The woes of sanitizing SVGs
Scratch has a long history of SVG-related vulnerabilities. The source of these is that Scratch parses user-generated (ie. attacker-controlled) content into an <svg> element and appends it into the main document for various operations (eg. measuring SVG bounding box in a more reliable way than viewbox or width/height).| muffin.ink
AIオタクのセキュリティエンジニアが伝えたい、バイブコーディングのセキュリティリスク7選 - GMO Flatt Security Blog
Claude CodeやCursorをはじめとするAIエージェントを活用した「バイブコーディング」が広まる一方で、`.env`の認証情報漏洩や悪意あるパッケージのインストールなど、従来の開発では起きにくかったセキュリティインシデントが報告されています。本記事では、セキュリティエンジニアの視点からバイブコーディングのセキュリティリスクを7つに整理し、Agent Skill・MCPサー...| GMO Flatt Security Blog
Nouvelles icônes Google : le design de Gmail et Drive change en 2026 - Numerama
Google préparerait une refonte majeure des icônes de ses applications avec des dégradés inspirés de Gemini et de sa nouvelle identité visuelle. Tous les services pourraient évoluer dans les prochaines semaines. Selon 9to5Google, Google prépare une refonte complète des icônes de ses applications. Après avoir modifié| Numerama
Lua can be a really cool HTML templating engine · riki's house
Lua can be a really cool HTML templating engine| riki's house
An experiment in vibe coding | Read the Tea Leaves
For the holidays, I gave myself a little experiment: build a small web app for my wife to manage her travel itineraries. I challenged myself to avoid editing the code myself and just do it “v…| Read the Tea Leaves
Sitemap with NextJS after 9.4 update.
Sitemap with NextJS after 9.4 update.| Emil Privér
Testing out Sveltia
I set up Sveltia headless CMS on my page, this is my first post with it. So I wanted to set up a simple headless CMS for my blog. Setting up Sveltia was rather quick and easy, though configuring it took a while. I have now set it all up and it was rather painless. The main reason I wanted this, while I mostly edit things in my text editor of choice anyway, I sometimes have something I want to share while out and about. So this is pretty much for mobile usage. :) And especially for sharing pho...| AksDev
Polymarket : un soldat américain arrêté après avoir gagné 400 000 dollars sur la chute de Maduro
Un soldat américain impliqué dans l'opération qui a conduit à la capture de Nicolás Maduro a été arrêté par le ministère de la Justice américain. Il est accusé d'avoir utilisé des informations classifiées pour miser sur Polymarket quelques jours avant l'annonce publique. Ses gains sont estimés à 409 000 dollars.| Tech : Découvrez les dernières innovations technologiques
« J’espère qu’il continuera à passer sous les radars » : comment LinkedIn a invité un agent IA sur scène avant de le bannir
Dans un article publié sur Wired, le journaliste américain Evan Ratliff raconte comment il a monté une startup entièrement pilotée par des agents IA. Parmi eux, on retrouve Kyle, CEO virtuel, devenu influenceur LinkedIn pendant cinq mois, jusqu'à ce que la plateforme l'invite à prendre la parole devant ses propres employés, puis le bannisse 36 heures plus tard.| Tech : Découvrez les dernières innovations technologiques
Adieu Microsoft : le Health Data Hub passe enfin sur un cloud français avec Scaleway
Fini Microsoft Azure, place au cloud souverain. Après des années de controverse liée au risque d'ingérence américaine, le Health Data Hub a officiellement annoncé confier l'hébergement des données de santé des Français à l'entreprise hexagonale Scaleway. L'épilogue d'un très long feuilleton politico-technologique.| Tech : Découvrez les dernières innovations technologiques
Le redoutable Claude Mythos a donné des sueurs froides à Firefox, mais c’était pour son bien
Derrière les notes de mise à jour en apparence banales de Firefox 150 se cache un véritable séisme pour la cybersécurité. En s'alliant avec la nouvelle IA d'Anthropic, Mozilla a débusqué et corrigé près de 300 failles d'un coup. Une avancée historique qui pourrait bien signer la fin des attaques « zero-day » et définitivement inverser le rapport de force entre pirates et défenseurs.| Tech : Découvrez les dernières innovations technologiques
Que faire après un métier de graphiste ?
Motion design, UX, direction artistique, intégration web… Après plusieurs années en tant que graphiste, les pistes d'évolution ne manquent pas. Tour d’horizon des opportunités à saisir ou à envisager.| BDM
information - technology - firefox
Download my policies.json file and install it. If the directory doesn't exist, you'll have to make it:| sciops.net
Serving the For You Feed - AT Protocol
How the maintainer of the popular For You feed serves it from their living room!| AT Protocol
Les chiffres clés d’Internet et des réseaux sociaux dans le monde en avril 2026
Quels sont les nouveaux usages d’Internet, des réseaux sociaux et de l’IA en avril 2026 ? Les réponses avec la dernière mise à jour du rapport publié par We Are Social et le cabinet Manochi.| BDM
Web Lookup Tools « Ben's IR Notes
General tool Check if IP has been reported for abuse before www.abuseipdb.com ASN lookup by company name Look for domains similar to your domain| Ben's IR Notes
WCAG3 Contrast as of April 2026 — Adrian Roselli
I am not speaking on behalf of the W3C nor the W3C Accessibility Guidelines Working Group (AGWG), nor am I a member, nor does anyone who is member know I am writing this, nor do I have any insider knowledge. For years I have seen people, teams, products, organizations, and…| Adrian Roselli
jjba23/olive-css: Utility-class vanilla CSS framework inspired by Tailwind syntax, easy to learn and hack, written in Lisp (Guile Scheme) - Codeberg.org
Utility-class vanilla CSS framework inspired by Tailwind syntax, easy to learn and hack, written in Lisp (Guile Scheme)| Codeberg.org
Igalia's Brian Kardell joins the W3C TAG | Igalia
Igalia is an open source consulting firm specialised in the development of innovative projects and solutions. Our engineers have expertise in a wide range of technological areas, including browsers and client-side web technologies, graphics pipeline, compilers and virtual machines. We have the most WPE, WebKit, Chromium/Blink and Firefox expertise found in the consulting business, including many reviewers and committers. Igalia designs, develops, customises and optimises GNU/Linux-based solut...| Igalia
Your Business Lives in a Browser Now.
MOST OF YOUR BUSINESS LIVES IN A BROWSER NOW. HOW IS YOUR BROWSER SECURITY? For most businesses today, work no longer lives on a desktop or even inside installed software…... The post Your Business Lives in a Browser Now. appeared first on Braver Technology Solutions.| Braver Technology Solutions
blogmore.el v4.1
Following on from yesterday's experiment with| davep
I should use webp
For a good while now I've been pretty happy with the| davep
PhD Defense: Jenna Kim on Wednesday, 4/8 at 11AM | UMass Boston CS
Streamlined Biomedical Image Processing Pipelines| UMass Boston CS
10 formations pour devenir manager dans le digital
Manager une équipe ne s’improvise pas et nécessite des compétences propres à l’écosystème numérique. Voici 10 formations, du MBA au module ciblé, pour accéder à des fonctions managériales ou renforcer vos compétences dans le digital.| BDM
À quoi ressemblera une recherche en ligne dans 5 ans ?
Que restera-t-il de la recherche en ligne telle qu'on la connaît dans cinq ans ? Trois expertes SEO dessinent les contours d'un web où les LLM, la force de marque et la gouvernance institutionnelle redéfinissent les règles du jeu.| BDM
L’abonnement payant sur WhatsApp vaudra-t-il vraiment le coup ?
Encore en test, WhatsApp Plus mise sur des options de personnalisation et des éléments cosmétiques pour justifier son tarif. Un pari loin d'être gagné ?| BDM
Stay On Credits
Discover the best nightly rates across 7,000+ BILT-network hotels in 40+ cities. Free tool for BILT Rewards cardholders.| Stay On Credits
418 I'm a teapot - HTTP | MDN
The HTTP 418 I'm a teapot status response code indicates that the server refuses to brew coffee because it is, permanently, a teapot. A combined coffee/tea pot that is temporarily out of coffee should instead return 503. This error is a reference to Hyper Text Coffee Pot Control Protocol defined in April Fools' jokes in 1998 and 2014.| developer.mozilla.org
Vercel April 2026 security incident | Vercel Knowledge Base
We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems.| vercel.com
An alcoholic but tenacious Flight Attendant
As explained on IMDb, The Flight Attendant is the story of “a reckless flight attendant with alcoholism wakes up in the wrong hotel, in bed with a dead man, and no idea what happened. Unable to piece the night together she begins to wonder if she could be the killer.” Christina and I finished the […]| Noulakaz
How (and why) we rewrote our production C++ frontend infrastructure in Rust
How (and why) we rewrote our production C++ frontend infrastructure in Rust| NearlyFreeSpeech.NET Blog
[Note] Liquid Crystal Cafe – Names Hack [RSS Exclusive!]
Last night I wrote a stupid userscript to exploit a stupid XSS vulnerability to add a stupid feature to a Web-based chat room I'm in. Everybody else's name is coloured in accordance with the theme they're using. But mine... can be a rainbow, or an image, or something else entirely.| Dan Q
Microsoft named a Leader in 2026 Gartner® Magic Quadrant™ for Integration Platform as a Service | Microsoft Azure Blog
Read why Microsoft was named a Leader for integration services in the 2026 Gartner® Magic Quadrant™ for Integration Platform as a Service.| Microsoft Azure Blog
Tech Note: Sidenotes — Unbreaking
Occasionally we add a feature that’s interesting to people who build on the web, so if you like to wrestle with markup, CSS, and JavaScript, this one’s for you.| unbreaking.org
Psatina: the sprinkle-oriented JavaScript library
Psatina| psatina.dz4k.com
WhatsApp Web is testing chat themes with 49 color options
WhatsApp is finally working on a feature that brings chat themes to the web client in the future. The update will allow users to personalize the appearance of their conversations with different colors directly from the browser. Key Points Details Name of the feature: Chat themes Status: Under development Availability info: This feature is currently […]| WABetaInfo
WebXRay Audit Finds Opt-Out Tracking Requests Are Not Honoured
WebXRay is a tool built by a former Google privacy engineer to audit websites for specific violations that may be legally actionable. The company markets its product to litigators finding privacy violations for lawsuits, and to businesses trying to understand their own compliance. A recent audit by the company of popular websites indicates most still […]⌥ Permalink| Pixel Envy
My Favorite Firefox Extensions
In my previous post, I mentioned that I now use Firefox as my main browser and you should too. Firefox’s strength is its extensions, with many available on Android devices as well. Here’s a list of my favorites.| Alexandru Nedelcu - Blog
Use Firefox in 2025
I grew up with the Internet, since before people had Internet connections at home or in their pocket. The browser, being the window to the open web, holds a special place in my heart. In this article I’m suggesting the use of Firefox in 2025, for both technical and political reasons, as it’s still the “user agent” that it set out to be.| Alexandru Nedelcu - Blog
Self-hosted Bookmarks Manager
I like having a database of links I encounter on the web, like a searchable database, complete with archive links as well. I found a solution.| Alexandru Nedelcu - Blog
Join the Open Web
Now that you’ve seen the dangers of social media, the question is, what are you going to do about it?| Alexandru Nedelcu - Blog
On Advertising and Tracking
Ads are now, unfortunately, a vehicle for malware, scams, or services that are deceptive and barely legal. But, should we block ads?| Alexandru Nedelcu - Blog
Post Once, Syndicate Everywhere (POSSE)
I’m a geek, and a software developer. I want to be close to my peers, wherever they meet online. If this means reactivating former social media accounts, so be it. Therefore, I’m implementing POSSE, again 😕| Alexandru Nedelcu - Blog
Personal Server Backups
Cloud hosting services like Linode or DigitalOcean offer backup services for your VPS. Save your money, you don’t need it. Here’s how to backup your data safely, and with no extra costs…| Alexandru Nedelcu - Blog
Atom/RSS Feeds are the Best Way to Consume the Web
I stay connected to websites I care about via an RSS/Atom feed reader. It’s better than social media for finding out what’s new because it’s clutter-free. By following RSS/Atom feeds, I discover wonderful gems that otherwise would be lost in the noise.| Alexandru Nedelcu - Blog
Matomo (Analytics) Hosting via Docker
Docker setup for self-hosting Matomo, an open-source alternative to Google Analytics.| Alexandru Nedelcu - Blog
Block comments on the web
Comments on the web can be toxic, and a waste of time. Here’s how to block them…| Alexandru Nedelcu - Blog
Finally redid my CSS
So I finally redid the blog’s theme… It’s much simpler now, which I’m a fan of. I’m also reeeally happy with it cuz now it finally has a similar vibe to those cool smart sites by very cool smart people (like XXIIVV), but without just ripping off their style.| slipfast
My website game peaked in 2023–2024
Man, I gotta try making this bearblog into what I used to do with my static site. I definitely could, and probably make it even better; I just gotta stop questioning every little thing, and be more confident with my design.| slipfast
The Fediverse deserves a dumb graphical client | Adële's blog
Posts about SmolWeb, Gemini protocol and LowTech| Adële's blog
Los 10 errores de usabilidad UX que te hacen perder clientes según análisis heurístico
Un análisis heurístico puede revelar los fallos invisibles que alejan a tus clientes sin que lo sepas. En este artículo desgranamos los 10 errores de usabilidad más frecuentes, por qué ocurren y cómo puedes corregirlos hoy mismo para mejorar la experiencia de usuario y disparar tu tasa de conversión. La entrada Los 10 errores de usabilidad UX que te hacen perder clientes según análisis heurístico se publicó primero en Inprofit.| Inprofit
画像を高画質へ【HitPaw FotorPea】AI画像編集ソフトは古い画像を高画質にするのに最適 - ハウリンの雑念だらけで生き...
最近はAIを使用したソフトが多いですよね。似た様なソフトが多いので実際どれがいいのか分からない。今回、HitPawさんのAI画像編集ソフト「HitPawFotorPea」を試めす機会があったので使ってみました。素人でも分かりやすく操作は簡単なのか、元画像との違いなど見てみたのですが試してみた結果古いぼやけた写真などが高画質化で簡単にキレイに生まれ変わったのでか...| ハウリンの雑念だらけで生きている
便利で使える【HIX.AI】オールインワンAIエージェントを使ってみた
AIを使ったツールは沢山ありますが、いろんなツールを使っているとお金もかかるし面倒くさい。そんな面倒くさい状態から解放してくれるのが「HIX.AI」です。「HIX.AI」を開くだけで文章、画像、動画、スライド生成、ライティングなどなどを網羅できます。オールインワンAIエージェント。しかも高速、高精度。初めて使ってみましたが3ステップで作れてしまい簡単で...| ハウリンの雑念だらけで生きている
Not Useless: Why Experimental Websites Matter More Than You Think
The web isn’t dead—it’s just weird, and that’s a good thing. Experimental websites, from playful portfolios to surreal 3D worlds, aren’t pointless gimmicks—they’re the R&D labs shaping the future of design. Here’s why the strangest sites online are secretly the ones pushing the web forward.| Web Designer Depot
Servo is now available on crates.io - Servo aims to empower developers with a lightweight, high-performance alternative for embedding web technologies in app...
Initial crates.io release and LTS version of Servo| Servo
Introducing the Delighted Surveys Web Widget: Set up a web survey in 5 minutes
When it comes to getting high survey response rates, nothing beats out a survey that meets your users right where they are, on your website or in […] The post Introducing the Delighted Surveys Web Widget: Set up a web survey in 5 minutes appeared first on Delighted.| Delighted
When Native Shopify AI Tools are not Enough for Scaling eCommerce
You have the platform. You have the features switched on. So why are your operations still running on human judgment, spreadsheets, and firefighting? The honest answer is not what Shopify wants you to hear. Picture a brand doing $15 million in annual GMV. They are utilizing advance full spectrum Shopify Plus Services. Every AI feature […]| Aglowid IT Solutions
With AI, you barely need a frontend framework
With AI, you barely need a frontend framework| dlants.me
Build Dental Website with Online Booking & Appointment System
Learn how to build a dental clinic website with online booking, real-time availability, consultation fees, and secure payments to increase patient bookings.| Web and Mobile App Development Company | Bitcot
Embed images from Google Drive in your website
Google Drive broke the ability to embed images with the /uc path. Here's how to embed images from Google Drive in your website.| Justin Poehnelt - all
The difficulty of making sure your website is broken - Let's Encrypt
Have you ever needed to make sure your website has a broken certificate? While many tools exist to help run an HTTPS server with valid certificates, there aren’t tools to make sure your certificate is revoked or expired. This is not a problem most people have. Tools to help manage certificates are always focused on avoiding those problems, not creating them. Let’s Encrypt is a Certificate Authority, and so we have unusual problems we need to solve.| letsencrypt.org
Google Online Security Blog: Protecting Cookies with Device Bound Session Credentials
Posted by Ben Ackerman, Chrome team, Daniel Rubery, Chrome team and Guillaume Ehinger, Google Account Security team Following our April ...| Google Online Security Blog
セキュリティエンジニアはこう見る。開発時に認可制御不備を怪しむべき実装パターン10選
はじめに こんにちは。GMO Flatt Security株式会社セキュリティエンジニアの村上です。入社してから5年ほどWebアプリケーションを中心に脆弱性診断を担当しています。 近年、言語やフレームワークの進化により、SQL Injectionなどの古典的脆弱性は減少傾向にあります。しかし、今なお変わらず検出され続けているのが「認可制御不備」です。対策をしようにも、特定の技術...| GMO Flatt Security Blog
Verifying human authorship with human.json
Vouching for other people's websites with this brand new protocol that I thought would be fun to implement!| joelchrono.xyz
Under the hood of MDN's new frontend
You may have spotted that MDN has a new frontend. There's plenty happening under the surface, so let's unpack the technologies we chose, the architectural decisions we made, and why we did a rebuild at all.| developer.mozilla.org
Form Entered Direct Mail
An email like application that lets users to send messages directly on the web| Roastidio.us Blog
Pass data from site A to site B
How to pass data between 2 websites, with no trust or shared secret established between the 2 websites?| Roastidio.us Blog
Deploy a 32bit application to fly.io
fly.io gives you upto 3 256MB VMs in the free tier. 256MB is not a whole lot for a modern application; How to make the most use of it? You may want to deploy in 32 bit.| Roastidio.us Blog
Modal is considered harmful
Modal is a way to mimic a pop-up window in a webpage. Instead of a real native pop-up with all the annoying nature in it, a modal is implemented with HTML/CSS/Javascript, so it is actually just a part of the page, and only looks like a modal dialog. They are everywhere; but do they really make sense now?| Roastidio.us Blog
How to write Javascript like Elixir
Javascript has a concurrent programming model that centers around promises, async functions and the await primitive. However, I want to use the conceptually simpler and more robust actor model that is widely used in the Elixir/Erlang world. Can I do it? Let's find out.| Roastidio.us Blog
Hotwire Turbo Experience
Turbo is a new way to communicate between the javascript client side and the serverside, developed by the great folks at Basecamp. This blog post is a summary of my brief experience with Turbo| Roastidio.us Blog
Tailwind CSS Experience
Finally, a CSS toolkit that is technically sound and easy to use| Roastidio.us Blog
.plan-26-13: Oxidised, standardised, and syndicated
OxCaml Labs: year one in review| Anil Madhavapeddy's feed
Accessibility Law of Headlines — Adrian Roselli
Betteridge’s law of headlines states that any headline that ends in a question mark can be answered by the word no. For at least the digital accessibility landscape, I would like to amend it, fork it, whatever it: Any headline that asserts a thing is accessible is wrong. Yes, that…| Adrian Roselli
Loading... [13 kB] (Maurycy's blog)
Loading... [13 kB]| maurycyz.com
I Tried Vibing an RSS Reader and My Dreams Did Not Come True - Jim Nielsen’s Blog
Writing about the big beautiful mess that is making things for the world wide web.| blog.jim-nielsen.com
Newres Al Haider
An introduction to the Ash declarative framework by growing Yggdrasil, the World Tree of Norse mythology.| www.newresalhaider.com
ongoing by Tim Bray · Nash Burns Saves the Day
What happened was, soon after New Year’s, friends and colleagues in the UK and Germany started letting us know that their| ongoing by Tim Bray
MS Thesis Defense: Avanith Kanamarlapudi | UMass Boston CS
OMAMA-DB: The Oregon–Massachusetts Mammography Database| UMass Boston CS
Most Default Browser Tracking Protection Doesn’t Actually Stop Tracking, But We Can Help
To really stop cross-site trackers, you have to prevent them from actually loading in your browser, which is a critical blocking feature that we provide in our all-in-one privacy browser extension & mobile browser.| Spread Privacy
Use Chameleon templates in the Robyn web framework • Michael Kennedy's Thoughts on Technology
Introducing chameleon-robyn, a Python package that adds Chameleon template support to the Rust-backed Robyn web framework as an alternative to Jinja.| Michael Kennedy's Thoughts on Technology
On Cypherpunk Agency
Level up Milady. We're playing chess not checkers these days.| Kyle Den Hartog
Breaking the Left-Right Binary: How Multivariate Political Mapping Can Help Us Redesign Online Debate
The problem with politics is that it is a multivariate by design. Put another way, the number of problems that any group of people can care about at one time is infinite and relative. So we need a new way to model it.| Kyle Den Hartog
Why crypto: An explanation for Improving Transactions On the Web
Fundamentally transacting on the web is limited by credit card payment systems today| Kyle Den Hartog
Signals, the push-pull based algorithm — Willy Brauner
We have been using Signals in production for years via several modern front-end frameworks like Solid, Vue, and others, but few of us are able to explain how they work internally. I wanted to dig into it, especially diving deep into the push-pull based algorithm, the core mechanism behind their reactivity.| willybrauner.com
Thomas Gazagnaire :: A CSS Engine in OCaml
A typed CSS parser covering Level 3 through 5, a structural diff tool, and an optimiser. With a live browser demo via js_of_ocaml.| gazagnaire.org
"Have I Been Stalked" post-mortem
With more and more databases from stalkerware being made freely available, there were some internal conversations at Echap about what could be done with them to help victims. Everyone knows Have I Been Pwned, the website where you can put your email address and check if it appears in popular …| Artificial truth
Blogging in Typst is not that hard
| natri.fyi
RFC 9931、HTTP/1.1における楽観的プロトコル遷移のセキュリティ - ASnoKaze blog
RFC 9931『Security Considerations for Optimistic Protocol Transitions in HTTP/1.1』について| ASnoKaze blog
eCommerce con IA: cuando la automatización aprende a predecir
El eCommerce 3.0 no es una actualización de stack. Es un cambio de paradigma en cómo se toman las decisiones comerciales. Y la mayoría de los marketers todavía no lo está viendo. La entrada eCommerce con IA: cuando la automatización aprende a predecir se publicó primero en Inprofit.| Inprofit
In WAF we (should not) trust
Deep dive into Web Application Firewall (WAF) bypasses, from misconfiguration exploitation to crafting obfuscated payloads. We show the impact of the parsing discrepancy between how a WAF reads a request and how a backend executes it. It is not a bug, it is a feature.| Quarkslab's blog
When All You Can Do Is All or Nothing, Do Nothing – CSS Wizardry
If your design system can only apply `loading=lazy` or `fetchpriority=high` blindly, it may be safer not to apply them at all.| csswizardry.com
HTTP Error 431: What It Means and How to Fix It
HTTP Error 431 means the server rejected a request because the headers were too large. Learn what causes it and how to fix it as a visitor or developer. The post HTTP Error 431: What It Means and How to Fix It appeared first on Fluent Support.| Fluent Support
How Professional Website Development Improves Your Business Growth
In today’s digital-first world, having a strong online presence is essential for every business. Whether you are a startup or an established enterprise, investing in professional website development services can significantly impact your business growth. A well-designed website not only enhances your brand image but also helps attract, engage, and convert potential customers. At Krify […] The post How Professional Website Development Improves Your Business Growth appeared first on Krify -...| Krify – Web and Mobile App Design & Development Company in India
HTTP 303: See Other Blog – The Cat Fox Life
Hello, Internet. I’ve had a lot of things going recently. If you have any knowledge of Pokémon, you could consider this an evolution. My new blog is at and yes, that does mean that Foxy is no…| The Cat Fox Life
AWS公式SDKにも存在した、署名付きURLにおけるパストラバーサル - GMO Flatt Security Blog
はじめに こんにちは。GMO Flatt Securityのセキュリティエンジニアの松井(@ryotaromosao)とチョン(Eui Chul Chung)です。 皆さんは、「署名付きURLにおけるパストラバーサル」の脆弱性をご存知でしょうか? Webアプリケーションで署名付きURLを実装する際、AWS公式のSDKを用いることが多いかと思います。過去にはその公式SDK自体にパストラバーサルの脆弱性が見つかった事例...| GMO Flatt Security Blog