Not Afraid

Just pointing to CC isn't enough, you need some skills atleast. But yes it would be great if more people learn and report these vulns.

@ItsAditya_xyz me sir

Creating a fun discord server for AI, crypto and tech. Who is in?

@sidharthify Look at his tweets, he's brain dead. Ignore him

aa gaya IT cell

@Kshatriyaputram @thetirthparmar Please feel free to DM me when you get a moment. this weekend is almost gone and next week I'm oncall. But I'll definitely spend some time the following week :) Been reading a lot lately related to this stuff.

@thetirthparmar @ohyeah_xdd If need more apk files for analysis ib will drop few apps

So I busted a fake RTO website yesterday (as I teased). Here's the full technical breakdown, it gets way wilder than I expected. 🧵 (1/12) #malware #cybersecurity

@tinopreter That's a cool one, thanks for sharing!

$2000 for a web cache deception bug. As always I share my methodology 👇 Identifying a deception bug is always easy but exploiting it can be hard due to SameSite restrictions on victims cookie I bypassed this to steal victim JWT. Read about it here: 🔗 @tinopreter/cracking-samesite-for-a-2-000-web-cache-deception-746972278412" target="_blank" rel="nofollow noopener">medium.com/@tinopreter/cr…

Codex just found a “workaround” of not having sudo on my pc…

@ArulGandhi69420 Amazing write-up man. Keep them coming, I'm enjoying all these writeups for OSM, this one 😇

What started as a weekend reverse-engineering project turned into months of analysis covering authentication, privilege escalation, plaintext passwords, cross-school data exposure, and central infrastructure trust assumptions within SAFAL. Full writeup: arulgandhi.tech/writeups/safal…

almost every single OnMark portal built by EduTek is fundamentally insecure, and CBSE is lying to you about the safety of student data. we found default passwords, URL-based RCEs, and raw MD5 hashes. millions of students are at risk. read the blog here: sidharthify.tech/blogs/blog-31-…

“oh you go to the gym? are you bulking or cutting?” well I’m doing this third option which not a lot of fitness influencers talk about. it’s called - wasting my fucking time. it’s where you lift the same weights with no progress for 6-12 months, feel week some day or super strong another and just look the exact dame as you looked 3 years ago.

This is the most beautiful and intuitive website for explaining computer principles that I've ever seen

I've got an agent in a loop optimizing a renderer with the goal to minimize frame times (and tests to measure). It got times down from 88ms to 2ms and allocations down from ~150K to 500. Sounds good, right? Wrong. This is exactly why agent psychosis is a big fucking problem. As an experiment, I rewrote the Ghostty core render state in Go, with access to identically laid out data structures as Ghostty and the exact same validation tests. I made a purposely naive renderer (simple, correct, but slow). 88ms per frame with 150,000 allocations (horrendous, lol)! I then kickstarted a Ralph loop to bring the frame times down. I told it it can't modify input data structures or the public API or tests (they're correct), but it can do anything else it wants. It got to work. It has worked for about 4 hours. I've spent around $350 on this experiment so far. The results? 88ms => 1.5ms 150K allocs => ~500 allocs Incredible right? Nope. My hand-written renderer I ported has frame times (same benchmark) of ~20us (0.020ms) and 0 allocations in the update path. This is the problem with psychosis and lacking systems understanding. If you don't understand the system, you're going to accept that this is an incredible result. If you understand the system, you'll see better solutions immediately and can do roughly 75x better on throughput. The people who blindly trust agent output are in the former camp. They're sheeple, overdrinking from a fountain of mediocrity. Standard disclaimer: I use AI all the time. I like AI. The point I'm making is to not blindly accept results. Think. Analyze. Learn.

@sloppenheimer It all looks made up for engagement farming tbh

literally a staff engineer's purview is to not even allow things like this to happen.

In today's episode of things, that never happened. "every night for 3 years" omg stfu

@homsiT I've DM'ed you, please check ^_^

Been a while, but Readwise is hiring for engineers! please shoot me a dm or email if interested :)

then how I was able to access production data on that site? all of the mirrors you had under the onmark domain had the same vulnerabilities. it's sad that you can't even investigate security reports properly. attaching screenshots as proof.

@cbseindia29 Dude that cbse.onmarks.co.in isn't even your website, it points to that article, have some shame piece of shit.

Damn man, can't expect much from our gov. These are web security 101. So embarassing.

@mythicalrocket she gonna be happy bruw

282 WPM 60S WORLD RECORD!!!!!!! I FINALLY DID IT!!!

@jpschroeder I followed the instructions and ran into: ""Cursor local SDK stream did not start." in opencode when sent first message

You can use Composer 2.5 on OpenCode with your existing cursor sub...