Not Afraid
809 posts
Not Afraid
@ohyeah_xdd
Full time Backend & Postgres. Part time Infra & Web Security hobbyist!
🌎 가입일 Haziran 2017
979 팔로잉87 팔로워
aa gaya IT cell
A aravindh@aravindhlic2019
@sidharthify Instead of tweeting why can't you explain it to the govt. You wanted young students to create chaos so you intend to tweet. You want these students to do rowdism rather than telling them to have patience. This is absolutely wrong . Creating wrong impression on govt
Filipino
@Kshatriyaputram @thetirthparmar Please feel free to DM me when you get a moment.
this weekend is almost gone and next week I'm oncall. But I'll definitely spend some time the following week :)
Been reading a lot lately related to this stuff.
English
@thetirthparmar @ohyeah_xdd If need more apk files for analysis ib will drop few apps
English
So I busted a fake RTO website yesterday (as I teased). Here's the full technical breakdown, it gets way wilder than I expected. 🧵 (1/12) #malware #cybersecurity
English
$2000 for a web cache deception bug. As always I share my methodology 👇
Identifying a deception bug is always easy but exploiting it can be hard due to SameSite restrictions on victims cookie
I bypassed this to steal victim JWT. Read about it here:
🔗 @tinopreter/cracking-samesite-for-a-2-000-web-cache-deception-746972278412" target="_blank" rel="nofollow noopener">medium.com/@tinopreter/cr…
English
Not Afraid 리트윗함
@ArulGandhi69420 Amazing write-up man. Keep them coming, I'm enjoying all these writeups for OSM, this one 😇
English
What started as a weekend reverse-engineering project turned into months of analysis covering authentication, privilege escalation, plaintext passwords, cross-school data exposure, and central infrastructure trust assumptions within SAFAL.
Full writeup:
arulgandhi.tech/writeups/safal…
English
Not Afraid 리트윗함
almost every single OnMark portal built by EduTek is fundamentally insecure, and CBSE is lying to you about the safety of student data.
we found default passwords, URL-based RCEs, and raw MD5 hashes. millions of students are at risk.
read the blog here: sidharthify.tech/blogs/blog-31-…
English
Not Afraid 리트윗함
“oh you go to the gym? are you bulking or cutting?”
well I’m doing this third option which not a lot of fitness influencers talk about.
it’s called - wasting my fucking time.
it’s where you lift the same weights with no progress for 6-12 months, feel week some day or super strong another and just look the exact dame as you looked 3 years ago.
English
Not Afraid 리트윗함
Not Afraid 리트윗함
I've got an agent in a loop optimizing a renderer with the goal to minimize frame times (and tests to measure). It got times down from 88ms to 2ms and allocations down from ~150K to 500. Sounds good, right? Wrong. This is exactly why agent psychosis is a big fucking problem.
As an experiment, I rewrote the Ghostty core render state in Go, with access to identically laid out data structures as Ghostty and the exact same validation tests. I made a purposely naive renderer (simple, correct, but slow). 88ms per frame with 150,000 allocations (horrendous, lol)!
I then kickstarted a Ralph loop to bring the frame times down. I told it it can't modify input data structures or the public API or tests (they're correct), but it can do anything else it wants. It got to work.
It has worked for about 4 hours. I've spent around $350 on this experiment so far. The results?
88ms => 1.5ms
150K allocs => ~500 allocs
Incredible right? Nope.
My hand-written renderer I ported has frame times (same benchmark) of ~20us (0.020ms) and 0 allocations in the update path.
This is the problem with psychosis and lacking systems understanding. If you don't understand the system, you're going to accept that this is an incredible result. If you understand the system, you'll see better solutions immediately and can do roughly 75x better on throughput.
The people who blindly trust agent output are in the former camp. They're sheeple, overdrinking from a fountain of mediocrity.
Standard disclaimer: I use AI all the time. I like AI. The point I'm making is to not blindly accept results. Think. Analyze. Learn.
English
literally a staff engineer's purview is to not even allow things like this to happen.
Tanuj@tanujDE3180
a staff engineer at my old company got laid off during “cost cutting.” his entire farewell meeting was 12 minutes long. week later: payment service started randomly failing. turns out he was manually fixing edge-case data corruption every night for 3 years. nobody even knew. the most dangerous systems are the ones surviving because of one invisible engineer.
English
In today's episode of things, that never happened.
"every night for 3 years" omg stfu
Tanuj@tanujDE3180
a staff engineer at my old company got laid off during “cost cutting.” his entire farewell meeting was 12 minutes long. week later: payment service started randomly failing. turns out he was manually fixing edge-case data corruption every night for 3 years. nobody even knew. the most dangerous systems are the ones surviving because of one invisible engineer.
English
Not Afraid 리트윗함
@cbseindia29 Dude that
cbse.onmarks.co.in isn't even your website, it points to that article, have some shame piece of shit.
English
Damn man, can't expect much from our gov.
These are web security 101. So embarassing.
nisarga@ni5arga
I had hacked CBSE's OSM (On-Screen Marking Portal) in February and had reported the vulnerabilities to CERT-In, but they were unable to patch most of them. I've written a detailed blog post about it here: ni5arga.com/blog/posts/hac…
English
@jpschroeder I followed the instructions and ran into: ""Cursor local SDK stream did not start." in opencode when sent first message
English
You can use Composer 2.5 on OpenCode with your existing cursor sub...
English
Not Afraid 리트윗함
Anthropic onboarding day: Michael Scott introducing Karpathy like he just signed Wemby in free agency.
English