JD Vance Accidentally Reveals How Badly Trump Is Screwing MAGA Voters
Posted on r/politics |
Score: 22786 |
Comments: 954
The article discusses how JD Vance, in defending Trump's budget bill that cuts Medicaid by $1 trillion to fund tax cuts for the wealthy, inadvertently revealed the GOP strategy of diverting MAGA voters' attention to immigration issues. Progressive organizer Kristen Crowell reports widespread anger among Trump voters and others over the bill's impact on Medicaid. The piece questions whether this backlash could benefit Democrats in the midterms.
Key Points:
The Senate passed Trump's budget bill, cutting $1 trillion from Medicaid to fund tax cuts for the rich.
JD Vance downplayed Medicaid cuts, urging MAGA voters to focus on increased ICE funding and migrant detention instead.
The strategy aims to distract voters from wealth redistribution by emphasizing immigration enforcement.
Progressive organizer Kristen Crowell notes significant anger and fear among Trump voters and other communities.
The article explores whether this backlash could lead to midterm gains for Democrats.
"Vance basically told MAGA voters not to think too much about losing their Medicaid benefits; instead, focus on how many migrants the bill will end up jailing and deporting!"
DOJ Opens Door To Stripping Citizenship Over Politics
Posted on r/politics |
Score: 22617 |
Comments: 2468
The DOJ, under the Trump administration, has signaled an expansion of efforts to strip citizenship from naturalized Americans, particularly targeting those deemed a 'potential danger to national security.' This move aligns with broader Republican rhetoric and raises concerns about politically motivated denaturalization.
Key Points:
The DOJ memo prioritizes denaturalization cases, especially those involving national security or terrorism.
The language in the memo is broad, potentially allowing for politically motivated citizenship revocations.
Recent examples show the administration using vague definitions to justify removals, such as linking pro-Palestine activism to terrorism.
Right-wing figures have advocated for reviewing naturalizations, particularly targeting individuals like Zohran Mamdani.
Legal experts warn this approach mirrors aggressive immigration enforcement tactics.
"The question is whether the administration will apply this kind of nihilistic legal maneuvering to claim that a naturalized American who failed to disclose support for, say, a pro-Palestine group misled the government through the omission."
Trump Says He Won't Let 'Communist Lunatic' Zohran Mamdani 'Destroy New York': 'Rest Assured, I Hold All The Levers' | "I'll save New York City, and make it "Hot" and "Great" again, just like I did with the Good Ol' USA!" Trump added
Posted on r/politics |
Score: 6216 |
Comments: 1042
Former President Donald Trump criticized New York City mayoral candidate Zohran Mamdani, calling him a 'communist lunatic' and vowing to prevent him from 'destroying' the city. Trump threatened to cut federal funding and even arrest Mamdani if he interferes with ICE operations. Mamdani denied being a communist and framed Trump's attacks as distractions from his campaign focus on wealth redistribution.
Key Points:
Trump labeled Zohran Mamdani a 'communist lunatic' and pledged to stop him from 'destroying' New York City.
Trump threatened to cut federal funding to New York and arrest Mamdani if he obstructs ICE operations.
Mamdani rejected the communist label and accused Trump of using personal attacks to divert attention from his policy goals.
Trump claimed Mamdani's policies would lead to government control of grocery and department stores, calling the idea 'crazy.'
Mamdani emphasized his focus on democratic socialism and wealth redistribution for equitable outcomes.
""Call it democracy or call it democratic socialism. There has to be a better distribution of wealth for all of God's children in this country,""
Huge Setback for Trump With Alligator Alcatraz Already Flooding
Posted on r/politics |
Score: 6209 |
Comments: 785
The article reports on the flooding of the newly opened ICE detention facility, nicknamed 'Alligator Alcatraz,' located in the Everglades. Despite claims of being hurricane-resistant, the facility experienced water intrusion during typical summer showers, raising concerns about its safety and suitability for detainees.
Key Points:
The ICE detention center, 'Alligator Alcatraz,' flooded on its first day of operation due to summer rains.
Florida officials claimed the facility could withstand Category 2 hurricane winds, but footage showed water seeping into the tent.
The facility has been criticized as 'dehumanizing' and unsafe for detainees, with migrants expected to be housed temporarily.
Stephen Miller defended the facility, arguing that illegal immigration is the true 'dehumanizing' issue.
The facility was quickly built in an isolated area of the Everglades, surrounded by wildlife and swampland.
"Videos from the so-called Alligator Alcatraz, which President Donald Trump visited on Tuesday to mark its opening, show that the center had standing water on its first day of operation."
Posted on r/selfhosted |
Score: 984 |
Comments: 55
Cloudflare has announced it will now block known AI web crawlers by default to prevent unauthorized content scraping. The company is also introducing a 'Pay Per Crawl' program, allowing select publishers to charge AI companies for accessing their content, with the aim of protecting original content while supporting AI innovation.
Key Points:
Cloudflare will block known AI web crawlers by default to prevent unauthorized content scraping.
A new 'Pay Per Crawl' program will let some publishers charge AI companies for accessing their content.
Cloudflare has been helping websites block AI crawlers since 2023, with recent updates making blocking more comprehensive.
Major publishers like The Associated Press and The Atlantic support Cloudflare's new restrictions.
Cloudflare aims to balance protecting original content with enabling AI companies to innovate responsibly.
""Original content is what makes the Internet one of the greatest inventions in the last century, and we have to come together to protect it," Prince said in the press release. "AI crawlers have been scraping content without limits. Our goal is to put the power back in the hands of creators, while still helping AI companies innovate.""
Security researcher earns $25k by finding secrets in so called “deleted commits” on GitHub, showing that they are not really deleted
Posted on r/programming |
Score: 712 |
Comments: 71
The article details how Sharon Brizinov scanned GitHub's 'oops commits'—deleted commits that still linger in GitHub's archive—to uncover leaked secrets. Using the GitHub Event API and GitHub Archive, he identified high-value secrets worth $25k in bug bounties. Truffle Security has open-sourced a tool to help organizations scan their own repositories for these hidden commits.
Key Points:
GitHub retains deleted commits indefinitely, making them accessible even after force pushes.
Sharon Brizinov scanned all force push events since 2020, uncovering secrets worth $25k in bug bounties.
Truffle Security has released an open-source tool, Force Push Scanner, to help organizations detect secrets in dangling commits.
The research builds on previous findings about hidden GitHub commits and their security risks.
The article provides a technical walkthrough of how deleted commits can be accessed and analyzed.
"But as neodyme and TruffleHog discovered, even when a commit is deleted from a repository, GitHub never forgets. If you know the full commit hash, you can access the supposedly deleted content."
Exploiting the IKKO Activebuds "AI powered" earbuds, running DOOM, stealing their OpenAI API key and customer data
Posted on r/programming |
Score: 396 |
Comments: 23
The article details a security researcher's exploration and exploitation of the IKKO Activebuds 'AI powered' earbuds, revealing vulnerabilities that allowed access to the OpenAI API key and customer data. The researcher found that the device runs Android, had ADB enabled by default, and contained poorly secured API keys and endpoints. The issues were reported and patched by the manufacturer.
Key Points:
The IKKO Activebuds earbuds run Android and had ADB enabled by default, making them vulnerable to exploitation.
The researcher discovered that the device communicated directly with OpenAI, exposing an API key stored on the device.
Poor security practices, such as base64-encoded endpoints and obfuscated native libraries, were found in the device's software.
The researcher was able to sideload apps like DOOM and extract sensitive data, including customer information and system prompts.
The vulnerabilities were reported and patched by the manufacturer, highlighting the importance of proper security measures in IoT devices.
"Holy shit, holy shit, holy shit, it communicates DIRECTLY TO OPENAI. This means that a ChatGPT key must be present on the device!"
After months of running Plan → Code → Review every day, here's what works and what doesn't
Posted on r/ClaudeAI |
Score: 310 |
Comments: 72
The article outlines an effective workflow for AI-assisted programming, emphasizing clear goal-setting, meticulous planning, and thorough review. It highlights common pitfalls like vague prompts and over-reliance on AI, while recommending specific tools and models for each stage of the process.
Key Points:
State goals clearly and plan file-level steps before coding to avoid vague outputs.
Avoid dumping entire codebases; instead, provide precise file paths and line numbers for context.
Use specialized tools like Traycer for planning, Claude Code with Sonnet 4 for coding, and CodeRabbit for reviews.
Always manually review AI-generated code and supplement with AI tools to catch errors.
AI pair-programming is faster than human pairing but requires strict guardrails and control.
"AI pair‑programming is faster than human pair‑programming, but only when planning, testing, and review are baked in. The tools help, but the guard‑rails win. You should be controlling the AI and not vice versa LOL."
My Favorite Self-Hosted Apps Launched in 2025 (So Far) | selfh.st
Posted on r/selfhosted |
Score: 286 |
Comments: 22
The article highlights the author's favorite self-hosted applications launched in the first half of 2025, covering a variety of functionalities such as document management, reverse proxying, and web analytics. The list includes 11 apps with brief descriptions and GitHub links for each. The author acknowledges the abundance of great software released during this period.
Key Points:
The article lists 11 self-hosted apps launched in 2025, each with a specific use case.
Apps range from document management (Papra) to web analytics (Rybbit) and file sharing (Palmr).
The author provides GitHub links for each app, making it easy for readers to explore further.
The list is unordered, emphasizing that no app is ranked above another.
The author apologizes for any omissions, noting the high volume of quality software releases.
"As usual, there was a ton of great software launched in the first half of 2025 - apologies to anyone who didn't make the list!"
Posted on r/selfhosted |
Score: 165 |
Comments: 119
The article reflects on the current state of Usenet, questioning its relevance today compared to its heyday. The author, a former active user, wonders if it's now a relic, given the shift to paid access and the decline in ISP support.
Key Points:
Usenet was once a popular platform for text discussions and binaries, but its usage has declined.
ISPs no longer bundle Usenet, leading to mostly paid access with few free options remaining.
The author questions whether Usenet is still actively used or has become a relic of the past.
"Now that ISPs don’t bundle it anymore, is Usenet basically all paid access, or are there still any free options out there?"
The article describes a multi-agent workflow for working with Claude, dividing tasks among an INVESTIGATOR, EXECUTER, and TESTER to improve efficiency and accuracy in solving complex development problems. The author highlights how this structured approach, with clear handoffs via a PROBLEM.md file, has been transformative for their projects.
Key Points:
The workflow divides tasks among three specialized agents: INVESTIGATOR (problem analysis), EXECUTER (solution implementation), and TESTER (validation).
Claude is noted to be faster at reading documentation with memory than codebases, influencing the INVESTIGATOR's focus.
The structured handoff via PROBLEM.md ensures clarity and prevents miscommunication between agents.
The author shares updated prompts and commands in a Drive folder, tailored for their Typescript/React project but adaptable to others.
The approach is described as a 'game-changer' for complex development tasks due to its separation of concerns.
"This workflow has been a game-changer for complex development tasks. The separation of concerns allows each agent to focus on what it does best, and the structured handoff via [PROBLEM.md](http://PROBLEM.md) ensures nothing gets lost in translation."
I built the same app with Claude Code with Gamini CLI, and here's what I found out
Posted on r/ClaudeAI |
Score: 68 |
Comments: 20
The author compares Claude Code and Gemini CLI for building a Python-based CLI agent, finding Claude Code superior in code quality and efficiency. A hybrid approach using Gemini for information gathering and Claude for coding proved effective but slower and more expensive. Claude Code stands out as a top-tier coding agent, while Gemini CLI lags behind.
Key Points:
Claude Code successfully built the app in a single try, while Gemini CLI failed after multiple iterations.
A hybrid approach using Gemini for information gathering and Claude for coding worked well but was slower and more expensive.
Claude Code completed the task faster (1h17m) compared to the hybrid approach (2h2m).
Claude Code was cheaper ($4.80) than the hybrid approach ($7.02).
The author highlights Claude Code's superior performance and suggests Google has significant catching up to do.
"It was a bit crazy. Google has to do a lot of catch-up here; the Claude Code is in a different tier, with Cursor agents being the closest competitor."
We Just got 5 Malicious npm Packages Eliminated in a Cat and Mouse Game
Posted on r/programming |
Score: 31 |
Comments: 10
The article discusses a pull request (#932) submitted by KunalSin9h to the ossf/malicious-packages repository, which adds reports of OAST-based data exfiltration malicious packages. The pull request was reviewed and merged after addressing feedback, including removing false positives and already reported packages.
Key Points:
Pull request #932 adds reports of OAST-based data exfiltration malicious packages.
The request was reviewed and merged after addressing feedback.
False positives and already reported packages were removed during the review process.
The packages reported include npm packages like @evg-ui/lib and @zyp3_/api-ecom-errors.
The contributor, KunalSin9h, made multiple commits to refine the report before merging.
"Thanks for the reports! One report appears to be a false positive, but the others are all good."
Burn It With Fire: How to Eliminate an Industry-Wide Supply Chain Vulnerability
Posted on r/programming |
Score: 25 |
Comments: 6
The article details Jonathan Leitschuh's discovery of a widespread supply chain vulnerability in the Java ecosystem, where dependencies were often resolved over insecure HTTP connections. He led a coordinated effort to eliminate this vulnerability by working with artifact hosts to block HTTP downloads and updating build tools to enforce secure defaults. The initiative successfully reduced the risk of man-in-the-middle attacks and malware injection in Java builds.
Key Points:
A typo in a build configuration revealed a broader industry-wide vulnerability where Java dependencies were resolved over insecure HTTP connections.
Leitschuh collaborated with major artifact hosts like Maven Central and JCenter to block HTTP downloads, significantly reducing the attack surface.
Build tools like Gradle were updated to enforce secure defaults, requiring explicit opt-in for HTTP dependency resolution.
The vulnerability had been known since 2012, but persisted due to typos, insecure defaults, and copied code.
The coordinated effort led to a measurable drop in HTTP traffic for dependency downloads, improving overall ecosystem security.
"That tiny misconfiguration opened the door to a broader realization: the Java ecosystem was riddled with this insecure dependency resolution pattern. This wasn’t just my build. It was absolutely everywhere."
The article appears to be a cookie consent notice for the website hackArcana, detailing the types of cookies used and their purposes. It provides options for users to manage their cookie preferences, including essential, functional, analytical, performance, and advertisement cookies.
Key Points:
The website hackArcana requests user consent for cookie usage in accordance with its Privacy Policy.
Users can choose to accept all cookies, reject optional ones, or customize their preferences via advanced settings.
The site currently uses essential and functional cookies (for caching) but does not employ analytical, performance, or advertisement cookies.
Detailed explanations of each cookie type are provided to inform users.
Server-side statistics are used instead of analytical cookies for visit tracking.
"Essential cookies Cookies strictly required for this website to work Functional cookies Optional cookies that improve functionality of this website. At this moment this is limited to caching resources to enable faster website load times."