If "ba ba black sheep" and "wheels on the bus" haven't been drummed into your subconscious to the point of numbness and mental exhaustion, are you even a new parent?
Lovely personal essay by @mukulkesavan about Jamia, language and several other things. Hope this new Substack means we'll get to read his writing more than once a week.
https://t.co/x44npY1pP1
You know, @chesscom, you don't need to jazz up a perfectly adequate UI and produce a distracting "shaky-piece" effect after every move. If it ain't broke, don't fix it.
@GooglePayIndia a close relative filed a complaint that a payment did not reach the intended payee. Her GPay account was promptly blocked without explanation, and has remained so for a week now. What is the timeline for redressal? Very poor communication from you.
Grasping the sheer scale and intensity of the Taiping Rebellion (1850-1864) - history’s largest and last pre-industrial war - is so hard.
The best analogy I can come up with:
Imagine if Mormon prophet Joseph Smith had stayed on the Erie Canal. His followers, armed mostly with spears and swords, rise up and capture the entire US Midwest, seizing the nation's agricultural breadbasket. They systematically slaughter anyone from New York City and starve out huge towns like Chicago. The war kills 5% to 7.5% of the population, double the actual US Civil War.
Then, right as the Federal government completely collapses, the British Empire sails steam-powered gunboats up the Hudson River. They arm a ruthless mercenary force with state-of-the-art rifles to crush the uprising: not to save the US, but to keep Wall Street and the Atlantic trade routes open.
Meanwhile, in a completely separate conflict(!), official British and French armies sail up the Potomac and loot and burn the Smithsonian, the Capitol and Mount Vernon.
The Taiping Rebellion killed 20 to 30 million people, more than WW1. It was World War China.
The difference between Poirot and Holmes is the difference between a doctor's detective and a writer's detective. Poirot's deductions are usually not as convincing as Holmes', but I don't care because it's a different class of storytelling entirely.
@BarshaPanda Be it The Mysterious Mr Quin, or Murder on the Links, or the final scene in And Then There Were None. She really knew how to create an atmosphere where the reader stops asking questions and just .. glides along.
@BarshaPanda Yes it could be. Christie had an acute understanding of human nature (probably stemming from her own unpleasant personal life). Some of her stories feel borderline supernatural.
The standard narrative: Beijing picked winners, poured in subsidies, and created EV champions. We show that this is largely a misperception--Central policy actually BLOCKED most cities and private firms from the auto industry for decades.
be @ni5arga
→ 19 years old, from West Bengal, studied in Delhi for a few years
→ just finished his own Class 12 exams in 2026
→ calls himself a hobbyist cybersecurity researcher
→ says he is an engineer, not a hacker
→ built an OSINT engine, a stock-tracking TUI, a pastebin in Rust
→ once found bugs in FOSS United and disclosed them quietly
→ just another CBSE student watching his own board roll out a new digital marking system
then he opened the portal
→ CBSE moves Class 12 evaluation to On-Screen Marking, 1.8 million students affected
→ Nisarga sees the portal link is fully public, gets curious
→ opens DevTools, downloads the Angular JavaScript bundle
→ first vulnerability found in 30 minutes
→ a literal master password sitting in plain text inside the frontend code
→ enter it, the OTP field auto-fills, the entire login flow gets bypassed
→ OTP validation happens in the user's browser, not on the server
→ no route guards, every internal page reachable by editing browser storage
→ password reset API never checks the old password
→ systemic IDOR across the entire API, change one value in sessionStorage, become any examiner
→ outcome: take over any teacher account, view answer sheets, edit marks
25 February 2026. He reports everything to CERT-In the same day.
→ CERT-In asks for a screen recording, he sends a full walkthrough
→ acknowledgement comes back as a boilerplate reply
→ reference number assigned: CERTIn-16590126
→ he follows up multiple times. no response.
→ three months pass. portal still live. Class 12 results released. vulnerabilities still there.
→ 22 May: publishes the blog post and a thread on X
→ Deedy Das, Satish Acharya, Internet Freedom Foundation amplify it
→ the post goes viral
→ CBSE issues a clarification: that was just a test portal, no breach
→ the URL CBSE cited in their own tweet was not even a registered domain
→ a friend buys the domain and points it at Nisarga's blog
→ CBSE quietly deletes the tweet
then it gets worse
→ 25 May: finds an SQL injection vulnerability on the live production portal
→ reports to CERT-In, gets a one-line thank you
→ gains admin access to the live https://t.co/1WpmNGsczK server
→ portal stays up for four more hours
→ he uploads anime videos and memes, links them publicly from CBSE servers
→ plays a viral Japanese song on a CBSE page, makes the news for it
→ CBSE finally takes the whole portal down
then he reads the database
→ master table accessed: 10 GB, 9.3 million records
→ examiner names, addresses, school names, bank account details
→ passwords stored in plain text
→ login tokens anyone can paste into a browser to log in as that user
→ 31 May: finds a second live CBSE production portal, 45,074 records of failed payments
→ emails, phone numbers, payment IDs, order IDs, all readable
→ 31 May, the bigger one: an AWS S3 bucket is misconfigured
→ ListObjectsV2 works without authentication, the bucket root is listable
→ samples pulled from 18 lakh scanned 2026 answer sheets, every subject
→ multiple institutions sharing the same bucket
→ also notices something strange in the scans: bedsheets visible in the background of answer sheets CBSE paid for proper scanners to handle
CBSE responds
→ posts an AI-generated image saying the system is robust and secure
→ three days later admits some vulnerabilities existed and have been contained
→ refuses to name the cybersecurity firm doing the audit
→ claims they tried contacting him. he says they have not.
→ Internet Freedom Foundation writes to the Ministry of Education and CERT-In
→ asks for an investigation into CBSE, a review of the contract with vendor Coempt EduTeck, a full audit
→ he points out he could have sold this data and made a lot of money
→ he did not. he is a CBSE student too.
→ his own analogy: the door wasn't just unlocked. the key was lying on the ground in front of everyone.
a 19-year-old with a anima pff broke a national exam evaluation system in 30 minutes with browser developer tools and the government is still pretending it was a test environment
I once read somewhere that after an especially exhausting life,some souls choose to reincarnate as a tree spending a century just resting. I haven't looked at trees the same since then
today's struggle has been to reconcile the fact that the English better and the Persian / Hindi behtar have arrived at the same word-form, and the same meaning, from two totally different linguistic roots