• Hive Five
  • Posts
  • 🐝 Hive Five 169 - Excellent Advice for Living

🐝 Hive Five 169 - Excellent Advice for Living

Human-Centered AI Index Report 2024, Hacking Google's AI system, and more...

Hi friends,

Greetings from the hive!

Sorry for being a day late, but I’m back from vacation and had a blast. Check out my Instagram for some pictures.

It was the first time I did proper water activities, and I managed to kayak the canals and rivers. I tried paddle boarding but it didn't work out. I was probably too nervous.

Then, on our way home, we visited a National Park. It was my first one! I had no expectations and it was wonderful.

Within days of being back home, I was inspired to complete two productivity projects from start to finish. A Hyperkey blog post and a Beehiiv search tool, the latter powers the newsletter.

For both of these, I followed Simon Willison's mantra to create a blog post for every project you finish.

What are you working on?

Let's take this week by swarm!

🐝 The Bee's Knees

  1. Jason offers wide-ranging advice to young people on cultivating luck, professional success, confidence, diverse skills, simplicity, self-worth, happiness and living in the present through stories and personal anecdotes. MORE

  2. The Stanford University Human-Centered Artificial Intelligence Index Report 2024 provides a comprehensive assessment of the state of AI development and its impact on society. MORE

  3. A collection of 101 additional bits of life advice by Kevin Kelly, founding executive editor of Wired magazine, compiled over 6 years. MORE

  4. The Frog Sec Team showcases how they escalated a DOM XSS vulnerability into a sophisticated 1-click Account Takeover attack, earning them $8000. MORE

  5. The video discusses how the creators hacked Google's AI system and received $50,000 in compensation. The video features a guest appearance by NahamSec. MORE

️πŸ’ͺ Sponsor

Every week, thousands of hackers immerse themselves in the Hive Five for the best security resources, tech optimizations, and productivity improvements. To hack a life they love.

From a reader: "The newsletter is always a highlight of my week!”

Table of Contents

πŸ“° News and Updates

🍯 My work

βœ… Changelog

  1. Intigriti introduces read-only user roles "Program reader" and "Group reader" to enhance user experience and access control. MORE

  2. DOMPurify 3.1.1 is a fast, tolerant XSS sanitizer for HTML, MathML, and SVG, with a secure default and configurable hooks. MORE

  3. Fabric v1.4.0 added the ability to build on previous conversations using context. MORE

🌎 Headlines

  1. Google continues their killing spree. This time they let go of their Python team. In addition to contributing to upstream Python, they maintained a stable version of python within google, tools to keep thousands of third party packages constantly updated, and much more. MORE

  2. Blizzard has decided not to hold BlizzCon in 2024, but will instead host global in-person events to celebrate Warcraft's 30th anniversary. This feels like the end of an era, but we'll see. MORE

  3. Women Who Code shut down, but the story behind it appears murky. MORE

  4. After 10 years at Netflix, ThePrimeagen is excited for what's next. MORE

πŸ’Ό Career and Productivity

πŸ’° Career

  1. To build a reputation as a problem-solver and task-completer, keep a "WTF Notebook" to capture issues and next steps, complementing your bullet journal. MORE

  2. Augustine Degorl transitioned from a retail job at Apple to a 6-figure Cybersecurity GRC Analyst role. He then founded his own cybersecurity firm, Symposia. MORE

  3. 3 tips to nail your next public speaking: 1) Focus on "Lego blocks", 2) Find Friendly Faces, 3) Confront the Spotlight Effect. MORE

  4. Job Bounty: Draftboard is a platform that facilitates referral-based hiring, creating a win-win-win situation for employers, candidates, and referrers. MORE

  5. Kierra Dotson transitioned from a Data Engineer to a 6-figure DevOps Engineer without prior DevOps experience, showcasing the adaptability of tech careers. MORE

πŸš€ Productivity

  1. Extensity is a Chrome extension that allows you to quickly enable or disable your installed extensions, helping you manage your toolbar and extensions. MORE

  2. How to setup your goals: Rate life balance areas and construct inspiring 3-5 year vision to fulfill purpose. MORE

  3. How to Job Search Journal with Obsidian, keeping detailed job search notes, including research, network connections, and daily updates. MORE

  4. Email is not an efficient communication tool for all purposes, and one should consider the appropriateness of the tool for the task at hand. MORE

  5. Max Stoiber, CEO of Stellate, shares how he uses Raycast to enhance his productivity and eliminate friction in his workflow. As a power user of Raycast, his setup offers valuable insights. MORE

🌎 Community and Networking

πŸŽ‰ Celebrate

  1. Nagli is officially top 5 all-time on the HackerOne leaderboard. Amazing! MORE

  2. Ariel and Harley are running the official Bug Bounty Village at DEFCON. Cool stuff! MORE

  3. NahamSec pulled working GitLab creds during a pentest in the first 50 minutes. Let's go! MORE

  4. Monke is starting full-time bug bounty. You'll kill it! MORE

⚑️ Community

  1. wunderwuzzi attended their first HackSpaceCon at Kennedy Space Center, a great conference with world-class swag and talks. MORE

  2. The Ambassador World Cup is HackerOne's annual competition for its Brand Ambassador Program, featuring a FIFA World Cup-style format to drive global engagement in a timed, gamified hacking challenge. MORE

  3. Alexandro shares his H1-65 LHE experience from the triage side. MORE

  4. Leo Rac joined the 4k club on Intigriti. Let's go! MORE

  5. Joaxcar turned 37. Happy birthday! MORE

πŸ’› Follow

Awesome accounts to follow. Randomly selected from my curated Twitter lists.

  1. thejustinwelsh | Justin Welsh | The Diversified Solopreneur | Building a portfolio of one-person businesses to $5M in revenue. Tweets and threads about the process.

  2. Jamuse | Josh Amishav-Zlatin | I write about data breach monitoring for enterprise security teams | Indexed ~30 billion passwords | Former pen tester turned OSINT collector.

  3. binaryz0ne | Ali Hadi | B!n@ry | DFIR and Adversary Simulation | dfir @ protonmail.

  4. Mudit__Gupta | Mudit Gupta | CISO @0xPolygon | Tech Partner @Deltabc_fund | Blockchain Security Researcher | Ethereum & Web3 dev | Advisor & Angel Investor.

  5. ramonvanmeer | Ramon van Meer | Entrepreneur & Investor. $10M+ in previous exits.

πŸ”‘ Cross-pollination

  1. Parallel-lives is an interactive timeline showcasing nearly 5000 years of notable historical figures, allowing users to explore their lives and connections. MORE

  2. Nick, a prolific traveler, shares his essential travel items for 2024, including gear, gadgets, toiletries, and tech. MORE

  3. Chris examines 30 years of Rolling Stone’s β€œGreatest Albums of All Time” and discusses factors that contribute to an album being considered the greatest of all time, including critical acclaim, cultural impact, and longevity. MORE

  4. The Rambull newsletter shares 6+ useful recommendations each week from a new career and family oriented 30-something. MORE

  5. The article discusses using classical conditioning to trick the brain into enjoying running, similar to Pavlov's experiments with dogs. By associating running with positive rewards, the brain can be conditioned to enjoy the activity over time. MORE

πŸ™ Thank you

As an independent publication, you can make a difference! If you find value in the newsletter, please take a moment and share it with others who might also benefit from my curation.

πŸ“š Learning and Growth

πŸ“° Read

  1. Adnan Khan reported a "Pwn Request" vulnerability in Google's Flank repository, an official open-source project for running Android and iOS tests in Firebase Test Lab. MORE

  2. The blog post discusses the open source problem, mentioning Jia Tan, suggesting that similar user profiles exist within the community. MORE

  3. BankID, a digital ID used by Swedes, is vulnerable to session fixation attacks that can hijack user accounts across various services. MORE

  4. "Why can't my mom email me?", the trade-offs between security and usability in the context of encrypted communication. MORE

  5. The researcher discovered a race condition vulnerability in the login function of a large company's eCommerce web application, leading to a full account takeover. MORE

πŸ’‘ Tips

  1. 10 Tips for DEF CON Newbies (2024 Edition). DEF CON is the greatest hacker convention, but overwhelming for first-timers. MORE

  2. Leverage HISTORY_IGNORE to ignore commands like ls, cd etc. from filling up your shell history. MORE

  3. Zseano shares a tip: XSS in email and phone numbers is underrated. MORE

  4. TIL the iPhone Photos app allows you to look up plants, flowers, and more. MORE

Get $200 to try DigitalOcean. Level up your bug bounty game with the ultimate VPS solution. It's my go-to for all recon, automation, and even VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.

🧠 Wisdom

  1. The Red Queen Effect: To maintain one's position, one must continually evolve and adapt, as standing still leads to falling behind. MORE

  2. ThePrimeagen started streaming from a laundry room to a handful of viewers. He also had to set up and tear down his setup every night. MORE

  3. David shares 18 of his favorite frameworks. MORE

  4. How Navy Seals fall asleep within 2 minutes using the 4-7-8 breathing method. MORE

  5. A thread of random advice. The following stood out to me: "If you use a product. Buy the stock and forget it. Just think when you first used Amazon, Nvidia, Netflix, Google, or Apple." MORE

πŸ“š Resources

  1. When editing friends' or coworkers' writing, look for clarity, conciseness, and consistency, making changes to improve flow and convey the message effectively. MORE

  2. The Ultimate Burp Suite Exam and PortSwigger Labs Guide. The Burp Suite Certified Practitioner (BSCP) exam consists of two web applications, each with three stages, to be completed in two hours. MORE

  3. Awesome secure by default libraries to help you eliminate bug classes. MORE"

  4. cts pirated Ableton Live Suite 12 and live reversed the crack/keygen. MORE

  5. Google Dorks for Bug Bounty is a comprehensive list of Google search queries to help identify potential vulnerabilities and security issues for bug bounty programs. MORE

πŸ’­ Quote


It's so hard to forget pain, but it's even harder to remember sweetness. We have no scar to show for happiness. We learn so little from peace.

Chuck Palahniuk

πŸ›  Tools and Media

Subscribe to the Hive Five to read the rest.

Become a paying subscriber of the Hive Five to get access to this post and other subscriber-only content.

Already a paying subscriber? Sign In

A subscription gets you:
Join a private Discord COMMUNITY: Engage in chat, uplift one another, grow together, and explore shared interests.
Access to COMPLETE HIVE ARCHIVE: Unlock a treasure trove of tools, resources, videos, and audio, catering to all your needs.
EXCLUSIVE & BONUS content: Delve into hundreds of curated links that didn't make it into the newsletter.
Experience continuously added NEW BENEFITS.