Podcasts about Unicode

Send us a textThis is the first episode in a 3-part guest lecture series in GCM 230 Typography, speaking with design typography pros from across North America! This episode features type designer and educator at Emily Carr University of Art + Design in Vancouver, Leo Vicenti. In this conversation, you'll hear how Leo believes typography can support Indigenous language and culture, the ways in which typography isn't always necessary, Indigenization of digital spaces, and why fixed systems don't necessarily work (Unicode, for example). This episode was recorded as part of a guest lecture series in GCM 230 - Typography in fall 2025 at The Creative School at Toronto Metropolitan University. I'm all about interesting projects with interesting people! Let's Connect on the web or via Instagram. :)

De retour à cinq dans l'épisode, les cast codeurs démarrent cette année avec un gros épisode pleins de news et d'articles de fond. IA bien sûr, son impact sur les pratiques, Mockito qui tourne un page, du CSS (et oui), sur le (non) mapping d'APIs REST en MCP et d'une palanquée d'outils pour vous. Enregistré le 9 janvier 2026 Téléchargement de l'épisode LesCastCodeurs-Episode-335.mp3 ou en vidéo sur YouTube. News Langages 2026 sera-t'elle l'année de Java dans le terminal ? (j'ai ouïe dire que ça se pourrait bien…) https://xam.dk/blog/lets-make-2026-the-year-of-java-in-the-terminal/ 2026: Année de Java dans le terminal, pour rattraper son retard sur Python, Rust, Go et Node.js. Java est sous-estimé pour les applications CLI et les TUIs (interfaces utilisateur terminales) malgré ses capacités. Les anciennes excuses (démarrage lent, outillage lourd, verbosité, distribution complexe) sont obsolètes grâce aux avancées récentes : GraalVM Native Image pour un démarrage en millisecondes. JBang pour l'exécution simplifiée de scripts Java (fichiers uniques, dépendances) et de JARs. JReleaser pour l'automatisation de la distribution multi-plateforme (Homebrew, SDKMAN, Docker, images natives). Project Loom pour la concurrence facile avec les threads virtuels. PicoCLI pour la gestion des arguments. Le potentiel va au-delà des scripts : création de TUIs complètes et esthétiques (ex: dashboards, gestionnaires de fichiers, assistants IA). Excuses caduques : démarrage rapide (GraalVM), légèreté (JBang), distribution simple (JReleaser), concurrence (Loom). Potentiel : créer des applications TUI riches et esthétiques. Sortie de Ruby 4.0.0 https://www.ruby-lang.org/en/news/2025/12/25/ruby-4-0-0-released/ Ruby Box (expérimental) : Une nouvelle fonctionnalité permettant d'isoler les définitions (classes, modules, monkey patches) dans des boîtes séparées pour éviter les conflits globaux. ZJIT : Un nouveau compilateur JIT de nouvelle génération développé en Rust, visant à surpasser YJIT à terme (actuellement en phase expérimentale). Améliorations de Ractor : Introduction de Ractor::Port pour une meilleure communication entre Ractors et optimisation des structures internes pour réduire les contentions de verrou global. Changements syntaxiques : Les opérateurs logiques (||, &&, and, or) en début de ligne permettent désormais de continuer la ligne précédente, facilitant le style "fluent". Classes Core : Set et Pathname deviennent des classes intégrées (Core) au lieu d'être dans la bibliothèque standard. Diagnostics améliorés : Les erreurs d'arguments (ArgumentError) affichent désormais des extraits de code pour l'appelant ET la définition de la méthode. Performances : Optimisation de Class#new, accès plus rapide aux variables d'instance et améliorations significatives du ramasse-miettes (GC). Nettoyage : Suppression de comportements obsolètes (comme la création de processus via IO.open avec |) et mise à jour vers Unicode 17.0. Librairies Introduction pour créer une appli multi-tenant avec Quarkus et http://nip.io|nip.io https://www.the-main-thread.com/p/quarkus-multi-tenant-api-nipio-tutorial Construction d'une API REST multi-tenant en Quarkus avec isolation par sous-domaine Utilisation de http://nip.io|nip.io pour la résolution DNS automatique sans configuration locale Extraction du tenant depuis l'en-tête HTTP Host via un filtre JAX-RS Contexte tenant géré avec CDI en scope Request pour l'isolation des données Service applicatif gérant des données spécifiques par tenant avec Map concurrent Interface web HTML/JS pour visualiser et ajouter des données par tenant Configuration CORS nécessaire pour le développement local Pattern acme.127-0-0-1.nip.io résolu automatiquement vers localhost Code complet disponible sur GitHub avec exemples curl et tests navigateur Base idéale pour prototypage SaaS, tests multi-tenants Hibernate 7.2 avec quelques améliorations intéressantes https://docs.hibernate.org/orm/7.2/whats-new/%7Bhtml-meta-canonical-link%7D read only replica (experimental), crée deux session factories et swap au niveau jdbc si le driver le supporte et custom sinon. On ouvre une session en read only child statelesssession (partage le contexte transactionnel) hibernate vector module ajouter binary, float16 and sparse vectors Le SchemaManager peut resynchroniser les séquences par rapport aux données des tables Regexp dans HQL avec like Nouvelle version de Hibernate with Panache pour Quarkus https://quarkus.io/blog/hibernate-panache-next/ Nouvelle extension expérimentale qui unifie Hibernate ORM with Panache et Hibernate Reactive with Panache Les entités peuvent désormais fonctionner en mode bloquant ou réactif sans changer de type de base Support des sessions sans état (StatelessSession) en plus des entités gérées traditionnelles Intégration de Jakarta Data pour des requêtes type-safe vérifiées à la compilation Les opérations sont définies dans des repositories imbriqués plutôt que des méthodes statiques Possibilité de définir plusieurs repositories pour différents modes d'opération sur une même entité Accès aux différents modes (bloquant/réactif, géré/sans état) via des méthodes de supertype Support des annotations @Find et @HQL pour générer des requêtes type-safe Accès au repository via injection ou via le métamodèle généré Extension disponible dans la branche main, feedback demandé sur Zulip ou GitHub Spring Shell 4.0.0 GA publié - https://spring.io/blog/2025/12/30/spring-shell-4-0-0-ga-released Sortie de la version finale de Spring Shell 4.0.0 disponible sur Maven Central Compatible avec les dernières versions de Spring Framework et Spring Boot Modèle de commandes revu pour simplifier la création d'applications CLI interactives Intégration de jSpecify pour améliorer la sécurité contre les NullPointerException Architecture plus modulaire permettant meilleure personnalisation et extension Documentation et exemples entièrement mis à jour pour faciliter la prise en main Guide de migration vers la v4 disponible sur le wiki du projet Corrections de bugs pour améliorer la stabilité et la fiabilité Permet de créer des applications Java autonomes exécutables avec java -jar ou GraalVM native Approche opinionnée du développement CLI tout en restant flexible pour les besoins spécifiques Une nouvelle version de la librairie qui implémenter des gatherers supplémentaires à ceux du JDK https://github.com/tginsberg/gatherers4j/releases/tag/v0.13.0 gatherers4j v0.13.0. Nouveaux gatherers : uniquelyOccurringBy(), moving/runningMedian(), moving/runningMax/Min(). Changement : les gatherers "moving" incluent désormais par défaut les valeurs partielles (utiliser excludePartialValues() pour désactiver). LangChain4j 1.10.0 https://github.com/langchain4j/langchain4j/releases/tag/1.10.0 Introduction d'un catalogue de modèles pour Anthropic, Gemini, OpenAI et Mistral. Ajout de capacités d'observabilité et de monitoring pour les agents. Support des sorties structurées, des outils avancés et de l'analyse de PDF via URL pour Anthropic. Support des services de transcription pour OpenAI. Possibilité de passer des paramètres de configuration de chat en argument des méthodes. Nouveau garde-fou de modération pour les messages entrants. Support du contenu de raisonnement pour les modèles. Introduction de la recherche hybride. Améliorations du client MCP. Départ du lead de mockito après 10 ans https://github.com/mockito/mockito/issues/3777 Tim van der Lippe, mainteneur majeur de Mockito, annonce son départ pour mars 2026, marquant une décennie de contribution au projet. L'une des raisons principales est l'épuisement lié aux changements récents dans la JVM (JVM 22+) concernant les agents, imposant des contraintes techniques lourdes sans alternative simple proposée par les mainteneurs du JDK. Il pointe du doigt le manque de soutien et la pression exercée sur les bénévoles de l'open source lors de ces transitions technologiques majeures. La complexité croissante pour supporter Kotlin, qui utilise la JVM de manière spécifique, rend la base de code de Mockito plus difficile à maintenir et moins agréable à faire évoluer selon lui. Il exprime une perte de plaisir et préfère désormais consacrer son temps libre à d'autres projets comme Servo, un moteur web écrit en Rust. Une période de transition est prévue jusqu'en mars pour assurer la passation de la maintenance à de nouveaux contributeurs. Infrastructure Le premier intérêt de Kubernetes n'est pas le scaling - https://mcorbin.fr/posts/2025-12-29-kubernetes-scale/ Avant Kubernetes, gérer des applications en production nécessitait de multiples outils complexes (Ansible, Puppet, Chef) avec beaucoup de configuration manuelle Le load balancing se faisait avec HAProxy et Keepalived en actif/passif, nécessitant des mises à jour manuelles de configuration à chaque changement d'instance Le service discovery et les rollouts étaient orchestrés manuellement, instance par instance, sans automatisation de la réconciliation Chaque stack (Java, Python, Ruby) avait sa propre méthode de déploiement, sans standardisation (rpm, deb, tar.gz, jar) La gestion des ressources était manuelle avec souvent une application par machine, créant du gaspillage et complexifiant la maintenance Kubernetes standardise tout en quelques ressources YAML (Deployment, Service, Ingress, ConfigMap, Secret) avec un format déclaratif simple Toutes les fonctionnalités critiques sont intégrées : service discovery, load balancing, scaling, stockage, firewalling, logging, tolérance aux pannes La complexité des centaines de scripts shell et playbooks Ansible maintenus avant était supérieure à celle de Kubernetes Kubernetes devient pertinent dès qu'on commence à reconstruire manuellement ces fonctionnalités, ce qui arrive très rapidement La technologie est flexible et peut gérer aussi bien des applications modernes que des monolithes legacy avec des contraintes spécifiques Mole https://github.com/tw93/Mole Un outil en ligne de commande (CLI) tout-en-un pour nettoyer et optimiser macOS. Combine les fonctionnalités de logiciels populaires comme CleanMyMac, AppCleaner, DaisyDisk et iStat Menus. Analyse et supprime en profondeur les caches, les fichiers logs et les résidus de navigateurs. Désinstallateur intelligent qui retire proprement les applications et leurs fichiers cachés (Launch Agents, préférences). Analyseur d'espace disque interactif pour visualiser l'occupation des fichiers et gérer les documents volumineux. Tableau de bord temps réel (mo status) pour surveiller le CPU, le GPU, la mémoire et le réseau. Fonction de purge spécifique pour les développeurs permettant de supprimer les artefacts de build (node_modules, target, etc.). Intégration possible avec Raycast ou Alfred pour un lancement rapide des commandes. Installation simple via Homebrew ou un script curl. Des images Docker sécurisées pour chaque développeur https://www.docker.com/blog/docker-hardened-images-for-every-developer/ Docker rend ses "Hardened Images" (DHI) gratuites et open source (licence Apache 2.0) pour tous les développeurs. Ces images sont conçues pour être minimales, prêtes pour la production et sécurisées dès le départ afin de lutter contre l'explosion des attaques sur la chaîne logistique logicielle. Elles s'appuient sur des bases familières comme Alpine et Debian, garantissant une compatibilité élevée et une migration facile. Chaque image inclut un SBOM (Software Bill of Materials) complet et vérifiable, ainsi qu'une provenance SLSA de niveau 3 pour une transparence totale. L'utilisation de ces images permet de réduire considérablement le nombre de vulnérabilités (CVE) et la taille des images (jusqu'à 95 % plus petites). Docker étend cette approche sécurisée aux graphiques Helm et aux serveurs MCP (Mongo, Grafana, GitHub, etc.). Des offres commerciales (DHI Enterprise) restent disponibles pour des besoins spécifiques : correctifs critiques sous 7 jours, support FIPS/FedRAMP ou support à cycle de vie étendu (ELS). Un assistant IA expérimental de Docker peut analyser les conteneurs existants pour recommander l'adoption des versions sécurisées correspondantes. L'initiative est soutenue par des partenaires majeurs tels que Google, MongoDB, Snyk et la CNCF. Web La maçonnerie ("masonry") arrive dans la spécification des CSS et commence à être implémentée par les navigateurs https://webkit.org/blog/17660/introducing-css-grid-lanes/ Permet de mettre en colonne des éléments HTML les uns à la suite des autres. D'abord sur la première ligne, et quand la première ligne est remplie, le prochain élément se trouvera dans la colonne où il pourra être le plus haut possible, et ainsi de suite. après la plomberie du middleware, la maçonnerie du front :laughing: Data et Intelligence Artificielle On ne devrait pas faire un mapping 1:1 entre API REST et MCP https://nordicapis.com/why-mcp-shouldnt-wrap-an-api-one-to-one/ Problématique : Envelopper une API telle quelle dans le protocole MCP (Model Context Protocol) est un anti-pattern. Objectif du MCP : Conçu pour les agents d'IA, il doit servir d'interface d'intention, non de miroir d'API. Les agents comprennent les tâches, pas la logique complexe des API (authentification, pagination, orchestration). Conséquences du mappage un-à-un : Confusion des agents, erreurs, hallucinations. Difficulté à gérer les orchestrations complexes (plusieurs appels pour une seule action). Exposition des faiblesses de l'API (schéma lourd, endpoints obsolètes). Maintenance accrue lors des changements d'API. Meilleure approche : Construire des outils MCP comme des SDK pour agents, encapsulant la logique nécessaire pour accomplir une tâche spécifique. Pratiques recommandées : Concevoir autour des intentions/actions utilisateur (ex. : "créer un projet", "résumer un document"). Regrouper les appels en workflows ou actions uniques. Utiliser un langage naturel pour les définitions et les noms. Limiter la surface d'exposition de l'API pour la sécurité et la clarté. Appliquer des schémas d'entrée/sortie stricts pour guider l'agent et réduire l'ambiguïté. Des agents en production avec AWS - https://blog.ippon.fr/2025/12/22/des-agents-en-production-avec-aws/ AWS re:Invent 2025 a massivement mis en avant l'IA générative et les agents IA Un agent IA combine un LLM, une boucle d'appel et des outils invocables Strands Agents SDK facilite le prototypage avec boucles ReAct intégrées et gestion de la mémoire Managed MLflow permet de tracer les expérimentations et définir des métriques de performance Nova Forge optimise les modèles par réentraînement sur données spécifiques pour réduire coûts et latence Bedrock Agent Core industrialise le déploiement avec runtime serverless et auto-scaling Agent Core propose neuf piliers dont observabilité, authentification, code interpreter et browser managé Le protocole MCP d'Anthropic standardise la fourniture d'outils aux agents SageMaker AI et Bedrock centralisent l'accès aux modèles closed source et open source via API unique AWS mise sur l'évolution des chatbots vers des systèmes agentiques optimisés avec modèles plus frugaux Debezium 3.4 amène plusieurs améliorations intéressantes https://debezium.io/blog/2025/12/16/debezium-3-4-final-released/ Correction du problème de calcul du low watermark Oracle qui causait des pertes de performance Correction de l'émission des événements heartbeat dans le connecteur Oracle avec les requêtes CTE Amélioration des logs pour comprendre les transactions actives dans le connecteur Oracle Memory guards pour protéger contre les schémas de base de données de grande taille Support de la transformation des coordonnées géométriques pour une meilleure gestion des données spatiales Extension Quarkus DevServices permettant de démarrer automatiquement une base de données et Debezium en dev Intégration OpenLineage pour tracer la lignée des données et suivre leur flux à travers les pipelines Compatibilité testée avec Kafka Connect 4.1 et Kafka brokers 4.1 Infinispan 16.0.4 et .5 https://infinispan.org/blog/2025/12/17/infinispan-16-0-4 Spring Boot 4 et Spring 7 supportés Evolution dans les metriques Deux bugs de serialisation Construire un agent de recherche en Java avec l'API Interactions https://glaforge.dev/posts/2026/01/03/building-a-research-assistant-with-the-interactions-api-in-java/ Assistant de recherche IA Java (API Interactions Gemini), test du SDK implémenté par Guillaume. Workflow en 4 phases : Planification : Gemini Flash + Google Search. Recherche : Modèle "Deep Research" (tâche de fond). Synthèse : Gemini Pro (rapport exécutif). Infographie : Nano Banana Pro (à partir de la synthèse). API Interactions : gestion d'état serveur, tâches en arrière-plan, réponses multimodales (images). Appréciation : gestion d'état de l'API (vs LLM sans état). Validation : efficacité du SDK Java pour cas complexes. Stephan Janssen (le papa de Devoxx) a créé un serveur MCP (Model Context Protocol) basé sur LSP (Language Server Protocol) pour que les assistants de code analysent le code en le comprenant vraiment plutôt qu'en faisant des grep https://github.com/stephanj/LSP4J-MCP Le problème identifié : Les assistants IA utilisent souvent la recherche textuelle (type grep) pour naviguer dans le code, ce qui manque de contexte sémantique, génère du bruit (faux positifs) et consomme énormément de tokens inutilement. La solution LSP4J-MCP : Une approche "standalone" (autonome) qui encapsule le serveur de langage Eclipse (JDTLS) via le protocole MCP (Model Context Protocol). Avantage principal : Offre une compréhension sémantique profonde du code Java (types, hiérarchies, références) sans nécessiter l'ouverture d'un IDE lourd comme IntelliJ. Comparaison des méthodes : AST : Trop léger (pas de compréhension inter-fichiers). IntelliJ MCP : Puissant mais exige que l'IDE soit ouvert (gourmand en ressources). LSP4J-MCP : Le meilleur des deux mondes pour les workflows en terminal, à distance (SSH) ou CI/CD. Fonctionnalités clés : Expose 5 outils pour l'IA (find_symbols, find_references, find_definition, document_symbols, find_interfaces_with_method). Résultats : Une réduction de 100x des tokens utilisés pour la navigation et une précision accrue (distinction des surcharges, des scopes, etc.). Disponibilité : Le projet est open source et disponible sur GitHub pour intégration immédiate (ex: avec Claude Code, Gemini CLI, etc). A noter l'ajout dans claude code 2.0.74 d'un tool pour supporter LSP ( https://github.com/anthropics/claude-code/blob/main/CHANGELOG.md#2074 ) Awesome (GitHub) Copilot https://github.com/github/awesome-copilot Une collection communautaire d'instructions, de prompts et de configurations pour optimiser l'utilisation de GitHub Copilot. Propose des "Agents" spécialisés qui s'intègrent aux serveurs MCP pour améliorer les flux de travail spécifiques. Inclut des prompts ciblés pour la génération de code, la documentation et la résolution de problèmes complexes. Fournit des instructions détaillées sur les standards de codage et les meilleures pratiques applicables à divers frameworks. Propose des "Skills" (compétences) sous forme de dossiers contenant des ressources pour des tâches techniques spécialisées. (les skills sont dispo dans copilot depuis un mois : https://github.blog/changelog/2025-12-18-github-copilot-now-supports-agent-skills/ ) Permet une installation facile via un serveur MCP dédié, compatible avec VS Code et Visual Studio. Encourage la contribution communautaire pour enrichir les bibliothèques de prompts et d'agents. Aide à augmenter la productivité en offrant des solutions pré-configurées pour de nombreux langages et domaines. Garanti par une licence MIT et maintenu activement par des contributeurs du monde entier. IA et productivité : bilan de l'année 2025 (Laura Tacho - DX)) https://newsletter.getdx.com/p/ai-and-productivity-year-in-review?aid=recNfypKAanQrKszT En 2025, l'ingénierie assistée par l'IA est devenue la norme : environ 90 % des développeurs utilisent des outils d'IA mensuellement, et plus de 40 % quotidiennement. Les chercheurs (Microsoft, Google, GitHub) soulignent que le nombre de lignes de code (LOC) reste un mauvais indicateur d'impact, car l'IA génère beaucoup de code sans forcément garantir une valeur métier supérieure. Si l'IA améliore l'efficacité individuelle, elle pourrait nuire à la collaboration à long terme, car les développeurs passent plus de temps à "parler" à l'IA qu'à leurs collègues. L'identité du développeur évolue : il passe de "producteur de code" à un rôle de "metteur en scène" qui délègue, valide et exerce son jugement stratégique. L'IA pourrait accélérer la montée en compétences des développeurs juniors en les forçant à gérer des projets et à déléguer plus tôt, agissant comme un "accélérateur" plutôt que de les rendre obsolètes. L'accent est mis sur la créativité plutôt que sur la simple automatisation, afin de réimaginer la manière de travailler et d'obtenir des résultats plus impactants. Le succès en 2026 dépendra de la capacité des entreprises à cibler les goulots d'étranglement réels (dette technique, documentation, conformité) plutôt que de tester simplement chaque nouveau modèle d'IA. La newsletter avertit que les titres de presse simplifient souvent à l'excès les recherches sur l'IA, masquant parfois les nuances cruciales des études réelles. Un développeur décrit dans un article sur Twitter son utilisation avancée de Claude Code pour le développement, avec des sous-agents, des slash-commands, comment optimiser le contexte, etc. https://x.com/AureaLibe/status/2008958120878330329?s=20 Outillage IntelliJ IDEA, thread dumps et project Loom (virtual threads) - https://blog.jetbrains.com/idea/2025/12/thread-dumps-and-project-loom-virtual-threads/ Les virtual threads Java améliorent l'utilisation du matériel pour les opérations I/O parallèles avec peu de changements de code Un serveur peut maintenant gérer des millions de threads au lieu de quelques centaines Les outils existants peinent à afficher et analyser des millions de threads simultanément Le débogage asynchrone est complexe car le scheduler et le worker s'exécutent dans des threads différents Les thread dumps restent essentiels pour diagnostiquer deadlocks, UI bloquées et fuites de threads Netflix a découvert un deadlock lié aux virtual threads en analysant un heap dump, bug corrigé dans Java 25. Mais c'était de la haute voltige IntelliJ IDEA supporte nativement les virtual threads dès leur sortie avec affichage des locks acquis IntelliJ IDEA peut ouvrir des thread dumps générés par d'autres outils comme jcmd Le support s'étend aussi aux coroutines Kotlin en plus des virtual threads Quelques infos sur IntelliJ IDEA 2025.3 https://blog.jetbrains.com/idea/2025/12/intellij-idea-2025-3/ Distribution unifiée regroupant davantage de fonctionnalités gratuites Amélioration de la complétion des commandes dans l'IDE Nouvelles fonctionnalités pour le débogueur Spring Thème Islands devient le thème par défaut Support complet de Spring Boot 4 et Spring Framework 7 Compatibilité avec Java 25 Prise en charge de Spring Data JDBC et Vitest 4 Support natif de Junie et Claude Agent pour l'IA Quota d'IA transparent et option Bring Your Own Key à venir Corrections de stabilité, performance et expérience utilisateur Plein de petits outils en ligne pour le développeur https://blgardner.github.io/prism.tools/ génération de mot de passe, de gradient CSS, de QR code encodage décodage de Base64, JWT formattage de JSON, etc. resumectl - Votre CV en tant que code https://juhnny5.github.io/resumectl/ Un outil en ligne de commande (CLI) écrit en Go pour générer un CV à partir d'un fichier YAML. Permet l'exportation vers plusieurs formats : PDF, HTML, ou un affichage direct dans le terminal. Propose 5 thèmes intégrés (Modern, Classic, Minimal, Elegant, Tech) personnalisables avec des couleurs spécifiques. Fonctionnalité d'initialisation (resumectl init) permettant d'importer automatiquement des données depuis LinkedIn et GitHub (projets les plus étoilés). Supporte l'ajout de photos avec des options de filtre noir et blanc ou de forme (rond/carré). Inclut un mode "serveur" (resumectl serve) pour prévisualiser les modifications en temps réel via un navigateur local. Fonctionne comme un binaire unique sans dépendances externes complexes pour les modèles. mactop - Un moniteur "top" pour Apple Silicon https://github.com/metaspartan/mactop Un outil de surveillance en ligne de commande (TUI) conçu spécifiquement pour les puces Apple Silicon (M1, M2, M3, M4, M5). Permet de suivre en temps réel l'utilisation du CPU (E-cores et P-cores), du GPU et de l'ANE (Neural Engine). Affiche la consommation électrique (wattage) du système, du CPU, du GPU et de la DRAM. Fournit des données sur les températures du SoC, les fréquences du GPU et l'état thermique global. Surveille l'utilisation de la mémoire vive, de la swap, ainsi que l'activité réseau et disque (E/S). Propose 10 mises en page (layouts) différentes et plusieurs thèmes de couleurs personnalisables. Ne nécessite pas l'utilisation de sudo car il s'appuie sur les API natives d'Apple (SMC, IOReport, IOKit). Inclut une liste de processus détaillée (similaire à htop) avec la possibilité de tuer des processus directement depuis l'interface. Offre un mode "headless" pour exporter les métriques au format JSON et un serveur optionnel pour Prometheus. Développé en Go avec des composants en CGO et Objective-C. Adieu direnv, Bonjour misehttps://codeka.io/2025/12/19/adieu-direnv-bonjour-mise/ L'auteur remplace ses outils habituels (direnv, asdf, task, just) par un seul outil polyvalent écrit en Rust : mise. mise propose trois fonctions principales : gestionnaire de paquets (langages et outils), gestionnaire de variables d'environnement et exécuteur de tâches. Contrairement à direnv, il permet de gérer des alias et utilise un fichier de configuration structuré (mise.toml) plutôt que du scripting shell. La configuration est hiérarchique, permettant de surcharger les paramètres selon les répertoires, avec un système de "trust" pour la sécurité. Une "killer-feature" soulignée est la gestion des secrets : mise s'intègre avec age pour chiffrer des secrets (via clés SSH) directement dans le fichier de configuration. L'outil supporte une vaste liste de langages et d'outils via un registre interne et des plugins (compatibilité avec l'écosystème asdf). Il simplifie le workflow de développement en regroupant l'installation des outils et l'automatisation des tâches au sein d'un même fichier. L'auteur conclut sur la puissance, la flexibilité et les excellentes performances de l'outil après quelques heures de test. Claude Code v2.1.0 https://github.com/anthropics/claude-code/blob/main/CHANGELOG.md#210 Rechargement à chaud des "skills" : Les modifications apportées aux compétences dans ~/.claude/skills sont désormais appliquées instantanément sans redémarrer la session. Sous-agents et forks : Support de l'exécution de compétences et de commandes slash dans un contexte de sous-agent forké via context: fork. Réglages linguistiques : Ajout d'un paramètre language pour configurer la langue de réponse par défaut (ex: language: "french"). Améliorations du terminal : Shift+Enter fonctionne désormais nativement dans plusieurs terminaux (iTerm2, WezTerm, Ghostty, Kitty) sans configuration manuelle. Sécurité et correction de bugs : Correction d'une faille où des données sensibles (clés API, tokens OAuth) pouvaient apparaître dans les logs de débogage. Nouvelles commandes slash : Ajout de /teleport et /remote-env pour les abonnés claude.ai afin de gérer des sessions distantes. Mode Plan : Le raccourci /plan permet d'activer le mode plan directement depuis le prompt, et la demande de permission à l'entrée de ce mode a été supprimée. Vim et navigation : Ajout de nombreux mouvements Vim (text objects, répétitions de mouvements f/F/t/T, indentations, etc.). Performance : Optimisation du temps de démarrage et du rendu terminal pour les caractères Unicode/Emoji. Gestion du gitignore : Support du réglage respectGitignore dans settings.json pour contrôler le comportement du sélecteur de fichiers @-mention. Méthodologies 200 déploiements en production par jour, même le vendredi : retours d'expérience https://mcorbin.fr/posts/2025-03-21-deploy-200/ Le déploiement fréquent, y compris le vendredi, est un indicateur de maturité technique et augmente la productivité globale. L'excellence technique est un atout stratégique indispensable pour livrer rapidement des produits de qualité. Une architecture pragmatique orientée services (SOA) facilite les déploiements indépendants et réduit la charge cognitive. L'isolation des services est cruciale : un développeur doit pouvoir tester son service localement sans dépendre de toute l'infrastructure. L'automatisation via Kubernetes et l'approche GitOps avec ArgoCD permettent des déploiements continus et sécurisés. Les feature flags et un système de permissions solide permettent de découpler le déploiement technique de l'activation fonctionnelle pour les utilisateurs. L'autonomie des développeurs est renforcée par des outils en self-service (CLI maison) pour gérer l'infrastructure et diagnostiquer les incidents sans goulot d'étranglement. Une culture d'observabilité intégrée dès la conception permet de détecter et de réagir rapidement aux anomalies en production. Accepter l'échec comme inévitable permet de concevoir des systèmes plus résilients capables de se rétablir automatiquement. "Vibe Coding" vs "Prompt Engineering" : l'IA et le futur du développement logiciel https://www.romenrg.com/blog/2025/12/25/vibe-coding-vs-prompt-engineering-ai-and-the-future-of-software-development/ L'IA est passée du statut d'expérimentation à celui d'infrastructure essentielle pour le développement de logiciels en 2025. L'IA ne remplace pas les ingénieurs, mais agit comme un amplificateur de leurs compétences, de leur jugement et de la qualité de leur réflexion. Distinction entre le "Vibe Coding" (rapide, intuitif, idéal pour les prototypes) et le "Prompt Engineering" (délibéré, contraint, nécessaire pour les systèmes maintenables). L'importance cruciale du contexte ("Context Engineering") : l'IA devient réellement puissante lorsqu'elle est connectée aux systèmes réels (GitHub, Jira, etc.) via des protocoles comme le MCP. Utilisation d'agents spécialisés (écriture de RFC, revue de code, architecture) plutôt que de modèles génériques pour obtenir de meilleurs résultats. Émergence de l'ingénieur "Technical Product Manager" capable d'abattre seul le travail d'une petite équipe grâce à l'IA, à condition de maîtriser les fondamentaux techniques. Le risque majeur : l'IA permet d'aller très vite dans la mauvaise direction si le jugement humain et l'expérience font défaut. Le niveau d'exigence global augmente : les bases techniques solides deviennent plus importantes que jamais pour éviter l'accumulation de dette technique rapide. Une revue de code en solo (Kent Beck) ! https://tidyfirst.substack.com/p/party-of-one-for-code-review?r=64ov3&utm_campaign=post&utm_medium=web&triedRedirect=true La revue de code traditionnelle, héritée des inspections formelles d'IBM, s'essouffle car elle est devenue trop lente et asynchrone par rapport au rythme du développement moderne. Avec l'arrivée de l'IA ("le génie"), la vitesse de production du code dépasse la capacité de relecture humaine, créant un goulot d'étranglement majeur. La revue de code doit évoluer vers deux nouveaux objectifs prioritaires : un "sanity check" pour vérifier que l'IA a bien fait ce qu'on lui demandait, et le contrôle de la dérive structurelle de la base de code. Maintenir une structure saine est crucial non seulement pour les futurs développeurs humains, mais aussi pour que l'IA puisse continuer à comprendre et modifier le code efficacement sans perdre le contexte. Kent Beck expérimente des outils automatisés (comme CodeRabbit) pour obtenir des résumés et des schémas d'architecture afin de garder une conscience globale des changements rapides. Même si les outils automatisés sont utiles, le "Pair Programming" reste irremplaçable pour la richesse des échanges et la pression sociale bénéfique qu'il impose à la réflexion. La revue de code solo n'est pas une fin en soi, mais une adaptation nécessaire lorsque l'on travaille seul avec des outils de génération de code augmentés. Loi, société et organisation Lego lance les Lego Smart Play, avec des Brique, des Smart Tags et des Smart Figurines pour faire de nouvelles constructions interactives avec des Legos https://www.lego.com/fr-fr/smart-play LEGO SMART Play : technologie réactive au jeu des enfants. Trois éléments clés : SMART Brique : Brique LEGO 2x4 "cerveau". Accéléromètre, lumières réactives, détecteur de couleurs, synthétiseur sonore. Réagit aux mouvements (tenir, tourner, taper). SMART Tags : Petites pièces intelligentes. Indiquent à la SMART Brique son rôle (ex: hélicoptère, voiture) et les sons à produire. Activent sons, mini-jeux, missions secrètes. SMART Minifigurines : Activées près d'une SMART Brique. Révèlent des personnalités uniques (sons, humeurs, réactions) via la SMART Brique. Encouragent l'imagination. Fonctionnement : SMART Brique détecte SMART Tags et SMART Minifigurines. Réagit aux mouvements avec lumières et sons dynamiques. Compatibilité : S'assemble avec les briques LEGO classiques. Objectif : Créer des expériences de jeu interactives, uniques et illimitées. Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 14-17 janvier 2026 : SnowCamp 2026 - Grenoble (France) 22 janvier 2026 : DevCon #26 : sécurité / post-quantique / hacking - Paris (France) 28 janvier 2026 : Software Heritage Symposium - Paris (France) 29-31 janvier 2026 : Epitech Summit 2026 - Paris - Paris (France) 2-5 février 2026 : Epitech Summit 2026 - Moulins - Moulins (France) 3 février 2026 : Cloud Native Days France 2026 - Paris (France) 3-4 février 2026 : Epitech Summit 2026 - Lille - Lille (France) 3-4 février 2026 : Epitech Summit 2026 - Mulhouse - Mulhouse (France) 3-4 février 2026 : Epitech Summit 2026 - Nancy - Nancy (France) 3-4 février 2026 : Epitech Summit 2026 - Nantes - Nantes (France) 3-4 février 2026 : Epitech Summit 2026 - Marseille - Marseille (France) 3-4 février 2026 : Epitech Summit 2026 - Rennes - Rennes (France) 3-4 février 2026 : Epitech Summit 2026 - Montpellier - Montpellier (France) 3-4 février 2026 : Epitech Summit 2026 - Strasbourg - Strasbourg (France) 3-4 février 2026 : Epitech Summit 2026 - Toulouse - Toulouse (France) 4-5 février 2026 : Epitech Summit 2026 - Bordeaux - Bordeaux (France) 4-5 février 2026 : Epitech Summit 2026 - Lyon - Lyon (France) 4-6 février 2026 : Epitech Summit 2026 - Nice - Nice (France) 5 février 2026 : Web Days Convention - Aix-en-Provence (France) 12 février 2026 : Strasbourg Craft #1 - Strasbourg (France) 12-13 février 2026 : Touraine Tech #26 - Tours (France) 19 février 2026 : ObservabilityCON on the Road - Paris (France) 6 mars 2026 : WordCamp Nice 2026 - Nice (France) 18-19 mars 2026 : Agile Niort 2026 - Niort (France) 20 mars 2026 : Atlantique Day 2026 - Nantes (France) 26 mars 2026 : Data Days Lille - Lille (France) 26-27 mars 2026 : SymfonyLive Paris 2026 - Paris (France) 26-27 mars 2026 : REACT PARIS - Paris (France) 27-29 mars 2026 : Shift - Nantes (France) 31 mars 2026 : ParisTestConf - Paris (France) 1 avril 2026 : AWS Summit Paris - Paris (France) 2 avril 2026 : Pragma Cannes 2026 - Cannes (France) 9-10 avril 2026 : AndroidMakers by droidcon - Paris (France) 16-17 avril 2026 : MiXiT 2026 - Lyon (France) 22-24 avril 2026 : Devoxx France 2026 - Paris (France) 23-25 avril 2026 : Devoxx Greece - Athens (Greece) 24-25 avril 2026 : Faiseuses du Web 5 - Dinan (France) 6-7 mai 2026 : Devoxx UK 2026 - London (UK) 22 mai 2026 : AFUP Day 2026 Lille - Lille (France) 22 mai 2026 : AFUP Day 2026 Paris - Paris (France) 22 mai 2026 : AFUP Day 2026 Bordeaux - Bordeaux (France) 22 mai 2026 : AFUP Day 2026 Lyon - Lyon (France) 29 mai 2026 : NG Baguette Conf 2026 - Paris (France) 5 juin 2026 : TechReady - Nantes (France) 5 juin 2026 : Fork it! - Rouen - Rouen (France) 6 juin 2026 : Polycloud - Montpellier (France) 11-12 juin 2026 : DevQuest Niort - Niort (France) 11-12 juin 2026 : DevLille 2026 - Lille (France) 12 juin 2026 : Tech F'Est 2026 - Nancy (France) 17-19 juin 2026 : Devoxx Poland - Krakow (Poland) 17-20 juin 2026 : VivaTech - Paris (France) 2 juillet 2026 : Azur Tech Summer 2026 - Valbonne (France) 2-3 juillet 2026 : Sunny Tech - Montpellier (France) 3 juillet 2026 : Agile Lyon 2026 - Lyon (France) 2 août 2026 : 4th Tech Summit on Artificial Intelligence & Robotics - Paris (France) 4 septembre 2026 : JUG Summer Camp 2026 - La Rochelle (France) 17-18 septembre 2026 : API Platform Conference 2026 - Lille (France) 24 septembre 2026 : PlatformCon Live Day Paris 2026 - Paris (France) 1 octobre 2026 : WAX 2026 - Marseille (France) 1-2 octobre 2026 : Volcamp - Clermont-Ferrand (France) 5-9 octobre 2026 : Devoxx Belgium - Antwerp (Belgium) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via X/twitter https://twitter.com/lescastcodeurs ou Bluesky https://bsky.app/profile/lescastcodeurs.com Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/

In Folge 294 sprechen die ApfelNerds über einige Jubiläen, das Preview der neuen Emojis in Unicode 18, Anker hat den Anker Nano Charger (45W, Smart Display, 180° Foldable) vorgestellt, Apple hat sich für Google Gemini als AI-Backend entschieden, Thorsten stellt sein Daily Habit Tracker/Journal vor und es gibt Updates.

■2進数・今年もよろしくお願いします・10進数・8進数・2進数・16進数 ■コンピューターの中の数字・ON/OFFの羅列に意味を持たせる・負の数をどうしよう・符号と絶対値表現や、2の補数表現・ビットの集まりを意味のあるデータとして扱う・画像は画素(ドット)ごとの色や明るさ・音は、音圧を1秒に40,000回くらいの頻度でデータ化している・文字コード・絵文字がUNICODEに入った・デジタルデータのメリット メールをお待ちしています rika@0438.jp質問や感想など気軽にお送りください！ audiobook.jpで使える60日間無料聴き放題クーポン3MRU-RH46-RJ31-2GLQ

Unicode: It is more than funny domain names. Unicode can cause a number of issues due to odd features like variance selectors and text direction issues. https://isc.sans.edu/diary/Unicode%3A%20It%20is%20more%20than%20funny%20domain%20names./32472 FortiWeb Multiple OS command injection in API and CLI A second silently patched vulnerability in FortiWeb is already being exploited in the wild. https://fortiguard.fortinet.com/psirt/FG-IR-25-513 DLink DIR-878 Vulnerability DLink disclosed four different vulnerabilities in its popular DIR-878 router. The router is end-of-life and DLink will not release patches https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10475 Operation WrtHug, The Global Espionage Campaign Hiding in Your Home Router A new report, Operation WrtHug, has uncovered a massive, coordinated effort that has compromised thousands of ASUS routers worldwide. https://securityscorecard.com/blog/operation-wrthug-the-global-espionage-campaign-hiding-in-your-home-router/

Episode 149: In this episode of Critical Thinking - Bug Bounty Podcast The DEFCON videos are up, and Justin and Joseph talk through some of their favorites.Follow us on XGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== Resources ======Unicode surrogates conversionPrompt. Scan. ExploitBreaking into thousands of cloud based VPNs with 1 bugExamining Access Control Vulnerabilities in GraphQLSmart Bus Smart HackingPasskeys PwnedBypassing Intent Destination ChecksGemini Agents in Google CalendarExploitation of DOM Clobbering Vuln at ScaleTheHulkSmart Devices, Dumb ResetsMac PRT Cookie Theft====== Timestamps ======(00:00:00) Introduction(00:10:10) Prompt. Scan. Exploit(00:23:52) Breaking into thousands of cloud based VPNs with 1 bug(00:33:25) Access Control Vulns in GraphQL, Smart Bus Hacking, & Passkeys Pwned(00:44:10) Bypassing Intent Destination Checks & Invoking Gemini Agents(00:57:08) DOM Clobbering, Mac PRT Cookie Theft, & Smart Devices, Dumb Resets

Phishing with Invisible Characters in the Subject Line Phishing emails use invisible UTF-8 encoded characters to break up keywords used to detect phishing (or spam). This is aided by mail clients not rendering some characters that should be rendered. https://isc.sans.edu/diary/A%20phishing%20with%20invisible%20characters%20in%20the%20subject%20line/32428 Apache Tomcat PUT Directory Traversal Apache released an update to Tomcat fixing a directory traversal vulnerability in how the PUT method is used. Exploits could upload arbitrary files, leading to remote code execution. https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog BIND9 DNS Spoofing Vulnerability A PoC exploit is now available for the recently patched BIND9 spoofing vulnerability https://gist.github.com/N3mes1s/f76b4a606308937b0806a5256bc1f918

Jon and Ben discuss the highlights of the 1.81 through 1.84 releases of Rust. This episode was recorded as part of a YouTube live stream on 2025-10-26, which you can still watch. Contributing to Rustacean Station Rustacean Station is a community project; get in touch with us if you'd like to suggest an idea for an episode or offer your services as a host or audio editor! Twitter: @rustaceanfm Discord: Rustacean Station Github: @rustacean-station Email: hello@rustacean-station.org Timestamps & referenced resources [@01:58] - Rust 1.81 [@02:05] - core::error::Error Tracking issue for generic member access build-std Rust project goal [@08:27] - New sort implementations PR implementing the change Repo with the research [@10:49] - #[expect(lint)] [@14:37] - Lint reasons [@16:18] - Stabilized APIs [@16:34] - Duration::abs_diff [@17:25] - hint::assert_unchecked [@22:36] - fs::exists [@25:37] - Compatibility notes [@20:40] - Split panic hook and panic handler arguments [@23:00] - Abort on uncaught panics in extern "C" functions [@27:01] - WASI 0.1 target naming changed [@30:10] - Fix for CVE-2024-43402 CVE announcement [@33:39] - Rust 1.82 [@33:39] - cargo info [@35:06] - Apple target promotions Platform support tiers [@40:10] - Precise capturing use syntax The Captures “trick” Talk on impl Trait [@47:24] - Native syntax for creating a raw pointer Pointers Are Complicated Pointers Are Complicated II Pointers Are Complicated III [@53:43] - Safe items with unsafe extern [@59:32] - Unsafe attributes [@1:03:44] - Omitting empty types in pattern matching The never type [@1:11:33] - Floating-point NaN semantics and const [@1:17:41] - Constants as assembly immediates [@1:19:06] - Safely addressing unsafe statics [@1:22:56] - Stabilized APIs [@1:23:03] - thread::Builder::spawn_unchecked [@1:25:10] - Working with MaybeUninit [@1:25:48] - Exposed SIMD intrinsics [@1:26:14] - Changelog deep-dive [@1:26:26] - Rewrite binary search implementation [@1:27:30] - Rust 1.83 [@1:27:55] - New const capabilities [@1:31:50] - Stabilized APIs [@1:32:06] - New io::ErrorKind variants [@1:33:10] - Option::get_or_insert_default [@1:34:56] - char::MIN [@1:35:48] - Changelog deep-dive [@1:35:48] - Unicode 16 Emoji [@1:39:51] - Sysroot trim-paths [@1:41:31] - cargo update informs of outdated versions [@1:42:43] - cargo --timings dark mode [@1:43:15] - Checksum-based freshness in Cargo nightly [@1:44:26] - Rust 1.84 [@1:44:40] - Cargo considers Rust version for dependency version selection [@1:49:03] - Migration to the new trait solver begins [@1:51:47] - Strict provenance APIs Pointers Are Complicated Pointers Are Complicated II Pointers Are Complicated III Rust has provenance Gankra's write-up on raw pointer design Strict provenance APIs tracking issue [@1:57:53] - Stabilized APIs [@1:57:58] - ::isqrt [@1:58:15] - core::ptr::dangling [@1:59:15] - Changelog deep-dive [@1:59:15] - Include Cargo.lock in published crates [@2:00:12] - wasm32-wasi target removed [@2:01:06] - &raw *invalid_ptr is fine Credits Intro Theme: Aerocity Audio Editing: synchis Hosting Infrastructure: Jon Gjengset Show Notes: Jon Gjengset Hosts: Jon Gjengset and Ben Striegel

CISA warns a Windows SMB privilege escalation flaw is under Active exploitation. Microsoft issues an out of band fix for a WinRE USB input failure. Nation state hackers had long term access to F5. Envoy Air confirms it was hit by the zero-day in Oracle's E-Business Suite. A nonprofit hospital system in Massachusetts suffers a cyberattack. Russian's COLDRiver group rapidly retools its malware arsenal. GlassWorm malware hides malicious logic with invisible Unicode characters. European authorities dismantle a large-scale Latvian SIM farm operation. Myanmar's military raids a notorious cybercrime hub. Josh Kamdjou, from Sublime Security discusses how teams should get ahead of Scattered Spider's next move. Eagle Scouts are soaring into cyberspace. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Josh Kamdjou, CEO and co-founder of Sublime Security and former DOD white hat hacker, is discussing how teams should get ahead of Scattered Spider's next move. Selected Reading CISA warns of active exploitation of Windows SMB privilege escalation flaw (Beyond Machines) Windows 11 KB5070773 emergency update fixes Windows Recovery issues (Bleeping Computer) Hackers Had Been Lurking in Cyber Firm F5 Systems Since 2023 (Bloomberg) Envoy Air (American Airlines) Confirms Oracle EBS 0-Day Breach Linked to Cl0p (Hackread) Cyberattack Disrupts Services at 2 Massachusetts Hospitals (BankInfo Security) Russian Coldriver Hackers Deploy New ‘NoRobot' Malware (Infosecurity Magazine) Self-spreading GlassWorm malware hits OpenVSX, VS Code registries (Bleeping Computer) Police Shutter SIM Farm Provider in Latvia, Bust 7 Suspects (Data Breach Today) Myanmar Military Shuts Down Major Cybercrime Center and Detains Over 2,000 People (SecurityWeek) Scouts will now be able to earn badges in AI and cybersecurity (CNN Business) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Welcome back to America's #1 Daily Podcast,  featuring America's #1 Real Estate Coaches and Top EXP Realty Sponsors in the World, Tim and Julie Harris. Ready to become an EXP Realty Agent and join Tim and Julie Harris?  Visit: https://whylibertas.com/harris or text Tim directly at 512-758-0206. ******************* 2025's Real Estate Rollercoaster: Dodge the Career-Killers with THIS Mastermind!

Episode 135: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Ryan Barnett for a deep dive on WAFs. We also recap his Exploiting Unicode Normalization talk from DEFCON, and get his perspective on bug hunting from his time at Akamai. Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor - ThreatLocker. Checkout ThreatLocker Detect! https://www.criticalthinkingpodcast.io/tl-detectToday's Guest: https://x.com/ryancbarnett====== Resources ======Accidental Stored XSS Flaw in Zemanta 'Related Posts' Plugin for TypePadhttps://webappdefender.blogspot.com/2013/04/accidental-stored-xss-flaw-in-zemanta.htmlXSS Street-Fighthttps://media.blackhat.com/bh-dc-11/Barnett/BlackHat_DC_2011_Barnett_XSS%20Streetfight-Slides.pdfBlackhat USA 2025 - Lost in Translation: Exploiting Unicode Normalizationhttps://www.blackhat.com/us-25/briefings/schedule/#lost-in-translation-exploiting-unicode-normalization-44923====== Timestamps ======(00:00:00) Introduction(00:02:49) Accidental Stored XSS in Typepad Plugin (00:06:34) Chatscatter & Abusing third party Analytics(00:11:42) Ryan Barnett Introduction(00:21:11) Virtual Patching & WAF Challenges(00:40:39) AWS API Gateways & Whitelisting Bug Hunter Traffic(00:49:59) Lost in Translation: Exploiting Unicode Normalization(01:11:29) CSPs at the WAF level & 'Bounties for Bypass'

This week, we cover AI going rogue, Cloudflare declaring independence, and the secure container craze. Plus, Matt bravely judges 9 new emoji. Watch the YouTube Live Recording of Episode (https://www.youtube.com/live/lRlWChvJ_m8?si=cZJ-0kzBrEH5ERZh) 530 (https://www.youtube.com/live/lRlWChvJ_m8?si=cZJ-0kzBrEH5ERZh) Runner-up Titles VP of getting it on Neutral trombone Good Margin Independent from what? The New Benevolence I have plenty of cynicism for other things Rundown Emojis Australian Bigfoot (https://en.wikipedia.org/wiki/Yowie) Unicode's new emoji refuses to put respect on Bigfoot's name (https://www.engadget.com/mobile/unicodes-new-emoji-refuses-to-put-respect-on-bigfoots-name-184412935.html) Matt's Rankings: Hairy Creature Trombone Treasure Chest Fight Cloud Orca Landslide Apple Core Ballet Dancers Distorted Face AI coding platform goes rogue during code freeze and deletes entire company database — Replit CEO apologizes after AI engine says it 'made a catastrophic error in judgment' and 'destroyed all production data' (https://www.tomshardware.com/tech-industry/artificial-intelligence/ai-coding-platform-goes-rogue-during-code-freeze-and-deletes-entire-company-database-replit-ceo-apologizes-after-ai-engine-says-it-made-a-catastrophic-error-in-judgment-and-destroyed-all-production-data) Cloudflare Cloudflare 1.1.1.1 Incident on July 14, 2025 (https://blog.cloudflare.com/cloudflare-1-1-1-1-incident-on-july-14-2025/) Content Independence Day: no AI crawl without compensation! (https://blog.cloudflare.com/content-independence-day-no-ai-crawl-without-compensation/) Accidental Tech Podcast: 649: Prove It With Cameras (https://atp.fm/649) Anubis Web AI Firewall (https://github.com/TecharoHQ/anubis) Announcing Model Context Protocol (MCP) Server for AWS Price List (https://aws.amazon.com/about-aws/whats-new/2025/07/model-context-protocol-server-price-list/) Chainguard builds a market, everyone else wants in. (https://redmonk.com/jgovernor/2025/07/18/chainguard-builds-a-market-everyone-else-wants-in/) Bitnami Secure Images (https://github.com/bitnami/charts/issues/35164) Relevant to your Interests Browser extensions turn Trojan and infect 2.3 million Chrome and Edge users (https://cybernews.com/security/chrome-edge-hijacked-by-eighteen-malicious-extensions/) Code was the least interesting part of my multi-agent app, and here's what that means to me (https://seroter.com/2025/07/17/code-was-the-least-interesting-part-of-my-multi-agent-app-and-heres-what-that-means-to-me/) Dell employees are not OK (https://www.yahoo.com/news/dell-employees-not-ok-135038218.html) How Uber Became A Cash-Generating Machine (https://len-sherman.medium.com/how-uber-became-a-cash-generating-machine-ef78e7a97230) Clouded Judgement 7.18.25 - The Return of the Point Solution (https://cloudedjudgement.substack.com/p/clouded-judgement-71825-the-return?utm_source=post-email-title&publication_id=56878&post_id=168595292&utm_campaign=email-post-title&isFreemail=true&r=2l9&triedRedirect=true&utm_medium=email) Mid-Year 2025 CNCF Open Source Project Velocity (https://www.cncf.io/blog/2025/07/18/a-mid-year-2025-look-at-cncf-linux-foundation-and-the-top-30-open-source-projects/) new Date("wtf") (https://jsdate.wtf/) Intel axes Clear Linux, the fastest distribution on the market — company ends support, effective immediately (https://www.tomshardware.com/software/linux/intel-axes-clear-linux-the-fastest-distribution-on-the-market-company-ends-support-effective-immediately) The Epic Battle for AI Talent—With Exploding Offers, Secret Deals and Tears (https://www.wsj.com/tech/ai/meta-ai-recruiting-mark-zuckerberg-sam-altman-140d5861?st=pBmtib&reflink=article_copyURL_share) Cursor snaps up enterprise startup Koala in challenge to GitHub Copilot (https://techcrunch.com/2025/07/18/cursor-snaps-up-enterprise-startup-koala-in-challenge-to-github-copilot/) Lovable becomes a unicorn with $200M Series A just 8 months after launch (https://techcrunch.com/2025/07/17/lovable-becomes-a-unicorn-with-200m-series-a-just-8-months-after-launch/) Apple details how it trained its new AI models, see highlights (https://9to5mac.com/2025/07/21/apple-details-how-it-trained-its-new-ai-models-4-interesting-highlights/) Instacart's former CEO is taking the reins of a big chunk of OpenAI (https://www.theverge.com/openai/710836/instacarts-former-ceo-is-taking-the-reins-of-a-big-chunk-of-openai) The Enshittification of American Power (https://www.wired.com/story/enshittification-of-american-power/) Customer guidance for SharePoint vulnerability CVE-2025-53770 (https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/) Mike Lynch's Estate Ordered to Pay Hewlett Packard $945 Million (https://www.nytimes.com/2025/07/22/business/dealbook/mike-lynch-hp.html) OpenAI announces ChatGPT agent for web browsing (https://mashable.com/article/openai-announces-chatgpt-agent-web-browsing) OpenAI's new ChatGPT Agent can control an entire computer and do tasks for you (https://www.theverge.com/ai-artificial-intelligence/709158/openai-new-release-chatgpt-agent-operator-deep-research) ChatGPT Numbers (https://www.threads.com/@axios/post/DMXssSjuHax?xmt=AQF0UNyFv8CGZkBsSBbi7XWeXnW67U-Y-ZWQEwDod8lyhA) Move Mesos to the Attic (https://lists.apache.org/list.html?dev@mesos.apache.org) Anthropic hired back two of its employees — just two weeks after they left for a competitor. (https://www.theverge.com/ai-artificial-intelligence/708521/anthropic-hired-back-two-of-its-employees-just-two-weeks-after-they-left-for-a-competitor) Investors Float Deal Valuing Anthropic at More Than $100 Billion (https://www.theinformation.com/articles/investors-float-deal-valuing-anthropic-100-billion) Nonsense Coldplay's Kiss Cam Exposes Astronomer's CEO Andy Byron Alleged Affair With HR Chief Kristin Cabot (https://www.yahoo.com/entertainment/articles/coldplay-kiss-cam-exposes-astronomer-142620411.html) Unicode's new emoji refuses to put respect on Bigfoot's name (https://www.engadget.com/mobile/unicodes-new-emoji-refuses-to-put-respect-on-bigfoots-name-184412935.html) Atari Is Re-Releasing Its 2600+ To Celebrate Pac-Man's 45th Birthday (https://www.timeextension.com/news/2025/07/atari-is-re-releasing-its-2600plus-to-celebrate-pac-mans-45th-birthday) Conferences Sydney Wizdom Meet-Up (https://www.wiz.io/events/sydney-wizdom-meet-up-aug-2025), Sydney, August 7. Matt will be there. SpringOne (https://www.vmware.com/explore/us/springone?utm_source=organic&utm_medium=social&utm_campaign=cote), Las Vegas, August 25th to 28th, 2025. See Coté's pitch (https://www.youtube.com/watch?v=f_xOudsmUmk). Explore 2025 US (https://www.vmware.com/explore/us?utm_source=organic&utm_medium=social&utm_campaign=cote), Las Vegas, August 25th to 28th, 2025. See Coté's pitch (https://www.youtube.com/shorts/-COoeIJcFN4). Wiz Capture the Flag (https://www.wiz.io/events/capture-the-flag-brisbane-august-2025), Brisbane, August 26. Matt will be there. SREDay London (https://sreday.com/2025-london-q3/), Coté speaking, September 18th and 19th. Civo Navigate London (https://www.civo.com/navigate/london/2025), Coté speaking, September 30th. Texas Linux Fest (https://2025.texaslinuxfest.org), Austin, October 3rd to 4th. CFP closes August 3rd (https://www.papercall.io/txlf2025). CF Day EU (https://events.linuxfoundation.org/cloud-foundry-day-europe/), Frankfurt, October 7th, 2025. AI for the Rest of Us (https://aifortherestofus.live/london-2025), Coté speaking, October 15th to 16th, London. SDT News & Community Join our Slack community (https://softwaredefinedtalk.slack.com/join/shared_invite/zt-1hn55iv5d-UTfN7mVX1D9D5ExRt3ZJYQ#/shared-invite/email) Email the show: questions@softwaredefinedtalk.com (mailto:questions@softwaredefinedtalk.com) Free stickers: Email your address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) Follow us on social media: Twitter (https://twitter.com/softwaredeftalk), Threads (https://www.threads.net/@softwaredefinedtalk), Mastodon (https://hachyderm.io/@softwaredefinedtalk), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com) Watch us on: Twitch (https://www.twitch.tv/sdtpodcast), YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured), Instagram (https://www.instagram.com/softwaredefinedtalk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk) Book offer: Use code SDT for $20 off "Digital WTF" by Coté (https://leanpub.com/digitalwtf/c/sdt) Sponsor the show (https://www.softwaredefinedtalk.com/ads): ads@softwaredefinedtalk.com (mailto:ads@softwaredefinedtalk.com) Recommendations Brandon: Magic Keyboard with Touch ID and Numeric Keypad for Mac (https://www.apple.com/shop/product/MXK83LL/A/magic-keyboard-with-touch-id-and-numeric-keypad-for-mac-models-with-apple-silicon-usb-c-us-english-black-keys?fnode=9586aab2077eb774c28648c4795309d1121a0be316d0cef51e8ecb4f03f94a17a88ca466c99d3d3ce977c5a3933a01e4a9d465d8c36e6a9db43dcd2fdd97c814f69fee0a947209242f7e16f10d07223c5fa2dd831c66ffc4bca1a0c99c10f58ec0b7562aa4f1a834e276771b7ef3bfa8&fs=f%3Dkeyboard%26fh%3D36f4%252B4603) Matt: Spirited (https://www.imdb.com/title/tt1524415/) Photo Credits Header (https://unsplash.com/photos/a-statue-of-a-gorilla-sitting-on-top-of-a-wooden-bench-p9uwu_LDmoc)

Episode 132: In this episode of Critical Thinking - Bug Bounty Podcast, Justin Gardner is joined by Mathias Karlsson to discuss vulnerabilities associated with archives. They talk about his new tool, Archive Alchemist, and explore topics like the significance of Unicode paths, symlinks, and TAR before they end up talking about Charsets again..Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord!You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: ThreatLocker - Patch ManagementToday's Guest: Mathias Karlsson====== This Week in Bug Bounty ======Swiss Post's 2025 Public Intrusion Test starts on July 28Intigriti teams with NVIDIABugcrowd Ingenuity AwardsHack the Hacker Series - AI Vulnerabilities and Bug BountiesA Novel Technique for SQL Injection in PDO's Prepared StatementsHow We Accidentally Discovered a Remote Code Execution Vulnerability in ETQ Reliance====== Resources ======Archive AlchemistHacking Livestream #53: The ZIP file format====== Timestamps ======(00:00:00) Introduction(00:10:04) Archive Alchemist(00:36:05) Unicode Extensions, normalization, and confusion attacks on Zip parsers(00:48:44) Character Sets(01:01:49) 7zip & File Names (01:06:44) Path Traversal, Symlinks & Identifying Techniques(01:36:05) Hardlinks and TAR

Wed, 23 Jul 2025 20:15:00 GMT http://relay.fm/connected/562 http://relay.fm/connected/562 Tech Boomers 562 Federico Viticci, Stephen Hackett, and Myke Hurley With Beta 4, Liquid Glass is back in a big way, and the guys have feelings about it. With Beta 4, Liquid Glass is back in a big way, and the guys have feelings about it. clean 4765 With Beta 4, Liquid Glass is back in a big way, and the guys have feelings about it. This episode of Connected is sponsored by: Ecamm: Powerful live streaming platform for Mac. Get one month free. Links and Show Notes: Get Connected Pro: Preshow, postshow, no ads. Submit Feedback Deflexmobile Specialty License Plates in TN Opportunity Knocks – The Enthusiast The Unicode Blog:

Wed, 23 Jul 2025 20:15:00 GMT http://relay.fm/connected/562 http://relay.fm/connected/562 Federico Viticci, Stephen Hackett, and Myke Hurley With Beta 4, Liquid Glass is back in a big way, and the guys have feelings about it. With Beta 4, Liquid Glass is back in a big way, and the guys have feelings about it. clean 4765 With Beta 4, Liquid Glass is back in a big way, and the guys have feelings about it. This episode of Connected is sponsored by: Ecamm: Powerful live streaming platform for Mac. Get one month free. Links and Show Notes: Get Connected Pro: Preshow, postshow, no ads. Submit Feedback Deflexmobile Specialty License Plates in TN Opportunity Knocks – The Enthusiast The Unicode Blog:

En el Manzanas Informadas de hoy Viernes 18 de Julio, vamos a analizar las últimas noticias. Y las más importante con diferencia es el bombazo confirmado por Unicode. En iOS26 tendremos nuevos emojis.Junto a esta, otras noticias de menor calado, el futuro iPhold compartirá tecnología de pantalla con el próximo Samsung Fold 8. Un nuevo color desvelado para el futuro iPhone 17 Pro hará las delicias de los fan del Liquid Glass.Y para finalizar, una noticia para jugones. Cybepunk 2077 ya está disponible para Mac. Si bien la tendremos en disponible todos los Mac con Apple Silicon, será imprescindible que dispongan de un mínimo de 16gb de RAM.Finalizamos la semana de MI y rematamos el fin de semana con nuestro MERO y el Manzanas Enfrentadas 7 de /, lo tenemos!!!

Unicode revela ocho nuevos emoji que llegarán a teléfonos y chats mediante la próxima actualización global.  Por Félix Riaño @LocutorCo      Celebramos el Día Mundial del Emoji con un adelanto: trombón, cofre del tesoro, cara distorsionada, criatura peluda, nube de pelea, corazón de manzana, orca y bailarinas llegan pronto a tu teclado.  Las caritas amarillas han tenido un viaje alucinante, desde los pagers noventeros hasta los teléfonos plegables de hoy. El diecisiete de julio, Día Mundial del Emoji, el Consorcio Unicode presentó las ocho figuras que van a refrescar nuestros mensajes en 2026: un trombón que toca sin sonido, un cofre del tesoro digno de “One Piece”, una cara distorsionada ideal para mostrar bochorno, una criatura peluda que evoca a Bigfoot, una nube de pelea sacada de las viñetas, el corazón mordido de una manzana, una orca saltarina y un par de bailarinas en puntas. ¿Sabías que cualquier fan puede proponer nuevos símbolos? Te voy a contar cómo se decide quién se cuela en el teclado y quién queda en borrador, ¿te quedas para descubrirlo?  Nuevo emoji, nueva historia, todavía falta el paso final clave  Imagina abrir tu chat favorito en marzo de dos mil veintiséis y encontrar el pequeño trombón listo para musicalizar tu chiste malo. Detrás de ese icono hay un proceso de once pasos que empieza mucho antes de que pulses enviar. Primero surge la idea: puede nacer en una conversación, en un tuit o en una lista de deseos de fanáticos. Luego alguien redacta una propuesta oficial, documenta la relevancia cultural, muestra bocetos y hasta explica escalas de piel si corresponde. Los voluntarios del subcomité Emoji del Consorcio Unicode revisan criterios de compatibilidad, uso esperado y singularidad. Si todo encaja, el símbolo se somete a votación en la reunión trimestral. Después vienen meses de pruebas técnicas para garantizar que el código funcione igual en Android, iOS, Windows y más. Al final, el estándar se publica y los artistas de cada empresa redibujan el pictograma con su propio estilo.  En teoría, el sistema luce transparente, pero la práctica presenta obstáculos curiosos. Para empezar, las propuestas deben demostrar un nivel de uso potencial comparable al de símbolos existentes, lo que deja fuera referencias muy locales. El comité también vigila que la lista no crezca sin control porque cada carácter adicional ocupa memoria en dispositivos antiguos. A eso se suma la accesibilidad: cada emoji necesita nombre, etiqueta de voz y descripción compatible con lectores de pantalla, garantizando inclusión real. Además, hay batallas de propiedad intelectual; llamar «Bigfoot» a la criatura peluda implicaría marcas registradas, por eso se escoge un título neutral. Las discusiones se encienden cuando la imagen roza estereotipos culturales o temas políticos. ¿Cuántas banderas regionales son suficientes? A veces, las compañías agregan stickers generados por IA para saltarse la espera, pero eso fragmenta la experiencia porque tu chiste puede aparecer como cuadro vacío en el móvil de tu abuela.  El camino hacia el teclado no termina con la aprobación de Unicode. Una vez publicado el estándar 17 el nueve de septiembre de dos mil veinticinco, cada empresa ajusta sus calendarios. Apple suele tardar entre seis y ocho meses; los rumores señalan que el paquete aparecerá en iOS 26.4, alrededor de la primavera boreal de dos mil veintiséis. Google integrará los gráficos en una actualización progresiva de Android, y las redes sociales como WhatsApp o X adoptarán sus propios diseños casi al mismo tiempo. Durante ese lapso, Emojipedia actualizará sus páginas y las favoritas empezarán a viralizarse. Ya hay apuestas: la cara distorsionada pinta para convertirse en el nuevo meme de frustración, mientras los músicos confían en que el trombón protagonizará la fanfarria de cada ascenso personal. Los gamers planean usar la nube de pelea para narrar partidas de Smash, y la orca promete ser la reina de los hilos sobre conservación marina. Cuando por fin pulses esa criatura peluda, piensa en los miles de voluntarios que la hicieron posible.  El Consorcio Unicode nació en 1991 y hoy reúne a gigantes como Apple, Google, Microsoft, Meta y Adobe, además de universidades y gobiernos. Su misión principal es asegurar que cualquier texto, sea latín, árabe o emoji, se vea igual en todas partes. Cada adopción de carácter cuesta dinero, por eso existe el programa Adopt-a-Character: con donaciones desde 100 dólares o 90 euros recibes un certificado digital para presumir tu símbolo favorito. Entre los padrinos figuran museos, bibliotecas y hasta grupos de K-pop que patrocinan el corazón morado. La historia de los emoji empezó con Shigetaka Kurita en NTT DoCoMo, y el catálogo pasó de 176 figuras a casi 4 000. Algunos pictogramas han cambiado con la cultura: el revólver se transformó en pistola de agua y el disquete pronto sumará un guiño nostálgico. Las encuestas muestran que el corazón rojo, la carita con lágrimas de risa y el fuego dominan el podio, aunque el ranking rota cada mes según temporadas y memes virales.  En resumen, ocho nuevos emoji están en la fila de salida: trombón, cofre, cara distorsionada, criatura peluda, nube de pelea, corazón de manzana, orca y bailarinas. Para verlos vamos a esperar hasta dos mil veintiséis, pero desde ya podemos proponer, adoptar y soñar con el próximo icono que cuente historias universales. Escucha y comenta más en Flash Diario,  Unicode adelanta ocho emoji: Bigfoot, orca, trombón, cofre, nube de pelea, cara distorsionada, bailarinas y corazón de manzana, disponibles 2026.  BibliografíaUnicode Consortium BlogMacStoriesMacRumorsLifehacker9to5MacEngadgetThe VergeCNETConviértete en un seguidor de este podcast: https://www.spreaker.com/podcast/flash-diario-de-el-siglo-21-es-hoy--5835407/support.

The Unicode Consortium previewed new emoji, including a Bigfoot icon, set for release with Unicode 17.0 in spring 2026. The update will also add icons such as an apple core, ballet dancers, distorted face, fight cloud, orca, treasure chest, and trombone. The emoji creation process involves design reviews and technical assessments before approval. Apple launched an emoji word game for Apple News Plus subscribers, and Emojipedia relaunched EmojiTracker.com to track emoji usage. Businesses can use new emoji for digital engagement and marketing.Learn more on this news by visiting us at: https://greyjournal.net/news/ Hosted on Acast. See acast.com/privacy for more information.

This show has been flagged as Explicit by the host. Overview Several years ago I wrote a Bash script to perform a task I need to perform almost every day - find the newest file in a series of files. At this point I was running a camera on a Raspberry Pi which was attached to a window and viewed my back garden. I was taking a picture every 15 minutes, giving them names containing the date and time, and storing them in a directory. It was useful to be able to display the latest picture. Since then, I have found that searching for newest files useful in many contexts: Find the image generated by my random recipe chooser, put in the clipboard and send it to the Telegram channel for my family. Generate a weather report from wttr.in and send it to Matrix. Find the screenshot I just made and put it in the clipboard. Of course, I could just use the same name when writing these various files, rather than accumulating several, but I often want to look back through such collections. If I am concerned about such files accumulating in an unwanted way I write cron scripts which run every day and delete the oldest ones. Original script The first iteration of the script was actually written as a Bash function which was loaded at login time. The function is called newest_matching_file and it takes two arguments: A file glob expression to match the file I am looking for. An optional directory to look for the file. If this is omitted, then the current directory will be used. The first version of this function was a bit awkward since it used a for loop to scan the directory, using the glob pattern to find the file. Since Bash glob pattern searches will return the search pattern when they fail, it was necessary to use the nullglob (see references) option to prevent this, turning it on before the search and off afterwards. This technique was replaced later with a pipeline using the find command. Improved Bash script The version using find is what I will explain here. function newest_matching_file { local glob_pattern=${1-} local dir=${2:-$PWD} # Argument number check if [[ $# -eq 0 || $# -gt 2 ]]; then echo 'Usage: newest_matching_file GLOB_PATTERN [DIR]' >&2 return 1 fi # Check the target directory if [[ ! -d $dir ]]; then echo "Unable to find directory $dir" >&2 return 1 fi local newest_file # shellcheck disable=SC2016 newest_file=$(find "$dir" -maxdepth 1 -name "$glob_pattern" \ -type f -printf "%T@ %p\n" | sort | sed -ne '${s/.\+ //;p}') # Use printf instead of echo in case the file name begins with '-' [[ -n $newest_file ]] && printf '%s\n' "$newest_file" return 0 } The function is in the file newest_matching_file_1.sh , and it's loaded ("sourced", or declared) like this: . newest_matching_file_1.sh The '.' is a short-hand version of the command source . I actually have two versions of this function, with the second one using a regular expression, which the find command is able to search with, but I prefer this one. Explanation The first two lines beginning with local define variables local to the function holding the arguments. The first, glob_pattern is expected to contain something like screenshot_2025-04-*.png . The second will hold the directory to be scanned, or if omitted, will be set to the current directory. Next, an if statement checks that there are the right number of arguments, aborting if not. Note that the echo command writes to STDERR (using '>&2' ), the error channel. Another if statement checks that the target directory actually exists, and aborts if not. Another local variable newest_file is defined. It's good practice not to create global variables in functions since they will "leak" into the calling environment. The variable newest_file is set to the result of a command substitution containing a pipeline: The find command searches the target directory. Using -maxdepth 1 limits the search to the chosen directory and does not descend into sub-directories. The search pattern is defined by -name "$glob_pattern" Using -type f limits the search to files The -printf "%T@ %p\n" argument returns the file's last modification time as the number of seconds since the Unix epoch '%T@' . This is a number which is larger if the file is older. This is followed, after a space, by the full path to the file ( '%p' ), and a newline. The matching file names are sorted. Because each is preceded by a numeric time value, they will be sorted in ascending order of age. Finally sed is used to return the last file in the sorted list with the program '${s/.\+ //;p}' : The use of the -n option ensures that only lines which are explicitly printed will be shown. The sed program looks for the last line (using '$' ). When found the leading numeric time is removed with ' s/.\+ //' and the result is printed (with 'p' ). The end result will either be the path to the newest file or nothing (because there was no match). The expression '[[ -n $newest_file ]]' will be true if $newest_file variable is not empty, and if that is the case, the contents of the variable will be printed on STDOUT, otherwise nothing will be printed. Note that the script returns 1 (false) if there is a failure, and 0 (true) if all is well. A null return is regarded as success. Script update While editing the audio for this show I realised that there is a flaw in the Bash function newest_matching_file . This is in the sed script used to process the output from find . The sed commands used in the script delete all characters up to a space, assuming that this is the only space in the last line. However, if the file name itself contains spaces, this will not work because regular expressions in sed are greedy . What is deleted in this case is everything up to and including the last space. I created a directory called tests and added the following files: 'File 1 with spaces.txt' 'File 2 with spaces.txt' 'File 3 with spaces.txt' I then ran the find command as follows: $ find tests -maxdepth 1 -name 'File*' -type f -printf "%T@ %p\n" | sort | sed -ne '${s/.\+ //;p}' spaces.txt I adjusted the sed call to sed -ne '${s/[^ ]\+ //;p}' . This uses the regular expression: s/[^ ]\+ // This now specifies that what it to be removed is every non-space up to and including the first space. The result is: $ find tests -maxdepth 1 -name 'File*' -type f -printf "%T@ %p\n" | sort | sed -ne '${s/[^ ]\+ //;p}' tests/File 3 with spaces.txt This change has been propagated to the copy on GitLab . Usage This function is designed to be used in commands or other scripts. For example, I have an alias defined as follows: alias copy_screenshot="xclip -selection clipboard -t image/png -i \$(newest_matching_file 'Screenshot_*.png' ~/Pictures/Screenshots/)" This uses xclip to load the latest screenshot into the clipboard, so I can paste it into a social media client for example. Perl alternative During the history of this family of scripts I wrote a Perl version. This was originally because the Bash function gave problems when run under the Bourne shell, and I was using pdmenu a lot which internally runs scripts under that shell. #!/usr/bin/env perl use v5.40; use open ':std', ':encoding(UTF-8)'; # Make all IO UTF-8 use Cwd; use File::Find::Rule; # # Script name # ( my $PROG = $0 ) =~ s|.*/||mx; # # Use a regular expression rather than a glob pattern # my $regex = shift; # # Get the directory to search, defaulting to the current one # my $dir = shift // getcwd(); # # Have to have the regular expression # die "Usage: $PROG regex [DIR]\n" unless $regex; # # Collect all the files in the target directory without recursing. Include the # path and let the caller remove it if they want. # my @files = File::Find::Rule->file() ->name(qr/$regex/) ->maxdepth(1) ->in($dir); die "Unsuccessful search\n" unless @files; # # Sort the files by ascending modification time, youngest first # @files = sort {-M($a) -M($b)} @files; # # Report the one which sorted first # say $files[0]; exit; Explanation This is fairly straightforward Perl script, run out of an executable file with a shebang line at the start indicating what is to be used to run it - perl . The preamble defines the Perl version to use, and indicates that UTF-8 (character sets like Unicode) will be acceptable for reading and writing. Two modules are required: Cwd : provides functions for determining the pathname of the current working directory. File::Find::Rule : provides tools for searching the file system (similar to the find command, but with more features). Next the variable $PROG is set to the name under which the script has been invoked. This is useful when giving a brief summary of usage. The first argument is then collected (with shift ) and placed into the variable $regex . The second argument is optional, but if omitted, is set to the current working directory. We see the use of shift again, but if this returns nothing (is undefined), the '//' operator invokes the getcwd() function to get the current working directory. If the $regex variable is not defined, then die is called to terminate the script with an error message. The search itself is invoked using File::Find::Rule and the results are added to the array @files . The multi-line call shows several methods being called in a "chain" to define the rules and invoke the search: file() : sets up a file search name(qr/$regex/) : a rule which applies a regular expression match to each file name, rejecting any that do not match maxdepth(1) : a rule which prevents the search from descending below the top level into sub-directories in($dir) : defines the directory to search (and also begins the search) If the search returns no files (the array is empty), the script ends with an error message. Otherwise the @files array is sorted. This is done by comparing modification times of the files, with the array being reordered such that the "youngest" (newest) file is sorted first. The operator checks if the value of the left operand is greater than the value of the right operand, and if yes then the condition becomes true. This operator is most useful in the Perl sort function. Finally, the newest file is reported. Usage This script can be used in almost the same way as the Bash variant. The difference is that the pattern used to match files is a Perl regular expression. I keep this script in my ~/bin directory, so it can be invoked just by typing its name. I also maintain a symlink called nmf to save typing! The above example, using the Perl version, would be: alias copy_screenshot="xclip -selection clipboard -t image/png -i \$(nmf 'Screenshot_.*\.png' ~/Pictures/Screenshots/)" In regular expressions '.*' means "any character zero or more times". The '.' in '.png' is escaped because we need an actual dot character. Conclusion The approach in both cases is fairly simple. Files matching a pattern are accumulated, in the Bash case including the modification time. The files are sorted by modification time and the one with the lowest time is the answer. The Bash version has to remove the modification time before printing. This algorithm could be written in many ways. I will probably try rewriting it in other languages in the future, to see which one I think is best. References Glob expansion: Wikipedia article on glob patterns HPR shows covering glob expansion: Finishing off the subject of expansion in Bash (part 1) Finishing off the subject of expansion in Bash (part 2) GitLab repository holding these files: hprmisc - Miscellaneous scripts, notes, etc pertaining to HPR episodes which I have contributed Provide feedback on this episode.

In this episode of Remote Ruby, Chris and Andrew chat through everything from extreme summer heat, tornadoes, and driving habits, to browser quirks, Unicode bugs, Punycode, and the intricacies of building and maintaining rich text editors. Their conversation drifts into developer tools like Tiptap and Lexical, accessibility issues, browser rendering oddities, and even some personal stories involving cooking fails and skateboarding injuries. Hit download now to hear more! LinksJudoscale- Remote Ruby listener giftThe Sad Story Of The Unicode Snowman (Hacker News, Dec 23, 2010)TiptapLexicalPunycodeHoneybadgerHoneybadger is an application health monitoring tool built by developers for developers.JudoscaleMake your deployments bulletproof with autoscaling that just works.Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. Chris Oliver X/Twitter Andrew Mason X/Twitter Jason Charnes X/Twitter

Excited is overused This week, we recap Microsoft Build, Google I/O, and Java turning 30. Plus, more Vegemite talk and a discussion on whether tech presenters really need to tell us they're “excited.” Watch the YouTube Live Recording of Episode (https://www.youtube.com/live/4ar2nzlx3gw?si=pee9R6HbHN06etA2) 520 (https://www.youtube.com/live/4ar2nzlx3gw?si=pee9R6HbHN06etA2) Runner-up Titles We all need choices Vegans are against everything The problem is you shouldn't be watching keynotes You're giving the black box too much responsibility What are you going to do? Some more stuff they announced that I don't want They're excited about that Hopefully people are excited about that I'm happy for you I want to like it Nerd famous Can you just fix calendaring? It's too much I'm not going back to Java Rundown Will Matt try marmalade with his Vegemite for the full PBJ analogue. (https://bsky.app/profile/thescarletmanuka.bsky.social/post/3lpdioobdek27) MSFT Build Microsoft Build 2025: news and announcements from the developer conference (https://www.theverge.com/news/669382/microsoft-build-2025-news-ai-agents) Microsoft announces over 50 AI tools to build the ‘agentic web' at Build 2025 (https://venturebeat.com/ai/microsoft-announces-over-50-ai-tools-to-build-the-agentic-web-at-build-2025/) Findings from Microsoft's 3-week study on Copilot use (https://newsletter.getdx.com/p/microsoft-3-week-study-on-copilot-impact) Microsoft open sources Windows Subsystem for Linux (https://www.theregister.com/2025/05/19/microsoft_wsl_open_source/) Google I/O Everything announced at the Google I/O 2025 keynote (https://www.engadget.com/ai/everything-announced-at-the-google-io-2025-keynote-171514495.html?guccounter=1&guce_referrer=aHR0cHM6Ly9uZXdzLmdvb2dsZS5jb20v&guce_referrer_sig=AQAAAIewjPeuiVydyPgPtFxJyD7lYSE7rAY-BFM7JxN5AHvJvH_NrHmCURfrSuBK4HmB700OTDoGERdfPyB77mCb8_225GPcoppCXG4dl_bgGOA9j4E5Fprl_nUD__-69yEG5-W7vmXISAdJC2kBU3MSZErnX1TuyR1_gKfb5Hx_OdRs) Android XR is getting stylish partners in Warby Parker and Gentle Monster (https://www.theverge.com/google-io/670013/android-xr-warby-parker-gentle-monster-smart-glassesi-io-2025) Jules - An Asynchronous Coding Agent (https://jules.google/) Google Embraces MCP (https://thenewstack.io/google-embraces-mcp/?link_source=ta_bluesky_link&taid=682cf46509703200019ca4f3&utm_campaign=trueanthem&utm_medium=social&utm_source=bluesky) iOS 19 Will Let Developers Use Apple's AI Models in Their Apps (https://www.macrumors.com/2025/05/20/ios-19-apple-ai-models-developers/) NEW Claude MCP AI Super Agents (https://x.com/juliangoldieseo/status/1924148362653348232?s=46&t=zgzybiDdIcGuQ_7WuoOX0A) AWS Launches Its Take on an Open Source AI Agents SDK (https://thenewstack.io/aws-launches-its-take-on-an-open-source-ai-agents-sdk/) Java at 30: The Genius Behind the Code That Changed Tech (https://thenewstack.io/java-at-30-the-genius-behind-the-code-that-changed-tech/) Relevant to your Interests If AI is so good at coding … where are the open source contributions? (https://pivot-to-ai.com/2025/05/13/if-ai-is-so-good-at-coding-where-are-the-open-source-contributions/) Y Combinator says Google is a ‘monopolist' that has ‘stunted' the startup ecosystem (https://techcrunch.com/2025/05/13/y-combinator-says-google-is-a-monopolist-that-has-stunted-the-startup-ecosystem) Coinbase says customers' personal information stolen in data breach (https://techcrunch.com/2025/05/15/coinbase-says-customers-personal-information-stolen-in-data-breach/) DataBricks interview about Neon (https://www.axios.com/newsletters/axios-pro-rata-a6f0b4f0-fe7f-412f-bf4b-5978de02d604.html?chunk=1&utm_term=emshare#story1) OpenAI launches Codex, an AI coding agent, in ChatGPT (https://techcrunch.com/2025/05/16/openai-launches-codex-an-ai-coding-agent-in-chatgpt/) CarPlay Ultra, the next generation of CarPlay, begins rolling out today (https://www.apple.com/newsroom/2025/05/carplay-ultra-the-next-generation-of-carplay-begins-rolling-out-today/) Meta argues enshittification isn't real in bid to toss FTC monopoly case (https://arstechnica.com/tech-policy/2025/05/meta-says-no-proof-of-monopoly-power-wants-ftc-case-dismissed-mid-trial/) When Open Source Isn't: How OpenRewrite Lost Its Way (https://medium.com/@jonathan.leitschuh/when-open-source-isnt-how-openrewrite-lost-its-way-642053be287d) Wiz 2.0? Cyera's meteoric $6B valuation is turning heads across the cyber world | CTech (https://www.calcalistech.com/ctechnews/article/shavjm2g2) Steve Langasek, One of Ubuntu Linux's Leading Lights, Has Died (https://thenewstack.io/steve-langasek-one-of-ubuntu-linuxs-leading-lights-has-died/) Python: The Documentary [OFFICIAL TRAILER] (https://www.youtube.com/watch?v=pqBqdNIPrbo) Spain Orders Airbnb to Take Down 66,000 Rental Listings (https://www.nytimes.com/2025/05/19/business/airbnb-listings-spain.html) Detecting malicious Unicode (https://daniel.haxx.se/blog/2025/05/16/detecting-malicious-unicode/) Former Apple Design Guru Jony Ive to Take Expansive Role at OpenAI (https://www.wsj.com/tech/ai/former-apple-design-guru-jony-ive-to-take-expansive-role-at-openai-5787f7da) Apple's Worldwide Developers Conference kicks off June 9 (https://www.apple.com/newsroom/2025/05/apples-worldwide-developers-conference-kicks-off-june-9/) Valkey Turns One: How the Community Fork Left Redis in the Dust - Momento (https://www.gomomento.com/blog/valkey-turns-one-how-the-community-fork-left-redis-in-the-dust/?ck_subscriber_id=512834888&utm_source=convertkit&utm_medium=email&utm_campaign=[Last%20Week%20in%20AWS]:%20Transform%20Away,%20as%20AWS%20Reverses%20Course%20-%2017665354) Nonsense Max (@StreamOnMax) on X (https://x.com/StreamOnMax/status/1922781490473034153) Uber to introduce fixed-route shuttles in major US cities designed for commuters (https://techcrunch.com/2025/05/14/uber-to-introduce-fixed-route-shuttles-in-major-us-cities-other-ways-to-save/) Conferences POST/CON 25 (https://postcon.postman.com/2025/), June 3-4, Los Angeles, CA, Brandon representing SDT. Register here for free pass (https://fnf.dev/43irTu1) using code BRANDON (https://fnf.dev/43irTu1) (limited to first 20 People) Contract-Driven Development: Unite Your Teams and Accelerate Delivery (https://postcon.postman.com/2025/session/3022520/contract-driven-development-unite-your-teams-and-accelerate-delivery%20%20%20%20%20%208:33) by Chris Chandler SREDay Cologne, June 12th, 2025 (https://sreday.com/2025-cologne-q2/#tickets) - Coté speaking, discount: CLG10, 10% off. SDT News & Community Join our Slack community (https://softwaredefinedtalk.slack.com/join/shared_invite/zt-1hn55iv5d-UTfN7mVX1D9D5ExRt3ZJYQ#/shared-invite/email) Email the show: questions@softwaredefinedtalk.com (mailto:questions@softwaredefinedtalk.com) Free stickers: Email your address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) Follow us on social media: Twitter (https://twitter.com/softwaredeftalk), Threads (https://www.threads.net/@softwaredefinedtalk), Mastodon (https://hachyderm.io/@softwaredefinedtalk), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com) Watch us on: Twitch (https://www.twitch.tv/sdtpodcast), YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured), Instagram (https://www.instagram.com/softwaredefinedtalk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk) Book offer: Use code SDT for $20 off "Digital WTF" by Coté (https://leanpub.com/digitalwtf/c/sdt) Sponsor the show (https://www.softwaredefinedtalk.com/ads): ads@softwaredefinedtalk.com (mailto:ads@softwaredefinedtalk.com) Recommendations Brandon: MurderBot (https://www.google.com/aclk?sa=L&ai=DChcSEwi286yM0KiNAxUELNQBHStVDhgYABABGgJvYQ&co=1&gclid=Cj0KCQjwxJvBBhDuARIsAGUgNfjytNAoEF2oBZYZixtUoB15h1o0UU1SJRQp-A-GFE_i0FGLHOE5wY8aAoFzEALw_wcB&cce=1&sig=AOD64_3mm-tO-giOK7S1lj45fNCC7pw-6w&q&adurl&ved=2ahUKEwiFq6eM0KiNAxXI4ckDHc0cBAMQ0Qx6BAg9EAE)

This week in the security news: Malware-laced printer drivers Unicode steganography Rhode Island may sue Deloitte for breach. They may even win. Japan's active cyber defense law Stop with the ping LLMs replace Stack Overflow - ya don't say? Aggravated identity theft is aggravating Ivanti DSM and why you shouldn't use it EDR is still playing cat and mouse with malware There's a cellular modem in your solar gear Don't slack on securing Slack XSS in your mail SIM swapping and the SEC Ivanti and libraries Supercomputers in space! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-875

This week in the security news: Malware-laced printer drivers Unicode steganography Rhode Island may sue Deloitte for breach. They may even win. Japan's active cyber defense law Stop with the ping LLMs replace Stack Overflow - ya don't say? Aggravated identity theft is aggravating Ivanti DSM and why you shouldn't use it EDR is still playing cat and mouse with malware There's a cellular modem in your solar gear Don't slack on securing Slack XSS in your mail SIM swapping and the SEC Ivanti and libraries Supercomputers in space! Show Notes: https://securityweekly.com/psw-875

This week in the security news: Malware-laced printer drivers Unicode steganography Rhode Island may sue Deloitte for breach. They may even win. Japan's active cyber defense law Stop with the ping LLMs replace Stack Overflow - ya don't say? Aggravated identity theft is aggravating Ivanti DSM and why you shouldn't use it EDR is still playing cat and mouse with malware There's a cellular modem in your solar gear Don't slack on securing Slack XSS in your mail SIM swapping and the SEC Ivanti and libraries Supercomputers in space! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-875

This week in the security news: Malware-laced printer drivers Unicode steganography Rhode Island may sue Deloitte for breach. They may even win. Japan's active cyber defense law Stop with the ping LLMs replace Stack Overflow - ya don't say? Aggravated identity theft is aggravating Ivanti DSM and why you shouldn't use it EDR is still playing cat and mouse with malware There's a cellular modem in your solar gear Don't slack on securing Slack XSS in your mail SIM swapping and the SEC Ivanti and libraries Supercomputers in space! Show Notes: https://securityweekly.com/psw-875

This podcast interview focuses on the entrepreneurial journey to discovering powerful strategic frameworks through trial and error. My guest is Sharat Potharaju, CEO of Unicode. Sharat is a serial entrepreneur with 15 years of experience. He navigated through a decade of ventures that didn't scale before founding Uniqode in 2019. His company has since grown to serve over 50,000 businesses worldwide, including Fortune 500 companies, by creating innovative technology that connects physical and digital worlds through mobile experiences. What makes Sharat's story remarkable is his methodical approach to business building, where he combines weekly deep strategic thinking with rapid experimentation frameworks, always maintaining that impact—both for employees and customers—is what drives his entrepreneurial energy. And this inspired me, and hence I invited Sharat to my podcast. We explore how an entrepreneur's decade of failures can become the foundation for remarkable success. Sharat challenges conventional wisdom by dedicating specific time each week for deep thinking about long-term strategy while handling day-to-day operations. He reveals why being selective about advice is crucial for maintaining entrepreneurial confidence, and how balancing luck with persistence creates the conditions for breakthrough success. His approach makes products dead-simple for users while sticking to strict testing methods to know what works. Here is a quote that captures one of Sharat's most striking business lessons: "It's important to love your product, but it's even more important to be obsessed about the problem that you're trying to solve. Because if you're not obsessed about the problem, eventually you'll just fall in love with your product and lose your focus on vision." By listening to this podcast you will learn: Why entrepreneurial success typically takes a decade, not overnight, and how to mentally prepare for this reality How to implement a "Wednesday deep thinking" practice that balances long-term vision with short-term execution The secret to filtering advice from well-meaning investors, mentors, and colleagues without losing your entrepreneurial confidence How to create frameworks for experimentation that prevent chaos while maximizing learning For more information about the guest from this week:  Guest: Sharat Potharaju  Website: uniqode.com Learn more about your ad choices. Visit megaphone.fm/adchoices

It's another hot questions episode. Tabs vs spaces, whether we have imposter syndrome, why software keeps getting heavier, the correct length of functions and files, and what every programmer should know.   Some things we mentioned: Interesting Characters (UTF-16, utf-8, Unicode, encodings) Software Design is Knowledge Building The Absolute Minimum Every Software Developer Must Know... Read More

It's another hot questions episode. Tabs vs spaces, whether we have imposter syndrome, why software keeps getting heavier, the correct length of functions and files, and what every programmer should know.   Some things we mentioned: Interesting Characters (UTF-16, utf-8, Unicode, encodings) Software Design is Knowledge Building The Absolute Minimum Every Software Developer Must Know... Read More

A single

It's 2025, so why are malicious advertising URLs still going strong? Phishing attacks continue to take advantage of Google s advertising services. Sadly, this is still the case for obviously malicious links, even after various anti-phishing services flag the URL. https://isc.sans.edu/diary/It%27s%202025...%20so%20why%20are%20obviously%20malicious%20advertising%20URLs%20still%20going%20strong%3F/31880 ChatGPT Fingerprinting Documents via Unicode ChatGPT apparently started leaving fingerprints in texts, which it creates by adding invisible Unicode characters like non-breaking spaces. https://www.rumidocs.com/newsroom/new-chatgpt-models-seem-to-leave-watermarks-on-text Asus AI Cloud Security Advisory Asus warns of a remote code execution vulnerability in its routers. The vulnerability is related to the AI Cloud feature. If your router is EoL, disabling the feature will mitigate the vulnerability https://www.asus.com/content/asus-product-security-advisory/ PyTorch Vulnerability PyTorch fixed a remote code execution vulnerability exploitable if a malicious model was loaded. This issue was exploitable even with the weight_only=True" setting selected https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6

#circuitpythonparsec How to use Unicode characters in the REPL. https://github.com/jedgarpark/parsec/blob/main/2025-03-20/code.py https://www.adafruit.com/product/6003 Learn about CircuitPython: https://circuitpython.org Visit the Adafruit shop online - http://www.adafruit.com ----------------------------------------- LIVE CHAT IS HERE! http://adafru.it/discord Subscribe to Adafruit on YouTube: http://adafru.it/subscribe New tutorials on the Adafruit Learning System: http://learn.adafruit.com/ -----------------------------------------

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.North Korea's state-backed Lazarus Group is believed to be responsible for the largest cryptocurrency heist ever recorded, stealing $1.5 billion from the Bybit exchange. The "BadPilot" hacking campaign has been linked to Russia's Sandworm threat group, a unit of the GRU known for cyber espionage and disruptive attacks. GreyNoise has observed active exploitation of CVE-2025-0108, a critical authentication bypass vulnerability in Palo Alto Networks' PAN-OS. Security researcher Paul Butler has demonstrated a novel technique for smuggling arbitrary data using emojis, leveraging the way modern text encoding and rendering systems handle Unicode characters.Kitty Stealer is a newly identified malware targeting macOS systems, designed to steal sensitive user data such as credentials, browser cookies, and cryptocurrency wallets.SEKOIA researchers have uncovered a previously unknown IoT botnet named PolarEdge, which has been operating covertly for an extended period.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Network traffic tunneling is a technique used by attackers to bypass security controls and exfiltrate data or establish covert communication channels. Threat actors use various tunneling methods, including DNS tunneling, HTTP/S tunneling, and ICMP tunneling, each with its own advantages depending on the target environment.The "BadPilot" hacking campaign has been linked to Russia's Sandworm threat group, a unit of the GRU known for cyber espionage and disruptive attacks.GreyNoise has observed active exploitation of CVE-2025-0108, a critical authentication bypass vulnerability in Palo Alto Networks' PAN-OS. This vulnerability allows unauthenticated attackers to gain administrative access to affected firewall devices, posing a significant risk to organizations relying on PAN-OS for network security.Security researcher Paul Butler has demonstrated a novel technique for smuggling arbitrary data using emojis, leveraging the way modern text encoding and rendering systems handle Unicode characters.Kitty Stealer is a newly identified malware targeting macOS systems, designed to steal sensitive user data such as credentials, browser cookies, and cryptocurrency wallets.

On the web side, we cover a portswigger post on ways of abusing unicode mishandling to bypass firewalls and a doyensec guide to OAuth vulnerabilities. We also get into a Windows exploit for a use-after-free in the telephony service that bypasses Control Flow Guard, and a data race due to non-atomic writes in the macOS kernel. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/271.html [00:00:00] Introduction [00:00:22] Bypassing character blocklists with unicode overflows [00:06:53] Common OAuth Vulnerabilities [00:18:37] Windows Telephony Service - It's Got Some Call-ing Issues [CVE-2024-26230] [00:32:05] TRAVERTINE (CVE-2025-24118) Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

2024 年终，W3C 发布了新版《中文排版需求》。这是该文档自发布以来，首次经历的大幅度结构调整。 2025 年伊始，我们有幸请到 W3C 国际化工作负责人、《中文排版需求》编辑薛富侨，向我们介绍文档的更新进展及逻辑框架；同时，也与我们分享 W3C 国际化工作的细节与愿景。 参考链接 W3C（World Wide Web Consortium，万维网联盟）于 2023 年正式转型成为公益性非营利组织 W3C 无障碍相关的标准及指南 W3C FAQ 之一「本地化与国际化有什么关系？」 Richard Ishida，国际化专家，前任 W3C 国际化标准工作负责人 W3C Requirements for Chinese Text Layout（中文排版需求） 字谈字畅 007：「通缉」中文字体排印事业的贡献者 字谈字畅 143：「中文电子书为什么还这么差？」 字谈字畅 144：CSS 中文排版的十年跬步 字谈字畅 186：《中文排版需求》的进展 薛富侨近期在 The Type 发布文章《新版〈中文排版需求〉：结构的统一与未来的可能性》，介绍《中文排版需求》的更新进展 W3C Patent Policy（专利政策） 语言文字矩阵（language matrix）是 W3C 推进国际化工作的重要框架之一 Safari 18.2 开始支持行内（字间）注音符号的排版，基于 CSS ruby-position 属性的 inter-character 值 Unicode 变体序列（variation sequence） Unicode Technical Report #59: East Asian Spacing 《中文排版需求》的 GitHub repo 嘉宾 薛富侨：W3C 国际化专家，致力于推动全球文字排版需求 主播 Eric：字体排印研究者，译者，The Type 执行编辑 蒸鱼：设计师，The Type 编辑 欢迎与我们交流或反馈，来信请致 podcast@thetype.com​。如果你喜爱本期节目，也欢迎用支付宝向我们捐赠：hello@thetype.com​。

Episode 103: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph delve into the vulnerabilities associated with ANSI codes and large language models (LLMs), as well as talk through some new research and the value of micro-blogging in general.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord!We offer Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Check out our new SWAG store!Join our Shift waitlist!Today's Sponsor - ThreatLocker. Check out their Elevation Control! https://www.criticalthinkingpodcast.io/tl-ecResources_json Juggling AttackCross-Site POST Requests Without a Content-Type HeaderWorst FitOrange Tsai on Worst FitHandling Cookies is a MinefieldTerminal DiLLMaXS-Leaking flags with CSS: A CTFd 0dayHacking Back the AI-HackerJohann Computer use demoHow I Became The Most Valuable HackerTimestamps(00:00:00) Introduction(00:01:39) _json Juggling Attack and Cross-Site POST Requests Without a Content-Type Header(00:10:55) Worst Fit and Unicode Mapping(00:20:08) Handling Cookies is a Minefield(00:28:11) Terminal DiLLMa & CTFd 0day(00:41:18) Hacking Back the AI-Hacker(00:47:30) Becoming Most Valuable Hacker

This episode features a conversation with Toronto-based designer, developer and accessibility specialist, Michael Young. His graduate level research involves making technology more accessible, specifically through the expansion of Raleway; an open source Google font used in communications by the Ontario Government.In this episode you'll hear more about Michael's gateway into this work, hear about the Syllabic writing system, and what Unicode is in plain language. You'll hear what it was like for Michael to embark on a journey of font creation for the first time, including what surprised him the most and what challenged him most in the process. You'll learn about typographic tofu and hear helpful resources related to typography for Indigenous language support.If you'd like to see some of the visuals related to what's discussed in this episode, please check out the show notes at www.talkpaperscissors.info. This conversation is part of a guest lecture series in GCM 230 - Typography at The Creative School at Toronto Metropolitan University.I'm all about interesting projects with interesting people! Let's Connect on the web or via Instagram. :)

摄氏度符号是一个独立字符，还是由两个字符组合构成？——今天的话题，同样由一位听众的来信引出。本期节目，就让我们尝试从历史、技术与实践多个角度，来认识这个符号。 参考链接 铁宋 v1.0 版正式发布 蒙纳字库与上海印刷技术研究所，于 11 月 6 日对外发布达成战略合作 陈其瑞先生曾撰文《被遗忘的宋体》，提及「宋七体」，2013 年刊于 The Type 字谈字畅 038：一根藤上七朵花 字谈字畅 115：喜欢游乐园的字体设计师 2024 年「Hiii 国际创意月」于 11 月 16 日开启，由 Hiiibrand 主办 Unicode 文档对于兼容分解（compatibility decomposition）符号的定义 Unicode 码表帮助文档及相关链接 字谈字畅 052：Kerning Panic·字谈字串（五）规范化有四样形式，你知道么？ UAX #15: Unicode Normalization Forms 摄氏度（degree Celsius） 安德斯·摄尔修斯（Anders Celsius，1701—1744），瑞典天文学家、物理学家、数学家；于 1742 年提出「摄氏温标」，后由植物学家卡尔·林奈反转温标，沿用至今 GB 3100—1993《国际单位制及其应用》 国际单位制（SI，International System of Units） 在 macOS 上可使用字符检视器输入特殊符号 主播 Eric：字体排印研究者，译者，The Type 执行编辑 蒸鱼：设计师，The Type 编辑 欢迎与我们交流或反馈，来信请致 podcast@thetype.com​。如果你喜爱本期节目，也欢迎用支付宝向我们捐赠：hello@thetype.com​。

Video Episode: https://youtu.be/igJqDBKj13o In today’s episode, we discuss a new cybercriminal campaign utilizing Unicode obfuscation to hide the Mongolian Skimmer on e-commerce platforms, aiming to steal sensitive data. OpenAI has reported disrupting over 20 malicious operations leveraging its technology for tasks including malware development and election-related misinformation. Additionally, we cover critical vulnerabilities in Firefox and Fortinet products, emphasizing the need for urgent updates to mitigate risks and ensure cybersecurity. References: 1. https://thehackernews.com/2024/10/cybercriminals-use-unicode-to-hide.html 2. https://thehackernews.com/2024/10/openai-blocks-20-global-malicious.html 3. https://www.helpnetsecurity.com/2024/10/10/cve-2024-9680/ 4. https://thehackernews.com/2024/10/cisa-warns-of-critical-fortinet-flaw-as.html Timestamps 00:00 – Introduction 01:12 – Fortinet Urgent Patch 02:12 – Firefox Zero-Day 03:14 – OpenAI blocks 20 abusive networks 05:04 – Unicode Obfuscation 1. What are today’s top cybersecurity news stories? 2. How is the Mongolian Skimmer using Unicode to hide its malware? 3. What actions has OpenAI taken against malicious operations using its platform? 4. What are the latest updates regarding the Firefox zero-day vulnerability CVE-2024-9680? 5. What critical vulnerabilities are impacting Fortinet and Palo Alto Networks? 6. How can ransomware be concealed with obfuscated scripts? 7. Which cybersecurity threats are currently being reported by CISA? 8. What steps should be taken to secure systems against the new vulnerabilities? 9. How are cyber actors leveraging generative AI for malicious purposes? 10. What recent updates have been made to safeguard web applications from skimmers? Unicode obfuscation, Mongolian Skimmer, malware, e-commerce, OpenAI, malware, misinformation, countermeasures, zero-day, Firefox, Mozilla, vulnerability, CISA, Fortinet, vulnerabilities, cyber threats

《字谈字畅》走过了九年，感谢听众一如既往的支持。本期节目将与大家分享 Eric 近期应邀撰稿的内容，回顾近二十年来中文字体产品的发展景象。 同时，感谢来自八岁半年轻听众的声音和祝福。 参考链接 字谈字畅 080：三周年庆特别节目 The Type 纪念 T 恤 Hiiibrand Awards 2024 设计竞赛开始征集作品，截止时日期为 2024 年 10 月 31 日（超级早鸟），11 月 30 日（早鸟），12 月 31 日（常规） 森泽字体设计竞赛作品征集已截止，评奖结果预计 2025 年 2 月发布 第十三届「方正奖」设计大赛启动，作品征集日期为 2024 年 9 月 21 日至 2026 年 2 月 28 日 TDC71 设计竞赛开始征集作品，截止日期为 2024 年 11 月 1 日（早鸟），2025 年 1 月 31 日（常规），2025 年 2 月 28 日（最终） Inscript Experimental Typography Festival 将于 10 月 16 至 20 日在线上举办 Unicode 16.0 于 9 月 10 日正式发布，新增 UAX #53 和 UAX #57，以及 Emoji v16.0 等；核心规范（Core Specification）部分同时以网页版形式发布 新出版的日文设计期刊 C-GRAPHIC INDEX 于今年 8 月面世，Eric 应邀发表文章《从二〇〇〇年代开始的汉字设计风景》（二〇〇〇年代からの漢字デザイン風景） Unicode 3.0 于 2000 年发布 GB 18030—2000《信息技术　信息交换用汉字编码字符集　基本集的扩充》 谭沛然所撰《参数化设计与字体战争：从 OpenType 1.8 说起》，2016 年刊于 The Type 方正铁筋隶书，朱志伟设计，2003 年发布 方正兰亭黑，齐立设计，2006 年发布 方正雅宋，朱志伟设计，2007 年发布 冬青黑体（简体中文版），字游工房设计，2007 年发布 方正静蕾体，徐静蕾设计，2007 年发布 方正金陵（简体中文版），今田欣一设计，2016 年发布 华康翩翩体，华康字型出品，2012 年发布 信黑体，柯炽坚设计，2011 年发布 汲古书体，应永会设计，2017 年发布 字谈字畅 047：汲古新字 空明朝体，许瀚文设计，2022 年发布 汉仪尚巍手书，尚巍设计，2016 年发布 锦华明朝体，薛天盟设计，2023 年发布 字谈字畅 176：茉莉芬芳沁锦华 思源黑体，Adobe、Google 合作设计出品，2014 年发布 杜甫所作七言律诗《至日遣兴奉寄北省旧阁老两院故人二首》 汉仪杰龙桃花源，张杰龙设计，2022 年发布 主播 Eric：字体排印研究者，译者，The Type 执行编辑 蒸鱼：设计师，The Type 编辑 欢迎与我们交流或反馈，来信请致 podcast@thetype.com​。如果你喜爱本期节目，也欢迎用支付宝向我们捐赠：hello@thetype.com​。

In this episode of the Security Swarm Podcast, host Andy Syrewicze and guest Michael Posey discuss the new password guidelines and recommendations released by NIST (National Institute of Standards and Technology). They cover a range of topics related to password security, including the importance of password length over complexity, the move away from composition rules and periodic password changes, the risks associated with knowledge-based authentication, the concept of password entropy, and more!   Throughout the conversation, Andy and Michael draw on their extensive experience in the cybersecurity field to offer practical advice and perspectives on the changing landscape of password security.   Do you want to join the conversation? Join us in our Security Lab LinkedIn Group!  Key Takeaways:  NIST recommends a minimum password length of 8 characters, with a suggested length of 15 characters or more.   NIST has recommended removal of the requirement for password composition rules, such as the need for special characters, numbers, and uppercase letters.   NIST states that password providers SHALL NOT require periodic password changes unless there is evidence of a breach, as this can lead to users creating predictable password patterns.   The use of ASCII and Unicode characters is now encouraged, allowing for more diverse and random password options.   Password entropy (randomness) is more important than password complexity, as modern computing power can quickly crack simple but complex-looking passwords.   For mission-critical systems, organizations may still choose to implement more rigorous password policies, even if they deviate from the NIST recommendations.   The industry is exploring new hashing methods and technologies, such as passkeys, to address the challenges posed by GPU-based brute-force attacks.  Timestamps:  (07:40) Credential Service Provider (CSP) Requirements and Recommendations   (10:02) Removing Password Composition Rules   (14:21) Ending Periodic Password Changes   (19:48) The Importance of Password Entropy and Length   (28:30) Phasing Out Knowledge-Based Authentication   (30:30) The Impact of Password Length on Cracking Time  Episode Resources:  NIST Publication 800-63B -- To enhance your organization's security posture, consider implementing Hornetsecurity's Advanced Threat Protection. This solution provides AI-powered defense against sophisticated attacks, ensuring your emails and data remain secure. By adopting best practices in password management and utilizing advanced security features, you can significantly reduce the risk of breaches. Protect your business today and stay one step ahead of cyber threats. Learn more about Advanced Threat Protection here. 

Lords: * Nathan * https://store.steampowered.com/app/2976260/ChainStaff/ * Tom Topics: * During the summer olympics, France introduced breakdancing as an event, which was invented in America. They stole it from us! What new event should we steal from another country when the Olympics comes to LA in 2028? * https://en.wikipedia.org/wiki/Izzy_(mascot) * Getting to an age where media is good: the writers are your contemporaries so their work doesn't feel stodgy anymore. * How are you saying goodbye to trigraphs? * Rain by Raymond Carver * https://readalittlepoetry.com/2012/12/13/rain-by-raymond-carver/ * Jumping levels of abstraction while explaining computery things, how to pronounce angle brackets and command-line flags * 3rd tetris playtest developed ("rolling"), ponder an entirely new approach to a game (or medium, or problem) that comes nearly 40 years later. * https://www.youtube.com/watch?v=iV5DIZyqsaw Microtopics: * Whether the chain staff is also the grappling hook. * How all games ought to be made. * Using an ancient alien artifact as an immersion blender. * Getting the steamer arm upgrade before you can steam the milk. * Space Opera by Catherynne Valente. * Books where you read a couple paragraphs and you're done for the day. * A sport where if you reach just a little bit further maybe you can touch your opponent's face with your foot. * Stealing cheese rolling from France at the 2028 Olympics. * Hosting the Olympics: a huge money-loser. * Shouldering the terrible burden of hosting the 2028 Olympics. * Aging up the 1996 Olympics mascot so they'll be the right age for the 2028 Olympics. * The Chinese Olympics mascot Jim keeps confusing for Tingle. * Olympic announcers just assuming everyone knows what a "B-Boy" is. * This right here is a horse. * Arranging a competition as bracket of 1v1 matches when it could just as easily be individually scored performances. * Gymnasts all over the world chalking their hands because humans are more alike than they are different. * Running fast at the Olympics. * Hiring Topic Lords as Olympic announcers. * Synchronized swimming except you need to synchronize with all your competitors. * Getting out the shotgun mics to televise basketball players trash talking each other. * Liking television alongside people who share your generational values. * Enjoying being part of a target demographic until you get too old. * Making an effort to appreciate new art more. * The inexhaustible supply of old movies you haven't seen. * What is lost and what is gained now that we're not all watching exactly the same TV shows every night. * Realizing your social values match the media you're consuming because you didn't roll your eyes at the Very Special Episode. * All the video games where you build a bionic arm for an NPC. * Two guys in a missile silo arguing to keep trigraphs in the C standard. * Boring programming situations where memory leaks are impossible. * A guy drinking a beer looking over your shoulder while you program who says "yep" whenever you do something he approves of. * Compiling C++ to a web site. * Writing a web assembly program by typing opcodes into a Javascript string. * What website people are into. * Music that plays while you're waiting for a game to load. * Loading the loading screen. * Some things are being destroyed and other things rebuilt. * Waking up and it's raining. * Saying you have no regrets when of course you have regrets – everyone has regrets, fool! * What cities were destroyed in December 2012? * Scraping information so you can stick it in a file system. * Complete List of Destroyed Cities. * How grumpy Raymond Carver was as a six year old. * How to communicate about what you want someone to type. * What they call curly braces in other countries. * Smooth brackets. * How Mandarin speakers write C code. * Drawing weird shit with Unicode glyphs, making it your URL, printing it on the side of a bus and making people figure out how to type it. * Mathematicians giving all their variables single letter names. * Embarrassing yourself by begging the compiler to not reformat your code. * Choosing to do the easy part of your job right now. * How to play Tetris faster. * Strumming arcade buttons to press them faster. * Weird ways of holding the NES controller to move Tetris pieces faster. * A new way to interact with this piece of plastic. * Turning the back of the controller into a giant button. * What high jump competitors thought the first time they saw the Fosbury Flop. * Learning to do close-up magic and getting frustrated because you can't literally make the card vanish. * Funding a weird game and finding out later if it ever ships. * Whether the folks who made ZPF considered any better names.

三言出品的《Glyphs 字体设计手册中文版》正式发售。今天，我们特别邀请到本书的两位作者梁卓毅和厉致谦，介绍手册的内容构成，以及编撰和设计过程中的幕后故事。 参考链接 2024 蒙纳夏季字体沙龙深圳站活动，将于 6 月 21 日 14 至 17 时在万科云城设计公社举办 研习设名家排版学习月线上课程，将于 7 月 6 日开办 石金浩（석금호, Paul Geumho Seok）先生，韩国 Sandoll 字体公司创始人，于 2024 年 5 月 23 日逝世，享年 69 岁 铁宋已于 4 月 23 日发布第二个预览版本，并计划在今年 6 月底完成开发，推出公测版 Unicode 16.0 进入公开审阅阶段，审阅期截至 7 月 2 日；正式版计划于 9 月 10 日发布 Glyphs 于 4 月发布 3.2 版 《Glyphs 字体设计手册中文版》，由三言出品，已于 3 月 30 日至 4 月 27 日完成预售 佛捷歌尼（Fedrigoni），意大利纸业品牌 Glyphs 使用指南相关的外语出版物 日文：『Glyphsではじめる フォント制作』 韩文：『글립스 타입 디자인』 Adobe 的日本字体设计师吉田大成在 Adobe Typekit 写的 Glyphs 连载 《InDesign 用户指南》中对「书写器」（排版器）的说明 嘉宾 厉致谦：以设计为原点的多领域的研究和实践者；3type 联合创始人，The Type 撰稿人，上海活字项目发起人 梁卓毅：3type 设计师，中文字体解密组成员 主播 Eric：字体排印研究者，译者，The Type 编辑 欢迎与我们交流或反馈，来信请致 podcast@thetype.com​。如果你喜爱本期节目，也欢迎用支付宝向我们捐赠：hello@thetype.com​。

Hello buffet! We've finally brought back a potluck after two years, so come sit with us as we each serve a song from 2024 so far to dig into! Allen Mark brought "REC" by COOING Stephen brought "Spring in My 20th" by UNICODE Chuck brought "Cheese (featuring WENDY)" by SUHO (00:39) - Intro & Catch-up (07:34) - Stephen's Specials of the Week (15:15) - “REC” Discussion (31:50) - “Spring in my 20th” Discussion (44:37) - “Cheese” Discussion Let's Connect: Twitter:⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@HallyuCanEat⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Instagram:⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@HallyuCanEat⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Email: hallyucaneat@gmail.com Follow some of the Co-Leaders! Allen Mark -⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/allenmarkca⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Chuck -⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/ChuckJose⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Stephen -⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.instagram.com/extendedfamradio/⁠

When you order a kebab and they ask you if you want everything on it, you might say yes. But you'd probably still be surprised if it came with say, chocolate, let alone a bicycle...even though chocolate and bicycles are technically part of "everything". That's because words like "everything" and "all" really mean something more like "everything typical in this situation". Or in linguistic terms, we say that their scope is ambiguous without context. In this episode, your hosts Lauren Gawne and Gretchen McCulloch get enthusiastic about how we can think about ambiguity of meaning in terms of scope. We talk about how humour often relies on scope ambiguity, such as a cake with "Happy Birthday in red text" written on it (quotation scope ambiguity) and the viral bench plaque "In Memory of Nicole Campbell, who never saw a dog and didn't smile" (negation scope ambiguity). We also talk about how linguists collect fun examples of ambiguity going about their everyday lives, how gesture and intonation allow us to disambiguate most of the time, and using several scopes in one sentence for double plus ambiguity fun. Read the transcript here: https://lingthusiasm.com/post/748141442230272000/transcript-episode-91-scope Announcements: In this month's bonus episode we get enthusiastic about the forms that our thoughts take inside our heads! We talk about an academic paper from 2008 called "The phenomena of inner experience", and how their results differ from the 2023 Lingthusiasm listener survey questions on your mental pictures and inner voices. We also talk about more unnerving methodologies, like temporarily paralyzing people and then scanning their brains to see if the inner voice sections still light up (they do!). Join us on Patreon now to get access to this and 80+ other bonus episodes. You'll also get access to the Lingthusiasm Discord server where you can chat with other language nerds. You can find us at patreon.com/lingthusiasm Also: Join at the Ling-phabet tier and you'll get an exclusive “Lingthusiast – a person who's enthusiastic about linguistics,” sticker! You can stick it on your laptop or your water bottle to encourage people to talk about linguistics with you. Members at the Ling-phabet tier also get their very own, hand-selected character of the International Phonetic Alphabet – or if you love another symbol from somewhere in Unicode, you can request that instead – and we put that with your name or username on our supporter Wall of Fame! Check out our Supporter Wall of Fame and become a Ling-phabet patron here: patreon.com/lingthusiasm For links to things mentioned in this episode: https://lingthusiasm.com/post/748139974576275456/lingthusiasm-episode-91-scoping-out-the-scope-of

Episode 65: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with Sam Curry to discuss the ethical considerations and effectiveness of hacking, the importance of good intent, and the enjoyment Sam derives from pushing the boundaries to find bugs. He shares stories of his experiences, including hacking Tesla, online casinos,Starbucks, his own is ISP router, and even getting detained at the airport.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Guest:https://samcurry.net/Resources:Don't Force Yourself to Become a Bug Bounty HunterhackcomputeStarbucks BugrecollapseTimestamps:(00:00:00) Introduction(00:02:25) Hacking Journey and the limits of Ethical Hacking(00:28:28) Selecting companies to hack(00:33:22) Fostering passion vs. Forcing performance(00:54:06) Collaboration and Hackcompute(01:00:40) The Efficacy of Bug Bounty(01:09:20) Secondary Context Bugs(01:25:01) Mindmaps, note-taking, and Intuition.(01:46:56) Back-end traversals and Unicode(01:56:16) Hacking ISP(02:06:58) Next.js and Crypto(02:22:24) Dev vs. Prod JWT

If you're itching for a discussion that explains why I'm afraid to move into my new bathroom, what I really think about Andrew Huberman, and why it might make more sense to learn French than Java… prepare to be scratched, I guess? I am highly confident that at least one person will get angry and unfollow this show as a result of words that came out of my mouth. If you've got thoughts and/or feelings, let me have'm at podcast@searls.co! Some links to things: legitimate.us Added likes for my podcast Browsers ignore autocomplete=off My new dry_eraser gem My newsletter about chronic back issues Tron got snubbed because they "cheated" by using computers (a cool video about its production) The Huberman "hit-piece" (News+) Huberman as pseudo-science Universities have a Computer-Science Problem (News+) The End of Foreign-Language Education (News+) Stardew Valley 1.6 True Detective Season 4

Proxy trojan targets macOS users for traffic redirection Indoor navigation has had a slow start Krasue RAT uses cross-kernel Linux rootkit to attack telecoms U.S. approves first gene-editing treatment, Casgevy, for sickle cell disease The DNS Deep-Drive continues with guests Josh Kuo, DNS expert, and Ross Gibson, Principal Solutions Architect of Infoblox, to talk about external authoritative DNS - whether enterprises should fully manage their own external DNS or use managed services, threats like domain hijacking, using load balancers, and more. Hosts: Curtis Franklin and Brian Chee Guests: Josh Kuo and Ross Gibson Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT lookout.com vanta.com/ENTERPRISE