A self version of Shazam

La merditude des choses est un fait, mais le narratif du déclin inéluctable est un choix.

A quizz with 20 questions

hashing: SHA-512
Password or one time code hashing: Argo2id
Key derivation: SHAKE256 or HKDF-SHA512
Api key: prefix + version + Base32LowerCase.encode(UUID || 32-byte secret); hash function: SHAKE256 with a 512 bit output, or SHA3-512 or SHA-512

Encryption: AES-256 has too short nonces, jey / nonce reuse is catastrophic and it's also lacking context commitment. XChaCha20-Poly1305 lacks context commitment, that's why ChaCha20-BLAKE3 is recommended.

Encrypting secrets: use a Key Management Service

Symmetric Key signature: HMAC-SHA512
Asymmetric key signature: ML-DSA-65, or ML-DSA-87
JSON Web TOkens: ML-DSA-65 for asymmetric signatures or HMAC-SHA512 for symmetric signatures

End-to-end encryption

While you probably need more advanced protocols for your specific use case (e.g. The Messaging Layer Security (MLS) Protocol, RFC 9420, for messaging), basic end-to-end encryption to a public key has been standardized in RFC 9180 - Hybrid Public Key Encryption (HPKE). In this context hybrid means that we combine both symmetric and asymmetric cryptography.
Therefore, I recommend the following algorithms for use with HPKE to encrypt data to a public key:

• KEM: X-Wing
• AEAD: AES-256-GCM
• KDF: HKDF-SHA512

TLS

Today, the only quantum-resistant key exchange algorithm available for TLS is the hybrid X25519MLKEM768. Ensure that your load balancers / reverse proxies support it.

X.400 is arguably a better standard than SMTP, but the simple email address and the ease of implementation won.

Read from a reddit post

« Les attaquants bénéficient d’un avantage asymétrique, puisqu’il leur suffit d’exploiter une seule brèche», alors que les défenseurs doivent couvrir une surface d’attaque qui n’est certes pas infinie, mais suffisamment étendue pour laisser des trous dans la raquette. Les développeurs de Firefox ne peuvent pas se permettre de « réécrire des décennies de code en C++ ».

De l'autre côté, l'IA peut détecter ces failles rapidement. Il est probable que ce genre de détection de faille soit inclus dans les processus avant la livraison d'une nouvelle version par exemple.

l’éditeur PDF intégré, qui permet de réorganiser, copier, coller, supprimer et exporter des pages dans un document PDF.

Oh pas mal

Eine deutsche Quelle: https://www.security-insider.de/boesartige-chrome-erweiterungen-stehlen-google-telegram-daten-a-a5061625029c52a58936a94487a2a353/

Source: https://hackaday.com/2026/04/22/what-have-we-dumped-on-the-moon/

It's there if needed. A WebUSB implementation via native messaging.

• PDFs only
• provide photos!
• booking online
• integrations (birthday, events, ...)

SEO is important for search engines and other services (TripAdvisor, Google Maps, Instagram). The majority of the users are using smartphones, so mobile-first is definitely a way to built these websites.

About the possibilities of the web

The GNU Coreutils version published a faster version of some tools

In contrast to the frozen NPM package pages, npmx delivers some improvments:

• Transitive install size (similar to bundlephobia or packagephobia)
• Install script disclosure: any preinstall, install or postinstall script is rendered on the package page along with the npx
• outdated and vulnerable dependency trees
• version range resolution
• module replacement suggestions for features that become built-in ECMAScript. The dataset comes from https://github.com/es-tooling/module-replacements
• module format and types badges: ESM, CJS, both. Typescript types, node engine range
• Multi-forge repository stats instead of GitHub only
• cross-registry availability: npm, JSR
• side-by-side package comparison
• version diffing between two versions of the same package
• release timeline with size annotations: Every version of a package is plotted on a timeline with markers where install size jumped by a meaningful percentage
• download distribution by version (avoid download breaks with major versions)
• command palette
• i18n
• accessibility as default
• agent skill detection
• social features on AT Protocol
• Local-CLI admin connecter
• dark mode and custom palettes

An alternative to the frozen NPM which delivers more useful informations per package

I did not install any Anthropic browser extension. I have never installed a Claude browser extension due to privacy and security concerns. I did install Claude Desktop, the Mac app, a while back. That is the only thing on this machine which could have written the file. Claude Desktop reached into Brave, a browser from a completely separate vendor, and registered a back door for a browser extension I do not have.

and the security risks involved is concerning.

Vercel's turn