Top 10 Ways Hackers Exploit Web Applications (and How to Prevent Them)
Hackers don’t wait for big websites. They look for easy mistakes. Let’s fix them before they find yours.
[Continue reading on InfoSec Write- … ⌘ Read more
https://github.com/savashn/ecewo microframework for web development in #C
爲什麼頂級爬蟲工程師都悄悄換成了 Playwright?趕緊學起來
雜談如果你也有爬蟲需求,在以往我們需要做一個瀏覽器自動化肯定想到的是 Selenium。作爲老牌的自動化 “選手”,Selenium 網絡上資料多,功能齊全,容易上手。但是,Selenium 有很多缺陷,特別 web driver 的下載非常頭疼。一個是需要版本要保持一致,就算使用自動下載的代碼,也因爲服務器在國外,速度非常令人崩潰。而且 Selenium 確實存在性能缺陷,有時候無法滿足性能需求 ⌘ Read more
‘I don’t see how it doesn’t happen’: Apple eyes giant change to devices
Apple is “actively looking at” revamping the Safari web browser on its devices to focus on AI-powered search engines, a seismic shift for the industry hastened by the potential end of a longtime partnership with Google. ⌘ Read more
Securing Apache2 + PHP: Practical guide for safer web hosting
A practical security checklist to harden your Apache2 + PHP stack and protect your web applications from common vulnerabilities.
[Continue reading on InfoSec Write-ups »](https:// … ⌘ Read more
Beyond Alert Boxes: Exploiting DOM XSS for Full Account Takeover
Hello Hunters, as you all know, XSS is one of the most common web vulnerabilities, often underestimated but capable of causing severe…
[Continue reading on … ⌘ Read more
feather: Feather🪶: A web framework that skips Rust’s async boilerplate and just works
Comments ⌘ Read more
How to Install and Deploy Applications on Apache Tomcat Complete Guide
Learn how to install Apache Tomcat on CentOS, explore its directory structure, deploy Java web apps, and optimize your production setup…
[Cont … ⌘ Read more
Mastering Apache Web Server on CentOS: Installation, Configuration, and Virtual Hosts
Learn to install, configure, and manage the Apache web server on CentOS, including virtual hosts and bes … ⌘ Read more
↳
In-reply-to
»
Hehe! it's done! 🤡
⤋ Read More
@doesnm@doesnm.p.psf.lt nah, I’m fine without a web ui. But I like what the dev did with the 2009 facebook/VK look, it kind of feels notsalgic. (the tld is a .me not a .com if anyone else wants to take a look atit)
↳
In-reply-to
»
Confession:
⤋ Read More
@kat@yarn.girlonthemoon.xyz Off-topic areas are always a good idea. :-) Web forums often had those. And web forums are actually what I had in mind, @bender@twtxt.net. 😅 (While I do have a certain nostalgia for it now, Usenet has always been a bit weird to me. Can’t really explain why.)
↳
In-reply-to
»
Hehe! it's done! 🤡
⤋ Read More
@aelaraji@aelaraji.com Lol gts is so popular. But if choicing something with fancy web ui maybe Smithereen is best option. Example instance: https://friends.grishka.com
↳
In-reply-to
»
@kat That's what I was going for at first, I already have my compose file to go
⤋ Read More
up -d, but then I took a look at a couple of #Snac instances at the last second and they looked pretty dope! Now I'm stuck in my own head 😅
@aelaraji@aelaraji.com which snac instance did you see that looked pretty dope? On the ones I saw in the past, I found their web frontend to be rather messy (even more so on mobile).
Sculpt OS 25.04 released
Sculpt OS 25.04 has been released, and with it come a number of very welcome and important improvements. What most users will care about the most is the updated version of the Falkon web browser, built atop Qt 6.2.2 and its accompanying qtwebengine release, which in turn is using version 112 of the Chromium engine. Aside from this major improvement, there’s two other things that stand out: Usability-wise, the new version comes with two highly anticipated features. First, building u … ⌘ Read more
“I use zip bombs to protect my server”
The majority of the traffic on the web is from bots. For the most part, these bots are used to discover new content. These are RSS Feed readers, search engines crawling your content, or nowadays AI bots crawling content to power LLMs. But then there are the malicious bots. These are from spammers, content scrapers or hackers. At my old employer, a bot discovered a wordpress vulnerability and inserted a malicious script into our server. It then turned the m … ⌘ Read more
How I Set Up a Free Server That I’ll Never Have to Pay For
About one year ago, after my Amazon Web Services and Google Cloud trials expired, I started looking for other free cloud services.
[Continue reading on InfoSec Write-ups »]( … ⌘ Read more
↳
In-reply-to
»
To the parents or teachers: How do you teach kids to program these days? 🤔
⤋ Read More
We’re all old farts. When we started, there weren’t a lot of options. But today? I’d be completely overwhelmed, I think.
Hence, I’d recommend to start programming with a console program. As for the language, not sure. But Python is probably a good choice
That’s what I usually do (when we have young people at work who never really programmed before), but it doesn’t really “hit” them. They’ve seen so much, crazy graphics, web pages, it’s all fancy. Just some text output is utterly boring these days. ☹️ And that’s my problem: I have no idea how I could possibly spark some interest in things like pointers or something “low-level” like that. And I truly believe that you need to understand things like pointers in order to program, in general.
↳
In-reply-to
»
To the parents or teachers: How do you teach kids to program these days? 🤔
⤋ Read More
I should probably clarify: Which language/platform? Something graphical or web-based right from the beginning or do you start with a console program?
The return of the tilde
As some of you may have noticed my web page is now under /~mc instead
of just /mc. This is a return to olden times.
The Apache web server, and probably many other web servers, had a
simple way of adding personal web pages for local users. This meant
that an URL ending with ~mc led directly to a subdirectory of user
mc’s home directory. Whatever they put in that directory was
immediately available on the Intertubes! Neat, huh?
We need to bring this back to the modern net! Many tilde pubnixe … ⌘ Read more
使用 Go 進行 HTTP 流量重放測試
在 Web 安全測試、API 調試、流量回歸測試中,HTTP 流量重放(HTTP Traffic Replay)是一項重要的技術。它可以幫助我們復現問題、測試系統兼容性、進行安全研究等。在這篇文章中,我們將簡單探討 HTTP 流量重放的原理,並通過 Go 語言實現不同的流量重放方案,同時介紹常見的開源工具。(身爲一個在小公司裏的網安牛馬,總得幹些雜活🐂🐎)HTTP 流量重放的原理HTTP 流量重放 ⌘ Read more
使用 Go 進行 HTTP 流量重放測試
在 Web 安全測試、API 調試、流量回歸測試中,HTTP 流量重放(HTTP Traffic Replay)是一項重要的技術。它可以幫助我們復現問題、測試系統兼容性、進行安全研究等。在這篇文章中,我們將簡單探討 HTTP 流量重放的原理,並通過 Go 語言實現不同的流量重放方案,同時介紹常見的開源工具。(身爲一個在小公司裏的網安牛馬,總得幹些雜活🐂🐎)HTTP 流量重放的原理HTTP 流量重放 ⌘ Read more
Run Mac OS X 10.2 Jaguar in a Web Browser
Mac OS X Jaguar 10.2 may have been released all the way back in 2002, but thanks to the InfiniteMac project, you can also run Mac OS X Jaguar on your modern Mac right now with just a web browser. Sure you might even have an old dusty Mac laying around in a closet that … Read More ⌘ Read more
When /etc/h*sts Breaks Your Substack Editor: An Adventure in Web Content Filtering
Comments ⌘ Read more
actix-request-reply-cache: A Redis-backed response caching middleware for Actix Web applications
Comments ⌘ Read more
The VTech Socratic method
We’ve had a lot of fun with VTech’s computers in the past on this blog. Usually, they’re relatively spartan computers with limited functionality, but they did make something very interesting in the late 80s. The Socrates is their hybrid video game console/computer design from 1988, and today we’ll start tearing into it. ↫ Leaded Solder web log Now we’re in for the good stuff. A weird educational computer/game console/toy thing from the late ’80s, by VTech. I have a massive soft s … ⌘ Read more
Run Mac OS X 10.2 Jaguar in a Web Browser
Mac OS X Jaguar 10.2 may have been released all the way back in 2002, but thanks to the InfiniteMac project, you can also run Mac OS X Jaguar on your modern Mac right now with just a web browser. Sure you might even have an old dusty Mac laying around in a closet that … Read More ⌘ Read more
**The Fastest Way to Learn Web Hacking in 2025 (With Free Resources) **
🔓Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-fastest-way-to-learn-web-hacking-in-2025-with-free-resourc … ⌘ Read more
Oddly, in defense of Google keeping Chrome
As much as I’m a fan of breaking up Google, I’m not entirely sure carving Chrome out of Google without a further plan for what happens to the browser is a great idea. I mean, Google is bad, but but things could be so, so much worse. OpenAI would be interested in buying Google’s Chrome if antitrust enforcers are successful in forcing the Alphabet unit to sell the popular web browser as part of a bid to restore competition in search, an OpenAI execu … ⌘ Read more
https://github.com/jeffwitz/pdf2web-presenter Convert PDF presentations to interactive web slideshows
** How I discovered a hidden user thanks to server responses ?**
My first real step into web hacking and it wasn’t what i thought it would be.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-discovered-a-hidde … ⌘ Read more
**Burp, Bounce, and Break: How Web Cache Poisoning Let Me Control the App **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/burp-bounce-and-break-how-web-cache-poisoning-let-me-con … ⌘ Read more
Hmmm there’s a bug somewhere in the way I’m ingesting archived feeds 🤔
sqlite> select * from twts where content like 'The web is such garbage these days%';
hash = 37sjhla
feed_url = https://twtxt.net/user/prologic/twtxt.txt/1
content = The web is such garbage these days 😔 Or is it the garbage search engines? 🤔
created = 2024-11-14T01:53:46Z
created_dt = 2024-11-14 01:53:46
subject = #37sjhla
mentions = []
tags = []
links = []
sqlite>
**Hmmm there’s a bug somewhere in the way I’m ingesting archived feeds 🤔
sqlite> select * from twts where content like 'The web is such ga ...**
Hmmm there’s a bug somewhere in the way I’m ingesting archived feeds 🤔
sqlite> select * from twts where content like ‘The web is such garbage these days%’;
hash = 37sjhla
feed_url = https://twtxt.net/user/prologic/twtxt.txt/1
content = The web is such garbage these days 😔 Or is it the garbage search engines? 🤔
created = 2024-11-14T01:53:46Z
created_dt = 2024-11-14 01:53:46
… ⌘ Read more
is it like… ethical to offer access to certain self hosted services as patreon exclusives. like i wanna offer the IRC client/bouncer i hosted which seems ok i think because i’ve seen pico.sh offer their instances of that as paid services. but the other ones i have in mind are alt web frontends for stuff like imgur and pinterest. and i just feel weird about it for some reason. idk i’m trying to think of ways to support my server stuff but every time i come up with something it feels weird
↳
In-reply-to
»
guys i may be stupid. i confused IRC bouncer with IRC server
⤋ Read More
@prologic@twtxt.net oooh this looks interesting!!! maybe i could play around with it in docker and see how to integrate it with caddy layer4 for TLS + my existing web client and bouncer!!
↳
In-reply-to
»
guys i may be stupid. i confused IRC bouncer with IRC server
⤋ Read More
@movq@www.uninformativ.de i tried ngircd but couldn’t figure it out T__T i left it at the web client and bouncer for now but i might toy with an IRC server another time!
I asked ChatGPT what it knows about Twtxt 😂 And surprisingly it’s rather accurate:
Twtxt is a minimalist, decentralized microblogging format introduced by John Downey in 2016. It uses plain text files served over HTTP—no accounts, databases, or APIs.
In 2020, James Mills (@prologic@twtxt.net) launched Yarn.social, an extended, federated implementation with user discovery, threads, mentions, and a full web UI.
Both share the same .twtxt.txt format but differ in complexity and social features.
使用 Go 實現零停機處理數百萬個 WebSocket 連接
引言 —想象一下這樣的場景:你剛剛上線了一款實時聊天應用,用戶數量快速攀升至數十萬。然而,每次服務更新都會導致所有用戶連接斷開,他們需要手動刷新頁面才能重新連接。用戶反饋很差,因爲重要的消息會在服務更新期間丟失。這是一個經典的問題 —— 如何在不中斷服務的情況下更新和擴展 WebSocket 應用?WebSocket 技術爲現代 Web 應用提供了雙向實時通信能力,廣泛應用於聊天應用、遊戲、 ⌘ Read more
↳
In-reply-to
»
jenny really isn’t well equipped to handle edits of my own twts.
⤋ Read More
@movq@www.uninformativ.de wouldn’t editing your own twtxts cause the same issue Yarnd (or any other client) has, which is breaking any replies to it? Under which conditions would this work the best? When copying the twtxt.txt file asynchronously? In my case I copy the twtxt.txt file to its web root right away, but I figure I could not do that, which would give me a set period of time to edit without worries.
How to Get SSL Certificate Info in Safari on Mac
The latest versions of Safari for Mac have changed how a person might find SSL certificate information for a particular website, something that is commonly needed in web development, information security, and developmental web work in general. While in prior versions of Safari you could simply click on the little padlock icon next to the … Read More ⌘ Read more