↳
In-reply-to
»
https://alex.party/posts/2025-05-05-the-future-of-web-development-is-ai-get-on-or-get-left-behind/
⤋ Read More
And on a similar note, cross-post from Mastodon:
What I love about HTML and HTTP is that it can degrade rather gracefully on old browsers.
My website isn’t spectacular but I don’t think it looks horrible, either. And it’s still usable just fine all the way down to WfW 3.11:
It’s not perfect, but it’s usable. And that makes me happy. Almost 30 years of compatibilty.
The biggest sacrifice is probably that I don’t enforce TLS and that HTTP 1.0 has no Host: header, so no vhosts (or rather, everything must come from the default vhost). (Yes, some old browsers send Host:, even though they predate HTTP 1.1. Netscape does, but not IBM WebExplorer, for example.)
(On the other hand, it might completely suck on modern mobile devices. Dunno, I barely use those. 🤪)
Beyond Alert Boxes: Exploiting DOM XSS for Full Account Takeover
Hello Hunters, as you all know, XSS is one of the most common web vulnerabilities, often underestimated but capable of causing severe…
[Continue reading on … ⌘ Read more
Hack Any Mobile Phone Remotely
Ethically — but note — this used to work great with phone under android 10
Containers vs Virtual Machines: Key Differences, Benefits, and Use Cases Explained
Discover the difference between containers and virtual machines, their benefits, and use cases to make smarter inf … ⌘ Read more
Threat Profiling 101: How to Create a Threat Profile
Learn how to create effective threat profiles to identify and prioritize relevant cyber threats for your organization.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/th … ⌘ Read more
The Ultimate Guide to Cyber Threat Actors: Exploring Hackers, Hacktivists, and Their Tactics
How can we understand the impact of hackers and hacktivists on global cyberse … ⌘ Read more
$1000 Bounty: Account Takeover via Host Header Injection in Password Reset Flow
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/1000-boun … ⌘ Read more
uv:統一的 Python 包管理
花下貓語:uv 項目自發布起就大受歡迎,目前 Github star 52.6 K,遠超過它的同類競品們。前不久,它的創始人在 X 上披露了一組驚人的數據:uv 曾佔據了 PyPI 超過 20% 的流量,用戶每天通過它發起約 4-5 億次下載請求!我在去年翻譯過 uv 首發時的新聞文章 [1],根據博客後臺不完整的統計,從 Google 搜索進入的訪問量已經超過 3000,妥妥成爲了我博客的搜索訪 ⌘ Read more
🧮 USERS:1 FEEDS:2 TWTS:1332 ARCHIVED:86951 CACHE:2881 FOLLOWERS:22 FOLLOWING:14
(Updated) ESP32-C5-DevKitC-1 with 240MHz RISC-V Processor, Zigbee, and Thread Connectivity
The ESP32-C5-DevKitC-1 is another upcoming entry-level development board designed for IoT applications, featuring the ESP32-C5-WROOM-1 module. This board supports key wireless protocols, including Wi-Fi 6 (2.4 GHz and 5 GHz), Bluetooth LE 5, Zigbee, and Thread. The ESP32-C5-WROOM-1 module is equipped with a 32-bit RISC-V single-core processor running at 240 MHz along … ⌘ Read more
Building Trust with OpenID Federation Trust Chain on Keycloak
OpenID Federation 1.0 provides a framework to build trust between a Relying Party and an OpenID Provider that have no direct relationship so that the Relying Party can send OIDC/OAuth requests to the OpenID Provider without being previously… ⌘ Read more
** Bypassing Regex Validations to Achieve RCE: A Wild Bug Story**
✨Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bypassing-regex-validations-to-achieve-rce-a-wild-bug-story-4c523f69b9f8?sourc … ⌘ Read more
$750 Bounty: Sensitive Data Exposure
When Deep Links Go Deeply Wrong: The Zomato Insecure WebView Story
** I Slashed My Spring Boot Startup Time to 1.8**
When people complain about Spring Boot being slow, it’s not entirely wrong — but it’s often misunderstood. Out of the box, Spring Boot is…
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/i-sl … ⌘ Read more
Stored XSS Led to OAuth App Credential Theft and Info Disclosure
Hello folks,
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/stored-xss-led-to-oauth-app-credential-theft-and-info-disclosure-85545fca3948?sou … ⌘ Read more
Bug Hunting for Real: Tools, Tactics, and Truths No One Talks About
Let’s Skip the “Sign Up on HackerOne” Talk
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bug-hunting-for-real-tools-tactics-and-truths-no … ⌘ Read more
Equifax Breach: How a $700M Mistake Happened
When Trust Crumbled: The Human Toll of a Single Unpatched Server
Secure your Python applications: Best practices for developers
Practical security tips every Python developer should know — from dependency safety to protecting against injection attacks and securing…
[Continue reading on InfoSec Write … ⌘ Read more
6.1.137: longterm
Version:6.1.137 (longterm)Released:2025-05-05Source:linux-6.1.137.tar.xzPGP Signature:linux-6.1.137.tar.signPatch:full ( incremental)ChangeLog:ChangeLog-6.1.137 ⌘ Read more
🧮 USERS:1 FEEDS:2 TWTS:1331 ARCHIVED:86912 CACHE:2874 FOLLOWERS:22 FOLLOWING:14
Happy Birthday Winston. Guess who’s 1 today? ⌘ Read more
morning yarnverse (it’s 1:30pm here i slept in). i’m already bored
The Ultimate Guide to Email Input Field Vulnerability Testing
Real-world methods and payloads for testing email field security
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-ultimate-guide-to-email- … ⌘ Read more
$800 Bounty: Account Takeover in Shopify
A Simple Trick to Steal Creator Accounts? $800 Bounty for Account Takeover
“Low on Space in Kali Linux? Here’s How I Fixed It and Freed Up GBs”
“I was in the middle of a pentesting session when Kali refused to cooperate.”
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/lo … ⌘ Read more
This Simple Domain Hack Is Fooling Millions: Don’t Be Next!
Cybercriminals are using lookalike URLs powered by Punycode to mimic trusted sites and steal your data.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/t … ⌘ Read more
** DevSecOps Phase 1: Planning & Security Requirements Engineering** ⌘ Read more
$3750 Bounty: Account Creation with Invalid Email Addresses
How a Simple Email Validation Flaw Earned a $3,750 Bounty
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/3750-bounty-account-creation-with-invalid-em … ⌘ Read more
How To Set Up Your Ultimate OOB Bug-Hunting Server
Having your own hacking server is one of the most important investments you can make in your bug bounty journey.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-set-up-your-ultimate … ⌘ Read more
🧮 USERS:1 FEEDS:2 TWTS:1330 ARCHIVED:86883 CACHE:2892 FOLLOWERS:22 FOLLOWING:14
How We Fell Out of Love with Next.js and Back in Love with Ruby on Rails & Inertia.js - Hardcover Blog
Comments ⌘ Read more
FreshRSS 1.26.2 ⌘ Read more
FreshRSS 1.26.2 ⌘ Read more
Creating an MCP Server Using Go
1 points posted by Elton Minetto ⌘ Read more
** How I Found Internal Dashboards Using Google Dorks + OSINT**
Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-found-internal-dashboards-using-google-dorks-osint-5f2c9515fcd6?source=rss—-7b7 … ⌘ Read more
Using C++ type aliasing to avoid the ODR problem with conditional compilation, part 1
Comments ⌘ Read more
Beyond the Click: Writing Introductions That Keep Readers Glued to the Page
Got the click? Now keep them reading! Discover the powerful introduction writing secrets top Medium writers use to hook read … ⌘ Read more
Exploiting File Inclusion: From Dot-Dot-Slash to RCE using PHP Sessions, Log Poisoning, and…
Advanced File Inclusion Exploits: Sessions, Log Poisoning & Wrapper Chaining.
… ⌘ Read more
**IDOR Attacks Made Simple: How Hackers Access Unauthorized Data **
IDOR Attacks Made Simple: How Hackers Access Unauthorized Data 🔐
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/idor-attacks-made-simple-h … ⌘ Read more
Why You Can’t Stop Online Scams (Fast Flux Secrets Revealed)
Learn How Fast Flux Helps Cybercriminals Avoid Detection and Keep Their Scams Online
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/why-you-cant-stop-onlin … ⌘ Read more
** Payloads in Plain Sight: How Open Redirect + JavaScript Led to Full Account Takeover **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/payloads-in-plai … ⌘ Read more
Active Storage’s Big Mistake: A $4,323 Lesson in Session Security
How to Install and Deploy Applications on Apache Tomcat Complete Guide
Learn how to install Apache Tomcat on CentOS, explore its directory structure, deploy Java web apps, and optimize your production setup…
[Cont … ⌘ Read more
Mastering Apache Web Server on CentOS: Installation, Configuration, and Virtual Hosts
Learn to install, configure, and manage the Apache web server on CentOS, including virtual hosts and bes … ⌘ Read more