@metacurity@infosec.exchange2026-01-13 11:23:30
Target's dev server offline after hackers claim to steal source code
https://www.bleepingcomputer.com/news/security/targets-dev-server-offline-after-hackers-claim-to-steal-source-code/
@metacurity@infosec.exchange2026-01-13 11:23:30
@michabbb@social.vivaldi.net2026-02-15 12:24:06
@jhelberg@mastodon.social2026-02-16 20:56:29
#tinygo is awesome! I can re-use parts of my server code now in a tiny stm32 LoRa controller. Impressive.
@rmdes@mstdn.social2026-02-14 21:45:31
Probably that everyone has its own setup but when I read this I’m like, really?, all of this just to operate claude ? is there such thing as “claude burnout” ?
if not it should be patented because all these plugins are making it harder to use, maintain, memorise, its like a server overload
https://rmendes.net/bookmark…
@luana@wetdry.world2025-12-13 23:53:24
I made a script for this, but then I thought a webui would be better so I could use it in my phone and stuff
I asked an LLM to generate a python webui to run server-side the script I wrote, and surprisingly it 100% worked first try. I was sure it wouldn’t work at all, but I didn’t touch that code and it works.
I can’t even say I “vibe coded” this bc I didn’t even read the code enough to know its vibes lmao. I’m surprised this even works, and it does work well. What the actual fuck.
Welp, not my favourite way to do things but I wasn’t in the mood to do python and figure out the extra libraries and stuff.
And it works so I’ll just use that. In a hardened systemd service to make sure it doesn’t like accidentally delete my whole system or something.
@adulau@infosec.exchange2025-12-03 19:57:37
“A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.“
#vulnerability
@Techmeme@techhub.social2025-12-04 00:41:00
React discloses an unauthenticated remote code execution flaw in React Server Components; Wiz says 39% of cloud environments contain vulnerable instances (The Hacker News)
https://thehackernews.com/2025/12/critical-rsc-bugs-in-react-and-nextjs.html
@pre@boing.world2025-12-06 13:33:51
The thing about a life-logger, is you input sensitive data about your life, lifestyle and activities, so privacy and data-integrity are some of the most important issues.
There can be no server, the data has to be yours and yours alone. Because you can’t tell what is happening to the data in a closed-source app, it must be completely free and open source.
You can’t trust a corporate diary, they must sell to anyone offering enough money.
So it is with my life log app, all data completely in your own device. No home server ever sees anything.
There is no home server. Just the code.
To achieve this Exocortex Log is a Progressive Web App. It downloads when you are online at the website and can be installed onto the homepage of your phone.
It keeps all data on the local device using indexdb.
This means you must be responsible for your own backups. Be sure to export and back up your data regularly. I have gaps in my ten year record where my phone was stolen and most recent backup was months prior.
Once installed it will work offline, airplane mode, no internet, down in the tube station at midnight, anywhere.
There's a blog on the website saying this and more: https://exocortexlog.com/news/articles/2025-12-06-release/
@fanf@mendeddrum.org2026-01-06 12:58:28
this prompted me to see what https://anagramgenius.com might do, but sadly its anagram server is broken
iirc anagram genius originally came out in about 1990 … i never got a copy because it was a bit expensive for a toy and i wouldn’t have been able to learn from its unobtanium source code
anyway TIL the…
@hanno@mastodon.social2025-12-02 10:32:05
I've recently stumbled upon an RCE "exploit" for the Serendipity blog software, which I happen to use and have contributed to in the past. From what I can tell, it does nothing interesting (it does not even work due to broken indents, if one fixes that it uploads a PHP shell given existing credentials, but that won't be executed unless you have a server config that executes .inc files). I'm 95% certain this is bogus. Yet... in case anyone wants to have a look:
@veit@mastodon.social2025-12-18 10:18:49
With ty, Astral has released a fast Python type checker and language server (LSP): https://astral.sh/blog/ty
It can also be easily integrated into Visual Studio Code and other editors:
@michabbb@social.vivaldi.net2026-02-15 12:24:05
💻 #code-server runs #VSCode in your browser on any machine anywhere #IDE #opensource
@pre@boing.world2025-12-27 15:50:12
Ran the #Wrapstodon thing on this server.
"Oracle" for me again. 😒
Other than My most boosted post and a count of 1443 posts and 250 followers I don't think it means much on a tiny server. Everyone here is in the top 75% of users because there are two users. 😆
The categories are:
Oracle: “You created new posts more than replies, keeping Mastodon fresh and future‑facing.”
Social butterfly (replier): You replied far more than posting originals.
Cool‑hunter (booster): You mainly amplify others via boosts.
Pollster: You created lots of polls compared to everything else.
Lurker: You post and interact relatively little overall.
```
@michabbb@social.vivaldi.net2026-02-10 22:36:51
