@bender@twtxt.net It’s good enough ti iron out any bugs 🐛 Can I haz an account? 🙏

For those curious, the new Twtxt <-> ActivityPub bridge I’m building (bidirectional) simply requires three things:

1. You register your Twtxt feed to the bridge: https://bridge.twtxt.net
   
2. You verify that you in fact own/control the feed by putting the verification code somewhere on/in your feed (doesn’t matter where or how)
   
3. You proxy/forward requests for /.well-known/webfinger to the Bridge bridge.twtxt.net.
   

I’m still testing through and ironing out bugs 🐛 Please be patient! 🙏

whoo fix a long stnading bug with identicons for feeds with no avatar in their metadata

Hint:

# nick = ...
# avatar = ...

sudo-rs Affected By Multiple Security Vulnerabilities - Impacting Ubuntu 25.10
The Ubuntu 25.10 transition to using some Rust system utilities continues proving quite rocky. Beyond some early performance issues with Rust Coreutils, breakage for some executables, and broken unattended upgrades due to a Rust Coreutils bug, it’s also sudo-rs now causing Ubuntu developers some headaches. There are two moderate security issues affecting sudo-rs, the Rust version of sudo being used by Ubuntu 25.10… ⌘ Read more

FFmpeg To Google: Fund Us or Stop Sending Bugs
FFmpeg, the open source multimedia framework that powers video processing in Google Chrome, Firefox, YouTube and other major platforms, has called on Google to either fund the project or stop burdening its volunteer maintainers with security vulnerabilities found by the company’s AI tools. The maintainers patched a bug that Google’s AI agent discovered in code for decoding a 1995 vi … ⌘ Read more

KDE Plasma 6.6 Shaving Off 100MB Of Memory Use, Fixing DrKonqi Crash Reporter Crashing
KDE developers were off to a busy start for the month of November. A lot of feature activity continues happening for Plasma 6.6 while a lot of bug fixing is still going on for Plasma 6.5 and related KDE components… ⌘ Read more

@prologic@twtxt.net Let’s go through it one by one. Here’s a wall of text that took me over 1.5 hours to write.

This section says AI should not be treated as an authority. This is actually just what I said, except the AI phrased/framed it like it was a counter-argument.

The AI also said that users must develop “AI literacy”, again phrasing/framing it like a counter-argument. Well, that is also just what I said. I said you should treat AI output like a random blog and you should verify the sources, yadda yadda. That is “AI literacy”, isn’t it?

My text went one step further, though: I said that when you take this requirement of “AI literacy” into account, you basically end up with a fancy search engine, with extra overhead that costs time. The AI missed/ignored this in its reply.

Okay, so, the AI also said that you should use AI tools just for drafting and brainstorming. Granted, a very rough draft of something will probably be doable. But then you have to diligently verify every little detail of this draft – okay, fine, a draft is a draft, it’s fine if it contains errors. The thing is, though, that you really must do this verification. And I claim that many people will not do it, because AI outputs look sooooo convincing, they don’t feel like a draft that needs editing.

Can you, as an expert, still use an AI draft as a basis/foundation? Yeah, probably. But here’s the kicker: You did not create that draft. You were not involved in the “thought process” behind it. When you, a human being, make a draft, you often think something like: “Okay, I want to draw a picture of a landscape and there’s going to be a little house, but for now, I’ll just put in a rough sketch of the house and add the details later.” You are aware of what you left out. When the AI did the draft, you are not aware of what’s missing – even more so when every AI output already looks like a final product. For me, personally, this makes it much harder and slower to verify such a draft, and I mentioned this in my text.

You, @prologic@twtxt.net, also mentioned this in your car tyre example.

In my text, I gave two analogies: The gym analogy and the Google Translate analogy. Your car tyre example falls in the same category, but Gemini’s calculator example is different (and, again, gaslight-y, see below).

What I meant in my text: A person wants to be a programmer. To me, a programmer is a person who writes code, understands code, maintains code, writes documentation, and so on. In your example, a person who changes a car tyre would be a mechanic. Now, if you use AI to write the code and documentation for you, are you still a programmer? If you have no understanding of said code, are you a programmer? A person who does not know how to change a car tyre, is that still a mechanic?

No, you’re something else. You should not be hired as a programmer or a mechanic.

Yes, that is “skill evolution” – which is pretty much my point! But the AI framed it like a counter-argument. It didn’t understand my text.

(But what if that’s our future? What if all programming will look like that in some years? I claim: It’s not possible. If you don’t know how to program, then you don’t know how to read/understand code written by an AI. You are something else, but you’re not a programmer. It might be valid to be something else – but that wasn’t my point, my point was that you’re not a bloody programmer.)

Gemini’s calculator example is garbage, I think. Crunching numbers and doing mathematics (i.e., “complex problem-solving”) are two different things. Just because you now have a calculator, doesn’t mean it’ll free you up to do mathematical proofs or whatever.

What would have worked is this: Let’s say you’re an accountant and you sum up spendings. Without a calculator, this takes a lot of time and is error prone. But when you have one, you can work faster. But once again, there’s a little gaslight-y detail: A calculator is correct. Yes, it could have “bugs” (hello Intel FDIV), but its design actually properly calculates numbers. AI, on the other hand, does not understand a thing (our current AI, that is), it’s just a statistical model. So, this modified example (“accountant with a calculator”) would actually have to be phrased like this: Suppose there’s an accountant and you give her a magic box that spits out the correct result in, what, I don’t know, 70-90% of the time. The accountant couldn’t rely on this box now, could she? She’d either have to double-check everything or accept possibly wrong results. And that is how I feel like when I work with AI tools.

Gemini has no idea that its calculator example doesn’t make sense. It just spits out some generic “argument” that it picked up on some website.

The AI makes two points here. The first one, I might actually agree with (“bad bot behavior is not the fault of AI itself”).

The second point is, once again, gaslighting, because it is phrased/framed like a counter-argument. It implies that I said something which I didn’t. Like the AI, I said that you would have to adjust the copyright law! At the same time, the AI answer didn’t even question whether it’s okay to break the current law or not. It just said “lol yeah, change the laws”. (I wonder in what way the laws would have to be changed in the AI’s “opinion”, because some of these changes could kill some business opportunities – or the laws would have to have special AI clauses that only benefit the AI techbros. But I digress, that wasn’t part of Gemini’s answer.)

Except for one point, I don’t accept any of Gemini’s “criticism”. It didn’t pick up on lots of details, ignored arguments, and I can just instinctively tell that this thing does not understand anything it wrote (which is correct, it’s just a statistical model).

And it framed everything like a counter-argument, while actually repeating what I said. That’s gaslighting: When Alice says “the sky is blue” and Bob replies with “why do you say the sky is purple?!”

But it sure looks convincing, doesn’t it?

This took so much of my time. I won’t do this again. 😂

When Your Hash Becomes a String: Hunting a Ruby Million-to-One Memory Bug
Comments ⌘ Read more

#4 RFI: From an External URL Into your Application

Image

Understanding RFI isn’t just about finding a bug; it’s about recognizing a critical design flaw that, if exploited, hands an attacker the…

[Continue reading on InfoSec Write-ups »](https://infosecwrit … ⌘ Read more

The $2,000 Bug That Changed My Life: How a Tiny URL Parameter Broke Web-Store Pricing !! ⌘ Read more

“The $10,000 Handlebars Hack: How Email Templates Led to Server Takeover”

Image

While studying advanced template injection techniques, I came across one of the most fascinating bug bounty stories I’ve ever encountere … ⌘ Read more

How I Reported a Pre-Account Hijack Affecting Any Gmail User (Even Google Employees)- My Bug… ⌘ Read more

the bug that taught me more about PyTorch than years of using it
Comments ⌘ Read more

@movq@www.uninformativ.de I guess I wasn’t talking about the speed of interesting text/context, but more the “slowness” of these tools. I think I can build/ solutions and fix bugs faster most of the time? Hmmm 🤔 I think the only thing it’s able to do better than me is grasp large codebases and do pattern machines a bit better, mostly because we’re limited by the interfaces we have to use and in my ase being vision impaired doesn’t help :/

Date bug affects Ubuntu 25.10 automatic updates
Comments ⌘ Read more

Fixed following page template bug so cached feed counts render without errors. cc @bender@twtxt.net

Tuckr - Stow alternative with symlink checking
I’ve been using Stow for a few years now. At the time (2020) Stow had a bug where it would just fail with a cryptic error and the maintainer didn’t have time to fix it, the bug was there for 2 years or so. So I got fed up and decided to try and fix it but I didn’t know perl nor did I want to learn it, so I decided to rewrite Stow and fix the issue. To fix it I decided that I track all symlinks and give users a nice way to see what was going on. So the entire project was based on having a n … ⌘ Read more

Top security researcher shares their bug bounty process
For this year’s Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to put the spotlight on a talented security researcher—@dev-bio!

The post Top security researcher shares their bug bounty process appeared first on The GitHub Blog. ⌘ Read more

25. Monetizing Your Skills Beyond Bug Bounty

Image

Turn your hacking expertise into a thriving career beyond bounties.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/25-monetizing-your-skills-beyond-bug-bounty-a6b503d6b6dc?source=rss—-7b722bf … ⌘ Read more

How I Found a $250 XSS Bug After Losing Hope in Bug Bounty

Image

📌 Free Link

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-found-a-250-xss-bug-after-losing-hope-in-bug-bounty-8ab557df4d1d?source=rss—-7b722bf … ⌘ Read more

How to Find XSS Vulnerabilities in 2 Minutes [Updated]

Image

My simple yet powerful technique for spotting XSS vulnerabilities during bug hunting.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/find-xss-vulnerabilities-in-just-2-minutes-d14b63d00 … ⌘ Read more

A Bug Hunter’s Guide to CSP Bypasses (Part 1) ⌘ Read more

CTF to Bug Bounty: Part 1 of the Beginner’s Series for Aspiring Hunters

Image

From CTF flags to real-world bugs — your next hacking adventure starts here.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups. … ⌘ Read more

“The Overlooked P4 Goldmine: Turning Simple Flaws into Consistent Bounties”

Image

We’ve all been there — scrolling through bug bounty platforms, seeing hunters post about critical RCEs and complex chain exploit … ⌘ Read more

** How to Use AI to Learn Bug Hunting & Cybersecurity Like a Pro (in 2025)**

Image

Hey there 👋,
I’m Vipul, the mind behind The Hacker’s Log — where I break down the hacker’s mindset, tools, and secrets 🧠💻

[Continue reading … ⌘ Read more

Authentication bypass via sequential user IDs in Microsoft SSO integration | Critical Vulnerability

Image

If you’re a penetration tester or bug bounty hunter, n … ⌘ Read more

Account Take Over | P1 — Critical

Image

It started off like any other day until I got an unexpected email — an invite to a private bug bounty program. Curious, I jumped in. The…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/account-take-over-p1-critical-5468ce8218b9?sour … ⌘ Read more

The weirdest bug:When Reflected XSS Won’t Let a Page Breathe ⌘ Read more

The Critical $1000 Bug:(blind SQL injection) ⌘ Read more

22. How to Get Invites to Private Programs

Image

Unlock the secrets to landing exclusive private program invites and level up your bug bounty journey.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/22-how-to-get-invites-to-private-programs-9bbb5166 … ⌘ Read more

One Click to All Baisc Recon for Bug Bounty

Image

All Recon with One Click

Continue reading on InfoSec Write-ups » ⌘ Read more

The $500 Stored XSS Bug in SideFX’s Messaging System

Image

Hacking the Inbox: How a $500 Stored XSS Bug Exposed SideFX’s Messaging Flaw

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-500-stored-xss-bug-in-sidefxs-messaging-sys … ⌘ Read more

How I found Multiple Bugs on CHESS.COM & they refused

Image

I found JS crash, disallowing anyone to view your profile and HTML Injection. But they ignored everything.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-found-multiple-bug … ⌘ Read more

How we found a bug in Go’s arm64 compiler
Comments ⌘ Read more

How a top bug bounty researcher got their start in security
For this year’s Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to feature another spotlight on a talented security researcher — @xiridium!

The post How a top bug bounty researcher got their start in security appeared first on The GitHub Blog. ⌘ Read more

How a Single Signup Flaw Exposed 162,481 User Records

Image

My $8,500 Bug Bounty Story and the Critical Lesson in Authentication

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-a-single-signup-flaw-exposed-162-481-user-re … ⌘ Read more

Mastering Google Dorking: Discovering Website Vulnerabilities

Image

Deep Recon Made Simple: Powering Bug Hunting with Dorking Strategies

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/mastering-google-dorking-d … ⌘ Read more

@lyse@lyse.isobeef.org That looks like an older bug report. Which groff version is that (groff --version)?

@movq@www.uninformativ.de I got an empty line through the table, similarly to one of the linked bug reports, just at a different location:

https://lyse.isobeef.org/tmp/screenshot-2025-09-27-13-56-13.png

Okay, now that I knew what to look for, I found existing bug reports:

• https://lists.gnu.org/archive/html/groff/2023-04/msg00400.html
  
• https://savannah.gnu.org/bugs/?63960
  

Most importantly:

This is resolved in the groff trunk.

🥳

Kicking off Cybersecurity Awareness Month 2025: Researcher spotlights and enhanced incentives
For this year’s Cybersecurity Awareness Month, GitHub’s Bug Bounty team is excited to offer some additional incentives to security researchers!

The post [Kicking off Cybersecurity Awareness Month 2025: Researcher spotlights and enhanced incentives](https://github.blog/security/vulnerability-research/kicking-off-cybersecurity-aware … ⌘ Read more

@kat@yarn.girlonthemoon.xyz Mine shows 1/1 of 14 Twts 😆 I think this is a bug 🤯

@kat@yarn.girlonthemoon.xyz Ta. The only good use for <details> is to collapse long logs in bug analysis reports. Other than that, I find it rather annoying to expand sections manually.

As for spoilers, personally, I don’t care at all. Not the slightest bit. If there is something that I don’t wanna read, I just stop reading. ¯_(ツ)_/¯

But I’ve got the feeling that I’ve got an unpopular opinion on that matter. ;-)

@eric@itsericwoodward.com Name change is no worries! 😉 Interesting/funnily enough my client yarnd seems to have picked it up automatically which is nice (I’ve historically always had a few bugs to iron out there 🤣)

Spiders are the only web developers that enjoy finding bugs.

@lyse@lyse.isobeef.org you will have to agree, though, that Yarn has contributed to make it possible to mass adopt (with its many glitches, bugs, and all) because, still, the web is king.

@twtxt.net@twtxt.net HI KIWU YOUR PROFILE’S A BIT BUGGED ON OUR END BUT IT’S OK IT’LL FIX ITSELF

Thinking about doing “Wayland Wednesday”. Only use Wayland every Wednesday. Collect bugs, report bugs, fix bugs.

… which is probably a GTK bug.

Just realized: One of the reasons why I don’t like “flat UIs” is that they look broken to me. Like the program has a bug, missing pixmaps or whatever.

Take this for example:

https://movq.de/v/8822afccf0/a.png

I’m talking about this area specifically:

https://movq.de/v/8822afccf0/a%2Dhigh.png

One UI element ends and the other one begins – no “transition” between them.

The style of old UIs like these two is deeply ingrained into my brain:

https://movq.de/v/8822afccf0/b.png
https://movq.de/v/8822afccf0/c.png

When all these little elements (borders, handles, even just simple lines, …) are no longer present, then the program looks buggy and broken to me. And I’m not sure if I’ll ever be able to un-learn that.