️ Spring Boot API Security Like a Pro: Rate Limiting, Replay Protection & Signature Validation…
Learn how to secure your Spring Boot APIs using rate lim … ⌘ Read more
How to Identify Sensitive Data in JavaScript Files: (JS-Recon)
A complete guide to uncovering hidden secrets, API keys, and credentials inside JavaScript files
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/h … ⌘ Read more
Why, in 2025, do we still need a 3rd party app to write a REST API with Django?
Comments ⌘ Read more
A Beginner’s Guide to Finding Hidden API Endpoints in JavaScript Files
How to discover what others miss in plain sight
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/a-beginners-guide-to-finding-h … ⌘ Read more
I keep getting this email occadionally:
Your iCloud storage is almost full
Now for various reasons, I don’t want my children to be using iCloud to store data, files, photos or any of the sort. They’re free to use iMessages, and other Apple services like the App Store, etc, but not storage.
So I’ve set about blocking iCloud Storage API(s) via AdGuard Home tonight as well as ensuring that my local network (client users) cannot bypass DNS policies and get out other sneaky ways, because some applications will just use other DNS servers, or DOH or DOT.
CORS Vulnerability with Trusted Insecure Protocols BurpSuite Walkthrough
CORS misconfig + HTTP subdomain XSS analysis showing API key exfiltration, exploit breakdown and remediation.
[Continue reading on InfoSec W … ⌘ Read more
Stealing Part of a Production Language Model (2024)
We introduce the first model-stealing attack that extracts precise, nontrivial information from black-box production language models like OpenAI’s ChatGPT or Google’s PaLM-2. Specifically, our attack recovers the embedding projection layer (up to symmetries) of a transformer model, given typical API access. For under $20 USD, our attack extracts the entire projection matrix of OpenAI’s ada and babbage language models. We thereby confirm, for the first time, that these black-box … ⌘ Read more
Karmada v1.15 Released! Enhanced Resource Awareness for Multi-Template Workloads
Karmada is an open multi-cloud and multi-cluster container orchestration engine designed to help users deploy and operate business applications in a multi-cloud environment. With its compatibility with the native Kubernetes API, Karmada can smoothly migrate single-cluster… ⌘ Read more
**Hidden API Endpoints: The Hacker’s Secret Weapon **
I’m a cybersecurity enthusiast and the writer behind The Hacker’s Log — where I break down how real hackers think, find, and exploit…
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ … ⌘ Read more
Week 12— Async API Calls: fetch, Axios, and Promises ⌘ Read more
@zvava@twtxt.net And yes yarnd does have a well documented API and two clients (CLI and unmaintained Flutter App)
PEP 803: Stable ABI for Free-Threaded Builds
Version 3.15 of the Stable ABI will be compatible with both free-threaded and GIL-enabled builds. To allow this, the PyObject internal structure and related APIs will be removed from version 3.15 of the Limited API, requiring migration to new API for common tasks like defining modules and most classes. ⌘ Read more
Gin 框架深度分析
Gin 是一個採用 Go 語言實現的 HTTP web 框架,提供了類似 Martini 的 API,但是性能遠強於 Martini,峯值性能是 Martini 的 40 倍。如果我們的項目需要高性能,毫無疑問採用 Gin。Gin 官網列舉了該項目的 8 個如下關鍵特性:高性能 中間件支持 防崩潰機制 JSON 校驗 路由分組 錯誤管理 內容渲染 示例 D ⌘ Read more
Gin 框架深度分析
Gin 是一個採用 Go 語言實現的 HTTP web 框架,提供了類似 Martini 的 API,但是性能遠強於 Martini,峯值性能是 Martini 的 40 倍。如果我們的項目需要高性能,毫無疑問採用 Gin。Gin 官網列舉了該項目的 8 個如下關鍵特性:高性能 中間件支持 防崩潰機制 JSON 校驗 路由分組 錯誤管理 內容渲染 示例 D ⌘ Read more
↳
In-reply-to
»
This aggressive auto-logout on my bank’s website …
⤋ Read More
@lyse@lyse.isobeef.org Yeah, if there’s no stable API, then it’s not a lot of fun … Bah. :|
↳
In-reply-to
»
This aggressive auto-logout on my bank’s website …
⤋ Read More
@movq@www.uninformativ.de I’d love to have a Python script pushing my local CSV, too. But that’s never gonna fly, not in a thousand years. I can’t imagine that ever becoming reasonably stable without having to fix everything after the reverse-engineered API changes again.
Go 圖形庫: github-com-fogleman-gg
簡介:什麼是 gggg 是由 Fogleman 開發的一個用 Go 編寫的 2D 圖形繪製庫,靈感來源於 Python 的 Cairo 和 Processing 項目。gg 旨在提供簡潔、直觀的 API,以實現圖像繪製、文本渲染、圖形組合等操作,適用於圖像處理、數據可視化、圖像合成等多種用途。適用場景包括:圖像處理(添加水印、標識等) 數據可視化(繪圖、圖表生成) 自定義圖像合成(如生 ⌘ Read more
golang 每日一庫之 go-echarts
go-echarts/go-echarts是一個用 Go 編寫的現代圖表庫,提供了一整套易用的 API 來生成基於 Apache ECharts 的交互式圖表,適合用於數據可視化儀表盤、報表服務、網頁嵌入等應用場景。簡介–GitHub: https://github.com/go-echarts/go-echarts Stars: 6k+ License:MIT 基於:Apac ⌘ Read more
golang 每日一庫之 urfave-negroni
urfave/negroni 是一個輕量級的、可擴展的 Go 中間件庫,專爲構建 HTTP 服務而設計。它的核心理念是中間件棧(Middleware Stack),可以像洋蔥一樣一層層包裹處理請求,非常適合構建具有清晰請求生命週期的 Web 應用或 API。GitHub 地址:https://github.com/urfave/negroni特點–中間件機制清晰簡潔 :支持多箇中間 ⌘ Read more
Of Pointlessware and CEOs
Had a moment, to check up on some of the companies, I stopped following, get to The Browser Company and see their newest product - it’s just Chrome, with an AI chat window pop-up and that’s it. Something Canary Chrome, come with already.
I see Theo from T3.gg, making fun of it on YouTube and promoting “his” product - an AI chat app, where you can choose from multiple models, by all the popular AI companies. Something I already have a worse version of, at work and I don’t even use it.
There’s also an interview, about the future of virtual keyboards, surely this is at least actually a real thing and not more pointless horse shit. I check the website of the keyboard SDK, and it’s around 20 identical apps, that just copy the same keyboard SDK/api and slap chatgpt features on top - in the App Store, these are surrounded by chatgpt clones, that just feed the users prompts, into the real thing and put ads, next to the answers.
使用 Zig 開發 Nodejs 原生模塊
Node-API[1](前身爲 N-API)是 Nodejs 提供的用於構建原生插件的 API。它獨立於底層 JavaScript 運行時(例如 V8),並作爲 Node.js 自身的一部分進行維護。該 API 在不同版本的 Node.js 中具有穩定的應用二進制接口 (ABI)。其目的是使附加組件不受底層 JavaScript 引擎變化的影響,並允許爲一個主要版本編譯的模塊在以後的主要 Node ⌘ Read more
Bypassing HackerOne Report Ban Using API Key
How a Banned Researcher Could Still Submit Reports Using the REST API
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bypassing-hackerone-report-ban-using-api-key-061711e873c6?source=rss—-7b … ⌘ Read more
GitHub Recon: The Underrated Technique to Discover High-Impact Leaks in Bug Bounty
Master the Art of Finding API Keys, Credentials and Sensitive Data in Public Repositories
[Continue re … ⌘ Read more
Genode OS Framework 25.05 released
It’s been 9 years since we disrupted Genode’s API. Back then, we changed the execution model of components, consistently applied the dependency-injection pattern to shun global side effects, and largely removed C-isms like format strings and pointers. These changes ultimately paved the ground for sophisticated systems like Sculpt OS. Since then, we identified several potential areas for further safety improvements, unlocked by the evolution of the C++ core langu … ⌘ Read more
Exploiting Server-Side Parameter Pollution in Query Strings — An API Hacking Tale ⌘ Read more
API 設計的 “Go 境界”:Go 團隊設計 MCP SDK 過程中的取捨與思考
大家好,我是 Tony Bai。作爲開發者,我們每天都在與 API 打交道——調用它們,設計它們,有時也會爲糟糕的 API 設計而頭痛不已。一個優秀的 API,如同一位技藝精湛的嚮導,能清晰、高效地引領我們通往復雜功能的彼岸;而一個蹩腳的 API,則可能像一座佈滿陷阱的迷宮,讓我們步履維艱。那麼,在 Go 語言的世界裏,一個 “好” 的 API 應該是什麼樣子的?它應該如何體現 Go 語言簡潔、高 ⌘ Read more
API 設計的 “Go 境界”:Go 團隊設計 MCP SDK 過程中的取捨與思考
大家好,我是 Tony Bai。作爲開發者,我們每天都在與 API 打交道——調用它們,設計它們,有時也會爲糟糕的 API 設計而頭痛不已。一個優秀的 API,如同一位技藝精湛的嚮導,能清晰、高效地引領我們通往復雜功能的彼岸;而一個蹩腳的 API,則可能像一座佈滿陷阱的迷宮,讓我們步履維艱。那麼,在 Go 語言的世界裏,一個 “好” 的 API 應該是什麼樣子的?它應該如何體現 Go 語言簡潔、高 ⌘ Read more
i switched my bookmarks site from espial (unmaintained project) to linkding, and while i’ll miss espial’s simplicity, i do appreciate linkding’s power and the provided API.
at first i got auth working with my SSO (authelia) and was happy, but i want my public bookmarks available without login… and i couldn’t configure my proxy to make that work, because of issues with sub paths, which sucks. so i switched to linkding’s built-in auth. inconvenient, but worth it to share my bookmarks.
RAG-MCP:突破大模型工具調用瓶頸,告別 Prompt 膨脹
大語言模型(LLM)的浪潮正席捲全球,其強大的自然語言理解、生成和推理能力,爲各行各業帶來了前所未有的機遇。然而,正如我們在之前的探討中多次提及,LLM 並非萬能。它們受限於訓練數據的時效性和範圍,也無法直接與瞬息萬變的外部世界進行實時交互或執行需要特定技能的操作。爲了彌補這些不足,賦予 LLM 調用外部工具(如搜索引擎、數據庫、計算器、各類 API 服務)的能力,成爲了學術界和工業界共同關注的焦 ⌘ Read more
IPinfo Free Geolocation API: Tools, Setup & Use Cases ⌘ Read more
Instagram API Documentation: Key Concepts Explained for Developers ⌘ Read more
Get Geocoding API Key: Step-by-Step Guide for Developers ⌘ Read more
API Key Exposure in NASA GitHub Repository Leads to Unauthorized Access to Academic Data
🔓Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteu … ⌘ Read more
人人都需要一個 HTTP proxy 來 debug
前言介紹了作爲前端工程師如何使用 HTTP proxy 來進行 debug,超越了 DevTools 的限制。今日文章由前端早讀課 @huli 分享。身爲每天都要與網頁打交道的前端工程師,熟悉 DevTools 的使用是相當合理的。每當接 API 出問題時,就按下快捷鍵打開 DevTools,切到 Network 分頁,找到紅色的那一行,右鍵複製成 cURL 粘貼到羣裏面,讓後端自己找找問題。但不 ⌘ Read more
必裝的一些 MCP Server 推薦(程序員篇)
玩 MCP 我是認真的,也寫了好幾篇的實操教程,當然了主要是自己的試用體驗分享。使用過程中發現可以用起來了,甚至可以串起來當作工作流的一環了。今天分享一下關於程序員必備的幾個,試着組合起來,提高自己的效率吧。GitHub MCP Server—————–推薦的理由:GitHub MCP Server 能與 GitHub API 實現無縫集成,爲開發者和工具提供高級的自動化和交 ⌘ Read more
Hackers Love Your APIs: How to Defend Against 2025’s Biggest API Threats ⌘ Read more
Is Your App Protected? The Branch API Vulnerability You Need to Know About
$fallback_url is a helpful feature in Branch’s deep linking system — until someone uses it to redirect your users to phishing … ⌘ Read more
現代 JavaScript 異步寫法:不依賴 await,構建高性能異步系統
在 ES6 + 時代,JavaScript 異步編程經歷了重大變革。雖然async/await語法顯著提升了代碼可讀性,但在某些場景下直接操作 Promise 和利用新特性能帶來更精細的控制。1. Promise 鏈式操作fetch(’https://api.example.com/data’) .then(response = { if (!response.ok) throw ne ⌘ Read more
如何在 Go 中設計並公開接口
Go 語言中的接口(interface)是其最具特色的功能之一。與許多其他語言不同,在 Go 中,類型不需要顯式聲明實現某個接口。只要一個類型定義了接口所需的方法,它就自動實現了該接口。然而,編寫良好的接口並不容易。不恰當地暴露寬泛或不必要的接口,容易污染包的 API。本文將解釋現有接口設計準則背後的邏輯,並結合標準庫中的示例進行說明。「接口越大,抽象越弱」大型接口往往難以找到多個實現類型。因此, ⌘ Read more
如何在 Go 中設計並公開接口
Go 語言中的接口(interface)是其最具特色的功能之一。與許多其他語言不同,在 Go 中,類型不需要顯式聲明實現某個接口。只要一個類型定義了接口所需的方法,它就自動實現了該接口。然而,編寫良好的接口並不容易。不恰當地暴露寬泛或不必要的接口,容易污染包的 API。本文將解釋現有接口設計準則背後的邏輯,並結合標準庫中的示例進行說明。「接口越大,抽象越弱」大型接口往往難以找到多個實現類型。因此, ⌘ Read more