- AF Letter & Blog
- Posts
- AF Letter #1
What I’ve Been Up To…
Burnout
As can be seen in my GitHub history, a few weeks ago I hit a wall with my main side project (TBA). Progress stalled, and I might have even burned out. I say "might" because I’m no expert on burnout, and from what I’ve read, true recovery usually involves stepping away from work entirely for a while—which I didn’t do.
That said, I’ve recently made some big changes that seem to be helping:
I’ve cut my daily work limit from ~12 hours to a maximum of 10.
I’ve dialed back weekend work from ~4+ hours to no more than ~2.5 hours per day.
I’ve started tackling the mentally demanding tasks as early as possible, saving writing and planning for the afternoon.
So far, I feel much better. I’d even say I’m rediscovering a genuine passion for the kind of work I do. Weirdly, it also feels like I’m getting more done in less time.
Fingers crossed this sticks. I’ll keep you posted…
As a means to accelerate my journey towards actual burnout, I’ve recently decided to start a weekly newsletter—which you’re currently reading.
Jokes aside, there are a couple reasons why I’m doing this:
I used to really like to write, but haven’t written almost at all for a long time now.
Sharing is obviously a means to learn, and aside from the obvious “if you can’t explain it you don’t really know it,” a newsletter and a blog (yep, I’ll also be writing blog posts on specific topics) will force me to keep a closer eye on cybersecurity trends and really understand them so I can write about them.
I obviously also want to build a personal brand for all the benefits that come with it.
Maybe I should have started this letter with this section, but where’s the fun in that?
Health
Inspired by Marc Lou’s simple habits for getting and staying in shape (YouTube Video), I’ve started experimenting to see if I can arrive at my own version of it.
Here’s what I’m testing out right now:
Alternating between upper body, lower body, and cardio workouts every day, usually at home first thing in the morning.
Trying to eat cleaner. Not much to report here yet—I’ll update later when I’ve got more to say.
In all seriousness, though, I’ve made some real changes this year. I’ve almost entirely cut out alcohol (except for the odd social occasion), swapped in Coke Zero, and dropped about 6kg so far.
Mobile Security
Crocodilus Android Banking Trojan
A new report from Threat Fabric exposes the emergence of a banking trojan they’ve coined Crocodilus. Although the techniques it uses to steal sensitive user data are nothing new, they are powerful: abuse of the Accessibility Service for remote control, black screen overlays, and data harvesting via accessibility logging.
Essentially, this malware is capable of presenting the user with fake screens in order to steal things such as passswords or crypto wallet secret phrases, while also being able to remotely control the device (opening specific apps, tapping on specific buttons, etc.)
JadxMCP
Not going to lie, I had JadxMCP on my to-do list and I’m a little bit jelly @zinja_coder did it first. I haven’t tried it out yet but based on the use case video it’s what you would expect (and very cool).
For those unfamiliar, Jadx is an open-source Dex-to-Java decompiler featuring both CLI and GUI interfaces. Jafar forked it to integrate a plugin for MCP support, enabling interaction with large language models (LLMs). This allows reverse engineers to prompt the LLM to search within Jadx, analyze code, and potentially reverse, deobfuscate, or decrypt strings and other components.
GhidraMCP
Same idea as above, but for Ghidra, and this time built by ex Microsoft, current Google reverse engineer, and security influencer on YouTube, LaurieWired.
GhidraMCP feels extremely powerful because it should allow a lot of common security analysts such as myself to properly reverse native binaries (which is not normally for the faint of heart). Make sure to check it out.
AI
Llama 4 & Controversy
This week Meta released Llama 4 as three different models, and the one called Scout is currently the fastest LLM out there according to artificialanalysis.ai, by a lot.
But that’s not even the big thing, what makes this release a huge deal is that the Scout model has a 10M input context length, which is completely insane. According to grok around 90% of the codebases hosted on Github would fit within this context length 🤯.
And that’s not all either. There’s big controversy due to claims that Llama 4 Maverick was specifically optimized for the LM Arena leaderboard through a focus on conversational ability preferred by human raters. I’m not yet sure about my feelings on this topic, but it’s certainly causing quite a stirr.
OpenAI is Suing Elon Musk
More major drama. OpenAI is suing Elong Musk and published email and chat records essentially showing that he negotiated to transition OpenAI to a for-profit model but ended up not being a part of the new company because he wanted a majority stake and full control (CEO role) in the beginning.
Given that Elon has publicly criticized OpenAI for moving away from the non-profit model multiple times, this is yet another huge blow to his reputation (and I’m afraid soon there won’t be any of it left).
Personally, I highly admire Elon Musk’s stated life mission of colonizing Mars and transforming humanity into an inter-planetary race, but with his reputation and character being legitimately questioned basically every day since he bought Twitter, it starts to become hard to support him at all.
To be clear, I have similar feelings about Sam Altman. He’s leading an incredibly special and critical mission for humanity at OpenAI, but his co-founders were already questioning his motives before OpenAI became a for-profit (and one of them left to start their own AI lab in the middle of a huge scandal later on):
We don’t understand why the CEO title is so important to you. Your stated reasons have changed, and it’s hard to really understand what’s driving it. Is AGI truly your primary motivation? How does it connect to your political goals? How has your thought process changed over time?
Ultimately, I hope that, despite both personalities likely being far more powerhungry than they first appear—hardly surprising given their ambitious roles—their missions to achieve safe AGI and ASI, and to make humanity interplanetary, are genuine.
Thanks for Reading
That’s all for this week. If you found this useful please make sure to subscribe and share.
See you next week.