🐝 Hive Five 203 - How To Live an Epic Life

Hi friends,

Greetings from the hive!

Obsidian update, I've started using the plus, minus, next method in my daily note. Then, use Dataview to roll that up to weekly, monthly, quarterly, and yearly reviews.

Let me know if you’re interested in seeing an Obsidian / PKM rundown from me.

Let's take this week by swarm!

🐝 The Bee's Knees

1. Useful LLM tools and tips on how to make the most of them, covering Cursor, llm CLI, and Open Interpreter. MORE

2. How @ArchAngelDDay became H1-305's Most Valuable Hacker. You can't control the scope or other hackers' skills, but with focus, creativity, and the right strategies, you can tip the odds in your favor MORE

3. In the new gameshow Leet Heat, contestants are asked a rapid-fire series of questions that span across the full stack of modern web development. If they get the answers right, they earn points. But if they're wrong? The spice level goes up. MORE

4. How an obscure PHP footgun led to RCE in Craft CMS. The behavior of the register_argc_argv flag is not intuitive and this will probably not be the last security vulnerability caused in this way. MORE

5. Jesse Itzler discusses how to live an epic life without setting rigid goals for the new year, in conversation with Sam Parr and Shaan Puri. MORE

Table of Contents

• 📰 Updates

• 💼 Work

• 🌎 Community

• 🍄 Level up

• 🛠 Explore

• 📈 Learned something?

📰 Updates

🍯 From the Hive

1. My spin on tweets by OpenAI and Vercel. MORE

2. I'm trying out Zen Browser, a beautifully designed, privacy-focused browser packed with features that prioritize the user's experience over their data, allowing for multiple tabs and divided screen views. MORE

✅ Changelog

1. reconFTW v2.9 release: API leaks, 3rd party misconfigurations, JS source maps, IIS Shortnames, and more.

💼 Work

💰 Career

1. Career Advice for New Tech Workers in 2025. The goal with all of this is to get ourselves onto a good team. MORE

2. How Posthog redefined the PM and engineer relationship, and optimized everything they do for speed and autonomy. MORE

3. Adam Savage advises the unsure to pursue their interests and passions, for the path often reveals itself when one follows what captivates them. MORE

4. How to get your first customers (even with ZERO audience). MORE

5. Roadmap for becoming a highly paid DevOps engineer in 2025, with guidance from an experienced DevOps engineer. MORE

🚀 Productivity

1. This Obsidian vault template provides a 'Product usage analysis' note exploring data-driven insights on product usefulness. MORE

2. A demonstration of how Kepano edits his website using Obsidian 1.8, with seamless integration between @obsdmd, Jekyll, a local web viewer, and GitHub deployment. MORE

3. Seven simple rules to crush one's to-do list each day, from managing energy levels to clearing mental clutter, helping get more done with less stress. MORE

4. Filetrees are bad but oil.nvim is good, allowing you to edit your filesystem like a buffer. MORE

5. How to actually achieve your goals in 2025 (evidence-based): 1. Write Them Down, 2. Look at them every week, 3. Monitor your Progress, 4. Visualize Obstacles, Tie them to an Identity. MORE

🌎 Community

🎉 Celebrate

1. @iqimpz first full year of full-time Bug Bounty work was quite successful, with 160 vulnerabilities reported, including 41 critical and 41 high-severity issues. MORE

2. After a rocky start, @un1tycyb3r fortunes turned around: a child due in January 2025, a dream job doubling their pay, and the ability to be home with their wife. MORE

3. Alphabet's year-old AI bug bounty program has seen a remarkable surge in participation, with over 140 bug reports and $50,000 in bug rewards for Gen AI. MORE

4. @Bsysop took on the challenge of organizing the Bug Bounty Village at Brazil's largest cybersecurity conference, H2HC, and with a great team, managed to pull it off after months of hard work. Amazing! MORE

5. The king of automation, @codecancare, has reached over 200,000 reputation points on @Hacker0x01. MORE

🍄 Level up

📰 Read

1. Diving deep into CVE-2024-23917, a vulnerability in JetBrains TeamCity that leads to an authentication bypass. MORE

2. Last month the AI industry's narrative suddenly flipped — model scaling is dead, but "inference scaling" is taking over. This has left people outside AI confused. What changed? Is AI capability progress slowing? MORE

3. The Ruby on Rails _json Juggling Attack is an in-band signaling attack targeting JSON parsing. MORE

4. SOQL injection in Salesforce Apex earned Rooted0x01 a handsome sum, demonstrating the power of exploiting database vulnerabilities, even in environments without traditional tables. MORE

5. Two examples where Argo CD is deployed in a way that unexpectedly enabled privilege escalation and authentication bypass. MORE

💡 Tips

1. @Zseano, a security researcher, has found AI to be immensely helpful in analyzing JavaScript code. His current method includes providing AI with JS code, and it constructs all necessary requests and explains details they may have overlooked. MORE

2. According to Casey, a few security trends may gain prominence in 2025, such as AI as a target, threat, and tool. MORE

3. Runa's New York City food recommendations: a curated list of top food spots across Manhattan, Brooklyn, and Queens. MORE

🧠 Wisdom

1. A great question to answer: "have you designed a life you’re happy to live?" MORE

2. Market competition often fails to produce good products since buyers can't tell quality from marketing. This leads many companies to build rather than buy solutions, despite conventional wisdom. MORE

3. Whenever one buys, it is wise to consider not just cost, but also cost per use, cost per smile, cost per thrill, cost per externality, and cost per lesson. MORE

4. How to make the greatest comeback of your life: 1) Feel into your situation, 2) Launch into the unknown, 3) Learn and build like a mad scientist. MORE

📚 Resources

1. A proof-of-concept for a path traversal vulnerability (CVE-2024-38819). MORE

2. Bug bounty hunting has become an exciting way to build security skills, earn extra income, and contribute to securing applications globally. PentesterLab's roadmap offers a step-by-step guide to mastering bug bounty hunting. MORE

3. Karpathy shares his favorite books, including all short stories by Ted Chiang, Lord of The Rings, How To Live by Derek Sivers, and many more. MORE

4. An OSINT deep dive uncovers a vast digital trail of alleged killer Luigi Mangione's accounts, addresses, and Google reviews. MORE

5. People share their best products of 2024, such as innovators like Cursor, OpenAI, and Granola. MORE

🛠 Explore

🧰 Tools

1. getSubsidiaries is a new tool by @xnl-hacker allows users to retrieve a list of subsidiaries for a selected company, which can be useful for reconnaissance in bug bounty programs. MORE

2. nomore403 allows you to bypass HTTP 40X errors. Unlike other solutions, it automates various techniques to seamlessly navigate past these access restrictions, offering a broad range of strategies from header manipulation to method tampering. MORE

3. Malimite is an iOS decompiler designed to help researchers analyze and decode IPA files. MORE

4. creepyCrawler is an OSINT tool that crawls a website to extract useful reconnaissance information. MORE

5. Lighter web automation with Python. Helium is a Python library for automating browsers such as Chrome and Firefox. MORE

🎥 Watch

1. Raphael Schaad, a gifted designer, collaborated with Cron to create a remarkable calendar app. This session explores the process of transforming a design idea into a tangible reality. MORE

2. Go is great I hate it. Dax talks about its strong standard library, packaging and deployment advantages, and quick build times. MORE

3. Techniques for crafting great bug bounty and penetration test reports, including proof of concepts. MORE

4. The CEO of a 250M company shares their daily routine and approach to work-life balance. MORE

🎵 Listen

1. Mitchell co-founded HashiCorp, took it all the way to IPO, exited in 2023—and now he’s working on a terminal emulator called Ghostty. Ghostty is set to 1.0 this month, so we sat down to talk through all the details. MORE

2. Justin and Jason discuss the potential of AI micro-agents in web hacking tasks like fuzzing, WAF bypassing, and report writing. MORE

3. Between Two Vulns: OpenAI Drama, Quantum Multiverses, and Model Vulnerability Hunting. MORE

4. An interview with Replit founder Amjad Masad: "I got rejected from YC (4x)…. now my side hustle is worth $1.16B". MORE

🌐 Technology

1. State of JS 2024 is out. According to the report, the most adopted technology and also most loved is Vite. MORE

2. OpenAI has just released a new AI model that it believes is the future of the technology: a computer program that can reason. Is it a magic trick, a genuine step forward, or both? MORE

3. Researchers at the University of Helsinki and Cambridge sought to make SQLite even faster, and they published a paper demonstrating up to a 100x reduction in tail latency through asynchronous I/O and storage disaggregation. MORE

4. How League of Legends runs at scale on AWS. Riot Games revolutionized their game server infrastructure with AWS, leveraging auto-scaling to reduce costs while rapidly responding to shifts in player demand. MORE

5. Design documents are not always the path to a clean, gradual rollout of functionality. Small incremental changes in pull requests can lead to a more orderly git history. MORE

👀 Interesting

1. Deciding whether to rent or buy a home has become increasingly challenging due to rising interest rates and rents. A new rent-versus-buy calculator aims to help younger adults navigate this significant financial decision. MORE

2. Peter Santenello is an American videomaker, traveler, and entrepreneur known for creating unique documentary-style content about human stories and cultures around the world. MORE

3. The Disappearance of Literary Men Should Worry Everyone. The novel-writing trade is becoming a female dominion, with women accounting for an ever-increasing share of published fiction. MORE

4. A story about the fascinating early days of figuring out coding, making money, and understanding the emerging web in 1998. MORE

5. Martins visited the most extreme and remote Stonelifting culture - Strength Unknown: Tibet. MORE

💭 Quote

📈 Learned something?

Until next week, take care of yourself and each other,

Bee 🐝

^{This newsletter may contain affiliate links that support its costs. These links lead to tools, courses, and resources that I've personally found helpful.}