Hovertext:
The real punchline comes later when he marries a person who loves him, has a good boss, is respected by his children, works at a rewarding job for 40 years, travels the world for 25 years, and dies in painless repose, surrounded by loved ones.
It has been a year and a half since I quit my job to start a consultancy. It took me years to build up to quitting, and I had not only a chip on my shoulder, but to quote Seth Sentry, “the guac and the dip and the salsa.” The people that read this blog probably understand what I’m talking about. I looked around at how organizations are run, at the people that told me what to do, and thought “Surely I could do a better job than this.”
This feels like a dangerous train of thought.
On one hand, that arrogance is precisely one of the mechanisms that makes someone incompetent. If you’ve learned everything, there’s no real reason to open up another book, and even that is rather generously assuming that the person providing a service to you has bothered to crack the spine on even one.
On the other hand, how else are we to make sense of the world? If you walk out the door, you will be immediately clotheslined by institutions failing to achieve the most basic of tasks with any reliability. Almost every office I’ve walked into as an employee has been a decrepit nest populated by the beaten-down working class, a sickly ooze of self-important managers amongst whom a Gladwell reader ranks as a towering intellect, and executives that are feverishly muttering the word “AI” to credulous journalists as they blindly cut headcount. So many of these institutions seem to be held together by either regulatory capture or writhing clients bound by enterprise contracts like so much barbed wire. I’ve lost track of the number of times that someone has looked at work from a company like KPMG and gone “Ha ha ha, maybe we should all be consulting – then we can do terrible work and bill at two thousand dollars a day.” This joke is so overused that you can see the person saying it is reluctantly dispensing the cliché.
So when I kicked off the company, some traitorous part of me was hoping that it would be difficult, as horrible as that would be for me personally. If it was hard, yes, perhaps I’d have to go back to some miserable office and be beset on all sides by smiling imbeciles talking about innovation, but it would make sense. It simply can’t be that easy to be free of those structures. Surely there’s a reason for it that isn’t simply “Wow, we’re systematically producing people that are terrible at their jobs and they can’t even see it.”
Unfortunately, that really is most of the explanation.
In late 2025, I said I’d write more after admitting how awkward it is to say the business is going well. I haven’t written anything for five months, and there’s no delicate way to put this, I drastically understated how well we’re doing. I'm ripping off the bandaid: in February 2026, I realised that we had already generated enough revenue to last us until 2027. On some engagements, I split my income several ways with teammates that weren’t on the job and still exceeded my corporate salary. For forty hours in 2025, I broke a thousand dollars an hour on tasks with measurable success metrics, an amount of money that would have seemed like some sort of sick joke two years ago, and both customers asked for a repeat engagement because the service quality was higher than what specialised firms were doing – I had spent about ten hours thinking about the engagement model. And we still have seven months left in the year.
All of this is to say two things. The first, I’m not going to pretend that everyone would find it as easy as I do1, but it’s easy enough that basically anyone that can read both a book in software and the humanities will be fine.2
The other is that this was all so easy that I’m going mad with boredom.
Crept to their door, opened it slowly and tip-toed but, shit
Somebody set the bar too low and I tripped over it
Whoops, jumped up, tried to throw in a quick ultimate
Just hopin' to scare 'em but, oh, it just killed both of 'em
Bodies with slit throats on the linoleum
I just throw 'em in dumpsters, the shit's appropriateBlue Shell, Seth Sentry
I wish that I could say it was difficult to make things work. It would make sense of the world. I could have fun talking about going extremely overboard with machinations. The reality is that all of it, from service delivery to sales, has been more-or-less trivial. Closing and delivering a deal for twenty thousand dollars takes less time and energy than one sprint in a regular office. Nothing even feels high stakes – the global economy is so large that, for an efficient team, you can roll the sales conversation dice over and over until it turns up a 20. I personally blundered hundreds of thousands of dollars in sales over our first six months, and we’re fine.
As a company, there are many things that I'd like to improve – it might sound silly given that we’re doing well and all our customers are happy (or lying to me), but the places where we're falling short of my expectations are extremely visible to me. By virtue of having a sizable following on this blog, I have extensive exposure to programmers that are better than me and people that are smarter than me. Every Thursday, I have a call with Efron Licht, and frankly I can scarcely grasp why someone that competent spends time talking to me3.
The problem is that I’m not competing with Efron. If I was, I'd either have to study for five hours every day for the rest of my life, or shut the company down tomorrow. I’m competing with people that don’t have functional literacy. And it’s not just incompetence at programming, it’s everything. The world has phoned it in, leaving us with no pressure to push for excellence. Last year, I was unable to put clients on both Evidence and Prefect because the former failed to attend a sales meeting booked through their website and the latter failed to book a meeting after the ex-real estate agent they hired failed to actually schedule a meeting following outreach also through their website. Our (excellent) accounting team is Hales Redden, who managed my co-founder Jordan Andersen’s old physiotherapy business… because the people I tried in Melbourne don’t check their sales inbox. Our lawyer is reader Iain McLaren4 because the firms I initially tried also don’t respond to their sales inbox. I cannot state this clearly enough – the bar is so low that it is hard to give people money. There are competent actors on the market, but at least in software, there are simply so few of them that you’re more likely to be allies than enemies.
This was infuriating at first, comical later, and has now lapsed into depressing. As an employee, these people were an unending source of frustration, the same six-figure delinquents that would forget to renew my contracts when I was on a temporary visa. As an independent operator, they’re babies that have yet to develop executive function and I’m taking their candy. I’ll do it – candy is delicious and babies are weak – but it's hard to feel good about it after the thrill of being right wore off. Some days, I get to 5PM after pitching to fix a competitor's work, put my head in my hands, and go “There is no way you dumb motherfuckers can’t stand up a database. We’ve been on the moon. We’ve been on the fucking moon. There’s no way you dipshits cannot operate Google.” Nonetheless, there is money in my bank account and I’m in a house with three bedrooms, and we must all reckon with this dreadful portent.
Is this it? I’m just going to stand up data platforms for the next forty years, a task so easy for us that we could do it drunk out of our minds, then die?
As much as I enjoy having free time, the whole affair has been oddly unsatisfying. Every day, I wake up and feel like I’ve opted out of society. I don’t have the same problems as my peers anymore. Daily stand-up is a hazy memory that I remember with faint queasiness. And the very nature of consulting, even though we make the majority of our money on technical delivery rather than pure advice, is that we’re simply adding efficiency to clients. We’ve had the luxury of firing a few for bad vibes5, leaving us only with clients that we’re very happy to work with – but at the end of the day, they‘re doing the thing worth being proud of, and we’re simply an instrument. They do the admirable thing, and we make them better at it. It’s better than continuing to be an ultra-coward and getting paid to let people Do Scrum at me, but I dunno.
Part of the reason that we’ve done so well to begin with is that we haven’t worried about scaling at all. I still think that is the obviously correct decision when you’re starting off and don’t want to take on debt. But at the same time, when a reader asks me if I’m hiring, my answer is essentially, “The whole business is designed for the team to be comfortable, and we didn’t build in the leeway to take care of other people.” My largest expenses outside of housing over the past year have been donations to a local writer’s group, Meridian Australis, and various bits to other causes, but this amounts to a few thousand dollars per year.
I’m probably supposed to be content with that, but I’ve already quit my job, so what’s a bit more risk? Why am I always reading about unreflective narcissists and tedious bootlickers funding things? Why can’t the causes I care about have resources thrown at them without them having to contort their value systems for the money?
At any rate, the passage is crystal clear in both cases: Alexander is not weeping in sorrow that there are no more throats to cut. This is not a picture of a man at the end of a career of world conquest; he’s at the beginning. “Look at all these throats—and I haven’t even cut one!”
And Alexander Wept, Anthony Madrid
We still run into problems all the time that aren’t solvable by simple efficiency – perverse incentives from sloppy legislation, places where buyers can’t understand enough to avoid exploitation, gambling companies run by vile degenerates, things that make me want to throw up. I am fully engaged with capitalism every day, and despite the fact that I’m winning for some definition of winning, much of it is grotesque. Sometimes I wonder whether I should have gone into medicine, like most of my family, but at the same time someone has to keep the databases running. So here’s what’s going to happen for now.
We have seven months left in the year. Around the start of June, we’ll be done with our most complex work, and ready to try something new, where by “something new” I mean we’re going to pick some nerds (pejorative) and cut their throats. The area that we’ve picked out specifically is technical recruiting, if only because it is the most accessible area that is most densely populated with easy prey. It should take us a little bit to knock out a small platform6, then I’ll broadcast that here for readers to sign up. We’ve done some work in the space, and all I can say is that software recruiters are defenseless money piñatas incapable of serving the competent sectors of the market, and I am going to beat them with a large stick and then loot the wallets from their corpses.
Is this it? I’m just going to stand up data platforms for the next forty years, a task so easy for us that we could do it smashed out of our fucking minds, then die?
At a rough estimate, every time we place someone that would otherwise have had to go through the hellish experience of conventional recruiting, we could plausibly knock one individual recruiter out of the market because of their slim margins (due to all the incompetence), which will temporarily satisfy my never-ending lust for blood. Then we’re going to take that money and use it to knife someone else that's causing negligent misery, and funnel some of the excess into things we care about. If we do a really good job, I really believe we can meaningfully distort some section of the market, even if that’s just “Ugh, everyone knows you can't recruit software engineers in the A$180K band in Melbourne. Those Hermit Tech folks have destroyed all the margin and established themselves as supreme dictators, and also their CEO will bully you online if you do a bad job.” I’m going to commit economic violence for the next forty years, and get so good at it that we can do that smashed out of our minds, teach other people how to do it, then die, and some of you will pick up the work where we left off.
I’ve had a sale for $100,000 fall through, and twenty minutes later said “Easy come, easy go” and moved on with my life. I’m sure this is trainable, but I can’t take credit for this because I think I’m just a weirdo. ↩
It is unbelievable how much of a competitive advantage “Responds to emails from paying clients within 24 hours” is. The bar is subterranean. ↩
Incidentally, the two largest influences on my company’s culture are Jesse Alford and Efron Licht, on team culture and programming fundamentals respectively. I don’t think Jesse has written anything particularly friendly for mass-consumption, but Efron has an amazing series called Starting Systems Programming that has been transformative for my practice. It might seem obvious to some of the most talented programmers in the audience, but I cannot recommend it highly enough for everyone else. If you enjoy it, I’m sure he’d get a huge kick out of an email, as I don’t think he has analytics. I’ll do a writeup on all my influences at some point, as the list is long and they all write quite a bit. ↩
Certified Cool Dude, by the way. ↩
To no one’s surprise, they’re mostly startups. ↩
Think “limited window for candidate signups and extreme pickiness about employers, no CVs, and a hard limit on interview stages, and so on”, not Seek. I don’t think Seek has done anything wrong, they’re just the inevitable result of the state of letting the entire market use their service. ↩
In the wake of copy.fail, there are more vulnerabilities that have been announced:
Right now would be one of the best times for a supply chain attack via NPM to hit hard.
Outside of Linux kernel patches from your distro, I think it's probably a good idea to put a moratorium on installing new software for a week or so.
A while back I decided to stop using Tailwind for new projects and to just write vanilla CSS instead.
But one thing I missed about Tailwind was the colour palette (here as CSS).
If I wanted a light blue I could just use blue-100 and if I didn’t like it
maybe try blue-200 or blue-50. I’m not very good with colours so it makes
a big difference to me to have a reasonable colour palette that somebody who is
better at colour than me has thought about.
But I’m also a little tired of those Tailwind colours, so I asked on Mastodon today what other colour palettes were out there. And then a friend said they wanted links to those colour palettes, so here’s a blog post so my friend can see them, and all the rest of you too :)
The ones I liked the most were:
Folks also linked to a bunch of colour palette generators
I’ve always found these types of generators too hard to use but maybe one day I will get better enough at colour that I’m able to use a colour palette generator successfully so I’ll leave those links there anyway.
and more colour tools:
Log in
oklchGenerative colors with CSS gives an example of
how to use the oklch CSS function to dynamically generate colors.
On 29 April 2026, a Korean security firm called Theori published 732 bytes of Python that breaks Linux container isolation. CopyFail (CVE-2026-31431) is a page-cache corruption bug in the kernel's crypto code. It's been sitting in production since 2017. A compromised pod on a shared Kubernetes node can corrupt setuid binaries visible to every other container on that host, and to the host kernel itself. EKS, GKE, AKS, every shared-tenant node, every CI runner, every multi-tenant SaaS that took the cheap path on isolation - all exposed until patched. It took an AI tool four months to find it. Nine years of human eyes did not.
Container escape is bad. Despite arguably a poorly coordinated disclosure/mitigation response[1], it looks like a near miss rather than a catastrophe. But, this class of bug - old, subtle, in a corner of the kernel that everyone assumed someone else had read - is exactly the class of bug that lives in every hypervisor stack underneath every cloud. Those bugs are still there. They just haven't been found yet.
Here's a (fictional) story about what happens four months from now, on 29th August 2026.
As Europe basks in an extreme heatwave, many engineers are paged as with EC2 instances hard crashing. Hacker News reacts to the news as per normal - another us-east-1 outage, AWS status showing green, eyes roll. Some commenters post though that many other AZs are showing issues, though not all servers are affected.
Over the next hour though, more and more machines go down. One Reddit user posts that they are having issues provisioning even fresh machines - as soon as they launch, they get moved into "unhealthy" and go down. A few minutes later, the entire AWS dashboard and API set goes down.
Cloudflare Radar shows AWS network traffic dropping to a small percentage of what is normal.
As many AWS hosted services start going down - Atlassian, Stripe, Slack, PagerDuty, some comments on Twitter report issues with Linux-based Azure instances. Indeed, Cloudflare Radar shows significant drops in Azure traffic.
News channels across Europe start leading with vague breaking news headlines on outages across Amazon. They make sure to point out that this isn't an unusual occurrence, with normal service expecting to be resumed like it always has been, and mistakenly insist only US services are affected.
As the East coast of the US starts their weekend, a very unusual step is taken. TV channels are briefed that POTUS will be doing an address to the nation at 8am EDT. Few connect the dots - with the emphasis being placed on a potential new strike in the Middle East, or an announcement on the Russia-Ukraine war.
POTUS announces that there is a significant cybersecurity incident under way. The head of CISA (the Cybersecurity and Infrastructure Security Agency) gives a very vague but concerning warning. Americans are requested to charge their cell phones, and to await further news - reminded that there may be outages on IPTV based services.
POTUS rounds it out by speculating that China is behind the attack, despite his much-heralded reset with Beijing earlier in the year.
Other Western leaders do similar addresses - with European leaders speculating on background it is more likely to be Russia or North Korea than China behind the attack. The French president says "without doubt" this is a nation-state actor. While he doesn't publicly point to a specific country, he says those responsible will be brought to justice.
While these addresses happen, engineers at various banks are battling various outages. Most concerningly, the 1st biggest and 3rd biggest card processors by volume in Europe have stopped accepting payments, returning cryptic error messages. While they have a multicloud strategy, they cannot move workloads off those two clouds successfully.
Google Cloud Platform and smaller cloud providers - unaffected until now - start showing issues. While current workloads are unaffected, the huge spike in demand from enterprises activating their disaster recovery protocols simultaneously completely swamps available compute on alternate providers. One smaller cloud provider tweets they are seeing 10,000 VM creation requests a second, draining their entire spare allocation in less than a minute. CEOs of major banks bombard Google and Oracle leadership with calls, offering blank cheques to secure failover compute. The calls go unanswered.
WhatsApp groups throughout Europe start lighting up with misinformation that money has been stolen, amplified by many mobile apps showing a "we are undertaking routine maintenance" fallback error simultaneously, causing huge lines at ATMs and banks with people trying to withdraw their savings.
As the chaos continues to grow, a press release is distributed from the leadership of AWS and Azure:
At approximately 4am EDT this morning a critical and novel vulnerability was exploited in the Linux operating system. This has caused widespread global outages of Linux based virtual machines. Our engineers are working with security services globally to mitigate the impact and engineers across both Microsoft and AWS are working collaboratively to release emergency patches for affected software. Equally we are working hard to understand the impact and will provide regular updates to the media. We sincerely apologize for the impact this is having to our customers and society at large.
Behind the scenes, it is chaos. Engineers have isolated the root causes - a complex interplay of vulnerabilities, with the most critical being an undiscovered logic error in the eBPF Linux subsystem that allows a hypervisor takeover. Curiously no data has been stolen - a mistake in the exploit just leads to machines hard crashing exactly 255 seconds after receiving the malicious payload. A few engineers question the sloppiness here, but leadership doubles down in their private communications with government that it has to be nation state.
The core issue though is that nearly all of Azure and AWS's control plane is down. Attempts to "black start" it results in perpetual failures as various subsystems collapse under the intense traffic from VMs stuck in bootloops.
The first VM instances start up again. Restoration is painfully slow, with AWS struggling to get more than 2% of machines back online. Communication internally is severely degraded - with both Slack and Microsoft Teams down instant messaging is out of the question. Amazon's corporate email runs on AWS itself, and Microsoft's on Azure-hosted Exchange. Both are degraded, massively complicating internal communications. An enterprising AWS employee starts an IRC server locally which becomes the main source of communication - restoration efforts start to speed up once this system becomes known about.
Restoration continues, with the worst of the panic dying down. Banks ended up getting priority compute - with POTUS publicly threatening "extreme actions" if major banks are not put to the front of the queue.
Asian stock markets open, triggering multiple circuit breakers. After the 3rd one in a row, Tokyo forces markets to close for the day, other Asian markets follow in quick succession.
One curious question remains though - what was the purpose of this attack? No ransomware was deployed, no data was stolen, and while various terrorist groups claimed responsibility, none of them were believed to be credible.
Meanwhile AWS engineer finally isolates snapshots containing the first known failure. An EC2 instance, provisioned on August 13th. Curiously provisioned on an individual account in eu-west-3 - Paris. The account matches an individual in Lyon, France. French security services are alerted.
In an outer suburb of Lyon, France, French anti-terrorism police arrive at an apartment building. A 17 year old teenager is apprehended, along with his grandmother. Two days earlier, his own president had vowed those responsible would be brought to justice. The police chief on the scene passes the information up the chain that the lead was a total dud - there is no chance that the suggested foreign intelligence service was here. A search of the apartment confirms it - nothing found apart from a PS5 mid-FIFA tournament and a 6 year old gaming computer. Neighbours confirm that they've seen no one enter or exit the apartment apart from the two residents, who've lived there for "as long as anyone can remember".
Media arrive on the scene, with a blustered and embarrassed police chief suggesting that it was a bad tip off and for local residents to stay calm.
The decision is made to seize the electronics and release the two "suspects".
A couple of digital forensics experts get the seized gaming PC, scanning it for malware. Nothing much of interest is found, and just as they start writing their report up one folder pops up. /opt/security/ps5-homebrew. They take a further look, noting it on the report - not thinking much of it, probably a kid trying to play pirated games. They've seen it before. The image of the machine is uploaded.
When the code gets up the chain a few hours later, the whole set of dominoes fall into place. A specialist from the French Agence nationale de la sécurité des systèmes d'information - National Cybersecurity Agency of France - pulls the code from the image. He quickly realises what's happened. The teenager had been quietly mining crypto for months, using the proceeds to rent cheap GPUs on a small European cloud provider, where he ran an uncensored fine-tune of the new Qwen 4 open weights model. He'd been desperately trying to downgrade his PS5 firmware to bypass the latest piracy checks.
Interestingly his coding agent, unbeknown to him, had found the most critical *nix kernel exploit in many decades. Attacking a little known about eBPF module on the PS5 (the PS5, like every PlayStation since the PS3, runs FreeBSD), it managed to a complete takeover of the device. Intrigued, he also asked his coding agent to run it on a Linux server on AWS he ran a gaming forum on - same thing, but curiously he noticed he could see other files on the machine. Annoyingly the VM he rented crashed after a few minutes.
Excitedly, he set up an Azure account - same thing. He asked his coding agent what this meant, and with its usual sycophantic personality started explaining what he could do with this - mining crypto and making him rich beyond his wildest dreams.
The agent came up with a final plan, to deploy the exploit on both Azure and AWS, install a cryptominer. His last known chat log was "is this definitely a great idea?".
The agent responded "You're absolutely right!", and began deploying the code, first to AWS and next to Azure. The agent had built a complex piece of malware that spread across millions of physical servers. However, it hallucinated a key Linux API which resulted in the machines crashing after 255 seconds instead of deploying the cryptominer.
This is fiction. The teenager doesn't exist. Qwen 4 doesn't exist yet either. When it does, an uncensored fine-tune will appear within days, like every prior open-weights release.
Almost everything else in here is real, or close enough that it doesn't matter.
CopyFail is real. A nine-year-old kernel bug, found by an AI tool in a few months that nine years of human eyes had missed. That class of bug - old, subtle, in a corner of the kernel everyone assumed someone else had read - sits in every hypervisor stack underneath every cloud. Those bugs are still in there. They just haven't been found yet, and the rate at which they get found from now on is bounded by GPU hours, not human ones.
The centralisation is the bit that's hard to think clearly about. Most people I talk to about this, even technical people, underestimate how much of modern life is sitting on AWS and Azure. The DR plans I've seen at large enterprises mostly assume there's a cloud to fail over to. They don't really model what happens if the fallback is also down, or if every other org on earth is failing over at the same minute and draining GCP's spare capacity. Almost nobody keeps full cold standby compute. And even the ones that do are sitting on top of hundreds of services that don't: Stripe, Auth0, Twilio, Datadog, every queue and identity provider in the stack. They're all running somewhere, and that somewhere is mostly two companies.
The attribution thing is the bit I'm least sure about, but worth saying anyway. Everyone is worried about nation states. Most of the big incidents that have actually happened turned out to be a kid, a misconfiguration, or someone who didn't really understand what they were doing. The Morris Worm. Mirai. The threat model in most boards' heads assumes a sophisticated adversary. The thing that's actually arriving is an unsophisticated adversary holding tools that are now sophisticated for them.
I wrote this as fiction because I've spent the last few months talking to journalists and other non-technical people about what AI changes for cybersecurity, and the technical version of the argument doesn't land at all. Engineers get it instantly. Everyone else needs to feel what it looks like. So this is what it might look like, more or less. The only bit I'm reasonably confident about is that the date is wrong.
The entire story here is still evolving at the time of writing, but there is a serious coordination problem on Linux security. The Linux kernel security team recommend that downstream distributions of Linux (such as Ubuntu, Fedora, Arch, etc) are not notified of security issues. This has lead to slow patches to the issue as many distributions were not informed and only found out when it was made public. People are pointing fingers in many directions. ↩︎
TLDR: got a bunch of agents to find remote unauth'd OOBs in ksmbd, CVE-2026-31432 and CVE-2026-31433. CVE-2026-31432 specifically is "RCE-promising" if you squint hard enough, given the memory layout. :) And then there's also 20+ other CVEs across Docker, OpenSSL, nginx, etc.
Finally, I go into some techniques that I tried/seem generally promising for making open-source LLMs better vulnerability researchers, like:
- getting them "drunk" to increase their creativity by steering their internal state, and
- performing a "brain surgery" to duplicate their reasoning layers, allowing them to connect more dots
https://www.bloomberg.com/news/articles/2026-04-28/us-ends-investigation-into-claims-whatsapp-chats-aren-t-privateThe US has abruptly ended its investigation into claims that WhatsApp chats were visible to Meta. https://t.co/f1WXpQz58J
— Matthew Green (@matthew_d_green) April 28, 2026
I too woke up and choose violence today as the fail-copy POC dropped.
— rootsecdev (@rootsecdev) April 30, 2026
Made a clean exploit including fixing the UID post exploitation without rebooting the target server. Smoke those CTF’s in hack the box. https://t.co/nRiFyXQzRe
rootsecdev/cve_2026_31431 (171 stars, Python) Exploit POC for CVE_2026_31431
source: rootsecdev (@rootsecdev)
“I wish we lived in the Tom Clancy world where analyst assessments form a decisive input into policy, but often decision makers already have strong assumptions about the situation...” -- Michael Kofman responds to my critique of Ukraine war predictions.https://t.co/9sir6VRpSN pic.twitter.com/j92hR9YSWb
— Seva (@SevaUT) April 29, 2026
So you’re telling me that Andean Medjedovic walked away with $65,000,000
— StarPlatinum (@StarPlatinum_) April 29, 2026
April 2026
- 23 years old
- Canadian math prodigy
- from Hamilton, Ontario
background
- finished high school at 14
- studied mathematics at University of Waterloo
described as “one of the brightest… pic.twitter.com/rXWfzUG822
Imagine a 19-year-old scrolling TikTok. She watches a creator list five "signs you have undiagnosed anxiety." She recognizes three in herself. By the end of the week, she's describing herself as anxious to her friends. A month later, she's avoiding situations she used to handle… pic.twitter.com/SOoYaU5CGc
— Michael Inzlicht (@minzlicht) April 29, 2026
https://michael-inzlicht.squarespace.com/s/The-psychological-consequences-of-mental-health-awareness-efforts.pdf
Twenty-three years ago the US said it was going to Americanize Iraq. Instead we got something closer to the Saddam-ification of the US. pic.twitter.com/gXsJrKYW9e
— Sam Haselby (@samhaselby) April 29, 2026
Not now honey - GitHub and Claude are both up at the same time
— Matt Johansen (@mattjay) April 29, 2026
Pretty cool, in-depth, root-cause analysis of the bugs used in the Adobe Reader zero-day attack (tracked as CVE-2026-34621 and other CVEs), delivered by the vulnerability research powerhouse @starlabs_sg ! https://t.co/GOsDsjHwzs
— Haifei Li (@HaifeiLi) April 29, 2026
CopyFail (CVE-2026-31431) in Go. In case you want to get root from a static binary without Python as a dependency.https://t.co/w5NYM3JBvJ pic.twitter.com/yxgLXGtr33
— Bad Sector Labs (@badsectorlabs) April 29, 2026
badsectorlabs/copyfail-go (107 stars, Assembly) A Go implementation of copyfail (CVE-2026-31431)
source: Bad Sector Labs (@badsectorlabs)
We didn't know how an actor was using EV Certificates issued to Lenovo and others.
— Squiblydoo (@SquiblydooBlog) April 29, 2026
We now do.
From DigiCert's incident report:
"the threat actor used a compromised analyst endpoint to access DigiCert's internal support portal. The threat actor used a limited function within… https://t.co/HbvxgIfCzr
https://hackers-arise.com/satellite-hacking-listening-to-unencrypted-geo-satellite-traffic/ https://hackers-arise.com/satellite-hacking-building-the-ground-station-for-satellite-tracking-and-radio-communication/ https://hackers-arise.com/satellite-hacking-how-russia-knocked-out-the-viasat-system-at-the-outset-of-the-ukraine-war/Satellites can be hacked. Here’s how it happens:
— Aircorridor (@_aircorridor) April 28, 2026
1. Listening Satellite Traffic -> https://t.co/ZxuhHCBdBI
2. Tracking Satellites -> https://t.co/LVr74MBhyi
3. How Russia Knocked out the ViaSat System at the Outset of the Ukraine War -> https://t.co/zx9V0136qJ@three_cube pic.twitter.com/Jx9sQmA4Q8
Honestly, it's kind of beautiful https://t.co/almhqdVUOm pic.twitter.com/8v1rqQKV0S
— Brendan Dolan-Gavitt (@moyix) April 29, 2026
Out of 30 fixed security issues, 21 were found internally by Google. VR is cooked fr. https://t.co/L3BDKkEWqG pic.twitter.com/RaCvB3bRbp
— Devansh (⚡, 🥷) (@0xAsm0d3us) April 29, 2026
https://openai.com/index/cybersecurity-in-the-intelligence-age/We've released a new 5-point action plan for strengthening cyber defense.
— OpenAI Newsroom (@OpenAINewsroom) April 29, 2026
AI is reshaping cybersecurity. The same capabilities that help defenders may be used by malicious actors.
One approach is to treat these systems as too dangerous for broad defensive use and limit them to…
Journalists reporting on China should be aware of ways the authorities may respond to their work. Here's what happened to @ICIJorg and its network following a 2025 exposé on Beijing’s tactics to threaten, coerce and intimidate regime critics overseas. https://t.co/kGXs8PegQC
— Runa Sandvik (@runasand) April 28, 2026
CVE-2026-31431 a/k/a CopyFail
— vx-underground (@vxunderground) April 29, 2026
> Linux LPE
> Description sounds like AI slop
> Exploit is legit
> Impacts every Linux kernel from 2017 - Now
> Proof-of-concept released
> It's Wednesday?https://t.co/FXgjWW7lOV
The operator installed Komari as a persistent Windows service, “Windows Update Service,” via NSSM, pulling it directly from the official Komari GitHub repository.
— Huntress (@HuntressLabs) April 29, 2026
No attacker-controlled infrastructure was needed to stage the loader.
Get the details. 👇https://t.co/iNB8NlL2sc
On April 16, 2026, a threat actor used stolen VPN creds to pivot into a Huntress partner Windows workstation and dropped a SYSTEM-level backdoor using the Komari agent - a 4.3k-star, MIT-licensed, Go-based project on GitHub. 👇🧵
— Huntress (@HuntressLabs) April 29, 2026
Paper plate armor. https://t.co/cZm3v3dP54
— thaddeus e. grugq (@thegrugq) April 30, 2026
https://www.bloomberg.com/news/articles/2026-04-29/chinese-hackers-spied-on-cuban-embassy-as-us-prepared-blockade?embedded-checkout=true🇨🇳 hackers breached Cuba’s embassy in Washington to spy on communications of dozens of diplomats as the island nation stared down a US naval blockade.
— Byron Wan (@Byron_Wan) April 30, 2026
The campaign began in Jan and compromised the emails of 68 officials, including the Cuban ambassador and the deputy chief of… pic.twitter.com/L9h9gHiub2
