
Introduction
Welcome to follow my channel, where I occasionally share random messages
Or follow me on Twitter
https://twitter.com/bboysoulcn
-
A backdoor in a LinkedIn job offer
A recruiter on LinkedIn sent a GitHub repo for “code review,” but the npm prepare script hid a backdoor that executed remote code on npm install. The author used a read-only AI agent to spot the payload hidden in a test file within seconds, and discovered both the recruiter’s identity and the GitHub contributor’s identity were stolen from real people.
https://roman.pt/posts/linkedin-backdoor/
-
I Stored a Website in a Favicon
The author encoded an entire HTML page byte-by-byte into the RGB pixels of a PNG favicon. The result: a 9×9 pixel icon carrying a full website, decoded at runtime by reading the favicon’s pixels via the Canvas API — a creative exploration of storage boundaries disguised as a browser icon.
https://www.timwehrle.de/blog/i-stored-a-website-in-a-favicon/
-
TownSquare
TownSquare is an open-source tool that adds a shared presence layer to any website with a single <script> tag. Visitors can see each other, move around, and chat — no accounts, no algorithms. It has 275 registered sites and over 330,000 messages exchanged.
https://townsquare.cauenapier.com/
-
.gitignore Isn’t the Only Way To Ignore Files in Git
Git offers three levels of file ignoring: .gitignore (shared, checked in), .git/info/exclude (per-repo, local-only), and ~/.config/git/ignore (global, machine-wide). The post also demonstrates using git check-ignore -v to trace which rule is responsible for ignoring a specific file.
https://nelson.cloud/.gitignore-isnt-the-only-way-to-ignore-files-in-git/
-
Nginx as a Reverse Proxy
A comprehensive guide to using Nginx as a reverse proxy, covering server/location blocks, the proxy_pass trailing slash pitfall, real client IP header forwarding, WebSocket upgrades, buffering and timeout tuning, HTTP/2, rate limiting, and a production-ready configuration example.
https://sanyamserver.online/posts/nginx-reverse-proxy/
-
I build a 10 inch mini rack from aluminium extrusions
A detailed build log of a 10-inch mini rack made from 20mm aluminium extrusions and custom-cut aluminium sheets, housing six 1L mini PCs with dual-network (1G + 2.5G) connectivity, cooling, and power distribution — all at a total cost of approximately €313.
https://louwrentius.com/i-build-a-10-inch-mini-rack-from-aluminium-extrusions.html
-
What happened after 2,000 people tried to hack my AI assistant
The author opened his AI assistant Fiu to the public for a prompt injection challenge. Over 6,000 emails and 2,000+ attackers later, the secrets file was never leaked and no unauthorized replies were sent. Claude Opus 4.6 with a few lines of security rules proved remarkably resilient against social engineering and injection attacks.
https://www.fernandoi.cl/posts/hackmyclaw/
-
dnspick
dnspick is a cross-platform DNS benchmarking CLI tool written in Go that concurrently tests DNS servers over UDP, DoT, DoH, and DoH3, then scores them by average latency and success rate to recommend the optimal DNS for your network.
https://github.com/palemoky/dnspick
-
Choosing a Public DNS Resolver: Compare 30 Global Services
An interactive comparison guide covering 30 global public DNS resolvers including AdGuard, Cloudflare, Quad9, and NextDNS. Filter and rank by privacy policy, encrypted transport (DoH/DoT/DoQ), filtering features (ads/malware/adult content), jurisdiction, and operator type.
https://evilbit.de/dns-resolver-guide.html
-
You Can Detect if Code Is Being Run Inside a Terminal
Demonstrates how to detect terminal execution using sys.stdout.isatty() in Python, process.stdout.isTTY in Node.js, $stdout.tty? in Ruby, and [ -t 1 ] in Bash — and explains why this is the mechanism behind color output being suppressed in CI/CD pipelines.
https://nelson.cloud/you-can-detect-if-code-is-being-run-inside-a-terminal/
Feel free to follow my blog at www.bboy.app
Have Fun
