- Hive Five
- Posts
- 🐝 Hive Five 208 - Nobody Cares
🐝 Hive Five 208 - Nobody Cares
Hacking Subaru, Being a FOSS Developer in Prison, Google's Patch Rewards Program, Claude is Hiring ASEs, Obsidian 2024 Gems Of The Year Winners, NixOS Wiki Beef
Hi friends,
Greetings from the hive!
I'm finally testing out Zen Browser as I mentioned a while back, and it's been great so far!
The first thing I had to get used to is the vertical tab layout on the side. At first it felt weird, like writing with your non-dominant hand.
Three days in, I couldn't go back to horizontal tabs. You can see all your open pages at once, like a tidy bookshelf instead of scattered papers.
Workspaces are the feature I didn't know I needed. I know other browsers have profiles, but everything in the same browser is handy. Reminds me a bit of tmux.
I spent a couple of days tweaking my setup until I was happy with it.
Some useful things I discovered:
Pocket integration, my save-later app of choice, requires manual setup in about:config
Custom keybindings on M1 MacBooks have to be manually updated in the
zen-keyboard-shortcuts.json
Right-click the sidebar to change its colors
The biggest plus that I haven't even mentioned yet is the dev team. After reporting a bug it only took them a couple of hours to fix it. Amazing!
If you're looking for a new browser give Zen a try, it might be exactly what you've been looking for.
Let's take this week by swarm!
🐝 The Bee's Knees
Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel. MORE
Next.js, cache, and chains: the stale elixir. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router (this does not affect the app router). MORE | CVE-2024-46982
Nobody Cares. Why does nobody care about anything? The world is full of stuff that could be excellent with just % more effort. MORE
31 year old Preston Thorpe spent just under 10 years of his life in prison. He's also a FOSS developer, back-end and systems dev. Here's his story. MORE
An interview with Johan Carlsson, a full-time bug bounty hunter who specializes in client-side bugs and is currently the #1 hunter on GitLab. MORE
Brought to you by →
Fyxer AI: Automate Emails, Meetings, and Team Tasks in Seconds
Fyxer AI automates daily email and meeting tasks:
Email Organization: It organizes your inbox so you see important emails first.
Automated Email Drafting: Crafts replies that sound like you—convincing, concise, and flawlessly written in any language.
Meeting Notes: Keeps you focused by taking notes, summarizing meetings, and drafting follow-ups.
Fyxer AI adapts to teams and sets up in just 30 seconds with Gmail or Outlook.
Upgrade Yourself →
You're getting the free version. Members get more — including exclusive & bonus content, access to an online community of smart and driven people, the complete Hive Archive, deep discounts, and so much more. See what you're missing.
Table of Contents
🔥 Updates
🗞️ News
LLM-Gemini 0.9 adds two experimental models and Google Search grounding, enabling some models to use search results in their responses. MORE
LLM CLI tool and library v0.20 adds support for OpenAI’s o1 model, audio input models, code block extraction, and model searching. MORE
Zenith assembles auditors with proven track records to secure your project. We find the critical bugs now—freeing you to launch this week—not next month. MORE
Two new security experts, @LiveOverflow and @stokfredrik, have joined the @portswigger top-ten panel alongside long-time contributors @agarri_FR and @irsdl. MORE
💼 Work
💰 Career / Opportunities
"Any patch (typically a merged GitHub pull request) that you can demonstrate to have improved the security of an in-scope project will be considered for a financial reward by Google’s Patch Rewards Program."
What makes a good team? Good teams have clear goals, strong communication, and a sense of camaraderie, while poor teams often suffer from chaos, unreliability, and an inability to deliver value. MORE
Tanya Janca (SheHacksPurple) shares her remarkable journey from software developer to renowned cybersecurity authority. MORE
Anthropic Claude is hiring an Application Security Engineer. MORE
🚀 Productivity
Starter templates for Obsidian. MORE
Obsidian 2024 Gems Of The Year winners. Categories: New plugins, New themes, Existing plugins, Tools, Content, Templates, and Integrations. MORE
Become AI-native in 2025 with a focused "Minimum Viable Toolkit" and stop chasing the noise. MORE
Perfectionism is rooted in fear - fear of failure, criticism, and falling short of impossible expectations. This video is a wake-up call to conquer fear, beat perfectionism, and finally take action. MORE
How to use Notion's Button Automation feature to streamline daily logging, eliminating the need for manual database relation connections. MORE
🌎 Community
🎉 Celebrate
Jhaddix had the most fantastic restaurant experience at Ox in Iceland, a 22-course Michelin-star meal that felt homely yet sophisticated - the best experience of all his travels! MORE
Nahamsec reported a critical vulnerability in a core Google asset! MORE
@infinitelogins kicked off 2025 hacking with friends, reporting 23 bugs - 9 of which were high or critical! MORE
⚡️ Timeline
This week I learned that there is Wiki beef in the NixOS community. The Modern Comedy of the NixOS Wiki post explains more. MORE
Too many people don’t value the time of security researchers. MORE
Taelur is back with another travel vod, a moving to Thailand FAQ, covering hair care, ATMs, accomodation. MORE
Zoom asks the community if they're willing to cover their own airfare for a live hacking event. So far, 64.8% said no, quoting inherent pressure, bad past experiences, fairness, and recouping costs. MORE
💛 Follow
Awesome accounts to follow. Randomly selected from my curated Twitter lists.
@levelsio | Pieter Levels | The Indiepreneur.
@teej_dv | teej dv | open source code | @neovim core dev | tools for devs.
@Fox0x01 | Azeria | Sneaky bit flipper | creator of @azeria_labs | @Arm Assembly Princess.
@heyalliehansen | Allie | Black Lives Matter | Smitten with security | Behavioral Engineer @TheParanoids | Mentor @blueteamvillage | Speaker | Volunteer.
@nijagaw | Nico | Former Red Team at Tesla, Founder of @codegrazer, Penetrationtester, bughunter.
🍄 Level up
📰 Read
Report Pointers for Collaborative Chains. A way to collaborate without sharing the technical details of their finding. MORE
Unique 0-click deanonymization attack targeting Signal, Discord, and hundreds of other platforms. MORE
Reverse Engineering Call Of Duty Anti-Cheat. MORE
Stealing HttpOnly cookies with the cookie sandwich technique. MORE
Fun with Timing Attacks. MORE
💡 Tips
In Obsidian, when a numbered list is modified, the numbers are now automatically updated. MORE
Squish is squoosh for batch processing, enabling fast and efficient compression of images across various formats. MORE
Prevent duplicate bug reports by focusing on deep technical understanding of specific vulnerabilities, mastering chosen attack vectors, and developing expertise in targeted programs, rather than relying on generic tools and techniques. MORE
Say what you want about Bryan Johnson (don't die), his social media game is on point. MORE
Five Stages of Understanding Don't Die:
Denial: “u so busy tryin’ to not die u aint living”
Anger: “hope he gets hit by a bus”
Bargaining: “are we allowed cheat days?”
Depression: “we’re all doomed anyways”
Acceptance: “fine, I’ll go to bed on time”
🧠 Wisdom
Stop Wasting Time: How to Change your Life in 90 Days. A three-step method for life transformation: reflect, align, plan. MORE
Every inch of forward head posture, the force on the spine increases by an additional 10-12 pounds. Here’s how to prevent knee pain, immobility, and a lifetime of chiropractor visits. MORE
Ted Lamade draws a parallel between football and investing, arguing that pressure and adversity create the most successful players and investors. He highlights the NFL's last four MVPs as examples of underdogs who overcame the odds. MORE
The #1 Business Book Millionaires Won't Tell You About: Thinking in Systems. MORE
📚 Resources
Creating a highly-integrated open-source laptop from scratch. MORE
Codepens of 2024 showcase incredible interactive web experiences that push the boundaries of what's possible online. MORE
Guide to LLMs by Northeastern University and NiuTrans Research, breaking down fundamentals across four chapters: pre-training, generative models, prompting, and alignment. MORE
HN readers share which RSS reader they use. MORE
I'm still using my good ol' trusty Inoreader. I tried Feedly briefly when it came out, but it didn’t fit my workflow.
Shielder, in partnership with OSTIF and the CNCF, performed a security audit of the open-source, multi-cloud, multi-cluster Kubernetes orchestration project, Karmada. MORE
🛠 Explore
Get $200 to try DigitalOcean — the go-to for all my recon, automation, and VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.
🧰 Tools
The "postMessage-tracker-firefox" is a Firefox extension that tracks the usage of postMessage, logging the URL, domain, and stack, both visually on the extension icon and using CORS. MORE
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform designed to operate entirely offline. MORE
Smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery. MORE
JS Snitch is a command-line tool that automates the process of scanning remote JavaScript files for potential secrets or credentials using Trufflehog and Semgrep. MORE
rip2 is a rust-based rm with a focus on safety, ergonomics, and performance. MORE
🎥 Watch
The story behind Clippy, the iconic Microsoft Office assistant, rose to fame in the late 90s. MORE
Ras Mic breaks down AI coding platforms for different tech levels: no-code options for non-techies, hybrid platforms for those with some skills, and full-control tools for advanced users. MORE
Get ready for a wild ride with Leet Heat, the ultimate game show for web devs. Contestants @shrutikapoor and @JoelHooks go head-to-head, showcasing their lightning-fast coding skills and dev knowledge. MORE
John Hammond shows dodgy websites on the Dark Web, and shows how your personal data could be sold or given aways on the dark web. MORE
Dax doesn't use his computer, he uses a remote dev setup instead. Here's why: scalability, flexibility, and multi-device seamlessness, along with the tools and processes involved. MORE
🎵 Listen
Dave Chappelle is a masterful story teller. His SNL monologue in 2025 is no different where he touches on Donald Trump, the Los Angeles fires, and more. MORE
"The Almanack of Naval Ravikant" is a must-read book on financial freedom. It's also available for free on Naval's website. MORE | FREE E-BOOK
How the Founder of a $180M+ company uses AI on a daily basis. MORE
🌐 Technology
Real-world attempt to work with one of the most hyped AI products of 2024, Devin. MORE
"When it worked, it was impressive. But that’s the problem - it rarely worked. Out of 20 tasks we attempted, we saw 14 failures, 3 inconclusive results, and just 3 successes."
"If you want to use an AI model to help with a business problem, it’s not enough to see that it understands what factors make a product profitable; you need to be sure it won’t forget what money is."
Wes put JavaScript on his Roomba vacuum, using USB to Serial and jumper wires. MORE
👀 Interesting
Weather Explorer is a website that aims to bridge the gap between basic weather data sites and in-depth weather analysis platforms. MORE
Peter Roberts, an immigration attorney who works with YC and startups, hosted an AMA. MORE
Ask HN: Is anyone doing anything cool with tiny language models? Here's the one that stood out to me: "Enhancing Maternal Healthcare: Training Language Models to Identify Urgent Messages in Real-Time" MORE
Explore the history of movies on CD-ROMs, an in-depth look at the evolution of home entertainment formats and the pioneering efforts in interactive movie content. MORE
Amidst the chaos of the world and internet, Her 86m2 channel continues to feel safe, warm, and refreshing. She shares tips on how to prepare your vegetable garden for the next season with these tips to boost your yields. MORE
💭 Quote
Design is not just what it looks like and feels like. Design is how it works."
Until next week, take care of yourself and each other,
Bee 🐝
This newsletter may contain affiliate links that support its costs. These links lead to tools, courses, and resources that I've personally found helpful.

📈 Learned something?
Upgrade Yourself →
You're getting the free version. Members get more — including exclusive & bonus content, access to an online community of smart and driven people, the complete Hive Archive, deep discounts, and so much more. See what you're missing.
Share Hive Five →
Share this newsletter with your friends and colleagues.
1 REFERRAL = 20% OFF EVERYTHING IN THE STORE
Until next week, take care of yourself and each other,
Bee 🐝
This newsletter may contain affiliate links that support its costs. These links lead to tools, courses, and resources that I've personally found helpful.