🐝 Hive Five 193 - Simplifiers Go Far, Complexifiers Get Stuck

Hey friends,

Greetings from the hive!

I hope you and yours are doing well. The last few weeks have been busy for us. We had a health scare, but things are getting better now.

Work-wise, I'm starting to understand “my calling” more clearly. It's like finding the middle of the ikigai circle, where all the things I like and I'm good at come together. I'll tell you more about this later when I have it all figured out.

Let's take this week by swarm!

🐝 The Bee's Knees

1. From email spoof to backdoor in Zendesk. They initially dismissed it, but after the bug hunter earned $50,000+ from affected companies, Zendesk fixed it without awarding a bounty. MORE

2. Simplifiers Go Far, Complexifiers Get Stuck: "strive to make things simple. Seek to understand them. Struggle to find apt metaphors for them." MORE

3. Only 0.5% of the Global Top 200 Websites Use Valid HTML in 2024. MORE

4. Gecko is a powerful Chrome extension designed to automate the discovery of Client-Side Path Traversals (CSPT) in web applications. It seamlessly integrates with Chrome DevTools. MORE | BLOG

5. Anthropic experts discuss the evolution and practical tips of prompt engineering, considering how the technique may change as AI systems advance. MORE

Table of Contents

• 📰 Updates

• 💼 Work

• 🌎 Community

• 🍄 Level up

• 🛠 Explore

• 🤿 Dive deeper

📰 Updates

🍯 My work

Felt creative and added some more designs:

✅ Changelog

1. Deno v2.0 has been released, it's backward-compatible and forward-thinking. MORE

2. Python 3.13 brings a host of improvements, including a better REPL with improved error messages, an option to run Python without the GIL, and the beginnings of a new JIT. The release notes also highlight several smaller enhancements. MORE

3. VoidZero, led by Evan You (Vue, Vite), has raised $4.6 million to build an open-source, high-performance, and unified development toolchain for the JavaScript ecosystem. MORE

4. Scott Hanselman and Mark Russinovich, tech industry veterans, started a new podcast where they dive into the challenges and innovations of today’s fast-paced world MORE

💼 Work

💰 Career

1. Four things Cate learned from coaching that made them a better leader: articulate, question, let go, and do less. MORE

2. The blog post discusses recommendations for hiring a first application security (AppSec) engineer. MORE

3. Meg shares how she considers companies to work at, such as company reviews, employee satisfaction, documentation quality, and leadership alignment when evaluating new job opportunities. MORE

4. Fractional Jobs is a job board focused on fractional work, allowing users to post and find such opportunities. MORE

5. Clerk, a company, is experimenting with a new hiring approach: offering a PM/engineer/marketer role with a commission structure instead of a full salary. The goal is to bring a "new product" to market. MORE

🚀 Productivity

1. This project allows users to visualize their Markdown as mindmaps, providing a tool for organizing and exploring ideas. It is heavily inspired by the work of Dundalek's markmap. MORE

2. Ultrafocus is a straightforward command-line tool that blocks distracting websites, allowing users to focus on their tasks and reclaim their time. MORE

3. Use your voice to write 3x faster in every application: AI commands, auto-edits, 100+ languages. MORE

4. VTracer is a tool that simplifies the process of tracing images, allowing users to easily create vector graphics from raster images. MORE

5. Turn your wireframe into an app. Upload an image of your website design and napkins.dev builds it for you with React + Tailwind. MORE

🌎 Community

🎉 Celebrate

1. John received the yearly Rita Award during the Wild West Hackin' Fest conference. Named after Rita, John Strand's late mother, who helped build up Black Hills Information Security and its tribe of companies. Well deserved! MORE

2. Sumgr0 achieved the rank of Bugcrowd p1 warrior. LFG! MORE

⚡️ Timeline

1. The curl project started its bug bounty program in April and has been running it for the past five and a half years. In this period they received 477 reports, which is about 6 per month on average. MORE

2. "Open source royalty and mad kings" is a letter to Matt in response to the WordPress drama that just keeps getting worse. MORE | TL;DR

3. Daniel Miessler's projects Substrate, Fabric, TELOS, and Daemon are the building blocks of Human 3.0, a vision for the next stage of human evolution. MORE

4. New studio. New Beginnings. STÖK. MORE

🍄 Level up

📰 Read

1. 4 exploits, 1 bug: exploiting cve-2024-20017 4 different ways. MORE

2. In 2024, HTTP Parameter Pollution will still pose a significant threat, allowing attackers to manipulate application behavior and access sensitive data. MORE

3. Exploiting trust: Weaponizing permissive CORS configurations. MORE

4. Attackers can exploit vulnerabilities in the source code even though hardening measures have been employed. This is why vulnerabilities should be fixed at their origin: the source code. MORE

💡 Tips

1. Fav.farm offers an emoji-based SVG favicon solution that can also be used as CSS cursors, providing a quick and easy way to add custom favicon icons to websites. MORE

2. Product manager and YouTuber, Jason Zhou, shares insights on using AI to streamline app development, such as leveraging a Product Requirements Document (PRD). MORE

3. Lee (Vercel DevRel) shares his fresh MacOS install setup. MORE

🧠 Wisdom

1. Astronauts revealed the advice they'd give to their younger selves, such as "Work on things that you think matter." and "It's okay to dream big." MORE

2. An interview with Keith Nieves, the Social Media Program Lead at Sonos, about how he has built goodwill during such a tough time for the brand. MORE

3. To live a better life, one must take responsibility for their path, avoid the illusion of a magic path to success, and become aware of their subconscious programming in order to make conscious choices for change. MORE

4. Greg sharing his spicy takes: One monitor is sufficient for work, Stripe MRR screenshots merely attract more of the same, Rocket reach's sale of personal data to strangers should be prohibited, and more. MORE

📚 Resources

1. A list of internet forums that are still alive and kicking, filled with information and interesting people. MORE

2. Midnight in Seoul is a Caido theme designed to evoke a somber, bluish atmosphere, capturing the essence of its namesake, Midnight in Seoul. MORE

3. Hacker News users discuss their best books. The top vote is a book I hadn't heard of before “Carrying the Fire” by Michael Collins on becoming an astronaut and everything that comes with it. MORE

4. Syntax, a popular web development podcast, delves into the world of self-hosting, covering a wide range of topics from using Coolify to securing your server. MORE

5. Alex shares resources on the application of large language models (LLMs) in security-related tasks, a growing area of interest. MORE

💭 Quote

🛠 Explore

🧰 Tools

1. ParamHunter is a powerful tool for discovering hidden parameters in web applications, built upon the foundation of the Arjun project. MORE

2. Delta is a highly customizable and feature-rich tool for studying code diffs. A syntax-highlighting pager for git, diff, grep, and blame output. MORE

3. Webhook.site provides a unique URL for testing and debugging webhooks and HTTP requests, allowing users to create custom workflows using a graphical editor or a scripting language to transform, validate, and process requests. MORE

4. 4oFour is a command-line utility tool written in Go that helps enumerate technology stacks used by a target based on the unique 404 error pages they generate. MORE

🎥 Watch

1. RailsConf 2024 - Keynote: Startups on Rails in 2024 by Irina Nazarova. Rails is quietly recommended by founders to founders at Y Combinator, and the framework behind giants like Shopify. However, Rails is a one-person framework, which brings both praise and challenges. MORE

2. A 3-hour long Anki course, previously paid-only, offers detailed guidance on using flashcards to study effectively for exams. MORE

3. In this session of AI coding, the CEO of Gumroad and a guest go head to head: Rails vs NextJS. MORE

4. A group of hackers attempted to gain control over millions of servers worldwide, but a quick-thinking software engineer thwarted their plans, safeguarding much of the internet. MORE

🎵 Listen

1. The creator of Lazygit interviews David Heinemeier Hansson, the creator of Rails, about tech, philosophy, and society. MORE

2. Richard Powers, the Pulitzer Prize-winning author of the acclaimed novel The Overstory, possesses a remarkable talent for crafting captivating characters that transcend the typical character arc. MORE

3. Codingo, VP of operations, discussed writing effective bug reports, highlighting clarity, accurate replication steps, and comprehensive reproduction as key elements, especially for non-native English speakers and beginners. MORE

4. This will make you a better decision-maker. An interview with Annie Duke, author of "Thinking in Bets" and "Quit", and former pro poker player. MORE

5. Jocko Podcast with Tim Ferriss. Musashi, and How Warrior Way Relates To Life. MORE

🌐 Technology

1. Tenno is an app that allows you to create dynamic documents by combining spreadsheet-like formulas, charts, and API calls in an interactive, live-updating interface, offering a more user-friendly alternative to Jupyter notebooks for literate programming. MORE

2. Pipet is a command-line-based web scraper with three modes: HTML parsing, JSON parsing, and client-side JavaScript evaluation. It relies on existing tools like curl and uses Unix pipes to extend its built-in capabilities. MORE

3. Python library that allows one to borrow cookies from a browser's authenticated session for use in Python scripts. MORE

4. A new tool for comparing Postgres data types is being released, highlighting the overlapping responsibilities and nuances of various types, such as the cautioned use of the money type and the ability to store MD5s as UUIDs. MORE

5. HTML for People is a beginner-level tutorial series aimed at creating websites for all, not just web professionals. The series aims to make website creation accessible to everyone, regardless of career aspirations. MORE

👀 Interesting

1. Sound designer Jim Reekes crafted the iconic Apple sounds, inspired by a lawsuit over the startup chime. MORE

2. The BUG-A-SALT 3.0 Yellow is a novel flyswatter in the form of a shotgun, designed to dispatch insects with a blast of salt. MORE

3. A guide on how to run, and make the most out of, early-stage company offsites. MORE

4. URLs are a crucial aspect of user interfaces, and mutating them when users interact can greatly enhance the experience. The example of YouTube's "Popular" to "Latest" transition upon pressing back illustrates the frustration that can arise from a lack of URL-based navigation. MORE

🤿 Dive deeper

Until next week, take care of yourself and each other,

Bee 🐝

^{This newsletter may contain affiliate links that support its costs. These links lead to tools, courses, and resources that I've personally found helpful.}