Mark Zuckerberg Opened an Illegal School At His Palo Alto Compound. His Neighbor Revolted
Mark Zuckerberg opened an unlicensed school named after the family’s pet chicken – and it was the final straw for his neighbors, writes Slashdot reader joshuark, citing a report from Wired. The magazine obtained 1,665 pages of documents about the neighborhood dispute – “including 311 records, leg … ⌘ Read more
Magika 1.0 Goes Stable As Google Rebuilds Its File Detection Tool In Rust
BrianFagioli writes: Google has released Magika 1.0, a stable version of its AI-based file type detection tool, and rebuilt the entire engine in Rust for speed and memory safety. The system now recognizes more than 200 file types, up from about 100, and is better at distinguishing look-alike formats such as JSON vs JSONL, TS … ⌘ Read more
↳
In-reply-to
»
For the innocent bystanders (because I know that I won’t change @bender’s opinion):
⤋ Read More
@movq@www.uninformativ.de Gemini liked your opinion very much. Here is how it countered:
1. The User Perspective (Untrustworthiness)The criticism of AI as untrustworthy is a problem of misapplication, not capability.
- AI as a Force Multiplier: AI should be treated as a high-speed drafting and brainstorming tool, not an authority. For experts, it offers an immense speed gain, shifting the work from slow manual creation to fast critical editing and verification.
- The Rise of AI Literacy: Users must develop a new skill—AI literacy—to critically evaluate and verify AI’s probabilistic output. This skill, along with improving citation features in AI tools, mitigates the “gaslighting” effect.
The fear of skill loss is based on a misunderstanding of how technology changes the nature of work; it’s skill evolution, not erosion.
- Shifting Focus to High-Level Skills: Just as the calculator shifted focus from manual math to complex problem-solving, AI shifts the focus from writing boilerplate code to architectural design and prompt engineering. It handles repetitive tasks, freeing humans for creative and complex challenges.
- Accessibility and Empowerment: AI serves as a powerful democratizing tool, offering personalized tutoring and automation to people who lack deep expertise. While dependency is a risk, this accessibility empowers a wider segment of the population previously limited by skill barriers.
The legal and technical flaws are issues of governance and ethical practice, not reasons to reject the core technology.
- Need for Better Bot Governance: Destructive scraping is a failure of ethical web behavior and can be solved with better bot identification, rate limits, and protocols (like enhanced
robots.txt). The solution is to demand digital citizenship from AI companies, not to stop AI development.
oss-security - runc container breakouts via procfs writes: CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881
Comments ⌘ Read more
GitHub Copilot tutorial: How to build, test, review, and ship code faster (with real prompts)
How GitHub Copilot works today—including mission control—and how to get the most out of it. Here’s what you need to know.
The post [GitHub Copilot tutorial: How to build, test, review, and ship code faster (with real prompts)](https://github.blog/ai-and-ml/github-copilot/a-developers-guide-to-writing-debugging-reviewing-and-shipping-co … ⌘ Read more
The XMPP Standards Foundation: XMPP Summit 28
The XMPP Standards Foundation (XSF) is exited to announce the 28th XMPP Summit taking place in Brussels, Belgium next year - just before FOSDEM 2026.
The XSF invites everyone interested in development of the XMPP protocol to attend, and discuss all things XMPP - both in person and remotely!
The XMPP Summit is a two-day event for the people who write and implement XMPP extensions (XEPs).
The event is no … ⌘ Read more
**How I Used Sequential IDs to Download an Entire Company’s User Database (And The Joker Helped) **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosec … ⌘ Read more
**The Great Tenant Mix-Up: How I Accidentally Became Every Company’s Employee **
Free Link 🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-great-tenant-mix-up-how-i-accidentally … ⌘ Read more
↳
In-reply-to
»
Java’s Swing is allegedly in “maintenance mode”, so I doubt it’s a good idea to use it for new programs. For example, I very much doubt that it will ever support Wayland.
⤋ Read More
@movq@www.uninformativ.de That and no sane person writes Java™ anymore right? 🤣
#4 RFI: From an External URL Into your Application
Understanding RFI isn’t just about finding a bug; it’s about recognizing a critical design flaw that, if exploited, hands an attacker the…
[Continue reading on InfoSec Write-ups »](https://infosecwrit … ⌘ Read more
**How I Made ChatGPT My Personal Hacking Assistant (And Broke Their “AI-Powered” Security) **
Free Link 🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-m … ⌘ Read more
**How I Hacked JWT Tokens and Became Everyone on the Internet (Temporarily) **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-hacked-jwt-tokens-and-became-everyone-on-t … ⌘ Read more
Exposed API Keys and Secrets with AI
Quick Disclosure of API Key and Secret to guess parameter value
$1000 Bounty: GitLab Security Flaw Exposed
How a $1000 Bounty Hunt Revealed a GraphQL Type Check Nightmare Allowing Maintainers to Nuke Repositories
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/1000-bounty-gitlab-security-flaw-exposed-dd30978 … ⌘ Read more
**How I Became the Unofficial Company Archivist (And Saw Things I Can’t Unsee) **
Free Link🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-became-the-unofficial-company-archiv … ⌘ Read more
**The Day I Became Everyone: How User Swapping Turned Me into a Digital Shapeshifter **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-day-i-became-ev … ⌘ Read more
“The $12,500 DNS Trick That Hacked Snapchat’s Cloud Servers”
While studying advanced SSRF techniques, I came across a fascinating case where researchers @nahamsec, @daeken, and @ziot combined DNS…
[Continue reading on InfoSec Write-ups … ⌘ Read more
Property-Based Testing in Practice
Property-based testing (PBT) is a testing methodology where users
write executable formal specifications of software components and
an automated harness checks these specifications against many
automatically generated inputs. From its roots in the QuickCheck
library in Haskell, PBT has made significant inroads in mainstream
languages and industrial practice at companies such as Amazon,
Volvo, and Stripe. As PBT extends its reach, it is important to understand
how developers are usin … ⌘ Read more
Simple, minimal SQL database migrations written in Go with generics. Std lib database/sql and SQLX supported OOTB
I built GoSMig for personal projects and open-sourced it. It’s a tiny library for writing migrations in Go (compile-time checks via generics). Supports both transactional and non-transactional steps, rollback, status/version commands, and a built-in CLI handler so you can ship your own tool.
- Zero dependencies (std lib; golang.org/x/term used for pager support)
- database/sql and sqlx supported out of the box, others w … ⌘ Read more
Vim Settings For Writing Prose ⌘ Read more
Scaling Postgres to the next level at OpenAI
TIL OpenAI uses (used?) one primary write instance for their PostgreSQL cluster with dozens of read replicas. This powers the core ChatGPT service which has hundreds of millions of users and, needless to say, is a critical backbone to it.
The talk implies they shard now, but the whole video emphasises all the optimizations they did in order to support their workload through a single primary. It isn’t mentioned at what time they switched to sharding, but it’s heavily implied that … ⌘ Read more
How to add MCP Servers to OpenAI’s Codex with Docker MCP Toolkit
AI assistants are changing how we write code, but their true power is unleashed when they can interact with specialized, high-precision tools. OpenAI’s Codex is a formidable coding partner, but what happens when you connect it directly to your running infrastructure? Enter the Docker MCP Toolkit. The Model Context Protocol (MCP) Toolkit acts as a… ⌘ Read more
**How I Became an Accidental Admin and Almost Got Fired (From Someone Else’s Company) **
Free Link 🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-became-an-acci … ⌘ Read more
25. Monetizing Your Skills Beyond Bug Bounty
Turn your hacking expertise into a thriving career beyond bounties.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/25-monetizing-your-skills-beyond-bug-bounty-a6b503d6b6dc?source=rss—-7b722bf … ⌘ Read more
The Ultimate Guide to 403 Forbidden Bypass (2025 Edition)
Master the art of 403 bypass with hands-on examples, tools and tips..
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-ultimate-guide-to-403-forbidden-byp … ⌘ Read more
How to Identify Sensitive Data in JavaScript Files: (JS-Recon)
A complete guide to uncovering hidden secrets, API keys, and credentials inside JavaScript files
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/h … ⌘ Read more
FFUF Mastery: The Ultimate Web Fuzzing Guide
Practical techniques, wordlists, and templates to fuzz every layer of a web app.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ffuf-mastery-the-ultimate-web-fuzzing-guide-f7755c396b92?source= … ⌘ Read more
How I Mastered Blind SQL Injection With One Simple Method
Transforming my web security skills by learning to listen to a silent database
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-mastered-blind-sql-injection-w … ⌘ Read more
ProtoVault Breach Forensics Challenge Offsec CTF Week 1
Maverick is back again with a fresh article this time I dug into ProtoVault Breach, the Week 1 forensics challenge from the Offsec CTF…
[Continue reading on InfoSec Write-ups »](ht … ⌘ Read more
How I Found a $250 XSS Bug After Losing Hope in Bug Bounty
📌 Free Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-found-a-250-xss-bug-after-losing-hope-in-bug-bounty-8ab557df4d1d?source=rss—-7b722bf … ⌘ Read more
23. Tools vs. Mindset: What Matters More in 2025
Why the Right Mindset Will Outperform the Most Advanced Tools
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/23-tools-vs-mindset-what-matters-more-in-2025-1be217350787?source=rss—-7b7 … ⌘ Read more
How to Find XSS Vulnerabilities in 2 Minutes [Updated]
My simple yet powerful technique for spotting XSS vulnerabilities during bug hunting.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/find-xss-vulnerabilities-in-just-2-minutes-d14b63d00 … ⌘ Read more