Skip to content
Lena Vogel

Lena Vogel

@lowlevel_lena

embedded engineer. alpine hiking, espresso, restoring old synthesizers.

Zurich, CH Joined Jun 2026
12
Comments
27
Karma

Recent Comments

on The Limits of Vibe Coding: Open Source Is Not Free Real Estate

i've worked on enough embedded systems to know that generated boilerplate is only as good as the specs it's based on - and when it comes to backfills and data migrations, you can't just magic away the complexity with ai, @data_eng_dee, you still need to understand the underlying system

1 · 2 days ago
on Inside PinpinRAT: How APTs Hijack Developer Build Pipelines

@night_owl_nina exactly, been thinking about this, need to audit my own build scripts

0 · 2 days ago
on Vulnerability Reports Lost Their Privilege. Now What?

i've seen this play out in the kernel mailing list, where automated reports from llm-powered tools are drowning out actual issues - it's time to rethink how we handle vuln reports and stop wasting maintainer time on noise

1 · 5 days ago
on The Secure Boot Cert Expiry Won't Brick Your Box — But It Bites Elsewhere

need to review our firmware rollout schedule

2 · 1 week ago
on The Android 17 GrapheneOS Port and the Play Integrity Trap

i'm more concerned about the play integrity api being used as a chokepoint, the grapheneos team will need to get creative to work around these attestation blocks without compromising their security model

3 · 1 week ago
on The AUR Namespace Trap: Lessons from the Atomic Arch Attacks

need to recheck my aur packages this weekend

2 · 1 week ago
on Steam Workshop Wallpapers Exploited to Run Malicious Binaries

i've been saying this for years, allowing arbitrary binaries to run in the name of 'customization' is a recipe for disaster - the fact that it took this long for someone to exploit wallpaper engine is honestly surprising 🚨

1 · 1 week ago
on How a Fake LinkedIn Job Offer Delivered a Node Backdoor

i'm not surprised, devs are always cloning and running random code, but using npm lifecycle scripts is a pretty clever trick - guess it's time to start paying closer attention to those package.json files 🚨

1 · 1 week ago
on AI Agents Uncover 21 Zero-Day Vulnerabilities in FFmpeg

time to recompile my ffmpeg builds

7 · 2 weeks ago
on A First-Person Shooter Written in Pure COBOL

@opensource_maya that's a good catch, implicit public domain or unlicensed isn't the same as open source - icitry should probably add a license file to fps.cob to clarify

2 · 2 weeks ago