FeedCollection

http://www.hack.lu/news.rdf returned no data, or LWP::UserAgent is not available.

http://a.6f2.net/svnweb/index.cgi/adulau/rss/ returned no data, or LWP::UserAgent is not available.

http://www.michael-noll.com/feed/ returned no data, or LWP::UserAgent is not available.

2026-04-21

• 09:14 UTC how a roblox cheat and one AI tool brought down vercel’s entire platform – how a roblox cheat and one AI tool brought down vercel's entire platform Damn, this is an absolute indictment of the state of security in AI tooling: February 2026. An employee at Context.ai, one of those AI productivity tools that promises to "supercharge your workflow," downloads a Roblox cheat. Not a sophisticated zero-day. Not a state-sponsored attack. A Roblox cheat. The download contains Lumma Stealer, an infostealer that grabs session cookies, credentials, everything. That employee had access to sensitive internal systems. March 2026. The attacker uses Context.ai's compromised infrastructure to pivot into a Vercel employee's Google Workspace account. This Vercel employee had signed up for Context.ai's "AI Office Suite" using their enterprise credentials and granted "Allow All" permissions. Let that sink in for a second. A Vercel engineer gave a third-party AI tool full access to their corporate Google account. April 19. Guillermo Rauch posts the thread confirming everything. Environment variables [...] were stored in plaintext. Accessed. Exfiltrated. tl;dr: Context.ai employees should not be using company devices to access Roblox cheats; exfiltratable environment variables should not be usable to access a customer's Google account. The scope of these credentials was obviously way too broad. This isn't just a Context.ai issue, this is systemic. Tags: security infosec credentials google context.ai roblox fail

2026-04-20

• 12:17 UTC Cooperative DCs – Cooperative DCs "A Future Vision of Data Centres: From Big Tech Builds to Community-Owned Cooperatives": in Belgium, Nubo Cooperative offers an email service, cloud storage, digital calendar and domain name, all run on local, Nubo-owned servers. When you purchase any of these services, you become a member of Nubo and can participate in decision-making as part of the cooperative. “This allows users to place trust in the structure that manages the services,” Nubo writes on its website. It compares this to a private company, where “the lack of transparency makes trust impossible”. The cooperative commits to allocating profits to achieve social objectives rather than using them to enrich shareholders. This is actually a very interesting idea... Tags: community datacenters cooperatives society nubo coops tech hosting cloud

2026-04-16

• 16:18 UTC Thoughts on the Bluesky public incident write-up – Thoughts on the Bluesky public incident write-up Good post on a classic C10K error scenario -- exhausting the ephemeral port range Tags: ports unix ops sysadmin c10k scaling bluesky outages
• 13:19 UTC Microsoft runs out of capacity, routes requests outside the GDPR region – Microsoft runs out of capacity, routes requests outside the GDPR region Oh dear, this is an absolute GDPR no-no: Apparently #Microsoft is not able to get enough compute within EU datacenters to handle #Copilot requests. Instead, it will do "Flex-Routing", which processes some requests in non-EU datacenters. This is Opt-Out. The only notification was an e-mail to Admins. If they missed that, companies might be leaking PII outside of the EU from tomorrow on. Get your GDPR Nightmare letters ready! Tags: fail microsoft gdpr regulation security copilot eu flex-routing pii privacy

2026-04-14

• 13:09 UTC Lean proved this program was correct; then I found a bug – Lean proved this program was correct; then I found a bug This is IMO very exciting. Formal verification and formally-proven correctness in code using Lean, which was in turn exercised heavily using Claude, which managed to turn up a totally unexpected runtime bug: The positive result here is actually the remarkable one. Across 105 million executions, the application code (that is, excluding the runtime) had zero heap buffer overflows, zero use-after-free, zero stack buffer overflows, zero undefined behaviour (UBSan clean), and zero out-of-bounds array reads in the Lean-generated C code. [...] The two bugs that were found both sat outside the boundary of what the proofs cover. The denial-of-service was a missing specification. The heap overflow was a deeper issue in the trusted computing base, the C++ runtime that the entire proof edifice assumes is correct (and now has a PR addressing). Overall verification resulted in a remarkably robust and rigorous codebase. AFL and Claude had a really hard time finding errors. But they did still find issues. Verification is only as strong as the questions you think to ask and the foundations you choose to trust. Tags: programming coding future lean formal-methods correctness linting bugs zip verification testing

2026-04-13

• 10:19 UTC Measuring bandwidth from a Fire TV stick – I was having some trouble playing files from my NAS using a Fire TV stick which was connected via a couple of hubs and an ethernet switch, so I wanted to double check the connection bandwidth. Here's how to do it from the command line, which is still possible on Android-based Fire sticks. First, enable adb in the Developer Options page in the Fire TV settings page. Then find it's IP address in the network settings page and use: adb connect 10.19.72.182 [permit the adb connection on the TV's dialog] adb shell Shell into the NAS in a window and type: dd if=/dev/zero bs=1M count=100 | nc -l -p 9999 -q 0 In the adb shell window run: date; time toybox nc 10.19.72.5 9999 > /dev/null ; date That'll result in something like: Sun Apr 12 11:10:10 IST 2026 0m08.92s real 0m00.03s user 0m00.96s system Sun Apr 12 11:10:19 IST 2026 8.92 is the real elapsed clock time to download 100MB of data from the NAS. 100 MB / 8.92s = 11.2 MB/s, or about 89.7 Mbps. 89 Mbps should be enough to handle 4K for most compressed streams -- although I may need to consider switching this to running off wifi to handle newer, bigger files. It may be time to upgrade my wifi setup in that room to fix some latency spike issues.

2026-04-12

• 22:21 UTC The Blockade Is the Message. How a Fuel Price Spike Became a Fascist Audition – The Blockade Is the Message. How a Fuel Price Spike Became a Fascist Audition This is 100% spot on, regarding Ireland's "fuel prices" blockades this week -- There is a particular tell, when a “spontaneous people’s protest” isn’t quite what it claims to be. It isn’t the placards. It isn’t the high-vis vests. It isn’t even the tractors. Ireland has plenty of legitimate reasons to bring a tractor to town, and a country built on agricultural grievance has every right to express it loudly. The tell is something subtler. It’s the moment someone in the crowd, their face contorted with what is supposed to be anger about diesel, screams “What’s a woman?” at a passing TD. Tags: fuel prices cost-of-living demonstrations ireland politics far-right farming blockades
• 15:04 UTC nFolio – nFolio This app does a very decent job of displaying a folder of images from a NAS via DLNA or SMB as a slideshow on an Android or Fire TV; can be set up as the screensaver with a little adb'ing Tags: nfolio screensavers tv video photos family

2026-04-07

• 11:27 UTC Software Licenses and Workers’ Rights · Agent IO – Software Licenses and Workers' Rights · Agent IO Huh, this is a thought-provoking blog post about OSS licensing. It is observably and objectively bad for society when investors own closed-source software. That starts by being bad for tech workers, creators lose the right to the value that they create, and users are still harmed because they don’t get the protection from spying and abuse that open source promised them. [...] The open source movement is a ladder that leans on the wall of users’ rights. We’ve spent forty years climbing that ladder. Where are we now? Our world is controlled by moguls who’ve built empires using open source software that they’ve locked behind proprietary barriers. Those empires exploit workers and harm the users that the open source movement was supposed to protect. Our ladder is leaning on the wrong wall. Tags: open-source closed-source oss licensing freedom software rights
• 10:19 UTC How Do You Find an Illegal Image Without Looking at It? – How Do You Find an Illegal Image Without Looking at It? A very good writeup of how illegal-image detection algorithms like PhotoDNA and PDQ work, and the Hasher-Matcher-Actioner three stage pattern (via Erin Kissane) Tags: csam detection filtering photodna pdq classifiers photos videos classification hashing fuzzy-hashing via:erin-kissane

• Superlinear Returns
• How to Do Great Work
• How to Get New Ideas
• The Need to Read
• What You (Want to)* Want
• Alien Truth
• What I've Learned from Users
• Heresy
• Putting Ideas into Words
• Is There Such a Thing as Good Taste?
• Beyond Smart
• Weird Languages
• How to Work Hard
• A Project of One's Own
• Fierce Nerds