2026-04-14 20:19:00
I'm posting this text directly from BearBlog, which is different cos I typically type into Obsidian first, but this is not one of those times.
I wanted to come on here and say was genuinely smiling after reading this post: Bear Blog and the kindness of digital strangers by The Moody Warlock and wanted to share it with anyone who read this blog. This is the exact kind of Small Web culture we need to embrace and strengthen. ■
🎧 Traffic outside my window
2026-04-14 18:39:13
Some days ago, browsing my RSS feed as usual I got some very weird error in a blog I (now used) to read. A few days later the the same happened, but then after the crash appeared a message to disable my adblock.
If they make the webpage crash because I don't allow ads, I'm better not accessing the site anymore.1 I guess the most I lose is access to comments. The most interesting part which was the link collection they posted once in a while can still be read via my RSS reader.
To make things worse, the post-crash page says the ads are reasonable. They are not, they're the same as every other site with ads.
I also got the same error with another site I found while browsing. I guess I don't need to access that one too.↩
2026-04-14 14:07:00
I have been doing bug bounty since 2013. Back then, everything was manual. I used to write my exploits line by line, document every step, and build reports from scratch. It was not easy, and honestly, I did not enjoy writing reports, especially the complex ones. You had to simplify everything clearly to avoid endless back-and-forth during triage.
I have also been on the other side, managing bug bounty programs at companies I worked for. It was easy to tell who was serious and who was not. And to be honest, I learned a lot from good reports. People from all over the world come up with very creative approaches.
Now things are changing fast with AI.
Skilled security engineers are becoming much more productive. AI helps a lot with code review, searching across different sources, and spotting patterns that lead to interesting vulnerabilities. But this only works well because they already understand what they are doing. They know what to ask, and how to ask it.
Even report writing has become easier. You provide context, and you get a clean, structured report. You can refine it, simplify it, and make it easier for triage teams to understand.
But there is another side to this.
I am starting to see people relying too much on AI. Instead of thinking, they expect the model to do everything for them. There is a clear lack of fundamentals, especially among newcomers. And those fundamentals are exactly what you need to write a good prompt.
For example, this kind of prompt is weak:
“Here is a file. Find me a critical vulnerability.”
Compare that to something like this:
This code is part of an authorization flow in a multi-tenant application.
Assume an attacker is an authenticated user trying to access or modify another user’s data.Analyze the code for:
- Missing resource ownership checks
- Trust in client-controlled input such as user IDs
- Horizontal or vertical privilege escalation
The difference is clear. In the second case, you bring your understanding of security into the prompt. You guide the model instead of expecting it to guess.
On the program side, I still manage bug bounty programs, and the amount of low-quality reports is growing fast. Many people are spamming with things like missing headers, calling them critical without any real impact, and expecting rewards. When rejected, they get frustrated.
We see the same trend in open source projects with random pull requests that do not add real value.
Because of this, filtering becomes necessary. You need to raise the bar. Not every report should even reach the triage stage.
I do believe AI has a lot of value in this field. The potential is real, and we are only getting started. But along with that, there will be more noise.
Do not get distracted by headlines saying everything is changing overnight. We will still need engineers. We will still need people who understand systems, think critically, and use these tools properly.
Keep learning. Stay curious. Be creative. And enjoy the ride.
2026-04-14 13:39:00
i love the idea of double features and constantly wish they were not a thing of the past. more than just a two-for-one deal to save a couple of bucks, the appeal of the double feature to me is seeing two different movies and — in scorsese's words — putting them in conversation with one another. it's a great way to see the same themes through different lenses. sometimes the beauty is in one picture being inspired by another; a sort of love letter or homage. sometimes it's in how two vastly different films will arrive at the same point. other times it's an inexplicable "just vibes" kind of thing.
in the spirit of bringing them back (albeit at home instead of the cinema), i have compiled a short list of movies that i personally think would make pretty neat double features and included a blurb about why i think so down below!
i'm a huge fan of screwball comedies so i figured i'd start off the list with two that i find quite delightful. both movies have the same plot: a dopey, nerdy male lead is in an unhappy relationship with an overbearing woman and is relentlessly pursued by the also overbearing, but far more whimsical female lead who has fallen in love with him. as you can imagine by the theme i've used to tie these two into a double feature, this goal of mutual love is achieved by inconveniencing the male party. bringing up baby was a direct influence for what's up, doc? and bogdanovich was kind of a nostalgiapilled director during his working years, so his film was paying respects to hawks. despite having the same initial set-up, both films make the farcical situation it thrusts both its leads into their very own.
as a lover of noirs and procedurals, both rififi and le cercle rouge couldn't be more up my alley. the two films tackle the nitty-gritty of heist planning and french criminal underworlds with an aesthetically subdued but incredibly tense atmosphere that never lets up, amplified by half hour long heist sequences done in total silence. interestingly, rififi was originally meant to be directed by melville who instead gave the directorial role to dassin, blacklisted by hollywood at the time and in desperate need of a gig after having relocated to europe. le cercle rouge, i think, is a great follow-up to see how rififi would have been handled had the project been in melville's hands.
i mentioned earlier that one of the fun ways to tackle double features is through two movies with identical messaging but a dissimilar approach. i think a more standard companion for his girl friday would be the front page (1931) while sweet smell of success' would be ace in the hole (1951) — but the truth is that the compliments i have for sweet smell of success can be said just the same for his girl friday, making me think they might work as a jarring, tonally opposite pairing. together, the two movies dissect the immorality and corruption of the press and how reporters will do just about anything to spin a story the way they want it told; with both films being known mostly for their immaculate screenwriting. his girl friday features rapid-fire1, witty banter between grant and russell that often overlaps (you may want to watch this one with subtitles) while sweet smell of success has some of the sharpest and tightest dialogue work i've seen — seriously, not a single line is wasted. the key difference is in that the former is a screwball comedy, and the latter is a noir and thriller.
if there's a role that involves a man in the throes of a difficult situation that imposes on his desire to be a good person, henry fonda's going to have it. although 12 angry men has certainly received its flowers, the ox-bow incident remains largely unknown despite their similar themes. this pair of films feature fonda as a protagonist struggling to reason with a mob over an accused party's potential innocence. while both movies share a similar premise, it's in how they tackle the influence of fonda's character over the group that differs. the ox-bow incident is far more bleak in displaying the hopelessness of a single voice getting lost in a crowd, while 12 angry men shows how that single voice — if heard — might lead others to rationality. they're both great movies steeped in rich dialogue.
although il sorpasso and hud share overall themes of societal critique, the sort of sameness i'm banking on is that of an upright, earnest, young man being corrupted by an older man with a passion for being a hedonistic asshole. just like one of the previous examples, they're tonally different in that il sorpasso is a comedy and hud is a drama. it's also interesting to me that both of our young protagonists recognize the inherent shittiness of the older ones, but find themselves charmed anyway. it makes the growth of these protégés all the more engaging as they're caught in between giving in to and resisting such influences.
that concludes my short list! if you give any of these a shot, let me know how they turn out. tell me if you liked them or not, if you think another film might have been a better pick for a double feature, or if you have any other suggestions for a double feature for me to try out. i'd love to hear from you!
typically, one page of a screenplay lasts about 1 minute. at 92 minutes, his girl friday's screenplay should have roughly 90 pages. instead, it has a whopping 191 pages meaning that its dialogue goes by twice as fast as the standard movie!↩
2026-04-14 05:59:00
I gotta be real, the list of Bad Places™ I'd like to leave behind has been growing for years and seems to only be expanding. To the point where it feels too overwhelming to even get started. Which is why I haven't as much progress in that area as I'd like to. Enter: DI.DAY (website currently only available in German, other languages "coming soon")
DI DAY, or Digital Independence Day happens every first Sunday of the month and is a call to leave some of the billionaire owned, quasi-monopoly tech-platforms controlling our lives in favor of smaller, more open alternatives.
A perfect opportunity to get started crossing some points off of that to-leave list, so I've decided to dedicate that first Sunday each month to one of those oh-man-I'd-like-to-I-just-never-get-around-to-s. And when that is too much, when it's a bad day, when an entire day is overwhelming, at least do a little something, or get started on it. Some transitions need a little time, aren't done in just a day, but can be easy to get started with.
This month I've installed VSCodium - an alternative to VSCode. Though "alternative" is kind of underselling it. It IS VSCode, minus Microsoft's tracking and "AI"-pushing. The code of VSCode is open source, but the app itself is not. You could just head on over to GitHub and build VSCode from source, VSCodium exists so you don't have to.
How this is going to go we'll have to see. I'm going to need some day-to-day time with it, check if I'll run into any deal-breakers. One of the benefits of VSCode is the vast ecosystem of extensions and plugins, which should work with VSCodium, but some are only licensed to be distributed through Microsoft's store. I can't really think of anything where I'm expecting this to be a problem, I have no plans to install Copilot, in fact, it's one of the things I want to get away from, but you'll never know what else this may apply to.
This has been my first DI-Day, and it's certainly one of those small steps ones, but you gotta get started somewhere.
Oh, and I also moved my website from a big name, overpriced, under-featured, upselling, AI-pushing, traditional webhost to Bear, that should count too, right?
2026-04-14 04:00:00
I try my best to prevent seeing ads, I do use uBlock Origin, but sometimes you just can't prevent them all. Also, this post probably won't bring anything exactly new, as this is a very saturated topic, but I do want to dump my thoughts about it after the horrible experiences of the past few days.
I was going to title this post "What the fuck are ads even for nowadays?" but unfortunately they do make a lot of money. I hate that it works, because it has become the absolute worst thing you can shove in the middle of any type of content / experience.
For me, ads almost always immediately remove any value of the object they're advertising. There's few exceptions of things I might be interested in, and the ad simply made me aware of it's existence. Of course you can argue that this is the point of ads, which makes sense, but a lot of it has become more of a persuasion game. Especially when influencers are involved (they purposefully use people you might know / like to make it easier to get into your brain). The over-exaggeration and excessive praising is so tiring, the ad is usually about the most trivial, superfluous item and the influencer is like "this thing will SAVE YOUR LIFE and IMPROVE YOUR PRODUCTIVITY BY 99999999%" and it's a fidget spinner. However I do somewhat enjoy the very rare creative ads that often get disguised as posts, though it being and ad is bad and the interruption of whatever I was doing is the problem, I still like the creativity, but it's 0.1% of the cases. I would absolutely trade never seeing these creative ads if that meant I wouldn't have to see ads ever again.
Another main aspect of ads is the repetition, you see the same ad multiple times, with the intention to really force it into your brain. You might think you're not being influenced but it's not something we can control. This feels simply evil, like a simplified version of a villain controlling people's minds.
Ads successfully pushed me away from watching twitch. Adblocks worked from time to time but they eventually figure out a way to work around the adblock. There's probably a way to also work around the work around, but the very fact that I would have to look it up and spend some time is absurd, I just wanted to watch the stream!!!!!!
I watched less and less, a few 10-15 seconds of ads after 1 or 2 hours of watching the stream bothered me but not enough to make me leave, but as corporate does, twitch enshittified and I was getting 45-60 seconds of ads IMMEDIATELY after entering any stream, and again after each 20 minutes or so. Reloading the page didn't work and switching to another stream just gave me the same ad. This was the last straw, I loved watching streams but it became honestly unwatchable.
Adblock on Youtube almost always worked, but recently they're really trying their maximum to prevent adblocks. Right now my adblock works but the video sometimes gets stuck in the initial load and I have to reload the page. And when I use it on the TV I don't have adblock and have to endure this huge pile of crap which makes me like what I was watching much less. I got 4 one minute unskippable ads while watching a 20 minute video. What the hell man, 20%????? Oh and also, some of them were AI generated ads, to really twist the knife. What a dystopian time we're living in. If you can't even pay someone to act in the ad or design the ad, what do you think I will think about your product? You just lost any credibility you possibly had. Of course this isn't directed towards small companies or the ones who are starting out, I'm talking about multi-billionaire companies that cut costs in any possible way to make the rich owner even richer. If you're that small that you can't afford paying someone, you can design the ad yourself in Canva or something, even if "bad" it will still be better than an AI ad. I already skip any ad as soon as I can, if I see AI I do the same but angrier.