- Hive Five
- Posts
- π Hive Five 193 - Simplifiers Go Far, Complexifiers Get Stuck
π Hive Five 193 - Simplifiers Go Far, Complexifiers Get Stuck
From email spoof to backdoor in Zendesk, Only 0.5% of the Global Top 200 Websites Use Valid HTML, the WordPress drama continues, Markdown as Mindmaps, and more...
Hey friends,
Greetings from the hive!
I hope you and yours are doing well. The last few weeks have been busy for us. We had a health scare, but things are getting better now.
Work-wise, I'm starting to understand βmy callingβ more clearly. It's like finding the middle of the ikigai circle, where all the things I like and I'm good at come together. I'll tell you more about this later when I have it all figured out.
Let's take this week by swarm!
π The Bee's Knees
From email spoof to backdoor in Zendesk. They initially dismissed it, but after the bug hunter earned $50,000+ from affected companies, Zendesk fixed it without awarding a bounty. MORE
Simplifiers Go Far, Complexifiers Get Stuck: "strive to make things simple. Seek to understand them. Struggle to find apt metaphors for them." MORE
Only 0.5% of the Global Top 200 Websites Use Valid HTML in 2024. MORE
Gecko is a powerful Chrome extension designed to automate the discovery of Client-Side Path Traversals (CSPT) in web applications. It seamlessly integrates with Chrome DevTools. MORE | BLOG
Anthropic experts discuss the evolution and practical tips of prompt engineering, considering how the technique may change as AI systems advance. MORE
Want to sponsor an upcoming issue? Letβs partner up!
Upgrade Yourself β
You're getting the free version. Members get more β including exclusive & bonus content, access to an online community of smart and driven people, the complete Hive Archive, deep discounts, and so much more. See what you're missing.
Table of Contents
π° Updates
π― My work
Felt creative and added some more designs:
β Changelog
Deno v2.0 has been released, it's backward-compatible and forward-thinking. MORE
Python 3.13 brings a host of improvements, including a better REPL with improved error messages, an option to run Python without the GIL, and the beginnings of a new JIT. The release notes also highlight several smaller enhancements. MORE
VoidZero, led by Evan You (Vue, Vite), has raised $4.6 million to build an open-source, high-performance, and unified development toolchain for the JavaScript ecosystem. MORE
Scott Hanselman and Mark Russinovich, tech industry veterans, started a new podcast where they dive into the challenges and innovations of todayβs fast-paced world MORE
πΌ Work
π° Career
Four things Cate learned from coaching that made them a better leader: articulate, question, let go, and do less. MORE
The blog post discusses recommendations for hiring a first application security (AppSec) engineer. MORE
Meg shares how she considers companies to work at, such as company reviews, employee satisfaction, documentation quality, and leadership alignment when evaluating new job opportunities. MORE
Fractional Jobs is a job board focused on fractional work, allowing users to post and find such opportunities. MORE
Clerk, a company, is experimenting with a new hiring approach: offering a PM/engineer/marketer role with a commission structure instead of a full salary. The goal is to bring a "new product" to market. MORE
π Productivity
This project allows users to visualize their Markdown as mindmaps, providing a tool for organizing and exploring ideas. It is heavily inspired by the work of Dundalek's markmap. MORE
Ultrafocus is a straightforward command-line tool that blocks distracting websites, allowing users to focus on their tasks and reclaim their time. MORE
Use your voice to write 3x faster in every application: AI commands, auto-edits, 100+ languages. MORE
VTracer is a tool that simplifies the process of tracing images, allowing users to easily create vector graphics from raster images. MORE
Turn your wireframe into an app. Upload an image of your website design and napkins.dev builds it for you with React + Tailwind. MORE
π Community
π Celebrate
β‘οΈ Timeline
The curl project started its bug bounty program in April and has been running it for the past five and a half years. In this period they received 477 reports, which is about 6 per month on average. MORE
"Open source royalty and mad kings" is a letter to Matt in response to the WordPress drama that just keeps getting worse. MORE | TL;DR
Daniel Miessler's projects Substrate, Fabric, TELOS, and Daemon are the building blocks of Human 3.0, a vision for the next stage of human evolution. MORE
New studio. New Beginnings. STΓK. MORE
π Level up
π° Read
4 exploits, 1 bug: exploiting cve-2024-20017 4 different ways. MORE
In 2024, HTTP Parameter Pollution will still pose a significant threat, allowing attackers to manipulate application behavior and access sensitive data. MORE
Exploiting trust: Weaponizing permissive CORS configurations. MORE
Attackers can exploit vulnerabilities in the source code even though hardening measures have been employed. This is why vulnerabilities should be fixed at their origin: the source code. MORE
π‘ Tips
Fav.farm offers an emoji-based SVG favicon solution that can also be used as CSS cursors, providing a quick and easy way to add custom favicon icons to websites. MORE
Product manager and YouTuber, Jason Zhou, shares insights on using AI to streamline app development, such as leveraging a Product Requirements Document (PRD). MORE
Lee (Vercel DevRel) shares his fresh MacOS install setup. MORE
I didn't know about the following yet!
β’ mkdir ~/Developer (it has a fancy icon in finder!)
β’ Faster keyboard repeats
β’ defaults write -g InitialKeyRepeat -int 15
β’ defaults write -g KeyRepeat -int 1
β’ Show hidden files in finder
β’ defaults write http://com.apple.finder AppleShowAllFiles YES
π§ Wisdom
Astronauts revealed the advice they'd give to their younger selves, such as "Work on things that you think matter." and "It's okay to dream big." MORE
An interview with Keith Nieves, the Social Media Program Lead at Sonos, about how he has built goodwill during such a tough time for the brand. MORE
To live a better life, one must take responsibility for their path, avoid the illusion of a magic path to success, and become aware of their subconscious programming in order to make conscious choices for change. MORE
Greg sharing his spicy takes: One monitor is sufficient for work, Stripe MRR screenshots merely attract more of the same, Rocket reach's sale of personal data to strangers should be prohibited, and more. MORE
π Resources
A list of internet forums that are still alive and kicking, filled with information and interesting people. MORE
Midnight in Seoul is a Caido theme designed to evoke a somber, bluish atmosphere, capturing the essence of its namesake, Midnight in Seoul. MORE
Hacker News users discuss their best books. The top vote is a book I hadn't heard of before βCarrying the Fireβ by Michael Collins on becoming an astronaut and everything that comes with it. MORE
Syntax, a popular web development podcast, delves into the world of self-hosting, covering a wide range of topics from using Coolify to securing your server. MORE
Alex shares resources on the application of large language models (LLMs) in security-related tasks, a growing area of interest. MORE
π Quote
"Sometimes it takes a long time to be able to play like yourself."
π Explore
π§° Tools
Get $200 to try DigitalOcean β the go-to for all my recon, automation, and VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.
ParamHunter is a powerful tool for discovering hidden parameters in web applications, built upon the foundation of the Arjun project. MORE
Delta is a highly customizable and feature-rich tool for studying code diffs. A syntax-highlighting pager for git, diff, grep, and blame output. MORE
Webhook.site provides a unique URL for testing and debugging webhooks and HTTP requests, allowing users to create custom workflows using a graphical editor or a scripting language to transform, validate, and process requests. MORE
4oFour is a command-line utility tool written in Go that helps enumerate technology stacks used by a target based on the unique 404 error pages they generate. MORE
π₯ Watch
RailsConf 2024 - Keynote: Startups on Rails in 2024 by Irina Nazarova. Rails is quietly recommended by founders to founders at Y Combinator, and the framework behind giants like Shopify. However, Rails is a one-person framework, which brings both praise and challenges. MORE
A 3-hour long Anki course, previously paid-only, offers detailed guidance on using flashcards to study effectively for exams. MORE
In this session of AI coding, the CEO of Gumroad and a guest go head to head: Rails vs NextJS. MORE
A group of hackers attempted to gain control over millions of servers worldwide, but a quick-thinking software engineer thwarted their plans, safeguarding much of the internet. MORE
π΅ Listen
The creator of Lazygit interviews David Heinemeier Hansson, the creator of Rails, about tech, philosophy, and society. MORE
Richard Powers, the Pulitzer Prize-winning author of the acclaimed novel The Overstory, possesses a remarkable talent for crafting captivating characters that transcend the typical character arc. MORE
Codingo, VP of operations, discussed writing effective bug reports, highlighting clarity, accurate replication steps, and comprehensive reproduction as key elements, especially for non-native English speakers and beginners. MORE
This will make you a better decision-maker. An interview with Annie Duke, author of "Thinking in Bets" and "Quit", and former pro poker player. MORE
Jocko Podcast with Tim Ferriss. Musashi, and How Warrior Way Relates To Life. MORE
π Technology
Tenno is an app that allows you to create dynamic documents by combining spreadsheet-like formulas, charts, and API calls in an interactive, live-updating interface, offering a more user-friendly alternative to Jupyter notebooks for literate programming. MORE
Pipet is a command-line-based web scraper with three modes: HTML parsing, JSON parsing, and client-side JavaScript evaluation. It relies on existing tools like curl and uses Unix pipes to extend its built-in capabilities. MORE
Python library that allows one to borrow cookies from a browser's authenticated session for use in Python scripts. MORE
A new tool for comparing Postgres data types is being released, highlighting the overlapping responsibilities and nuances of various types, such as the cautioned use of the money type and the ability to store MD5s as UUIDs. MORE
HTML for People is a beginner-level tutorial series aimed at creating websites for all, not just web professionals. The series aims to make website creation accessible to everyone, regardless of career aspirations. MORE
π Interesting
Sound designer Jim Reekes crafted the iconic Apple sounds, inspired by a lawsuit over the startup chime. MORE
The BUG-A-SALT 3.0 Yellow is a novel flyswatter in the form of a shotgun, designed to dispatch insects with a blast of salt. MORE
A guide on how to run, and make the most out of, early-stage company offsites. MORE
URLs are a crucial aspect of user interfaces, and mutating them when users interact can greatly enhance the experience. The example of YouTube's "Popular" to "Latest" transition upon pressing back illustrates the frustration that can arise from a lack of URL-based navigation. MORE
This also annoys the crap out of me. Though, I've personally haven't always paid attention to that when developing websites. Also, I wonder if this would be an interesting use-case for a Browser Extension?
π€Ώ Dive deeper
Upgrade Yourself β
You're getting the free version. Members get more β including exclusive & bonus content, access to an online community of smart and driven people, the complete Hive Archive, deep discounts, and so much more. See what you're missing.
Share Hive Five β
Share this newsletter with your friends and colleagues.
1 REFERRAL = 20% OFF EVERYTHING IN THE STORE
Until next week, take care of yourself and each other,
Bee π
This newsletter may contain affiliate links that support its costs. These links lead to tools, courses, and resources that I've personally found helpful.