Tootfinder

Code Mode: give #agents an entire #API in 1,000 #tokens
https://

#Moltbook #AI #Vulnerability Exposes Email Addresses, Login Tokens, and API Keys

If your API returns 201 or 400 when creating a user (400 if the user already exists), but you also return 400 when the app "firewall" otherwise-silently drops requests because the requestor has hit hilariously small rate limits, you should probably lose your API license.
(You should almost certainly be using 409 and 429, respectively. 400 We Didn't Do Any Work is cheating.)
Also here's a little tip for you: HTTP header names are case-insensitive.
API desig…

«Firefox 148 führt Sanitizer-API ein – neuer Standard gegen XSS-Angriffe:
Mit Firefox 148 hält eine lang erwartete Web-API Einzug in den Browser-Alltag - Die Sanitizer-API standardisiert die Bereinigung von HTML-Code direkt beim Einfügen ins DOM und soll Webentwicklern den Schutz vor Cross-Site-Scripting deutlich erleichtern»
XSS ist immer noch ein aktuelles Thema, dass mMn von den meisten WebDev's nicht wirklich wahr genommen wird.
🦊

A Cloudflare engineer rebuilt Next.js from scratch in one week using AI, reimplementing 94% of its API and spending $1,100 on Claude tokens (Tim Anderson/The Register)
https://www.theregister.com/2026/02/25/cloudflare_nextjs_api_ai/

What's your favorite API_key⁠?

🥳 New Kitten¹ Release
• Added: Database table event introspection.
Use the new `__showEventsOnTable()` introspection API call on the global `kitten` object to have events on that table logged out to the console.
Full change log: https://codeberg.org/kitten/app/src/br

This is really a "WTF how could they ever think this is a good idea?" kind of vulnerability. Usually the kind of stuff you get from shady, incompetent startups, but this is Google...
https://trufflesecurity.com/blog/google-api-keys-w…

This some pretty classic Google fail here.
https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules

dependency cooldowns are all cool and nice until dependabot comes in hot and trying to update reverts some oMg cRiTiCaL rEdOs
Adjacent problem: maybe I want a cooldown for external packages but none for mine? Although the whole topic is moot since devpi doesn't provide upload dates anyways.
our tools still have a LONG way to go, unfortunately. there is no “JUST do this best practice”.

from my link log —
Eagle Mode: a zoomable user interface.
https://eaglemode.sourceforge.net/
saved 2026-01-31 https://dotat.at/:/XIJ5E.html

Runway launches a $10M fund to invest in early-stage startups building across AI, media, and world simulation and a Builders program offering free API credits (Rebecca Bellan/TechCrunch)
https://techcrunch.com/2026/03/31/excl

heise | Grafik-Turbo Metal 4: So nutzen Sie Apples API mit KI, Games und mehr
Apple stattet Metal 4 mit künstlicher Intelligenz und Concurrency aus. Die GPU soll grafiklastigen Code dadurch deutlich schneller ausführen. So gehen Sie vor.

Psychedelonaut

• YouTube
• Spotify
• Apple M…

Estoy probando libretranslate en mi local. https://docs.libretranslate.com/
Un traductor auto hospedado para no depender del traductor de google.

Fuck Russia.
Seriously.
Genstart: Kulden sætter sig i knoglerne
Episode webpage: https://www.dr.dk/lyd/special-radio/genstart-2642056922000
Media file: https://api.dr.dk/podcasts/v1/assets/urn:dr:podcast:item:11802660046/5789fc409d99f0dde8b92feb3aabf99c3cc1d8c9e6d690427e98a0a4064dbe29.mp3

Shortcuts is basically an API for agentic use of Apple-ecosystem apps. It was a surprise that personalised AI-written Shortcuts apps weren't part of the first wave of "Apple Intelligence".
https://www.macrumors.com/2026/03/31/ios-27-shortcuts-app-cu…

Anthropic says "a fix is being implemented" after elevated errors on claude.ai and Claude Code, starting at 11:49 UTC; the Claude API remained functional (Mayank Parmar/BleepingComputer)
https://www.bleepingcomputer.com/news/arti

Any #starling-el users out there who miraculously see this: Starling have removed the insights API, so the insights feature is broken right now.
I plan to remove it when I have a sec.
Everything else works as before though.
#starlingbank

Cheap Self-Hosted #Kubernetes on #Hetzner Cloud
https://blog.qstars.nl/posts/cheap-sel

from my link log —
Stop memset()ing structures.
https://www.anmolsarma.in/post/stop-struct-memset/
saved 2019-04-27 https://d…

Is it just me or is the #Wikidata Query Service quite flaky as of late? When using the public API, I sporadically get HTTP 504 (upstream timeout) errors.

#Steady #Klimacrew
#BahnMonitor-Projekt: 3. Klappt der erste Zugriff auf die Bahn-API?
Im nächsten Schritt wurde die API-Abfrage getestet udn geprüft, ob die zurückgelieferten Datenstru…

Anthropic reports elevated errors on claude.ai, console, and Claude Code, starting at 11:49 UTC and impacting logins, and says the API "is working as intended" (Mayank Parmar/BleepingComputer)
https://www.bleepingcomputer.com/news/arti…

heise | Lokale KIs mit OpenClaw nutzen: Agenten und Bildgenerierung auf lokaler Hardware
Wer Ollama und ComfyUI in OpenClaw einbindet, kann Aufgaben lokal auslagern und so API-Kosten für die teuren Cloud-Modelle senken. So gelingt die Einrichtung.

    WarlockBackend\Lib\VendorName\VendorNameApi:
        arguments:
            $VendorNameApiKey: '%VendorName.api_key%'

    WarlockBackend\Lib\VendorName\VendorNameMods:
        arguments:
            $VendorNameApiKey: '%VendorName.api_key%'

Yup, having to have yaml registrations for each and every damned library is gonna get real old, real quick...

Mein Weg für die automatisierte Ausgabe der meistgeteilten Links hier auf social.heise.de ist kaputt. Ich fürchte, ich komme damit auch nicht weiter. Aber vielleicht hat hier jemand eine Idee?
Ich brauche kontinuierlich die Links von hier:
https://social.heise.de/api/v1/trends/link…

StŸt Ukraine.
Og så bagefter tænk lige vi i Danmark kunne komme til at overleve sådan en strategi..
https://fediscience.org/@Ruth_Mottram/116142077788041706
Ruth_Mottram - Fuck Russia.
Seriously.
Genstart: Kulden sætter sig i knoglerne
Episode webpage: https://www.dr.dk/lyd/special-radio/genstart-2642056922000
Media file: https://api.dr.dk/podcasts/v1/assets/urn:dr:podcast:item:11802660046/5789fc409d99f0dde8b92feb3aabf99c3cc1d8c9e6d690427e98a0a4064dbe29.mp3

PSA: Migrating the https://thi.ng/umbrella monorepo to Codeberg, including:
- updating thousands of links in ~970 files (readme's, media, API docs/snippets in source files, examples, wiki etc.)
- updated 215 package short links to point to new locations on Codeberg
- re-configured & re-uploaded…

@… I also think that as a stop gap it would help if both proects offered some official API to query what the latest version is and perhaps offered RSS/ATOM feeds of updates so that knowledgeable users could subscribe to that and be notified right away, direct from the source.

Großzügiges Angebot: Markus Söder erklärt sich bereit, gestrandeten Wal aufzuessen
https://api.follow.it/track-rss-story-click/v3/hVR569XapuSB7jUa0-YcT4tT_UQUxJ59

Alabama-based Linq, which pivoted to programmatic messaging APIs in February 2025, raised a $20M Series A to build AI assistants that work within messaging apps (Ram Iyer/TechCrunch)
https://techcrunch.com/2026/02/02/linq-raises-20m-to…

from my link log —
API design: Understanding gRPC, OpenAPI and REST and when to use them.
https://cloud.google.com/blog/products/api-management/understanding-grpc-openapi-and-rest-and-when-to-use-them
saved…

#overpass servers for #open are overloaded lately, likely due to all #AI bots and whatnot.
Only workaround seems to be setting up your own local instance. Luckily, there exists Docker container which ma…

This is really a "WTF how could they ever think this is a good idea?" kind of vulnerability. Usually the kind of stuff you get from shady, incompetent startups, but this is Google...
https://trufflesecurity.com/blog/google-api-keys-w…

Talking to Drones: Natural Language Control of PX4 Using a Phone, MCP and ChatGPT Realtime API
https://osselcna2026.sched.com/event/2JQsT/talking-to-drones-natural-language-control-…

🥳 New Kitten¹ Release
• Adds Kitten Introspection API
I’ll record a video this week demonstrating it.
In the meanwhile, check out the change log for details:
https://codeberg.org/kitten/app/src/branch/main/CHANGELOG.md#2026-03-29
En…

RE: https://mastodon.social/@Edent/115972744331119621
A nice blog post that asks "Are there any open APIs left?" (Spoiler: Many have disappeared, but there're still Wikipedia, Google Books ISBN lookup, Pokémon API , MusicBrainz and others)

Hallo @… !
Die Stromampel auf #EnergyCharts ist seit gestern down. Die API liefert nur einen "Internal Server Error" zurück. Wahrscheinlich wisst ihr schon Bescheid. Danke für eure Arbeit!

The mining companies trying to destroy our Connemara landscape and communities for profit are at it again.
They were here in 2019 and they're back again. We still say No Mining Research in Joyce Country and Connemara!
Join me in signing this petition.

For #IIIF / digital collections folk, 'Requirements for core Annotation properties' need review/input 'to define the requirements for relationships like body, target, motivation, source... these four are very inconsistent in the way they're used in Annotation documents'

🤔 Interesting read on Mozilla's position on implementing the Web Translation API https://github.com/mozilla/standards-positions/issues/1015

Homo Deus: A History of Tomorrow https://www.goodreads.com/review/show/8303019579?utm_medium=api

Made a little STDIN -> STDOUT api for my config management tool for purpose of integration with other tools, DSL experimentatin etc.
echo '{
"protocol": "io.choria.ccm.v1.resource.ensure.request",
"type": "package",
"properties": {
"name": "htop",
"ensure": "present"
}
}' | ccm ensure api

Warum die Tumblr-Ankündigung, über #ActivityPub mit #Mastodon und dem #Fediverse zu integrieren, so relevant sein könnte

I keep forgetting there is no mastodon admin api to change the registration mode. I deeply wish that api existed because so many servers would benefit from building tools to open registration during hours they are available to properly moderate new accounts.
https://github.com/mastodon/mastodon/i

Clawdbot/Moltbot and the many security issues it introduces:

"This is not speculative. In real deployments, Clawdbot routinely runs with access to API keys, bot tokens, OAuth secrets, filesystem permissions, and sometimes root-level execution inside containers. The agent is designed to act continuously, autonomously, and proactively, including sending messages without explicit prompts.

This architecture is powerful, but it collapses several trust boundaries into a single …

I've finally gotten Termux to rsync files via crontab. Needed to set up keychain, something I used to understand in the distant past. Now I have my own quantified-self data (well, location and battery) uploading to my private cloud.
#termux termux.api, python, rsync, crontab, keychain.

« Anthropic sous-vend-il ses abonnements ou surtaxe-t-il son API ? »
#llm

🎉 Getting Started With The Popover API
#web

Googles ungeschützte API-Keys wegen Gemini-KI ein Sicherheits- und Kostenrisiko
Sicherheitsforscher haben fast 3000 öffentlich sichtbare API-Keys von Google gefunden, die Gemini autorisieren. Das ermöglicht missbräuchlichen Zugriff.

"Tilastokeskuksen työvoimatutkimuksen mukaan työttömyysaste kasvoi kaikissa
kymmenvuotisikäryhmissä sekä miehillä että naisilla vuonna 2025."
#työttömyys

Now using an app made in Google AI studio that let me quickly summarize my timeline, a list or a hashtag for a certain period. Using Gemini 3 Flash. A timesaver to quickly get an overview of what is happening on Mastodon. All possible because of Mastodons open API's.
#mastodon #API

UFO UFO

• YouTube
• Spotify
• Apple Music

Another day i #PowerBI - the data structure behind an API has changed rendering the dashboard useless. So, I'm making new API calls to be able to do new calculations in the data. Nothing from the original dashboard seems to work so it's back to square one.

#pywikibot looks very useful and can definitely mitigiate some pain one might have interacting with the mediawiki api. But wow, it appears almost as complex and the docs are equally labyrinthine 🤯
#mediawiki

Runway launches a $10M fund to invest in early-stage startups building across AI, media, and world simulation and a Builders program offering free API credits (Rebecca Bellan/TechCrunch)
https://techcrunch.com/2026/03/31/excl

#Steady #Klimacrew
#BahnMonitor-Projekt: 5. Automatisierte Skripte brauchen Kontrolle – besonders bei API-Aufrufen.
Jetzt bekommt das

RE: https://infosec.exchange/@VirusBulletin/116294907171305521
Etherhiding is an established but lesser known method of providing C2 information to malware. Most businesses do not need to allow access to the blockchain-related API / RPC endpoints us…

Android 17: Google geht strenger gegen Missbrauch von Barrierefreiheits-API vor
Google geht im anstehenden Update auf Android 17 strenger gegen Apps vor, die Barrierefreiheitsdienste missbrauchen. Einige Apps könnten damit nutzlos werden.

Sam Altman says OpenAI added more than $1B in annual recurring revenue in the past month "just from our API business" (Lee Chong Ming/Business Insider)
https://www.businessinsider.com/openai-1-billion-a-month-api-business-chatgpt-sam-…

« Est-ce qu'un abonnement Claude est réellement plus économique qu'un accès direct via l'API ? »
#TIL

The Genesis Machine: Our Quest to Rewrite Life in the Age of Synthetic Biology https://www.goodreads.com/review/show/8364042011?utm_medium=api

Me: I really need to launch the things I’m building with Kitten¹ this year.
Also me: You know what would be sweet? If I added an introspection API to make working with the Kitten Shell (REPL)² easier.
(It is going to be sweet though. Prototyping it in the REPL now and I’ll record a little demo when I’m done and it’s released. It’s going to make examining and affecting the state of the client from the server interactively even easier.)
¹

#PhanpySocial changelog ✨
📤 Allow receiving shared data with the Web Share Target API
🔐 Timeline access controls
👤 New shortcut: "Profile"
📝 "Only followings" filter for Mentions
↕️ Preliminary support for vertical-lr writing mode
🐛 Bug fixes
🔗

Working on extending features for Warlock, and this round of features requires a backend web service running in a centralized, controlled environment due to the requirement of privileged access to partner network resources, (aka, they require an API key and prior authorization to access certain data, thus cannot be distributed in an open source project).
SO, since this is a traditional web service, I opted to use the traditional technologies to power it, but wanted to try out Symfony s…

The Golden Egg of Empathy

• YouTube
• Apple Music
• Tid…

Xiaomis neues KI-Modell: Nahe an der Konkurrenz, aber deutlich günstiger
Xiaomi MiMo-V2 ist eine Familie von KI-Modellen für agentische Systeme. Das Topmodell konkurriert mit Branchenführern, ist über die API aber deutlich günstiger.

API authors, document the default values of your properties challenge 2026!

Linear Memory (2024)
A prototype version of my piece Linear Memory running inside a https://thi.ng/genart-api sandbox on a Motorola phone, connected to a custom early prototype Layer square screen...
The animation consists of dozens of layers of semi-random multi-scale pixel patterns, slowly scrolling in…

High Performance HTML to PNG API
The image generation API your LLM will love to use. Turn raw HTML into production-ready images for free. No sign up required.
🖌️ #html

Nächste Ehrung: Cristiano Ronaldo überreicht Trump Titel "Weltfußballer des Jahres 2017" https://api.follow.it/track-rss-story-click/v3/hVR569XapuQLpHd0315qR1eLDVpfHbpF

#Steady #Klimacrew
#BahnMonitor-Projekt: 2. Welche Architektur sollte der Bot haben?
Bevor es ans Coden geht, ist etwas Grübeln über eine sinnvolle Gliederung der Module ratsam. Wie sie…

The Fourth Turning Is Here: What the Seasons of History Tell Us about How and When This Crisis Will End https://www.goodreads.com/review/show/8364022949?utm_medium=api

VIVA LA DANCE

• YouTube
• Spotify
• Apple …

HTTP API behaviour that makes me think you know what you're doing:
- 👍 respond with `201` (not `200`) on a successful resource creation request
HTTP API behaviour that makes me think you really *don’t* know what you're doing:
- 👎 respond with `201` if an object with a key that conflicts with this resource creation request already exists
(Spoiler: respond with `409`; or at least a non-successful status so I don't have to parse it out of the human-readable `…

Donnerstag: Risiko durch Googles API-Keys, Erfolge gegen Cybercrime & Phishing
Missbrauch offener Cloud-Schlüssel Googles Europol schließt LeakBase-Forum & Phishing-Plattform Tycoon2FA Datenschutz des BND nicht einklagbar #heiseshow

#Steady #Klimacrew
#BahnMonitor-Projekt: 7. Zufall ist nicht gleich Zufall. 🤭
Nach der Verspätungsmeldung kommt ein Wissenshäppchen. Der

[MV] 럼킥스 (RUMKICKS) - Mosquito fighter / Official Music Video

• YouTube
• YouTube Music

#Steady #Klimacrew
#BahnMonitor-Projekt: 1. Wie kommt man an Live-Daten der Deutschen Bahn?
Im November konnte ich per Zufall mit einem

All Or Nothing (The Earthburst Saga #9) https://www.goodreads.com/review/show/8148125741?utm_medium=api

I think about Mary Poppins

• YouTube
• Spotify

X unveils a new pay-per-use pricing model for its API, replacing the earlier pricing model that required developers to pay fixed monthly fees of $200 or $5,000 (Rohit Singh/MediaNama)
https://www.medianama.com/2026/02/223-x-developer-api-pricing-pay-per-use-m…

KI-Bots auf Whatsapp: EU-Kommission droht Meta mit Zwangsmaßnahmen
Meta hindert Konkurrenten am Zugang zu einer API für Whatsapp-Daten und handelt damit wettbewerbswidrig, mahnt die EU-Kommission – und droht mit Konsequenzen.

ドラマティック・ガール

• YouTube
• Apple Music
• YouTube Music

Spotify changes Developer Mode to require a Premium subscription and reduces the number of test users per app from 25 to 5, to curb AI-aided or automated usage (Ivan Mehta/TechCrunch)
https://techcrunch.com/2026/02/06/spotif…

Et Alors

• YouTube
• YouTube Music
• SoundCloud

My name is... Linda Linda Linda

• YouTube
• YouTube Music
• So…

X revises its developer API policies to "no longer allow apps that reward users for posting on X (aka "infofi")", amid a backlash about growing AI slop on X (André Beganski/Decrypt)
https://decrypt.co/354736/elon-musks-x-bans-acc…

My name is... Edgar

• YouTube
• Spotify
• Ap…

My name is... Boris

• YouTube
• Spotify
• Ap…

ASP / I HATE U [OFFiCiAL ViDEO]

• YouTube
• Apple Music

Sprint

• YouTube
• Spotify
• Apple Music

Starting Line

• YouTube
• Spotify