High-level programming language
POPULARITY
Categories
State management isn't one-size-fits-all. Jamon, Robin, and Mazen compare tools they've used on real projects, where trade-offs show up, and how their opinions have evolved.Connect With Us!Jamon Holmgren: @jamonholmgrenRobin Heinze: @robinheinzeMazen Chami: @mazenchamiReact Native Radio: @ReactNativeRdioThis episode is brought to you by Infinite Red!Infinite Red is an expert React Native consultancy located in the USA. With nearly a decade of React Native experience and deep roots in the React Native community (hosts of Chain React and the React Native Newsletter, core React Native contributors, creators of Ignite and Reactotron, and much, much more), Infinite Red is the best choice for helping you build and deploy your next React Native app.
C'est une attaque aussi discrète qu'ingénieuse, et elle remet en cause l'un des derniers réflexes de confiance qu'il nous reste en ligne : celui d'un lien affichant “google.com”. On le sait, les campagnes de phishing sont souvent repérables : une faute d'orthographe, un nom de domaine douteux – “lap0ste.net” ou “facebok.com” font tiquer les plus attentifs. Mais que faire quand le lien vient directement de google.com ?C'est ce que révèle une enquête publiée par le magazine C/Side. Des cybercriminels ont utilisé une URL parfaitement légitime de Google OAuth — ce système d'identification bien connu — pour lancer une attaque ciblée sur un site e-commerce fonctionnant sous Magento. L'adresse en question semble anodine, mais elle contient un paramètre “callback” détourné pour exécuter un code JavaScript caché. Ce code, encodé en base64, passe inaperçu pour les antivirus et les pare-feux.Le pire ? Ce script ouvre une connexion WebSocket, une sorte de canal permanent entre votre navigateur et le serveur de l'attaquant. Résultat : dès que vous accédez à une page contenant “checkout” dans l'URL — donc au moment de payer — le pirate prend le contrôle. Il peut injecter des formulaires frauduleux, intercepter vos données bancaires, voire modifier ce que vous voyez à l'écran sans recharger la page. Et comme l'attaque s'appuie sur un domaine Google, elle échappe à la plupart des systèmes de sécurité, qui considèrent ce nom comme fiable par défaut. Les utilisateurs de solutions Google et les e-commerçants sont particulièrement vulnérables à ce type de détournement. Le conseil, ici, est simple mais précieux : affichez l'URL complète dans votre navigateur. Un clic droit sur la barre d'adresse suffit pour activer cette option. Dans un monde où même les liens les plus familiers peuvent cacher des pièges, la vigilance reste notre meilleure défense. Hébergé par Acast. Visitez acast.com/privacy pour plus d'informations.
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Katz Stealer in JPG Xavier found some multistage malware that uses an Excel Spreadsheet and an HTA file to load an image that includes embeded a copy of Katz stealer. https://isc.sans.edu/diary/More+Steganography/32044 https://unit42.paloaltonetworks.com/malicious-javascript-using-jsfiretruck-as-obfuscation/ JavaScript obfuscated with JSF*CK is being used on over 200,000 websites to direct victims to malware Expired Discord Invite Links Used for Malware Distribution Expired discord invite links are revived as vanity links to direct victims to malware sites https://research.checkpoint.com/2025/from-trust-to-threat-hijacked-discord-invites-used-for-multi-stage-malware-delivery/
Cloudflare says yesterday's widespread outage was not caused by a cyberattack. Predator mobile spyware remains highly active. Microsoft is investigating ongoing Microsoft 365 authentication services issues. An account takeover campaign targets Entra ID users by abusing a popular pen testing tool. Palo Alto Networks documents a JavaScript obfuscation method dubbed “JSFireTruck.” Trend Micro and Mitel patch multiple high-severity vulnerabilities. CISA issues multiple advisories. My Hacking Humans cohost Joe Carrigan joins us to discuss linkless recruiting scams. Uncle Sam wants an AI chatbot. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we are joined by Joe Carrigan, one of Dave's Hacking Humans co-hosts, to talk about linkless recruiting scams. You can learn more in this article from The Record: FIN6 cybercriminals pose as job seekers on LinkedIn to hack recruiters. Tune in to Hacking Humans each Thursday on your favorite podcast app to hear the latest on the social engineering scams that are making the headlines from Joe, Dave and their co-host Maria Varmazis. Selected Reading Cloudflare: Outage not caused by security incident, data is safe (Bleeping Computer) Predator Mobile Spyware Remains Consistent with New Design Changes to Evade Detection (Cyber Security News) Microsoft confirms auth issues affecting Microsoft 365 users (Bleeping Computer) TeamFiltration Abused in Entra ID Account Takeover Campaign (SecurityWeek) 270K websites injected with ‘JSF-ck' obfuscated code (SC Media) Palo Alto Networks Patches Series of Vulnerabilities (Infosecurity Magazine) SimpleHelp Vulnerability Exploited Against Utility Billing Software Users (SecurityWeek) Trend Micro fixes critical vulnerabilities in multiple products (Bleeping Computer) Critical Vulnerability Exposes Many Mitel MiCollab Instances to Remote Hacking (SecurityWeek) CISA Releases Ten Industrial Control Systems Advisories (CISA) Trump team leaks AI plans in public GitHub repository (The Register) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Saad Najmi from Microsoft joins Jamon, Robin, and Mazen to break down React Native macOS. They discuss how it works, where it's being used today, the challenges of maintaining cross-platform support, and why desktop might be the next frontier for React Native.Show NotesRN for Windows and Mac - MicrosoftReact Native Test AppChiara Mooney's Blog postConnect With Us!Guest: @SaadNajmiJamon Holmgren: @jamonholmgrenRobin Heinze: @robinheinzeMazen Chami: @mazenchamiReact Native Radio: @ReactNativeRdioThis episode is brought to you by Infinite Red!Infinite Red is an expert React Native consultancy located in the USA. With nearly a decade of React Native experience and deep roots in the React Native community (hosts of Chain React and the React Native Newsletter, core React Native contributors, creators of Ignite and Reactotron, and much, much more), Infinite Red is the best choice for helping you build and deploy your next React Native app.
RJJ Software's Software Development Service This episode of The Modern .NET Show is supported, in part, by RJJ Software's Software Development Services, whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed expectations. Show Notes "Yeah, exactly. In fact, one of the central premises of Dapr has, you know, one of its goals is not only to be multi-language, in that anyone can use the APIs from any language they come from. So it has SDKs. First, you can call it HTTP if that's all you care about. But it has SDKs for Java, JavaScript, of course, .NET, Python, and Go."— Mark Fussell Welcome friends to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am your host: Jamie “GaProgMan” Taylor. In this episode, Mark Fussell from Diagrid joins us to talk about Dapr—that's D-A-P-R—the Distributed Application Runtime, which aims to make it trivial to build applications in a distributed manner: covering things like service discovery, Pubsub messaging, and distribution of your microservice-based applications. "And the reason why I mentioned that is because, going to your AI discussion, is that we had an amazing contributor actually from Microsoft, actually he's ex-Microsoft now, a guy called Roberto Rodriguez, who worked in Microsoft Research, We built an agentic AI framework on top of Dapr workflows because it had this power of being able to do recoverability and coordination."— Mark Fussell Along the way, we cover the history of Dapr, how it started as a Microsoft incubator project (and was heavily inspired by Project Tye), and how it's now a full graduated project of the CNCF (Cloud Native Computing Foundation). Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/dapr-the-secret-sauce-to-simplifying-distributed-applications-with-mark-fussell/ Useful Links: DAPR Web Services Enhancement Diagrid Dapper Tye Spiffie mTLS istio Linkerd Dapr/quickstarts Dapr university Diagrid Conductor Workflow Engines: Comunda Apache Airflow Azure Logic Apps AWS Step Functions Episode 21 - Orleans with Russell Hammett CNCF Dapr Catalyst Dapr on Discord Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast. Music created by Mono Memory Music, licensed to RJJ Software for use in The Modern .NET Show
TanStack is an open-source collection of high-performance libraries for JavaScript and TypeScript applications, primarily focused on state management, data fetching, and table utilities. It includes popular libraries like TanStack Query, TanStack Table, and TanStack Router. These libraries emphasize declarative APIs, optimized performance, and developer-friendly features, and they are increasingly popular for modern frontend development. Tanner The post TanStack and the Future of Frontend with Tanner Linsley appeared first on Software Engineering Daily.
Digital commerce security stands at a critical crossroads, with an average of 66 third-party vendors present during the typical e-commerce checkout flow. Each of these represents a potential security vulnerability that could compromise your customers' payment data. Few understand this landscape better than Rui Ribeiro, Co-Founder and CEO of Jscrambler.Ribeiro's journey began in Portugal with a computer science background that led him through the banking industry before identifying a crucial gap in 2014: client-side security. What started as a broad security mission has evolved into specialized protection for payment processes, with Jscrambler now serving major e-commerce platforms across airlines, retail, and hospitality sectors.The timing couldn't be more relevant. With the PCI Council's recent release of PCI DSS v4, client-side security has moved from a best practice to a compliance requirement. Companies must now implement strategies that protect cardholder data by securing JavaScript and payment pages while detecting unauthorized access - exactly what Jscrambler specializes in."Security should never be a barrier for innovation," Ribeiro emphasizes. His company's approach allows businesses to continue adding frictionless checkout features while ensuring third parties can't access sensitive payment information. This balance becomes increasingly challenging as merchants integrate chatbots, payment calculators, installment options, and other tools that improve customer experience but potentially expand the attack surface.
TanStack is an open-source collection of high-performance libraries for JavaScript and TypeScript applications, primarily focused on state management, data fetching, and table utilities. It includes popular libraries like TanStack Query, TanStack Table, and TanStack Router. These libraries emphasize declarative APIs, optimized performance, and developer-friendly features, and they are increasingly popular for modern frontend development. Tanner The post TanStack and the Future of Frontend with Tanner Linsley appeared first on Software Engineering Daily.
Send us a textSecurity professionals face a constant battle to keep up with evolving threats, and our latest CISSP Question Thursday podcast delivers critical insights into one of the most fundamental cybersecurity capabilities: effective logging and monitoring.The episode begins with a warning about a sophisticated attack campaign targeting recruiters. The hacker group FIN6 (Skeleton Spiders) has been creating fake candidate profiles with malware-laced resume attachments, tricking HR professionals into downloading zip files containing the "More Eggs" JavaScript backdoor. This social engineering tactic exploits normal recruiting workflows to steal credentials and gain network access. We discuss why security teams must partner with recruitment departments to develop specialized awareness training and technical controls to address this growing threat.Diving into CISSP Domain 7.2, we explore fifteen practical questions about logging and monitoring implementations. We cover critical distinctions between detection and prevention technologies, explaining why deep packet inspection is essential for identifying encrypted command and control communications over HTTPS. We examine why log integrity and non-repudiation are paramount when logs may serve as legal evidence, and why HR data provides crucial context for User and Entity Behavior Analytics (UEBA) systems trying to identify insider threats.For those implementing Network Intrusion Prevention Systems, we emphasize the importance of deployment in detection-only mode for extended tuning periods before enabling blocking capabilities. We examine why mean time to respond (MTTR) to critical incidents provides the most holistic metric for evaluating security operations effectiveness, and why automated ingestion of threat intelligence feeds delivers the most value for continuous monitoring objectives.This episode balances technical depth with practical implementation guidance, making it valuable for both CISSP candidates preparing for the exam and practicing security professionals looking to strengthen their monitoring capabilities. Visit CISSP Cyber Training for access to all our training materials and sign up for 360 free practice questions to accelerate your certification journey.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!
In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT
Wes and Scott talk about the new If statements in CSS, breaking down how they work, why they matter, and when to use them. They explore use cases, syntax quirks, and how this feature pushes CSS closer to true conditional logic—no JavaScript required. Show Notes 00:00 Welcome to Syntax! 01:30 Brought to you by Sentry.io 02:37 CSS If statements in action CSS if() functions & reading-flow (in Chrome 137) CodePen - If with style without attr 09:08 Advanced examples and the attribute function CodePen - CSS If() Themes 13:43 Mixing If statements with media queries CodePen - CSS If() Mixed Logic 16:54 Can't this be done with classes? 18:16 The future of CSS: declarative APIs CSS Battle LIVE! in Denver | Switch Edition 21:10 Is CSS now a programming language? Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads
Wes and Scott talk about the new If statements in CSS, breaking down how they work, why they matter, and when to use them. They explore use cases, syntax quirks, and how this feature pushes CSS closer to true conditional logic—no JavaScript required. Show Notes 00:00 Welcome to Syntax! 01:30 Brought to you by Sentry.io 02:37 CSS If statements in action CSS if() functions & reading-flow (in Chrome 137) CodePen - If with style without attr 09:08 Advanced examples and the attribute function CodePen - CSS If() Themes 13:43 Mixing If statements with media queries CodePen - CSS If() Mixed Logic 16:54 Can't this be done with classes? 18:16 The future of CSS: declarative APIs CSS Battle LIVE! in Denver | Switch Edition 21:10 Is CSS now a programming language? Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads
In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT
In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT
In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT
In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT
In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT
In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT
In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT
Hoje o papo não é para os fracos de coração! Neste episódio, mergulhamos nas últimas ferramentas e melhores práticas para o desenvolvimento mobile híbrido! Vem ver quem participou desse papo: André David, o host que vai precisar de um D20 Vinny Neves, Líder de Front-End na Alura Yago Oliveira, Coordenador de Conteúdo Técnico na Alura Ilda Neta, Mobile Software Engineer
News includes the Elixir 1.19 RC release featuring up to 4x faster compilation and significant types system improvements, more ElixirConfEU videos including José Valim's keynote on type system updates, the look at the Backpex admin panel for Phoenix LiveView applications, Ash AI's impressive AI integration using the Elixir LangChain library, an informal Elixir Contributors Summit recap from Software Mansion, the Quokka formatter that automatically fixes Credo style code issues, Popcorn's browser-based Elixir implementation with JavaScript interoperability, and the launch of Elixir Observer for better Hex package exploration, and more! Show Notes online - http://podcast.thinkingelixir.com/256 (http://podcast.thinkingelixir.com/256) Elixir Community News https://www.honeybadger.io/ (https://www.honeybadger.io/utm_source=thinkingelixir&utm_medium=podcast) – Honeybadger.io is sponsoring today's show! Keep your apps healthy and your customers happy with Honeybadger! It's free to get started, and setup takes less than five minutes. https://github.com/elixir-lang/elixir/blob/main/CHANGELOG.md (https://github.com/elixir-lang/elixir/blob/main/CHANGELOG.md?utm_source=thinkingelixir&utm_medium=shownotes) – Elixir 1.19 RC release with up to 4x faster compilation for large projects, types system updates, and improved pretty printing https://www.youtube.com/playlist?list=PLvL2NEhYV4Zu421KzHuLICUqieJXI2o_Z (https://www.youtube.com/playlist?list=PLvL2NEhYV4Zu421KzHuLICUqieJXI2o_Z?utm_source=thinkingelixir&utm_medium=shownotes) – ElixirConfEU videos playlist with all 4 keynotes and Lightning Talks https://www.youtube.com/watch?v=po-ckmSt1gI&list=PLvL2NEhYV4Zu421KzHuLICUqieJXI2o_Z&index=13 (https://www.youtube.com/watch?v=po-ckmSt1gI&list=PLvL2NEhYV4Zu421KzHuLICUqieJXI2o_Z&index=13?utm_source=thinkingelixir&utm_medium=shownotes) – José Valim's keynote "Type System and Elixir Updates + Extended Q&A" https://github.com/naymspace/backpex (https://github.com/naymspace/backpex?utm_source=thinkingelixir&utm_medium=shownotes) – Backpex - highly customizable administration panel for Phoenix LiveView applications https://backpex.live/ (https://backpex.live/?utm_source=thinkingelixir&utm_medium=shownotes) – Backpex project landing page https://demo.backpex.live/admin/users (https://demo.backpex.live/admin/users?utm_source=thinkingelixir&utm_medium=shownotes) – Live demo of Backpex admin panel https://hexdocs.pm/ash_ai/readme.html (https://hexdocs.pm/ash_ai/readme.html?utm_source=thinkingelixir&utm_medium=shownotes) – Ash AI documentation - AI implementation for the Ash Framework https://x.com/ZachSDaniel1/status/1927249155019149409 (https://x.com/ZachSDaniel1/status/1927249155019149409?utm_source=thinkingelixir&utm_medium=shownotes) – Zach Daniel's tweet teasing Ash AI features https://blog.swmansion.com/elixir-contributor-summit-2025-shaping-the-future-together-at-software-mansion-cc3271a188eb (https://blog.swmansion.com/elixir-contributor-summit-2025-shaping-the-future-together-at-software-mansion-cc3271a188eb?utm_source=thinkingelixir&utm_medium=shownotes) – Blog post about the informal Elixir Contributors Summit held after ElixirConf EU https://github.com/smartrent/quokka (https://github.com/smartrent/quokka?utm_source=thinkingelixir&utm_medium=shownotes) – Quokka - Elixir formatter that combines mix format and mix credo to automatically fix code style issues https://github.com/software-mansion/popcorn (https://github.com/software-mansion/popcorn?utm_source=thinkingelixir&utm_medium=shownotes) – Popcorn - library for running client-side Elixir in browsers with JavaScript interoperability https://popcorn.swmansion.com/simple_repl/ (https://popcorn.swmansion.com/simple_repl/?utm_source=thinkingelixir&utm_medium=shownotes) – Popcorn live demo REPL https://github.com/atomvm/AtomVM (https://github.com/atomvm/AtomVM?utm_source=thinkingelixir&utm_medium=shownotes) – AtomVM project that Popcorn is based on, compiles to WASM https://www.mimiquate.com/blog/introducing-elixir-observer-a-better-way-to-explore-elixir-packages (https://www.mimiquate.com/blog/introducing-elixir-observer-a-better-way-to-explore-elixir-packages?utm_source=thinkingelixir&utm_medium=shownotes) – Blog post introducing Elixir Observer for exploring Hex packages https://elixir-observer.com/ (https://elixir-observer.com/?utm_source=thinkingelixir&utm_medium=shownotes) – Elixir Observer website for package exploration https://www.youtube.com/watch?v=o-FsRSDg6Pc (https://www.youtube.com/watch?v=o-FsRSDg6Pc?utm_source=thinkingelixir&utm_medium=shownotes) – YouTube demo video of Elixir Observer https://github.com/mimiquate/elixir_observer (https://github.com/mimiquate/elixir_observer?utm_source=thinkingelixir&utm_medium=shownotes) – Open source GitHub repository for Elixir Observer https://elixir-observer.com/packages/ecto (https://elixir-observer.com/packages/ecto?utm_source=thinkingelixir&utm_medium=shownotes) – Example of Ecto package analysis on Elixir Observer Do you have some Elixir news to share? Tell us at @ThinkingElixir (https://twitter.com/ThinkingElixir) or email at show@thinkingelixir.com (mailto:show@thinkingelixir.com) Find us online - Message the show - Bluesky (https://bsky.app/profile/thinkingelixir.com) - Message the show - X (https://x.com/ThinkingElixir) - Message the show on Fediverse - @ThinkingElixir@genserver.social (https://genserver.social/ThinkingElixir) - Email the show - show@thinkingelixir.com (mailto:show@thinkingelixir.com) - Mark Ericksen on X - @brainlid (https://x.com/brainlid) - Mark Ericksen on Bluesky - @brainlid.bsky.social (https://bsky.app/profile/brainlid.bsky.social) - Mark Ericksen on Fediverse - @brainlid@genserver.social (https://genserver.social/brainlid) - David Bernheisel on Bluesky - @david.bernheisel.com (https://bsky.app/profile/david.bernheisel.com) - David Bernheisel on Fediverse - @dbern@genserver.social (https://genserver.social/dbern)
Melanie Sumner: Why Continuous Accessibility Is a Strategic AdvantageMelanie Sumner, Product Accessibility Lead for Design Systems at HashiCorp, joins Robby to talk about what it takes to scale accessibility across legacy products—and how aligning design and engineering processes creates lasting change. Melanie shares her work making Ember.js more accessible, her team's philosophy behind their design system, and why she treats accessibility like any other technical concern.From the pitfalls of nested interactive elements to the strengths of Ember's conventions and codemods, this conversation offers a roadmap for integrating accessibility into every layer of product development.Melanie also reflects on why she trademarked the term Continuous Accessibility, how it fits into product lifecycles, and what other frameworks can learn from the Ember community's approach.“Accessibility is a technical problem with a technical solution.”Melanie joins us from Chicago, Illinois.Episode Highlights[00:01:00] What Well-Maintained Software Looks Like: Consistency, purpose, and bridging design and engineering[00:02:30] Building a Unified Design System Across 10+ Legacy Products[00:03:30] Creating Component Requirements Before Design or Code[00:05:00] Designing with Accessibility Defaults—and Providing Bridges for Legacy[00:07:00] How Ember's Conventions Help Scale Front-End Systems[00:09:30] Who Uses Ember—and Why It's a Fit for Teams with Big Requirements[00:13:30] Technical Debt in Design Systems and the Cost of Rushing[00:16:30] How They Future-Proof Components and Avoid Over-Engineering[00:19:00] What “Continuous Accessibility” Means in Practice[00:21:00] Accessibility Testing and the Limits of Automation[00:23:00] Common Accessibility Mistakes: Nested Interactives and Misused DIVs[00:24:30] Keyboard Navigation as a Litmus Test[00:26:00] Text Adventure Games and Accessibility as a Playable Experience[00:28:30] The Origin of Her Accessibility Journey at UNC Chapel Hill[00:31:00] Why She Avoids Framing Accessibility in Emotional Terms[00:32:45] Compliance as a Business Driver for Accessibility[00:35:00] Open Source Work on Testing Rules Across Frameworks[00:38:00] The Navigation API and Fixing Single-Page App Accessibility[00:40:30] HTML's Forgiveness and the Illusion of “Good Enough”[00:43:00] Advice for Engineers Advocating for Accessibility Without Authority[00:46:45] Book Recommendation: Cradle Series by Will Wight[00:48:30] Where to Follow Melanie: melanie.codesLinks and ResourcesMelanie's WebsiteHelios Design System at HashiCorpCradle Series by Will WightEmber Community SurveyA11y Automation GitHub ProjectAxe-coreFollow Melanie:GitHubLinkedInThanks to Our Sponsor!Turn hours of debugging into just minutes! AppSignal is a performance monitoring and error-tracking tool designed for Ruby, Elixir, Python, Node.js, Javascript, and other frameworks.It offers six powerful features with one simple interface, providing developers with real-time insights into the performance and health of web applications.Keep your coding cool and error-free, one line at a time! Use the code maintainable to get a 10% discount for your first year. Check them out! Subscribe to Maintainable on:Apple PodcastsSpotifyOr search "Maintainable" wherever you stream your podcasts.Keep up to date with the Maintainable Podcast by joining the newsletter.
We break down how to properly throw, catch, and log errors in JavaScript and TypeScript. They cover client-side and server-side strategies, using tools like Sentry, and how to handle errors without taking down your whole app. Show Notes 00:00 Welcome to Syntax! 01:19 Error terminology. 01:42 Thrown and catching. 03:01 What's in an error. 04:09 Name and message. 04:42 Stack. 07:12 Node system errors. 07:34 Messages: strings, objects, or custom errors. 08:19 Throwing errors. 12:01 Promise errors. 12:10 Try catch block, .catch(). 14:13 Using awaited-to. 15:10 Finally. 16:29 promise.try() 17:14 Re-throwing errors. Error Cause 18:12 Client-side errors. 18:15 Catching at different levels. 18:51 Displaying errors. 21:59 Transforming server errors into client errors. 24:12 Error boundaries. 25:26 Server errors. 26:10 JSON API. 27:41 HTTP response codes. 30:09 Logging and solving errors. 31:16 Proudly supported by Sentry.io. Logging within Sentry 36:16 TypeScript and errors. Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads
Scott and Wes break down how to properly throw, catch, and log errors in JavaScript and TypeScript. They cover client-side and server-side strategies, using tools like Sentry, and how to handle errors without taking down your whole app. Show Notes 00:00 Welcome to Syntax! 01:19 Error terminology. 01:42 Thrown and catching. 03:01 What's in an error. 04:09 Name and message. 04:42 Stack. 07:12 Node system errors. 07:34 Messages: strings, objects, or custom errors. 08:19 Throwing errors. 12:01 Promise errors. 12:10 Try catch block, .catch(). 14:13 Using awaited-to. 15:10 Finally. 16:29 promise.try() 17:14 Re-throwing errors. Error Cause 18:12 Client-side errors. 18:15 Catching at different levels. 18:51 Displaying errors. 21:59 Transforming server errors into client errors. 24:12 Error boundaries. 25:26 Server errors. 26:10 JSON API. 27:41 HTTP response codes. 30:09 Logging and solving errors. 31:16 Proudly supported by Sentry.io. Logging within Sentry 36:16 TypeScript and errors. Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads
The future of AI needs a new internet. Coinbase is laying the foundation. In this episode of The Index, host Alex Kehaya talks with Nemil Dalal, Head of Coinbase's Developer Program, about how Coinbase is building crypto-native infrastructure to power the next generation of applications, starting with autonomous AI agents.Nemil shares his background in crypto, from meeting Brian Armstrong at Y Combinator to helping scale USDC from $10 million to $1 billion in market cap. Today, he's focused on making blockchain development more accessible by reducing friction around payments, APIs, and onboarding.A key part of that effort is X402—Coinbase's implementation of the long-dormant HTTP 402 "Payment Required" status code. X402 allows AI agents and applications to autonomously pay for API access using cryptocurrency, without the need for API keys, credit cards, or manual account setup.We break down how X402 works under the hood:API requests return a 402 response when payment is requiredAgents can immediately respond with a signed crypto transaction to unlock accessJust one line of JavaScript is needed to enable itThis simple standard opens the door to a wide range of use cases—from AI agents accessing paid services to developers integrating crypto-powered paywalls with minimal overhead.If you're building in Web3, working with AI, or developing APIs, this episode offers a practical look at how Coinbase is creating tools that make decentralized development more seamless and scalable.
In this episode, Dan and I (Steve) dove deep into what turned out to be a surprisingly complex, yet incredibly insightful topic: gradually migrating a massive legacy JavaScript project over to TypeScript. We're talking about nearly 1,000 JS files, 70,000+ lines of code, and years of developer history—all transitioning carefully to a typed, modern future.Dan walked us through how he started by setting up the project for success before converting even one file—getting CI/CD ready, setting up tsconfig.json, sorting out test dependencies, dealing with mock leaks, and even grappling with quirks between VS Code and WebStorm debugging.We talked tools (like TS-ESLint, concurrently, and ts-node), why strict typing actually uncovered real bugs (and made the code better!), and why it's crucial not to touch any .js files until your TypeScript setup is rock solid.Key Takeaways:Gradual migration is 100% possible—and often better—than ripping the bandaid off.TypeScript can and will catch bugs hiding in your JavaScript. Be prepared!Use VS Code extensions or TS-Node to support your devs' tooling preferences.Don't underestimate the setup phase—it's the foundation of long-term success.Start small: Dan's team converted just one file at first to test the whole pipeline.If you're sitting on a legacy JS project and dreaming of TypeScript, this episode is your blueprint—and your warning sign.Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.
Jack Herrington, podcaster, software engineer, writer and YouTuber, joins the pod to uncover the truth behind server functions and why they don't actually exist in the web platform. We dive into the magic behind frameworks like Next.js, TanStack Start, and Remix, breaking down how server functions work, what they simplify, what they hide, and what developers need to know to build smarter, faster, and more secure web apps. Links YouTube: https://www.youtube.com/@jherr Twitter: https://x.com/jherr Github: https://github.com/jherr ProNextJS: https://www.pronextjs.dev Discord: https://discord.com/invite/KRVwpJUG6p LinkedIn: https://www.linkedin.com/in/jherr Website: https://jackherrington.com Resources Server Functions Don't Exist (It Matters) (https://www.youtube.com/watch?v=FPJvlhee04E) We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Let us know by sending an email to our producer, Em, at emily.kochanek@logrocket.com (mailto:emily.kochanek@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free at LogRocket.com. Try LogRocket for free today. (https://logrocket.com/signup/?pdr) Special Guest: Jack Herrington.
Pwn2Own 2025, Berlin results. PayPal seeks a "newly registered domains" patent. An expert iOS jailbreak developer gives up. The rising abuse of SVG images, via JavaScript. Interesting feedback from our listeners. Four classic science fiction movies not to miss. How OpenAI's o3 model discovered a 0-day in the Linux kernel Show Notes - https://www.grc.com/sn/SN-1028-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security outsystems.com/twit bigid.com/securitynow bitwarden.com/twit joindeleteme.com/twit promo code TWIT
Pwn2Own 2025, Berlin results. PayPal seeks a "newly registered domains" patent. An expert iOS jailbreak developer gives up. The rising abuse of SVG images, via JavaScript. Interesting feedback from our listeners. Four classic science fiction movies not to miss. How OpenAI's o3 model discovered a 0-day in the Linux kernel Show Notes - https://www.grc.com/sn/SN-1028-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security outsystems.com/twit bigid.com/securitynow bitwarden.com/twit joindeleteme.com/twit promo code TWIT
Pwn2Own 2025, Berlin results. PayPal seeks a "newly registered domains" patent. An expert iOS jailbreak developer gives up. The rising abuse of SVG images, via JavaScript. Interesting feedback from our listeners. Four classic science fiction movies not to miss. How OpenAI's o3 model discovered a 0-day in the Linux kernel Show Notes - https://www.grc.com/sn/SN-1028-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security outsystems.com/twit bigid.com/securitynow bitwarden.com/twit joindeleteme.com/twit promo code TWIT
Pwn2Own 2025, Berlin results. PayPal seeks a "newly registered domains" patent. An expert iOS jailbreak developer gives up. The rising abuse of SVG images, via JavaScript. Interesting feedback from our listeners. Four classic science fiction movies not to miss. How OpenAI's o3 model discovered a 0-day in the Linux kernel Show Notes - https://www.grc.com/sn/SN-1028-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security outsystems.com/twit bigid.com/securitynow bitwarden.com/twit joindeleteme.com/twit promo code TWIT
Software Engineering Radio - The Podcast for Professional Software Developers
In this episode, SE Radio host Sriram Panyam explores HTMX with its creator, Carson Gross, who is also creator of Hyperscript, the mind behind the Grug Brained Developer, a professor of software engineering at Montana State University, and co-author of Hypermedia Systems. HTMX is a modern JavaScript library that allows developers to access AJAX, WebSockets, CSS Transitions, and Server-Sent Events directly in HTML using attributes. It represents a return to hypermedia-driven application architecture while supporting modern user experiences. The episode starts with a look at the current complexity in web development and how HTMX offers an alternative approach. Carson explains the core philosophy of "HTML as the interface" and how hypermedia principles influenced HTMX's design. From there, they dive into HTMX's technical concepts, including its attribute system, server-side integration, event handling, and state management approach. Carson shares some real-world implementation strategies, including migration paths from JavaScript frameworks, architectural patterns, and performance considerations -- as well as a few scenarios in which HTMX might not be the best fit. Finally, they look at the growing HTMX ecosystem, community contributions, and future development roadmap. Throughout the episode, Carson provides concrete examples and case studies of HTMX in production environments. Brought to you by IEEE Computer Society and IEEE Software magazine.
Pwn2Own 2025, Berlin results. PayPal seeks a "newly registered domains" patent. An expert iOS jailbreak developer gives up. The rising abuse of SVG images, via JavaScript. Interesting feedback from our listeners. Four classic science fiction movies not to miss. How OpenAI's o3 model discovered a 0-day in the Linux kernel Show Notes - https://www.grc.com/sn/SN-1028-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security outsystems.com/twit bigid.com/securitynow bitwarden.com/twit joindeleteme.com/twit promo code TWIT
Pwn2Own 2025, Berlin results. PayPal seeks a "newly registered domains" patent. An expert iOS jailbreak developer gives up. The rising abuse of SVG images, via JavaScript. Interesting feedback from our listeners. Four classic science fiction movies not to miss. How OpenAI's o3 model discovered a 0-day in the Linux kernel Show Notes - https://www.grc.com/sn/SN-1028-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security outsystems.com/twit bigid.com/securitynow bitwarden.com/twit joindeleteme.com/twit promo code TWIT
Pwn2Own 2025, Berlin results. PayPal seeks a "newly registered domains" patent. An expert iOS jailbreak developer gives up. The rising abuse of SVG images, via JavaScript. Interesting feedback from our listeners. Four classic science fiction movies not to miss. How OpenAI's o3 model discovered a 0-day in the Linux kernel Show Notes - https://www.grc.com/sn/SN-1028-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security outsystems.com/twit bigid.com/securitynow bitwarden.com/twit joindeleteme.com/twit promo code TWIT
Pwn2Own 2025, Berlin results. PayPal seeks a "newly registered domains" patent. An expert iOS jailbreak developer gives up. The rising abuse of SVG images, via JavaScript. Interesting feedback from our listeners. Four classic science fiction movies not to miss. How OpenAI's o3 model discovered a 0-day in the Linux kernel Show Notes - https://www.grc.com/sn/SN-1028-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security outsystems.com/twit bigid.com/securitynow bitwarden.com/twit joindeleteme.com/twit promo code TWIT
Primeiro episódio do mês é dia de falar sobre carreira! Hoje, conversamos sobre a carreira da pessoa desenvolvedora Full Stack: escolha de carreira ou adaptação às demandas do mercado? Da importância das soft skills ao aprendizado contínuo, descubra as diferentes perspectivas e os "dependes" que cercam essa carreira. Vem ver quem participou desse papo: André David, o host que quer entender o cinza Vinny Neves, Líder de Front-End na Alura Patrícia Silva, Senior Fullstack Engineer Guilherme Lima, Tech Educator e Professor na Alura e na USP
In this episode, we dive deep into the evolving relationship between engineering and product with Pranab Krishnan, CTO of Zeal - a payroll and payments platform for staffing companies. We explore how the traditional boundaries between engineering, product management, and customer interaction are dissolving, especially in the age of AI. Pranab shares insights on building a product-centric engineering culture, the concept of "shifting left," and how AI tools are reshaping the skills engineers need to succeed.Key Takeaways
Document editors take center stage as Mikah and Rosemary show viewers the best apps for editing PDFs and plain text files on iOS devices. The hosts emphasize practical solutions for common document editing needs while showcasing both free built-in tools and premium third-party options for power users. Built-in PDF tool in Notes - Demonstrates how to attach PDFs to Notes documents, use Quick Look for basic annotation, highlighting, and form filling, plus collaborative editing features PDF Expert - Rosemary showcases advanced PDF editing capabilities including text editing, image replacement, adding clickable links to table of contents, redaction tools, and custom stamps Documents - Mikah highlights the comprehensive file management app with PDF tools, conversion options, page management, form filling, and multi-cloud storage integration Textastic - Rosemary gets technical with this specialized plain text editor supporting syntax highlighting for HTML, CSS, JavaScript, Python, and other programming languages, plus SSH terminal access and live preview features News WWDC 2025 announcement - Apple's Worldwide Developers Conference runs June 9-13, with keynote streaming available and exclusive Club TWiT live coverage planned for members Shortcuts Corner Follow-up from episode 751 - Dave from Ohio shares success creating an Apple TV remote shortcut button for his iPhone home screen using Rosemary's previous tutorial App Caps Wipr 2 - Simple, effective Safari content blocker that blocks ads and trackers without overwhelming features, created by solo developer Kaylee Calderolla Tatami - Addictive number puzzle game where players connect numbered blocks in lines and rectangles, free to play with $4.99 unlock option, also by developer Kaylee Calderolla Hosts: Mikah Sargent and Rosemary Orchard Contact iOS Today at iOSToday@twit.tv. Download or subscribe to iOS Today at https://twit.tv/shows/ios-today Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.
Document editors take center stage as Mikah and Rosemary show viewers the best apps for editing PDFs and plain text files on iOS devices. The hosts emphasize practical solutions for common document editing needs while showcasing both free built-in tools and premium third-party options for power users. Built-in PDF tool in Notes - Demonstrates how to attach PDFs to Notes documents, use Quick Look for basic annotation, highlighting, and form filling, plus collaborative editing features PDF Expert - Rosemary showcases advanced PDF editing capabilities including text editing, image replacement, adding clickable links to table of contents, redaction tools, and custom stamps Documents - Mikah highlights the comprehensive file management app with PDF tools, conversion options, page management, form filling, and multi-cloud storage integration Textastic - Rosemary gets technical with this specialized plain text editor supporting syntax highlighting for HTML, CSS, JavaScript, Python, and other programming languages, plus SSH terminal access and live preview features News WWDC 2025 announcement - Apple's Worldwide Developers Conference runs June 9-13, with keynote streaming available and exclusive Club TWiT live coverage planned for members Shortcuts Corner Follow-up from episode 751 - Dave from Ohio shares success creating an Apple TV remote shortcut button for his iPhone home screen using Rosemary's previous tutorial App Caps Wipr 2 - Simple, effective Safari content blocker that blocks ads and trackers without overwhelming features, created by solo developer Kaylee Calderolla Tatami - Addictive number puzzle game where players connect numbered blocks in lines and rectangles, free to play with $4.99 unlock option, also by developer Kaylee Calderolla Hosts: Mikah Sargent and Rosemary Orchard Contact iOS Today at iOSToday@twit.tv. Download or subscribe to iOS Today at https://twit.tv/shows/ios-today Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.
Document editors take center stage as Mikah and Rosemary show viewers the best apps for editing PDFs and plain text files on iOS devices. The hosts emphasize practical solutions for common document editing needs while showcasing both free built-in tools and premium third-party options for power users. Built-in PDF tool in Notes - Demonstrates how to attach PDFs to Notes documents, use Quick Look for basic annotation, highlighting, and form filling, plus collaborative editing features PDF Expert - Rosemary showcases advanced PDF editing capabilities including text editing, image replacement, adding clickable links to table of contents, redaction tools, and custom stamps Documents - Mikah highlights the comprehensive file management app with PDF tools, conversion options, page management, form filling, and multi-cloud storage integration Textastic - Rosemary gets technical with this specialized plain text editor supporting syntax highlighting for HTML, CSS, JavaScript, Python, and other programming languages, plus SSH terminal access and live preview features News WWDC 2025 announcement - Apple's Worldwide Developers Conference runs June 9-13, with keynote streaming available and exclusive Club TWiT live coverage planned for members Shortcuts Corner Follow-up from episode 751 - Dave from Ohio shares success creating an Apple TV remote shortcut button for his iPhone home screen using Rosemary's previous tutorial App Caps Wipr 2 - Simple, effective Safari content blocker that blocks ads and trackers without overwhelming features, created by solo developer Kaylee Calderolla Tatami - Addictive number puzzle game where players connect numbered blocks in lines and rectangles, free to play with $4.99 unlock option, also by developer Kaylee Calderolla Hosts: Mikah Sargent and Rosemary Orchard Contact iOS Today at iOSToday@twit.tv. Download or subscribe to iOS Today at https://twit.tv/shows/ios-today Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.
Document editors take center stage as Mikah and Rosemary show viewers the best apps for editing PDFs and plain text files on iOS devices. The hosts emphasize practical solutions for common document editing needs while showcasing both free built-in tools and premium third-party options for power users. Built-in PDF tool in Notes - Demonstrates how to attach PDFs to Notes documents, use Quick Look for basic annotation, highlighting, and form filling, plus collaborative editing features PDF Expert - Rosemary showcases advanced PDF editing capabilities including text editing, image replacement, adding clickable links to table of contents, redaction tools, and custom stamps Documents - Mikah highlights the comprehensive file management app with PDF tools, conversion options, page management, form filling, and multi-cloud storage integration Textastic - Rosemary gets technical with this specialized plain text editor supporting syntax highlighting for HTML, CSS, JavaScript, Python, and other programming languages, plus SSH terminal access and live preview features News WWDC 2025 announcement - Apple's Worldwide Developers Conference runs June 9-13, with keynote streaming available and exclusive Club TWiT live coverage planned for members Shortcuts Corner Follow-up from episode 751 - Dave from Ohio shares success creating an Apple TV remote shortcut button for his iPhone home screen using Rosemary's previous tutorial App Caps Wipr 2 - Simple, effective Safari content blocker that blocks ads and trackers without overwhelming features, created by solo developer Kaylee Calderolla Tatami - Addictive number puzzle game where players connect numbered blocks in lines and rectangles, free to play with $4.99 unlock option, also by developer Kaylee Calderolla Hosts: Mikah Sargent and Rosemary Orchard Contact iOS Today at iOSToday@twit.tv. Download or subscribe to iOS Today at https://twit.tv/shows/ios-today Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.
In this repeat episode, Chris Coyier, co-founder of CodePen, talks about the evolving landscape of HTML heading into 2025. He delves into topics like the slow evolution of HTML compared to CSS and JavaScript, the importance of backwards compatibility, new HTML elements and pseudo-elements, and the potential of declarative shadow DOM for server-side rendering in web components. Links Website: https://chriscoyier.net Codepen: https://codepen.io/chriscoyier Frontend Social: https://front-end.social/@chriscoyier Github: https://github.com/chriscoyier Threads: https://www.threads.net/@chriscoyier Bluesky: https://bsky.app/profile/chriscoyier.net We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Let us know by sending an email to our producer, Em, at emily.kochanek@logrocket.com (mailto:emily.kochanek@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free at LogRocket.com. Try LogRocket for free today. (https://logrocket.com/signup/?pdr) Special Guest: Chris Coyier.
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Resilient Secure Backup Connectivity for SMB/Home Users Establishing resilient access to a home network via a second ISP may lead to unintended backdoors. Secure the access and make sure you have the visibility needed to detect abuse. https://isc.sans.edu/diary/Resilient%20Secure%20Backup%20Connectivity%20for%20SMB%20Home%20Users/31972 BadSuccessor: Abusing dMSA to Escalate Privileges in Active Directory An attacker with the ability to create service accounts may be able to manipulate these accounts to mark them as migrated accounts, inheriting all privileges the original account had access to. https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory Flaw in samlify That Opens Door to SAML Single Sign-On Bypass CVE-2025-47949 The samlify Node.js library does not verify SAML assertions correctly. It will consider the entire assertion valid, not just the original one. An attacker may use this to obtain additional privileges or authenticate as a different user https://www.endorlabs.com/learn/cve-2025-47949-reveals-flaw-in-samlify-that-opens-door-to-saml-single-sign-on-bypass
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Researchers Scanning the Internet A newish RFC, RFC 9511, suggests researchers identify themselves by adding strings to the traffic they send, or by operating web servers on machines from which the scan originates. We do offer lists of researchers and just added three new groups today https://isc.sans.edu/diary/Researchers%20Scanning%20the%20Internet/31964 Cloudy with a change of Hijacking: Forgotten DNS Records Organizations do not always remove unused CNAME records. An attacker may take advantage of this if an attacker is able to take possession of the now unused public cloud resource the name pointed to. https://blogs.infoblox.com/threat-intelligence/cloudy-with-a-chance-of-hijacking-forgotten-dns-records-enable-scam-actor/ Message signature verification can be spoofed CVE-2025-47934 A vulnerability in openpgp.js may be used to spoof message signatures. openpgp.js is a popular library in systems implementing end-to-end encrypted browser applications. https://github.com/openpgpjs/openpgpjs/security/advisories/GHSA-8qff-qr5q-5pr8
The UK's Ministry of Justice suffers a major breach. Mozilla patches two critical JavaScript engine flaws in Firefox. Over 200,000 patients of a Georgia-based health clinic see their sensitive data exposed. Researchers track increased malicious targeting of iOS devices. A popular printer brand serves up malware. PupkinStealer targets Windows systems. An Alabama man gets 14 months in prison for a sim-swap attack on the SEC. Our guest is Ian Tien, CEO at Mattermost, sharing insights on enhancing cybersecurity through effective collaboration. Ethical Hackers win the day at Pwn2Own Berlin. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices segment, we are joined by Ian Tien, CEO at Mattermost at RSAC 2025, who is sharing insights on enhancing cybersecurity through effective collaboration. Check out Ian's blog on “What's Next for Cybersecurity Teams? AI, Automation & Real-Time Workflows.” Listen to Ian's interview here. Selected Reading Hackers steal 'significant amount of personal data' from Ministry of Justice in brazen cyber-attack (Daily Mail Online) M&S and Co-Op: BBC reporter on talking to the hackers (BBC) 210K American clinics‘ patients had their financial data leaked (Cybernews) 480,000 Catholic Health Patients Impacted by Serviceaide Data Leak (SecurityWeek) Over 40,000 iOS Apps Found Exploiting Private Entitlements, Zimperium (Hackread) This printer company served you malware for months and dismissed it as false positives (Neowin) Hack of SEC social media account earns 14-month prison sentence for Alabama man (The Record) Hackers Earn Over $1 Million at Pwn2Own Berlin 2025 (SecurityWeek) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Show DescriptionFresh off his Megaman Streamathon, Mat Marquis joins us to talk about becoming a professional Twitch streamer, creating a JavaScript course, his thoughts on the design and content of said course, a brief moment on Linux in 2025, and attempts to make the web weird and fun again. Listen on Website →GuestsMat MarquisGuest's Main URL • Guest's SocialMy goal is to ensure that your content can reach any user, in any browsing context—regardless of the size of their screen, the speed of their internet connection, the age of their device, or the combination of browsers and assistive technologies they use to experience the web. Links I'm Mat. I make websites. Wilto (Mat Marquis) · GitHub Mat “Wilto” Marquis (@Wilto@front-end.social) - Front-End Social Mat “Wilto” Marquis (@wil.to) — Bluesky WiltoStreams - Live Streaming JavaScript for Web Designers Learn JavaScript CodeMirror Text Editor JavaScript Playground JavaScript for Everyone Premium Courses Paul Irish Profile Robin Sloan Framework Laptop 16 DIY Johnny Mnemonic Johnny Mnemonic Trailer #1 Sponsors