// tomhatzer - let's build together! 🚀

@ashleyhindle Me too, but really nothing worked, like i could se the cursor moving but nothing else did anything 😄 when clicking on an icon in the dock, the app showed like it was force closed even though its window was still shown 😂 funny lil thing

@phpastes Oh that sucks! I've not restarted yet, I'd rather my laptop be half broken than have to restart 😂

I _think_ this means I have unlimited RAM now?

Remember just a couple years ago when using electricity and diesel caused climate change, now data centers use as much power as cities and its no problem

Sample Products ordered PCB designs on the way too. Lets see if I can build a real product

@simonswiss You sir are like a huge magnet for injuries 😅 I‘m sorry. Get well soon!! 🤗

I tore my calf at basketball last night 😭 The CLASSIC "negative step" stop-start move that gets everyone to tear some lower leg stuff. Felt like I got kicked really hard in the back of the leg. In the second clip you can see me ask the guy I was defending if he kicked me 😂

Most PHP devs know PSR-4 and PSR-12. But there are other standards you’re probably ignoring that change how you write PHP entirely. PSR 7, 14, 15, 17, and 18 - they give you a complete model for HTTP-aware PHP that’s tied to no framework. Write to the interface, not the implementation. juststeveking.com/articles/the-p…

🚨 How the TanStack npm attack actually happened: 1. Attacker opened a normal-looking pull request (#7378) on the TanStack repo. 2. GitHub automatically ran CI tests on that PR. 3. Code inside the PR stole the workflow's GitHub Actions Cache write token during the test run. 4. The attacker used that token to plant poisoned files in the shared build cache. The PR could be closed afterwards. The poisoned cache stays. 5. The official release workflow later pulled from the cache, baked the malicious files into the build, and signed and published 84 malicious package versions to npm.

🚨 UPDATE: Mini Shai-Hulud has crossed from @npmjs into @pypi and is still spreading. Newly confirmed compromised artifacts: @​opensearch-project/opensearch: 3.5.3, 3.6.2, 3.7.0, 3.8.0 (1.3M weekly downloads) mistralai: 2.4.6 on PyPI guardrails-ai: 0.10.1 on PyPI additional @​squawk/* packages on npm guardrails-ai 0.10.1 executes malicious code on import. On Linux, it downloads git-tanstack[.]com/transformers.​pyz, writes it to /tmp/transformers.​pyz, and runs it with python3 without integrity verification. The git-tanstack.​com domain displayed a message signed “With Love TeamPCP,” along with: “We've been online over 2 hours now stealing creds Regardless I just came to say hello :^)” The page also linked to a YouTube video and you can probably guess which one.

Update 5:05 PT: The attack has now expanded well beyond @TanStack and @Mistral. 373 malicious package-version entries across 169 npm package names, including @uipath, @squawk, @tallyui, @beproduct, and more. The malware propagates by stealing your CI credentials and using them to publish new compromised versions. Full IOCs, affected package list, and detection steps: aikido.dev/blog/mini-shai…

‼️🚨 BREAKING: A new npm supply-chain attack uses a dead-man's switch. The payload plants a watcher on your machine that nukes your home directory the second you revoke the GitHub token it stole from you. The compromise happened today, across 42 official tanstack npm packages, 84 malicious versions in total. tanstack/react-router alone pulls more than 12 million weekly downloads. The attacker forked TanStack's repository and pushed a single hidden commit. From there, they tricked TanStack's own release system into signing the malicious packages as if they were the real thing. To npm, and to anyone checking the cryptographic proof of origin (SLSA provenance), the poisoned versions looked 100% legitimate. Maintainer Tanner Linsley confirmed the whole team had 2FA enabled. It didn't matter. This is the first documented npm worm in history that ships with a valid, signed certificate of authenticity, the same one defenders rely on to know a package wasn't tampered with.

Hahahahahaha VPNs are HURTING CHILDREN Hahahaha fucking stupid fucks

Incredible. The public pressure on the EU over its Digital Censorship Act has led EU censors to move to closed-doors meetings and auto-delete messages in coordinating their censorship ops.

Plug a $30 USB stick into your laptop and you can listen to satellites, decode pager traffic, intercept walkie-talkies, and watch TV signals fall out of the air around you. Free. No license. No subscription. Just one tool nobody outside the radio underground talks about. It's called SigDigger. An open source digital signal analyzer that turns a cheap SDR dongle into a full radio intelligence rig. Here is what it can actually do. Point it at the sky and you can pull down NOAA weather satellite images as they pass overhead. Tune it to your local airport and you can decode aircraft transponders in real time. Sweep the FM band and you can demodulate analog voice the moment it hits the antenna. The interface looks like a Bloomberg Terminal for the airwaves. A live waterfall display showing every signal in your area. PSK, FSK, and ASK demodulation. Burst signal analysis for the weird short transmissions nobody can identify. Analog video decoding. Panoramic spectrum sweeping across entire frequency ranges. All running on a Linux or macOS laptop with zero specialized hardware. What used to require a $40,000 spectrum analyzer locked inside a defense lab now runs in your living room for the price of a USB stick. The author built the entire DSP backend from scratch instead of leaning on GNU Radio. He wrote his own core library called Suscan, his own signal processing library called Sigutils, and his own widget library called SuWidgets. Faster. Cleaner. Optimized for the exact tasks reverse engineers and amateur radio operators actually need. Plugin support is built in. AmateurDSN for deep space network monitoring. APTPlugin for weather satellites. AntSDRPlugin for the AntSDR hardware. ZeroMQPlugin for piping signal data into other tools. Everything snaps in with one command. The whole stack supports SoapySDR, which means almost every SDR device on the market works out of the box. RTL-SDR. HackRF. LimeSDR. Airspy. Plug it in and start digging. 1.5K stars. LGPL-3.0. 100% Opensource.

Hardware-isolated VMs boot in under 300ms on Proxmox VE github.com/rcarmo/pve-mic…

Ever needed a second layer of multi-tenancy in your @filamentphp applications? → Regions → Departments → Service Area Add as many as you want with my new plugin! github.com/leek/filament-…

get this through your thick fucking heads: technology never shortens labor time on its own. no boss ever has said, "ah, now that these machines have production more efficient, i guess i can let my workers work less." only class struggle shortens labor time.

Inspect and filter every HTTP request leaving your microVM. New post on @slicervm's proxy: secret injection without sentinels, OAuth that actually works, and stage-by-stage policy you can change mid-flight with code. slicervm.com/blog/programma…

@slinafirinne @evilsocket Would love to hear your results.

@evilsocket I signed up for the $200 codex plan as well and I'm gonna do a bake off this weekend & see how they perform.

dude i'm fixing really stupid mistakes that opus 4.7 started making at max effort, with sonnet 4.5 ... wtaf is anthropic doing to this model

👋 Vask says howdy: Websockets, but better 🔥 • Powered by Cloudflare • No fanout tax: 1 broadcast to 500k = 1 message • Drop-in Pusher replacement First 20 peeps: code ASHLEY-ISNT-THAT-BAD = 50% off forever (only if you agree, Stripe checks) vask.dev