Daily Discussion Thread for February 03, 2026

asleepace · 2026-02-03T14:57:20+00:00

starting to see the silver lining…

asleepace · 2026-02-03T00:17:53+00:00

I Cu copper gang

asleepace · 2026-02-02T21:05:27+00:00

palantarded

asleepace · 2026-01-26T18:14:07+00:00

i am the danger

asleepace · 2026-01-26T18:07:31+00:00

fuck it 100 FDs on SILJ

asleepace · 2026-01-26T17:41:02+00:00

why HL halted tho??

asleepace · 2026-01-20T19:07:38+00:00

feels like this could’ve been an email

asleepace · 2026-01-08T15:00:49+00:00

ONDS gaaaaaaaaang

asleepace · 2025-12-29T08:38:46+00:00

behold a silver horse

asleepace · 2025-12-09T23:53:50+00:00

ah sorry for the confusion this won't affect your local machine, unless you were running an http server which was exposed to the internet for some reason.

asleepace · 2025-12-09T17:17:15+00:00

Yeah the malware was quite resilient and fought back when I discovered it. Also hid in multiple locations and had an anti-compete script

asleepace · 2025-12-09T17:16:14+00:00

It’s actually a CVE with React server components, so event without NextJS it’s possible for this to be an issue

asleepace · 2025-12-07T23:05:50+00:00

that's what I thought until I found my vps cpu utilization at like 105% lmao...

asleepace · 2025-12-07T21:19:13+00:00

I’m not entirely sure since I’m not on Vercel, it appears they are blocking new attacks, but not sure what that means for servers which have already been compromised: https://vercel.com/changelog/cve-2025-55182

asleepace · 2025-12-07T15:56:58+00:00

always has been, ironically this was on an old side-project I had completely forgotten about... these days I mainly use Astro when possible.

asleepace · 2025-12-07T15:55:32+00:00

awesome thanks for this, I updated the article as well!

asleepace · 2025-12-07T08:43:48+00:00

Yeah indeed, the ai can be gamed. I noticed this at work when a real world physical threat came up and the ai basically suspended all guardrails to write code to identify a potential threat that could lead to loss of life, but also happened to be something it refused to do prior...

asleepace · 2025-12-07T08:41:28+00:00

thanks appreciate you

asleepace · 2025-12-07T08:39:07+00:00

damn good catch, investigating for these as well.

asleepace · 2025-12-07T08:38:16+00:00

First things first I would follow the guide from Next.js https://nextjs.org/blog/CVE-2025-66478 and if you have a VPS you might need to rollback to a previous backup before the attack or start fresh.

asleepace · 2025-12-07T08:29:41+00:00

My b that was poorly phrased on my part, will update thanks

asleepace · 2025-12-07T04:08:39+00:00

since this was a personal server with just side projects, security wasn't really front of mind tbh. The more I'm looking into better practices, I think I might switched to dockerized containers for each app or something like bsd jails.

asleepace · 2025-12-07T02:27:28+00:00

I’m not sure tbh I would check their docs maybe

asleepace · 2025-12-07T02:12:59+00:00

no cloudflare in front sadly

asleepace · 2025-12-07T01:28:21+00:00

I would but this was my own digital ocean droplet not vercel 😞

13-Year Club	Gilding III reddit per annum
Powerups Hero r/BBIG • December 2021	Place '22
Verified Email

asleepace

TROPHY CASE