cool, so there's a whole new github dork people can do: claude chatlogs.

they live in .claude/logs/ and are full text records of peoples entire conversations with claude

and they're ending up in public on github because i guess people arent adding them to .gitignore

happy monday! ai is going great!

https://discernibleinc.com/blog/3-counterproductive-communication-patterns-holding-back-security-researchers - so simple, yet so good advice.

@piggo We used to have low-priv user accounts for that. Getting the ephemeral/immutable nature of containers can be a significant step for newcomers IMO.

@singe And my reaction was likely rooted in the fact that I missed so many great tools, only to find them later and redo my toolchain, because the maintained stuff was simply better than my ad-hoc one could be :)

@singe even in that case a) I don't like to write a _slightly_ different tool for a similar task (here comes maintenance) b) the fixed cost of vibe-coding (which is very easy to under-estimate) can easily exceed the cost of finding/learning 1 tool that can replace N.

But sure, I also do ad-hoc tools like this, and I actually think your observation is correct, it's just the tendency that is very slippery.

@singe Problem is those vibe-coded tools will rarely get enough testing and maintenance to become really useful so we'll end up crafting (subpar) hammers for each nail, esp. because crafting hammers in this case feels pretty rewarding, see: https://svnscha.de/posts/the-passenger-seat-developer/

Frida 17.6.0 released – major Android stability improvements, Android 16 support https://frida.re/news/2026/01/18/frida-17-6-0-released/

[RSS] Iranian state TV feed reportedly hijacked to air anti-regime messages

https://therecord.media/iran-state-television-reported-hack-opposition

[RSS] Epic Games Store Installation DLL Hijacking Privilege Escalation Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2279

[RSS] Who's on the Line? Exploiting RCE in Windows Telephony Service (CVE-2026-20931)

https://swarm.ptsecurity.com/whos-on-the-line-exploiting-rce-in-windows-telephony-service/

@singe You have a GUI to redirect all/some messages to a shell script (or whatever) where you can do the replace.

@singe ICYMI: https://github.com/silentsignal/burp-piper

In Portswigger's Burp I needed a way to do Match & Replace globally across all utilities, not just the proxy so I wrote an extension https://github.com/singe/burp_global_match_replace

Er... missed link for that last post, https://sean.heelan.io/2026/01/18/on-the-coming-industrialisation-of-exploit-generation-with-llms/

The latest edition of the Security Liberation Front is out¹:

__
¹ https://slf.fish/

100% tariff on the MM/DD/YY date format.

People, with #Greenland raising awareness of our massive 24/7 dependence on US clouds for vital services, I made a list of what (government) stuff would break here under US sanctions. It is EXTREMELY depressing. Can I suggest that people also make a list like this one for their own countries? It is getting quite some traction here: https://berthub.eu/articles/posts/dashboard-amerikaanse-afhankelijkheden/

@piggo I would probably cry because of the unnecessary complexity containers introduce for this use-case.

Join us for the kick-off of Pwn2Own Automotive 2026! As always, we begin the event with a random drawing to see the order of attempts for the contest, which starts first thing on Wednesday, January 21. https://youtube.com/live/Dtp-ICE0crw

@cstross Put another way: LLMs have revealed a zero-day exploit in human consciousness and culture: if you can manufacture plausibility at scale, you can bypass all of the accumulated wisdom of centuries of skepticism and critical thinking. Any fact-using profession is potentially vulnerable to this attack.