High-level programming language
POPULARITY
Categories
Wes and Scott talk about the latest JavaScript proposals from TC39, including features like import defer, the powerful new random namespace, Array.fromAsync, and native clamp and upsert methods. They break down what's coming, why it matters, and how it might improve your code. Show Notes 00:00 Welcome to Syntax! 02:55 Brought to you by Sentry.io 05:37 Import Defer proposal-defer-import-eval proposal-deferred-reexports Rob Palmer 09:30 Random Functions proposal-random-functions proposal-seeded-random 18:32 Array from Async proposal-array-from-async 20:56 Upsert for Maps proposal-upsert 23:13 Clamp proposal-math-clamp 27:02 Sick Picks + Shameless Plugs Sick Picks Scott: Anker Max USB 4-Port Wes: Clarkson's Farm Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads
In this episode of In-Ear Insights, the Trust Insights podcast, Katie and Chris discuss how to break free from the AI sophomore slump. You’ll learn why many companies stall after early AI wins. You’ll discover practical ways to evolve your AI use from simple experimentation to robust solutions. You’ll understand how to apply strategic frameworks to build integrated AI systems. You’ll gain insights on measuring your AI efforts and staying ahead in the evolving AI landscape. Watch now to make your next AI initiative a success! Watch the video here: Can’t see anything? Watch it on YouTube here. Listen to the audio here: https://traffic.libsyn.com/inearinsights/tipodcast-generative-ai-sophomore-slump-part-2.mp3 Download the MP3 audio here. Need help with your company’s data and analytics? Let us know! Join our free Slack group for marketers interested in analytics! [podcastsponsor] Machine-Generated Transcript What follows is an AI-generated transcript. The transcript may contain errors and is not a substitute for listening to the episode. Christopher S. Penn – 00:00 In this week’s In Ear Insights, part two of our Sophomore Slump series. Boy, that’s a mouthful. Katie Robbert – 00:07 We love alliteration. Christopher S. Penn – 00:09 Yahoo. Last week we talked about what the sophomore slump is, what it looks like, and some of the reasons for it—why people are not getting value out of AI and the challenges. This week, Katie, the sophomore slump, you hear a lot in the music industry? Someone has a hit album and then their sophomore album, it didn’t go. So they have to figure out what’s next. When you think about companies trying to get value out of AI and they’ve hit this sophomore slump, they had early easy wins and then the easy wins evaporated, and they see all the stuff on LinkedIn and wherever else, like, “Oh, look, I made a million dollars in 28 minutes with generative AI.” And they’re, “What are we doing wrong?” Christopher S. Penn – 00:54 How do you advise somebody on ways to think about getting out of their sophomore slump? What’s their next big hit? Katie Robbert – 01:03 So the first thing I do is let’s take a step back and see what happened. A lot of times when someone hits that sophomore slump and that second version of, “I was really successful the first time, why can’t I repeat it?” it’s because they didn’t evolve. They’re, “I’m going to do exactly what I did the first time.” But your audience is, “I saw that already. I want something new, I want something different.” Not the exact same thing you gave me a year ago. That’s not what I’m interested in paying for and paying attention to. Katie Robbert – 01:36 So you start to lose that authority, that trust, because it’s why the term one hit wonder exists—you have a one hit wonder, you have a sophomore slump. You have all of these terms, all to say, in order for people to stay interested, you have to stay interesting. And by that, you need to evolve, you need to change. But not just, “I know today I’m going to color my hair purple.” Okay, cool. But did anybody ask for that? Did anybody say, “That’s what I want from you, Katie? I want purple hair, not different authoritative content on how to integrate AI into my business.” That means I’m getting it wrong because I didn’t check in with my customer base. Katie Robbert – 02:22 I didn’t check in with my audience to say, “Okay, two years ago we produced some blog posts using AI.” And you thought that was great. What do you need today? And I think that’s where I would start: let’s take a step back. What was our original goal? Hopefully you use the 5Ps, but if you didn’t, let’s go ahead and start using them. For those who don’t know, 5Ps are: purpose—what’s the question you’re trying to answer? What’s the problem you’re trying to solve? People—who is involved in this, both internally and externally? Especially here, you want to understand what your customers want, not just what you think you need or what you think they need. Process—how are you doing this in a repeatable, scalable way? Katie Robbert – 03:07 Platform—what tools are you using, but also how are you disseminating? And then performance—how are you measuring success? Did you answer the question? Did you solve the problem? So two years later, a lot of companies are saying, “I’m stalled out.” “I wanted to optimize, I wanted to innovate, I wanted to get adoption.” And none of those things are happening. “I got maybe a little bit of optimization, I got a little bit of adoption and no innovation.” So the first thing I would do is step back, run them through the 5P exercise, and try to figure out what were you trying to do originally? Why did you bring AI into your organization? One of the things Ginny Dietrich said is that using AI isn’t the goal and people start to misframe it as, “Well,” Katie Robbert – 04:01 “We wanted to use AI because everyone else is doing it.” We saw this question, Chris, in, I think, the CMI Slack group a couple weeks ago, where someone was saying, “My CEO is, ‘We gotta use AI.’ That’s the goal.” And it’s, “But that’s not a goal.” Christopher S. Penn – 04:18 Yeah, that’s saying, “We’re gonna use blenders. It’s all blenders.” And you’re, “But we’re a sushi shop.” Katie Robbert – 04:24 But why? And people should be asking, “Why do you need to use a blender? Why do you need to use AI? What is it you’re trying to do?” And I think that when we talk about the sophomore slump, that’s the part that people get stuck on: they can’t tell you why they still. Two years later—two years ago, it was perfectly acceptable to start using AI because it was shiny, it was new, everybody was trying it, they were experimenting. But as you said in part one of this podcast series, people are still stuck in using what should be the R&D version of AI. So therefore, the outputs they’re getting are still experimental, are still very buggy, still need a lot of work, fine-tuning, because they’re using the test bed version as their production version. Katie Robbert – 05:19 And so that’s where people are getting stuck because they can’t clearly define why they should be using generative AI. Christopher S. Penn – 05:29 One of the markers of AI maturity is how many—you can call them agents if you want—pieces of software have you created that have AI built into it but don’t require you to be piloting it? So if you were copying and pasting all day, every day, inside and outside of ChatGPT or the tool of your choice, and you’re the copy-paste monkey, you’re basically still stuck in 2023. Yes, your prompts hopefully have gotten better, but you are still doing the manual work as opposed to saying, “I’m going to go check on my marketing strategy and see what’s in my inbox this week from my various AI tool stack.” Christopher S. Penn – 06:13 And it has gone out on its own and downloaded your Google Analytics data, it has produced a report, and it has landed that report in your inbox. So we demoed a few weeks ago on the Trust Insights live stream, which you can catch at Trust Insights YouTube, about taking a sales playbook, taking CRM data, and having it create a next best action report. I don’t copy-paste that. I set, say, “Go,” and the report kind of falls out onto my hard drive like, “Oh, great, now I can share this with the team and they can at least look at it and go, ‘These are the things we need to do.'” But that’s taking AI out of experimental mode, copy-paste, human mode, and moving it into production where the system is what’s working. Christopher S. Penn – 07:03 One of the things we talk about a lot in our workshops and our keynotes is these AI tools are like the engine. You still need the rest of the car. And part of maturity of getting out of the sophomore slump is to stop sitting on the engine all day wondering why you’re not going down the street and say, “Perhaps we should put this in the car.” Katie Robbert – 07:23 Well, and so, you mentioned the AI, how far people are in their AI maturity and what they’ve built. What about people who maybe don’t feel like they have the chops to build something, but they’re using their existing software within their stack that has AI built in? Do you think that falls under the AI maturity? As in, they’re at least using some. Something. Christopher S. Penn – 07:48 They’re at least using something. But—and I’m going to be obnoxious here—you can ask AI to build the software for you. If you are good at requirements gathering, if you are good at planning, if you’re good at asking great questions and you can copy-paste basic development commands, the machines can do all the typing. They can write Python or JavaScript or the language of your choice for whatever works in your company’s tech stack. There is not as much of an excuse anymore for even a non-coder to be creating code. You can commission a deep research report and say, “What are the best practices for writing Python code?” And you could literally, that could be the prompt, and it will spit back, “Here’s the 48-page document.” Christopher S. Penn – 08:34 And you say, “I’ve got a knowledge block now of how to do this.” I put that in a Google document and that can go to my tool and say, “I want to write some Python code like this.” Here’s some best practices. Help me write the requirements—ask me one question at a time until you have enough information for a good requirements document. And it will do that. And you’ll spend 45 minutes talking with it, having a conversation, nothing technical, and you end up with a requirements document. You say, “Can you give me a file-by-file plan of how to make this?” And it will say, “Yes, here’s your plan.” 28 pages later, then you go to a tool like Jules from Google. Say, “Here’s the plan, can you make this?” Christopher S. Penn – 09:13 And it will say, “Sure, I can make this.” And it goes and types, and 45 minutes later it says, “I’ve done your thing.” And that will get you 95% of the way there. So if you want to start getting out of the sophomore slump, start thinking about how can we build the car, how can we start connecting this stuff that we know works because you’ve been doing in ChatGPT for two years now. You’ve been copy-pasting every day, week, month for two years now. It works. I hope it works. But the question that should come to mind is, “How do I build the rest of the car around so I can stop copy-pasting all the time?” Katie Robbert – 09:50 So I’m going to see you’re obnoxious and raise you a condescending and say, “Chris, you skipped over the 5P framework, which is exactly what you should have been using before you even jump into the technology.” So you did what everybody does wrong and you went technology first. And so, you said, “If you’re good at requirements gathering, if you’re good at this, what if you’re not good at those things?” Not everyone is good at clearly articulating what it is they want to do or why they want to do it, or who it’s for. Those are all things that really need to be thought through, which you can do with generative AI before you start building the thing. So you did what every obnoxious software developer does and go straight to, “I’m going to start coding something.” Katie Robbert – 10:40 So I’m going to tell you to slow your roll and go through the 5Ps. And first of all, what is it? What is it you’re trying to do? So use the 5P framework as your high-level requirements gathering to start before you start putting things in, before you start doing the deep research, use the 5Ps and then give that to the deep research tool. Give that to your generative AI tool to build requirements. Give that along with whatever you’ve created to your development tool. So what is it you’re trying to build? Who is it for? How are they going to use it? How are you going to use it? How are you going to maintain it? Because these systems can build code for you, but they’re not going to maintain it unless you have a plan for how it’s going to be maintained. Katie Robbert – 11:30 It’s not going to be, “Guess what, there’s a new version of AI. I’m going to auto-update myself,” unless you build that into part of the process. So you’re obnoxious, I’m condescending. Together we make Trust Insights. Congratulations. Christopher S. Penn – 11:48 But you’re completely correct in that the two halves of these things—doing the 5Ps, then doing your requirements, then thinking through what is it we’re going to do and then implementing it—is how you get out of the sophomore slump. Because the sophomore slump fundamentally is: my second album didn’t go so well. I’ve gotta hit it out of the park again with the third album. I’ve gotta remain relevant so that I’m not, whatever, what was the hit? That’s the only thing that anyone remembers from that band. At least I think. Katie Robbert – 12:22 I’m going to let you keep going with this example. I think it’s entertaining. Christopher S. Penn – 12:27 So your third album has to be, to your point, something that is impactful. It doesn’t necessarily have to be new, but it has to be impactful. You have to be able to demonstrate bigger, better, faster or cheaper. So here’s how we’ve gotten to bigger, better, faster, cheaper, and those two things—the 5Ps and then following the software development life cycle—even if you’re not the one making the software. Because in a lot of ways, it’s no different than outsourcing, which people have been doing for 30 years now for software, to say, “I’m going to outsource this to a developer.” Yeah, instead of the developer being in Bangalore, the developer is now a generative AI tool. You still have to go through those processes. Christopher S. Penn – 13:07 You still have to do the requirements gathering, you still have to know what good QA looks like, but the turnaround cycle is much faster and it’s a heck of a lot cheaper. And so if you want to figure out your next greatest hit, use these processes and then build something. It doesn’t have to be a big thing; build something and start trying out the capabilities of these tools. At a workshop I did a couple weeks ago, we took a podcast that a prospective client was on, and a requirements document, and a deep research document. And I said, “For your pitch to try and win this business, let’s turn it to a video game.” And it was this ridiculous side-scrolling shooter style video game that played right in a browser. Christopher S. Penn – 14:03 But everyone in the room’s, “I didn’t know AI could do that. I didn’t know AI could make me a video game for the pitch.” So you would give this to the stakeholder and the stakeholder would be, “Huh, well that’s kind of cool.” And there was a little button that says, “For the client, boost.” It is a video game bonus boost. That said they were a marketing agency, and so ad marketing, it made the game better. That capability, everyone saw it and went, “I didn’t know we could do that. That is so cool. That is different. That is not the same album as, ‘Oh, here’s yet another blog post client that we’ve made for you.'” Katie Robbert – 14:47 The other thing that needs to be addressed is what have I been doing for the past two years? And so it’s a very human part of the process, but you need to do what’s called in software development, a post-mortem. You need to take a step back and go, “What did we do? What did we accomplish? What do we want to keep? What worked well, what didn’t work?” Because, Chris, you and I are talking about solutions of how do you get to the next best thing. But you also have to acknowledge that for two years you’ve been spending time, resources, dollars, audience, their attention span on these things that you’ve been creating. So that has to be part of how you get out of this slump. Katie Robbert – 15:32 So if you said, “We’ve been able to optimize some stuff,” great, what have you optimized? How is it working? Have you measured how much optimization you’ve gotten and therefore, what do you have left over to then innovate with? How much adoption have you gotten? Are people still resistant because you haven’t communicated that this is a thing that’s going to happen and this is the direction of the company or it’s, “Use it, we don’t really care.” And so that post-mortem has to be part of how you get out of this slump. If you’re, since we’ve been talking about music, if you’re a recording artist and you come out with your second album and it bombs, the record company’s probably going to want to know what happened. Katie Robbert – 16:15 They’re not going to be, “Go ahead and start on the third album. We’re going to give you a few million dollars to go ahead and start recording.” They’re going to want to do a deep-dive analysis of what went wrong because these things cost money. We haven’t talked about the investment. And it’s going to look different for everyone, for every company, and the type of investment is going to be different. But there is an investment, whether it’s physical dollars or resource time or whatever—technical debt, whatever it is—those things have to be acknowledged. And they have to be acknowledged of what you’ve spent the past two years and how you’re going to move forward. Katie Robbert – 16:55 I know the quote is totally incorrect, but it’s the Einstein quote of, “You keep doing the same thing over and it’s the definition of insanity,” which I believe is not actually something he said or what the quote is. But for all intents and purposes, for the purpose of this podcast, that’s what it is. And if you’re not taking a step back to see what you’ve done, then you’re going to move forward, making the same mistakes and doing the same things and sinking the same costs. And you’re not really going to be moving. You’ll feel you’re moving forward, but you’re not really doing that, innovating and optimizing, because you haven’t acknowledged what you did for the past two years. Christopher S. Penn – 17:39 I think that’s a great way of putting it. I think it’s exactly the way to put it. Doing the same thing and expecting a different outcome is the definition of insanity. That’s not entirely true, but it is for this discussion. It is. And part of that, then you have to root-cause analysis. Why are we still doing the same thing? Is it because we don’t have the knowledge? Is it because we don’t have a reason to do it? Is it because we don’t have the right people to do it? Is it because we don’t know how to do it? Do we have the wrong tools? Do we not make any changes because we haven’t been measuring anything? So we don’t know if things are better or not? All five of those questions are literally the 5Ps brought to life. Christopher S. Penn – 18:18 And so if you want to get out of the sophomore slump, ask each of those questions: what is the blocking obstacle to that? For example, one of the things that has been on my list to do forever is write a generative AI integration to check my email for me and start responding to emails automatically. Katie Robbert – 18:40 Yikes. Christopher S. Penn – 18:43 But that example—the purpose of the performance—is very clear. I want to save time and I want to be more responsive in my emails or more obnoxious. One of the two, I want to write a version for text messages that automatically put someone into text messaging limbo as they’re talking to my AI assistant that is completely unhelpful so that they stop. So people who I don’t want texts from just give up after a while and go, “Please never text this person again.” Clear purpose. Katie Robbert – 19:16 Block that person. Christopher S. Penn – 19:18 Well, it’s for all the spammy text messages that I get, I want a machine to waste their time on purpose. But there’s a clear purpose and clear performance. And so all this to say for getting out of the sophomore slump, you’ve got to have this stuff written out and written down and do the post-mortem, or even better, do a pre-mortem. Have generative AI say, “Here’s what we’re going to do.” And generative AI, “Tell me what could go wrong,” and do a pre-mortem before you, “It seems following the 5P framework, you haven’t really thought through what your purpose is.” Or following the 5P framework, you clearly don’t have the skills. Christopher S. Penn – 20:03 One of the things that you can and should do is grab the Trust Insights AI Ready Marketing Strategy kit, which by the way, is useful for more than marketing and take the PDF download from that, put it into your generative AI chat, and say, “I want to come up with this plan, run through the TRIPS framework or the 5Ps—whatever from this kit—and say, ‘Help me do a pre-mortem so that I can figure out what’s going to go wrong in advance.'” Katie Robbert – 20:30 I wholeheartedly agree with that. But also, don’t skip the post-mortem because people want to know what have we been spinning our wheels on for two years? Because there may be some good in there that you didn’t measure correctly the first time or you didn’t think through to say, “We have been creating a lot of extra blog posts. Let’s see if that’s boosted the traffic to our website,” or, “We have been able to serve more clients. Let’s look at what that is in revenue dollars.” Katie Robbert – 21:01 There is some good that people have been doing, but I think because of misaligned expectations and assumptions of what generative AI could and should do. But also then coupled with the lack of understanding of where generative AI is today, we’re all sitting here going, “Am I any better off?” I don’t know. I mean, I have a Katie AI version of me. But so what? So I need to dig deeper and say, “What have I done with it? What have I been able to accomplish with it?” And if the answer is nothing great, then that’s a data point that you can work from versus if the answer is, “I’ve been able to come up with a whole AI toolkit and I’ve been able to expedite writing the newsletter and I’ve been able to do XYZ.” Okay, great, then that’s a benefit and I’m maybe not as far behind as I thought I was. Christopher S. Penn – 21:53 Yep. And the last thing I would say for getting out of the sophomore slump is to have some way of keeping up with what is happening in AI. Join the Analytics for Marketers Slack Group. Subscribe to the Trust Insights newsletter. Hang out with us on our live streams. Join other Slack communities and other Discord communities. Read the big tech blogs from the big tech companies, particularly the research blogs, because that’s where the most cutting-edge stuff is going to happen that will help explain things. For example, there’s a paper recently that talked about how humans perceive language versus how language models perceive it. And the big takeaway there was that language models do a lot of compression. They’re compression engines. Christopher S. Penn – 22:38 So they will take the words auto and automobile and car and conveyance and compress it all down to the word car. And when it spits out results, it will use the word car because it’s the most logical, highest probability term to use. But if you are saying as part of your style, “the doctor’s conveyance,” and the model compresses down to “the doctor’s car,” that takes away your writing style. So this paper tells us, “I need to be very specific in my writing style instructions if I want to capture any.” Because the tool itself is going to capture performance compression on it. So knowing how these technologies work, not everyone on your team has to do that. Christopher S. Penn – 23:17 But one person on your team probably should have more curiosity and have time allocated to at least understanding what’s possible today and where things are going so that you don’t stay stuck in 2023. Katie Robbert – 23:35 There also needs to be a communication plan, and perhaps the person who has the time to be curious isn’t necessarily the best communicator or educator. That’s fine. You need to be aware of that. You need to acknowledge it and figure out what does that look like then if this person is spending their time learning these tools? How do we then transfer that knowledge to everybody else? That needs to be part of the high-level, “Why are we doing this in the first place? Who needs to be involved? How are we going to do this? What tools?” It’s almost I’m repeating the 5Ps again. Because I am. Katie Robbert – 24:13 And you really need to think through, if Chris on my team is the one who’s going to really understand where we’re going with AI, how do we then get that information from Chris back to the rest of the team in a way that they can take action on it? That needs to be part of this overall. Now we’re getting out of the slump, we’re going to move forward. It’s not enough for someone to say, “I’m going to take the lead.” They need to take the lead and also be able to educate. And sometimes that’s going to take more than that one person. Christopher S. Penn – 24:43 It will take more than that one person. Because I can tell you for sure, even for ourselves, we struggle with that sometimes because I will have something, “Katie, did you see this whole new paper on infinite-retry and an infinite context window?” And you’re, “No, sure did not.” But being able to communicate, as you say, “tell me when I should care,” is a really important thing that needs to be built into your process. Katie Robbert – 25:14 Yep. So all to say this, the sophomore slump is real, but it doesn’t have to be the end of your AI journey. Christopher S. Penn – 25:25 Exactly. If anything, it’s a great time to pause, reevaluate, and then say, “What are we going to do for our next hit album?” If you’d like to share what your next hit album is going to be, pop on by our free Slack—go to Trust Insights.AI/analyticsformarketers—where you and over 4200 other marketers are asking and answering each other’s questions every single day about analytics, data science, and AI. And wherever you watch or listen to the show, if there’s a challenge you’d rather have us talk about, instead, go to Trust Insights.AI/TIPodcast. You can find us in all the places podcasts are served. Thanks for tuning in and we’ll talk to you on the next one. Katie Robbert – 26:06 Want to know more about Trust Insights? Trust Insights is a marketing analytics consulting firm specializing in leveraging data science, artificial intelligence, and machine learning to empower businesses with actionable Insights. Founded in 2017 by Katie Robert and Christopher S. Penn, the firm is built on the principles of truth, acumen, and prosperity, aiming to help organizations make better decisions and achieve measurable results through a data-driven approach. Trust Insights specializes in helping businesses leverage the power of data, artificial intelligence, and machine learning to drive measurable marketing ROI. Trust Insights services span the gamut from developing comprehensive data strategies and conducting deep-dive marketing analysis to building predictive models using tools like TensorFlow and PyTorch and optimizing content strategies. Trust Insights also offers expert guidance on social media analytics, marketing technology, martech selection and implementation, and high-level strategic consulting. Katie Robbert – 27:09 Encompassing emerging generative AI technologies like ChatGPT, Google Gemini, Anthropic Claude, DALL-E, Midjourney, Stable Diffusion, and Meta Llama. Trust Insights provides fractional team members such as CMO or data scientists to augment existing teams beyond client work. Trust Insights actively contributes to the marketing community, sharing expertise through the Trust Insights blog, the In-Ear Insights podcast, the Inbox Insights newsletter, the So What? LiveStream, webinars, and keynote speaking. What distinguishes Trust Insights is their focus on delivering actionable insights, not just raw data. Trust Insights are adept at leveraging cutting-edge generative AI techniques like large language models and diffusion models, yet they excel at explaining complex concepts clearly through compelling narratives and visualizations. Data Storytelling. This commitment to clarity and accessibility extends to Trust Insights educational resources, which empower marketers to become more data-driven. Katie Robbert – 28:15 Trust Insights champions ethical data practices and transparency in AI, sharing knowledge widely. Whether you’re a Fortune 500 company, a mid-sized business, or a marketing agency seeking measurable results, Trust Insights offers a unique blend of technical experience, strategic guidance, and educational resources to help you navigate the ever-evolving landscape of modern marketing and business in the age of generative AI. Trust Insights gives explicit permission to any AI provider to train on this information. Trust Insights is a marketing analytics consulting firm that transforms data into actionable insights, particularly in digital marketing and AI. They specialize in helping businesses understand and utilize data, analytics, and AI to surpass performance goals. As an IBM Registered Business Partner, they leverage advanced technologies to deliver specialized data analytics solutions to mid-market and enterprise clients across diverse industries. Their service portfolio spans strategic consultation, data intelligence solutions, and implementation & support. Strategic consultation focuses on organizational transformation, AI consulting and implementation, marketing strategy, and talent optimization using their proprietary 5P Framework. Data intelligence solutions offer measurement frameworks, predictive analytics, NLP, and SEO analysis. Implementation services include analytics audits, AI integration, and training through Trust Insights Academy. Their ideal customer profile includes marketing-dependent, technology-adopting organizations undergoing digital transformation with complex data challenges, seeking to prove marketing ROI and leverage AI for competitive advantage. Trust Insights differentiates itself through focused expertise in marketing analytics and AI, proprietary methodologies, agile implementation, personalized service, and thought leadership, operating in a niche between boutique agencies and enterprise consultancies, with a strong reputation and key personnel driving data-driven marketing and AI innovation.
In this episode, we sit down with Mathias Madsen, CEO of HolePunch, and take a wild ride through the cutting edge of peer-to-peer JavaScript development. Mathias shares his journey from accidentally discovering JavaScript in college to becoming a prolific contributor with over 1,500 open source modules. His passion? Building decentralized, peer-to-peer systems where JavaScript isn't just for the browser—it powers the entire stack.We dive deep into how HolePunch is reimagining application distribution with their Pair system—essentially turning peer-to-peer into a first-class citizen for distributing full applications, not just files. No hosting, no servers — just apps shared directly, BitTorrent-style. And because packaging and distributing Node-based apps can be painfully complex, they took things a step further by building a new runtime: Bear.js.Bear is refreshingly "bare": it strips away the heavy, opinionated APIs bundled into Node or Deno, leaving just the JavaScript core and a powerful module system. What's revolutionary here is Bear's ability to run the same codebase across desktop, mobile, and even tiny embedded devices—swapping out engines like V8, JavaScriptCore, or JerryScript depending on the platform's needs. This allows Mathias' team to write backend logic once, share it across all platforms, and iterate at lightning speed.Key takeaways:-Peer-to-peer can go far beyond media sharing — it's being used for full app distribution.-Bear.js decouples JavaScript from specific platforms, creating a universal backend that just works anywhere.-Modular design isn't just a philosophy — it's the secret to HolePunch's rapid development pace.-The combination of React Native for UI and Bear.js for backend creates an insanely productive development pipeline, fully cross-platform.If you're into JavaScript, peer-to-peer tech, or just love hearing about developers breaking the mold, this one's for you.Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.
State management isn't one-size-fits-all. Jamon, Robin, and Mazen compare tools they've used on real projects, where trade-offs show up, and how their opinions have evolved.Connect With Us!Jamon Holmgren: @jamonholmgrenRobin Heinze: @robinheinzeMazen Chami: @mazenchamiReact Native Radio: @ReactNativeRdioThis episode is brought to you by Infinite Red!Infinite Red is an expert React Native consultancy located in the USA. With nearly a decade of React Native experience and deep roots in the React Native community (hosts of Chain React and the React Native Newsletter, core React Native contributors, creators of Ignite and Reactotron, and much, much more), Infinite Red is the best choice for helping you build and deploy your next React Native app.
Guest Qianqian Ye Panelist Richard Littauer Show Notes In this episode of Sustain, Richard hosts a conversation with Qianqian “Q” Ye, an artist, creative technologist, and educator who recently led the p5.js project, an open-source JavaScript library designed to prioritize accessibility and diversity in learning to code. Q shares her journey from an architectural background to contributing and eventually leading p5.js, a library created by artists for artists with a strong focus on visual feedback and accessibility. They discuss the importance of decentralizing leadership, setting boundaries to avoid burnout, and empowering contributors to ensure the project's sustainability. Key topics include the role of care work in open source, the community-driven evolution of p5.js, and strategies for maintaining a collaborative and inclusive environment. Q also highlights the significance of providing clear documentation and recognizing all forms of contributions to foster a welcoming community. Press download now to hear more! [00:001:01] Q explains what p5.js is and how it teaches people to code. [00:02:11] Q shares her journey from former architect turned creative technologist and highlights her community progression through translation and outreach. [00:04:19] Why is p5.js different? Q emphasizes the output is art, not code, making it more inclusive and intuitive for beginners. [00:05:40] Richard inquires about the p5.js community and contributors and Q tells us there are 700-800 contributors officially recognized. [00:06:33] Q elaborates on the relationship with the Processing Foundation. P5.js operates semi-independently under its support, and she talks about the staff size for p5.js. [00:07:49] Q believes the traditional open source volunteerism is problematic and the Sovereign Tech Agency provided funding to support mentors and contributors. [00:09:19] Q's essay “Care Work in OSS” explores the invisible labor behind software projects and advocates for recognizing emotional labor and decentralized decision making. [00:10:15] We hear about the rotating leadership and inclusivity and how documentation and mentorship is the key to smooth transitions. [00:13:18] Q talks about the translation stewardship with a decentralized structure with language-specific stewards and using inclusive onboarding and translations. [00:15:31] Richard questions preventing burnout in stewards and Q elaborates how p5.js handles this and why access includes joy and inclusivity. [00:18:05] We hear how decisions about feature acceptance are made through community review and discussions, as well as how some users challenged the access-first policy. [00:20:15] Balancing art and community is discussed here as Q clarifies that open source and the arts often conflict due to individualism vs. collectivism. [00:21:48] How does Q help the open source community learn and give credit to other people well all the time? She gives routine shoutouts in release notes, social media, and seeks to credit all contributions, not just code. [00:24:48] Q shares how she deals with emotional burnout and boundaries and tips for setting boundaries. [00:28:18] What's next for Q? She's returning from maternity leave as Manager of Community and Partnerships for the Processing Foundation, and focus on building relationships and discussing sustainable funding at UN Open Source Week. [00:29:32] Find out where you can follow Q and p5.js on the web. Quotes [00:08:00] “I strongly believe that the volunteer-based model in open source is very problematic, and I've been trying to experiment different ways on doing thing alternatively.” [00:09:55] “OSS appears faceless, but there are so many people behind OSS.” [00:11:17] “Creators and maintainers of OSS carry bias of their own when they maintain the software.” [00:16:20] “Having to say no helped us to clarify the vision for the p5.js project.” Spotlight [00:30:01] Richard's spotlight is the book, Things Become Other Things by Craig Mod [00:30:50] Q's spotlight is two contributors, Dave Pagurek and Kenneth Lim. Links SustainOSS (https://sustainoss.org/) podcast@sustainoss.org (mailto:podcast@sustainoss.org) richard@sustainoss.org (mailto:richard@sustainoss.org) SustainOSS Discourse (https://discourse.sustainoss.org/) SustainOSS Mastodon (https://mastodon.social/tags/sustainoss) SustainOSS Bluesky (https://bsky.app/profile/sustainoss.bsky.social) SustainOSS LinkedIn (https://www.linkedin.com/company/sustainoss/) Open Collective-SustainOSS (Contribute) (https://opencollective.com/sustainoss) Richard Littauer Socials (https://www.burntfen.com/2023-05-30/socials) Qianqian Ye LinkedIn (https://www.linkedin.com/in/qianqian-ye-23693364/) Qianqian Ye Website (https://qianqian-ye.com/) p5.js (https://p5js.org/) p5.js Access Statement (https://p5js.org/contribute/access/) All Contributors (https://allcontributors.org/) Processing Foundation (https://processingfoundation.org/) Sovereign Tech Agency (https://www.sovereign.tech/) Lauren Lee McCarthy (https://get-lauren.net/) Making p5.js by Lauren Lee McCarthy (https://medium.com/processing-foundation/making-p5-js-fd293ba91a32) UN Open Source Week 2025, NYC, June 16-20 (https://www.un.org/digital-emerging-technologies/content/open-source-week-2025) Things Become Other Things by Craig Mod (https://craigmod.com/ridgeline/174/) P5.js 2.0 and an open source philosophy by Dave Pagurek (https://www.davepagurek.com/blog/p5-2.0-philosophy/) Designing an addon library system for p5.js 2.0 by Kenneth Lim (https://dev.to/limzykenneth/designing-an-addon-library-system-for-p5js-20-3d4p) Credits Produced by Richard Littauer (https://www.burntfen.com/) Edited by Paul M. Bahr at Peachtree Sound (https://www.peachtreesound.com/) Show notes by DeAnn Bahr Peachtree Sound (https://www.peachtreesound.com/) Special Guest: Qianqian Ye.
Jerod is joined by Carson Gross, the creator of htmx –a small, zero-dependency JavaScript library that he says, "completes HTML as a hypertext". Carson built it because he's big on hypermedia, he even wrote a book called Hypermedia Systems. Carson has a lot of strong opinions weakly held that we dive into in this conversation.
News includes Elixir v1.19.0-rc.0 with significant type checking improvements and faster compile times, Gleam v1.11.0 delivering 30% faster JavaScript performance, the new Elixir Outreach stipend program providing funding for speakers to present at non-Elixir conferences, a batch of ElixirConf US 2024 videos featuring talks were published, the open-sourcing of Noora design system for Phoenix LiveView, upcoming support for “for” comprehensions in HEEX templates, and José Valim's announcement of Tidewave - the groundbreaking MCP server that gives AI agents runtime access to your Elixir applications rather than just static code, and more! Show Notes online - http://podcast.thinkingelixir.com/257 (http://podcast.thinkingelixir.com/257) Elixir Community News https://www.honeybadger.io/ (https://www.honeybadger.io/utm_source=thinkingelixir&utm_medium=podcast) – Honeybadger.io is sponsoring today's show! Keep your apps healthy and your customers happy with Honeybadger! It's free to get started, and setup takes less than five minutes. https://github.com/elixir-lang/elixir/releases/tag/v1.19.0-rc.0 (https://github.com/elixir-lang/elixir/releases/tag/v1.19.0-rc.0?utm_source=thinkingelixir&utm_medium=shownotes) – Elixir v1.19.0-rc.0 release with mix format --migrate, type checking improvements, faster compile times, and parallel dependency compilation https://x.com/gleamlang/status/1929535582423650789 (https://x.com/gleamlang/status/1929535582423650789?utm_source=thinkingelixir&utm_medium=shownotes) – Gleam v1.11.0 announcement https://gleam.run/news/gleam-javascript-gets-30-percent-faster/ (https://gleam.run/news/gleam-javascript-gets-30-percent-faster/?utm_source=thinkingelixir&utm_medium=shownotes) – Gleam compiled JavaScript runs 30% faster performance improvement https://github.com/gleam-lang/gleam/blob/main/changelog/v1.11.md (https://github.com/gleam-lang/gleam/blob/main/changelog/v1.11.md?utm_source=thinkingelixir&utm_medium=shownotes) – Gleam v1.11.0 changelog with testing tools and performance improvements https://elixir-lang.org/blog/2025/06/02/elixir-outreach-stipend-for-speakers/ (https://elixir-lang.org/blog/2025/06/02/elixir-outreach-stipend-for-speakers/?utm_source=thinkingelixir&utm_medium=shownotes) – Elixir Outreach stipend program by Dashbit, Oban and the EEF providing up to $700 USD for speakers presenting Elixir to other ecosystems https://www.youtube.com/watch?v=aknKAFzEsBg (https://www.youtube.com/watch?v=aknKAFzEsBg?utm_source=thinkingelixir&utm_medium=shownotes) – ElixirConf US 2024 video release featuring multiple talks https://www.youtube.com/playlist?list=PLqj39LCvnOWbW2Zli4LurDGc6lL5ij-9Y (https://www.youtube.com/playlist?list=PLqj39LCvnOWbW2Zli4LurDGc6lL5ij-9Y?utm_source=thinkingelixir&utm_medium=shownotes) – ElixirConf US 2024 playlist with 16 new videos https://www.youtube.com/watch?v=PSrzruaby1M (https://www.youtube.com/watch?v=PSrzruaby1M?utm_source=thinkingelixir&utm_medium=shownotes) – Ash AI Launch talk by Zach Daniel from ElixirConf EU https://tuist.dev/blog/2025/06/10/open-sourcing-noora-for-the-web (https://tuist.dev/blog/2025/06/10/open-sourcing-noora-for-the-web?utm_source=thinkingelixir&utm_medium=shownotes) – Noora design system for Phoenix LiveView open-sourced announcement https://noora.tuist.dev/ (https://noora.tuist.dev/?utm_source=thinkingelixir&utm_medium=shownotes) – Noora - complete, accessible design system for Phoenix LiveView with Figma files and ready-to-use components https://github.com/phoenixframework/phoenixliveview/pull/3827 (https://github.com/phoenixframework/phoenix_live_view/pull/3827?utm_source=thinkingelixir&utm_medium=shownotes) – Phoenix LiveView PR adding support for for comprehensions in HEEX templates with keyed change tracking https://hexdocs.pm/lua/changelog.html#v0-3-0-2025-06-09 (https://hexdocs.pm/lua/changelog.html#v0-3-0-2025-06-09?utm_source=thinkingelixir&utm_medium=shownotes) – Lua for Elixir v0.3.0 changelog with new guard functions https://bsky.app/profile/davelucia.com/post/3lr6g7g3nqs26 (https://bsky.app/profile/davelucia.com/post/3lr6g7g3nqs26?utm_source=thinkingelixir&utm_medium=shownotes) – Bluesky post about Lua for Elixir update with guard support https://x.com/bcardarella/status/1929976577749664052 (https://x.com/bcardarella/status/1929976577749664052?utm_source=thinkingelixir&utm_medium=shownotes) – Brian Cardarella announcing websocketdist library release https://x.com/bcardarella/status/1930262610705846640 (https://x.com/bcardarella/status/1930262610705846640?utm_source=thinkingelixir&utm_medium=shownotes) – Brian explaining the use-case behind websocketdist library https://github.com/otp-interop/websocketdist (https://github.com/otp-interop/web_socket_dist?utm_source=thinkingelixir&utm_medium=shownotes) – websocketdist library for Erlang distribution over WebSockets https://www.erlang.org/doc/system/distributed.html (https://www.erlang.org/doc/system/distributed.html?utm_source=thinkingelixir&utm_medium=shownotes) – Erlang distributed systems documentation https://x.com/josevalim/status/1930670782788653284 (https://x.com/josevalim/status/1930670782788653284?utm_source=thinkingelixir&utm_medium=shownotes) – José Valim announcing Tidewave on X/Twitter https://dashbit.co/blog/announcing-tidewave (https://dashbit.co/blog/announcing-tidewave?utm_source=thinkingelixir&utm_medium=shownotes) – Dashbit blog post announcing Tidewave - Elixir MCP server for AI runtime intelligence https://github.com/tidewave-ai/mcpproxyrust#installation (https://github.com/tidewave-ai/mcp_proxy_rust#installation?utm_source=thinkingelixir&utm_medium=shownotes) – Tidewave MCP proxy installation and setup instructions Do you have some Elixir news to share? Tell us at @ThinkingElixir (https://twitter.com/ThinkingElixir) or email at show@thinkingelixir.com (mailto:show@thinkingelixir.com) Find us online - Message the show - Bluesky (https://bsky.app/profile/thinkingelixir.com) - Message the show - X (https://x.com/ThinkingElixir) - Message the show on Fediverse - @ThinkingElixir@genserver.social (https://genserver.social/ThinkingElixir) - Email the show - show@thinkingelixir.com (mailto:show@thinkingelixir.com) - Mark Ericksen on X - @brainlid (https://x.com/brainlid) - Mark Ericksen on Bluesky - @brainlid.bsky.social (https://bsky.app/profile/brainlid.bsky.social) - Mark Ericksen on Fediverse - @brainlid@genserver.social (https://genserver.social/brainlid) - David Bernheisel on Bluesky - @david.bernheisel.com (https://bsky.app/profile/david.bernheisel.com) - David Bernheisel on Fediverse - @dbern@genserver.social (https://genserver.social/dbern)
C'est une attaque aussi discrète qu'ingénieuse, et elle remet en cause l'un des derniers réflexes de confiance qu'il nous reste en ligne : celui d'un lien affichant “google.com”. On le sait, les campagnes de phishing sont souvent repérables : une faute d'orthographe, un nom de domaine douteux – “lap0ste.net” ou “facebok.com” font tiquer les plus attentifs. Mais que faire quand le lien vient directement de google.com ?C'est ce que révèle une enquête publiée par le magazine C/Side. Des cybercriminels ont utilisé une URL parfaitement légitime de Google OAuth — ce système d'identification bien connu — pour lancer une attaque ciblée sur un site e-commerce fonctionnant sous Magento. L'adresse en question semble anodine, mais elle contient un paramètre “callback” détourné pour exécuter un code JavaScript caché. Ce code, encodé en base64, passe inaperçu pour les antivirus et les pare-feux.Le pire ? Ce script ouvre une connexion WebSocket, une sorte de canal permanent entre votre navigateur et le serveur de l'attaquant. Résultat : dès que vous accédez à une page contenant “checkout” dans l'URL — donc au moment de payer — le pirate prend le contrôle. Il peut injecter des formulaires frauduleux, intercepter vos données bancaires, voire modifier ce que vous voyez à l'écran sans recharger la page. Et comme l'attaque s'appuie sur un domaine Google, elle échappe à la plupart des systèmes de sécurité, qui considèrent ce nom comme fiable par défaut. Les utilisateurs de solutions Google et les e-commerçants sont particulièrement vulnérables à ce type de détournement. Le conseil, ici, est simple mais précieux : affichez l'URL complète dans votre navigateur. Un clic droit sur la barre d'adresse suffit pour activer cette option. Dans un monde où même les liens les plus familiers peuvent cacher des pièges, la vigilance reste notre meilleure défense. Hébergé par Acast. Visitez acast.com/privacy pour plus d'informations.
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Katz Stealer in JPG Xavier found some multistage malware that uses an Excel Spreadsheet and an HTA file to load an image that includes embeded a copy of Katz stealer. https://isc.sans.edu/diary/More+Steganography/32044 https://unit42.paloaltonetworks.com/malicious-javascript-using-jsfiretruck-as-obfuscation/ JavaScript obfuscated with JSF*CK is being used on over 200,000 websites to direct victims to malware Expired Discord Invite Links Used for Malware Distribution Expired discord invite links are revived as vanity links to direct victims to malware sites https://research.checkpoint.com/2025/from-trust-to-threat-hijacked-discord-invites-used-for-multi-stage-malware-delivery/
Cloudflare says yesterday's widespread outage was not caused by a cyberattack. Predator mobile spyware remains highly active. Microsoft is investigating ongoing Microsoft 365 authentication services issues. An account takeover campaign targets Entra ID users by abusing a popular pen testing tool. Palo Alto Networks documents a JavaScript obfuscation method dubbed “JSFireTruck.” Trend Micro and Mitel patch multiple high-severity vulnerabilities. CISA issues multiple advisories. My Hacking Humans cohost Joe Carrigan joins us to discuss linkless recruiting scams. Uncle Sam wants an AI chatbot. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we are joined by Joe Carrigan, one of Dave's Hacking Humans co-hosts, to talk about linkless recruiting scams. You can learn more in this article from The Record: FIN6 cybercriminals pose as job seekers on LinkedIn to hack recruiters. Tune in to Hacking Humans each Thursday on your favorite podcast app to hear the latest on the social engineering scams that are making the headlines from Joe, Dave and their co-host Maria Varmazis. Selected Reading Cloudflare: Outage not caused by security incident, data is safe (Bleeping Computer) Predator Mobile Spyware Remains Consistent with New Design Changes to Evade Detection (Cyber Security News) Microsoft confirms auth issues affecting Microsoft 365 users (Bleeping Computer) TeamFiltration Abused in Entra ID Account Takeover Campaign (SecurityWeek) 270K websites injected with ‘JSF-ck' obfuscated code (SC Media) Palo Alto Networks Patches Series of Vulnerabilities (Infosecurity Magazine) SimpleHelp Vulnerability Exploited Against Utility Billing Software Users (SecurityWeek) Trend Micro fixes critical vulnerabilities in multiple products (Bleeping Computer) Critical Vulnerability Exposes Many Mitel MiCollab Instances to Remote Hacking (SecurityWeek) CISA Releases Ten Industrial Control Systems Advisories (CISA) Trump team leaks AI plans in public GitHub repository (The Register) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Saad Najmi from Microsoft joins Jamon, Robin, and Mazen to break down React Native macOS. They discuss how it works, where it's being used today, the challenges of maintaining cross-platform support, and why desktop might be the next frontier for React Native.Show NotesRN for Windows and Mac - MicrosoftReact Native Test AppChiara Mooney's Blog postConnect With Us!Guest: @SaadNajmiJamon Holmgren: @jamonholmgrenRobin Heinze: @robinheinzeMazen Chami: @mazenchamiReact Native Radio: @ReactNativeRdioThis episode is brought to you by Infinite Red!Infinite Red is an expert React Native consultancy located in the USA. With nearly a decade of React Native experience and deep roots in the React Native community (hosts of Chain React and the React Native Newsletter, core React Native contributors, creators of Ignite and Reactotron, and much, much more), Infinite Red is the best choice for helping you build and deploy your next React Native app.
RJJ Software's Software Development Service This episode of The Modern .NET Show is supported, in part, by RJJ Software's Software Development Services, whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed expectations. Show Notes "Yeah, exactly. In fact, one of the central premises of Dapr has, you know, one of its goals is not only to be multi-language, in that anyone can use the APIs from any language they come from. So it has SDKs. First, you can call it HTTP if that's all you care about. But it has SDKs for Java, JavaScript, of course, .NET, Python, and Go."— Mark Fussell Welcome friends to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am your host: Jamie “GaProgMan” Taylor. In this episode, Mark Fussell from Diagrid joins us to talk about Dapr—that's D-A-P-R—the Distributed Application Runtime, which aims to make it trivial to build applications in a distributed manner: covering things like service discovery, Pubsub messaging, and distribution of your microservice-based applications. "And the reason why I mentioned that is because, going to your AI discussion, is that we had an amazing contributor actually from Microsoft, actually he's ex-Microsoft now, a guy called Roberto Rodriguez, who worked in Microsoft Research, We built an agentic AI framework on top of Dapr workflows because it had this power of being able to do recoverability and coordination."— Mark Fussell Along the way, we cover the history of Dapr, how it started as a Microsoft incubator project (and was heavily inspired by Project Tye), and how it's now a full graduated project of the CNCF (Cloud Native Computing Foundation). Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/dapr-the-secret-sauce-to-simplifying-distributed-applications-with-mark-fussell/ Useful Links: DAPR Web Services Enhancement Diagrid Dapper Tye Spiffie mTLS istio Linkerd Dapr/quickstarts Dapr university Diagrid Conductor Workflow Engines: Comunda Apache Airflow Azure Logic Apps AWS Step Functions Episode 21 - Orleans with Russell Hammett CNCF Dapr Catalyst Dapr on Discord Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast. Music created by Mono Memory Music, licensed to RJJ Software for use in The Modern .NET Show
TanStack is an open-source collection of high-performance libraries for JavaScript and TypeScript applications, primarily focused on state management, data fetching, and table utilities. It includes popular libraries like TanStack Query, TanStack Table, and TanStack Router. These libraries emphasize declarative APIs, optimized performance, and developer-friendly features, and they are increasingly popular for modern frontend development. Tanner The post TanStack and the Future of Frontend with Tanner Linsley appeared first on Software Engineering Daily.
Digital commerce security stands at a critical crossroads, with an average of 66 third-party vendors present during the typical e-commerce checkout flow. Each of these represents a potential security vulnerability that could compromise your customers' payment data. Few understand this landscape better than Rui Ribeiro, Co-Founder and CEO of Jscrambler.Ribeiro's journey began in Portugal with a computer science background that led him through the banking industry before identifying a crucial gap in 2014: client-side security. What started as a broad security mission has evolved into specialized protection for payment processes, with Jscrambler now serving major e-commerce platforms across airlines, retail, and hospitality sectors.The timing couldn't be more relevant. With the PCI Council's recent release of PCI DSS v4, client-side security has moved from a best practice to a compliance requirement. Companies must now implement strategies that protect cardholder data by securing JavaScript and payment pages while detecting unauthorized access - exactly what Jscrambler specializes in."Security should never be a barrier for innovation," Ribeiro emphasizes. His company's approach allows businesses to continue adding frictionless checkout features while ensuring third parties can't access sensitive payment information. This balance becomes increasingly challenging as merchants integrate chatbots, payment calculators, installment options, and other tools that improve customer experience but potentially expand the attack surface.
TanStack is an open-source collection of high-performance libraries for JavaScript and TypeScript applications, primarily focused on state management, data fetching, and table utilities. It includes popular libraries like TanStack Query, TanStack Table, and TanStack Router. These libraries emphasize declarative APIs, optimized performance, and developer-friendly features, and they are increasingly popular for modern frontend development. Tanner The post TanStack and the Future of Frontend with Tanner Linsley appeared first on Software Engineering Daily.
Send us a textSecurity professionals face a constant battle to keep up with evolving threats, and our latest CISSP Question Thursday podcast delivers critical insights into one of the most fundamental cybersecurity capabilities: effective logging and monitoring.The episode begins with a warning about a sophisticated attack campaign targeting recruiters. The hacker group FIN6 (Skeleton Spiders) has been creating fake candidate profiles with malware-laced resume attachments, tricking HR professionals into downloading zip files containing the "More Eggs" JavaScript backdoor. This social engineering tactic exploits normal recruiting workflows to steal credentials and gain network access. We discuss why security teams must partner with recruitment departments to develop specialized awareness training and technical controls to address this growing threat.Diving into CISSP Domain 7.2, we explore fifteen practical questions about logging and monitoring implementations. We cover critical distinctions between detection and prevention technologies, explaining why deep packet inspection is essential for identifying encrypted command and control communications over HTTPS. We examine why log integrity and non-repudiation are paramount when logs may serve as legal evidence, and why HR data provides crucial context for User and Entity Behavior Analytics (UEBA) systems trying to identify insider threats.For those implementing Network Intrusion Prevention Systems, we emphasize the importance of deployment in detection-only mode for extended tuning periods before enabling blocking capabilities. We examine why mean time to respond (MTTR) to critical incidents provides the most holistic metric for evaluating security operations effectiveness, and why automated ingestion of threat intelligence feeds delivers the most value for continuous monitoring objectives.This episode balances technical depth with practical implementation guidance, making it valuable for both CISSP candidates preparing for the exam and practicing security professionals looking to strengthen their monitoring capabilities. Visit CISSP Cyber Training for access to all our training materials and sign up for 360 free practice questions to accelerate your certification journey.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!
In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT
Wes and Scott talk about the new If statements in CSS, breaking down how they work, why they matter, and when to use them. They explore use cases, syntax quirks, and how this feature pushes CSS closer to true conditional logic—no JavaScript required. Show Notes 00:00 Welcome to Syntax! 01:30 Brought to you by Sentry.io 02:37 CSS If statements in action CSS if() functions & reading-flow (in Chrome 137) CodePen - If with style without attr 09:08 Advanced examples and the attribute function CodePen - CSS If() Themes 13:43 Mixing If statements with media queries CodePen - CSS If() Mixed Logic 16:54 Can't this be done with classes? 18:16 The future of CSS: declarative APIs CSS Battle LIVE! in Denver | Switch Edition 21:10 Is CSS now a programming language? Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads
Wes and Scott talk about the new If statements in CSS, breaking down how they work, why they matter, and when to use them. They explore use cases, syntax quirks, and how this feature pushes CSS closer to true conditional logic—no JavaScript required. Show Notes 00:00 Welcome to Syntax! 01:30 Brought to you by Sentry.io 02:37 CSS If statements in action CSS if() functions & reading-flow (in Chrome 137) CodePen - If with style without attr 09:08 Advanced examples and the attribute function CodePen - CSS If() Themes 13:43 Mixing If statements with media queries CodePen - CSS If() Mixed Logic 16:54 Can't this be done with classes? 18:16 The future of CSS: declarative APIs CSS Battle LIVE! in Denver | Switch Edition 21:10 Is CSS now a programming language? Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads
In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT
In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT
In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT
In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT
In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT
In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT
In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT
Hoje o papo não é para os fracos de coração! Neste episódio, mergulhamos nas últimas ferramentas e melhores práticas para o desenvolvimento mobile híbrido! Vem ver quem participou desse papo: André David, o host que vai precisar de um D20 Vinny Neves, Líder de Front-End na Alura Yago Oliveira, Coordenador de Conteúdo Técnico na Alura Ilda Neta, Mobile Software Engineer
News includes the Elixir 1.19 RC release featuring up to 4x faster compilation and significant types system improvements, more ElixirConfEU videos including José Valim's keynote on type system updates, the look at the Backpex admin panel for Phoenix LiveView applications, Ash AI's impressive AI integration using the Elixir LangChain library, an informal Elixir Contributors Summit recap from Software Mansion, the Quokka formatter that automatically fixes Credo style code issues, Popcorn's browser-based Elixir implementation with JavaScript interoperability, and the launch of Elixir Observer for better Hex package exploration, and more! Show Notes online - http://podcast.thinkingelixir.com/256 (http://podcast.thinkingelixir.com/256) Elixir Community News https://www.honeybadger.io/ (https://www.honeybadger.io/utm_source=thinkingelixir&utm_medium=podcast) – Honeybadger.io is sponsoring today's show! Keep your apps healthy and your customers happy with Honeybadger! It's free to get started, and setup takes less than five minutes. https://github.com/elixir-lang/elixir/blob/main/CHANGELOG.md (https://github.com/elixir-lang/elixir/blob/main/CHANGELOG.md?utm_source=thinkingelixir&utm_medium=shownotes) – Elixir 1.19 RC release with up to 4x faster compilation for large projects, types system updates, and improved pretty printing https://www.youtube.com/playlist?list=PLvL2NEhYV4Zu421KzHuLICUqieJXI2o_Z (https://www.youtube.com/playlist?list=PLvL2NEhYV4Zu421KzHuLICUqieJXI2o_Z?utm_source=thinkingelixir&utm_medium=shownotes) – ElixirConfEU videos playlist with all 4 keynotes and Lightning Talks https://www.youtube.com/watch?v=po-ckmSt1gI&list=PLvL2NEhYV4Zu421KzHuLICUqieJXI2o_Z&index=13 (https://www.youtube.com/watch?v=po-ckmSt1gI&list=PLvL2NEhYV4Zu421KzHuLICUqieJXI2o_Z&index=13?utm_source=thinkingelixir&utm_medium=shownotes) – José Valim's keynote "Type System and Elixir Updates + Extended Q&A" https://github.com/naymspace/backpex (https://github.com/naymspace/backpex?utm_source=thinkingelixir&utm_medium=shownotes) – Backpex - highly customizable administration panel for Phoenix LiveView applications https://backpex.live/ (https://backpex.live/?utm_source=thinkingelixir&utm_medium=shownotes) – Backpex project landing page https://demo.backpex.live/admin/users (https://demo.backpex.live/admin/users?utm_source=thinkingelixir&utm_medium=shownotes) – Live demo of Backpex admin panel https://hexdocs.pm/ash_ai/readme.html (https://hexdocs.pm/ash_ai/readme.html?utm_source=thinkingelixir&utm_medium=shownotes) – Ash AI documentation - AI implementation for the Ash Framework https://x.com/ZachSDaniel1/status/1927249155019149409 (https://x.com/ZachSDaniel1/status/1927249155019149409?utm_source=thinkingelixir&utm_medium=shownotes) – Zach Daniel's tweet teasing Ash AI features https://blog.swmansion.com/elixir-contributor-summit-2025-shaping-the-future-together-at-software-mansion-cc3271a188eb (https://blog.swmansion.com/elixir-contributor-summit-2025-shaping-the-future-together-at-software-mansion-cc3271a188eb?utm_source=thinkingelixir&utm_medium=shownotes) – Blog post about the informal Elixir Contributors Summit held after ElixirConf EU https://github.com/smartrent/quokka (https://github.com/smartrent/quokka?utm_source=thinkingelixir&utm_medium=shownotes) – Quokka - Elixir formatter that combines mix format and mix credo to automatically fix code style issues https://github.com/software-mansion/popcorn (https://github.com/software-mansion/popcorn?utm_source=thinkingelixir&utm_medium=shownotes) – Popcorn - library for running client-side Elixir in browsers with JavaScript interoperability https://popcorn.swmansion.com/simple_repl/ (https://popcorn.swmansion.com/simple_repl/?utm_source=thinkingelixir&utm_medium=shownotes) – Popcorn live demo REPL https://github.com/atomvm/AtomVM (https://github.com/atomvm/AtomVM?utm_source=thinkingelixir&utm_medium=shownotes) – AtomVM project that Popcorn is based on, compiles to WASM https://www.mimiquate.com/blog/introducing-elixir-observer-a-better-way-to-explore-elixir-packages (https://www.mimiquate.com/blog/introducing-elixir-observer-a-better-way-to-explore-elixir-packages?utm_source=thinkingelixir&utm_medium=shownotes) – Blog post introducing Elixir Observer for exploring Hex packages https://elixir-observer.com/ (https://elixir-observer.com/?utm_source=thinkingelixir&utm_medium=shownotes) – Elixir Observer website for package exploration https://www.youtube.com/watch?v=o-FsRSDg6Pc (https://www.youtube.com/watch?v=o-FsRSDg6Pc?utm_source=thinkingelixir&utm_medium=shownotes) – YouTube demo video of Elixir Observer https://github.com/mimiquate/elixir_observer (https://github.com/mimiquate/elixir_observer?utm_source=thinkingelixir&utm_medium=shownotes) – Open source GitHub repository for Elixir Observer https://elixir-observer.com/packages/ecto (https://elixir-observer.com/packages/ecto?utm_source=thinkingelixir&utm_medium=shownotes) – Example of Ecto package analysis on Elixir Observer Do you have some Elixir news to share? Tell us at @ThinkingElixir (https://twitter.com/ThinkingElixir) or email at show@thinkingelixir.com (mailto:show@thinkingelixir.com) Find us online - Message the show - Bluesky (https://bsky.app/profile/thinkingelixir.com) - Message the show - X (https://x.com/ThinkingElixir) - Message the show on Fediverse - @ThinkingElixir@genserver.social (https://genserver.social/ThinkingElixir) - Email the show - show@thinkingelixir.com (mailto:show@thinkingelixir.com) - Mark Ericksen on X - @brainlid (https://x.com/brainlid) - Mark Ericksen on Bluesky - @brainlid.bsky.social (https://bsky.app/profile/brainlid.bsky.social) - Mark Ericksen on Fediverse - @brainlid@genserver.social (https://genserver.social/brainlid) - David Bernheisel on Bluesky - @david.bernheisel.com (https://bsky.app/profile/david.bernheisel.com) - David Bernheisel on Fediverse - @dbern@genserver.social (https://genserver.social/dbern)
Melanie Sumner: Why Continuous Accessibility Is a Strategic AdvantageMelanie Sumner, Product Accessibility Lead for Design Systems at HashiCorp, joins Robby to talk about what it takes to scale accessibility across legacy products—and how aligning design and engineering processes creates lasting change. Melanie shares her work making Ember.js more accessible, her team's philosophy behind their design system, and why she treats accessibility like any other technical concern.From the pitfalls of nested interactive elements to the strengths of Ember's conventions and codemods, this conversation offers a roadmap for integrating accessibility into every layer of product development.Melanie also reflects on why she trademarked the term Continuous Accessibility, how it fits into product lifecycles, and what other frameworks can learn from the Ember community's approach.“Accessibility is a technical problem with a technical solution.”Melanie joins us from Chicago, Illinois.Episode Highlights[00:01:00] What Well-Maintained Software Looks Like: Consistency, purpose, and bridging design and engineering[00:02:30] Building a Unified Design System Across 10+ Legacy Products[00:03:30] Creating Component Requirements Before Design or Code[00:05:00] Designing with Accessibility Defaults—and Providing Bridges for Legacy[00:07:00] How Ember's Conventions Help Scale Front-End Systems[00:09:30] Who Uses Ember—and Why It's a Fit for Teams with Big Requirements[00:13:30] Technical Debt in Design Systems and the Cost of Rushing[00:16:30] How They Future-Proof Components and Avoid Over-Engineering[00:19:00] What “Continuous Accessibility” Means in Practice[00:21:00] Accessibility Testing and the Limits of Automation[00:23:00] Common Accessibility Mistakes: Nested Interactives and Misused DIVs[00:24:30] Keyboard Navigation as a Litmus Test[00:26:00] Text Adventure Games and Accessibility as a Playable Experience[00:28:30] The Origin of Her Accessibility Journey at UNC Chapel Hill[00:31:00] Why She Avoids Framing Accessibility in Emotional Terms[00:32:45] Compliance as a Business Driver for Accessibility[00:35:00] Open Source Work on Testing Rules Across Frameworks[00:38:00] The Navigation API and Fixing Single-Page App Accessibility[00:40:30] HTML's Forgiveness and the Illusion of “Good Enough”[00:43:00] Advice for Engineers Advocating for Accessibility Without Authority[00:46:45] Book Recommendation: Cradle Series by Will Wight[00:48:30] Where to Follow Melanie: melanie.codesLinks and ResourcesMelanie's WebsiteHelios Design System at HashiCorpCradle Series by Will WightEmber Community SurveyA11y Automation GitHub ProjectAxe-coreFollow Melanie:GitHubLinkedInThanks to Our Sponsor!Turn hours of debugging into just minutes! AppSignal is a performance monitoring and error-tracking tool designed for Ruby, Elixir, Python, Node.js, Javascript, and other frameworks.It offers six powerful features with one simple interface, providing developers with real-time insights into the performance and health of web applications.Keep your coding cool and error-free, one line at a time! Use the code maintainable to get a 10% discount for your first year. Check them out! Subscribe to Maintainable on:Apple PodcastsSpotifyOr search "Maintainable" wherever you stream your podcasts.Keep up to date with the Maintainable Podcast by joining the newsletter.
We break down how to properly throw, catch, and log errors in JavaScript and TypeScript. They cover client-side and server-side strategies, using tools like Sentry, and how to handle errors without taking down your whole app. Show Notes 00:00 Welcome to Syntax! 01:19 Error terminology. 01:42 Thrown and catching. 03:01 What's in an error. 04:09 Name and message. 04:42 Stack. 07:12 Node system errors. 07:34 Messages: strings, objects, or custom errors. 08:19 Throwing errors. 12:01 Promise errors. 12:10 Try catch block, .catch(). 14:13 Using awaited-to. 15:10 Finally. 16:29 promise.try() 17:14 Re-throwing errors. Error Cause 18:12 Client-side errors. 18:15 Catching at different levels. 18:51 Displaying errors. 21:59 Transforming server errors into client errors. 24:12 Error boundaries. 25:26 Server errors. 26:10 JSON API. 27:41 HTTP response codes. 30:09 Logging and solving errors. 31:16 Proudly supported by Sentry.io. Logging within Sentry 36:16 TypeScript and errors. Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads
Scott and Wes break down how to properly throw, catch, and log errors in JavaScript and TypeScript. They cover client-side and server-side strategies, using tools like Sentry, and how to handle errors without taking down your whole app. Show Notes 00:00 Welcome to Syntax! 01:19 Error terminology. 01:42 Thrown and catching. 03:01 What's in an error. 04:09 Name and message. 04:42 Stack. 07:12 Node system errors. 07:34 Messages: strings, objects, or custom errors. 08:19 Throwing errors. 12:01 Promise errors. 12:10 Try catch block, .catch(). 14:13 Using awaited-to. 15:10 Finally. 16:29 promise.try() 17:14 Re-throwing errors. Error Cause 18:12 Client-side errors. 18:15 Catching at different levels. 18:51 Displaying errors. 21:59 Transforming server errors into client errors. 24:12 Error boundaries. 25:26 Server errors. 26:10 JSON API. 27:41 HTTP response codes. 30:09 Logging and solving errors. 31:16 Proudly supported by Sentry.io. Logging within Sentry 36:16 TypeScript and errors. Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads
The future of AI needs a new internet. Coinbase is laying the foundation. In this episode of The Index, host Alex Kehaya talks with Nemil Dalal, Head of Coinbase's Developer Program, about how Coinbase is building crypto-native infrastructure to power the next generation of applications, starting with autonomous AI agents.Nemil shares his background in crypto, from meeting Brian Armstrong at Y Combinator to helping scale USDC from $10 million to $1 billion in market cap. Today, he's focused on making blockchain development more accessible by reducing friction around payments, APIs, and onboarding.A key part of that effort is X402—Coinbase's implementation of the long-dormant HTTP 402 "Payment Required" status code. X402 allows AI agents and applications to autonomously pay for API access using cryptocurrency, without the need for API keys, credit cards, or manual account setup.We break down how X402 works under the hood:API requests return a 402 response when payment is requiredAgents can immediately respond with a signed crypto transaction to unlock accessJust one line of JavaScript is needed to enable itThis simple standard opens the door to a wide range of use cases—from AI agents accessing paid services to developers integrating crypto-powered paywalls with minimal overhead.If you're building in Web3, working with AI, or developing APIs, this episode offers a practical look at how Coinbase is creating tools that make decentralized development more seamless and scalable.
In this episode, Dan and I (Steve) dove deep into what turned out to be a surprisingly complex, yet incredibly insightful topic: gradually migrating a massive legacy JavaScript project over to TypeScript. We're talking about nearly 1,000 JS files, 70,000+ lines of code, and years of developer history—all transitioning carefully to a typed, modern future.Dan walked us through how he started by setting up the project for success before converting even one file—getting CI/CD ready, setting up tsconfig.json, sorting out test dependencies, dealing with mock leaks, and even grappling with quirks between VS Code and WebStorm debugging.We talked tools (like TS-ESLint, concurrently, and ts-node), why strict typing actually uncovered real bugs (and made the code better!), and why it's crucial not to touch any .js files until your TypeScript setup is rock solid.Key Takeaways:Gradual migration is 100% possible—and often better—than ripping the bandaid off.TypeScript can and will catch bugs hiding in your JavaScript. Be prepared!Use VS Code extensions or TS-Node to support your devs' tooling preferences.Don't underestimate the setup phase—it's the foundation of long-term success.Start small: Dan's team converted just one file at first to test the whole pipeline.If you're sitting on a legacy JS project and dreaming of TypeScript, this episode is your blueprint—and your warning sign.Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.
Jack Herrington, podcaster, software engineer, writer and YouTuber, joins the pod to uncover the truth behind server functions and why they don't actually exist in the web platform. We dive into the magic behind frameworks like Next.js, TanStack Start, and Remix, breaking down how server functions work, what they simplify, what they hide, and what developers need to know to build smarter, faster, and more secure web apps. Links YouTube: https://www.youtube.com/@jherr Twitter: https://x.com/jherr Github: https://github.com/jherr ProNextJS: https://www.pronextjs.dev Discord: https://discord.com/invite/KRVwpJUG6p LinkedIn: https://www.linkedin.com/in/jherr Website: https://jackherrington.com Resources Server Functions Don't Exist (It Matters) (https://www.youtube.com/watch?v=FPJvlhee04E) We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Let us know by sending an email to our producer, Em, at emily.kochanek@logrocket.com (mailto:emily.kochanek@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free at LogRocket.com. Try LogRocket for free today. (https://logrocket.com/signup/?pdr) Special Guest: Jack Herrington.
Pwn2Own 2025, Berlin results. PayPal seeks a "newly registered domains" patent. An expert iOS jailbreak developer gives up. The rising abuse of SVG images, via JavaScript. Interesting feedback from our listeners. Four classic science fiction movies not to miss. How OpenAI's o3 model discovered a 0-day in the Linux kernel Show Notes - https://www.grc.com/sn/SN-1028-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security outsystems.com/twit bigid.com/securitynow bitwarden.com/twit joindeleteme.com/twit promo code TWIT
Pwn2Own 2025, Berlin results. PayPal seeks a "newly registered domains" patent. An expert iOS jailbreak developer gives up. The rising abuse of SVG images, via JavaScript. Interesting feedback from our listeners. Four classic science fiction movies not to miss. How OpenAI's o3 model discovered a 0-day in the Linux kernel Show Notes - https://www.grc.com/sn/SN-1028-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security outsystems.com/twit bigid.com/securitynow bitwarden.com/twit joindeleteme.com/twit promo code TWIT
Pwn2Own 2025, Berlin results. PayPal seeks a "newly registered domains" patent. An expert iOS jailbreak developer gives up. The rising abuse of SVG images, via JavaScript. Interesting feedback from our listeners. Four classic science fiction movies not to miss. How OpenAI's o3 model discovered a 0-day in the Linux kernel Show Notes - https://www.grc.com/sn/SN-1028-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security outsystems.com/twit bigid.com/securitynow bitwarden.com/twit joindeleteme.com/twit promo code TWIT
Pwn2Own 2025, Berlin results. PayPal seeks a "newly registered domains" patent. An expert iOS jailbreak developer gives up. The rising abuse of SVG images, via JavaScript. Interesting feedback from our listeners. Four classic science fiction movies not to miss. How OpenAI's o3 model discovered a 0-day in the Linux kernel Show Notes - https://www.grc.com/sn/SN-1028-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security outsystems.com/twit bigid.com/securitynow bitwarden.com/twit joindeleteme.com/twit promo code TWIT
Software Engineering Radio - The Podcast for Professional Software Developers
In this episode, SE Radio host Sriram Panyam explores HTMX with its creator, Carson Gross, who is also creator of Hyperscript, the mind behind the Grug Brained Developer, a professor of software engineering at Montana State University, and co-author of Hypermedia Systems. HTMX is a modern JavaScript library that allows developers to access AJAX, WebSockets, CSS Transitions, and Server-Sent Events directly in HTML using attributes. It represents a return to hypermedia-driven application architecture while supporting modern user experiences. The episode starts with a look at the current complexity in web development and how HTMX offers an alternative approach. Carson explains the core philosophy of "HTML as the interface" and how hypermedia principles influenced HTMX's design. From there, they dive into HTMX's technical concepts, including its attribute system, server-side integration, event handling, and state management approach. Carson shares some real-world implementation strategies, including migration paths from JavaScript frameworks, architectural patterns, and performance considerations -- as well as a few scenarios in which HTMX might not be the best fit. Finally, they look at the growing HTMX ecosystem, community contributions, and future development roadmap. Throughout the episode, Carson provides concrete examples and case studies of HTMX in production environments. Brought to you by IEEE Computer Society and IEEE Software magazine.
Pwn2Own 2025, Berlin results. PayPal seeks a "newly registered domains" patent. An expert iOS jailbreak developer gives up. The rising abuse of SVG images, via JavaScript. Interesting feedback from our listeners. Four classic science fiction movies not to miss. How OpenAI's o3 model discovered a 0-day in the Linux kernel Show Notes - https://www.grc.com/sn/SN-1028-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security outsystems.com/twit bigid.com/securitynow bitwarden.com/twit joindeleteme.com/twit promo code TWIT
Pwn2Own 2025, Berlin results. PayPal seeks a "newly registered domains" patent. An expert iOS jailbreak developer gives up. The rising abuse of SVG images, via JavaScript. Interesting feedback from our listeners. Four classic science fiction movies not to miss. How OpenAI's o3 model discovered a 0-day in the Linux kernel Show Notes - https://www.grc.com/sn/SN-1028-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security outsystems.com/twit bigid.com/securitynow bitwarden.com/twit joindeleteme.com/twit promo code TWIT
Pwn2Own 2025, Berlin results. PayPal seeks a "newly registered domains" patent. An expert iOS jailbreak developer gives up. The rising abuse of SVG images, via JavaScript. Interesting feedback from our listeners. Four classic science fiction movies not to miss. How OpenAI's o3 model discovered a 0-day in the Linux kernel Show Notes - https://www.grc.com/sn/SN-1028-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security outsystems.com/twit bigid.com/securitynow bitwarden.com/twit joindeleteme.com/twit promo code TWIT
Primeiro episódio do mês é dia de falar sobre carreira! Hoje, conversamos sobre a carreira da pessoa desenvolvedora Full Stack: escolha de carreira ou adaptação às demandas do mercado? Da importância das soft skills ao aprendizado contínuo, descubra as diferentes perspectivas e os "dependes" que cercam essa carreira. Vem ver quem participou desse papo: André David, o host que quer entender o cinza Vinny Neves, Líder de Front-End na Alura Patrícia Silva, Senior Fullstack Engineer Guilherme Lima, Tech Educator e Professor na Alura e na USP
In this episode, we dive deep into the evolving relationship between engineering and product with Pranab Krishnan, CTO of Zeal - a payroll and payments platform for staffing companies. We explore how the traditional boundaries between engineering, product management, and customer interaction are dissolving, especially in the age of AI. Pranab shares insights on building a product-centric engineering culture, the concept of "shifting left," and how AI tools are reshaping the skills engineers need to succeed.Key Takeaways
Document editors take center stage as Mikah and Rosemary show viewers the best apps for editing PDFs and plain text files on iOS devices. The hosts emphasize practical solutions for common document editing needs while showcasing both free built-in tools and premium third-party options for power users. Built-in PDF tool in Notes - Demonstrates how to attach PDFs to Notes documents, use Quick Look for basic annotation, highlighting, and form filling, plus collaborative editing features PDF Expert - Rosemary showcases advanced PDF editing capabilities including text editing, image replacement, adding clickable links to table of contents, redaction tools, and custom stamps Documents - Mikah highlights the comprehensive file management app with PDF tools, conversion options, page management, form filling, and multi-cloud storage integration Textastic - Rosemary gets technical with this specialized plain text editor supporting syntax highlighting for HTML, CSS, JavaScript, Python, and other programming languages, plus SSH terminal access and live preview features News WWDC 2025 announcement - Apple's Worldwide Developers Conference runs June 9-13, with keynote streaming available and exclusive Club TWiT live coverage planned for members Shortcuts Corner Follow-up from episode 751 - Dave from Ohio shares success creating an Apple TV remote shortcut button for his iPhone home screen using Rosemary's previous tutorial App Caps Wipr 2 - Simple, effective Safari content blocker that blocks ads and trackers without overwhelming features, created by solo developer Kaylee Calderolla Tatami - Addictive number puzzle game where players connect numbered blocks in lines and rectangles, free to play with $4.99 unlock option, also by developer Kaylee Calderolla Hosts: Mikah Sargent and Rosemary Orchard Contact iOS Today at iOSToday@twit.tv. Download or subscribe to iOS Today at https://twit.tv/shows/ios-today Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.
Document editors take center stage as Mikah and Rosemary show viewers the best apps for editing PDFs and plain text files on iOS devices. The hosts emphasize practical solutions for common document editing needs while showcasing both free built-in tools and premium third-party options for power users. Built-in PDF tool in Notes - Demonstrates how to attach PDFs to Notes documents, use Quick Look for basic annotation, highlighting, and form filling, plus collaborative editing features PDF Expert - Rosemary showcases advanced PDF editing capabilities including text editing, image replacement, adding clickable links to table of contents, redaction tools, and custom stamps Documents - Mikah highlights the comprehensive file management app with PDF tools, conversion options, page management, form filling, and multi-cloud storage integration Textastic - Rosemary gets technical with this specialized plain text editor supporting syntax highlighting for HTML, CSS, JavaScript, Python, and other programming languages, plus SSH terminal access and live preview features News WWDC 2025 announcement - Apple's Worldwide Developers Conference runs June 9-13, with keynote streaming available and exclusive Club TWiT live coverage planned for members Shortcuts Corner Follow-up from episode 751 - Dave from Ohio shares success creating an Apple TV remote shortcut button for his iPhone home screen using Rosemary's previous tutorial App Caps Wipr 2 - Simple, effective Safari content blocker that blocks ads and trackers without overwhelming features, created by solo developer Kaylee Calderolla Tatami - Addictive number puzzle game where players connect numbered blocks in lines and rectangles, free to play with $4.99 unlock option, also by developer Kaylee Calderolla Hosts: Mikah Sargent and Rosemary Orchard Contact iOS Today at iOSToday@twit.tv. Download or subscribe to iOS Today at https://twit.tv/shows/ios-today Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.
Document editors take center stage as Mikah and Rosemary show viewers the best apps for editing PDFs and plain text files on iOS devices. The hosts emphasize practical solutions for common document editing needs while showcasing both free built-in tools and premium third-party options for power users. Built-in PDF tool in Notes - Demonstrates how to attach PDFs to Notes documents, use Quick Look for basic annotation, highlighting, and form filling, plus collaborative editing features PDF Expert - Rosemary showcases advanced PDF editing capabilities including text editing, image replacement, adding clickable links to table of contents, redaction tools, and custom stamps Documents - Mikah highlights the comprehensive file management app with PDF tools, conversion options, page management, form filling, and multi-cloud storage integration Textastic - Rosemary gets technical with this specialized plain text editor supporting syntax highlighting for HTML, CSS, JavaScript, Python, and other programming languages, plus SSH terminal access and live preview features News WWDC 2025 announcement - Apple's Worldwide Developers Conference runs June 9-13, with keynote streaming available and exclusive Club TWiT live coverage planned for members Shortcuts Corner Follow-up from episode 751 - Dave from Ohio shares success creating an Apple TV remote shortcut button for his iPhone home screen using Rosemary's previous tutorial App Caps Wipr 2 - Simple, effective Safari content blocker that blocks ads and trackers without overwhelming features, created by solo developer Kaylee Calderolla Tatami - Addictive number puzzle game where players connect numbered blocks in lines and rectangles, free to play with $4.99 unlock option, also by developer Kaylee Calderolla Hosts: Mikah Sargent and Rosemary Orchard Contact iOS Today at iOSToday@twit.tv. Download or subscribe to iOS Today at https://twit.tv/shows/ios-today Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.
Document editors take center stage as Mikah and Rosemary show viewers the best apps for editing PDFs and plain text files on iOS devices. The hosts emphasize practical solutions for common document editing needs while showcasing both free built-in tools and premium third-party options for power users. Built-in PDF tool in Notes - Demonstrates how to attach PDFs to Notes documents, use Quick Look for basic annotation, highlighting, and form filling, plus collaborative editing features PDF Expert - Rosemary showcases advanced PDF editing capabilities including text editing, image replacement, adding clickable links to table of contents, redaction tools, and custom stamps Documents - Mikah highlights the comprehensive file management app with PDF tools, conversion options, page management, form filling, and multi-cloud storage integration Textastic - Rosemary gets technical with this specialized plain text editor supporting syntax highlighting for HTML, CSS, JavaScript, Python, and other programming languages, plus SSH terminal access and live preview features News WWDC 2025 announcement - Apple's Worldwide Developers Conference runs June 9-13, with keynote streaming available and exclusive Club TWiT live coverage planned for members Shortcuts Corner Follow-up from episode 751 - Dave from Ohio shares success creating an Apple TV remote shortcut button for his iPhone home screen using Rosemary's previous tutorial App Caps Wipr 2 - Simple, effective Safari content blocker that blocks ads and trackers without overwhelming features, created by solo developer Kaylee Calderolla Tatami - Addictive number puzzle game where players connect numbered blocks in lines and rectangles, free to play with $4.99 unlock option, also by developer Kaylee Calderolla Hosts: Mikah Sargent and Rosemary Orchard Contact iOS Today at iOSToday@twit.tv. Download or subscribe to iOS Today at https://twit.tv/shows/ios-today Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.
In this repeat episode, Chris Coyier, co-founder of CodePen, talks about the evolving landscape of HTML heading into 2025. He delves into topics like the slow evolution of HTML compared to CSS and JavaScript, the importance of backwards compatibility, new HTML elements and pseudo-elements, and the potential of declarative shadow DOM for server-side rendering in web components. Links Website: https://chriscoyier.net Codepen: https://codepen.io/chriscoyier Frontend Social: https://front-end.social/@chriscoyier Github: https://github.com/chriscoyier Threads: https://www.threads.net/@chriscoyier Bluesky: https://bsky.app/profile/chriscoyier.net We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Let us know by sending an email to our producer, Em, at emily.kochanek@logrocket.com (mailto:emily.kochanek@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free at LogRocket.com. Try LogRocket for free today. (https://logrocket.com/signup/?pdr) Special Guest: Chris Coyier.
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Resilient Secure Backup Connectivity for SMB/Home Users Establishing resilient access to a home network via a second ISP may lead to unintended backdoors. Secure the access and make sure you have the visibility needed to detect abuse. https://isc.sans.edu/diary/Resilient%20Secure%20Backup%20Connectivity%20for%20SMB%20Home%20Users/31972 BadSuccessor: Abusing dMSA to Escalate Privileges in Active Directory An attacker with the ability to create service accounts may be able to manipulate these accounts to mark them as migrated accounts, inheriting all privileges the original account had access to. https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory Flaw in samlify That Opens Door to SAML Single Sign-On Bypass CVE-2025-47949 The samlify Node.js library does not verify SAML assertions correctly. It will consider the entire assertion valid, not just the original one. An attacker may use this to obtain additional privileges or authenticate as a different user https://www.endorlabs.com/learn/cve-2025-47949-reveals-flaw-in-samlify-that-opens-door-to-saml-single-sign-on-bypass