Daily Shaarli
June 26, 2026
headingoffset is a new HTML attribute to increase the upcoming heading levels. It's definitely not there yet https://caniuse.com/?search=headingoffset
How can I style an H3 when there's no H3 tag?
With the selector :heading(3).
But be aware of the browser support: inexistant (https://caniuse.com/mdn-css_selectors_heading)
Privacy, Control, Longevity, Built for Mac, Fun. See details https://usebilly.app/en/features
Plans are 3€ per month, 25€ yearly or 80€ lifetime.
No way it's real: using specific URLs with a NO_ROLE provide access to the dashboard of the FIFA worldcup 2026.
The whole thing boils down to one architectural mistake: client-side authorization with no server-side enforcement.
FIFA's internal applications use Microsoft Entra for authentication and role-based access control. The Angular/React/Vue frontends check the JWT token for role claims and render access-denied pages accordingly. But the backend APIs trust any authenticated tenant member and serve data regardless of roles.
Rules to follow:
- Get a security.txt file. Seriously. It's 2026.
- Publish a VDP (Vulnerability Disclosure Policy). You're running the biggest sporting event on earth.
- Client-side authorization is not authorization. Every intern learns this.
- When a researcher has to call CISA and the FBI to reach you, something is wrong.
- Start a bug bounty program. Researchers shouldn't have to call the FBI to do you a favor.
In this post, I’ll walk through a set of common misconceptions that drive teams to introduce new infrastructure when they don’t need to. All of these can be solved with vanilla PostgreSQL 18 using standard extensions available on RDS, with no special infrastructure and no distributed-systems cosplay.
Mindful Design is the responsible designer’s survival guide. Learn resilient and responsible design practices and own your early stage design — from idea to shipped and beyond.
It's a book and video course, but there is also a toolkit: https://mindfuldesign.xyz/toolkit/intro/
First files are awesome, because the file format is the API to understand the content.
You may create a file in one app, but someone else can read it using another app.
After this introduction, an everything folder for social media is the theory: the folder would include everything you've created across different social apps. In that world, a “Tumblr post” or an “Instagram follow” are social file formats.
Bluesky, Leaflet, Tangled, Semble, and Wisp are some of the new open social apps built this way.
The author then details a typical social media post in JSON format, and how to store them as files. Domain names can be used to split each social media.
Then how to store a like with identity files (and the standard DID).
An example of such architecture is available at https://pdsls.dev/at://did:plc:fpruhuo22xkm5o7ttr2ktxdo
The apps then reacts to the change made in the social filesystem.