Hive Five 225 – The Way of Code

While doing some reflecting, here are some states of being I want to achieve:

1. Minimalism: A focus on simplicity, where I let go of unnecessary things and concentrate on what truly adds value to my life.

2. Mushin no shin: A mindset free from overthinking, going with the flow, allowing me to stay present and make decisions without hesitation.

3. Action-oriented: A commitment to taking action as the primary solution to challenges, driving progress in my work and projects.

4. Intentional consumption: A practice of engaging with content purposefully while working on meaningful tasks, ensuring that my time is well spent.

Let’s take this week by swarm!

• Game changing (early-access) Obsidian Bases release. Obsidian’s Bases syntax lets you create custom views, filters, and formulas to organize your notes. It’s like building your own database inside Obsidian. MORE

• Rick Rubin’s “The Way of Code” blends Tao Te Ching with programming, visualizing themes like simplicity and balance using code-generated art. It explores coding principles and philosophy, offering insights into art, leadership, and life. MORE

• Andreas Kling discusses Ladybird, a new browser engine built from scratch based on web standards, aiming to offer an independent alternative to Chromium-based browsers. He hopes to foster community involvement to ensure web compatibility. MORE

• Remote Prompt Injection in GitLab Duo Leads to Source Code Theft . Get details on the vulnerabilities the Legit research team unearthed in GitLab Duo. TL;DR: A hidden comment was enough to make GitLab Duo leak private source code and inject untrusted HTML into its responses. MORE

• Hacking AI Series: Vulnus ex Machina: Part 2 (Ep.123). Rezo talks about mastering Prompt Injection, taxonomy of impact, and both triggering traditional Vulns and exploiting AI-specific features. MORE

Top Community Tools:
Find Your Perfect Community Tool, Faster.

• xnLinkFinder v6.16 fixes bugs in Waymore Mode, now checking for .new and .old versions of waymore.txt. Plus, it improves index file checks by using os.basename and finding the 2nd “http”. MORE

• DOMPurify 3.2.6 is out with fixes for typos, better config hardening against prototype pollution, and improved handling of attribute removal. Also, a script causing a fake CVE entry was removed. MORE

• KNOXSS v5.2 is out. To help you stay stealthy, it now processes URLs in random order when you feed it a file. This small change helps you “fly under the radar.” MORE

• Kepano’s Obsidian theme just hit version 1.0.0. This is the last release before they switch from Dataview to Bases, so it’s a good time to check it out. MORE

• Obsidian Minimal theme v8.0.0 is out. It’s built for Obsidian 1.9.0, improves performance, and has new styles. Some older plugin support has been removed. MORE

• Jason Fried from 37signals emphasizes the importance of cover letters in hiring, viewing them as key indicators of effort, communication skills, and genuine interest in the specific job. A well-crafted cover letter can set you apart. MORE

• Dave showcases his daily Voice + AI workflow: Complete Productivity System using Raycast, Wispr Flow, Asana MCP. MORE

• “A Power User in Life,” with Jaimee, she joins Mac Power Users to discuss her career, which has been full of twists and turns, but has always been defined by making great products infused with creativity and passion. MORE

• Notion command center showcase designed to boost productivity through features like daily checklists, quick-capture tools, intuitive organization, and modular workflows. MORE

• Timeless principles of Time Management. A deep dive on the system I use to manage time and productivity, inspired by many experts in the field. MORE

• NahamCon and CTF were a great success. Unfortunately I wasn’t able to attend, so cannot wait for the YouTube videos. MORE

• DEF CON Groups are changing how they’re named and managed in 2025. To improve communication and verification, all groups must schedule a video call to confirm their Point of Contact. MORE

• @michenriksen | Vulnerability Research Engineer at GitLab.
• @ehsayaan | Sayaan Alam | Offensive Security Researcher /Student/Bug Bounty Hunter | SRT Hero at @Synack Red Team | H1/Bugcrowd – sayaanalam.
• @ngalongc | Ron Chan | Trying to build something useful | Currently working on Authz AI.
• @0xbeefed | 0xbeefed | Bug bounty Hunter – Product security engineer @ Meta.

• Sean Heelan used OpenAI’s o3 model to find CVE-2025-37899, a zero-day flaw in Linux’s SMB file-sharing system, showing AI’s growing power in vulnerability research. O3 pinpointed a use-after-free bug that even human researchers initially missed. MORE

• One-Click RCE in ASUS’s Preinstalled Driver Software. MORE

• Siguza’s blog post “tachy0n” dives into an old iOS 13.0-13.5 jailbreak exploit, discussing its origins, how it was used in previous jailbreaks like Spice and unc0ver, and the major security changes in iOS 14 that reshaped the landscape. It highlights how Apple shifted from patching bugs to patching exploitation strategies. MORE

• The Single-Packet Shovel: Digging for Desync-Powered Request Tunnelling. Despite HTTP Request Tunnelling’s resurgence in recent years with the advent of HTTP/ Desync Attacks, its much bolder big brother HTTP Request Smuggling has stolen the limelight, leaving cases of desync-powered tunnelling buried for all but the most dedicated tunnelling enthusiasts. MORE

• You can now run Ollama local models to power Raycast AI, for free. MORE

• Old Chrome bug CVE-2023-4357 lets attackers read local files via maliciously crafted images. If you’re creative, you can find this vulnerability in unexpected places, like smart displays, and earn big bounties. MORE

• IppSec continues his Golang series explaining the functional options pattern in Go, which helps manage function arguments and optional parameters by using function types and higher-order functions. MORE

• g0lden provides an update to his bug bounty automation, detailing their use of Kubernetes, GitOps, and a modular monolith architecture for scalable and efficient vulnerability scanning. He emphasizes the importance of databases and encourage viewers to explore Kubernetes and share their setups. MORE

• Orwa Godfather shares recon techniques for bug bounty and pentesting, emphasizing tools like Shodan and VirusTotal for uncovering sensitive information and vulnerabilities. He also details zero-day hunting, code searching with Sourcegraph, and practical tips for bypassing security measures. MORE

• In a candid postmortem, swyx regrets choosing Elixir/Phoenix Liveview for a web app, citing instability, slow loading times, and ecosystem immaturity. They found the learning curve steep and the error messages unhelpful, leading to a painful development experience. MORE

• The video discusses the common misconceptions about low back pain and why traditional treatments often fail in the long run, plus what to do instead. MORE

• The Anxiety-Curiosity Switch: How to Redirect Your Mental Energy for Creativity. You stare at a blank page knowing it could be something special, but every time you try to write the opening sentence your mind floods with what-ifs. MORE

• Joseph on rooting for your friends. Be a “hypeman” for your friends by celebrating their wins and sharing opportunities. This creates a positive cycle of support, leveling everyone up together. MORE

• Alberto reflects on using AI for a SaaS infrastructure project, finding it led to inconsistent and messy code. They’re now stepping back to use their brain more, using AI as an assistant, not a replacement. MORE

• AI Hallucination Cases. This database tracks legal decisions in cases where generative AI produced hallucinated content, typically fake citations, but also other types of arguments. It does not track the (necessarily wider) universe of all fake citations or use of AI in court filings. MORE

• In 2025, picking the right message queue (like Kafka or RabbitMQ) is still tough! Devs weigh speed, simplicity, and scalability, while battling vendor hype and tech biases. MORE

• Use Cloudflared to securely connect your Home Assistant instance to a domain, skipping router port opening. Secure your connection further with Cloudflare Zero Trust. MORE

• Worried about email security? Muttpack sandboxes the Mutt email client using containers, isolating it from the network and limiting file system access to protect your system from email-borne threats. MORE

• GT Standard is a modern font that uses simple shapes for clarity and works in many sizes and styles. It’s great for designers who want a clean, easy-to-read font for all their projects. MORE

The Member Edition

A premium membership gets you: