Changed my wallpaper

Launched (and already redid) experience.engineer

Vibecoded a Chrome Extension that replaces YouTube suggested videos with my own (from the newsletter)

Learned about Delight Product Managers

Started working on my Obsidian Bases again (insight via Productivity bullet #4)

Former Facebook VP Julie Zhuo explores how traditional management skills directly translate to managing AI agents in this essential leadership discussion. She shares practical frameworks for using AI to accelerate team learning and gives actionable feedback scripts for the AI-powered workplace. MORE

Commit Your Code Conference presents Aaron Francis's keynote on timeless career success strategies. MORE

Joseph Thacker explores "AI Comprehension Gaps" - dangerous mismatches where humans and AI models interpret the same content differently, creating security vulnerabilities. He details five examples including invisible Unicode characters, malicious QR codes disguised as emojis, and steganography that can lead to prompt injection attacks and data exfiltration. MORE

How to stop AI's "lethal trifecta". Coders need to start thinking like mechanical engineers. When AI systems get access to untrusted data, valuable secrets, and external communication simultaneously, creating massive vulnerability to prompt injection attacks. The solution requires AI engineers to think like bridge builders, overengineering safety margins and fail-safes rather than assuming perfect security can be achieved. MORE

Dan Wang, a Stanford researcher who lived in China from 2017-2023, argues that China's engineering-focused leadership has built superior infrastructure and manufacturing capabilities that could challenge U.S. global dominance. While China excels at physical engineering and industrial production, its social engineering failures like the one-child policy and authoritarian control drive many talented Chinese to seek opportunities abroad, creating a complex dynamic where China builds power while losing human capital. MORE

GitHub has launched Copilot CLI in public preview, bringing AI coding assistance directly to your terminal with natural language commands. The tool integrates with your GitHub repos, issues, and PRs while requiring explicit approval before executing any actions. MORE

Google updated their bug bounty report quality framework with clearer guidelines and new reward multipliers (0.8x-1.2x) to make exceptional bonuses more attainable. They also introduced a $1,000-$5,000 novelty bonus for innovative research that uncovers new vulnerability classes. MORE

Burp Suite Pro's new Custom Actions feature lets you run Java code directly in Repeater tabs to automate security testing workflows. The demo shows practical examples like testing authorization bypasses, race conditions, and cookie swapping between user sessions. MORE

Beehiiv launched quarterly subscription billing and native Discord/YouTube integrations to help newsletter creators monetize better. The platform now offers flexible payment options, automated community management, and seamless video content syncing without taking revenue cuts. MORE | SIGN UP

Two Things Can Be True. Boz shares his four-step method for resolving workplace conflicts by helping both sides see the truth in each other's perspectives. Instead of picking sides or just offering sympathy, he guides people to look past emotional reactions and find the valuable substance in criticism. MORE

Greg breaks down how solo developers are building iOS apps that generate $100,000+ monthly revenue by targeting daily habits with AI features and smart marketing. The strategy focuses on finding narrow niches, rapid prototyping, and leveraging social media distribution channels like TikTok to reach paying customers. MORE

Front-end developer shares hard-won lessons from transitioning to management 7 years ago, including the challenge of letting go of control and trusting others with work you "know" you could do better. The article covers essential skills like delegation, communication styles, and "managing up" - plus why many developers view management as the only career path when dual-track options now exist. MORE

Cate breaks down why being truly strategic often makes you look less strategic than those who just talk about big visions. She reveals the four essential elements - time, context, direction, and expertise - that leaders need to balance for effective strategy execution in today's resource-constrained environment. MORE

This comprehensive guide breaks down building a lifestyle business that prioritizes fun, fulfillment, and freedom over maximum revenue, featuring insights from serial entrepreneur Chris Ducker. The framework covers five key levels: understanding lifestyle business fundamentals, finding profitable niches through specific targeting, developing essential skills, managing productivity effectively, and maintaining long-term sustainability without burnout. MORE

This entrepreneur reveals how she transformed her 40-hour workweek into a $200K+ business that runs without her using systematic documentation and delegation. She breaks down a 5-step process to extract all business knowledge from your brain, score tasks by priority, assign ideal owners, document everything with video walkthroughs, and ultimately take that 7-day vacation without your business burning down. MORE

Comprehensive guide reveals advanced Obsidian Bases formulas for power users, including regex patterns for daily notes, date manipulation tricks, and complex relationship mapping between linked notes. The tutorial covers everything from basic filtering to sophisticated "unrequited outlinks" analysis that helps identify one-way connections in your knowledge graph. MORE

95% of People STILL Prompt ChatGPT-5 Wrong. Five simple techniques can dramatically improve your outputs: use "think hard about this" to trigger deeper reasoning, control response length with specific phrases, leverage OpenAI's prompt optimizer tool, structure prompts with XML tags, and implement "perfection loops" where the AI grades and improves its own work. MORE

This productivity expert reveals why your task management tools aren't working—it's not the software, it's missing four key elements that turn chaos into clarity. Learn how to create "observable outcomes," assign single owners, set real deadlines, and break work into manageable chunks to finally stop drowning in your to-do list. MORE

Developer shares his decade-long journey transforming a basic Mac terminal into a powerhouse setup with advanced tools like Ghostty, tmux, and nushell. Learn the essential utilities and configurations that can dramatically boost your terminal productivity and workflow efficiency. MORE

HackerOne welcomed three new H1-Elite members with custom superhero comic book covers featuring @niemand_sec, @ArchAngelDDay and @mallocsys. The cybersecurity community celebrated these well-deserved recognitions with more elite hackers expected to join soon. MORE

@shenetworks returned to X after an extended absence. Welcome back! MORE

Bug bounty hunter @Paaastha reached $100,000 in earnings on HackerOne this week, with most coming from recent full-time work focusing on logical flaws. Congrats! MORE

Bread, a developer, explains why terminal applications beat graphical interfaces: consistent vim keybindings across all programs, powerful scripting automation, extensive customization options, lower resource usage, and seamless remote work capabilities. MORE

Domenic, a key Chrome engineer who worked on web standards like promises and AI APIs for 11 years, announced his retirement from Google and work in general. He's leaving behind his influential role in web platform development to focus on personal projects, learning philosophy and physics, and exploring life in Tokyo. MORE

PyCharm's original creator reveals how the Python IDE started as a 2005 plugin and grew into the tool that helped Python become mainstream. The team was just 3 people when they launched, but even Python's creator Guido van Rossum praised it in an early blog post. MORE

Cloudflare, Netlify, and Webflow are teaming up to financially sponsor two major open-source web frameworks: Astro and TanStack. This cross-company collaboration ensures these critical developer tools remain independent and well-funded, rather than relying on a single company's priorities. MORE

Kylie, a tech journalist, reflects on getting fired during her probationary period and realizing the burnout from constantly chasing scoops had hollowed her out. She's now unemployed for the first time since being a teenager but finally feels like she can breathe again. MORE

First Malicious MCP in the Wild: The Postmark Backdoor That's Stealing Your Emails. A malicious MCP server called postmark-mcp has been secretly copying thousands of emails to an attacker's server since version 1.0.16, marking the first real-world backdoor in AI assistant tooling. MORE

From MCP to Shell. Security researchers discovered critical flaws in AI coding tools like Claude Code and Gemini CLI that let malicious servers execute code on users' computers just by connecting. The bugs exploited weak OAuth URL validation in the Model Context Protocol, turning simple authentication into remote code execution attacks. MORE

Stealthcopter discovered how simple regex mistakes can lead to Cross-Site Scripting (XSS) vulnerabilities, earning over $6,000 in bug bounties. The "REGEXSS" technique exploits greedy quantifiers like .* that accidentally match across HTML attribute boundaries, allowing attackers to inject malicious code through carefully crafted payloads. MORE

AI chatbots like ChatGPT are destroying marriages as spouses use them to analyze relationships, creating toxic feedback loops that validate only one perspective. Multiple couples report divorces after partners became obsessed with AI-generated relationship advice that painted their spouse as the villain. MORE

Supply chain attacks are exploiting our assumptions. Modern software development relies on implicit trust when installing packages, but attackers are systematically exploiting these assumptions through typosquatting, compromised maintainer accounts, and poisoned build pipelines. New defenses like PyPI's Trusted Publishing, GitHub attestations, and capability analysis tools are emerging to make trust explicit and verifiable rather than blindly assumed. MORE

A student intern accidentally landed a job at Vercel after sliding into CEO Guillermo Rauch's DMs for a sold-out conference ticket. The story shows how genuine curiosity, persistent feedback, and showing up authentically can lead to unexpected career opportunities in tech. MORE

What You Need to Know about Modern CSS (2025 Edition). MORE

Segment shares their proven playbook for running successful bug bounty programs, from starting small with private programs to building lasting relationships with security researchers. MORE

Rick a faster fix for Silent Hill crashes on GeForce 5090s: run dxcap -forcetdr in an elevated command prompt to force GPU driver restart. This avoids the tedious process of reinstalling drivers or rebooting your entire PC every time the game crashes. MORE

Software engineer Sean Goedecke argues that the best system design principle is doing "the simplest thing that could possibly work" rather than over-engineering for imagined future needs. He explains why simple solutions like Unix processes over threads or in-memory rate limiting often outperform complex, "scalable" architectures that create unnecessary maintenance overhead. MORE

Becoming the person who does the thing. Fred explores how our internal identity shapes everything we do, but the good news is we can change it through consistent small actions. He shares his journey from gym-avoider to regular exerciser, showing how "every action you take is a vote for the type of person you wish to become." MORE

Former White House advisor shares 40 life lessons he wishes he knew in his 20s, from avoiding toxic people to understanding that shortcuts are scams. Key insights include building a body of work over crafting resumes, embracing action over endless planning, and recognizing that persistence beats raw talent. MORE

YouTube Video Finder helps you recover deleted or private YouTube videos by searching multiple archives including Wayback Machine, Archive.org, and GhostArchive. Just paste the video URL and the tool searches 12+ services to find archived copies or metadata like titles and descriptions. MORE

Noma Security discovered "ForcedLeak," a critical vulnerability in Salesforce AgentForce that let attackers steal CRM data through malicious web forms. The exploit used prompt injection to trick AI agents into leaking customer emails and lead information to attacker-controlled servers. MORE

Cursor Learn is a free course teaching developers how to effectively use AI tools for programming, not machine learning itself. It covers AI model fundamentals, limitations, and practical patterns to build software faster with AI assistance. MORE | MY THOUGHTS

The essential handbook for AI detection: seven strategies to identify digital fakes. AI-generated content is flooding the internet faster than fact-checkers can verify it, with deepfakes now costing just $8 and taking 28 minutes to create entire political scandals. MORE

Cross-Agent Privilege Escalation: When Agents Free Each Other. One hijacked agent like GitHub Copilot can modify another agent's settings (like Claude Code) to execute malicious code, then the freed agent returns the favor. MORE