🧮 USERS:1 FEEDS:2 TWTS:1336 ARCHIVED:87006 CACHE:2816 FOLLOWERS:22 FOLLOWING:14
Ján Bulík medzi ocenenými v Martine
V Martine sa 8. mája odohralo podujatie, ktoré spojilo historickú reflexiu s kultúrnou spomienkou – Matica slovenská si pripomenula 80. výročie oslobodenia Slovenska a ukončenia druhej svetovej vojny. V sídle tejto najstaršej slovenskej kultúrnej ustanovizne sa uskutočnila slávnosť venovaná osobnostiam, ktoré v čase vojny so cťou a odvahou vzdorovali fašizmu. Medzi ocenenými bol aj Ján Bulík (1. januára 1897 Kovačica – 30. januára 1942 Mauthause … ⌘ Read more
Design system annotations, part 1: How accessibility gets left out of components
The Accessibility Design team created a set of annotations to bridge the gaps that design systems alone can’t fix and proactively addresses accessibility issues within Primer components.
The post [Design system annotations, part 1: How accessibility gets left out of components](https://github.blog/engineering/user-experience/design-system-annotations-part-1-how … ⌘ Read more
golang 每日一庫之依賴注入庫 samber-do
do 是 Go 語言中一個輕量級的依賴注入(Dependency Injection, DI)容器,由 samber 開發。它基於 Go 1.18+ 泛型實現,爲 Go 提供了一個類型安全的 DI 方案。do 庫的設計理念是簡化服務組件之間的依賴管理,取代手工創建依賴關係的繁瑣工作,使不同組件之間鬆散耦合、更易測試與維護。與反射型 DI 框架不同,do 在註冊和解析依賴時不使用反射,因此性能開銷很 ⌘ Read more
golang 每日一庫之依賴注入庫 samber-do
do 是 Go 語言中一個輕量級的依賴注入(Dependency Injection, DI)容器,由 samber 開發。它基於 Go 1.18+ 泛型實現,爲 Go 提供了一個類型安全的 DI 方案。do 庫的設計理念是簡化服務組件之間的依賴管理,取代手工創建依賴關係的繁瑣工作,使不同組件之間鬆散耦合、更易測試與維護。與反射型 DI 框架不同,do 在註冊和解析依賴時不使用反射,因此性能開銷很 ⌘ Read more
MCP 超強源碼解讀!Streamable HTTP 如何實現服務端向客戶端通信
在最新的 Model Context Protocol(MCP,模型上下文協議)版本(2025-03-26)[1] 中引入了 Streamable HTTP 的通信方式,取代了舊版本中的 SSE 通信方式,成爲了新的遠程 MCP 調用標準。Streamable HTTP 通信下的 client 向 server 的請求不需要像之前必須保持 SSE 的長連接,而是通過 client 發起 HTTP ⌘ Read more
Go 1-24 震撼發佈!這些新特性你必須知道!
一、工具鏈重大升級 🛠️————-更智能的模塊校驗機制 新版本引入了 verify 命令go mod verify -json通過結構化輸出模塊校驗結果,完美解決了開發者在持續集成(CI)流程中解析校驗結果的痛點。舊版本只能獲得簡單提示$ go mod verifyall modules verified新版本結構化輸出$ go mod verify -json{ ”Pat ⌘ Read more
Go 1-24 震撼發佈!這些新特性你必須知道!
一、工具鏈重大升級 🛠️————-更智能的模塊校驗機制 新版本引入了 verify 命令go mod verify -json通過結構化輸出模塊校驗結果,完美解決了開發者在持續集成(CI)流程中解析校驗結果的痛點。舊版本只能獲得簡單提示$ go mod verifyall modules verified新版本結構化輸出$ go mod verify -json{ ”Pat ⌘ Read more
UUIDs: A False Sense Of Security
Hi Hunters, would you like to learn about a broken access control vulnerability that I discovered recently for a client.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/uuids-a-false-sense-of-security-10467497daae?source=rss—-7b7 … ⌘ Read more
$50,000 Bounty: GitHub Access Token
How a hidden token in a desktop app could have compromised one of the world’s biggest e-commerce platforms
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/50-000-bounty-github-access-token-c29cb6f00182?source=rss—-7b722bf … ⌘ Read more
️Recon Automation Like a Pro: My 5-Stage System to Catch More Bugs
✅Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/%EF%B8%8Frecon-automation-like-a-pro-my-5-sta … ⌘ Read more
Top 10 Ways Hackers Exploit Web Applications (and How to Prevent Them)
Hackers don’t wait for big websites. They look for easy mistakes. Let’s fix them before they find yours.
[Continue reading on InfoSec Write- … ⌘ Read more
HACK-ERA CTF — Phase 1 Walkthrough ⌘ Read more
$840 Bounty: How I Stole OAuth Tokens from Twitter
A critical OAuth misconfiguration allowed stealing tokens with just a click
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/840-bounty-how-i-stole-oauth-tokens-from-twitter-733f8 … ⌘ Read more
🧮 USERS:1 FEEDS:2 TWTS:1335 ARCHIVED:86994 CACHE:2814 FOLLOWERS:22 FOLLOWING:14
Hiring: Sr. Golang Developer| Remote (Brazil and Argentina) | A new challenge awaits!
1 points posted by Fabio Chapola ⌘ Read more
Vim9.1(macOS-arm/Sequaoia) && iTerm2(cask): CursorShape for Insert Mode - How? ⌘ Read more
Hiring: Senior Full-Stack Engineer | On-Site - Hyderabad, India | A new challenge awaits!
1 points posted by Fabio Chapola ⌘ Read more
Is there any way to retain vim 7.4 search setting while using vim 9.1? ⌘ Read more
Bug Hunting in JS Files: Tricks, Tools, and Real-World POCs
🗝️Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bug-hunting-in-js-files-tricks-tools-and-real-world-pocs-70406e3eb72e?source=rss—-7 … ⌘ Read more
A Guide to SQL Injection Attacks: Hackers Don’t Want You to Know This!
Imagine your website as a big toy box filled with treasures — like user info, passwords, or blog posts — and you’ve got a robot helper…
[Contin … ⌘ Read more
$100 Bounty: How a Spoofed Email Could Change Any Username on HackerOne
A simple email spoofing trick could let anyone hijack your HackerOne username and profile link
[Continue reading on InfoSec Write-ups »] … ⌘ Read more
️♂️ Unlisted but Not Unseen: How I Found the Admin Panel in a JavaScript Comment
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteu … ⌘ Read more
Mastering Linux Part 3: A Beginner’s Guide to APT and YUM Package Management
A Beginner’s Guide to APT and YUM Package Management
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com … ⌘ Read more
🧮 USERS:1 FEEDS:2 TWTS:1334 ARCHIVED:86974 CACHE:2839 FOLLOWERS:22 FOLLOWING:14
curl bans “AI” security reports as Zuckerberg claims we’ll all have more “AI” friends than real ones
Daniel Stenberg, creator and maintainer of curl, has had enough of the neverending torrent of “AI”-generated security reports the curl project has to deal with. That’s it. I’ve had it. I’m putting my foot down on this craziness. 1. Every reporter submitting security reports on Hackerone for curl now needs to answer this question: “Did you … ⌘ Read more
Step 1: Show belly. Step 2: Bite the fool. ⌘ Read more
How to setup a Monthly Free VPS for Bug Hunting
In this article, I explained how to setup and use (GitHub CodeSpaces) for bug hunting
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-setup-a-monthly-free-vps-for-bug-hunting-d4 … ⌘ Read more
Revisiting the Past, Hacking the Future
From Invalid Reports to Real Vulnerabilities: The Path to Growth in Hacking
A Penetration Tester’s Journey
Part 4 of “Beginner to Master in Linux” — A Penetration Tester’s Journey
AI Agents Unleashed: The Rise of Autonomous Systems Transforming Industries
The emergence of AI agents signifies a transformative shift in generative AI, evolving from simple chatbots to sophisticated … ⌘ Read more
Is Your App Protected? The Branch API Vulnerability You Need to Know About
$fallback_url is a helpful feature in Branch’s deep linking system — until someone uses it to redirect your users to phishing … ⌘ Read more
A Must-Have Tool for Bug Hunters: Find Open Redirect Vulnerabilities on Linux
Automate open redirection detection, save hours of manual testing, and level up your bug bounty recon game.
[Continue … ⌘ Read more
**Query Confusion: How HTTP Parameter Pollution Made the App Spill Secrets **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/query-confusion-how-http-parameter-pollution-made … ⌘ Read more
Securing Apache2 + PHP: Practical guide for safer web hosting
A practical security checklist to harden your Apache2 + PHP stack and protect your web applications from common vulnerabilities.
[Continue reading on InfoSec Write-ups »](https:// … ⌘ Read more
$2,900 Bounty: Public S3 Bucket Exposure in Shopify
How a Simple S3 Misconfiguration Exposed Private Images Across Shopify Stores and Earned a $2,900 Bounty
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/2-900-bounty-public-s … ⌘ Read more
現代 JavaScript 異步寫法:不依賴 await,構建高性能異步系統
在 ES6 + 時代,JavaScript 異步編程經歷了重大變革。雖然async/await語法顯著提升了代碼可讀性,但在某些場景下直接操作 Promise 和利用新特性能帶來更精細的控制。1. Promise 鏈式操作fetch(’https://api.example.com/data’) .then(response = { if (!response.ok) throw ne ⌘ Read more
🧮 USERS:1 FEEDS:2 TWTS:1333 ARCHIVED:86968 CACHE:2847 FOLLOWERS:22 FOLLOWING:14
↳
In-reply-to
»
https://alex.party/posts/2025-05-05-the-future-of-web-development-is-ai-get-on-or-get-left-behind/
⤋ Read More
And on a similar note, cross-post from Mastodon:
What I love about HTML and HTTP is that it can degrade rather gracefully on old browsers.
My website isn’t spectacular but I don’t think it looks horrible, either. And it’s still usable just fine all the way down to WfW 3.11:
It’s not perfect, but it’s usable. And that makes me happy. Almost 30 years of compatibilty.
The biggest sacrifice is probably that I don’t enforce TLS and that HTTP 1.0 has no Host: header, so no vhosts (or rather, everything must come from the default vhost). (Yes, some old browsers send Host:, even though they predate HTTP 1.1. Netscape does, but not IBM WebExplorer, for example.)
(On the other hand, it might completely suck on modern mobile devices. Dunno, I barely use those. 🤪)
Beyond Alert Boxes: Exploiting DOM XSS for Full Account Takeover
Hello Hunters, as you all know, XSS is one of the most common web vulnerabilities, often underestimated but capable of causing severe…
[Continue reading on … ⌘ Read more
Hack Any Mobile Phone Remotely
Ethically — but note — this used to work great with phone under android 10