misconfigured MIME Types Let Me Upload Evil Scripts **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/blog-title-not-your … ⌘ Read more
**Forget Me Not: How Broken Logout Functionality Let Me Ride Sessions Forever **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/forget-me-not-how-broken-logout-function … ⌘ Read more
Cracking the Dave & Buster’s anomaly
Let’s dive into a peculiar bug in iOS. And by that I mean, let’s follow along as Guilherme Rambo dives into a peculiar bug in iOS. The bug is that, if you try to send an audio message using the Messages app to someone who’s also using the Messages app, and that message happens to include the name “Dave and Buster’s”, the message will never be received. ↫ Guilherme Rambo As I read this first description of the bug, I had no idea what could possibly be causing th … ⌘ Read more
↳
In-reply-to
»
last night my timeline randomly reset to only show my own recent twts and i restarted my instance a few times and pulled from main and shit and it didn't change but it seems fine now lol?!
⤋ Read More
@prologic@twtxt.net haven’t noticed anything weird in the logs! i’ll let you know if it happens again and monitor more closely though. it was def weird!
Hidden HackerOne & Bugcrowd Programs: How to Get Private Invites
“Private programs are where the real gold lies… but no one tells you how to get there. Let me break it down for you — with secrets most…
[Continue reading on In … ⌘ Read more
↳
In-reply-to
»
My main domain name turned 24 years old today. That feels weird.
⤋ Read More
@bender@twtxt.net How do you explain mine then? Unless it was registered before me, then let go of and I re-registered it later? 🤔
Top 10 Ways Hackers Exploit Web Applications (and How to Prevent Them)
Hackers don’t wait for big websites. They look for easy mistakes. Let’s fix them before they find yours.
[Continue reading on InfoSec Write- … ⌘ Read more
$100 Bounty: How a Spoofed Email Could Change Any Username on HackerOne
A simple email spoofing trick could let anyone hijack your HackerOne username and profile link
[Continue reading on InfoSec Write-ups »] … ⌘ Read more
50% Off Monthly, Yearly, & Lifetime Subscriptions (Through Friday, May 9th)
Let’s make Big Tech grumpy. ⌘ Read more
50% off Monthly, Yearly Subscriptions! Lifetime Subs for $100! Let’s get everyone subscribing to The Lunduke Journal!
The number of free subscribers to The Lunduke Journal has absolutely exploded — across a bunch of platforms — which is truly amazing. ⌘ Read more
Bug Hunting for Real: Tools, Tactics, and Truths No One Talks About
Let’s Skip the “Sign Up on HackerOne” Talk
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bug-hunting-for-real-tools-tactics-and-truths-no … ⌘ Read more
Let me see whose black cat has a white background ⌘ Read more
So, the “AI” bots have reached my website. Looks like they’re just slowly crawling everything at the moment – no DDoS-like attack yet. I wonder if that has something to do with my website being 100% static HTML. There are no GET parameters they can tweak and, at the end of the day, there’s not that much data on my server anyway … And maybe they have no idea what stagit is, so it doesn’t trigger “standard behavior”, like “this is a Gitea instance, let’s crawl this like crazy!”?
Let’s Encrypt: Why You should (and Shouldn’t) use free SSL certificates
Free, fast, and secure — but is Let’s Encrypt the right SSL solution for your website?
[Continue reading on InfoSec Write-ups »](https://infosecwriteup … ⌘ Read more
DragonFlyBSD 6.4.1 released
It has been well over two years since the last release of DragonFlyBSD, version 6.4.0, and today the project pushed out a small update, DragonFlyBSD 6.4.1. It fixes a few small, longstanding issues, but as the version number suggests, don’t expect any groundbreaking changes here. The legacy IDE/NATA driver had a memory leak fixed, the ca_root_nss package has been updated to support newer Let’s Encrypt certificates, the package update command will no longer delete an importa … ⌘ Read more
The AI-Powered DevOps revolution: Redefining developer collaboration
Collaboration is crucial to successful software delivery. Let’s dive into how AI can help your development teams decrease their time to delivery, and foster better communication and collaboration using GitHub Copilot.
The post [The AI-Powered DevOps revolution: Redefining developer collaboration](https://github.blog/ai-and-ml/github-copilot/the-ai-powered-devops-revolution-redefining-de … ⌘ Read more
LOL Amazon displaying tariff prices “hostile and political,” White House say is this the kettle calling the pot black? 🤣 Trump, pfft, what a fucking idiot. No clue how economies work, let alone countries.
My boyfriends “feral” 20 year old cat that won’t let anyone touch him… ⌘ Read more
I have a little time today, so if you don’t mind, let me draw your cats! ⌘ Read more
10 Surprising Legal Gaps That Let Chaos Ensue
We tend to assume that there’s a law on the books for every situation. But legal systems often lag behind reality, leaving major gaps at the worst possible moments. Whether it was due to technological change, moral blind spots, or pure legislative oversight, these are moments when people turned to the law—and the law shrugged. […]
The post [10 Surprising Legal Gaps That Let Chaos Ensue](https://listverse.com/2025/04/27/10-surprising-legal-g … ⌘ Read more