The FCC Wants to Kill Burner Phones
Plus: AI bug hunting fuels Microsoftâs biggest-ever Patch Tuesday, ShinyHunters ransomware gang exploits an Oracle zero-day, and more. â Read more
CISA Tells US Agencies to Fix Security Bugs in as Little as 3 Days Thanks to AI Threats
âDefenders cannot afford to take weeks to patch,â one Cybersecurity and Infrastructure Security Agency official warned on Wednesday. â Read more
When a user reports a bug in a feature I didnât even know we had â Read more
Ask HN: Why is the HN crowd so anti-AI?
Genuine question.
Over the past six months, there hasnât been a single day where Iâve checked the HN Best RSS feed without seeing a post about how AI âwrites bad code,â âintroduces bugs,â âcreates technical debt,â or something along those lines.
Iâll probably make a lot of enemies by saying this, but do people realize that code is just a means to an end?
Users donât care whether the code was written by AI or by hand, or which framework you used. They care that the product works.
⊠â Read more
Not to Alarm Anyone, but Flesh-Eating Screwworms Have Entered the US
The USDA this week confirmed the first known infection of the carnivorous fly larva, which feast on the flesh of living mammals, after the United States eradicated the nightmare bugs in the 1960s. â Read more
When QA reproduces in two clicks the bug I swore was impossible â Read more
The AI Era Is Creating a Bug Hunting Arms Race
As attackers ramp up their AI exploit development, the search for software vulnerabilities is changing rapidly. â Read more
When I finish my dev work and testing flags 10 bugs within the hour â Read more
When Iâm the only one who notices we have a huge bug in our demo â Read more
When I ask Claude Code to fix a bug but forgot to give it access to my repo â Read more
Best Bug Spray (2026), Tested and Reviewed
Our writer tried some of the most popular insect repellents during runs, hikes, and evening walks. These are the ones we recommend. â Read more
When weâre celebrating the production release and I suddenly remember a forgotten bug â Read more
When I show the sales rep how to work around a display bug for their demo â Read more
When I follow the instructions to reproduce an exotic bug â Read more
Discord Sleuths Gained Unauthorized Access to Anthropicâs Mythos
Plus: Spy firms tap into a global telecom weakness to track targets, 500,000 UK health records go up for sale on Alibaba, Apple patches a revealing notification bug, and more. â Read more
When Iâve been searching for hours and still donât understand where the bug is coming from â Read more
When the lead dev personally goes to the client to fix a major bug â Read more
When itâs the sixth time ChatGPT fails to fix the same bug â Read more
When I finally manage to fix a bug after pulling an all-nighter â Read more
When someone comes looking for me to fix a bug in production â Read more
When I find a workaround for a bug in production â Read more
When the client asks if we can remove the bugs but keep the features â Read more
When the intern fixes in 15 minutes the bug Iâve been stuck on all day â Read more
When the bug only shows up on the CEOâs browser â Read more
When QA finds the first bug in my code in 30 seconds â Read more
When I manage to fix the bug the team had been stuck on for days â Read more
When the bug disappears when I add a console.log â Read more
When I realize my hotfix created 3 other bugs â Read more
When I manage to fix a bug without using Google or an AI â Read more
When I keep chaining fixes to solve the same bug â Read more
When the client didnât notice the major bug during my demo and congratulates me â Read more
When the bug comes from a non-breaking space in the input string â Read more
When my pair tells me they found a bug 5 minutes before my demo â Read more
When the manager tells me the bug is top priority even though itâs been around for 6 months â Read more
When I manage to reproduce the bug that was reported to me â Read more
@prologic@twtxt.net (While browsing through that, I noticed that https://mu-lang.dev/ itself doesnât really mention the source code repo, does it? đ€ Like, the quickstart guide begins with âBuild the host: go build ./cmd/muâ, but whereâs the git clone ⊠command? đ
)
Iâm not really sure what the goal is. đ€ Do you want to get pull requests for the docs? Or bug reports for mu itself? đ€
When I head into the weekend after helping another team fix their bug â Read more
@bender@twtxt.net Thatâs the plan! Once Iâm happy with this v1 (and we find no other obvious bugs/issues) updating âChangesâ with user-facing / human-freidnyl changes is part of the release process!
When a coworkerâs code crashes because of a hardcoded âSure, hereâs what should fix the bug:â â Read more
When I finally understand the bug I was stuck on right after leaving the office â Read more
When they ask how I fixed the bug but it was actually ChatGPT who did it. â Read more
When I fix a bug and the behavior gets even weirder â Read more
Heh I thought I fixed that bug? (is it s abug?!)
@bender@twtxt.net it works fine under jenny. Maybe it is a bug on Yarn?
When I try to explain my bug to the lead dev but heâs already convinced the issue is elsewhere â Read more
httpd now sends the Last-Modified with UTC instead of GMT. Current example:
@lyse@lyse.isobeef.org Bah. Yeah, that looks like a bug. Letâs see if this already reported upstream. đ€
Hurray, I finally fixed another rendering bug in tt that was bugging me for a long time. Previously, when there were empty lines in a markdown multiline code block, the background color of the code block had not been used for the empty lines. So, this then looked as if there were actually several code blocks instead of a single one.
I just fixed another bug in tt where the language hint in multiline markdown code blocks had not been stripped before rendering. It just looked like it was part of the actual code, which was ugly. I now throw it away. Actually, itâs already extracted into the data model for possible future syntax highlighting.
@shinyoukai@neko.laidback.moe Because you might not want to commit all changed files in a single commit. I very often make use of this and create several commits. In fact, I like to git add --patch to interactively select which parts of a file go in the next commit. This happens most likely when refactoring during a feature implementation or bug fix. I couldnât live without that anymore. :-)
If you have a much more organized way of working where this does not come up, you can just git commit --all to include all changed files in the next commit without git adding them first. But new files still have to be git added manually once.
When the lead dev tells me he fixed a couple of bugs in my project over the holidays â Read more
@lyse@lyse.isobeef.org Iâm toying with the idea of making a widget/window system on top of Pythonâs ncurses. Iâve never really been happy with the existing ones (like urwid, textual, pytermgui, âŠ). I mean, theyâre not horrible, itâs mostly the performance thatâs bugging me â I donât want to wait an entire second for a terminal program to start up.
Not sure if Iâll actually see it through, though. Unicode makes this kind of thing extremely hard. đ«€
Whoo! I fixed one of the hardest bugs in mu (”) I think Iâve had to figure out. Took me several days in fact to figure it out. The basic problem was, println(1, 2) was bring printed as 1 2 in the bytecode VM and 1 nil when natively compiled to machine code on macOS. In the end it turned out the machine code being generated / emitted meant that the list pointers for the rest... of the variadic arguments was being slot into a register that was being clobbered by the mu_retain and mu_release calls and effectively getting freed up on first use by the RC (reference counting) garbage collector đ€Šââïž
When I realize the cause of my bug just after leaving the office â Read more
When Iâm in a meeting and suddenly realize where the bug Iâve been stuck on is coming from â Read more
When I go to a client meeting while there are still several open bugs on their side â Read more
When I try to help a teammate and end up creating even more bugs in their code â Read more
When Iâve already been struggling for hours to fix a bug â Read more
I finished all 12 days of Advent of Code 2025! #AdventOfCode https://adventofcode.com â did it in my own language, mu (Go/Python-ish, dynamic, int/bool/string, no floats/bitwise). Found a VM bug, fixed it, and the self-hosted mu compiler/VM (written in mu, host in Go) carried me through. đ„ł
Ooops, Iâve run into a bug or limitation with mu for Day 9 đ€
When they ask if Iâm okay after 6 hours staring at the same bug on my screen â Read more
@aelaraji@aelaraji.com probably a bug on my end with the bridge. Iâll figure it out with your help when I get home from my holidays.
Fuck me, soooooooo beautiful! Awwww! :â-) https://www.youtube.com/watch?v=oYfKgi133qo
This focuses more on the landscape part, other episodes also have amazing interactions with the locals. I cannot recommend the Itchy Boots channel enough. Itâs in my top three channels of all time I believe. I hardly get the travel bug, but this has now changed. Watching Noralyâs videos brings me great joy. It also shows humanity is not lost, contrary to what one might think in this crazy world. :-)
Caution, this channel gets very addictive!
When a user sends me a screenshot of their bug with zero context â Read more
When I find out the bug comes from a piece of code I never suspected at all â Read more
@movq@www.uninformativ.de All good! đ Likely bug on my end (bridge)
When I try to fix the internâs bug even though I donât understand it myself â Read more
When I manage to dodge the blocking bug during my demo â Read more
When a client calls us first thing in the morning to report a bug â Read more
And regarding those broken URLs: I once speculated that these bots operate on an old dataset, because I thought that my redirect rules actually were broken once and produced loops. But a) I cannot reproduce this today, and b) I cannot find anything related to that in my Git history, either. But itâs hard to tell, because I switched operating systems and webservers since then âŠ
But the thing is that Iâm seeing new URLs constructed in this pattern. So this canât just be an old crawling dataset.
I am now wondering if those broken URLs are bot bugs as well.
They look like this (zalgo is a new project):
https://www.uninformativ.de/projects/slinp/zalgo/scksums/bevelbar/
When you request that URL, you get redirected to /git/:
$ curl -sI https://www.uninformativ.de/projects/slinp/zalgo/scksums/bevelbar/
HTTP/1.0 301 Moved Permanently
Date: Sat, 22 Nov 2025 06:13:51 GMT
Server: OpenBSD httpd
Connection: close
Content-Type: text/html
Content-Length: 510
Location: /git/
And on /git/, there are links to my repos. So if a broken client requests https://www.uninformativ.de/projects/slinp/zalgo/scksums/bevelbar/, then sees a bunch of links and simply appends them, youâll end up with an infinite loop.
Is that whatâs going on here or are my redirects actually still broken ⊠?
When I realize Iâve been trying to fix a bug all day in the wrong project â Read more
When QA sends me a bug with no context, just a screenshot â Read more
@bender@twtxt.net Itâs good enough ti iron out any bugs đ Can I haz an account? đ
For those curious, the new Twtxt <-> ActivityPub bridge Iâm building (bidirectional) simply requires three things:
- You register your Twtxt feed to the bridge: https://bridge.twtxt.net
- You verify that you in fact own/control the feed by putting the verification code somewhere on/in your feed (doesnât matter where or how)
- You proxy/forward requests for
/.well-known/webfingerto the Bridgebridge.twtxt.net.
Iâm still testing through and ironing out bugs đ Please be patient! đ
How to Find P1 Bugs using Google in your Targetâââ(Part-2)
Earn rewards with this simple method.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-find-p1-bugs-using-google-in-your-target-part-2-d37a9bb0b2e7?sour ⊠â Read more
whoo fix a long stnading bug with identicons for feeds with no avatar in their metadata
Hint:
# nick = ...
# avatar = ...
Ignite Realtime Blog: First release candidate of Smack 4.5 published
The Smack developers are happy to announce the availability the first release candidate (RC) of Smack 4.5.0.
The upcoming Smack 4.5 release contains many bug fixes and improvements. Please consider testing this release candidate in your integration stages and report back any issues you may found. The more people are actively testing release candidates, the less issues will remain in the actual release.
Smac ⊠â Read more
@prologic@twtxt.net Letâs go through it one by one. Hereâs a wall of text that took me over 1.5 hours to write.
The criticism of AI as untrustworthy is a problem of misapplication, not capability.This section says AI should not be treated as an authority. This is actually just what I said, except the AI phrased/framed it like it was a counter-argument.
The AI also said that users must develop âAI literacyâ, again phrasing/framing it like a counter-argument. Well, that is also just what I said. I said you should treat AI output like a random blog and you should verify the sources, yadda yadda. That is âAI literacyâ, isnât it?
My text went one step further, though: I said that when you take this requirement of âAI literacyâ into account, you basically end up with a fancy search engine, with extra overhead that costs time. The AI missed/ignored this in its reply.
Okay, so, the AI also said that you should use AI tools just for drafting and brainstorming. Granted, a very rough draft of something will probably be doable. But then you have to diligently verify every little detail of this draft â okay, fine, a draft is a draft, itâs fine if it contains errors. The thing is, though, that you really must do this verification. And I claim that many people will not do it, because AI outputs look sooooo convincing, they donât feel like a draft that needs editing.
Can you, as an expert, still use an AI draft as a basis/foundation? Yeah, probably. But hereâs the kicker: You did not create that draft. You were not involved in the âthought processâ behind it. When you, a human being, make a draft, you often think something like: âOkay, I want to draw a picture of a landscape and thereâs going to be a little house, but for now, Iâll just put in a rough sketch of the house and add the details later.â You are aware of what you left out. When the AI did the draft, you are not aware of whatâs missing â even more so when every AI output already looks like a final product. For me, personally, this makes it much harder and slower to verify such a draft, and I mentioned this in my text.
Skill Erosion vs. Skill EvolutionYou, @prologic@twtxt.net, also mentioned this in your car tyre example.
In my text, I gave two analogies: The gym analogy and the Google Translate analogy. Your car tyre example falls in the same category, but Geminiâs calculator example is different (and, again, gaslight-y, see below).
What I meant in my text: A person wants to be a programmer. To me, a programmer is a person who writes code, understands code, maintains code, writes documentation, and so on. In your example, a person who changes a car tyre would be a mechanic. Now, if you use AI to write the code and documentation for you, are you still a programmer? If you have no understanding of said code, are you a programmer? A person who does not know how to change a car tyre, is that still a mechanic?
No, youâre something else. You should not be hired as a programmer or a mechanic.
Yes, that is âskill evolutionâ â which is pretty much my point! But the AI framed it like a counter-argument. It didnât understand my text.
(But what if thatâs our future? What if all programming will look like that in some years? I claim: Itâs not possible. If you donât know how to program, then you donât know how to read/understand code written by an AI. You are something else, but youâre not a programmer. It might be valid to be something else â but that wasnât my point, my point was that youâre not a bloody programmer.)
Geminiâs calculator example is garbage, I think. Crunching numbers and doing mathematics (i.e., âcomplex problem-solvingâ) are two different things. Just because you now have a calculator, doesnât mean itâll free you up to do mathematical proofs or whatever.
What would have worked is this: Letâs say youâre an accountant and you sum up spendings. Without a calculator, this takes a lot of time and is error prone. But when you have one, you can work faster. But once again, thereâs a little gaslight-y detail: A calculator is correct. Yes, it could have âbugsâ (hello Intel FDIV), but its design actually properly calculates numbers. AI, on the other hand, does not understand a thing (our current AI, that is), itâs just a statistical model. So, this modified example (âaccountant with a calculatorâ) would actually have to be phrased like this: Suppose thereâs an accountant and you give her a magic box that spits out the correct result in, what, I donât know, 70-90% of the time. The accountant couldnât rely on this box now, could she? Sheâd either have to double-check everything or accept possibly wrong results. And that is how I feel like when I work with AI tools.
Gemini has no idea that its calculator example doesnât make sense. It just spits out some generic âargumentâ that it picked up on some website.
3. The Technical and Legal Perspective (Scraping and Copyright)The AI makes two points here. The first one, I might actually agree with (âbad bot behavior is not the fault of AI itselfâ).
The second point is, once again, gaslighting, because it is phrased/framed like a counter-argument. It implies that I said something which I didnât. Like the AI, I said that you would have to adjust the copyright law! At the same time, the AI answer didnât even question whether itâs okay to break the current law or not. It just said âlol yeah, change the lawsâ. (I wonder in what way the laws would have to be changed in the AIâs âopinionâ, because some of these changes could kill some business opportunities â or the laws would have to have special AI clauses that only benefit the AI techbros. But I digress, that wasnât part of Geminiâs answer.)
tl;drExcept for one point, I donât accept any of Geminiâs âcriticismâ. It didnât pick up on lots of details, ignored arguments, and I can just instinctively tell that this thing does not understand anything it wrote (which is correct, itâs just a statistical model).
And it framed everything like a counter-argument, while actually repeating what I said. Thatâs gaslighting: When Alice says âthe sky is blueâ and Bob replies with âwhy do you say the sky is purple?!â
But it sure looks convincing, doesnât it?
Never againThis took so much of my time. I wonât do this again. đ
When I have to explain the same bug to QA for the third time â Read more
When someone asks me for help with a bug just as Iâm about to leave the office â Read more
#4 RFI: From an External URL Into your Application
Understanding RFI isnât just about finding a bug; itâs about recognizing a critical design flaw that, if exploited, hands an attacker theâŠ
[Continue reading on InfoSec Write-ups »](https://infosecwrit ⊠â Read more
When I end my day fixing a bug â Read more
When I fix a bug in prod before anyone notices â Read more
The $2,000 Bug That Changed My Life: How a Tiny URL Parameter Broke Web-Store Pricing !! â Read more
âThe $10,000 Handlebars Hack: How Email Templates Led to Server Takeoverâ
While studying advanced template injection techniques, I came across one of the most fascinating bug bounty stories Iâve ever encountere ⊠â Read more
How I Reported a Pre-Account Hijack Affecting Any Gmail User (Even Google Employees)- My Bug⊠â Read more
@movq@www.uninformativ.de I guess I wasnât talking about the speed of interesting text/context, but more the âslownessâ of these tools. I think I can build/ solutions and fix bugs faster most of the time? Hmmm đ€ I think the only thing itâs able to do better than me is grasp large codebases and do pattern machines a bit better, mostly because weâre limited by the interfaces we have to use and in my ase being vision impaired doesnât help :/
Fixed following page template bug so cached feed counts render without errors. cc @bender@twtxt.net
Mathieu Pasquet: slixmpp v1.12
This version is out mostly to provide a stable version with compatibility with the newly released Python 3.14, there are nonetheless a few new things on top.
Thanks to all contributors for this release!
Fixes- Bug in MUC self-ping ( XEP-0410) that would create a traceback in some uses
- Bug in SIMS ( XEP-0447) where all media would be marked as inline
- Python 3.14 breakage
- Prono ⊠â Read more
25. Monetizing Your Skills Beyond Bug Bounty
Turn your hacking expertise into a thriving career beyond bounties.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/25-monetizing-your-skills-beyond-bug-bounty-a6b503d6b6dc?source=rssâ-7b722bf ⊠â Read more
When I run into a bug I thought I had fixed weeks ago â Read more
How I Found a $250 XSS Bug After Losing Hope in Bug Bounty
đ Free Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-found-a-250-xss-bug-after-losing-hope-in-bug-bounty-8ab557df4d1d?source=rssâ-7b722bf ⊠â Read more
How to Find XSS Vulnerabilities in 2 Minutes [Updated]
My simple yet powerful technique for spotting XSS vulnerabilities during bug hunting.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/find-xss-vulnerabilities-in-just-2-minutes-d14b63d00 ⊠â Read more
When we have to fix a bug in a hurry without being able to run the project locally â Read more
A Bug Hunterâs Guide to CSP Bypasses (Part 1) â Read more
CTF to Bug Bounty: Part 1 of the Beginnerâs Series for Aspiring Hunters
From CTF flags to real-world bugsâââyour next hacking adventure starts here.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups. ⊠â Read more
âThe Overlooked P4 Goldmine: Turning Simple Flaws into Consistent Bountiesâ
Weâve all been thereâââscrolling through bug bounty platforms, seeing hunters post about critical RCEs and complex chain exploit ⊠â Read more
** How to Use AI to Learn Bug Hunting & Cybersecurity Like a Pro (in 2025)**
Hey there đ,
Iâm Vipul, the mind behind The Hackerâs Logâââwhere I break down the hackerâs mindset, tools, and secrets đ§ đ»
[Continue reading ⊠â Read more
Authentication bypass via sequential user IDs in Microsoft SSO integration | Critical Vulnerability
If youâre a penetration tester or bug bounty hunter, n ⊠â Read more
Account Take Over | P1âââCritical
It started off like any other day until I got an unexpected emailâââan invite to a private bug bounty program. Curious, I jumped in. TheâŠ
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/account-take-over-p1-critical-5468ce8218b9?sour ⊠â Read more
The weirdest bug:When Reflected XSS Wonât Let a Page Breathe â Read more