his web app will send you a confirmation email to make sure you own the email address. In that email there will be another link. Click that link and you will be taken to a page where you can trigger test emails to be sent to you. Those test emails are specially crafted to use a variety of techniques, to attempt to send information back to this server when read. It will then display the results for you.

The project is available at https://gitlab.com/grepular/ept3

Whether you are a software engineer, a lawyer, a manager, or an entrepreneur, your value is directly correlated with how efficiently you can process new information to stay relevant in your field in an ever-accelerating world.

But there are two problems.

The first one is that today, there is simply too much information available and it's hard to extract signal from the noise.

The second problem is that knowledge ("white collar") jobs are evolving faster than the capacity of most people to learn new things. For example, today, you are a software engineer developing backend applications, and you may want to move into machine learning with all the recent and exciting advancements.

Good news: Knowledge follows the law of diminishing returns. By spending two weeks studying a topic really hard, you can assimilate the most important principles and become better than maybe 90% of the people on this plane

JavaScript Patterns Patterns focused on plain Javascript and Node.js

Why benchmarks should be carefully used as arguments

"stateless" authentication simply is not feasible in a secure way. You must have some state to handle tokens securely, and if you must have a data store, it's better to just store all the data.

The reason to avoid JWTs comes down to a couple different points:

• The JWT specification is specifically designed only for very short-live tokens (~5 minute or less). Sessions need to have longer lifespans than that.
• "stateless" authentication simply is not feasible in a secure way. You must have some state to handle tokens securely, and if you must have a data store, it's better to just store all the data. Most of this article and the followup it links to describes the specific issues: http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/
• (Yes, people are doing it, and yes, their applications are flawed, and you should not repeat that mistake.)
• JWTs which just store a simple session token are inefficient and less flexible than a regular session cookie, and don't gain you any advantage.
• The JWT specification itself is not trusted by security experts. This should preclude all usage of them for anything related to security and authentication. The original spec specifically made it possible to create fake tokens, and is likely to contain other mistakes. This article delves deeper into the problems with the JWT (family) specification.

Not updated anymore, but still relevant

Une revue du logiciel par Korben

It completes my post "Where to find blogs to follow?".

1. Personal recommendations

2. Aggregations

   • Bear Blog Discover: https://bearblog.dev/discover/
   • Blogosphere: https://blogosphere.app/
   • Blogroll: https://blogroll.org/
   • Bubbles: https://bubbles.town/
   • Kagi Small Web: https://kagi.com/smallweb
   • PowRSS: https://powrss.com/

3. Social media

Many people on the fediverse have blogs and share common interests with hastags. Hashtags can be followed to get content by the way.

I came to this way of thinking by sheer accident. I was traditionally a desktop business app developer, and by the time I saw the writing on the wall, SPA frameworks were the dominant meta in front end. As I started getting contracts, I worked on one project with such a tight deadline that I simply had no time to bring a critical library into the cinematic React universe. So I just... wrote JS. I modified the DOM. And you know what? It was fine. Not only was it fine, it was easier. I wrote a little stream object in ~50 LoC to react to user inputs, and it worked flawlessly. I felt lied to. I thought making a web page interactive was an insanely difficult task only SPA framework authors were qualified to do? Yet here I was just... scripting the page.

The only cases to use framework is for project maintainability as I've found so far.

Typo-squatting: using URLs is a false solution. "By making crate IDs longer, whether by namespacing within crates.io, GitHub organizations, or via domains, you only make it harder for users to remember them precisely, and thus harder to recognize typo-squatting."

Sandboxing can not be handled by the language itself.

It's the developer responsability to use crates on crates.io. It's an audit to make. Rust provides tool for it: cargo-vet, crates.io 90 day download plot, cargo chef or Nix to build isolation.

Also Rust itself does not have the resources for it at the moment. They simply can't. The compiler and std are primarily developed by volunteers, who don’t get anything out of it except for rare donations from other members of the community. The Rust project is not the same as GitHub or Linux. They don't have the same support.

We’re not nearly close to the level of security a centralized registry can provide. On the software side, in 2025 Rust teams made or piloted tools for typo squatting detection, dynamic build script analysis, and real-time code scanning. On the personal side, Rust Foundation hired on-call engineers in 2025 and a second infrastructure engineer in 2026. If that sounds overdue, well, they had net loss in 2023 – software isn’t cheap.

Summary of the changes in the kernel 7.0

The major version number is incremented when the number after the dot starts looking "too big." There is literally no other reason.

Gowall started as a tool to convert an image ( specifically a wallpaper ) to any color-scheme / palette you like! It has now evolved to a swiss army knife of image prosessing offering (OCR,Image upsacling,image compression and a lot more)

This is why I think the whole crunch culture is fucking stupid. People need rest. Without it, you spend more time doing things badly, because the tunnel vision that comes from working 10’s of hours straight means you’re not open to the possibility that the problem might be elsewhere.

le FBI a réussi à extraire et lire des messages Signal d’un iphone à l’aide de techniques de forensic.

car l'aperçu des notifications est stocké en clair dans une base de données locale du système.

Signal est ici pas en cause, mais bien le stockage des aperçus de notifications.

Si vous utilisez un iPhone, quelques réglages simples peuvent limiter les dégâts :

• Dans Signal → Notifications → “Ni le nom ni le message”
• Dans iOS → Notifications → Signal → désactiver les aperçus ou les limiter à “Quand déverrouillé”

Et surtout, il faut déconstruire une idée reçue tenace : celle de “l’application magique” qui réglerait tous les problèmes de sécurité. C’est une illusion dangereuse.

A great FAQs. CommonJS and ESM is still a mess, especially. Yes I am looking at you NestJS.

Topics covered:
How can I move my CommonJS project to ESM?
Can I import ESM packages in my TypeScript project?
How can I make my TypeScript project output ESM?
How can I import ESM in Electron?
I'm having problems with ESM and Jest