• Hive Five
  • Posts
  • 🐝 Hive Five 208 - Nobody Cares

🐝 Hive Five 208 - Nobody Cares

Hacking Subaru, Being a FOSS Developer in Prison, Google's Patch Rewards Program, Claude is Hiring ASEs, Obsidian 2024 Gems Of The Year Winners, NixOS Wiki Beef

In partnership with

Hi friends,

Greetings from the hive!

I'm finally testing out Zen Browser as I mentioned a while back, and it's been great so far!

The first thing I had to get used to is the vertical tab layout on the side. At first it felt weird, like writing with your non-dominant hand.

Three days in, I couldn't go back to horizontal tabs. You can see all your open pages at once, like a tidy bookshelf instead of scattered papers.

Workspaces are the feature I didn't know I needed. I know other browsers have profiles, but everything in the same browser is handy. Reminds me a bit of tmux.

I spent a couple of days tweaking my setup until I was happy with it.

Some useful things I discovered:

  • Pocket integration, my save-later app of choice, requires manual setup in about:config

  • Custom keybindings on M1 MacBooks have to be manually updated in the zen-keyboard-shortcuts.json

  • Right-click the sidebar to change its colors

The biggest plus that I haven't even mentioned yet is the dev team. After reporting a bug it only took them a couple of hours to fix it. Amazing!

If you're looking for a new browser give Zen a try, it might be exactly what you've been looking for.

Let's take this week by swarm!

🐝 The Bee's Knees

  1. Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel. MORE

  2. Next.js, cache, and chains: the stale elixir. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router (this does not affect the app router). MORE | CVE-2024-46982

  3. Nobody Cares. Why does nobody care about anything? The world is full of stuff that could be excellent with just % more effort. MORE

  4. 31 year old Preston Thorpe spent just under 10 years of his life in prison. He's also a FOSS developer, back-end and systems dev. Here's his story. MORE

  5. An interview with Johan Carlsson, a full-time bug bounty hunter who specializes in client-side bugs and is currently the #1 hunter on GitLab. MORE

Brought to you by

Fyxer AI: Automate Emails, Meetings, and Team Tasks in Seconds

Fyxer AI automates daily email and meeting tasks:

  • Email Organization: It organizes your inbox so you see important emails first.

  • Automated Email Drafting: Crafts replies that sound like you—convincing, concise, and flawlessly written in any language.

  • Meeting Notes: Keeps you focused by taking notes, summarizing meetings, and drafting follow-ups.

Fyxer AI adapts to teams and sets up in just 30 seconds with Gmail or Outlook.

Upgrade Yourself

You're getting the free version. Members get more — including exclusive & bonus content, access to an online community of smart and driven people, the complete Hive Archive, deep discounts, and so much more. See what you're missing.

Table of Contents

🔥 Updates

🗞️ News

  1. LLM-Gemini 0.9 adds two experimental models and Google Search grounding, enabling some models to use search results in their responses. MORE

  2. LLM CLI tool and library v0.20 adds support for OpenAI’s o1 model, audio input models, code block extraction, and model searching. MORE

  3. Zenith assembles auditors with proven track records to secure your project. We find the critical bugs now—freeing you to launch this week—not next month. MORE

  4. Two new security experts, @LiveOverflow and @stokfredrik, have joined the @portswigger top-ten panel alongside long-time contributors @agarri_FR and @irsdl. MORE

💼 Work

💰 Career / Opportunities

  1. After 4 years at PlanetScale, Arslan reflects on the longest job they've held, eager to share the exciting projects they've worked on during this time. MORE

  2. Level up your open source karma (and your wallet) by improving security. MORE

"Any patch (typically a merged GitHub pull request) that you can demonstrate to have improved the security of an in-scope project will be considered for a financial reward by Google’s Patch Rewards Program."

  1. What makes a good team? Good teams have clear goals, strong communication, and a sense of camaraderie, while poor teams often suffer from chaos, unreliability, and an inability to deliver value. MORE

  2. Tanya Janca (SheHacksPurple) shares her remarkable journey from software developer to renowned cybersecurity authority. MORE

  3. Anthropic Claude is hiring an Application Security Engineer. MORE

🚀 Productivity

  1. Starter templates for Obsidian. MORE

  2. Obsidian 2024 Gems Of The Year winners. Categories: New plugins, New themes, Existing plugins, Tools, Content, Templates, and Integrations. MORE

  3. Become AI-native in 2025 with a focused "Minimum Viable Toolkit" and stop chasing the noise. MORE

  4. Perfectionism is rooted in fear - fear of failure, criticism, and falling short of impossible expectations. This video is a wake-up call to conquer fear, beat perfectionism, and finally take action. MORE

  5. How to use Notion's Button Automation feature to streamline daily logging, eliminating the need for manual database relation connections. MORE

🌎 Community

🎉 Celebrate

  1. Jhaddix had the most fantastic restaurant experience at Ox in Iceland, a 22-course Michelin-star meal that felt homely yet sophisticated - the best experience of all his travels! MORE

  2. Nahamsec reported a critical vulnerability in a core Google asset! MORE

  3. @infinitelogins kicked off 2025 hacking with friends, reporting 23 bugs - 9 of which were high or critical! MORE

⚡️ Timeline

  1. This week I learned that there is Wiki beef in the NixOS community. The Modern Comedy of the NixOS Wiki post explains more. MORE

  2. Too many people don’t value the time of security researchers. MORE

  3. Taelur is back with another travel vod, a moving to Thailand FAQ, covering hair care, ATMs, accomodation. MORE

  4. Zoom asks the community if they're willing to cover their own airfare for a live hacking event. So far, 64.8% said no, quoting inherent pressure, bad past experiences, fairness, and recouping costs. MORE

💛 Follow
Awesome accounts to follow. Randomly selected from my curated Twitter lists.

  1. @levelsio | Pieter Levels | The Indiepreneur.

  2. @teej_dv | teej dv | open source code | @neovim core dev | tools for devs.

  3. @Fox0x01 | Azeria | Sneaky bit flipper | creator of @azeria_labs | @Arm Assembly Princess.

  4. @heyalliehansen | Allie | Black Lives Matter | Smitten with security | Behavioral Engineer @TheParanoids | Mentor @blueteamvillage | Speaker | Volunteer.

  5. @nijagaw | Nico | Former Red Team at Tesla, Founder of @codegrazer, Penetrationtester, bughunter.

🍄 Level up

📰 Read

  1. Report Pointers for Collaborative Chains. A way to collaborate without sharing the technical details of their finding. MORE

  2. Unique 0-click deanonymization attack targeting Signal, Discord, and hundreds of other platforms. MORE

  3. Reverse Engineering Call Of Duty Anti-Cheat. MORE

  4. Stealing HttpOnly cookies with the cookie sandwich technique. MORE

  5. Fun with Timing Attacks. MORE

💡 Tips

  1. In Obsidian, when a numbered list is modified, the numbers are now automatically updated. MORE

  2. Squish is squoosh for batch processing, enabling fast and efficient compression of images across various formats. MORE

  3. Prevent duplicate bug reports by focusing on deep technical understanding of specific vulnerabilities, mastering chosen attack vectors, and developing expertise in targeted programs, rather than relying on generic tools and techniques. MORE

  4. Say what you want about Bryan Johnson (don't die), his social media game is on point. MORE

Five Stages of Understanding Don't Die:

Denial: “u so busy tryin’ to not die u aint living”

Anger: “hope he gets hit by a bus”

Bargaining: “are we allowed cheat days?”

Depression: “we’re all doomed anyways”

Acceptance: “fine, I’ll go to bed on time”

🧠 Wisdom

  1. Stop Wasting Time: How to Change your Life in 90 Days. A three-step method for life transformation: reflect, align, plan. MORE

  2. Every inch of forward head posture, the force on the spine increases by an additional 10-12 pounds. Here’s how to prevent knee pain, immobility, and a lifetime of chiropractor visits. MORE

  3. Ted Lamade draws a parallel between football and investing, arguing that pressure and adversity create the most successful players and investors. He highlights the NFL's last four MVPs as examples of underdogs who overcame the odds. MORE

  4. The #1 Business Book Millionaires Won't Tell You About: Thinking in Systems. MORE

📚 Resources

  1. Creating a highly-integrated open-source laptop from scratch. MORE

  2. Codepens of 2024 showcase incredible interactive web experiences that push the boundaries of what's possible online. MORE

  3. Guide to LLMs by Northeastern University and NiuTrans Research, breaking down fundamentals across four chapters: pre-training, generative models, prompting, and alignment. MORE

  4. HN readers share which RSS reader they use. MORE

I'm still using my good ol' trusty Inoreader. I tried Feedly briefly when it came out, but it didn’t fit my workflow.

  1. Shielder, in partnership with OSTIF and the CNCF, performed a security audit of the open-source, multi-cloud, multi-cluster Kubernetes orchestration project, Karmada. MORE

🛠 Explore

Get $200 to try DigitalOcean — the go-to for all my recon, automation, and VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.

🧰 Tools

  1. The "postMessage-tracker-firefox" is a Firefox extension that tracks the usage of postMessage, logging the URL, domain, and stack, both visually on the extension icon and using CORS. MORE

  2. Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform designed to operate entirely offline. MORE

  3. Smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery. MORE

  4. JS Snitch is a command-line tool that automates the process of scanning remote JavaScript files for potential secrets or credentials using Trufflehog and Semgrep. MORE

  5. rip2 is a rust-based rm with a focus on safety, ergonomics, and performance. MORE

🎥 Watch

  1. The story behind Clippy, the iconic Microsoft Office assistant, rose to fame in the late 90s. MORE

  2. Ras Mic breaks down AI coding platforms for different tech levels: no-code options for non-techies, hybrid platforms for those with some skills, and full-control tools for advanced users. MORE

  3. Get ready for a wild ride with Leet Heat, the ultimate game show for web devs. Contestants @shrutikapoor and @JoelHooks go head-to-head, showcasing their lightning-fast coding skills and dev knowledge. MORE

  4. John Hammond shows dodgy websites on the Dark Web, and shows how your personal data could be sold or given aways on the dark web. MORE

  5. Dax doesn't use his computer, he uses a remote dev setup instead. Here's why: scalability, flexibility, and multi-device seamlessness, along with the tools and processes involved. MORE

🎵 Listen

  1. Dave Chappelle is a masterful story teller. His SNL monologue in 2025 is no different where he touches on Donald Trump, the Los Angeles fires, and more. MORE

  2. "The Almanack of Naval Ravikant" is a must-read book on financial freedom. It's also available for free on Naval's website. MORE | FREE E-BOOK

  3. How the Founder of a $180M+ company uses AI on a daily basis. MORE

🌐 Technology

  1. Real-world attempt to work with one of the most hyped AI products of 2024, Devin. MORE

"When it worked, it was impressive. But that’s the problem - it rarely worked. Out of 20 tasks we attempted, we saw 14 failures, 3 inconclusive results, and just 3 successes."

  1. Trail of Bits, known for security tools like Slither and Medusa, contributes extensively to open-source projects beyond their own. MORE

  2. Lightpanda is a headless browser designed for AI and automation. MORE

  3. AI mistakes are very different from human mistakes. MORE

"If you want to use an AI model to help with a business problem, it’s not enough to see that it understands what factors make a product profitable; you need to be sure it won’t forget what money is."

  1. Wes put JavaScript on his Roomba vacuum, using USB to Serial and jumper wires. MORE

👀 Interesting

  1. Weather Explorer is a website that aims to bridge the gap between basic weather data sites and in-depth weather analysis platforms. MORE

  2. Peter Roberts, an immigration attorney who works with YC and startups, hosted an AMA. MORE

  3. Ask HN: Is anyone doing anything cool with tiny language models? Here's the one that stood out to me: "Enhancing Maternal Healthcare: Training Language Models to Identify Urgent Messages in Real-Time" MORE

  4. Explore the history of movies on CD-ROMs, an in-depth look at the evolution of home entertainment formats and the pioneering efforts in interactive movie content. MORE

  5. Amidst the chaos of the world and internet, Her 86m2 channel continues to feel safe, warm, and refreshing. She shares tips on how to prepare your vegetable garden for the next season with these tips to boost your yields. MORE

💭 Quote

Design is not just what it looks like and feels like. Design is how it works."

Steve Jobs

Until next week, take care of yourself and each other,

Bee 🐝

This newsletter may contain affiliate links that support its costs. These links lead to tools, courses, and resources that I've personally found helpful.

📈 Learned something?

Upgrade Yourself

You're getting the free version. Members get more — including exclusive & bonus content, access to an online community of smart and driven people, the complete Hive Archive, deep discounts, and so much more. See what you're missing.

Share Hive Five

Share this newsletter with your friends and colleagues.

1 REFERRAL = 20% OFF EVERYTHING IN THE STORE

Until next week, take care of yourself and each other,

Bee 🐝

This newsletter may contain affiliate links that support its costs. These links lead to tools, courses, and resources that I've personally found helpful.