Radman Siddiki

cURL closing their Hackerone bug bounty program on HackerOne for obvious reasons: death by thousand slops, slop from both humans and AI-assisted submissions. it is insane to me that companies like HackerOne are still stuck in the past. why aren't cURL, other companies, and FOSS projects setting up environments modeled on their actual threat scenarios and letting researchers hack until they capture a flag? what do you care about cURL security? what is the threat model? you don't want an HTTP request to an untrusted site to result in: 1. a shell on your system 2. info leak 3. DoS that crashes your computer it is all we really care about. PoC || GTFO. read the flag, get paid. don't waste a single second reading anything else. with this you don't even need to spend so much money on running a bug bounty program.

It was the closest race yet when it came to the top programming language of the year. 👀

RIP JSON. AI just got a data format that doesn’t waste tokens, doesn’t confuse models, and doesn’t bury structure under a pile of punctuation and it’s called TOON. If you work with LLMs, this is the part where everything you thought was “good enough” starts looking ancient. JSON was built for humans. TOON is built for machines. And the difference shows instantly: • 40–60% fewer tokens • Cleaner reasoning • Higher retrieval accuracy • Zero syntactic clutter • Perfect round-trip back to JSON Here’s what structured data looks like in 2025: users[2]{id,name,role}: 1,Alice,admin 2,Bob,user LLMs understand it faster. Your context budget lasts longer. Agents stop hallucinating field names. And Pipelines get cheaper overnight. JSON won the web era. TOON is about to win the AI era. And this is 100% open source (link below)