** DevSecOps Phase 2: Code & Commit Stage — Harden the Developer Workflow** ⌘ Read more

slowing working away at my latest code project: learning PHP by recreating the 2000s fandom mainstay known as a fanlisting! it’s been super fun i added a dynamic nav bar and other modifications in the latest commit

fanlistings even to this day rely on old PHP scripts dating back to the early 2000s that need whole ass mySQL or postgres DBs and are incredibly insecure. you can look at them here they’re like super jank lol it’s sad that new fanlistings have to use them because there’s no other options….

@kat@yarn.girlonthemoon.xyz I’ve almost fixed this btw 🤗 Just testing it thoroughly and polihsing the code. In case you’re curious, I do this style of development called “Observability Driven Development” (ODD) whereby I make observations of the system via metrics and internal observations and adjust the system’s overall behavior to the desired outcome 😅

@andros@twtxt.andros.dev I set up a test feed here:

https://www.uninformativ.de/texudus.txt

I made some preliminary adjustments to my client so that it can work with the different threading model. (And I totally get the concerns, this can be quite a bit of work. Especially in a large code base like Yarn.)

OSle: a tiny boot sector operating system
OSle is an incredibly small operating system, coming in at only 510 bytes, so it fits entirely into a boot sector. It runs in real-mode, and is written in assembly. Despite the small size, it has a shell, a read and write file system, process management, and more. It even has its own tiny SDK and some pre-built programs. The code’s available under the MIT license. ⌘ Read more

** The $2500 bug: Remote Code Execution via Supply Chain Attack** ⌘ Read more

How I Earned $8947 bounty for Remote Code Execution via a Hijacked GitHub Module ⌘ Read more

** From JS File to Jackpot: How I Found API Keys and Secrets Hidden in Production Code**

Image

Hey there!😁

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/from-js-file-to- … ⌘ Read more

Update on the Docker DX extension for VS Code
Learn about the latest changes to the Docker DX extension for VS Code, new features for authoring, and what’s coming next to enhance your container workflows. ⌘ Read more

PATH isn’t real on Linux
I have no idea how much relevance this short but informative rundown of how PATH works in Linux has in the real world, but I found it incredibly interesting and enlightening. The basic gist – and I might be wrong, there’s code involved and I’m not very smart – is that Linux itself needs absolute paths to binaries, while shells and programming languages do not. In other words, the Linux kernel does not know about PATH, and any lookup you’re doing comes from either the shell or the pr … ⌘ Read more

Automating code deletion with Gemini (and a little Python)
Comments ⌘ Read more

any recommendations for code blocks eval in markdown plugins? ⌘ Read more

@kat@yarn.girlonthemoon.xyz yes, both the newsletter and the podcast, from time to time.

@prologic@twtxt.net I was not expecting much, but since the list of restaurants near company buildings, was hard coded into it, I did expect it to at least copy the menu text, from the websites, in its database. Ironically, the only restaurant where it got something right, is the only one, where the websites has the text as a transparent PNG, the AI has to convert to text.

Mastering Java Records: The Ultimate Guide to Cleaner, Faster, and Immutable Code

Image

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/mastering-java-records-the … ⌘ Read more

Someone has started to run git pull on one of my repos – once every two minutes. This is a very pointless endeavour. I push new code a couple of times per month.

So far, this isn’t causing any issues. I think this is just a regular human being who misconfigured some automation. And I hope this doesn’t mean that the “AI” bots have finally discovered my page …

I will be adding the code in for yarnd very soon™ for this change, with a if the date is >= 2025-07-01 then compute_new_hashes else compute_old_hashes

@bender@twtxt.net Hehe good sleuthing 🤣 I swear it was an edit ✍️ Haha 😂 yarnd now “sees” both every single time, where-as before it would just obliterate the old Twt, but remain in archive. Now you get to see both 😅 Not sure if that’s a good thing or not, but it certainly makes it much clearer how to write “code logic” for detecting edits and doing something more UX(y) about ‘em 🤔

@lyse@lyse.isobeef.org hey pascal bro! My first coding class was with an old Borland Turbo Pascal. I made my own little window manager for the assignments for class.

The teacher didn’t appreciate it much since I had to print out the code to turn it in. My Yatzee game was a stack of pages. 🤪

How a Single Line Of Code Could Brick Your iPhone
Comments ⌘ Read more

Crucial Wii homebrew library contains code stolen from Nintendo, RTEMS
The Wii homebrew community has been dealt a pretty serious blow, as developers of The Homebrew Channel for the Wii have discovered that not only does an important library most Wii homebrew software rely on use code stolen straight from Nintendo, that same library also uses code taken from an open source real-time operating system without giving proper attribution. Most Wii homebrew software i … ⌘ Read more

AI coding: parallels with the Semiconductor Revolution
Comments ⌘ Read more

Top 5 Open Source Tools to Scan Your Code for Vulnerabilities

Image

These tools help you find security flaws in your code before attackers do.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/top-5-open-source-tools-to-s … ⌘ Read more

inline-python: Inline Python code directly in your Rust code
Comments ⌘ Read more

TacOS: an x86_64 UNIX-like OS from scratch
TacOS is a UNIX-like kernel which is able to run DOOM, among various other smaller userspace programs. It has things like a VFS, scheduler, TempFS, devices, context switching, virtual memory management, physical page frame allocation, and a port of Doom. It runs both on real hardware (tested on my laptop) and in the Qemu emulator. ↫ TacOS GitHub page TacOS – great name – is written in C, and explicitly a hobby and toy project. The code’s licensed … ⌘ Read more

I wrote to the address in the GPLv2 license notice and received the GPLv3 license
Comments ⌘ Read more

Protecting NATS and the integrity of open source: CNCF’s commitment to the community
When a company contributes a project to the Cloud Native Computing Foundation (CNCF), it’s not just sharing code—it’s making a commitment to the open source community. It’s a pledge to uphold open collaboration, shared community ownership,… ⌘ Read more

@aelaraji@aelaraji.com this is REAL VIBE CODING no AI needed

@kat@yarn.girlonthemoon.xyz At least it wasn’t Vibe coding, so just take the win! 😆

Coding as Craft: Going Back to the Old Gym (using vim, specifically) ⌘ Read more

Copilot taking over?
I tried GitHub Copilot (Free) in Visual Studio Code again for some small GoBlog changes. Copilot can now generate tests (although it doesn’t feel intelligent, as you need to correct quite a few things), it can do code reviews before committing and it can generate commit messages. Of course, it can also do code completions and write complete code, if you want it to do so. ⌘ Read more

How to take climate action with your code
There are 60,000+ climate-focused projects on GitHub, explore one this Earth Day!

The post How to take climate action with your code appeared first on The GitHub Blog. ⌘ Read more

Am I the only one that’s confused by the discussions, and then the voting we had on the whole threading model? 🤔 I’m not even sure what I voted for, but I know it wasn’t the one that won haha 🤣 (which I’m still very much against for based on an intuition, experience and lots of code writing lately).

Cracking the code: How to wow the acceptance committee at your next tech event
Want to speak at a tech conference? These four practical tips will help your session proposal stand out—and land you on the stage.

The post Cracking the code: How to wow the acceptance committee at your next tech event appeared fi … ⌘ Read more

** CVSS 10.0 Critical Vulnerability in Erlang/OTP’s SSH: Unauthenticated Remote Code Execution Risk**

Image

A critical security vulnerability (CVE-2025–32433) with a CVSS … ⌘ Read more

@bender@twtxt.net awww thank you :‘))) you all are too nice!!! i really wanted to share how i did this because i think i’m the first person to publicly attempt a production instance of dreamwidth code in docker, so i’m glad i did a good job at documenting it!!!!!!!

4Chan Hack Reveals University Professor Moderators, 10 Million Bans, 10 Year Old Software
Hack of 4Chan was carried out by users of a competing image message board which published 4Chan source code, staff emails, & more. ⌘ Read more

Why is there a “small house” in IBM’s Code Page 437?
There’s a small house ( ⌂ ) in the middle of IBM’s infamous character set Code Page 437. “Small house”—that’s the official IBM name given to the glyph at code position 0x7F, where a control character for “Delete” (DEL) should logically exist. It’s cute, but a little strange. I wonder, how did it get there? Why did IBM represent DEL as a house, of all things? ↫ Heikki Lotvonen Don’t waste any time here, and go read the article. It’ … ⌘ Read more

GitHub for Beginners: Security best practices with GitHub Copilot
Learn how to leverage GitHub Copilot to make your code more secure.

The post GitHub for Beginners: Security best practices with GitHub Copilot appeared first on The GitHub Blog. ⌘ Read more

Elliptical Python programming
One thing I love about Python is how it comes with its very own built-in zen. In moments of tribulations, when I am wrestling with crooked code and tangled thoughts, I often find solace in its timeless wisdom. ↫ Susam Pal I can’t program and know nothing about Python, but this still made me laugh. ⌘ Read more

AI problems, top to bottom:

1: Open AI nerds, believe fine tuning a language model algorithm, will eventually produce an AGI god.

2: Subpar artists and techbros who can’t code, convinced AI image bashing and vibe coding, will help convince the dumber parts of Internet, they are a real deal.

3: Parasites, using AI to scam people, because they just want passive income, selling crap, made by an automated process.

Side: Adobe&co, killing Flash/old web, pricing new artists and developers out, to face learning curves of free tools, or use AI, peddled as solution.

Ignite Realtime Blog: New releases for Tinder and Whack!
The IgniteRealtime community is happy to announce releases for two of its projects! Both are for XMPP-libraries that we produce.

Tinder is a Java based XMPP library, providing an implementation for XMPP stanzas and components. Tinder’s origins lie in code that’s shared between our Openfire and Whack implementations. The implementation that’s provided in Tinder hasn’t been written aga … ⌘ Read more

New Docker Extension for Visual Studio Code
Speed up development with Docker DX extension with real-time feedback, smarter linting, and intuitive Bake/Compose file support in VS Code. ⌘ Read more

vim-code-checker – A vim plugin for reviewing code with open-router and ollama ⌘ Read more

Found means fixed: Reduce security debt at scale with GitHub security campaigns
Starting today, security campaigns are generally available for all GitHub Advanced Security and GitHub Code Security customers—helping organizations take control of their security debt and manage risk by unlocking collaboration between developers and security teams.

The post [Found means fixed: Reduce security debt at scale with GitHub security campaigns](http … ⌘ Read more

Test:

this is a code block
[2025-04-08 17:50:00] with a timestamp in brackets

The end.

I’m so confused. None of this code has changed in yarnd at all. Hmmm 🤔

@prologic@twtxt.net there is a space on the first line on that codeblock. I think this one is the culprit:

pre>code {
    padding:0 .25rem;
}

@bender@twtxt.net It does right 🤣 (no highlights though, will have to figure out how I refactor the display code to support that)

@bender@twtxt.net I was a bit confused at first what that is: Apparently, it’s the source code of Altair BASIC: https://gizmonaut.net/soapflakes/EXE-199711.html

(Of course they have a user agent filter. 😂 Can’t download that PDF with wget.)

How big is VMS?
This question was asked during my Boot Camp presentation last fall in Boston, and over the past 35 years dozens of times people have asked, how big is VMS? That translates into “how many lines of code are in VMS”? I thought it was time to at least make a stab at pursuing some insight into the answer. I wrote some command procedures to count the number of source lines in .B32, .B64, .C, .MAR, .M64, and .S files. Not counted are blank lines and lines beginning with the standard comment characters and m … ⌘ Read more