@arichtman @qualia @ticky oh on bsky
@arichtman @qualia @ticky are there receipts?
Next.js dropped a CVSS 9.1 authentication bypass vulnerability (CVE-2025-29927) over the weekend. This flaw is trivially exploitable by sending the header `x-middleware-subrequest: true` and causes the request to skip all middleware processing, including any authentication steps.
Shodan reports over 300,000 services with the `X-Powered-By: Next.js` header alone.
You can find links to the advisory and queries for runZero at: https://www.runzero.com/blog/next-js/
No, covid did not teach me that online conferences are just not working. It taught me that 2/3rds of all conferences could be fully online (though one still needs to think about best structure for them and not just transplant them without any adaptation) - and the remaining third needs to focus even more on interaction (unconferences, small workshops, hackatons...) and not the usual talks.
Ok. #IT nerds of the fediverse. Let's do a thought experiment. It's Monday morning, the boss comes in. We need to move all out stuff off US clouds onto our own hardware. He's bought us a small data centre (or larger server room). It's empty, just a raised floor, a power panel on the wall, Aircon, and two MAN generators outside. He wants you to buy everything to make this facility work. The catch. It has to all come from European companies. Everything.
What do you buy from who?
1/n
@da_667 Are you playing xcom through steam? It may still work if you copy stuff over. Proton has been great in my experience. Also if you plan to do heavy gaming thd bazzite kernel might be useful on top of whatever else you choose. Optimized for it + steam.
@Kiloku It's so frustrating that people with foolish assumptions are being given so much money and zero accountability.
this is not a joke. behold the power of mastofuse, a file system mastodon client: https://gist.github.com/halcy/b4f455ef05c4c36906107e9367b8dd63
AI web crawlers are a menace.
https://thelibre.news/foss-infrastructure-is-under-attack-by-ai-companies/
Literally no reason they can't just make their scraping a bit less evil to avoid this. Just add some cache logic and respect robots.txt 🤷
@xeiaso.net Been following them for a few years actually :O
Can I Use for accessibility - Go Make Things:
https://gomakethings.com/can-i-use-for-accessibility/
@tychi ϛ⊙∪⊙ϡ
Occult Enby that's making local-first software with peer to peer protocols, mesh networks, and the web.
Exploring what a local-first cyberspace might look like in my spare time.