nemo

@badrihippo Of course!

Puzzled Pint Bangalore is happening tomorrow night!

We'll be at Secret Story Bar & Kitchen in Indiranagar from 6:30pm onwards.

You can register at https://www.district.in/events/puzzled-pint-bangalore-august-2025-buy-tickets

We've also updated the previous month's leaderboards. Last month has […]

@badrihippo Congratulations 🎉. I might just get a KaiOS phone to try this out.

My homeserver went down yesterday, because a HDD cable disconnected. I use internal disks, but the server is kept behind my fridge where my cat often hides.

Not a big deal, caught in time - btrfs RAID1 switched to readonly after disk went missing. Brought it up online, and triggered a scrub […]

Finally cleared the first 5 decks in #Balatro and unlocked the challenges - they look neat, will try one tomorrow.

Won a Quiz last night, mostly thanks to my teammates. But was quite fun!

Also, finally got to visit the “Workplace of Wonders” building at Double Road. I’ve been seeing it under construction for the last year, and was curious who occupies it.

VC Firm it is (Lightspeed). Cool office, though - […]

I cannot signup for #puttingscene still because it only allows WhatsApp OTP (which needs me to accept the new ToS).

Your July performance on Google Search https://endofife.date/ 180K Clicks (web) 17.6M Impressions (web)

https://endoflife.date is 6yrs old now (started ~May 2019).

We crossed 17M impressions on Google Search this month.

Works without Javascript, no ads served, no money spent advertising, no fancy SEO.

Just trying to be helpful.

https://web.archive.org/web/20191117161738/http://shirky.com/writings/ontology_overrated.html

I wish I'd read this two decades ago.

Now Page Nemo's Home

Now Page updated with new books and events: https://captnemo.in/now/

NVIDIAScape - NVIDIA AI Vulnerability (CVE-2025-23266) | Wiz Blog New critical vulnerability with 9.0 CVSS presents systemic risk to the AI ecosystem, carries widespread implications for AI infrastructure.

Neat container escape from Wiz research team: https://www.wiz.io/blog/nvidia-ai-vulnerability-cve-2025-23266-nvidiascape

#CVE

Created a documentation website for the jekyll sqlite plugin: https://captnemo.in/jekyll-sqlite/

I find large READMEs easier to maintain, but this is much more usable.

@medianama is covering NIXI's new stupid KYC policy for the .in TLD:

> NIXI is seeking to enforce KYC via for domain registration , and disallowing [..] foreign citizens without a crazy amount of paperwork [..] . This is a regressive move [..] and goes against the spirit of the way the internet […]

How to waste a day debunking someone else's scoop:

Someone forwarded me this recent story from Straight Arrow News (I publication I didn't previously know existed) which rather breathlessly claimed millions of cars were at risk from new custom firmware sold by a Russian hacker that would enable […]

NIXI is the dumbest registry operator there could be. It’s now forcing a trifecta of silly changes:

- You need a mobile + email auth.
- Foreign entities need to demonstrate Indian business connection.
- KYC for everyone, including foreign nationals […]

PSA: If you are using an LLM to write most of a contribution (Code, Documentation, Wiki, ...), please disclose it.

It hurts to guess.

Created a new page on my website to track various security reports I send out.

I don't often follow up on my reports, since these aren't for bounties. This is just to keep track of some of my "invisible" work. Since this is just a tracker, there's very little details […]

Ref: Recent #CoinDCX breach.

Was going through my emails, and I remembered I'd reached out to them in 2021 asking for clarifications on their Insurance, Audits, and Certifications.

In particular, their Certification (ISO 9001:2015) was meaningless, their Insurance was very limited in scope […]

[creepy, horror-adjacent]

@badrihippo You're spoiling the ending :)

Apple is giving me Apple Arcade free for 2 months, only subscribing to try out #Balatro.

Creepy story idea: Disney keeps their next blockbuster director alive forever so that the Copyright becomes eternal.

Curated 🍉

The "subscribe" button at https://blr.today/ finally works properly on all devices, not just iOS/Linux.

I also added a pretty changelog: https://blr.today/changelog/

Last week's update was the "Screensaver" button which is meant to be used at display monitors.

It is 2025, and I am still reporting vulnerabilities for admin dashboards behind a admin=true cookie.

Sigh.

The Pebble Core 2 Duo is now called the Pebble 2 Duo, https://ericmigi.com/blog/july-pebble-update

I will still call it the Core 2 Duo. Estimated delivery is in August. Can’t wait!

And it’s fixed. Classic XML entity confusion stuff. Good job Movim team 🙌🏼.

Change password breaks if password includes `&` · Issue #1452 · movim/movim Tested against prosody on yax.im as well as xmpp.earth. If you login and change your password from Movim to &&&&&&&& - Movim sets password incorrectly, and you cannot login further. I tested the sa...

Managed to pinpoint it to Movim: https://github.com/movim/movim/issues/1452

Also, xmpp.earth upgraded their Movim version to the latest, which is great.

But this just reduces my confidence in XMPP as a whole - out-of-band-verified-password-change should be a bare requirement for every IM service.

放弃Element和Matrix.org Giving Up on Element and Matrix.org (xn--gckvb8fzb.com) 01:12  ↑ 100 HN Points

@deobald https://xn--gckvb8fzb.com/giving-up-on-element-and-matrixorg/

Gets even weirder: Movim seems to break with a password that contains an `&`.

xmpp.earth is running an older Movim version, and I'm losing confidence in my host this time as well.

I picked xmpp.earth based on the rating at https://providers.xmpp.net/provider/xmpp.earth/ (which is a community […]

Of course I get hit by a bug and get locked out of the account as soon as I change my password.

Probably https://issues.prosody.im/1784, but need to validate.

Inspired by the latest Matrix HN rant, setup a new XMPP account (the last instance I picked died without a note) - xmpp:nemo@xmpp.earth.

Will update my contact page in a bit.