Hackers Love Your APIs: How to Defend Against 2025’s Biggest API Threats ⌘ Read more

A Penetration Tester’s Journey

Image

Part 4 of “Beginner to Master in Linux” — A Penetration Tester’s Journey

Continue reading on InfoSec Write-ups » ⌘ Read more

AI Agents Unleashed: The Rise of Autonomous Systems Transforming Industries

Image

The emergence of AI agents signifies a transformative shift in generative AI, evolving from simple chatbots to sophisticated … ⌘ Read more

Is Your App Protected? The Branch API Vulnerability You Need to Know About

Image

$fallback_url is a helpful feature in Branch’s deep linking system — until someone uses it to redirect your users to phishing … ⌘ Read more

Securing Apache2 + PHP: Practical guide for safer web hosting

Image

A practical security checklist to harden your Apache2 + PHP stack and protect your web applications from common vulnerabilities.

[Continue reading on InfoSec Write-ups »](https:// … ⌘ Read more

@prologic@twtxt.net @movq@www.uninformativ.de @bender@twtxt.net That would be fantastic! I encourage you to give feedback or give your experience as an issue: https://codeberg.org/Texudus/website/issues
The specification gives the feeling that it is complete, but there is always gap for small adjustments.

VP2430 Vault Pro Featuring Intel N150 and 4x 2.5GbE in a Fanless Design
The VP2430 is a compact, fanless network appliance based on Intel’s N-series platform. As part of the Vault Pro series, it builds on earlier models such as the VP2410 and VP2420, introducing incremental enhancements in processing capability, thermal management, and connectivity. This model incorporates the Intel N150 quad-core processor, operating at up to 3.6GHz with […] ⌘ Read more

Sending Pics To Each Other ⌘ Read more

Refurb iPhone 15 Models Now Available From Apple’s UK Online Store
Apple is selling refurbished iPhone 15, iPhone 15 Plus, iPhone 15 Pro, iPhone 15 Pro Max models to its online store in the United Kingdom, around four months after introducing the discounted models in other European countries.

Image

The iPhone 15 is priced starting at £589, while the iPhone … ⌘ Read more

@kat@yarn.girlonthemoon.xyz if I haven’t said it before, please allow me to say it now: I kinda like your attitude. Heck, I love it!

How to build a fleet of networked offsite backups using Linux, WireGuard and rsync
Comments ⌘ Read more

I lost my 3 year old boy Anakin this morning due to a reaction to anesthesia. He was the best. ⌘ Read more

AI Powered Tabs in Firefox? But… Why?!
Plus: Firefox maker Mozilla finally admits they “May Be Forced to Scale Back Operations”. ⌘ Read more

Mark Zuckerberg has a creepy new way to invade your privacy
The new Meta app promises to be a more “personalised” form of AI. It is really a more disturbing version of ChatGPT. ⌘ Read more

“Black Sisterhood in Computing” Tax Payer Funded Grant Cancelled
The ending of DEl grants may cause the the Oregon State University Open Source Lab to shut down. ⌘ Read more

[$] Filtering fanotify events with BPF
Linux systems can have large filesystems; trying to keep up with the
stream of
fanotify filesystem-monitoring notifications for them can be a struggle.
Fanotify is one of a few ways to monitor accesses to filesystems provided by the kernel.
Song Liu led a discussion
on how to improve in-kernel filtering of fanotify events to a joint
session of the filesystem and BPF tracks at the 2025 Linux Storage, Filesystem,
Memo … ⌘ Read more

FTC v. Meta (The Case That Could Break Up Facebook)
How likely is it that Meta is found to be a Monopoly and gets broken up? ⌘ Read more

And on a similar note, cross-post from Mastodon:

What I love about HTML and HTTP is that it can degrade rather gracefully on old browsers.

My website isn’t spectacular but I don’t think it looks horrible, either. And it’s still usable just fine all the way down to WfW 3.11:

• Some blog post in various browsers
  
• Git repo viewer (stagit)
  
• Older photos of WfW 3.11
  

It’s not perfect, but it’s usable. And that makes me happy. Almost 30 years of compatibilty.

The biggest sacrifice is probably that I don’t enforce TLS and that HTTP 1.0 has no Host: header, so no vhosts (or rather, everything must come from the default vhost). (Yes, some old browsers send Host:, even though they predate HTTP 1.1. Netscape does, but not IBM WebExplorer, for example.)

(On the other hand, it might completely suck on modern mobile devices. Dunno, I barely use those. 🤪)

[$] Improving FUSE writeback performance
In a combined filesystem and memory-management session at
the 2025 Linux Storage, Filesystem, Memory
Management, and BPF Summit (LSFMM+BPF), Joanne Koong led a discussion on
improving the writeback performance for the Filesystem in\
Userspace (FUSE) layer. Writeback is how data that is written to the
filesystem is actually flushed to the disk; it is the process of writing
dirty pages from the page cache to storage. The current FUSE
imple … ⌘ Read more

Good bye Dj Mustard, back to the universe you go ❤️🕊️ ⌘ Read more

Securing Model Context Protocol: Safer Agentic AI with Containers
Model Context Protocol (MCP) tools remain primarily in the hands of early adopters, but broader adoption is accelerating. Alongside this growth, MCP security concerns are becoming more urgent. By increasing agent autonomy, MCP tools introduce new risks related to misalignment between agent behavior and user expectations and uncontrolled execution. These systems also present a novel… ⌘ Read more

Why wait to get home? ⌘ Read more

@movq@www.uninformativ.de hahaha! They sure have a point. There is always the next, shinny bandwagon to jump into.

@kat@yarn.girlonthemoon.xyz Oh dear, what a way to start the day! :-(

It’s 5 o’clock somewhere… according to my cat. ⌘ Read more

one of my servers (the one that hosts yarn!) crashed while i was asleep and i woke up to several discord pings telling me it’s down T__T AND my terminal stopped working and i had to install new drivers! i am half asleep!!!!

nnd: A TUI alternative to gdb
Comments ⌘ Read more

My foster fail (the orange boy), who had been flagged by the rescue as needing to be an only cat ⌘ Read more

had to share this lovely video of my cat and his reflection ⌘ Read more

Well because I can and want to see what will happen :)

She wants to bite u ⌘ Read more

@bender@twtxt.net I think this would be a good idea as @movq@www.uninformativ.de and @andros@twtxt.andros.dev have done ✅ I may even join the experiments if I have any spare time to hack a custom yrand branch and run it up on say something like a yarnexp.mills.io or something 🤔

Memory-safe sudo to become the default in Ubuntu - Trifecta Tech Foundation
Comments ⌘ Read more

An appeal to Apple from Anukari regarding GPU frequency scaling
Comments ⌘ Read more

Apple Seeds iOS 18.5 and iPadOS 18.5 Release Candidates
Apple today seeded the release candidate versions of upcoming iOS 18.5 and iPadOS 18.5 updates to developers and public beta testers, with the software coming a week after Apple released the fourth betas. The release candidate represents the final version of iOS 18.5 and iPadOS 18.5 that will be released to the public should no bugs be found.

Image

iOS 18.5 … ⌘ Read more

In ‘Highly Unusual’ Move, Trump DOJ Sues to Block States From Holding Fossil Fuel Companies Accountable for Climate Crisis
: Cristen Hemingway Jaynes,  Contributing Writer  -  EcoWatch

_Stephan: The Trumpian fascist coup shows you almost every day that it cares nothing about your wellbeing, and it seeks to suppress any preparation to ameliorate the devastation of your life, and the lives of your children a … ⌘ Read more

Momma cat introduces her new baby born to human baby ⌘ Read more

Trump Sons’ Deals on Three Continents Directly Benefit the President
Eric Lipton and David Yaffe-Bellany,  Investigative Reporter | Contributing Writer  -  The New York Times

_Stephan: Are you having problems with your grocery costs? Were you stunned by what your pharmaceuticals cost? Were you appalled by the prices you saw when you looked to buy a new car? As ordinary Americans struggle with the economic chaos that aspiring dictator and psychopath Trump h … ⌘ Read more

Study reveals stark differences in life expectancy across US states over the past century
Colin Poitra,  Staff Writer  -  Medical Press

_Stephan: Look at the graph at the head of this article. What do you notice? I have been telling you for 30 years that by every objective measure I can find, from happiness to literacy to life expectancy, Republican governance is always inferior to Democratic governance, even as flawed as it often is. … ⌘ Read more

A militarized conspiracy theorist group believes radars are ‘weather weapons’ and is trying to destroy them
Andrew Freedman,  Reporter  -  CNN

_Stephan: The weaponization of misinformation on social media, plus America’s gun obsession, plus the rise of fascism in the MAGAt world, is creating a serious distortion of the U.S. culture. Here is an example of what I mean. The only thing that is going to change this is you an … ⌘ Read more

When your cat trusts you so much that she brings her newborns to you for shelter and protection ⌘ Read more

A new AUTOSEL release
AUTOSEL is a tool that is used to find kernel patches that should be
considered for backporting into the stable releases. Sasha Levin has announced a new and completely
rewritten version of AUTOSEL for those who would like to play with it.

Unlike the previous version that relied on word statistics and
older neural network techniques, AUTOSEL leverages modern large
language models and embedding technology to provide significantly
more accurate recommen … ⌘ Read more

foss-north 2025
I attended foss-north, a free / open source conference covering both
software and hardware from the technical perspective, at Chalmers
Conference Center in Gothenburg on April 14 & 15. A great conference.
Lots of interesting talks:

https://foss-north.se/2025/speakers-and-talks.html

My own presentation was “Forking QEMU to emulate and secure the
Tillitis TKey”. Recording is here:

[https://www.youtube.com/watch?v=TCsP5ti4-9o] … ⌘ Read more

Hack Any Mobile Phone Remotely

Image

Ethically — but note — this used to work great with phone under android 10

Continue reading on InfoSec Write-ups » ⌘ Read more

Containers vs Virtual Machines: Key Differences, Benefits, and Use Cases Explained

Image

Discover the difference between containers and virtual machines, their benefits, and use cases to make smarter inf … ⌘ Read more

Threat Profiling 101: How to Create a Threat Profile

Image

Learn how to create effective threat profiles to identify and prioritize relevant cyber threats for your organization.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/th … ⌘ Read more

The Ultimate Guide to Cyber Threat Actors: Exploring Hackers, Hacktivists, and Their Tactics

Image

How can we understand the impact of hackers and hacktivists on global cyberse … ⌘ Read more

@ You seem to be a bit ahead of your time: https://darch.dk/timeline/conv/jl2mf2a

Yes it seem to work(ish) on timeline at least: https://darch.dk/timeline/post/imopblq

@bender@twtxt.net My point was that the suggested syntax for extending mentions to point to a specific message (@<nick url timestamp>) and having location based treading this way, might not break older clients, since they might just igonore the last value within the brackets.

Ten Formidable Bugs and Insects That Scientists Recently Discovered
The insect world is home to strange, menacing creatures that, if you were a little bug, you would be wise to steer clear of. Year after year, researchers uncover new species of ferocious creepy crawlies, monsters of the minibeast world. Parasitic wasps, exploding ants, beetles with punky hairdos, there is no shortage of grisly wonders. […]

The post [Ten Formidable Bugs and Insects That Scientists … ⌘ Read more

10 Things Humans Are Weirdly Bad at Predicting
Humans like to think of themselves as rational, forward-looking creatures. But when it comes to forecasting the future—even our own—we’re often laughably wrong. From personal choices to global crises, our brains are wired with cognitive shortcuts and emotional biases that lead us to consistently underestimate, overestimate, or misjudge reality. Sometimes, the error is small. Other […]

The post [10 Things Humans Are Weirdly Bad at Predicti … ⌘ Read more

Stop Uncapped Cloud Billing
This emerging community was created when its author got a single-day cloud bill of $97k due to a DoS attack that killed his small business.

Comments ⌘ Read more

Interviewing Software Developers: From Junior to Architect in a Single Programming Task
Comments ⌘ Read more

Kitty likes to play ⌘ Read more

@kat@yarn.girlonthemoon.xyz Haha that’s crazy! I’ve spent this evening trying to the same 😆 I still don’t havn’t reached my goal yet, but I’m getting there.

Buffett Says Tim Cook Made Berkshire More Money Than He Ever Did
Berkshire Hathaway CEO Warren Buffett offered rare public praise for Apple CEO Tim Cook at the holding company’s annual shareholder meeting on Saturday, during which Buffett confirmed he was stepping down.

Image

“I’m somewhat embarrassed to say that Tim Cook has made Berkshire a lot more money than I’ve ever made,” Buffett told the audience, alluding … ⌘ Read more

She didn’t know the search was going to be this thorough ⌘ Read more

Belle likes to be naughty ⌘ Read more

Saying goodbye to my girl Kiwi soon..I’m devastated ⌘ Read more

Use a Proximity Gesture to Play Music from Spotify / Apple Music on HomePod with iPhone
Whether you have a HomePod or HomePod mini in your own house, or you’re visiting elsewhere with a HomePod, you can quickly and easily play music from Spotify or Apple Music on the HomePod from your iPhone with a simple physical proximity gesture. This trick is so simple and useful but it’s not well known, … Read More ⌘ Read more

Defeated and used by the monsters she used to hunt (angelicsavior1) ⌘ Read more

Deals: $150 Off M4 MacBook Air, $300 Off M4 MacBook Pro, iPad mini 7 for $399, & More
Amazon is back with more great deals on Apple products, taking $150 off the price of the M4 MacBook Air series in both 13″ and 15″ display sizes, up to $320 off the M4 MacBook Pro in select configurations, the latest iPad mini for $399, $100 off the M3 iPad Air, plus discounts on AirPods, … [Read More](https://osxdaily.com/2025/05/05/deals-150-off-m4-macbook-air-300-o … ⌘ Read more

How To Understand That Jepsen Report
Comments ⌘ Read more

Use a Proximity Gesture to Play Music from Spotify / Apple Music on HomePod with iPhone
Whether you have a HomePod or HomePod mini in your own house, or you’re visiting elsewhere with a HomePod, you can quickly and easily play music from Spotify or Apple Music on the HomePod from your iPhone with a simple physical proximity gesture. This trick is so simple and useful but it’s not well known, … Read More ⌘ Read more

[$] Injecting speculation barriers into BPF programs
The disclosure of the Spectre\
class of hardware vulnerabilities created a lot of pain for kernel
developers (and many others). That pain was especially acutely felt in the
BPF community. While an attacker might have to painfully search the kernel
code base for exploitable code, an attacker using BPF can simply write and
load their own speculation gadgets, which is a much more efficient way of
operating. The BPF comm … ⌘ Read more

Welcome to Maintainer Month: Events, exclusive discounts, and a new security challenge
This May marks the fifth annual Maintainer Month, and there are lots of treats in store: new badges, special discounts, events with experts, and more.

The post [Welcome to Maintainer Month: Events, exclusive discounts, and a new security challenge](https://github.blog/open-source/maintainers/welcome-to-maintainer-month-events-exclusive-discounts-and-a-ne … ⌘ Read more

i love it when k-pop girls get to do unusual genres. you ever wanted to hear a k-pop girl group do something massive attack-ish with a bit of breakbeat? well we got it https://www.youtube.com/watch?v=jy0qJC6IbgY

(Updated)Modular Cerebro Clusterboard Supports Raspberry Pi CM4/CM5, Jetson, and Radxa CM5
Cerebro is an upcoming clusterboard platform launching on Kickstarter, designed for AI, edge computing, and embedded development. It supports a range of compute modules including Raspberry Pi CM4 and CM5, NVIDIA Jetson, and Radxa CM5, providing a modular base for scalable systems. The board can host up to four compute nodes and includes an onboard, […] ⌘ Read more

Introducing Docker MCP Catalog and Toolkit: The Simple and Secure Way to Power AI Agents with MCP Tools
Model Context Protocols (MCPs) are quickly becoming the standard for connecting AI agents to external tools, but the developer experience hasn’t caught up. Discovery is fragmented, setup is clunky, and security is too often bolted on last. Fixing this experience isn’t a solo mission—it will take an industry-wide effort. A secure, scalable, and trusted MCP… ⌘ Read more

Building Trust with OpenID Federation Trust Chain on Keycloak
OpenID Federation 1.0 provides a framework to build trust between a Relying Party and an OpenID Provider that have no direct relationship so that the Relying Party can  send OIDC/OAuth requests to the OpenID Provider without being previously… ⌘ Read more

The tattoo I got for my cats 5th birthday (swipe to see the cat) ⌘ Read more

So, Monday, we meet again. I mean, it is not a complain per se. I am glad to meet Monday! I am just not-so-glad to meet the working-from-office Monday. But, so it is.

From moldy bread, to life saving medicine ⌘ Read more

Two stable kernels released—with build fixes only
The 6.12.27 and 6.1.137 stable kernels have been released to
fix build problems in their predecessors. Only those who are having
build troubles with 6.12.26 or 6.1.136 need to upgrade. ⌘ Read more

@javivf@adn.org.es You’re free to send me a DM. 😉

This is Gypsy and she has worn this for 4 days straight. The mask falls off easily and every time it has fallen off, she meows constantly until you put it back on her head. I guess, until she gets tired of it, I will have to call her Bat-Gypsy 😂 such a weird lovable cat with loads of personality. ⌘ Read more

@ About the URL, since it no longer used for hashing there might be no need to change it. I agree that we keep all the parts that already are out there for the most parts. Instead of a contact field you could also just use links like: link = Email mailto:user@example.dk or link = Signal https://signal.me/sthF4raI5Lg_ybpJwB1sOptDla4oU7p[...]

@sorenpeter@darch.dk you wrote:

“This might even be backward compatible with older (pre-yarn) clients.”

Yarnd is as backwards compatible with older clients as this. I dare to say, even more so. 😅

@sorenpeter@darch.dk Yes, there are interesting things that can be incorporated to see how they work.
The issue of allowing the use of Z for UTC is interesting. I think I should add a brief explanation.
The url issue is for a debate :D . Maybe an issue could be opened. My opinion is that it is necessary to leave it as it is right now because otherwise the thread system, or replies, may have problems (404s). It’s all a matter of discussion.
I like your idea of contact. I will add it.
Thanks to you for your feedback!!!

On termux you can use telnet, lynx and netcat (command nc) to reach gopher servers.

@andros@twtxt.andros.dev Thanks for consolidating a lot of good ideas. Especially how you have deiced to just extend the mention syntax for location-based treads. This might even be backward compatible with older (pre-yarn) clients.
What about using Z for UTC +00:00- is that allowed in your specs?
Regarding url = I would suggest to only allow one and the maybe add url_old = or url_alt = !?
I’m still not a fan of a DM feature, even thou it helps that i have now been split out into a separate feed file. Instead if would suggest a contact = field for where people can put an email or other id/link for an established chat protocol like signal or matrix.

What are you doing this week?
What are you doing this week? Feel free to share!

Keep in mind it’s OK to do nothing at all, too. ⌘ Read more

Apple’s M4 MacBook Pro Hits New Record Low Prices on Amazon at Up to $479 Off
Today we’re tracking a collection of discounts on Apple’s M4 MacBook Pro at Amazon, including as much as $479 off select models of the computer. These computers are seeing frequent price fluctuations on Amazon right now, so be sure to shop soon if you’re interested.

![](https://images … ⌘ Read more

Trump when pressed on if he needs to uphold the Constitution: ‘I don’t know’
Gregory Svirnovskiy,  Staff Writer  -  Politico

_Stephan: We have reached the stage in Trump’s fascist coup where he feels secure enough in his power that he is now openly saying he is not compelled to follow the Constitution, or listen to the courts, or Congress. I tell you again, the only thing that is going to stop this is if you and a million other people are out in the st … ⌘ Read more

Trump officials gut 25 centers that monitor flooding and drought in the US
Tom Perkins,    -  The Guardian (U.K.)

_Stephan: Just as hurricane season and flooding events are poised to begin, despot psychopath Trump and his administration of lackeys have just destroyed the science centers that predict oncoming weather events and warn of flooding. And yet still it is not clear to millions of American voters that Trump cares nothing for their wellbeing. … ⌘ Read more

**Clickjacked to the Core: Turning UI into a Trapdoor **

Image

Hey there!😁

Continue reading on InfoSec Write-ups » ⌘ Read more

** Bypassing Regex Validations to Achieve RCE: A Wild Bug Story**

Image

✨Free Article Link

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bypassing-regex-validations-to-achieve-rce-a-wild-bug-story-4c523f69b9f8?sourc … ⌘ Read more

** I Slashed My Spring Boot Startup Time to 1.8**

Image

When people complain about Spring Boot being slow, it’s not entirely wrong — but it’s often misunderstood. Out of the box, Spring Boot is…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/i-sl … ⌘ Read more

Stored XSS Led to OAuth App Credential Theft and Info Disclosure

Image

Hello folks,

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/stored-xss-led-to-oauth-app-credential-theft-and-info-disclosure-85545fca3948?sou … ⌘ Read more

Secure your Python applications: Best practices for developers

Image

Practical security tips every Python developer should know — from dependency safety to protecting against injection attacks and securing…

[Continue reading on InfoSec Write … ⌘ Read more

Medical journals hit with threatening letters from Justice Department
Rob Stein,  Staff Writer  -  npr

_Stephan: For the past 20 years I have written a column for the largest holistic medicine journal, Explore. I am also on the editorial board of about 8 other peer reviewed journals in a spectrum of disciplines, and, over the years, I have been the editor of several scientific journals. I tell you this to make it clear that I understand the peer review pr … ⌘ Read more

‘It’s bad’ MSNBC’s Rachel Maddow slams Trump for ‘killing miracle’ drug
Erik De La Garza,  Staff Writer  -  Raw Story | MSNBC

_Stephan: Yet further proof that psychopath Trump and his MAGAt servants care nothing for the wellbeing of Americans. I just don’t understand how this could get any clearer, nor how Americans fail to understand we are becoming a neo-medieval society. Hundreds of thousands of Americans, particularly young people who use drugs, are aliv … ⌘ Read more

Fuzzing with Grammars
Not sure if it’s good netiquette to mention them, but the book is apparently co-authored by @vrthra.

Comments ⌘ Read more

@prologic@twtxt.net Absolutely! It is essential to practice and deepen every art 😄

@doesnm@doesnm.p.psf.lt More or less 😂 At the moment it’s just a space to experiment

10 Outrageous Horse Racing Scandals
Horse racing has always been known as one of the more prestigious sports, but its history is filled with scandals and misconduct. People have tried to manipulate races for betting purposes, horses have been swapped to increase their odds of winning, and racehorses have even been abducted. Performance-enhancing drugs and the mistreatment of horses have […]

The post [10 Outrageous Horse Racing Scandals](https://listverse.com/2025/05/05/10-outrageous-horse-racing … ⌘ Read more

modern-latex: A short guide to LaTeX that avoids legacy cruft
Comments ⌘ Read more

Kernel prepatch 6.15-rc5
Linus has released 6.15-rc5 for testing.
“So it all feels like things are just continuing to go well this
release. Let’s hope I didn’t jinx it by saying so.” ⌘ Read more

Cats introduced to new house, clearly love the sun room ⌘ Read more