The more mental energy you expend parsing a programming language's syntax, the less you have available for parsing a program's logic—or creating it yourself. This is why core fluency is so important; it frees up your own compute cycles for more important work.

It's also another reason why "vibe coding" is so toxic. It robs you of the opportunity to gain that fluency.

[RSS] Cisco IOS XE WLC Arbitrary File Upload Vulnerability (CVE-2025-20188) Analysis

https://horizon3.ai/attack-research/attack-blogs/cisco-ios-xe-wlc-arbitrary-file-upload-vulnerability-cve-2025-20188-analysis/

[RSS] exploits.club Weekly Newsletter 73 - AI Finds Bugs, MTE Bypasses, Old Jailbreaks, and More

https://blog.exploits.club/exploits-club-weekly-newsletter-73-ai-finds-bugs-mte-bypasses-old-jailbreaks-and-more/

"[Qualys] discovered a vulnerability in apport [...], and a similar vulnerability in systemd-coredump [...]: a race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump"

https://www.openwall.com/lists/oss-security/2025/05/29/3

CVE-2025-5054 CVE-2025-4598

Google’s search quality has declined, filled with spam and low-quality results, while it maintains dominance through default placements. Cory Doctorow highlights Kagi as a superior alternative, offering cleaner, more relevant search outcomes. Though it requires a subscription, Kagi provides a user-focused experience that recaptures the efficiency Google once had.

I personally HAPPILY pay for @kagihq.

#Kagi #enshittification #tech #privacy

https://pluralistic.net/2024/04/04/teach-me-how-to-shruggie/#kagi

SentinelOne still down, approaching three hours. It doesn’t look like they have an official status page so https://sentinelonestatus.com/ is all ya got.

@mcc mathcore/math rock? E.g.: https://www.youtube.com/watch?v=D4-erceTpc8

Edit: or simply Tool...

New assessment for topic: CVE-2025-41232

Topic description: "Spring Security Aspects may not correctly locate method security annotations on private methods ..."

"On May 19 2025, Spring released an [advisory](https://spring.io/security/cve-2025-41232) warning that Spring Security versions before `6.4.6` were vulnerable to a flaw in how Spring security annotations were identified and processed, that could lead to annotations being ignored on private methods, potentially leading to authorization bypasses on those private methods ..."

Link: https://attackerkb.com/assessments/c3734c78-c018-4e5f-9c70-b5f3c074a411

[RSS] Micropatches Released for Preauth DoS on Windows Deployment Service (CVE-2025-29957)

https://blog.0patch.com/2025/05/micropatches-released-for-preauth-dos.html

Good bathroom reads.

Unfortunately the #OpenStreetMap wiki is very slow today. We are fighting an aggressive web scraper bot. 10,000 of IPs involved. Randomised User-Agent. Ignoring robots.txt #aibot #ddos

Update: Fixed. We've been able to mitigate the bot traffic. #fail2ban

@nicemicro Yes I also have concerns about how restrictions could be implemented in practice.

Thank you, it's good to see that civilized arguments are still possible online!

@david_chisnall @kenshirriff Just for the record, I find this part of AS/400 history pretty fascinating (from Inside AS/400, by Frank Soltis) :)

@psa @algernon I'm not fully confident that an 8 years old codebase can handle todays mess on the web...

@Ember @algernon Thanks I'll give these a shot!

@algernon Thanks, really appreciated!

@algernon Are you aware of any recursive mirroring tools? My searches so far only turned up wget (which is severely limited) and ArchiveBox (that doesn't support full mirrors either) :(

@algernon Does Readeck support full domain mirroring? I can't seem to find a definite answer...

You don't normally pay someone $300M for a "partnership." This is xAI buying access to Telegram's users because it sees their (purportedly secure and private) data and interactions as valuable. https://www.bbc.com/news/articles/cdxvr3n7wlxo

Delete it.

@TarkabarkaHolgy ICYMI: https://www.youtube.com/watch?v=JVl7obdh81k