Tech · Culture · Fiction
Article A grep job cost forty-seven dollars
A scheduled Claude Code skill shelled out to curl on its own and burned $47.30 in 19 minutes. The root cause, the commit 7a3b8d2 that fixed it, and the guardrails.
TS-2026-009 turned an argument into root
TS-2026-009: Tailscale SSH permitted root through argument handling. When supplied input can reach the privilege context, argument handling is the access control.
Count Binface breaks your correlation rule
Count Binface names a detection-pipeline attack: targeted noise injection exploits data-aggregation bias to bury true positives and poison UEBA baselines.
serverHold pulled t.me from the zone, no CVE fired
Telegram's t.me suspension was an EPP registry status code, not an exploit - a look at ccTLD delegation, serverHold mechanics, and the telemetry defenders miss.
GhostLock is not a vulnerability.
GhostLock is a stack use-after-free present in every Linux distribution for fifteen years, exposing an enforcement point that was never built.
Grok copied your directory to xAI's servers
Grok uploaded a user directory to xAI. The failure is identity and access management: execution context reached local files with no enforced boundary.
tanh now fingerprints your OS
Chromium 148 dispatches Math.tanh to the platform libm, leaking OS identity through last-bit IEEE 754 divergence. A silent, unpatchable fingerprinting signal.
The Wire — latest
All →- A practical pattern for wiring HTMX into Go web apps
- A viral train video becomes an argument against UK youth phone bans
- AI 'Starships' Claim 27 Open Math Proofs, Each Formalized in Lean 4
- Argument injection in Tailscale SSH let non-root users grab a root shell
- BIS: AI boom is pivoting from cash flows to debt — and it all rides on the hype
- Dependabot Now Waits 3 Days Before Proposing Dependency Updates
- EU age-verification app draws backlash over Google Play Integrity requirement
- Hobbyists archive 15 TB of Minecraft's most infamous server before it's tamed
- JUCE creator ships Juggler, an open-source GUI coding agent built around session trees
- Microsoft Ships Record 570 Patches as AI Reshapes Bug Discovery — and Exploitation
Stay in the loop
New writing delivered when it's ready. No schedule, no spam.