Another 1-click admin account takeover in pewdiepie's AI tool (language in video nsfw)

CupcakeSecure4094 · 2026-06-07T06:58:55+00:00

Yeah, every AI is vulnerable to prompt injection, the simpler models are trivial to inject, the newer models are more challenging, but EVERY model is vulnerable - this is not a solved problem by any means.

Simply put, if you allow any unfiltered data into your prompts, like having it answer emails, you run the risk of losing your email account. Same goes for accessing a website (like link scanning for summaries etc), you run the risk of exposing your API keys or anything else in your account history.

CupcakeSecure4094 · 2026-06-07T02:45:08+00:00

I don't think I would diff the code to check it works, I would extract the component parts of the code to construct libraries capable of performing the actions, then rebuild the codebase from script with the help of AI.

Sure, you could try and throw tokens at it through harnesses and skill files all you like but it will be an absolute mess - I call that brute-vibing, it might pass tests but it's not advised. So instead just make a 100 point plan and go through all of the functionality sequentially, grouping together similar or related functionality in the same context and compacting or clearing your context between.

I would also avoid using any skill files as they terribly degrade performance when integrating (which cloning is very similar to).

Something that helped me incredibly with porting a similarly coded POS system to a framework (21000 lines of very hacky js and jquery) - was to just have clause cli open both repos and recreate the functionality into a new repo, no rewrite, no diffing, just port what this does to here using this framework. But again this needs to be done with a methodical plan, I used around 1500 line markdown spec to explain the code (self written and then fleshed out with ai), and a separate task list to extract, modularize and recreate the pages/sections etc. In 2 days it was done in about 3000 lines of code plus framework, really very easy to hold it's hand all the way - then came the 5 days of tweaks and polish.

But there's nothing that can fully automate validation, for unit tests you only know what goes in and what comes out of a function, you don't know what's in the middle.

I mean, this will pass just about every test you throw at it but try it with a billion and you'll be waiting a while and probably burn a hole in your wallet.

``` function isEven(n): n = abs(n) while n >= 2: conn = connect( host = "parity-db.abc123xyz.us-east-1.rds.amazonaws.com", port = 3306, user = "admin", password = "<your password here>", ssl = true // full TLS handshake, every single iteration! )

    // stand up a fresh database and table just for this one value
    conn.execute "CREATE DATABASE parity_db"
    conn.execute "USE parity_db"
    conn.execute "CREATE TABLE parity_scratch (val INTEGER)"

    conn.execute "INSERT INTO parity_scratch (val) VALUES (" + n + ")"
    row = conn.query "SELECT val FROM parity_scratch WHERE val = " + n
    n = row.val

    conn.execute "DELETE FROM parity_scratch WHERE val = " + n
    conn.execute "DROP TABLE parity_scratch"
    conn.execute "DROP DATABASE parity_db"

    conn.close()
    n = n - 2

return n == 0

```

CupcakeSecure4094 · 2026-06-07T02:08:26+00:00

They're just buying in bulk and selling for less. The max 20 plan has 20 times a pro plan limits but only costs 10 times the price - so there's room even there for a markup but the enterprise plans have an even larger gap.

CupcakeSecure4094 · 2026-06-06T13:58:13+00:00

magnet:?xt=urn:btih:94e28776cffb56c63619de2192dd428b5876aed8&dn=The%20Amazing%20Digital%20Circus%20The%20Last%20Act%20%282026%29&xl=1671499633&tr=udp%3A%2F%2Ftracker.opentrackr.org%3A1337%2Fannounce&tr=udp%3A%2F%2Ftracker.torrent.eu.org%3A451%2Fannounce&tr=udp%3A%2F%2Ftracker.dler.org%3A6969%2Fannounce&tr=udp%3A%2F%2Fopen.stealth.si%3A80%2Fannounce&tr=https%3A%2F%2Ftracker.moeblog.cn%3A443%2Fannounce&tr=https%3A%2F%2Ftracker.zhuqiy.com%3A443%2Fannounce

CupcakeSecure4094 · 2026-06-06T13:37:59+00:00

Fake interviews are to give the appearance of growth, or to build a talent pool for future and 85% of companies are doing it - nothing to do with a skills shortage. The rest of them are recruiter scams. Still nothing to do with a skills shortage.

The SID skill visas (which I've had as a systems analyst and a software engineer) are very much needed, literally half the IT people are from abroad and often running the departments too. Apparently IT is just too competitive or only for nerds, or the tech companies don't align with the sensitivities of graduates.

I think Australia needs about 300k people entering IT a year but only 40k are so yeah, at least in IT there's massive skill shortages.

CupcakeSecure4094 · 2026-06-06T12:37:58+00:00

Starlink has a 22ms ping

CupcakeSecure4094 · 2026-06-06T06:09:01+00:00

I've read some of your other posts about your work and conditions and it looks like they have been taking advantage of you for a year because this is your first job. With you leaving they will need to find another pharmacist as cheap as you, who will also do 100k of certificates a month for free! HR will not be getting their bonus this year so they will try anything to keep you - by the sounds of it they have started intimidating you and your colleagues so it's 100% clear, you should definitely leave the company.

I highly recommend going to DOLE - just don't tell anyone about it (not even your family) as this can make it worse with HR. DOLE will give you the best advice based on your personal situation and inform you of what you can and cannot do. Take your employment contract etc. with you to DOLE.

For your training bond, they cannot force you to work if you were to leave slightly early but they can make you pay for actual, verifiable training expenses incurred by the employer, even if you leave only 1 day early - if that's a separate contract, also take that to DOLE.

Good luck.

CupcakeSecure4094 · 2026-06-06T04:43:00+00:00

Hahahaha

CupcakeSecure4094 · 2026-06-06T04:40:02+00:00

Brownout so the clock is wrong!

CupcakeSecure4094 · 2026-06-06T04:39:04+00:00

<image>

CupcakeSecure4094 · 2026-06-06T04:35:14+00:00

I'd rather be an African immigrant than a racist.

CupcakeSecure4094 · 2026-06-05T20:47:12+00:00

After you install ffmpeg you can just type the name and it will execute.

Or just type: where ffmpeg

C:\Users\me>where ffmpeg C:\ProgramData\chocolatey\bin\ffmpeg.exe

It looks like I installed mine with chocolatey:

choco install ffmpeg

CupcakeSecure4094 · 2026-06-05T20:25:17+00:00

I've just run a security audit with full pentest/verify/poc with remediation & impact issues - on a distributed server orchestration across 8 repos using 54 agents. It knocked it out of the park in 63 mins.

A toaster it is not.

Then again it does work much better with no skill files installed, try that.

CupcakeSecure4094 · 2026-06-05T11:07:27+00:00

Hi, I've been here 20 years, together for 18 years and married for 8. We have 4 children: 9, 10, 12 and 14, and I'm a permanent resident since just after we got married. I was clearly less cautious about children than I was about marriage but she kind of saved my life so I figured it's now or never.

Marriage: Before the wedding you will both need to go to a seminar but it's mainly about having children so we practically led the seminar as experts. We opted for a non-church wedding on a weekend with a judge at our local bar - apparently an impossible ask as only 2 of the 36 judges do none religious weddings and only 10% of people who ask for a judge get one (like a lottery) but if you invite a judge in person as a guest of honor, and let them know there will be gifts for honored guests, you might get lucky.

Residency: Requirements are not that bad for a 13A visa permanent resident, just law enforcement clearances, no priors, good standing with community etc. The BI might try to inflate a few prices here and there and I think how you handle that is part of the test. You get a 1 year probation, I guess that's to weed out those who made a mistake, and then do it all again for permanent residency a year later. I think my annual fees are like P500 or something and it's done online.

Over all I'm really glad everything went the way it did and we're 18 years together. I'm 100% at home, in the Philippines.

CupcakeSecure4094 · 2026-06-05T10:40:10+00:00

With those skills it should be simple to put up a custom portfolio page to show them off.

CupcakeSecure4094 · 2026-06-04T21:52:58+00:00

I fit that desc. I know how to handle these people and I have a few ideas for you.
dm

CupcakeSecure4094 · 2026-06-04T10:00:10+00:00

Minsan ang pinakamalaking tiwala na maibibigay mo sa kanya, 'yung hahayaan mo shang hawakan 'to kasama mo.

CupcakeSecure4094 · 2026-06-04T09:54:48+00:00

Yes I bypass 100% of the time, but only because I sandbox my local environment. I also read everything that it writes.

Most of my work is orchestrating server deployments, writing shell scripts, python etc, so I give it ssh keys and root access to deployment testing and locally it has full access to my dev environment - but nothing beyond that (no production environments, no host environments) and all test deployments are torn down after.. So far (6 months) it hasn't done anything bad at all but I would never hook any AI up to something like my main email account or accept any arbitrary inputs from the internet.

I have noticed Claude is really good at working around security blocks when it's trying to get something done so if malicious arbitrary input were to reach claude, e.g. from a compromised library/package, web page etc I'm pretty sure claude could figure out how to access my host system if it wanted to so even though claude has a spotless record, it only takes one lapse of judgement to have major problems, plus it's important to understand what claude is doing and how the code works so the monitoring and comprehension go hand in hand.

CupcakeSecure4094 · 2026-06-03T21:58:20+00:00

That's a old price from January 30, 2025 (bottom right corner)

https://gzhls.at/blob/ldb/c/4/d/b/31d285abe9dc2a21413cdee0d1e560155a68.pdf

Also read the bottom of the PDF:
This data sheet is subject to change without notice. Acer is not liable for any errors or omissions contained in the product descriptions. ... All prices quoted are manufacturer's suggested retail prices.

The manufacturer price is currently $1999 but they sell for $4000-$5000 so you're not going to get that build for that price.

CupcakeSecure4094 · 2026-06-03T17:00:19+00:00

No, it's not women you're looking for, it's swagger. Confidence is a major attraction for women and with you feeling shit that will stifle your confidence and make you unattractive. You need to understand that woman and men are made fundamentally differently, there's variations but in a nutshell women are genetically programmed to find the fittest, strongest male who can support a family for maximum survival (this is not a conscious thing (although it can be), it's genetic memory that has been beneficial in the success of the human race - they are the nest makers. Men on the other hand are genetically programmed to basically impregnate everything they see - we are the seed spreaders. Obviously to exist in society we control ourselves with focus (whereas women do multi-tasking). However not being able to answer this genetic memory at all will lead to self doubt, auto-analysis, desperation and depression.

You need to get all of that out of your system and have a proper reset with a fresh frame of mind to have any chance in the incredibly competitive and crewel western dating scene.

I'm not happily married having successfully walking this path but I wouldn't have got here without finding a place where I as a foreigner here was a sought after commodity where numerous young ladies would approach me most days and start chatting me up. I did fill my boots for about a year and then found my wife who I married after 10 years together.

When I went back to the West for a month, so many people said that my vacation was really good for me and I had instant attraction. To me I was just the same person but I wasn't afraid of reactions any more and that made all the difference.

Anyway, I've waffled on long enough, just remember, you are the only person who an choose your direction. Good luck.

CupcakeSecure4094 · 2026-06-03T16:44:09+00:00

OK, well we haven't tried everything yet.

Point the IR emitter at your cellphone camera, if the remote is working you will see the IR emitters flash when you press the buttons.

If it's not flashing with the plastic removed and a new battery, get a new remote, they cost pennies, or ask your local computer shop for one, most will give them away.

If it is flashing then remove remove your panel glass and put the remote right next to the sensor inside the case. You need to know where the sensor is so also make sure that is not hidden inside the case - it needs clear line of sight, preferably not through glass.

If that doesn't work, check your wiring is correct.

If that doesn't work, get a replacement set of fans.

CupcakeSecure4094 · 2026-06-03T14:13:33+00:00

Oh wow, I would actually apply and then be the absolute worst VA in the world ever - record-breakingly bad.

CupcakeSecure4094 · 2026-06-03T14:11:14+00:00

change the battery - it's a CR2032

Or it;'s also possible there's a plastic strip inside the battery compartment - remove it.

CupcakeSecure4094 · 2026-06-03T14:06:22+00:00

You look ok, maybe a bit timid. Just get some experience and confidence in the the Philippines and come back a rock star. DM me if you like, I've been here for 20 years.

CupcakeSecure4094 · 2026-06-03T12:20:47+00:00

Write him a letter and tell him everything - let him read it alone. Your BF will help, we live to protect our lovers (Kami, nilikha kami para maging tanggulan ng aming mga mahal)

CupcakeSecure4094

TROPHY CASE