So to summarize, AI will cause personal computers to cost ten thousand dollars, all applications will forever be frozen to about 2025 design and implementation (because that’s what vibe coding outputs), power to run the computer will be twice the price and also you need to sign in with your passport to start your computer in the first place.

Explain to me again how this is progress?

In today's episode of "Can It Run Doom": DNS fucking TXT records.

Some absolute madlad (cough Adam Rice cough) compressed the entire shareware DOOM WAD, split it into around 1,964 chunks, shoved them into Cloudflare TXT records, and wrote a PowerShell script that reassembles and runs the whole goddamn game from DNS queries alone. Nothing touches disk. The DLLs are in DNS. THE FUCKING DLLS ARE IN DNS.

RFC 1035 was written in 1987. Those engineers are spinning in their graves fast enough to generate municipal power.

Bonus: this is a fully functional globally-distributed covert data exfil channel that your NGFW will never fucking see if you're not doing deep DNS inspection. Sleep well.

blog: https://blog.rice.is/post/doom-over-dns/

repo: https://github.com/resumex/doom-over-dns

Also lmao @ every blue team that has never once looked at their DNS query volume. How's that DLP policy working out for you.

It was always DNS.

#infosec #dns #doom #itisalwaysdns

$77,000 per developer per year.

Stripe found engineers spend 43% of their time on coordination and maintenance. For a team of 15, that's $1.15M/year on people talking to each other about services that talk to each other. Not features. Not product. Coordination.

Every new service adds connection points that compound the tax. Two services: 1 connection. Twenty services: 190.

The fix is not more process. It's fewer services.

The full cost breakdown with case studies:
https://simplicityfirstphilosophy.substack.com/p/the-architecture-tax

Today in InfoSec Job Security News:

I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.

So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.

https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc

As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.

You vibed an app, for an audience of one. Add it to Tiny Tool Town.

But You know what Tiny Tool Town REALLY needed?

*TIKTOK MODE*

Why not mindlessly scroll awesome vibe coded apps rather than videos? Maybe one will help you or someone else!

go hit **https://tinytooltown.com** and tap "SHORTS" for TikTok/Shorts/Reels Mode

AI agent "contributes" PR to matplotlib.
PR gets rejected.
AI agent *writes and publishes blog to shame the maintainer*.

What a time to be alive.

https://github.com/matplotlib/matplotlib/pull/31132

There's a standard gag about LLM chatbots: whenever I use AI to probe a topic I know something about, it makes numerous errors; by contrast, whenever I use it to explore topics I know little about, it knows so much more!

Unrelated: while workers report or are measured to have at best modest improvements to their work when using AI, CEOs and managers say AI has many benefits to the work of their organisation.