🐝 Hive Five 182 - The Great Recalibration

Hi friends,

Greetings from the hive! I hope this newsletter finds you well and thriving.

We're on the cusp of a great recalibration in tech. The winners will be those who can navigate the complex interplay of AI, open-source, and security while addressing the looming productivity paradox.

Here are my recent action steps:

1. Choose one AI tool to integrate into your workflow this week.

2. Explore a no-code platform and brainstorm a small project you could build.

3. Implement a 'tech-free' hour in your daily routine for mental recharge.

Remember, it's not about doing more, but about doing what matters more effectively.

Let's take this week by swarm!

🐝 The Bee's Knees

1. Substrate is a crowdsourced project designed to enhance understanding, communication, and action in order to move humanity forward. MORE

2. Dwarkesh Patel, a prolific podcaster, uses AI tools like Claude and custom workflows to enhance his learning, thinking, and interview preparation. MORE

3. OSINT4ALL is a versatile OSINT toolkit catering to researchers of all skill levels, making it a popular resource on the platform. MORE

4. You can access data from deleted forks, deleted repositories, and even private repositories on GitHub. And it is available forever. This attack vector is aptly named Cross Fork Object Reference (CFOR). MORE

5. Windows Security best practices for integrating and managing security tools. In this blog post, David (Microsoft Vice President, Enterprise and OS Security) examines the recent CrowdStrike outage and provides a technical overview of the root cause. MORE

Hive Five is a weekly newsletter with the best of technology and security, thoughtfully curated, read by thousands of hackers. Do you have a product or service to promote? Find out more about advertising in Hive Five.

📰 Updates

🍯 My work

📅 News

1. Google URL Shortener is being deprecated and will no longer return a response after August 25th, 2025. MORE

2. Switzerland's new open-source software mandate for government aligns with European trends, but the US lags behind. MORE

➡️ Continue reading online to avoid email cutoff

💼 Work

💰 Career

1. Cloudflare-saas-stack is an opinionated, all-inclusive starter kit for rapidly building and deploying scalable SaaS products on Cloudflare's robust platform. It simplifies the complexities of cloud infrastructure, enabling entrepreneurs to focus on their core business. MORE

2. 21 Great Questions to Ask in Interviews. Matt interviewed hundreds of people and compiled a list of some of the best questions to ask, and what insight you might get if you ask. MORE

3. Aaron Swartz hires programmers by focusing on their ability to get things done, not their live coding skills during an interview. He believes that if someone can actually get stuff done, they should have already done so. MORE

👀 Opportunities

1. Hacker Content seeks a skilled cybersecurity blog writer with excellent technical and writing abilities for a remote role. The ideal candidate must possess strong English writing skills and a deep understanding of cybersecurity. MORE

2. Sanity.io, a content platform empowering leading brands, seeks a Documentation Specialist to craft engaging, user-centric guides. MORE

3. DevTools companies that are actively hiring, offering opportunities for engineers to work on innovative tools that power software development. MORE

🚀 Productivity

1. Switching from VSCode to Neovim has been a transformative experience for deor, with a significant boost in productivity and feel. Neovim's customization and efficiency have been a game-changer, as showcased in the user's setup. MORE

2. Timeshielding: How to do the things you actually want to do. Manage your time effectively by prioritizing, setting boundaries, and protecting your focus. MORE

3. 3 Habits To Improve Your Life: Daily walk without tech, reduce phone distraction using grayscale, and journal daily for 3-5 minutes. MORE

4. Weekly self-review prompts help facilitate introspection and personal growth through structured reflection. This resource provides a useful framework to cultivate self-awareness and identify areas for improvement. MORE

5. Glance is a self-hosted dashboard that puts all your feeds in one place. It's configurable, fast, and lightweight. MORE

➡️ Continue reading online to avoid email cutoff

🌎 Community

🎉 Celebrate

1. Jason Haddix turned 40 years old. Congrats! MORE

⚡️ Discussions

1. Typecraft is switching from Alacritty to Kitty terminal emulator due to its ability to render images. MORE

2. Setting up a computer for a kid: Desktop, Linux, GDPR-compliant recursive DNS resolver, and LibRedirect. What else? MORE

3. Zseano re-opened bugbountyhunter membership and lowered the price to £100 for 1 year. MORE

4. Atuin founder Ellie teases an upcoming GitHub-inspired UI for CLI usage, promising a more intuitive and visually appealing command-line experience. MORE

💛 Follow
Awesome accounts to follow. Randomly selected from my curated Twitter lists.

1. @tolo7010 | tololovejoi | Hacker at HackerOne.

2. @LaxmanMuthiyah | Laxman Muthiyah | Web Developer, Security Researcher, Whitehat hacker | Definitely not a geek.

3. @NielsProvos | Niels Provos | Security/Privacy (M-F). Bladesmithing/Videographing (S-S). Producing music (Activ8te).

4. @bee_sec_san | @[email protected] | ex-monzo.

5. @addyosmani | Addy Osmani | Engineering lead working on GoogleChrome | Husband & Dad | Author | Great user & dev experiences | ChromiumDev ChromeDevTools ChromeUXReport Lighthouse.

➡️ Continue reading online to avoid email cutoff

⬆️ Level up

📰 Read

1. Automation's impact on jobs is complex; while computers take over some tasks, new roles emerge, and human skills remain invaluable. The automation paradox might inform us of the AI future that lies ahead. MORE

2. Skii dev team discovered a critical vulnerability in the popular flashcard app Anki, leading to remote code execution. MORE

3. The AI industry faces doubts amid strategic missteps, with criticisms from influential financial institutions like Goldman Sachs and Sequoia Capital, hinting at a potential AI Winter. MORE

4. Salt Labs researchers identified generative AI ecosystems as a new interesting attack vector. vulnerabilities found during this research on ChatGPT ecosystem could have granted access to accounts of users, including GitHub repositories, including 0-click attacks. MORE

5. View state exploitation has been around for years, but the complexity involved in detection and remediation has left many defenders unprepared. This post explores exploiting view state on web apps and Microsoft Exchange, outlining artifacts and remediation challenges. MORE

💡 Tips

1. Thorsten Ball reveals how the macOS Instruments app can be used to profile CPU usage of any application, even Python processes running LLMs like Llama. This powerful tool extends beyond just Swift/Objective-C projects. MORE

2. The latest version of Chrome allows for hidden input XSS without user interaction. MORE

3. Navigating the packed DEFCON schedule can be daunting. Focus on talks aligning with your interests, network, and explore the hacker village events. Leverage existing scheduling tools to make the most of it. MORE

🧠 Wisdom

1. Three simple, evidence-backed habits for better health: walk 10k steps daily, get sunlight exposure, and stay hydrated. MORE

2. 9 Promises for a Life Well-Lived — If you want to change your life, change the rules you live by. MORE

3. Embrace uncertainty, challenge your comfort zone, and explore unfamiliar territories. Stepping out of your element can lead to personal growth and unexpected opportunities. MORE

4. This is a reflection on the nature of regret and the importance of appreciating the path one has taken, emphasizing the value of recognizing the beauty and joy in the present, rather than romanticizing the unknown. MORE

5. Mustafa on adhering to program briefs and to never do harm, including defacing assets, while doing subdomain takeovers, and don't encourage others to do so via bounty tips. MORE

📚 Resources

1. DOM XSS on multiple Automattic domains through postMessages. MORE

2. Breaking Instruction Hierarchy in OpenAI's gpt-4o-mini. MORE

3. Google Colab AI: Data Leakage Through Image Rendering Fixed. Some Risks Remain. MORE

4. PoC for leaking text nodes via CSS injection. MORE

5. Comprehensive WHOIS data for over 561 million domains, enabling powerful reverse WHOIS, fuzzy domain, and historical lookups. MORE

💭 Quote

➡️ Continue reading online to avoid email cutoff

🛠 Explore

🧰 Tools

1. This is a simple obfuscator for WireGuard. It is designed to make it harder to detect WireGuard traffic by making it look like something else. It does this by wrapping WireGuard packets in a layer of obfuscation using a simple XOR cipher. MORE

2. Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud. MORE

3. A dependency-aware GraphQL API fuzzing tool MORE

4. Freeze, a tool from charmbracelet, generates visuals of code and terminal output in various formats. This versatile utility allows you to easily capture and share your programming work. MORE

5. WAT is a Python library that enables deep inspection and examination of objects at runtime, providing powerful insights into their structure and behavior. MORE

🎥 Watch

1. As generative AI becomes ubiquitous, security teams have to secure these systems. This "Cyberpunks Guide" likely provides tactics for exploiting vulnerabilities in GenAI, which could pose serious risks. MORE

2. This documentary unveils the authentic narrative of PyTorch’s inception, attributing its existence to a dedicated group of unsung heroes driving technological innovation. MORE

3. In an exclusive interview, Bloomberg’s Emily Chang sits down with Zuckerberg to discuss how the company’s newest AI model Llama 3.1 will shape the future of business, technology, and society. MORE

4. The video showcases 32 fixes from the free repairs station by Van Neistat. His remarkable ability to fix a wide range of items demonstrates his expertise and creativity in problem-solving. MORE

5. Dive into the July edition of "Between Two Vulns" with dynamic duo, Dan and Marcello. This month, they're tearing into Protect AI's latest Vulnerability Report, exposing some pretty gnarly vulns. MORE

🎵 Listen

1. Andy Matuschak is an independent researcher who explores user interfaces that expand what people can think and do. He sits down with Scott to talk about how we learn, why we learn, and what learning means in a world of AI and AGI. MORE

2. Bug Bounty Podcast host Justin is joined by MatanBer to go over some recent bug reports, as well as share some tips and tricks on client-side hacking and using DevTools effectively. MORE

3. Joel Margolis discusses finding critical vulnerabilities in mobile apps, emphasizing the importance of a methodical approach and understanding the application's architecture. MORE

4. 10 AI Business Ideas From The Queen of AI ft. Sarah Guo. MORE

5. An AI-generated podcast that recaps some of the top posts on Hacker News every day. MORE

🌐 Technology

1. A crowd-sourced list of the best coding books focused on the meta-level - the eternal lessons that transcend languages and frameworks. These books capture the timeless principles and mindsets that distinguish great developers. MORE

2. Mac Treasure is to showcase MacOS apps that are lesser-known and underrated by the community, some rare gems that need to be discovered and shared. MORE

3. There is a growing amount of instruction-tuned text generators billing themselves as 'open source'. How open are they really? MORE

4. A random troubleshooting session by Tavis. They look into why their xterm is opening so slowly. MORE

5. Are you focusing on what you should do? Or what you can do? John's take on the known Eisenhower Matrix. MORE

🔑 Visit

1. Having a rough day? No worries, here's an AI compliment. MORE

2. KAPLAY is a JavaScript game library that makes it easy to create games. It's the successor of Kaboom.JS. With KAPLAY, you can create games with a few lines of code. MORE

3. Pop is a terminal-based email-sending tool that uses Resend's API. MORE

4. A large horse is a horse of course. MORE

5. Paddy "The Baddy" Pimblett prepares for his upcoming UFC 304 fight by cutting weight. I'm always fascinated by how much they can and have to endure for three 5-minute rounds. MORE

Until next week, take care of yourself and each other,

Bee 🐝

This newsletter may contain affiliate links that support its costs. These links lead to tools, courses, and resources that I've personally found helpful.