Tootfinder

So here’s a little JavaScript initialisation order quiz.
Take the following code:
```js
class A {
constructor (parameters = {}) {
Object.assign(this, parameters)
}
}
class B extends A {
foo
constructor (parameters) {
super(parameters)
this.foo ??= ‘no’
}
}
const b1 = new B()
const b2 = new B({ foo: ‘ok’ })
console.info(`${b1.foo}, ${b2.foo}`)
```
What output would you s…

🤔 Meta, Google & TikTok vertreten eigentlich nicht deine Werte?
Fediverse schonmal gehört, aber wo jetzt anfangen?
➡️ Wir bieten Workshops zur gemeinwohlorientierte Social-Media-Nutzung für zivilgesellschaftliche Organisationen
Hier kannst du dich bei Interesse eintragen: https://metamine.de/

The official White House Android app has a cookie/paywall bypass injector, tracks your GPS every 4.5 minutes, and loads JavaScript from some guy's GitHub Pages.
https://share.google/iXVXZqUKE9K8bagw3
Great work by @…

Having a good time with JavaScript
https://bloomberg.github.io/js-blog/post/temporal/

Temporal: The 9-Year Journey to Fix Time in JavaScript
JavaScript's Date object has been a source of bugs for three decades. Temporal, which just reached Stage 4, is a modern replacement with immutable types, first-class time zone and calendar support, and nanosecond precision. This is the story of how Bloomberg, Igalia, and the TC39 community spent nine years turning an idea into a shipping standard.

🗜️ The Silicon Valley Stack Doesn’t Work Here: Why Africa Will Lead the Post-Bloat Web
https://paulallies.medium.com/the-silicon-valley-stack-doesnt-work-here-why-africa-will-lead-the-post-bloat-web-e7c34b577c61

The Silicon Valley Stack Doesn’t Work Here: Why Africa Will Lead the Post-Bloat Web
For years, we’ve followed the global tech narrative: Bigger is better. We import heavy-duty JavaScript ecosystems from the US, implicitly…

'... let's face it, "fuck it, I'm out" seems to be the mantra of web application packaging these days. Our deployment and build setups have gotten so complicated that I doubt anyone really has a decent understanding of what is going on, really.'
Note, this is a state of affairs from 10 years ago... I suspect it has only gotten worse since 🫣

In case anyone finds #JavaScript for #UEFI funny/weird...
https://news.ycombinator.com/item?id=4694…

Made a little logo for JSDB (JavaScript Database)
Better (six years) late than never? :)
#JavaScriptDatabase

It's remarkable how much modern web page programming breaks fundamental things. Scrolling with spacebar or page down doesn't work. Or selecting text. Or doing Ctrl-F to find stuff on a page. All this basic functionality destroyed so some mediocre programmer can use a giant Javascript framework that isn't even necessary.

Future Crew Second Reality (1993) ported to Javascript
#Demoscene

https://bsky.app/profile/bleepingcomputer.com/post/3mgdnxaskwp2q

BleepingComputer (@bleepingcomputer.com)
The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis. https://www.bleepingcomputer.com/news/security/wikipedia-hit-by-self-propagating-javascript-worm-that-vandalized-pages/

Always forgetting to use `.at(-1)` to get last element in an array.
#JavaScript

Remember the first time you wrote $(document).ready()?
It’s hard to believe it has been 20 years since John Resig first introduced a Javascript library called jQuery. It completely changed the way we approached the DOM and standardized the web for a generation of developers.
A few days ago, the jQuery team announced the release of jQuery 4.0.0! 🚀

Ah yes, #LLM for exploit development.
In other words, we’ll now spent billions on offense & prevention to achieve new equilibrium (that we already sort of had).
Good job, us. #infosec

On the Coming Industrialisation of Exploit Generation with LLMs
Recently I ran an experiment where I built agents on top of Opus 4.5 and GPT-5.2 and then challenged them to write exploits for a zeroday vulnerability in the QuickJS Javascript interpreter. I adde…

@karlailona@mastodon.social Nice! Javascript scares me a little; there's so much to it!
I fell into shell scripting (Bash specifically) which slowly morphed into Python. Comfortable with scripts, but very new/beginner-ish to Python. C (and by extension Rust) has really piqued my interest, but I haven't done anything more than a "Hello world"! 😅
Please do post a link when you're ready to share, I'd love to see it! (And I'm sure many others would as well…

🥳 @small-tech/auto-encrypt-localhost version 9.0.1 released
Automatically provisions and installs locally-trusted TLS certificates for Node.js https servers (including Polka, Express.js, etc.) Unlike mkcert, 100% written in JavaScript with no external/binary dependencies. As used in Kitten¹
https://cod…

auto-encrypt-localhost
Automatically provisions and installs locally-trusted TLS certificates for Node.js https servers in 100% JavaScript (without any native dependencies like mkcert and certutil).

Another way of dealing with many low-quality reports:
https://nodejs.org/en/blog/announcements/hackerone-signal-requirement

Node.js — New HackerOne Signal Requirement for Vulnerability Reports
Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.

You remember that #XKCD #dependency comic, right?
Somebody built an interactive version of it: https://editor.p5js.org/isohedral/full…

https://editor.p5js.org/isohedral/full/vJa5RiZWs

Language maintenance halflife:
PHP 2y
Golang 3y
Rust 4y
JavaScript 6months

It's honestly kind of impressive how much raw compute `npm install` can just suck down. #javascript #jshate

Today I brought down a website by missing a comma in a config file (I thought it was just bash-like env var list, but in fact it was javascript...)

Oh I do love how you have your Kitten¹ app’s database in memory – thanks to Kitten’s built-in JavaScript Database (JSDB)² – and accessible via the Kitten Shell (REPL)³ during dev.
(If I do say so myself.) ;)
:kitten:💕
¹ https://kitten.small-web.org
²

Dear pen-tester:
The mitigation is not to remove "unsafe-inline" from Content-Security-Policy.
The mitigation is to re-engineer how a web app includes javascript, and *then* asking all third-party providers to re-engineer their code in the same way.
This is a longer-than-a-decade process that nobody wants to pay for.

Was surprised to see haptics work here https://haptics.lochie.me/ (https://github.com/lochie/web-haptics) on Safari iOS becau…

🥳 JavaScript Database (JSDB)¹ version 7.0.0 released
- *Breaking change* JSTable.PERSIST event now uses a parameter object with properties for `type`, `keypath`, `value`, `change`, and `table`. This should make listening for events on your databases much nicer to author. e.g., a snippet from Catalyst² I’m working on:
```js
const settingsTable = db.settings['__table__']
const JSTable = settingsTable.constructor
settingsTable.addListener(JSTable.PERSIST, (…

🎉 Getting Started With The Popover API
#web

Getting Started With The Popover API — Smashing Magazine
What happens if you rebuild a single tooltip using the browser’s native model without the aid of a library? The Popover API turns tooltips from something you simulate into something the browser actually understands. Opening and closing, keyboard interaction, Escape handling, and much of the accessibility now come from the platform itself, not from ad-hoc JavaScript.

Dear #web #html #javascript #framework authors:
if your code writes HTML or script code to client side, is it too much to ask for you t…

This year will be the year to:
Seize the means of computation
- move away from iOS
- install Asahi on my mini m1
- draw on procreate instead of doom scroll
- de-JavaScript

🥳 Auto-Encrypt Localhost version 9.0.0 released
Bye bye, Windows.
• Windows is no longer supported as Microsoft is complicit in Israel’s genocide of the Palestinian people¹ and Small Technology Foundation² stands in solidarity with the Boycott, Divestment, and Sanctions (BDS) movement³. Windows is an ad-infested and surveillance-ridden dumpster fire of an operating system and, alongside supporting genocide, you are putting both yourself and others at risk by using it.
Enjo…

auto-encrypt-localhost
Automatically provisions and installs locally-trusted TLS certificates for Node.js https servers in 100% JavaScript (without any native dependencies like mkcert and certutil).

https://github.com/fedidb/fedidb-nuxt/issues/36
JavaScript was a mistake.