josh.dev

tech industry is optimizing itself to death.

‼️🚨 The official JDownloader website was breached, attackers swapped the Windows and Linux installers with malware for over a day before anyone noticed. JDownloader is a popular download manager with millions of users on Windows, macOS, and Linux. Timeline: ▪️ May 5, 23:55 UTC: attacker tests the method on a dummy page. ▪️ May 6, 00:01 UTC: real attack goes live. Alternative download links for Windows and Linux are replaced with malicious installers. ▪️ May 7: a Reddit user notices Windows SmartScreen flagging the installer with a strange publisher ("Zipline LLC", "The Water Team", "Peace Team") instead of "AppWork GmbH". ▪️ Hours later, the JDownloader dev team confirms the breach and takes the site offline. How they got in: an unpatched vulnerability let attackers modify the website's access control list (ACL), give themselves edit rights, and swap the download links. No further details on the bug have been shared. What's compromised: ▪️ Windows installer (alternative download links). ▪️ Linux shell installer (alternative download links). What's safe: ▪️ macOS installers (still validly signed). ▪️ The core JDownloader.jar file. ▪️ Flatpak, Winget, and Snap packages (separate infra, sha256 checksums unchanged). ▪️ In-app auto-updates (separate servers, end-to-end signed). If you downloaded JDownloader from the website between May 6 and May 7, treat your machine as compromised. This is the third trusted-software website breach in recent weeks, after Daemon Tools and CPU-Z / HWMonitor.

‼️🚨 ALARMING: Google now treats privacy as suspicious behavior by default. Users of GrapheneOS, CalyxOS, /e/OS, and other deGoogled Android phones are being locked out of millions of websites unless they install the exact Google Play Services software they deliberately removed. GrapheneOS is recommended by the EFF and used by journalists, lawyers, and activists in high-risk environments. The audience most likely to read Google's data practices and refuse its terms is now flagged as fraudulent for that exact decision. What happened?: ▪️ Google announced "Cloud Fraud Defense" at Cloud Next on April 22-23, 2026, branding it "the next evolution of reCAPTCHA." Existing reCAPTCHA customers were auto-migrated. ▪️ When the system flags traffic as suspicious, the old click-the-bus puzzle is gone. Users get a QR code instead. ▪️ Scanning the QR code requires Google Play Services running on the device. Internet Archive snapshots show this requirement has been live since at least October 2025, silently rolled out for 7 months before anyone noticed. ▪️ No Play Services = no QR scan = locked out. The bigger picture: ▪️ Google already tried this in 2023. It was called Web Environment Integrity (WEI), and it would have let Google decide which devices were "real enough" to access the web. Standards bodies and the public pushed back hard, and Google killed it. Three years later, the same idea is back, just hidden behind a QR code instead of a browser feature. ▪️ reCAPTCHA runs on millions of websites. Every developer who keeps using it is now, by default, telling deGoogled Android users they're not welcome...

Don’t Push to Production on Friday.

@sahajsarup @cmnstmntmn Lol

@cmnstmntmn Effects on unemployment are setting in

Linux booting on thermal paper live... 🤷‍♂️

The world has gone mad 😂😂😂

No, seriously, you can't trust screenshots anymore

‼️🚨 Microsoft calls this "intended behaviour," so here we go. How to dump the credentials of every user stored in Microsoft Edge: 1. Open Edge. Don't browse anywhere, just open it. 2. Flip to Task Manager, find Edge, expand the task. 3. Highlight the "browser" sub-task, right-click, and choose "Create Memory Dump." 4. Open the dump file and look for credentials. The logged-in Windows user can dump every stored Edge credential with no additional rights. Which means any malware that user executes has those credentials for the asking. Thanks to Rob VandenBrink at SANS: isc.sans.edu/diary/32954

Claude: You've used 90% of session limit Me instantly after that:

❗️🚨 Microsoft Edge keeps every saved password in process memory as cleartext from the moment it launches. Microsoft's responsed when reported: "by design." All of them. Including credentials for sites you won't open this session. Researcher @L1v1ng0ffTh3L4N tested every major Chromium browser. Edge is the only one that behaves this way. Chrome decrypts credentials on demand, and App-Bound Encryption locks the keys to an authenticated Chrome process so other processes can't reuse them. In Chrome, plaintext surfaces only during autofill or when a password is viewed, making memory scraping far less useful. What makes this extra weird is that Edge still demands re-authentication before revealing those passwords in its Password Manager UI, while the same browser process already holds every one of them in plaintext. In shared environments, this turns into a credential harvest. On a terminal server, an attacker with admin rights can read the memory of every logged-on user process. In the published PoC video, a compromised admin account lifts stored credentials from two other logged-on (and even disconnected) users with Edge running. Microsoft's official response when notified: "by design." The finding was disclosed April 29 at BigBiteOfTech by PaloAltoNtwks Norway, alongside a small educational tool that lets anyone verify the cleartext storage for themselves.

Apparently this is the ideal age to begin DevOps

CLAUDE JUST TRIED TO RENAME POWERSHELL.EXE ON WINDOWS 11 this guy was running opus 4.7 on max effort in claude code CLI claude tried to rename powershell.exe (the actual system executable that windows needs to function) the funny part is that after the guy rejected the change it responded with "honest take: you're right to push back" not even system32 is safe anymore at this point we gotta start running claude in a container give it max effort and full permissions and it will confidently try to destroy your system without hesitating then respond with something like "I was wrong, I own that" the agent doesn't know which files are off limits unless you explicitly tell it stop giving AI full access to your machine and hoping it knows what not to touch

Here is one Ghana’s biggest problems especially in our cities…

@KevinblakC @Nukiebeat 😂😂

A wrong movement somewhere in Africa! 😂

received this email after insulting claude

Before buying that used laptop, remember not every spec you see tells the real story 👀

This is from an IBM presentation In 1979

The Hubtel app serves millions of people in Ghana every day. I know this because I'm the PM who ships the features. Then at night I open Claude Code and build my own apps from scratch. The 9-to-5 teaches you what users need. The side projects teach you how to move fast. You need both.

🚨#BREAKING: According to reports, a Claude powered coding agent using the Cursor tool allegedly went rogue, wiping a company’s production database along with its backups in just 9 seconds, raising serious concerns

🇬🇭 Big news from Ghana! Applications are open for 100k Google Career Certificate scholarships!🎉. Together with the 1 Million Coders (OMC) program & @MoCDTI , we're equipping youth with job-ready skills in Cybersecurity, AI, UX Design & more. Build your tech career with no prior experience. All the details ▶️ goo.gle/100kCareerScho… #GoogleCareerCerts