Reading List
The most recent articles from a list of feeds I subscribe to.
Claude Code Found a Linux Vulnerability Hidden for 23 Years
Nicholas Carlini, a research scientist at Anthropic, reported at the [un]prompted AI security conference that he used Claude Code to find multiple remotely exploitable security vulnerabilities in the Linux kernel, including one that sat undiscovered for 23 years.
Nicholas was astonished at how effective Claude Code has been at finding these bugs:
We now have a number of remotely exploitable heap buffer overflows in the Linux kernel.
I have never found one of these in my life before. This is very, very, very hard to do.
Refactoring English: Month 15
New here?
Hi, I’m Michael. I’m a software developer and founder of small, indie tech businesses. I’m currently working on a book called Refactoring English: Effective Writing for Software Developers.
Every month, I publish a retrospective like this one to share how things are going with my book and my professional life overall.
Highlights
- It turns out that most of Refactoring English’s readers come from outside the US.
- I’m using AI-assisted coding too much.
Goal grades
At the start of each month, I declare what I’d like to accomplish. Here’s how I did against those goals:
Refactoring English: Month 14
New here?
Hi, I’m Michael. I’m a software developer and founder of small, indie tech businesses. I’m currently working on a book called Refactoring English: Effective Writing for Software Developers.
Every month, I publish a retrospective like this one to share how things are going with my book and my professional life overall.
Highlights
- A new strategy for finding book readers is having positive results.
- I had a breakthrough experience by letting an AI agent run in unrestricted mode.
- I’ve been using AI to correct decisions I regret about my tech stack.
Goal grades
At the start of each month, I declare what I’d like to accomplish. Here’s how I did against those goals:
Eversource EV Rebate Program Exposed Massachusetts Customer Data
I recently claimed a rebate for installing an electric vehicle (EV) charger, only to discover that Eversource, my power supplier, was publicly exposing personal information of customers who applied, including:
- Full names
- Vehicle registration certificates (including plate number and vehicle identification number)
- Home addresses
- Email addresses
- Phone numbers
I’ll include the backstory that led me to the vulnerability, but if you just want to know about the security vulnerability, you can skip to that.
My Eighth Year as a Bootstrapped Founder
Eight years ago, I quit my job as a developer at Google to create my own bootstrapped software company. Every year, I post an update about how that’s going and what my life is like as an indie founder.
Previously on…
I don’t expect you to go back and read my last seven updates. Here’s all you need to know:
- 2018 - 2020 - Quit my job and created several unprofitable businesses.
- 2020 - 2024 - Created a product called TinyPilot that let people control their computers remotely.
- 2024 - Sold TinyPilot, became a father.
How finances went
People are always most interested in how money works as an indie founder, so I’ll start there. Here’s what my revenue and profit looked like every month this year.