placeholder

How I made $64k from deleted files — a bug bounty story

TL;DR — I built an automation that cloned and scanned tens of thousands of public GitHub repos for leaked secrets. For each repository I…

Click to view the original at medium.com

Hasnain says:

Neat little tricks here. Secret management is hard

"Most of the leaked secrets were found in binary files that had been committed to the repository and later deleted. These files are typically generated by compilers or automated processes. A common example is .pyc files, which are Python byte-code files created when some Python interpreters compile source code. These often end up being committed unintentionally. Other examples include compiler-generated debug files, such as .pdb files, which are also occasionally committed by mistake."

Posted on 2025-04-23T04:15:07+0000

placeholder

Columbia student suspended over interview cheating tool raises $5.3M to 'cheat on everything' | TechCrunch

On Sunday, 21-year-old Chungin "Roy" Lee announced he’s raised $5.3 million in seed funding from Abstract Ventures and Susa Ventures for his startup,

Click to view the original at techcrunch.com

Hasnain says:

… yeah not sure how I feel about this one

“Cluely has published a manifesto comparing itself to inventions like the calculator and spellcheck, which were originally derided as “cheating.””

Posted on 2025-04-22T00:45:38+0000

placeholder

placeholder

Hasnain says:

This was pretty motivational.

“These models are incredibly powerful now. 300 lines of code and three tools and now you’re to be able to talk to an alien intelligence that edits your code. If you think “well, but we didn’t really…” — go and try it! Go and see how far you can get with this. I bet it’s a lot farther than you think.

That’s why we think everything’s changing.”

Posted on 2025-04-16T05:54:31+0000

placeholder

Hasnain says:

I felt this in my bones.

"Even if you don’t personally hold these values, the vast majority of us are members of societies that do. But resistance is very possible. If everyone’s good at their job, shop there. If you need help with something, find a local company or self-employed person to pay directly — and tip them. If something feels like a massive deal, someone or some part of the earth is paying steeply for it, and chances are high you will pay more for it (in replacement costs, in labor, in time) later. And if you’re forced to use a company with bad services and bad products, the fault is very rarely the worker themselves, but the organization that makes it so difficult for them to be good at their job.

I’m not saying we should all spend more money on everything. Or that we should collectively lower our standards and accept shoddy work. I keenly understand that part of the reason we rely on these exploitative services is because we, ourselves, are subject to the demands of the same economy: one that tells us our time is always better spent working or recovering from work, instead of helping others with their bedframe assembly or, say, shopping in person.

But I do think it’s worth wondering: what would happen, how might the paradigm shift, if we continue normalizing paying far more for far less?"

Posted on 2025-04-13T03:41:04+0000

placeholder

Rebuilding Prime Video UI with Rust and WebAssembly

Alexandru Ene features details of a new UI SDK in Rust for Prime Video that targets living room devices.

Click to view the original at infoq.com

Hasnain says:

"The reason why I think this is true is because we did a lot of work in developer experience with those macros that maybe look a bit shocking if you don't know UI programming, but actually they felt very familiar to UI engineers. They could work with it right off the bat, they don't have to deal with much complexity in the borrow checker. Usually, in the UI code, you can clone things if necessary, or even use a Rc and things like that. You all know, this is not super optimal. Yes, we came from JavaScript, so this is fine, I promise. The gnarly bits are down in the engine, and there we take a lot of care about data management and memory and so on. In the UI code, we can afford it easy. Even on the lowest level hardware, I have some slides that you'll see the impact of this."

Posted on 2025-04-13T03:37:30+0000

placeholder

‘Paraparticles’ Would Be a Third Kingdom of Quantum Particle | Quanta Magazine

A new proposal makes the case that paraparticles — a new category of quantum particle — could be created in exotic materials.

Click to view the original at quantamagazine.org

Hasnain says:

“If paraparticles exist, they’ll most likely be emergent particles, called quasiparticles, that show up as energetic vibrations in certain quantum materials.

“We might get new models of exotic phases, which were difficult to understand before, that you can now solve easily using paraparticles,” said Meng Cheng (opens a new tab), a physicist at Yale University who was not involved in the research.”

Posted on 2025-04-13T00:55:51+0000

placeholder

There’s a Nuclear Option to Fight Trump’s War Against Colleges. You Aren’t Going to Like It.

Like watching NCAA basketball? What if you couldn’t, because schools went on strike?

Click to view the original at slate.com

Hasnain says:

“But the American higher-education sector is much more than a supplicant kneeling at the foot of the federal government. For better or for worse, it is absolutely central to the nation’s economy and society. And a big part of that centrality—one that some of us in academia try hard to ignore—is the spectacle of college sports. College and university sports teams are proudly represented on bumper stickers, billboards, hoodies, and barroom TVs in every city and every state.

All that a small group of university presidents has to do is hit pause on that spectacle for one season. In doing so, they’ll save millions of dollars and also broadcast to the nation that a cherished and essential American institution is under attack from its own government.”

Posted on 2025-04-06T04:48:33+0000

placeholder

Hasnain says:

“This was just one protest in one place—albeit one very large protest in one very big place. Perhaps the vibes were different in Marshfield, Mass. or Salt Lake City or Bolivia, N.C. (Hopefully the weather was.) Ultimately the big story is not what the signs said, but the deep groundswell of anger and unrest that brought so many people in so many places out into the streets and other public spaces of their communities. The message is: crowd large. A lot of politicians and administrators and business leaders, in bowing to Trump, have drawn confidence and comfort from the perceived vibe shift. Events like this puncture that delusion. They are an unavoidable illustration of outrage. Trump may have gotten a lot undone in the last three months, but the opposition never went away, and it may finally be emboldened.

On Saturday, it showed that it is everywhere.”

Posted on 2025-04-06T01:29:42+0000

placeholder

Hasnain says:

“"None of this is in any way normal," Matthew Green, a professor specializing in cryptography at Johns Hopkins University, wrote on Mastodon. He continued: "Has anyone been in contact? I hear he’s been missing for two weeks and his students can’t reach him. How does this not get noticed for two weeks???"

In the same thread, Matt Blaze, a McDevitt professor of computer science and law at Georgetown University, said: "It's hard to imagine what reason there could be for the university to scrub its website as if he never worked there. And while there's a process for removing tenured faculty, it takes more than an afternoon to do it”

Posted on 2025-03-31T07:03:07+0000