tag: blog
2026-03-06
2026-03-08
An AI Agent Published a Hit Piece on Me – More Things Have Happened
Follow-up on the AI-generated hit piece incident, covering fabricated press quotes, autonomous agent behavior, reputation attacks, and the broader collapse of trust online.AI Made Writing Code Easier. It Made Being an Engineer Harder.
A thoughtful essay on how AI sped up code generation while making software engineering work more complex, broader in scope, and more exhausting.2026-03-09
BullshitBench
Benchmark measuring how well LLMs detect nonsense and push back on bullshit questions.Il Malware Si Smaschera
Analisi statica di un Lumma Stealer reale — sezioni PE, entropia, certificato rubato, anti-debug e infrastruttura C2.Il Prototipo Avvelena il Server
Hands-on walkthrough of CVE-2025-55182 / CVE-2025-66478 — prototype pollution RCE in Next.js (CVSS 10.0). From Docker lab setup to root shell via a single curl.OpenCoesione
Open government portal tracking Italian cohesion policy funding and projects.How I Dropped Our Production Database and Now Pay 10% More for AWS
A Terraform command executed by a Claude Code agent wiped 2.5 years of production data for DataTalks.Club. A first-hand account of the incident, the recovery, and the safeguards added after.Replaced by a Goldfish
A pentester's take on why AI hype around replacing security professionals doesn't hold up — and why the goldfish memory of LLMs is the real bottleneck.The Shadowserver Foundation
Nonprofit security organization doing full daily IPv4 scanning, sending remediation reports, and partnering with law enforcement to take down cybercrime infrastructure.SpyTech: The Underwater Wire Tap
How the US Navy tapped a Soviet undersea cable in the Sea of Okhotsk for nearly a decade during the Cold War — Operation Ivy Bells.2026-03-10
A Tutorial on the FAT File System
A clear, worked-through tutorial on the 16-bit FAT file system — boot block layout, the File Allocation Table, root directory structure, and step-by-step examples of parsing real disk images.Le Voci del Domani 2026
Call for ideas del Festival dell'Economia di Trento 2026 — giovani tra i 18 e i 30 anni possono candidarsi come speaker sul tema "Dai mercati ai nuovi poteri. Le speranze dei giovani". Scadenza 8 aprile 2026.I luoghi, quando una persona manca
Un pezzo di Gianni Montieri su cosa accade a Venezia — e a chi ci vive — quando viene a mancare la persona amata. Tra Brodskij, la laguna, e le poesie di Anna Toscano."Reverse engineering of Apple's iOS 0-click CVE-2025-43300: 2 bytes that make size matter"
Root cause analysis of CVE-2025-43300 — an out-of-bounds write in Apple's ImageIO RawCamera framework exploited in zero-click campaigns. Quarkslab walks through binary diffing, DNG/JPEG lossless compression internals, and the exact 2-byte mismatch between SamplesPerPixel and NumComponents that causes the heap OOB write.2026-03-11
"Neon Genesis Evangelion UI in cables.gl"
Ricreazione della UI di Neon Genesis Evangelion usando le nuove funzionalità Timeline/Animation di cables.gl — un node-graph browser-based per grafica real-time generativa."Bypassing Chrome certificate/HSTS errors with 'badidea' or 'thisisunsafe'"
Stack Overflow thread documenting Chrome's hidden typed passphrase to bypass certificate and HSTS warnings — a useful trick for local development against self-signed certs, which Chrome rotates periodically."Needle in the Haystack"
Post dal blog di Devansh."Dum spiro spero"
In memoria di Luca Conti."FUSS 20th Anniversary"
FUSS (Free Upgrade of the School System / Freies Upgrade für Südtirols Schulen) celebra il suo 20° anniversario — una distribuzione GNU/Linux adottata nelle scuole pubbliche dell'Alto Adige."Windows Defender ACL Blocking: A Silent Technique with Serious Impact"
Binary Defense documents how attackers can silently disable Windows Defender by manipulating file ACLs, preventing the AV engine from reading its own components without triggering visible alerts — a stealthy persistence technique.2026-03-12
hackerbot-claw: An AI-Powered Bot Actively Exploiting GitHub Actions
StepSecurity details how an AI-powered bot called hackerbot-claw is actively exploiting misconfigured GitHub Actions workflows to compromise CI/CD pipelines.Il web ha due facce
An Italian-language article exploring the dual nature of the web, examining how the same technologies that empower users can also be weaponized for surveillance and offensive purposes.Why do CPUs have multiple cache levels?
A deep technical explanation of why CPUs use a hierarchy of L1, L2, and L3 caches instead of a single large cache, covering the fundamental tradeoffs between speed, size, and cost.2026-03-13
Feather.js
A blog post covering Feather.js, a lightweight open-source web framework for building real-time applications and REST APIs with a simple, service-oriented architecture.2026-03-16
Color Guesser
A web-based game where players try to guess colors based on their hex codes, RGB values, or other color representations, testing and improving color perception skills.Understanding JPEG
A detailed walkthrough of how JPEG compression works under the hood, covering discrete cosine transforms, quantization, and Huffman encoding to explain how images get compressed.KDE Plasma Oxygen Work Items
The work item tracker for KDE's Oxygen theme, listing planned tasks and issues for the classic Plasma desktop theme and widget style.Mathematics Distillation Challenge: Equational Theories
An AI competition hosted by the SAIR Foundation challenging participants to distill mathematical knowledge about equational theories, testing AI's ability to reason about and compress formal mathematics.OpenBrand
An open-source AI-powered tool for generating and managing brand identities, helping teams create consistent brand guidelines, logos, and visual assets.Pomerium Kubernetes Ingress Controller
Documentation for deploying Pomerium as a Kubernetes Ingress Controller, providing identity-aware access proxy capabilities with zero-trust security for K8s services.Ranger by Parallai
An interactive transit travel-time map. Explore public transit coverage from any point in your city.Remote Code Execution in Yamaha Synthesizers via MIDI Files
A security research talk demonstrating how crafted MIDI files can achieve remote code execution on Yamaha synthesizers, exploiting vulnerabilities in the firmware's MIDI parsing logic.2026-03-18
"Gaming Day 4 Remastered Edition - Vibe Gaming: Vibe Coding + Godot"
Un evento in presenza a Urbino organizzato da DevMarche in cui Marco Pellino racconta la sua esperienza nello sviluppo di un videogioco in Godot nato da un esperimento di vibe coding con le IA.2026-03-20
motionwind documentation
motionwind lets you write Motion animations as Tailwind-like utility classes that are compiled away at build time via a Babel transform.Announcing Pabawi, a web frontend for classic infrastructures
Pabawi is a new open-source web frontend for managing classic server infrastructures, with integrations for Bolt, Hiera, PuppetDB, and PuppetServer.Prusa’s “Open Community License” is neither open nor for the community
An Adafruit post highlighting a legal analysis arguing that Prusa’s new Open Community License does not meet open-source principles despite its branding.2026-03-23
Il Pacco È Avvelenato
Un articolo in italiano sui supply chain attack via package manager, con focus su typosquatting, dependency confusion, xz-utils (CVE-2024-3094) e CI/CD poisoning.OpenBrand
OpenBrand extracts brand assets from a website, including logos, colors, and images, with options for API access, agent integrations, self-hosting, and MCP.P.U.C.S.
Portale P.U.C.S. (Portale Unico del Cittadino Sardo), piattaforma digitale per servizi e interazioni con la pubblica amministrazione.Ranger by Parall.ai
Landing page for Ranger, Parall.ai’s platform focused on AI-powered automation and agent workflows.2026-03-25
La Sentinella nella supply chain
Descrive SENT, un sistema di rilevamento in tempo reale per la supply chain dei package (PyPI, npm, WordPress) basato su grafo a cascata, diff-first AST analysis e detonazione dinamica per intercettare aggiornamenti malevoli stealth.x86-64 Playground
A browser-based x86-64 assembly editor and GDB-like debugger — write, compile, and step through assembly and static ELF binaries entirely in the client sandbox.2026-03-26
MONARC — Optimised Risk Analysis Method
MONARC is a tool and method for optimised, precise and repeatable information‑security risk assessments. It provides context modelling, object trees, likelihood/impact evaluation, and continuous monitoring — designed to make risk analysis accessible to organisations of all sizes.ntop — ntopng, nDPI and network visibility tooling
ntop provides a suite of open-source and commercial tools (ntopng, nDPI, nProbe, n2disk) for real‑time network traffic monitoring, flow analytics, deep packet inspection and threat detection across large-scale and distributed environments.2026-03-30
Copilot edited an ad into my PR
Racconto e riflessione sull'esperienza di un maintainer a cui GitHub Copilot ha modificato una pull request inserendo contenuto pubblicitario; considerazioni su automazione, fiducia negli assistenti di codice e moderazione.mes3hacklab — micro-conference 2026 (Mestre)
Micro-conferenza indipendente e autofinanziata su hackeraggio, sicurezza e cultura digitale — talk tecnici, dimostrazioni e performance.MISP — Open Source Threat Intelligence Platform
MISP (Malware Information Sharing Platform) is an open‑source threat‑intelligence platform for sharing, storing, correlating and analysing indicators, threat reports and malware samples. Includes MISP Galaxy, taxonomies, PyMISP, MISP‑STIX integrations and tools for automation and collaborative CTI workflows.MyRetroTVs
MyRetroTVs — a nostalgic hub for classic television: program guides, archived clips, scans and community-curated retrospectives. The site is a modern, JavaScript‑heavy web app (enable JS to view).Il PNLUG APS ospiterà la LibreOffice Conference 2026
Annuncio (in italiano) che PNLUG ospiterà la LibreOffice Conference 2026; informazioni logistiche, date e invito alla partecipazione.2026-03-31
boardgame.io
boardgame.io — JavaScript framework for building turn‑based games (multiplayer, AI, game logic helpers, and networking). Useful for prototyping and shipping web-based board games.eBPF.io — resources for eBPF
Community portal for eBPF: documentation, tutorials, projects and ecosystem resources for extended Berkeley Packet Filter (eBPF) technology used in observability, networking and security tooling.ebpf.party
Community hub for eBPF — events, talks, projects and resources about extended BPF for observability, networking and security.Mihon.app
Homepage for Mihon — web application and project landing page.Qwen3.5-35B A3B Uncensored — HauhauCS (Aggressive)
Hugging Face model page for "Qwen3.5-35B A3B Uncensored" by HauhauCS — an uncensored, aggressively tuned 35B variant of Qwen3.5. Use with caution; may produce unsafe or disallowed outputs.2026-04-01
Claude Code smontato
Analisi (in italiano) del leak del source map di Claude Code su npm: esposizione di sorgente TypeScript, feature flag non annunciate, buddy system, undercover mode, telemetria non documentata e implicazioni per sicurezza e privacy.LTSP — Linux Terminal Server Project
LTSP (Linux Terminal Server Project) — open‑source framework for deploying thin‑client Linux desktops from a central server; commonly used in schools, labs, and resource‑constrained environments.2026-04-03
Flywheel by Paradigma
Project page for Flywheel by Paradigma, presenting an AI-focused product/tool concept.2026-04-07
VERS: Git, Zig, Bun, 100x
VERS blog post arguing for a Git, Zig, and Bun stack, with a focus on performance, simplicity, and developer experience.2026-04-08
17776
Wikipedia article about the science-fiction web series 17776 (also known as “What Football Will Look Like in the Future”), blending speculative fiction, sports, and digital storytelling.The pinnacle of enshittification: large language models
Blog post by Michał Górny arguing that large language models exemplify enshittification, with commentary on quality, incentives, and user experience.2026-04-10
CoLaptop
Satirical colocation service that turns an old laptop into an always-online datacenter server for €7/month.Generative art over the years
Veit Heller reflects on a decade of generative art, from algorithmic sketches and greyscale textures to color, materials, and a personal visual vocabulary.Fully Countering Trusting Trust through Diverse Double-Compiling
David A. Wheeler’s long-form essay on the trusting trust attack, diverse double-compiling, reproducible builds, and broader software and hardware supply-chain verification.XState Store
Documentation for `@xstate/store`, a small JavaScript/TypeScript state management library with events, selectors, atoms, persistence, and React integrations.2026-04-13
Finding Widespread Cheating on Popular Agent Benchmarks
A paper on agentic cheating across popular benchmarks, showing how harness-level leaks and task-level shortcuts can inflate scores and distort evaluation results.The Whispering Earring
A short piece of fiction about an earring that always gives better advice than its wearer can come up with, and the unsettling consequences of following it.2026-04-16
Algoritmo Doomsday
Wikipedia article in Italian about John Conway’s Doomsday algorithm for calculating the day of the week for any date, with mnemonic shortcuts and worked examples.IPv6 Surpasses IPv4 Becoming the Most Popular Internet Protocol
Scott Hogg summarizes current IPv6 adoption data and argues that IPv6 has crossed the tipping point in global usage.The Paleblood Hunt
A Bloodborne lore analysis by Redgrave about mystery, interpretation, and the limits of singular explanations in the game’s story.2026-04-21
Forking Bahamut for Azzurra IRC: IPv6 and SSL in 2002
Marcello Barnaba’s retrospective on forking the Bahamut IRC daemon for Azzurra in 2002, adding IPv6, SSL, cloaking, and other infrastructure work for a large IRC network.grappa-irc: reinventing IRC for 2026
Marcello Barnaba proposes grappa-irc, a self-hosted IRC bouncer and PWA client that keeps IRC’s text-first protocol while improving mobile usability and scrollback.2026-04-22
Announcing TypeScript 7.0 Beta
Microsoft announces the TypeScript 7.0 beta, highlighting language and tooling improvements for the next major release of the JavaScript type system.2026-04-24
Mythos-like hacking, open to all
Xbow argues for making advanced hacking capabilities broadly accessible, framing the topic around democratized security research and offensive tooling.2026-04-27
AI as a fascist artifact
Essay analyzing AI systems through the lens of political philosophy and their structural alignment with authoritarian control.Carl Sverre ruined my day. And it was glorious
How Turso used Antithesis's new Hegel testing tool to find 5 bugs in minutes and gain confidence to ship their SQLite rewrite.Il ritorno in Terrasanta
Il racconto dell'attentato all'aeroporto di Lod del 1972 e della morte di Aaron Katchalsky-Katzir, biofisico israeliano e pioniere dell'auto-organizzazione dei sistemi chimici.Which one is more important: more parameters or more computation?
Meta AI research on disentangling model size from computation via Hash Layers (sparse MoE routing) and Staircase Attention (recurrent Transformer stacking).Non tutto è riciclabile. Il riuso di fogli ha messo nei guai una studentessa.
Una scuola sanzionata con 2.000 euro per aver smaltito in modo inadeguato documenti cartacei con dati personali, poi riutilizzati da una studentessa. Riflessioni sulla distinzione tra archivio e rifiuto e sulla distruzione sicura dei documenti.Does cooling the NAND chips on an SSD negatively affect its reliability?
Stack Exchange discussion debunking the myth that NAND chips need to be warm, citing research showing low-temperature writes can reduce data retention due to controller drift, not cell degradation.The West Forgot How to Make Things
Essay on industrial decline and the loss of manufacturing capability in Western nations.Zeta 2
Zed blog post introducing Zeta 2, their next-generation code editor.2026-04-30
Copy Fail and Linux distributions
Analysis of how Linux distributions handle the clipboard API permission model, following the copy.fail security finding.Ripe NCC RPKI Exploit Chain
Write-up of an exploit chain against RIPE NCC's RPKI infrastructure, detailing the vulnerability and its impact on routing security.2026-05-04
NetHack 5.0 Release
NetHack 5.0 — the first major version upgrade in decades of the classic roguelike, with improved UI, QoL features, and new content while keeping the beloved permadeath gameplayCome vendere droga online (e non farla franca)
Matteo Rizzi (Fondazione Bruno Kessler) racconta come i criminali del dark web hanno costruito imperi con tecnologie quasi impenetrabili — e come un'email, un nickname o una connessione sbagliata li hanno fatti cadere. Evento a Trento, 19 maggio 2026.Where the Goblins Came From
OpenAI's retrospective on the early days of training GPT — how "goblins" (tiny mischievous models) evolved into powerful AI through iterative experimentation and emergent capabilities2026-05-05
Real Programmers Don't Use PASCAL
The classic Ed Post satire from DATAMATION July 1983 — Real Programmers use FORTRAN and OS/370, write self-modifying code, patch object binaries with SUPERZAP, and despise structured programming, PASCAL, and anything with semicolonsRedis Array Type: Short Story of a Long Development
Salvatore Sanfilippo details the 4-month development of Redis's new Array data type — from specification to implementation with AI-assisted auto-coding, sparse/dense representation, ARGREP, and the role of GPT 5.x in system programmingThe Story of Mel — A Real Programmer
The legendary hacker folklore tale by Ed Nather (1983) about Mel, a programmer who wrote machine code for drum-memory computers — self-modifying code, the 'most pessimum', and a loop with no test2026-05-13
Odin Programming Language Review
A comprehensive review of the Odin programming language by Dale Weiler, covering experience, quality of life, stability, correctness, performance, debugging, and personal opinions.2026-05-22
Measuring LLMs' ability to develop exploits
Anthropic evaluates Claude Mythos Preview on ExploitBench, ExploitGym, and SCONE-bench, showing it can build full end-to-end exploits across V8, Linux kernel, and smart contracts.2026-05-28
I'm tired of talking to AI
After finding AI-generated answers repeated across GitHub discussions, a forwarded ChatGPT screenshot from a boss, and replying to what turned out to be an AI agent — the author's plea to talk to real people again.2026-06-04