Vagabond

monggo di cobain wayangi.dalang.io

npm user? ➡️ One small change to stay safe, FREE Add these aliases ➡️ pkg installs forbid using known malware I run this: - locally, to stay safe - in my CI to detect compromised transitive dependencies early for my lib consumers

Introducing nginx-poolslip, a fresh RCE for the the latest nginx release 1.31.0. nginx-rift has been patched, but our security agent Vega has found a new 0 day. We will release the full technical writeup with ASLR bypass 30 days after the patch on nebusec.ai.

Bikin frontend UI skrg gak pernah slop sejak pakai impeccable.style

microservices were invented 15 years ago in a closed room meeting by executives at microsoft google and amazon to increase cloud billing costs and juice their revenue numbers they put men on the moon with a pencil and calculator you dont need 60 microservices to load a webpage

Cloudflare's security team spent the last few weeks testing Anthropic's Mythos against fifty of our own repositories. What we learned about offensive AI, why faster patching is the wrong reaction, and what the architecture around vulnerabilities has to look like next. cfl.re/49BRUqW

The sprawling multi-ethnic archipelago cannot simply be given orders as if it were an army unit. It needs a leader who listens to many voices, rather than one who surrounds himself with yes-men economist.com/leaders/2026/0…

local AI katanya lebih aman karena datanya ga kemana-mana tinggal di laptop sendiri ternyata tidak selalu 👀 "Bleeding Llama" — CVE-2026-7482, CVSS 9.1 celah kritis di Ollama yang bisa bocorkan semua yang lo pikir aman thread buat yang pake Ollama, Claude Code, atau coding agent 👇

@anvie oke mas, terima kasih mas informasinya

@0xAlwaysbedream saya pakai PC, saya saranin paka PC dg GPU aja, minimal yg 24 VRAM

Hari ini saya dibuat kaget dengan kelakukan agent yg gak saya perkirakan sebelumnya. Jadi ceritanya saya heran knp server Evonic beberapa kali nge-restart sendiri, saya kira error, atau siwa super agent nge-restart, karena hanya super agent yg bisa nge-restart, tapi saya ingat saya seharian ini gak kasih task apapun ke siwa, hanya ada task ke linus (agent reguler) dan beberapa agent reguler lainnya. Jadi saya isenglah buka sesi percapakan agent-to-agent, dan saya menemukan ternyata linus yang meminta agent siwa untuk nge-restart server-nya. Jadi ceritanya linus lagi ngerjain task yang berkaitan dengan salah satu issue di tool dan untuk nge-test-nya dia butuh restart, nah karena linus adalah agent reguler jadi dia tidak bisa nge-restart, apa yg terjadi? Dia minta siwa dong untuk nge-restart-in 😅, linus pakai fitur agent-to-agent messaging, dan itu terjadi tidak hanya sekali, ada 3 kali server di-restart dalam satu sesi, dan yang buat lebih kaget lagi agent linus tetap bisa ngelanjutin kerjaan setelah 3x restart buat verifkasi kerjaan sebelumnya, just WOW 🤯

@anvie alo running LLM local minimum spec apa ya mas ? mau coba pakai ollama mungkin tapi takut ga kuat laptop nya 😂

@0xAlwaysbedream Iya, tapi yg agent linus pakai DeepSeek V4 pro

AI agent manages SSH, SQL, and Redis infrastructure github.com/opskat/opskat

Single sign-on for self-hosted applications github.com/voidauth/voida…

@bepituLaz menarik, lumayan nambah title XD

“Localhost deployment specialist” Kayanya oke juga buat jadi job title.

GG kamu ilham

‼️ watchTowr Labs released a write-up and detection script on the cPanel/WHM vulnerability. GitHub: github.com/watchtowrlabs/… Write-up: labs.watchtowr.com/the-internet-i…

‼️Copy Fail (CVE-2026-31431) is a Linux privilege escalation bug that lets any local user get root using a 732-byte Python script, and itworks on basically every major Linux distro shipped since 2017. Website: copy.fail Write-up: xint.io/blog/copy-fail… GitHub: github.com/theori-io/copy… It's a logic flaw in the kernel's crypto code (authencesn via AF_ALG and splice()) that allows a small write into the page cache, which can be used to tamper with a setuid binary like /usr/bin/su. Think how bad this is going to be for shared environments like Kubernetes, CI runners, and cloud sandboxes, where it enables container escape and tenant-to-host compromise. Found by Theori's Xint Code scanner, patched in the mainline kernel, and publicly disclosed on April 29, 2026; if you can't patch right away, the recommended workaround is to disable the algif_aead module.

SOMEONE BUILT A SINGLE CLAUDE.MD FILE THAT FIXES EVERY BAD HABIT CLAUDE CODE HAS AND IT HIT 78.5K STARS it's based on andrej karpathy's public observations about how LLMs write code the problem he pointed out is that claude makes silent assumptions, overcomplicates everything, writes 1000 lines when 100 would do, and sometimes deletes code it doesn't fully understand as a side effect so forrestchang turned karpathy's critique into 4 behavioral principles and dropped them in one claude.md file: 1\ surface your assumptions don't pick an interpretation silently. if there are multiple ways to read the task, say so. if uncertain, ask. push back when something doesn't make sense instead of just running with a bad plan 2\ minimum viable code no speculative features, no abstractions for single use code, no "flexibility" you weren't asked for. if you wrote 200 lines and 50 would work, REWRITE IT. ask yourself if a senior engineer would call this overcomplicated 3\ surgical changes only don't touch code you don't fully understand, don't refactor unrelated stuff as a side effect, don't delete comments because they look unnecessary. only change what the task actually requires 4\ goal driven execution give claude success criteria instead of step by step instructions. karpathy's exact quote: "LLMs are exceptionally good at looping until they meet specific goals. don't tell it what to do, give it success criteria and watch it go" one file has 78.5k STARS AND 7.4k FORKS on a single github repo. install is one curl command that drops it straight into your ~/.claude folder

@bukanpamanmu Yang nerd miner kira” konsumsi listriknya per bulan berapa ya?

Sepertinya paman menemukan benda menarik nih!!! sebuah alat mining bitcoin yang imut dan cakep dan bisa duduk manis di meja kerja sambil mining!! tentu karena dia itu seimut itu maka tenaga miningnya kecil banget wkakak cuma 1020-1060 KH/s, tapi yaa kan ini namanya lottery mining yaaa apa itu lottery mining? Istilah populer untuk solo mining Bitcoin menggunakan perangkat dengan hashrate yang sangat rendah, seperti NerdMiner V2 ini Dalam penambangan Bitcoin konvensional, sebagian besar miner bergabung ke dalam mining pool untuk mendapatkan reward secara rutin meskipun kecil. Sebaliknya, lottery mining berarti Anda menambang secara solo (sendiri), tanpa bergabung ke pool. Itulah sebabnya disebut "lottery" atau lotere: peluang menang sangat kecil, tetapi jika menang, hadiahnya sangat besar dan mengubah hidup.