It’s official now. I’ll be joining @troyhunt and @Charlotte_Hunt_ later this summer, working full time for @haveibeenpwned!Really excited about this awesome opportunity and I’m very much looking forward to it! 🥳

New stealer log corpus: A collection of hundreds of millions of stealer log records containing 56M unique email addresses has been added. The data also contained 124M unique passwords added to Pwned Passwords. 86% were already in @haveibeenpwned. More: haveibeenpwned.com/Breach/Ju…

New breach: The University of Nottingham was targeted in a ShinyHunters extortion campaign exposing 455k email addresses this week. Data included name, address, phone, ethnicity, disability & academic enrolment info. 47% were already in @haveibeenpwned haveibeenpwned.com/Breach/Un…

Have I got any friends at @OpenAI that can help get our app submission for @haveibeenpwned through? After many hours of preparation, we're stuck on an endless loop of "This is a required field" without specifying the field, and they're all complete anyway 🤷‍♂️

The Windows developer experience team wrote the grep implementation in uutils. Everything is being contributed upstream. github.com/uutils/grep

This was nice rider GitHub Copilot but having basically one working day of usage for such price is just not acceptable, time to move on.

What's better than writing a book about GC? Writing a GC! I am excited to share that I've joined Microsoft as Principal Software Engineer, to work on the evolution of the .NET Garbage Collector and in general the future of the .NET runtime. Stay tuned for much more! After my two-year detour into agentic AI, and my deep .NET background, I find it a perfect match for today's evolution of .NET and serving heavy AI workloads. The intersection of AI with low-level programming and hardware-aware algorithms is a great place to be. Not to mention AI-assisted work and engineering is already deep in my heart. #dotnet 💜

Current status after less then 24 hours of GitHub Copilot usage (Pro subscription) with the new usage-based billing. I haven't even done any really complex work yet.... I have a feeling I'll be going somewhere else pretty soon. Been using GPT 5.4 today.

1,000 data breaches!

That's a massive milestone - 1,000 breaches processed in @haveibeenpwned - and it got me wondering why the service is still needed? But you don't have to look far to see why: troyhunt.com/1000-data-breac…

🤤

Passkeys are supposed to be browser-enforced security. But what happens when a browser extension can step into the WebAuthn flow and bypass the rules your site explicitly set? I dug into 1Password, Permissions Policy, and a questionable edge case: scotthelme.co.uk/passkeys-pe…

I didn't realise it was so trivial for an XSS vulnerability to allow an attacker to register their passkey on your account! scotthelme.co.uk/xss-is-dead…

It's not OpenCode but it's called CodeAlta 😁 entirely written in C#, multi-sessions, multi-threaded, multi-model-providers, single file C# plugins, fast TUI, ... and fully OSS, coming soon! 🚀

Want to tell the product team what's missing in Windows before a feature ships, not after? We're opening that channel. Direct access, real research, your voice in the room. Sign up: aka.ms/windows-listens

Why do people think this is the only thing MS is doing to fix lags in the Windows UX? Has anyone though they might actually also optimize code? Or that this might be an opt-in mechanism to make stuff that will be faster due to code optimizations even faster? Think people!

There are actual things wrong and smart people are working to fix them, but a lot of this negativity is computer science enthusiasts without experience in computer science making assumptions based on their intuition