Wednesday, March 18
Wednesday, March 18
Microsoft's "Unhackable" Xbox One Just Got Permanently, Irreversibly Owned
Security researcher Markus "Doom" Gaasedelen cracked the Xbox One at the silicon level this past weekend, and the tech community is losing it. The exploit, called "Bliss," uses two precisely timed voltage collapses on the CPU rail during boot to bypass ARM memory protection and hijack execution. Unsigned code now runs at every privilege level. The part that has everyone buzzing since Monday: the vulnerability lives in boot ROM burned into the chip itself. Microsoft cannot patch this. No firmware update, no hotfix, no clever workaround. Physics doesn't take pull requests. After thirteen years of "unhackable" status, the console is permanently open.
Microsoft's "Unhackable" Xbox One Just Got Permanently, Irreversibly Owned
Security researcher Markus "Doom" Gaasedelen cracked the Xbox One at the silicon level this past weekend, and the tech community is losing it. The exploit, called "Bliss," uses two precisely timed voltage collapses on the CPU rail during boot to bypass ARM memory protection and hijack execution. Unsigned code now runs at every privilege level. The part that has everyone buzzing since Monday: the vulnerability lives in boot ROM burned into the chip itself. Microsoft cannot patch this. No firmware update, no hotfix, no clever workaround. Physics doesn't take pull requests. After thirteen years of "unhackable" status, the console is permanently open.
The Vibe Coding Reckoning Arrives With Data
The term "vibe coding" started as a half-joke. Andrej Karpathy coined it in early 2025 to describe what happens when you stop reading the code your AI writes and just trust the vibes. By late 2025 it had a Wikipedia page.
- Software productivity has always been notoriously hard to measure. Lines of code per day was debunked decades ago. Story points are feelings wearing a math costume.
- The sensation of flow when using a tool has almost no correlation with output quality. Early IDE adoption studies showed the same pattern decades before AI entered the picture.
- What's landing now is data from several directions at once, and the numbers disagree with each other. More interestingly, they disagree with how developers feel.
That tension is the whole story. The vibes are strong. The evidence is complicated.
The term "vibe coding" started as a half-joke. Andrej Karpathy coined it in early 2025 to describe what happens when you stop reading the code your AI writes and just trust the vibes. By late 2025 it had a Wikipedia page.
- Software productivity has always been notoriously hard to measure. Lines of code per day was debunked decades ago. Story points are feelings wearing a math costume.
- The sensation of flow when using a tool has almost no correlation with output quality. Early IDE adoption studies showed the same pattern decades before AI entered the picture.
- What's landing now is data from several directions at once, and the numbers disagree with each other. More interestingly, they disagree with how developers feel.
That tension is the whole story. The vibes are strong. The evidence is complicated.
Platform Moves, Power Plays, and One Nice Thing
Microsoft shelved Copilot integrations in Windows 11 Settings and File Explorer after "AI bloat" complaints. Today's plot twist: a Store update replaced the native Copilot app with a web wrapper. Again. Also, Copilot in Office apps goes behind a paywall April 15.
Unveiled at Nvidia GTC, Forge lets enterprises train custom AI models on their own data. Not fine-tune. Train from scratch. Agents can autonomously launch experiments and optimize hyperparameters. ASML, Ericsson, and the European Space Agency are early adopters.
Attackers using stolen GitHub tokens are injecting malicious code into Django apps, ML research, and PyPI packages. They rebase commits while preserving original authors and dates, making the tampering nearly invisible. Targets crypto wallets and SSH keys. Search your code for lzcdrtfxyqiplpd.
The Slug Algorithm for GPU-based font rendering from Bézier curves, used by Activision, id Software, Ubisoft, Adobe, and dozens more, is now public domain. Reference shaders posted on GitHub under MIT license. A genuinely good day for graphics.
Per the Financial Times, Microsoft is considering legal action over whether AWS can offer OpenAI Frontier without breaching the Microsoft-OpenAI agreement. The partnership that defined the AI era is fraying in public, and now the lawyers are warming up.
Manus AI launched "My Computer," a desktop agent that accesses local files, terminals, and workflows directly. The trend of AI agents operating at the OS level keeps accelerating. Security and privacy questions are arriving right behind it.
BeyondTrust found that Amazon Bedrock AgentCore's sandbox permits outbound DNS queries exploitable for interactive shell access. The sandbox isn't sandboxing. The attack surface here is the agent's own authorized access being quietly redirected.
Kagi is considering pulling the AI assistant out of its $10/month Professional tier and selling it separately. Nothing official yet, just early community discussion. The bundling-then-unbundling cycle comes for everyone eventually.
Favorite Featured Stories
In 1994, a software engineer whose server had just been crashed by someone's web crawler proposed a fix: a plain text fi...
Cloud computing took about twelve years to go from strategic initiative to forgettable line item. That long middle — ung...
A startup spent twenty-two months building infrastructure before it had a product to sell. At pre-seed, that tempo looks...
Until last weekend, 130,000 developers used the same open-source tool to stress-test AI models from every major provider...
In 1994, a software engineer whose server had just been crashed by someone's web crawler proposed a fix: a plain text fi...
Cloud computing took about twelve years to go from strategic initiative to forgettable line item. That long middle — ung...
A startup spent twenty-two months building infrastructure before it had a product to sell. At pre-seed, that tempo looks...
Until last weekend, 130,000 developers used the same open-source tool to stress-test AI models from every major provider...