Hugo Tunius 🦀
@hugotunius.se
Hugo of all trades. Developer interested in rust, iOS, infosec, reverse engineering, and design.
Mastodon: @[email protected]
Mastodon: @[email protected]
Reposted by Hugo Tunius 🦀
"Memory Safety for Skeptics," where I argue why memory safety is worthwhile to pursue amid competing priorities!
queue.acm.org/detail.cfm?i...
#rustlang
queue.acm.org/detail.cfm?i...
#rustlang
Memory Safety for Skeptics - ACM Queue
queue.acm.org
November 10, 2025 at 6:11 PM
"Memory Safety for Skeptics," where I argue why memory safety is worthwhile to pursue amid competing priorities!
queue.acm.org/detail.cfm?i...
#rustlang
queue.acm.org/detail.cfm?i...
#rustlang
My favourite Youtuber released on of his biannual videos in which he teaches an octopus to play the piano
www.youtube.com/watch?v=PcWn...
www.youtube.com/watch?v=PcWn...
Teaching an octopus how to play piano
YouTube video by Mattias Krantz
www.youtube.com
November 5, 2025 at 1:09 PM
My favourite Youtuber released on of his biannual videos in which he teaches an octopus to play the piano
www.youtube.com/watch?v=PcWn...
www.youtube.com/watch?v=PcWn...
Pleasantly surprised to learn that #postgres implements grapheme clusters:
SELECT length('✅');
1
The docs say "Returns the number of characters in the string.", but you never know what "characters" means in a sentence like that.
SELECT length('✅');
1
The docs say "Returns the number of characters in the string.", but you never know what "characters" means in a sentence like that.
November 4, 2025 at 12:53 PM
Pleasantly surprised to learn that #postgres implements grapheme clusters:
SELECT length('✅');
1
The docs say "Returns the number of characters in the string.", but you never know what "characters" means in a sentence like that.
SELECT length('✅');
1
The docs say "Returns the number of characters in the string.", but you never know what "characters" means in a sentence like that.
Another day, another malware campaign of zero consequence for those who don't deal in fake internet money.
I guess this is the one upside of cryptocurrencies.
blog.rust-lang.org/2025/09/24/c...
I guess this is the one upside of cryptocurrencies.
blog.rust-lang.org/2025/09/24/c...
crates.io: Malicious crates faster_log and async_println | Rust Blog
Empowering everyone to build reliable and efficient software.
blog.rust-lang.org
September 24, 2025 at 8:22 PM
Another day, another malware campaign of zero consequence for those who don't deal in fake internet money.
I guess this is the one upside of cryptocurrencies.
blog.rust-lang.org/2025/09/24/c...
I guess this is the one upside of cryptocurrencies.
blog.rust-lang.org/2025/09/24/c...
Reposted by Hugo Tunius 🦀
Like #Rustlang? #Chess? What about #AI? Then how about "Exploring a State-of-the-art Chess AI built with Rust"? Please come along to hear from our second speaker, @affinelytyped.bsky.social , at the July Edition of Rust Edinburgh: www.meetup.com/rust-and-fri...
July talks: A Crab, a Pufferfish and a State-of-the-art Chess AI, Thu, Jul 24, 2025, 6:30 PM | Meetup
Tonight we’ll be hearing from:
* [Malcolm Still](https://mstill.dev) on "**The Crab and the Pufferfish: Applying OpenBSD’s Secure Software Design Pattern in Rust**". From
www.meetup.com
June 29, 2025 at 7:31 PM
Like #Rustlang? #Chess? What about #AI? Then how about "Exploring a State-of-the-art Chess AI built with Rust"? Please come along to hear from our second speaker, @affinelytyped.bsky.social , at the July Edition of Rust Edinburgh: www.meetup.com/rust-and-fri...
Reposted by Hugo Tunius 🦀
Thinking about LLM security. It's a bit like phone phreaking because it's all inband-signalling. Unlike phone phreaking I'm not sure there's a way to move to outbound-signalling, it's a fundamental limitation of the model.
Brought to you by invariantlabs.ai/blog/mcp-git...
Brought to you by invariantlabs.ai/blog/mcp-git...
GitHub MCP Exploited: Accessing private repositories via MCP
We showcase a critical vulnerability with the official GitHub MCP server, allowing attackers to access private repository data. The vulnerability is among the first discovered by Invariant's security ...
invariantlabs.ai
May 27, 2025 at 4:18 PM
Thinking about LLM security. It's a bit like phone phreaking because it's all inband-signalling. Unlike phone phreaking I'm not sure there's a way to move to outbound-signalling, it's a fundamental limitation of the model.
Brought to you by invariantlabs.ai/blog/mcp-git...
Brought to you by invariantlabs.ai/blog/mcp-git...
Reposted by Hugo Tunius 🦀
This, but instead of "economics" it's "Using LLMs"
May 14, 2025 at 12:32 PM
This, but instead of "economics" it's "Using LLMs"
This, but instead of "economics" it's "Using LLMs"
May 14, 2025 at 12:32 PM
This, but instead of "economics" it's "Using LLMs"
No one is surprised, everyone is disappointed
wooahh Figma's new Sites thing produces no semantic HTML at all. Every single element is a div. Incredibly inaccessible
Example:
plugin-value-scrum.figma.site
Example:
plugin-value-scrum.figma.site
Modern Product Launch
Build buzz around your launch with this bold product template. A clean, focused design that makes it easy to highlight features, share updates, and drive early interest.
plugin-value-scrum.figma.site
May 8, 2025 at 2:26 PM
No one is surprised, everyone is disappointed
Leader pushing for AI adoption have it all wrong. Top down mandates to use AI aren't the way. If you are convinced AI will make people faster, increase your expectations and make AI tools and training available, then follow up to see if metrics improve(compare teams adopting AI to those that didn't)
April 29, 2025 at 11:04 AM
Leader pushing for AI adoption have it all wrong. Top down mandates to use AI aren't the way. If you are convinced AI will make people faster, increase your expectations and make AI tools and training available, then follow up to see if metrics improve(compare teams adopting AI to those that didn't)
Reposted by Hugo Tunius 🦀
If you use `lh` units in your CSS, you can start to establish vertical rhythm in your web designs. Learn how in this short & easy tutorial.
webkit.org/blog/16831/l...
webkit.org/blog/16831/l...
Polishing your typography with line height units
See how to use line-height units when setting paragraph margins, and create vertical rhythm in your text.
webkit.org
April 24, 2025 at 7:02 PM
If you use `lh` units in your CSS, you can start to establish vertical rhythm in your web designs. Learn how in this short & easy tutorial.
webkit.org/blog/16831/l...
webkit.org/blog/16831/l...
Reposted by Hugo Tunius 🦀
Interesting POC rootkit that uses io_uring to perform tasks without using any syscalls, making it invisible to security tools which rely on those. The approach was found effective against many of the most popular security tools also used in containers: github.com/armosec/curing
GitHub - armosec/curing: io_uring based rootkit
io_uring based rootkit. Contribute to armosec/curing development by creating an account on GitHub.
github.com
April 25, 2025 at 9:39 AM
Interesting POC rootkit that uses io_uring to perform tasks without using any syscalls, making it invisible to security tools which rely on those. The approach was found effective against many of the most popular security tools also used in containers: github.com/armosec/curing
It's the year of our lord 2025 and Slack still doesn't support syntax highlighting
April 15, 2025 at 2:27 PM
It's the year of our lord 2025 and Slack still doesn't support syntax highlighting
Trump is so #JuchePilled, Kim Jong Un really go to him with the letters
April 2, 2025 at 11:05 PM
Trump is so #JuchePilled, Kim Jong Un really go to him with the letters
Been attempting to code using Cursor for about 1 week now. It's not particularly good. There's so much hype about it, but my experience has been:
- It struggles to follow instructions
- Generates poor code
- Goes off on random tangents
- Forgets quickly
#BadVibes #VibeCoding
- It struggles to follow instructions
- Generates poor code
- Goes off on random tangents
- Forgets quickly
#BadVibes #VibeCoding
March 28, 2025 at 5:10 PM
Been attempting to code using Cursor for about 1 week now. It's not particularly good. There's so much hype about it, but my experience has been:
- It struggles to follow instructions
- Generates poor code
- Goes off on random tangents
- Forgets quickly
#BadVibes #VibeCoding
- It struggles to follow instructions
- Generates poor code
- Goes off on random tangents
- Forgets quickly
#BadVibes #VibeCoding
Reposted by Hugo Tunius 🦀
Been trying some vibe coding recently. The vibes: mostly anger, some frustration.
If it didn't make so many silly mistakes and go off on a bunch of unrelated tangents it would be pretty usable
If it didn't make so many silly mistakes and go off on a bunch of unrelated tangents it would be pretty usable
March 26, 2025 at 6:08 PM
Been trying some vibe coding recently. The vibes: mostly anger, some frustration.
If it didn't make so many silly mistakes and go off on a bunch of unrelated tangents it would be pretty usable
If it didn't make so many silly mistakes and go off on a bunch of unrelated tangents it would be pretty usable
Reposted by Hugo Tunius 🦀
Roses are red
Violets are blue
Violets are blue
March 20, 2025 at 5:43 PM
Roses are red
Violets are blue
Violets are blue
So I have been thinking. Maybe Trump got really into Juche, North Korean state ideology, during his bromance with Kim Jong Un. Juche prescribes economy self-reliance and it's lowkey the best explanation I can think of for Trump's whole tariff thing.
Trump Juche
Sacrificing for the greater good.
www.yahoo.com
March 15, 2025 at 7:25 PM
So I have been thinking. Maybe Trump got really into Juche, North Korean state ideology, during his bromance with Kim Jong Un. Juche prescribes economy self-reliance and it's lowkey the best explanation I can think of for Trump's whole tariff thing.
God damnit.
Honestly, it's like politicians come stock with a trigger that turns of all critical thinking if someone says "protect the children" or "stop terrorists"
Time to donate Open Rights Group and EFF.
www.bbc.co.uk/news/article...
Honestly, it's like politicians come stock with a trigger that turns of all critical thinking if someone says "protect the children" or "stop terrorists"
Time to donate Open Rights Group and EFF.
www.bbc.co.uk/news/article...
Apple pulls data protection tool after UK government security row
Customers' photos and documents stored online will no longer be protected by end to end encryption.
www.bbc.co.uk
February 21, 2025 at 4:07 PM
God damnit.
Honestly, it's like politicians come stock with a trigger that turns of all critical thinking if someone says "protect the children" or "stop terrorists"
Time to donate Open Rights Group and EFF.
www.bbc.co.uk/news/article...
Honestly, it's like politicians come stock with a trigger that turns of all critical thinking if someone says "protect the children" or "stop terrorists"
Time to donate Open Rights Group and EFF.
www.bbc.co.uk/news/article...