CodedBeard
@codedbeard.bsky.social
Principal Technical Lead
, #Azure/ #DevOps/ #dotnet teacher focusing on modernization projects. Thoughts are my own and all that jazz.
https://codedbeard.com
, #Azure/ #DevOps/ #dotnet teacher focusing on modernization projects. Thoughts are my own and all that jazz.
https://codedbeard.com
Reposted by CodedBeard
I look forward to hiring a Chief AI Officer whose job will be to just tell anyone who suggests using AI for anything to shut the fuck up.
November 24, 2025 at 2:52 AM
I look forward to hiring a Chief AI Officer whose job will be to just tell anyone who suggests using AI for anything to shut the fuck up.
Reposted by CodedBeard
Jon Gaines (Gainsec), the offensive security researcher who was featured in my recent video, lost employment today.
Jon discovered the vast majority of the vulnerabilities with Flock Safety (among many other things) on his own time, which I believe will ultimately result in Americans being safer. 🧵
Jon discovered the vast majority of the vulnerabilities with Flock Safety (among many other things) on his own time, which I believe will ultimately result in Americans being safer. 🧵
November 20, 2025 at 8:01 AM
Jon Gaines (Gainsec), the offensive security researcher who was featured in my recent video, lost employment today.
Jon discovered the vast majority of the vulnerabilities with Flock Safety (among many other things) on his own time, which I believe will ultimately result in Americans being safer. 🧵
Jon discovered the vast majority of the vulnerabilities with Flock Safety (among many other things) on his own time, which I believe will ultimately result in Americans being safer. 🧵
Reposted by CodedBeard
GOOD NEWS! Researchers have developed a cancer vaccine that has shown STUNNING results, PREVENTING up to 88% of MULTIPLE aggressive cancers by harnessing dual-pathway nanoparticles that train the immune system to recognize and destroy tumor cells. In some cases, it COMPLETELY prevented metastasis.
November 5, 2025 at 5:00 PM
GOOD NEWS! Researchers have developed a cancer vaccine that has shown STUNNING results, PREVENTING up to 88% of MULTIPLE aggressive cancers by harnessing dual-pathway nanoparticles that train the immune system to recognize and destroy tumor cells. In some cases, it COMPLETELY prevented metastasis.
Reposted by CodedBeard
Reposted by CodedBeard
Blogged: Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315
andrewlock.net/understandin...
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
#dotnet #aspnetcore
andrewlock.net/understandin...
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
#dotnet #aspnetcore
Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
andrewlock.net
October 28, 2025 at 3:35 PM
Blogged: Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315
andrewlock.net/understandin...
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
#dotnet #aspnetcore
andrewlock.net/understandin...
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
#dotnet #aspnetcore
Reposted by CodedBeard
Microsoft are rolling out Gaming Copilot to Windows 11 PCs. Silently, enabled by default, screenshots enabled by default, model training enabled by default. doublepulsar.com/microsoft-bu...
Microsoft builds on Recall with Gaming Copilot — fails basic privacy tests
Gaming Copilot, rolling out now to Windows 11, adds a new attack surface to Windows.
doublepulsar.com
October 23, 2025 at 10:02 AM
Microsoft are rolling out Gaming Copilot to Windows 11 PCs. Silently, enabled by default, screenshots enabled by default, model training enabled by default. doublepulsar.com/microsoft-bu...
Reposted by CodedBeard
Announcing .NET 10 Release Candidate 2
Focus on final quality, reliability, and stabilization across the runtime, SDK, libraries, ASP.NET Core, Blazor, .NET MAUI, and more.
Learn more: devblogs.microsoft.com/dotnet/dotne...
Focus on final quality, reliability, and stabilization across the runtime, SDK, libraries, ASP.NET Core, Blazor, .NET MAUI, and more.
Learn more: devblogs.microsoft.com/dotnet/dotne...
Announcing .NET 10 Release Candidate 2 - .NET Blog
.NET 10 Release Candidate 2 focuses on final quality, reliability, and stabilization across the runtime, SDK, libraries, ASP.NET Core, Blazor, .NET MAUI, and more.
devblogs.microsoft.com
October 15, 2025 at 12:05 AM
Announcing .NET 10 Release Candidate 2
Focus on final quality, reliability, and stabilization across the runtime, SDK, libraries, ASP.NET Core, Blazor, .NET MAUI, and more.
Learn more: devblogs.microsoft.com/dotnet/dotne...
Focus on final quality, reliability, and stabilization across the runtime, SDK, libraries, ASP.NET Core, Blazor, .NET MAUI, and more.
Learn more: devblogs.microsoft.com/dotnet/dotne...
Reposted by CodedBeard
It's Patch Tuesday and ASP.NET Core has a doozy, with a CVSS score of 9.9, our highest ever. Let's examine why.
The bug enables http request smuggling, which on its own for ASP.NET Core would be nowhere near that high, but that's not how we rate things...
* Thread- (1/7)
The bug enables http request smuggling, which on its own for ASP.NET Core would be nowhere near that high, but that's not how we rate things...
* Thread- (1/7)
Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability · Issue #371 · dotnet/announcements
Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability i...
github.com
October 14, 2025 at 6:01 PM
It's Patch Tuesday and ASP.NET Core has a doozy, with a CVSS score of 9.9, our highest ever. Let's examine why.
The bug enables http request smuggling, which on its own for ASP.NET Core would be nowhere near that high, but that's not how we rate things...
* Thread- (1/7)
The bug enables http request smuggling, which on its own for ASP.NET Core would be nowhere near that high, but that's not how we rate things...
* Thread- (1/7)
Reposted by CodedBeard
We're now finding out that as many as 70,000 people had their government IDs provided to prove their ages leaked by Discord. Like I wrote last week, this is an inherent risk (and made greater by a rushed process) of getting platforms to do age checks
Discord says 70,000 users may have had their government IDs leaked in breach
The ID pics had been submitted as part of age-related appeals.
www.theverge.com
October 8, 2025 at 11:20 PM
We're now finding out that as many as 70,000 people had their government IDs provided to prove their ages leaked by Discord. Like I wrote last week, this is an inherent risk (and made greater by a rushed process) of getting platforms to do age checks
Reposted by CodedBeard
3. this is not the moment for an incredibly expensive increase in state surveillance infrastructure to be run for profit by private tech firms just before Labour ushers in an (even more) authoritarian right wing government.
FIX THE GODDAMN COST OF LIVING INSTEAD YOU FREAKS.
FIX THE GODDAMN COST OF LIVING INSTEAD YOU FREAKS.
September 26, 2025 at 8:28 AM
3. this is not the moment for an incredibly expensive increase in state surveillance infrastructure to be run for profit by private tech firms just before Labour ushers in an (even more) authoritarian right wing government.
FIX THE GODDAMN COST OF LIVING INSTEAD YOU FREAKS.
FIX THE GODDAMN COST OF LIVING INSTEAD YOU FREAKS.
Reposted by CodedBeard
Let’s also set up infrastructure that a far-right populist party might abuse should they win an election.
Sure, let’s collate every member of the public’s personal and private information into one giant database right before handing whole swathes of the state over to multinational corporations using an emergent technology with numerous security issues
September 25, 2025 at 8:39 PM
Let’s also set up infrastructure that a far-right populist party might abuse should they win an election.
Reposted by CodedBeard
Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated worm-style campaign dubbed 'Shai-Hulud' started yesterday with the compromise of the @ctrl/tinycolor npm package, and has now expanded to CrowdStrike's npm namespace.
Self-propagating supply chain attack hits 187 npm packages
Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated worm-style campaign dubbed 'Shai-Hulud' started yesterday with the compromise of the @ctrl/tinycolor npm package, and has now expanded to CrowdStrike's npm namespace.
www.bleepingcomputer.com
September 16, 2025 at 4:47 PM
Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated worm-style campaign dubbed 'Shai-Hulud' started yesterday with the compromise of the @ctrl/tinycolor npm package, and has now expanded to CrowdStrike's npm namespace.
Reposted by CodedBeard
The “problem” with vaccines? They so effective at preventing deaths that they create generations of people that question whether disease was a problem in the first place because they have never experienced the horrors of a world without vaccines.
September 4, 2025 at 7:44 PM
The “problem” with vaccines? They so effective at preventing deaths that they create generations of people that question whether disease was a problem in the first place because they have never experienced the horrors of a world without vaccines.
Reposted by CodedBeard
Look what they did to Notepad. Shut the fuck up. This is Notepad. You are not welcome here. Oh yeah "Let me use Copilot for Notepad". "I'm going to sign into my account for Notepad". What the fuck are you talking about. It's Notepad.
August 27, 2025 at 1:42 AM
Look what they did to Notepad. Shut the fuck up. This is Notepad. You are not welcome here. Oh yeah "Let me use Copilot for Notepad". "I'm going to sign into my account for Notepad". What the fuck are you talking about. It's Notepad.
Reposted by CodedBeard
"Age verification" laws are actually "upload your ID or get your face scanned to access every website, ending anonymity and associating your identity with everything you do online" laws and if more people understood that they would not be down for this authoritarian nonsense
April 2, 2025 at 12:57 PM
"Age verification" laws are actually "upload your ID or get your face scanned to access every website, ending anonymity and associating your identity with everything you do online" laws and if more people understood that they would not be down for this authoritarian nonsense
Reposted by CodedBeard
The fact that the thing we're calling artificial intelligence *can't do math* and yet we're jamming it into programs that successfully *have done math* for decades, then warning people against using the AI to do math, seems like an excellent summary of where we are.
Good thing no one uses Microsoft Excel for anything related to legal, regulatory or compliance business functions
www.theverge.com/news/761338/...
www.theverge.com/news/761338/...
August 19, 2025 at 6:09 PM
The fact that the thing we're calling artificial intelligence *can't do math* and yet we're jamming it into programs that successfully *have done math* for decades, then warning people against using the AI to do math, seems like an excellent summary of where we are.
Reposted by CodedBeard
"MIT report: 95% of generative AI pilots at companies are failing"
What did I say? It's a bubble and A LOT of people are going to lose A LOT of money. Which is why your news feed is filled with stories pumping "AI." These companies need to pump their stock.
fortune.com/2025/08/18/m...
What did I say? It's a bubble and A LOT of people are going to lose A LOT of money. Which is why your news feed is filled with stories pumping "AI." These companies need to pump their stock.
fortune.com/2025/08/18/m...
MIT report: 95% of generative AI pilots at companies are failing
There’s a stark difference in success rates between companies that purchase AI tools from vendors and those that build them internally.
fortune.com
August 19, 2025 at 5:55 PM
"MIT report: 95% of generative AI pilots at companies are failing"
What did I say? It's a bubble and A LOT of people are going to lose A LOT of money. Which is why your news feed is filled with stories pumping "AI." These companies need to pump their stock.
fortune.com/2025/08/18/m...
What did I say? It's a bubble and A LOT of people are going to lose A LOT of money. Which is why your news feed is filled with stories pumping "AI." These companies need to pump their stock.
fortune.com/2025/08/18/m...
Reposted by CodedBeard
Prompt engineering is knowing the correct answer and trying to get the chatbot to produce it.
August 19, 2025 at 2:44 PM
Prompt engineering is knowing the correct answer and trying to get the chatbot to produce it.
Reposted by CodedBeard
Reposted by CodedBeard
do not upload your photo to any ID verification service to BROWSE THE INTERNET i am being so serious id much rather buy a vpn. learn how to pirate. this data is so obviously going to be used in nefarious ways
July 30, 2025 at 9:20 PM
do not upload your photo to any ID verification service to BROWSE THE INTERNET i am being so serious id much rather buy a vpn. learn how to pirate. this data is so obviously going to be used in nefarious ways
Reposted by CodedBeard
4) It encourages people to use VPNs, which increases the amount of resources it takes to investigate real crimes, and also complicated cybersecurity monitoring.
The whole concept is, and remains, an completely stupid an useless idea which harms everyone involved.
3/3
The whole concept is, and remains, an completely stupid an useless idea which harms everyone involved.
3/3
July 28, 2025 at 7:04 PM
4) It encourages people to use VPNs, which increases the amount of resources it takes to investigate real crimes, and also complicated cybersecurity monitoring.
The whole concept is, and remains, an completely stupid an useless idea which harms everyone involved.
3/3
The whole concept is, and remains, an completely stupid an useless idea which harms everyone involved.
3/3
Reposted by CodedBeard
This is certainly the tism talking but I find so much joy in curiosity and the process of learning that the idea of wanting to outsource thinking to a machine is unfathomable to me
That’s the fun part! Why wouldn’t you want to do that?
That’s the fun part! Why wouldn’t you want to do that?
July 21, 2025 at 1:22 AM
This is certainly the tism talking but I find so much joy in curiosity and the process of learning that the idea of wanting to outsource thinking to a machine is unfathomable to me
That’s the fun part! Why wouldn’t you want to do that?
That’s the fun part! Why wouldn’t you want to do that?
Reposted by CodedBeard
This thread is incredible.
Jason ✨👾SaaStr.Ai✨ Lemkin (@jasonlk)
.@Replit goes rogue during a code freeze and shutdown and deletes our entire database
xcancel.com
July 20, 2025 at 3:01 PM
This thread is incredible.
Reposted by CodedBeard
Hey friends! I did a TEDx talk and it's now up on the TED Conferences YouTube. It's possibly the best and most important talk I've ever done.
I would ask that you watch it, and please SHARE it broadly and widely. Thank you! youtu.be/dVG8W-0p6vg #AI #Tech #TED
I would ask that you watch it, and please SHARE it broadly and widely. Thank you! youtu.be/dVG8W-0p6vg #AI #Tech #TED
Tech Promised Everything. Did it deliver? | Scott Hanselman | TEDxPortland
YouTube video by TEDx Talks
youtu.be
July 17, 2025 at 5:37 PM
Hey friends! I did a TEDx talk and it's now up on the TED Conferences YouTube. It's possibly the best and most important talk I've ever done.
I would ask that you watch it, and please SHARE it broadly and widely. Thank you! youtu.be/dVG8W-0p6vg #AI #Tech #TED
I would ask that you watch it, and please SHARE it broadly and widely. Thank you! youtu.be/dVG8W-0p6vg #AI #Tech #TED
Reposted by CodedBeard
We ran a randomized controlled trial to see how much AI coding tools speed up experienced open-source developers.
The results surprised us: Developers thought they were 20% faster with AI tools, but they were actually 19% slower when they had access to AI than when they didn't.
The results surprised us: Developers thought they were 20% faster with AI tools, but they were actually 19% slower when they had access to AI than when they didn't.
July 10, 2025 at 7:47 PM
We ran a randomized controlled trial to see how much AI coding tools speed up experienced open-source developers.
The results surprised us: Developers thought they were 20% faster with AI tools, but they were actually 19% slower when they had access to AI than when they didn't.
The results surprised us: Developers thought they were 20% faster with AI tools, but they were actually 19% slower when they had access to AI than when they didn't.