my favorite post this week: hacking points.com.

security

sam curry and team get unlimited travel points by hacking the global provider for airline miles - points.com. my read is that points.com is doing an awesome job with security. still, setting the flask secret to ‘secret’ on the admin panel is not exactly the right move.

systematically jailbreaking llms by appending a single string to a prompt. source code here.

sms traffic pumping fraud - mobile network operators get paid for incoming messages. sms two-factor tokens are a way to generate incoming messages. attackers spam two-factor requests and run up the twilio bill.

design

ux fails in theme parks - if something looks like a bench, people sit on it. if something looks photogenic, people will take photos with it.

car colors over the years - over 70% of new cars are white, grey, or black. i apologize for my contribution to this problem.

using ai to animate hand drawings - bringing children’s art to life. also would make an awesome art style for a video game.

research

advice for doing creative research - mentors, motivation, fertile fields - most of the advice is applicable beyond academic research

search

simple recommendation engine for music, art, books, movies, and search engines - found a new artist to listen to with this.

search engine with only results from forums - for when you need to know what normal people think about something

history

toaster museum - some of these are terrifying

tv over the decades - simulated tv from the 50s through 00s

mystery photographs - yay now you can put your 2000 hours in geoguesser to good use

misc

calvin and hobbes - summer days

a list of dead people with enough significance in tech to earn a black bar from hacker news

america’s foreign assistance by country 2022: ukraine $12b, russia $100k. ethiopia $2b. canada $32m.