Jappie3

The Devil's Dictionary of Vibe Coding

Vibe Coding (n.) The noble art of describing what you vaguely want in natural language and hoping the silicon oracle doesn’t hallucinate something that will get you fired. Once known as “programming.” Now a sophisticated form of cargo-culting with better autocomplete.

Agent (n.) A fancy name for a loop that keeps calling itself until the credit card screams. Marketed as autonomous intelligence. In practice, an overconfident intern that never sleeps and occasionally books your flights to the wrong continent.

Terminals should generate the 256-color palette from the user's base16 theme.

If you've spent much time in the terminal, you've probably set a custom base16 theme. They work well. You define a handful of colors in one place and all your programs use them.

The drawback is that 16 colors is limiting. Complex and color-heavy programs struggle with such a small palette.

hytale launcher

wanted to see if theres a way to disable the self-update since it fails on nixos anyway.

binary lives at ~/.local/share/Hytale/install/release/package/launcher/*/hytale-launcher

finding env vars

nix-shell -p binutils

hi, i'm daniel. i'm a 16-year-old high school senior. in my free time, i hack billion dollar companies and build cool stuff.

about a month ago, a couple of friends and I found serious critical vulnerabilities on Mintlify, an AI documentation platform used by some of the top companies in the world.

i found a critical cross-site scripting vulnerability that, if abused, would let an attacker to inject malicious scripts into the documentation of numerous companies and steal credentials from users with a single link open.

(go read my friends' writeups (after this one))
how to hack discord, vercel, and more with one easy trick (eva)
Redacted by Counsel: A supply chain postmortem (MDL)

The Cloudflare outage was a good thing

Cloudflare, the CDN provider, suffered a massive outage today. Some of the world's most popular apps and web services were left inaccessible for serveral hours whilst the Cloudflare team scrambled to fix a whole swathe of the internet.

And that might be a good thing.

The proximate cause of the outage was pretty mundane: a bad config file triggered a latent bug in one of Cloudflare's services. The file was too large (details still hazy) and this led to a cascading failure across Cloudflare operations. Probably there is some useful post-morteming about canary releases and staged rollouts.

Bluesky's age assurance sucks, here's how to work around it.

Bluesky has implemented age verification measures in response to regional laws that restrict access, prompting users to verify their age through Epic Games' Kids Web Services before they can access adult content.

This sucks, but thankfully there are ways to work around it.

Before diving in: I encourage you to read this entire document, including the

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like support@company.com), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

	OSS Sec publication,Project,Title,nixpkgs unstable PR ID,nixpkgs unstable PR merge date,nixpkgs unstable merge within 7 days,nixpkgs stable PR ID,nixpkgs stable PR merge date,nixpkgs stable merge within 7 days
	08/07/2025 17:09:11,Git,[oss-security] Multiple vulnerabilities fixed in Git,417515,18/06/2025 15:59:41,✅,423646,08/07/2025 22:41:36,✅
	22/07/2025 22:14:20,Debian packaging of AIDE,[oss-security] non-issues in dailyaidecheck script in Debian's packaging of AIDE,No NixOS impact,#N/A,No NixOS impact,No NixOS impact,#N/A,No NixOS impact
	16/07/2025 22:27:08,BIND 9,[oss-security] ISC has disclosed one vulnerability in BIND 9 (CVE-2025-40777),425877,22/07/2025 19:40:33,✅,427546,30/08/2025 14:46:34,❌
	03/08/2025 01:58:35,Linux,[oss-security] Linux kernel: eBPF vulnerabilities,Not a vuln?,#N/A,Not a vuln?,Not a vuln?,#N/A,Not a vuln?
	04/06/2025 05:52:58,curl,[oss-security] [SECURITY AVISORY] curl: CVE-2025-5399: WebSocket endless loop,413896,08/06/2025 12:25:59,✅,413957,07/06/2025 06:07:28,✅
	05/06/2025 18:17:55,P

	#!/usr/bin/env python3

	# macOS-like pointer acceleration for libinput
	# Author: fufexan <mihai@fufexan.net>

	# Uncomment matplotlib and the plot_curve definition and call to visualize the curve
	# import matplotlib.pyplot as plt
	import sys
	import os