🐝 Hive Five 222 - How to Move Fast

Hi friends,

Greetings from the hive!

In July 1995, Tatu Ylonen sent the following e-mail to IANA:

The next day, he had an e-mail from Joyce waiting in his mailbox:

And that's how SSH port 22 came to be.

Let's take this week by swarm!

🐝 The Bee's Knees

• An Age of Extinction Is Coming. Here’s How to Survive. The digital age is changing society, with virtual substitutes replacing real-world experiences. To survive this "extinction," we must intentionally fight for the traditions, arts, and relationships we value. MORE

• "I Have Cancer," the TikTok Star Said. Then Came the Torrent of Hate. Sydney Towle’s videos have drawn an enormous audience on TikTok, where her followers praise and support her. On Reddit, an army of skeptics was determined to paint her as a fraud. MORE

• Lee Robinson showcases how to build products with AI using v0. Viewers asked about design systems, Tailwind CSS, Lighthouse issues, GitHub sync, and prompt priority. MORE

• Dummy's Guide to Modern LLM Sampling. LLMs have a vocabulary, or a dictionary, of valid tokens, and will reference those in training and inference (the process of generating text). MORE

• DeepWiki provides up-to-date documentation you can talk to, for every repo in the world. Think Deep Research for GitHub. MORE

Interested in sponsoring the Hive Five? Secure your spot.

📰 Updates

📅 Events

• OffensiveCon 2025 (May 16-17) in Berlin is packed with talks on AI, exploit development, and browser security. Day 1 features keynotes and sessions, while Day 2 dives into Android, Bluetooth, and finding old bugs. MORE

• NahamCon 2025 (May 22-23) is a community-driven cybersecurity conference that's completely free and accessible online. This year offers 2 specialized tracks over 2 days: Day 1 explores Hacking AI/Hacking with AI, and Day 2 presents our signature main track. MORE

✅ Changelog

• Raycast is now on iOS! Use AI voice or keyboard, access notes, snippets, and quick links on the go. MORE

• Cursor's latest update makes coding easier with automated rules and a built-in diff viewer for code reviews. Plus, you can now add images to prompts and try out new models like Gemini 2.5 Pro. MORE

• Lazygit v0.50.0 is out with enhancements like cherry-pick and revert improvements, plus a new "move commits to new branch" command. This release also focuses on reducing memory consumption and includes several bug fixes. MORE

• Judge Yvonne Gonzalez Rogers is super pissed at Apple for not following the court's orders in the Epic Games case. Apple made it hard for developers to use other payment methods, and the judge says they lied about it. MORE

• Resend introduced idempotency keys to ensure an email sends only once, even with retries. Use a unique key (like a UUID) with each request to prevent duplicates within 24 hours. MORE

💼 Work

💰 Career

• Want to boost your chances of success? Aaron Francis shares strategies to become more resilient and create opportunities, even when unexpected challenges arise. Learn how building a foundation now can help you thrive in the face of uncertainty. MORE

• Elad Gil (ex-Airbnb and Twitter) discusses career navigation, emphasizing the importance of mindset, risk-taking, and adaptability. MORE

• Want to be super effective at work? This article dives into how to boost your impact by developing agency (making things happen) and taste (knowing what works). MORE

🚀 Productivity

• Dan Koe debunks the 80-hour work week myth, urging readers to focus on leisure and leverage for better results; work smarter, not harder. Use AI to automate and boost your productivity, and enjoy a more balanced life. MORE

• Need to focus? Void blocks distracting websites on your Mac using the built-in firewall. It's a simple way to block domains temporarily or permanently. MORE

• Khoj is like a personal AI assistant that you can host yourself. It helps you find answers from the web and your own documents, create custom agents, and automate research, making it your AI second brain. MORE

• Tiago replaced his $700/hour coach with NotebookLM. MORE

• FixBrowser is a lightweight web browser that skips JavaScript for speed, using scripts to enhance websites. Its FixProxy tool lets you browse privately by whitelisting resources. MORE

🌎 Community

🎉 Celebrate

• Two friends, with no tech background, made $500k each through bug bounties, totaling $1M! It took them several years of hard work and willingness to achieve this milestone. MORE

• STÖK shares the importance of slowing down and finding balance after years of hustle. He realized "good enough" is okay and encourages others to prioritize well-being over constant striving. MORE

⚡️ Zeitgeist

• A security researcher reported 3 critical vulnerabilities through a vulnerability disclosure program (VDP) but only received 21 reputation points, which they felt was unfair. Many others disagreed, noting VDPs should solely be hear something, say something. MORE

• What HackerNews members are working on: This thread features a wide variety of projects, from AI-powered tools for various industries (tree cutting, diabetes management) to hardware projects and creative endeavors (graphic novels, game development, a book on Estonia). MORE

• Q&A With The CVE Foundation. Tib3rius interviews Pete Allor of The CVE Foundation about the ongoing issues facing the CVE Program, why The CVE Foundation was formed, and how he thinks the CVE Program should evolve under their leadership. MORE

💛 Follow
Awesome accounts to follow. Randomly selected from my curated Twitter lists.

• paulg | Paul Graham.

• @TechEmiiily | Pibble | Kavatender | Defcon Speaker Ops Goon | Dallas Hacker | She/These Hands.

• @imranparray101 | Imran Parray | Founder of snap_sec.

• @JamesClear | James Clear | Author of the #1 NYT bestseller Atomic Habits. I write about building good habits.

• @tillson_ | Tillson Galloway | PhD student at Georgia Tech, internet archaeologist.

🍄 Level up

📰 Read

• HTML Injection to Stored XSS and Account Takeover. MORE

• Dr. Becky Kennedy helps $10M+ entrepreneurs balance work and family by setting boundaries and teaching kids about money and resilience. Her Good Inside app offers personalized parenting advice for busy parents. MORE

• Many MCP environments store long-term API keys for third-party services in plaintext on the local filesystem, often with insecure, world-readable permissions. MORE

• CSS Exfiltration under default-src 'self'. MORE

• AI coding boosts productivity but might kill the joy of programming. Will developers find fulfillment in prompt engineering or system design, or will the lack of flow lead to detachment? MORE

💡 Tips

• Pieter Levels on power outage preparedness: Key essentials - backup camping battery (Ecoflow), Starlink with battery power for connectivity, FM radio, water, and a stocked freezer with BBQ + coals for emergencies. MORE

• Speed up your web development with Cursor by connecting it to tools like Figma and Linear. Reuse code and designs for cleaner, more consistent results. MORE

• Jasmin "JR0ch17" Landry reveals a sophisticated SSRF technique demonstrating regex validation bypass and SSRF exploitation strategies, even without cloud metadata access. MORE

• Dan Go shares fitness tips he wishes he knew at 25, like taking creatine for muscles and brain health. He also suggests cardio, mobility routines, and even watching something "arousing" before lifting to boost strength. MORE

• Raycast AI extensions make batch renaming files super easy. MORE

🧠 Wisdom

• The video discusses how people overvalue their contributions and undervalue luck's role in their success, leading to an egocentric bias. MORE

• Patrick Collison (CEO, Stripe) on How to Move Fast. MORE

• Mitch Horowitz shares 101 rules for effective living, from dealing plainly to independent research. Get practical wisdom on relationships, work ethic, and navigating life's challenges. MORE

• The Most Powerful Asymmetries in Life: 44 small actions with big potential rewards in your career, relationships, health, and more. MORE

• Tim reveals how naive confidence fuels entrepreneurial success. By mentally tricking oneself and acting as if already successful, entrepreneurs can overcome self-doubt and achieve their goals, drawing parallels to psychological performance in fitness training. MORE

📚 Resources

• Purple Llama offers tools and evals for boosting the safety of AI models, especially for cybersecurity risks. MORE

• Discover a curated list of asset discovery resources by RedHunt Labs. This repository helps you find anything and everything an organization has data on, like servers, websites, and even open-source code. MORE

• Collection of leaked prompts used to control AI models. See how the "sausage is made" behind the AI curtain. MORE

• Develop Caido plugins easily with the caido-community/dev toolkit. This CLI tool simplifies building and packaging, so you can focus on creating awesome security extensions. MORE

The Member Edition