Deden Fathurahman's notes

how a roblox cheat and one AI tool brought down vercel's entire platform

Tue, 21 Apr 2026 00:00:00 +0700

A wild news recently, Vercel, the company behind Next.js, and web app hosting company breached, and customer data were stolen, and put on sell in the dark web.

The thing that interest me, of how human and AI could have so much damage, and open huge huge attack surface, in this story, vercel is just one story, Context.ai is the other story with employee using its company’s computer to play roblox, and download roblox cheat.

If not that bad, read this one:

April 19. Guillermo Rauch posts the thread confirming everything. Environment variables not marked as “sensitive” were stored in plaintext. Accessed. Exfiltrated. A threat actor using the ShinyHunters name is now asking $2 million for the stolen data, though the actual ShinyHunters group says they’re not involved.

… a platform hosting millions of applications, was storing environment variables in plaintext unless you manually clicked a “sensitive” checkbox.

Mindblown.

Membaca vs Menonton

Wed, 08 Apr 2026 00:00:00 +0700

Informasi bisa datang dari media apa saja, bisa tulisan, visual (gambar, video, peragaan, dll), dan membutuhkan usaha yang berbeda untuk mengerti informasi tersebut, salah satu video (reels) di Instagram, akun yang saya ikuti sedang membahas shareholder latter yang ditulis oleh Jamie Dimon, kemudian saya membandingkan hasil pemahaman, antara video yang saya tonton, kemudian saya juga artikel yang saya baca langsung Jamie Dimon Shareholder Letter PDF, materi yang sama yang dibahas di video tersebut.

Tingkat pemahaman terasa lebih tinggi dengan saya membaca langsung, yang membuat video pastinya sudah mengusahakan materinya bisa diterima dan dimengerti oleh followers-nya, setidaknya untuk saya, terkadang ada yang terlewatkan, ada hal yang perlu saya mengerti sendiri dibanding dengan menerima informasi itu dari orang lain yang mungkin memiliki cara yang berbeda untuk mengerti suatu hal, topik atau apapun, di sini shareholders’ letter ini.

Meski inti dari artikel tersebut terlihat generic, seperti ekonomi ke depan bisa suram karena perang dan faktor-faktor yang menyertainya.

Balik lagi ke bahasan, terkadang memang media lain bisa komplemen hal yang kita sudah baca atau pelajari sebelumnya, ada yang kita bisa terlewatkan, hanya saja tetap percayakan kemampuan otak kita dalam memproses terlebih dahulu, kemudian cari informasi tambahan.

TUI

Mon, 06 Apr 2026 00:00:00 +0700

If I’m in my terminal, a command line interface, doing some monitoring or just browsing around, it’s a habit, I always hit brew upgrade, to make sure my app/package that was installed through Homebrew has the latest update, and sometime, brew will gave me some list of newest package that was either newly updated or newwly submitted to Homebrew repository.

Long before, I got introduced to htop, an application to monitor and track your resource usage, like CPU, RAM and track what processes run in the background, and then, found btop and then k9s and then macmon and then…

See the commonality? yes it’s a TUI, or Terminal User Interface, or used to be called Text-based User Interface, the text-based user interface has been there for a long time, I used to code to display the interface using this method, using Turbo Pascal, building an interface to be use for the user using manually calculating the pixel of the monitor, and positioning each of coded “component” on each reserved pixel, I believe the resolution was 320x240, you need to place your weaved your interface via combining each of ASCII characters to became a table, or some borders.

Even though they are the same, TUI vs TUI, the main differences is in how it was displayed, the modern TUI, can displayed emoji, UTF characters, and also can interact with mouse.

And I am a massive fan of TUI, just like the old time, but with modern touch, sometimes it uses GPU to run, and with modern touch, it can do so much, beside above tools mentioned above, I do like to explore more, what other app was packaged using TUI, and I found that there’s image viewer using TUI, there’s even music player built for TUI, like kew or musickube or termusic, I like it.

The ecosystem to build this TUI app also growing, many people found it more and more, and many engineer build this, and then born many library to build TUI app like Bubble Tea, Ratatui or OpenTUI, and some people are very creative, like the one I just found, a TUI based email client, neo.md.

This will not fade away, there are always people who loved the simplicity of TUI, and interacting with computer without the need of a mouse.

Helium Browser

Wed, 04 Mar 2026 00:00:00 +0700

Yes, this is another browser post, old habit die hard, since became fullstack developer back then, using multiple browser is just daily activities, having no problem switching between this browser to that browser, and try to make the site looks good on each.

That activity became habit.

Now finding new browser with privacy in mind became a challenge, last week i am using Brave browser exclusively, but since it has became just-another-chrome browser, I’m avoiding using Brave currently, and start looking another browser, and found Helium browser, promising privacy, ad-blocking and other cool stuff that Brave used to.

With all the goodness, and i recommending people using this browser, it still has some minor issue, not about how this browser works, but some feature that i got used to in Brave was not yet implemented in Helium, one of it is the deep integration with my password manager, when some site levereging Passkey to login or authenticate, it was not working out of the box, and few other minor issue.

Overall, I am happy with this browser, and planning to use this for a while, until i get used to it.

Some projects I found interesting

Tue, 10 Feb 2026 00:00:00 +0700

As usual, if i’m doing some update on my mac, usually i found an interesting project that Homebrew display, like new project added to their repo, or project has been recently updated.

Codexbar – For people who are using heavily on AI to maximize their productivity(?), and using Codex from OpenAI or Claude Code (or other large AI provider), it display our usage, like tokens and it costs.
RepoBar – A menu bar that display your Github data in your desktop.
Trimmy – According to its website “Trimmy watches your clipboard and turns wrapped shell snippets into a single clean line, so they paste and run exactly once.”
Thaw – Menu bar management, if you running a lot of app, and it has menu bar dedicated, this tool is the right tool to manage those icons displayed on your menubar.

A Social Filesystem

Sun, 08 Feb 2026 00:00:00 +0700

It’s an interesting takes of how the author construct and stuctured the everyday social interaction via app that was created by someone else platform and the users are the creator of the content.

Even though there’s question of how the data was produced by the users, is the data belongs to the user or platform owner?

I admired the author explain with details, how the data stuctured, how it it construct the ATProtocol.

Link ke artikel

It’s hard to justify Tahoe icons

Tue, 06 Jan 2026 00:00:00 +0700

MacOS Tahoe, Apple new mac operating system, promising updates, like function and new UI, which is very bad, just like Windows Vista-esque, and now, new rant about how Apple designing its context menu, it is, “copying” windows ugly UI and HID.

Icons are supposed to be easily recognizable from a distance. Every icon designer knows: small details are no-go. You can have them sometimes, maybe, for aesthetic purposes, but you can’t rely on them.

I have not yet upgrade or trying this new operating system, and it seems, will not use it in the near future.

Al-Ghazali: The Thinker Who Linked Money to Morality

Tue, 23 Dec 2025 00:00:00 +0700

Pastinya sering dengan kata-kata mengenai uang, seperti, “uang bukan segalanya, tapi segalanya butuh uang”, “uang tidak dibawa mati, tapi mati butuh uang juga”, atau uang adalah sumber bencana, dan lainnya.

Pandangan ini bisa jadi sah-sah saja, seperti yang disebutkan oleh Al-Ghazali, uang itu seperti cermin, akan berguna jika ada yang ditampilkan, sebuah fasilitator, sebuah alat tukar, tidak lebih.

Di video ini membahas pandangan Al-Ghazali mengenai uang, dan bagaimana uang membentuk manusia, kelompok, sampai bisa membentuk negara, meski hanya sebuah alat, tapi bisa menjadi kuat dan bisa juga menjadi senjata.

Some projects I found interesting

Wed, 10 Dec 2025 00:00:00 +0700

Somtimes you can found some interesting projects on GitHub. I was looking for something to help me with my daily tasks, and found these projects, mind you these projects was packaged using docker, so it was easy to run on my mac or any other machine that support containerization.

1. Bento PDF

2. Actual Budget

3. Wallos

4. Beszel

5. Dawarich

6. Linkwarden

You can try all of the app directly from the docker hub, just run the following command:

docker run -d --name bentopdf -p 3000:8000 bentopdf/bentopdf:latest

or if you are using Podman as your container runtime, you can run the following command:

podman run -d --name actual -p 3000:8000 bentopdf/bentopdf:latest

RIP Browsers

Wed, 24 Sep 2025 00:00:00 +0700

Having read this article, kinda scary to see the “progress” of the browser, where it will heading, and what technologies was baked into the browser.

Yes indeed, just like Jim, I love browsers.

Using, reviewing many browser on my blog, probably because I used to develop websites, that needed a lot of testing, how the app work, is the UI works, how it interact with browsers, compatibilities etc.

Currently I am using few browsers, Brave, Orion, Zen, and Safari. previous browser I was using was Firefox, Arc, Chrome. The last three browser i was given up mostly because of the security, lack of innovations.

It is sad to see browser has more and more become a honeypot for data collections, or a trap for their users, it’s like we are giving these companies a way to know us more and more deeper, and obviously they will sold the data to the higest bidder, for ads, for anything. The browser that I am using also the same, in some way, they will monetize their users, and with AI, and obviously its term & condition, will override the privacy feature, and browser company will have a way to collect more data.

Deden Fathurahman's notes

how a roblox cheat and one AI tool brought down vercel's entire platform

Membaca vs Menonton

TUI

Links:

Helium Browser

Some projects I found interesting

A Social Filesystem

It’s hard to justify Tahoe icons

Al-Ghazali: The Thinker Who Linked Money to Morality

Some projects I found interesting

1. Bento PDF

2. Actual Budget

3. Wallos

4. Beszel

5. Dawarich

6. Linkwarden

RIP Browsers