An example of entry point in a documentation

Un service d'hébergement récent (2015) en France dans différent datacenter

64-bits pointer address can be compressed to 32 bits

SVG filters are really good for text effects.

The CSS alternative version (because it can be more powerful or maintainable)

Share location to someone else without Google Maps but using OpenStreetMap instead

Things I already know, but are useful to share

That's why Content Security Policies in HTTP are still useful for CSS

Forms in Angular with the latest version

Le Nasdaq ou le SNP500 se portent bien, mais les entreprises technologiques n'ont pas la croissance espérée par l'IA, et les bénéfices tardent à arriver.

Laut Reuters ist eine VPN-Funktion vorgesehen, die den Nutzerdatenverkehr als US-amerikanisch erscheinen lässt.

freedom.gov is the reserved domain for it.

It's only a political move, because there are already VPNs outside of the EU

GreyNoise watches the internet's background radiation—the constant storm of scanners, bots, and probes hitting every IP address on Earth. We've cataloged billions of these interactions to answer one critical question: is this IP a real threat, or just internet noise? Security teams trust our data to cut through the chaos and focus on what actually matters.

An IPv6 can de divided into 3 pieces:

• 48 or more bits of network identifier (also known as the subscriber prefix)
• 16 or fewer bits of subnet identifier
• 64 bits of interface identifier

The RFC mentioned can be obsolete, but are kept up to date at
Using MAC adresses was flawed, and location data was too. The randomization defined in RFC 30411 was then refined in RFC 7217. Here comes the SLAAC protocol.

Steps:

1. Calculating a link-local address
2. Link-local Duplicate Address Detection (DAD)
3. Locating a router (by sending a Router Advertisement (RA) message)
4. Calculating a routable address

DHCPv6 (RFC 3315) solves also the domain name association with IPv6 while distributing additional information.

There is an address renegotiation to preserve privacy.

Slaac is vulnerable to RA spoofing, and DNS spoofing. The proposed solution is to use IPsec, but it's complicated to deploy. SEcure Neighbor Discovery introduced a dedicated cryptographic authentication protocol for network discovery.

Another potential issue is that a network device can respond with Neighbor Advertisement packets for every Neighbor Discovery it sees. This will effectively block any device from completing Duplicate Address Detection, hence blocking SLAAC from completing. Preventing this attack is a current research topic 1, 2, 3

Passer les PNG/JPEG qualité 90 à AVIF qualité 50 permet d'économiser au moins 75% de bande passante.

L'idée plus innovante est de compresser au préalable les ressources avant qu'elles soient utilisées.

[Précompresser avant de déployer] veut dire qu’on peut les compresser une seule fois, avec le niveau maximum, et demander à nginx de servir directement les fichiers pré-compressés. Zéro CPU à chaque requête, mais surtout un meilleur ratio au final, car on peut compresser plus fort.

En outre, Zopfli permet de compresser en .zip avec 3 à 8% d'efficacité en plus.

# Serve pre-compressed files generated at build time
gzip_static on;
brotli_static on;  # nécessite libnginx-mod-http-brotli-static

# Fallback pour les contenus non pré-compressés
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_types text/plain text/css text/xml text/javascript
           application/javascript application/json
           application/xml image/svg+xml;

La compression Brotli permet de compresser à hauteur de 81% le HTML. La score des Web Core Vitals est passé de 70-85 à 99%.

Le ministère de l'intérieur rejette les adresses email en @protonmail.com puisqu'elles sont considérées comme jetable? Et celle en gmail alors?

Murena Maps prend le contre-pied, car l’application fonctionne nativement en ligne avec les données OpenStreetMap. Elle offre une précision immédiate sans encombrer la mémoire du téléphone, tout en garantissant qu’aucune donnée de localisation n’est vendue à des tiers.

Unsuscribe from the main digital services provided by U.S. companies.

Meh, c'était uniquement pour les JO. Oh suprise, elle devient permanente.

The yearly survey about Javascript (features, libraries, tools, usage, resources, demographics)

Cela est logique:

Les entreprises en question sont des producteurs de gaz et de pétrole, de charbon (Aramco, Gazprom, etc.). Pas les consommateurs.
Ça serait comme dire que BMW ou VW sont les constructeurs automobiles qui tuent le plus sur les routes. Ça n’a pas de sens.

Pour qu’ils arrêtent de produire du pétrole et du gaz, faut arrêter d’acheter du pétrole et du gaz. Ils ne vont pas arrêter de le vendre d’eux-mêmes.
En France, notre électricité parmi la plus décarbonée du monde est taxée deux fois plus que le gaz (au kWh).
On peut donc rêver pour que la motivation vienne des États. C’est pas sur eux qu’il faut compter.
Enfin, je rappelle que si tous les efforts (et dépenses) faits par les écologistes pour combattre le nucléaire au profit du vent et du solaire avaient été fait dans l’autre sens, la part d’électricité décarbonée dans le monde serait de >50 %, pas 12 % (oui, il ne faut pas confondre électricité et énergie primaire, mais quand-même : une partie de l’énergie primaire est fossile parce qu’on refuse de produire de l’électricité à la place : chauffage, transport, etc. qui sont très faciles à électrifier). Compter sur les écolos (écolos politiques) c’est donc également une idée à la con.

Et concernant l'article qui semble plus d'opinion

Savoir que 32 conseils d'administration tiennent notre destin entre leurs mains est terrifiant, certes. Mais c'est aussi une simplification bienvenue du problème. Il est plus facile de cibler 32 entités bien définies que de changer, d'un coup de baguette magique, le comportement de 8 milliards d'individus.

Pour cela, il faut que toutes les nations de la planète se mettent d'accord, mais lorsqu'on voit les tensions à l'échelle du globe, cela reste pour le moment une utopie. Obliger ces entreprises à payer revient à augmenter les coûts des énergies extraites (ou diminuer les marge de ces entreprises artificiellement, qui vendront alors au plus offrant).

Le web étaient constitués d'humains créant du contenu pour des humains. Maintenant, l'IA crée du contenu (en publiant sur le web) que d'autres AI (en piochant sur le web) vont résumer pour les humains.

Le web est donc invisibilisé, et la qualité du contenu médian ou moyen décroît.

L'accès aux pipelines n'est plus ouvert sur le web, mais requiert maintenant une authentification.

The reset:

legend {
  padding: 0;
  display: table;
}
fieldset {
  border: 0;
  padding: 0.01em 0 0 0;
  margin: 0;
  min-width: 0;
}
body:not(:-moz-handler-blocked) fieldset {
  display: table-cell;
}

A local-first alternative to Notion

A review of multiple fonts

Now with Firefox support

1. A simple queue.json
2. Batching with group commit
3. Use a brokered group commit to eliminate contention over the queue object
4. HA brokered group commit to handle unfinished job or broker machine die

Similarly to the job system we built at work, it guarantees at-least-once delivery.

I don't know if the pattern becomes too complex to be viable.

En effet, la faille CVE-2026-20841 exploite une injection de commande via des liens malveillants dans un fichier Markdown. Vous ouvrez le fichier, vous cliquez sur le lien, et hop, exécution de code à distance sur votre bécane. Personne chez M$ n'avait pensé à filtrer les protocoles des URL. Résultat, un lien du type file:///C:/Windows/System32/cmd.exe ou ms-msdt:// s'exécute comme si de rien n'était.

(via https://www.techspot.com/news/111287-unwanted-ai-upgrade-windows-notepad-created-serious-security.html)

Delete the Google Ad ID in the settings > Google > All services > Ads > Delete ID

TempleOS running in the browser

Les systèmes de vérification d'âge sont facilement contournable.

Des définitions avec des exemples de locales.

i18n: The design and development of a product that is enabled for target audiences that vary in culture, region, or language.
i10n: The tailoring of a system to the individual cultural expectations of a specific target market or group of individuals.
Locale: an identifier for a set of international preferences
international

Ainsi que les RFCs les définissant, avec notamment l'exemple de l'en-tête HTTP "Content-Language", "Accept-Language".
Les locales sont aussi utilisées via l'attribut lang, la spécificité de translate, dir, hreflang en HTML; et les possiblités d'usages en CSS via les sélecteurs

L'interface web de Pandoc pour convertir des documents

Avec la fin du support de Windows 10, Linux atteint 5% d'utilisations selon StatCounter. À l'opposé, Windows a perdu environ 10% comparé à janvier 2022.

L’autre moteur de Linux, comme en France, est sa compatibilité de plus en plus avancée avec les jeux vidéo, lui permettant même de battre Windows sur certains benchmarks en performance.

First off, it takes time to grow a design system's coverage. Design systems exist to provide common solutions that are versatile enough to be applied in multiple contexts. To do that successfully, we first need to fully understand those contexts - and that means diverging before we converge.

Ultimately, design systems are not replacing nothing. They’re replacing context-specific (if inefficiently created) solutions.

It doesn’t make sense for product teams to adopt design system components and patterns unless it matches or exceeds the quality of those that they’re already using.

"Vibe coding" is a trendy expression for "Automated coding".

Automated programming especially allows me to quickly build the tools I need so fast that every blacksmith that ever existed on this earth would envy me deeply.

With the automated coding, "we can finally get rid of all that middle work. That adapting layer of garbage we blindly accepted during these years. A huge amount of frameworks and libraries and tooling that has completely polluted software engineering, especially in web, mobile and desktop development."

The frameworks claim to solve three problems: simplification, automation and labour cost. "You unlock a feature that has nothing to do with engineering: you no longer need to hire a software engineer. You hire a React Developer.

Software engineering is back in a sense again: We have the chance again to get rid of useless complexity and keep working on the true and welcome complexity of our ideas, our features, our products. The complexity that matters. The complexity that is actually yours.

Automation and boilerplating have never been so cheap to overcome. I’ve been basically never writing twice the same line of code. I’m instantly building small tools I need, purpose built, exactly shaped around the problem at hand. I don’t need any fancy monorepo manager. A simple Makefile covers 100% of my needs for 99% of my use cases.

Bash, makefiles, ...

Think about it

The author creates a project to gather statistics about the top most starred projects on Github or the most downloaded packages on NPM.

1. 9-27% of JS/TS projects declare themselves to be ES Modules
2. Less than 6% of JS/TS files declare that they are ES Modules via the .mjs, .cjs or .mts file extensions.

Some ideas:

1. kill .mjs, .cjs and .mts should be replaced by the type="module" in package.json. Let's stick to .js, .jsx, .ts and .tsx
2. Make type="module" the default and warns when the type is not set to module.
3. We should upgrade the most common libraries used by the community to ES Modules
4. The NPM registry can require an explicit module field on new packages, making it clear when a package intentionally uses CommonJS.
5. NodeJS can officially drop support for require and module.exports in a future version, creating a bit more pressure to migrate.

He creates beautiful illustrations. They are related to solarpunk.

For the last few years I witnessed many well-meaning writers and academics try to write about a better climate future - be it under a name of Solarpunk or any other - and struggle to find art illustrating their work.

The same content can create clarity for one person and confusion, stress, or exclusion for another, without changing a single word.

Accessibility is a must. Here are some examples

1. When color disappears completely

• Buttons that look clickable even without color
• Links that are underlined or styled consistently
• Hierarchy created through spacing, borders, size, and structure

2. When nice colors choices stop working

• Contrast that survives more than one type of vision
• Less reliance on subtle color differences
• Clear affordances that don’t depend on perfect perception

3. The most color blindness is ignored

• Meaning that survives without red or green
• Icons, labels, or position reinforcing importance
• Safer decisions and faster understanding

4. When text becomes slightly blurry

• Text that stays readable when slightly blurred
• Comfortable line height and spacing
• Zoom that doesn’t punish the layout

5. When you can only see a small part of the screen

• Clear headings that anchor the page#
• Logical reading order
• Visible focus states that guide navigation

7. When letters won't stay still (dyslexia)

• predictable layouts
• plain, calm language
• no uneccessary visual tricks

8. When language stops making sense

• plain language
• clear labels
• information that unfolds gradually, not all at once

1.There are three states of being. Not knowing, action and completion.00

2. Accept that everything is a draft. It helps to get it done.
3. There is no editing stage.
4. Pretending you know what you’re doing is almost the same as knowing what you are doing, so just 5. Accept that you know what you’re doing even if you don’t and do it.
5. Banish procrastination. If you wait more than a week to get an idea done, abandon it.
6. The point of being done is not to finish but to get other things done.
7. Once you’re done you can throw it away.
8. Laugh at perfection. It’s boring and keeps you from being done.
9. People without dirty hands are wrong. Doing something makes you right.
10. Failure counts as done. So do mistakes.
11. Destruction is a variant of done.
12. If you have an idea and publish it on the internet, that counts as a ghost of done.
13. Done is the engine of more.

There is also an illustration for it

1. unsystematic
2. valid
3. semantic
4. Accessible
5. Required-only
6. hyper-optimized

Un jeu sur l'écologie dans le navigateur

Rules can be ignored, but safety rules should always be considered. They are always defined after accidents.

avec 100GB par an supplémentaire

The official post of Notepad++

(from https://arstechnica.com/security/2026/02/notepad-updater-was-compromised-for-6-months-in-supply-chain-attack/)

Bloctel est dedié au téléphone, en dehors du démarchage pour les travaux sur la rénovation énergétique.

SignalSpam est le service dédié aux mails.

Signal Conso est dédié au reste il me semble.

That's awesome for dev and UX feedback. It w. It follows the trend that the tool only exports into a human readable format and that's more than enough.
The UI or the interpretation of the JSON can be built later on.

Uxnote is an annotation bar for mockups and websites. Drop a single script to get text highlights, element pins, numbered cards, color theming, a dimmed focus mode, import/export, and email handoff. No plugin and no backend required.

It's similar to https://loomflows.com/ but minimalistic and provide full-control over the data.

An explanation of assertion usage in SQLite. The more I read about it, the more I am willingly to pay 5% runtime to have these checks.

The world’s solar capacity reached 1,419 gigawatts in 2023, way beyond any predictions. 1 gigawatt = power for a medium sized city

The incident was caused by a configuration state drift between our central software repository and the live hardware settings in the FR7 production environment that went undetected before the rollout.

The Forward Error Correction settings were missing during the release.

This seems to be the healthy way to invest

So, other than Dual_EC_DRBG, NIST's cryptography may not be backdoored, but maybe backdoors aren't needed when the standardized cryptography is far from the state of the art and full of holes that weaken too many projects. Maybe the lack of secure-by-design cryptography is a feature for some, not a bug. Or maybe there are legitimate reasons for promoting legacy algorithms, who knows.

The thing is, modern and secureby-design cryptography exists, notably from D. J. Bernstein:

• ChaCha20 for secure and fast encryption
• X25519 for key exchange
• Ed25519 for signatures
• BLAKE3 for hashing, key derivation, and symmetric signatures (MAC) (BLAKE3 is based on a slightly modified core of the ChaCha20 function)
• The Safe Curve list

Key features:

• (mostly) Static memory management
• Advanced type system
• LLVM-backed compiler with "write once, run anywhere"
• Open governance and decentralized development

There are drawbacks:

• weird proposals
• the compiler uses a lot of resources
• the syntax can be heavy sometimes
• it's anemic standard library. It's a nightmare of supply chain security. The rust needs an official extended standard library packages for all the most common tasks: base64, crypto, rand, uuid...

The website design changes every time it loads.

See https://codeberg.org/vasilis/the-web-you-want

ul.notes li {
    list-style-type: "Note: ";
    list-style-position: inside;
}

The ::marker pseudo-selector can be used to customize the rest. Generating content for markers is supported by Chromium and Firefox, but not by WebKit.

A list of symbols can be used with symbols(). The browser support is not great though. @counter-style can be used instead. It's Baseline Newly Available since 2023.

There is also the old ::before trick to set custom contents.

As summary:

On December 12, 2025, PayPal identified that due to an error in its PayPal Working Capital ("PPWC") loan application, the PII of a small number of customers was exposed to unauthorized individuals during the timeframe of July 1, 2025 to December 13, 2025

The data breach involves 100 customers

AVIF est à préférer. Le codec est plus performant que VP9 (dans WebP) et H.264 (dans JPEG). La qualité de l'image est aussi meilleure (gammes de coloeur, divers espaces colorimétriques) et sans redevance. Le support d'AVIF n'est pas encore optimal pour les navigateurs, mais atteint Baseline 2024.

WebP est au contraire établi, avec ou sans perte.

Ce mercredi 18 févriers, une intrusion a permis l'accès à 1.2 millions de compte.

Microsoft serves a AI diagram that is clearly plagiarism.

take someone's carefully crafted work, run it through a machine to wash off the fingerprints, and ship it as your own.

and a sloppy content compared to the original

C'est excellent que 2000 établissements sanitaires et médico-sociaux essaient de s'émanciper en développant leurs propres outils pour améliorer les services aux adhérents, rendre les offres de marchés plus lisibles et optimiser son organisation interne.

[Generated by AI]

The paper critically analyzes the security claims made by several widely-used cloud-based password managers that advertise “zero-knowledge encryption”. This is the property where the provider theoretically has no access to users’ plaintext passwords or vault contents.

The researchers assume a fully malicious server — that is, attackers who have complete control over the server infrastructure and can respond arbitrarily to client interactions. This is stronger than traditional models where attackers might only obtain stored encrypted data.

Three major password managers were analyzed: Bitwarden, LastPass, Dashlane. These services account for 10 millions of users (~23% market share).

The paper identifies multiple distinct attacks that break various security guarantees under the malicious-server model:

• 12 attacks against Bitwarden
• 7 against LastPass
• 6 against Dashlane

These range from integrity violations of specific user vaults to complete compromise of all vault data in an organization. Many of the identified attacks can lead to full recovery of stored passwords when the server behaves maliciously — undermining the advertised zero-knowledge guarantees.

The results highlight a broader point: cryptographic assurances depend heavily on threat models — in particular, whether the server can be fully malicious. If real zero-knowledge security under malicious servers is required, current designs may be insufficient.

Takeways:

• Users should be aware that “zero-knowledge encryption” may not be robust in server-compromise scenarios — even if it protects against passive breaches of encrypted data.
• The security of password managers still significantly improves over reusing passwords or storing passwords unencrypted — but the strongest claims require careful interpretation relative to rigorous threat models.

En se connectant aux serveurs MQTT utilisés par DJI, Azdoufal affirme avoir pu identifier environ 7 000 robots aspirateurs actifs dans 24 pays en l’espace de quelques minutes. Chaque appareil envoyait régulièrement des données : numéro de série, pièces de la maison en cours de nettoyage, obstacles rencontrés, niveau de batterie, retour à la station de charge, [...] plan 2D.

Selon lui, il ne s’agissait pas d’un piratage classique : aucune intrusion par force brute ou exploitation complexe. Il aurait simplement extrait le « token » privé de son propre appareil, censé limiter l’accès à ses seules données. Or, les serveurs auraient renvoyé les informations d’autres utilisateurs sans contrôle d’accès suffisamment strict.

About stepping down

I didn't fail. I stepped down because I didn’t want what the role required. And occasionally, my ego forgets that.

The revenue numbers back this up. App Store grew 11% in 2025, Google Play 5%. There's still tons of unmet demand, especially for niche use cases that were never worth building before. Lower development costs mean these niches finally get served.

For apps that run locally—no servers, no cloud costs—subscriptions make no sense anymore. The only real cost is development, and that's becoming negligible.

This sucks for developers trying to make a living from apps. The competitive pressure is going to be brutal. But for users? It's great. People have been complaining about app subscription costs for years. There's that old complaint: "Why do I have to keep paying for software after I already paid $1000 for my iPhone?"

Retour d'expérience d'un développeur

Another ode to the web

The Web of homemade websites. It’s not the Web of perfect websites. But it's — the Beautiful Web.

If one employee is using AI

your employer captures 100% of the value from you adopting AI. You get nothing, or at any rate, it ain’t gonna be 9x your salary. And everyone hates you now.

And you’re exhausted. You’re tired, Boss. You got nothing for it.

Compared to the 80', time moved slowly in the sense that news and events were spaced way out and society had time to reflect on them. Now it changes so fast we can’t even keep up, let alone reflect.

Crazy addicted early adopters like me are controlling the narrative and make it unrealistic
You can’t stop reading about it in the news; there’s nowhere to hide from it.
Panicking CEOs are leaning in hard to AI, often whiplashing it into their orgs.
Companies are capitalistic extraction machines and literally don’t know how to ease up.

and we’re all setting unrealistic standards for everyone else.

$/hour. "I told the grumbler group, you can’t control the numerator of this ratio. But you have significant control over the denominator. I pointed at the /hr for dramatic effect."

The ambiguity level and the number of unknowns are definitely a crucial factor when it comes defining our modules, and especially when it comes to the implementation strategy choice

The more ambiguity we have, the more fluid and dynamic our domain is and the less certainty about its final shape we have, the more we should focus on adopting a strategy where it is the least costly to completely redesign and rearrange our modules.

Simple modular monolith: folders. Microservices needs one application per module. That's a high cost.

requirements, and some of them might have needs somewhere in between. Thanks to the fact that every module is now basically a separate application, we can assign different resources to each module and have it in a different, often dynamic, number of replicas, based on its own unique needs.

We can eliminate many problems of microservices by adhering to one, simple rule:

When serving any external network request, synchronous or asynchronous, a service can not make any network calls to other services, synchronous or asynchronous.

About SPAs: avoid global things that apply everyhwere

As the last resort, we can have a separate SPA per a few selected routes, having as many html pages as we have SPAs (multiple SPAs approach), or use the Micro Frontends

To reiterate, we went through the following strategies, ordered from simplest to the most complex one:

• Simple Modular Monolith
• Modular Monolith with Isolated and Independently Deployable Modules
• Modular Monolith with Helper Services
• Constrained Microservices - Microliths
• Microservices

I would say things are always easy when the modules are clear, defined and documented :)

À noter que ces formes d'abus sont maintenant catégorisés comme "terrorisme" afin que les moyens déployés soient conséquents. Cette amalgame renforce la dérive des outils de lutte contre le terrorisme (et de surveillance) à finalement tout les problèmes sociétaux.

Les dispositifs applicables en matière de terrorisme seront appliqués, à la fois s’agissant des subventions et s’agissant des référencements de ces sites qui peuvent inciter à la haine et à la violence

Fin janvier, la porte-parole de la Fédération nationale Solidarité femmes, Camille Lextray, avait évoqué des « tentatives de saturation du 3919 », avec « des appels coordonnés », « des appels de plus en plus virulents » ainsi que des « attaques envers les écoutantes ».

A deep dive into ASCII rendering.

It seems great but I don't have time for it.

relevant questions about to include anti-patterns in the documentation. Note these questions are also pertinent .

• How much is the component or pattern being used?
• How often are people looking for it in our design system?
• Is there an opportunity to make it less bad?

Including bad practice in design systems gives us an opportunity to call it out: it's the perfect place for alignment of our understanding or opinion of what constitutes bad practice.

I don’t subscribe to the idea of purely “descriptive” design systems - ones that simply systematise existing UI, regardless of its usability and quality. Design systems have a responsibility to mitigate - and certainly to not proliferate - bad practice.However, design systems must also acknowledge the reality of the context in which they sit. If problematic components and patterns are being widely used, then our design systems can play an important role in discouraging further uptake, raising awareness of their issues, and offering risk-mitigation advice and alternatives to consider. As with most design system concerns, there’s no blanket solution here. But I hope these considerations will help you the next time you’re faced with this question.

Un retour des posts publié entre 1996 et 1998. Le web a tellement évolué depuis!

Publié le 17 juillet 1998.

A l'époque, la France limitait le chiffrement avec une clé de 40 bits, là où l'EFF avait cassé un chiffrement 56 bits avec une machine de 250 000$. Donc ce prototype de l'EFF cassait la clé de 40 bits en 3 secondes.

L'auteur recommandait

Bref, il est temps que les gouvernements se décident à autoriser un cryptage un rien plus costaud. Un cryptage à l’aide de clefs de 64 bits est déjà largement plus puissant. Évidement, cela ne résoudra pas le problème de l’état qui veut avoir un oeil sur tout.
Mais sérieusement, est-ce que les criminels en tout genre vont s’amuser à crypter en utilisant des outils légaux ? Non, ces mêmes criminels utilisent des clefs de 1024 bits ou même de 2048 bits (PGP est capable de coder avec une telle puissance et il est très simple à mettre en œuvre)."
Donc, le seul qui est gêné dans l’histoire c’est l’honnête citoyen qui désire simplement éviter que son patron, son provider, une tierce personne aille mettre un nez dans ses affaires

GitHub Issues as free database

Le media couvre de Bordeaux et ses environs.

La grappe est un site collaboratif, et indépendant des partis politiques, organes de presse et syndicats, de Bordeaux & alentours.

Il fait partie du reseaumutu.info.

(via https://contre-attaque.net/2026/02/07/la-grappe-le-media-autonome-qui-secoue-bordeaux-et-sa-region/)

The breakpoint is used for mobile, but appears inconvenient for tablet or half-screen windows.

Solutions:

• having more breakpoints in between
• design with container queries in mind
• make the design dynamic at its core, meaning that it can change based on the number of items
• leverage well supported features like Grid and Flex

appearance: base-select, so it's too early yet.

<details>  
  <summary class="video-summary">
    <!-- Video Placeholder Image -->
    <img src="https://lab.n8d.studio/htwoo/htwoo-core/images/videos/big-bug-bunny.webp" class="video-thumbnail">
    <!-- Play Button -->
    <svg class="video-playicon" data-id="icon-play-filled" viewBox="0 0 32 32" data-icontype="filled"><path d="m11.167 5.608 16.278 8.47a2.169 2.169 0 0 1 .011 3.838l-.012.006-16.278 8.47a2.167 2.167 0 0 1-3.167-1.922V7.529a2.167 2.167 0 0 1 3.047-1.981l-.014-.005.134.065z"></path></svg>
  </summary>

  <!-- we'll get here... -->
</details>

When a visitor decides to watch the video and clicks on the thumbnail, the open attribute will be placed by the browser on the details attribute, which means the video summary can be hidden.

1. Event-Driven Architecture (EDA)

Problèmes résolu:

• timeout si un service est lent
• 1 service down = toute la chaîne bloquée
• temps de réponse imprévisible

Pièges à éviter:

1. Event explosion
2. Debugging de l'enfer
3. Eventual Consistency mal gérée
4. Cohérence transactionnelle

2. API-First & API Gateway pattern

API-First : Concevoir l'API avant d'implémenter le service
API Gateway : Point d'entrée unique qui orchestre, sécurisé, et monitore les APIs (et Backend for Frontend)

Pièges à éviter:

• moins de 5 api et un seul frontend
• communication interne uniquement
• latence critique

3. CQRS + Event Sourcing

Command Query Responsibility Segregation: séparer les modèles de lectures et d'écritures; deux bases de données différentes optimisées pour leur usage.
Event Sourcing : Au lieu de stocker l'état actuel, on stocke tous les événements L'état actuel est reconstruit en rejouant les événements.

Cas d'usage: Performance, audit et compliance, analytics temps réel

Pièges à éviter: complexitée surévaluée, eventual consistency, gestion de la mimgration de schéma

4. Saga Pattern

compared to 25M+ with cloud services.

So in order to set up one, the data center needs power, cooling, servers and software. The post goes in-depth about it. The list of softwares available is a great inspiration.

All of our storage arrays use mkv. The main array is 3PB of non-redundant storage hosting our driving data we train on. We can read from this array at ~1TB/s, which means we can train directly on the raw data without caching. Redundancy is not needed since no specific data is critical.

TTS is a library for advanced Text-to-Speech generation.

Constituez une liste d’établissements (maille SIRET) en combinant plusieurs critères de recherche à partir du répertoire Sirene tenu par l’Insee.

Bad programmers worry about the code. Good programmers worry about data structures and their relationships.

git actually has a simple design, with stable and reasonably well-documented data structures. In fact, I'm a huge proponent of designing your code around the data, rather than the other way around, and I think it's one of the reasons git has been fairly successful

The actionable tip here is to start with the data. Try to reduce code complexity through stricter types on your interfaces or databases. Spend extra time thinking through the data structures ahead of time.

Add a beautiful background to the screenshot

from https://www.jaydip.me/

It can be very interesting for all cases where a cms is too much, but static site generator is not usable enough for content editors

Idea -> Programming -> Feedback. Repeat.

Half of those [students] who started from scratch had working designs.

Script a demo in a demo.tape file and generate a gif for it.

More slangs

Ras le bol partagé

Calm the feeds

En reconversion, malgré le fait d'être à la 9ème place au concours:

L’argument avancé par l’administration ? Ce travail au sein de VideoLAN n’aurait pas véritablement de valeur, puisqu’il est techniquement bénévole. « Le travail autour de VideoLAN est titanesque, même bénévole, et il n’appartient pas au Garde des Sceaux ni à son administration de déjuger notre travail », défend l’ingénieur.

Les investissements ont financé la croissance, qui semble reposer sur rien de concret pour le moment.

Similarly, https://gizmodo.com/ai-added-basically-zero-to-us-economic-growth-last-year-goldman-sachs-says-2000725380

About the "the Civilian Conservation Corps, which went on to employ 3m workers (5% of the US male workforce!)"

It can be useful someday

Haha, Rust

I have the same feeling. There is currently no alternatives to Firefox. All "alternatives" are chromium-based browsers that does not help in the long-term.

I still have hope for LadyBird or Servo.

An example of backend project built with Axum to consume databases and provide a UI for it

Persona’s exposed code compares your selfie to watchlist photos using facial recognition, screens you against 14 categories of adverse media from mentions of terrorism to espionage, and tags reports with codenames from active intelligence programs consisting of public-private partnerships to combat online child exploitative material, cannabis trafficking, fentanyl trafficking, romance fraud, money laundering, and illegal wildlife trade.

Once a user verifies their identity with Persona, the software performs 269 distinct verification checks and scours the internet and government sources for potential matches, such as by matching your face to politically exposed persons (PEPs), and generating risk and similarity scores for each individual. IP addresses, browser fingerprints, device fingerprints, government ID numbers, phone numbers, names, faces, and even selfie backgrounds are analyzed and retained for up to three years.

We are cooked by this

Les captures montrent des accès à plusieurs outils internes de la Gendarmerie :

• Recrutement : gestion et consultation de dossiers de candidatures
• Gendform : plateformes de formation
• Oryx : outils de reconversion professionnelle

Les captures montrent également un accès au compte Keycloak du ministère, le système central qui gère l’authentification et les autorisations vers de nombreux services internes de l’État.

Ainsi qu'une capture d'écran au compte MindefConnect qui configure le 2FA aux applications.

Le risque principal n’est donc pas “des sites gouvernementaux hackés”, mais la compromission d’identités d’agents, susceptible de provoquer un effet domino sur des systèmes sensibles de l’État.

Another casualty of social media ban for kids.

Note that the social media affects is not wrong, but the "media" part of Facebook or TikTok: the platform decides what to show instead of a simple timeline.

On a appris que chaque commit devait être atomique, qu’il ne doit concerner qu’une seule chose, la plus petite possible, qu’il doit laisser le repository dans un état cohérent, sans test en échec, et qu’il doit avoir un message concis mais précis.

Ahaha excellent ces règles du git zen

1. Commitez quand vous voulez, quand vous pouvez, quand vous devez ⌚
   Suivez votre rythme, pas celui du code. Commitez quand vous êtes satisfait·e de ce que vous avez écrit, quand vous partez en pause déjeuner, quand vous devez passer sur un autre sujet, quand ça fait un moment que vous ne l’avez pas fait.
2. Merges uniquement 🔀
   Laissez tomber le rebase, laissez tomber le squash, mergez les branches quand elles doivent converger, point. Le rebase vous posera des pièges, sera plus exigeant, créera des conflits là où il n’y en a pas, sera plus risqué. Le merge ne vous trahira jamais.
3. Libérez les messages de commit 🗯️
   "pause café" est un message de commit parfaitement valide. "tous les tests passent !!!!" en est un autre. Si l’historique doit raconter une histoire, alors que ce soit la vôtre.
4. Nommez correctement vos branches 💾
   On interrompt la déconne au moment de nommer une branche. Peut-être que vous allez avoir plusieurs branches en cours dans votre espace de travail, que vous allez devoir jongler entre celles-ci. Leur donner des noms explicites vous aidera à ne pas être perdu·e.
5. Ne regardez jamais l’historique git 🙈
   Dédiez votre attention au présent, au futur, pas au passé.

You see, until a few years ago, it was thought that certain pains were of psychosomatic origin. Perfect test results, no instrumental readings, impossible to explain: invented, self-induced. Then we understood that they weren't invented, but real - today we know how to treat them, with good results, restoring a normal life to those who suffer from them. We are not yet able to detect the markers that tell us which nerve endings, transmitters, or whatever element gives or causes these pains, but we know they exist and we know how to treat them. Science will explain this too.

Passion has no age. And that look, that spark, that satisfaction of having identified something others had ignored - I won't forget it easily.

Des données personnelles dont le RIB des personnels ayant travaillé avant 2007 au CNRS sont achetables en ligne.

Ce vol de données fait suite à une série de vols qui dure depuis des mois en France.

Suivant l'envolée des prix de la RAM, les disques durs deviennent plus cher, puisque 80% de la production est dédiée à l'IA. Le marché grand public représente 11% des ventes de Western Digital par exemple (13% en 2024).

En pratique, le grand public subit déjà les conséquences de cette demande renforcée face à l'offre : d'après les relevés opérés par Computerbase, le prix moyen des références courantes affichant entre 4 To et 22 To de capacité a ainsi grimpé d'environ 40 % entre le 15 septembre et le 15 janvier dernier. Nos propres observations montraient une hausse plus mesurée sur le marché français, mais néanmoins bien tangible. L'affirmation de Western Digital selon laquelle sa production de l'année est déjà vendue ne devrait pas contribuer à inverser la tendance à court terme.

An alternative to Axum.

I read only kudos about the ArchWiki

I can’t stress enough how even a modest amount of pre-thinking, sketching or even just making a checklist beats jumping into a code editor or design tool, regardless of whether you’re doing a small ticket at work, building a personal site or even starting a whole client project. Sitting down and thinking away from the tools really helps you to consider what is actually important, what is a nice to have, how you measure improvement and importantly, what the process of iterations/cycles look like.

following

The website of the project is made with it https://aitorllamas.com/astro-loader-obsidian/

The map uses webrings as subway line and each station is a website. Some websites cross many subway lines.

The AI is a capable to build product from scratch, up to a limit.

Great utils

Dem Bundesamt für Verfassungsschutz (BfV) und dem Bundesamt für Sicherheit in der Informationstechnik (BSI) liegen aktuelle Erkenntnisse vor, denen zufolge ein wahrscheinlich staatlich gesteuerter Cyberakteur Phishing-Angriffe über Messengerdienste wie „Signal“ durchführt.

Seeds data automatically for databases. It's marketing tells it's more automated than fakerJS.

Rust provides a single binary (lightweight compared to JS and more cache-efficient for Docker layers)

(via https://www.reddit.com/r/rust/comments/1r1emah/rewrote_my_nodejs_data_generator_in_rust_20x/ which seems generated by AI)

Rss feeds stehen im Footer im Bereich "Aktuelle Informationen". Warum nicht im <head> !?

It feels wrong to write HTML that way, but maybe I am too used to the HTML we daily use as web developer.

I like the research though.

Un plan nataliste qui ne concentre ses efforts que sur la fertilité, comme si la baisse des naissances en France n’était pas aussi dû aux conditions de vie des familles.

Why did such an experienced leader make such an terrible mistake?

The promises made didn't hold the reality delivered.

• switching to Perl would unlock the architecture we need, rebuilding from scratch would accelerate hiring and quality)
• velocity collapsed as the team relearned and rebuilt everything, burn rate jumped from 200K to 500K per month

One strategy: how you evaluated other language candidates?

Every technical debate is really two conversations: the visible and marketed one and the (stronger private) invisible one.

The real question is: can you afford to let it make your decisions?

Because the invisible conversation has a price tag. Industry research suggests that technology stack decisions account for 40-60% of total development costs over a product’s lifecycle. Research by Stripe found that developers spend 42% of their time on technical debt.

An better question is "what is this language going to cost us?" in velocity, technical debt, hiring difficulty, operational complexity.

spf13 published a framework to estimate it: https://spf13.com/p/the-9-factors/

A crude look at technology hype cycles. The critics are valid.
Containers, Kubernetes, the "Cloud", Anything at all "as a Service", the the Blockchain – anything, everything, based on it and now, arguably the biggest and worst of all, "generative AI"

Why don’t we approach guidance and documentation as modular parts of our systems, the way we do with everything else?

For example: “Buy this book” not “Buy This Book”.

This is important in button documentation, guidance on links, content A-Z styleguide, developer documentation in GitHub, Storybook or design libraries in Figma or Sketch. Design systems seek to increase efficiency via common solutions that can be maintained centrally and reused in multiple places. We can do that for documentation too.

We can create the guidance in one of those places and link to it. This is more maintainable, but forces people to go to another place to get all the information they need to complete their task.

Documentation has variants too: in the design libraries, we may simply tell people to write calls to action in sentence case, but in the content styleguide, we may want to explain that sentence case is proven to be more readable most of the time. So already we have 2 variants: rule and rule with rationale. As more tools are used for different purposes, the documentation get more variants.

It's common to have multiple documentation tool, so we need a way to plugin our common documentation to every one of them. So the author is working on such tool that can deliver specific documentation variants.

Mots-clés lié à display: flex

• auto : L'ancien roi. Contextuel, imprévisible parfois, il laisse le navigateur calculer la taille selon le modèle de boîte standard (display).
• min-content : "Je veux être aussi petit que possible." Le navigateur va essayer de réduire la boîte jusqu'à ce que le mot le plus long ou l'élément le plus large force la largeur minimale. C'est le "soft wrapping" ultime.
• max-content : "Je prends toute la place dont j'ai besoin." La boîte s'élargit pour contenir tout le texte sans aucun retour à la ligne, quitte à provoquer un scroll horizontal (à utiliser avec prudence !).
• fit-content : Le compromis parfait. C'est mathématiquement équivalent à min(max-content, available-space). La boîte s'adapte au contenu, mais s'arrête poliment si elle touche le bord du conteneur parent.
• stretch : L'élément s'étire pour remplir l'axe disponible. C'est souvent le comportement par défaut des flex-items ou des grid-items.

Math functions such as clamp(), min(), max().

Le pattern Repeat Auto Minmax (RAM) est usuellement donné aux snippets qui génère une grille responsive sans aucun breakpoint grid-template-columns: minmax(300px, 1fr)

Une autre manière de refonder le village abandonné. À voir comment l'expérience se perpétuera dans quelques années.

Les critiques:

En plus, cela fait tache d’huile. La DINUM fait sa Suite, mais on voit aussi les territoriales, la GIP, l’ANCT qui sont en train de créer des suites collaboratives.

L’État paie deux fois. Il subventionne la R&D des éditeurs privés avec France 2030 ou le Crédit Impôt Recherche. Puis il finance une équipe interne pour développer une solution concurrente. C’est un gaspillage de ressources.

C’est malgré tout une garantie de souveraineté de ne pas dépendre d’un vendeur. Et je vois mal des entreprises françaises concurrentes accepter qu’une seule d’entre elles remporte le marché à vie. Soyons honnêtes, aucune n’accepterait.

Visio et LaSuite ne sont pas conçus comme des offres commerciales : ce sont des communs numériques pour des besoins génériques, interministériels, avec des exigences de sécurité et d’interopérabilité particulières

Le partenariat privé est utile pour l'hébergement qualifié, la sécurité, l'intégration, l'accompagnement au changement, et le développement de fonctionnalités spécifiques.

Benefits: stability and failure.

t’s more of a target than a strict rule. Sometimes you have to pull overtime. Sometimes you should get out early.

And while this is certainly a positive thing in many ways, it puts us in a riskier position when it comes to communicating our work.

Why? Because the only thing more dangerous to a design system’s funding case than a lack of understanding of what it is, is a false understanding of what it is. Particularly when that false understanding is often built on a collection of common myths that have elbowed their way, without nuance, into the psyche of our organisations’ leaders. Myths like:

• 10x faster
• don't need a design system team
• design system eradicate duplication effort
• bake accessibility into components and the job is done

Here's the thing: 99% of companies don't need them. The top 1% have tens of millions of users and a large engineering team to match.

The fun thing about Postgres is there is already an extension for that: PostGIS, Full-text search, JSONB, TimescaleDB, pgvectorm, and many for AI

Each database add hidden costs: backup strategy, monitoring dashboards, seceurity patches, on-call runbooks, failover testing.

SLA math: Three systems at 99.9% uptime each = 99.7% combined

Enfin! L'attribution de marché se fera fin mars 2026

Parmi les opérateurs déjà qualifiés SecNumCloud et donc théoriquement en position de postuler pour prendre le relais de Microsoft figurent des acteurs français comme OVH, Cloud Temple ou Sens, un opérateur constitué par le groupe français Thales mais qui utilise la technologie «cloud» de Google.

So despite being a German citizen, my data protection rights depend entirely on the enforcement capacity and willingness of a foreign regulatory body. [...] This is the reality for any cross-border GDPR complaint. The regulation is EU-wide, but enforcement is national.

Some claimed it was spam and "an email automatically processed by upstream IT security systems and does not reach the responsible organizational units is legally not considered as received.

The burden is entirely on you to prove they received it.

Changes are needed

1. Cross-border enforcement needs to actually work.
2. The spam filter loophole needs to die.
3. There need to be mandatory minimum fines.
4. Data protection offices need funding and accountability.

NetBSD integrated Lua, but Rust is a non-starter in the core of NetBSD because: rust does not compile verywhere, keeping rust working is quite a bit of work, the bootstrap relies on a binary package of the previous version, the compiler would have to be part of the base system and the release cycle of Rust is not compatible with the NetBSD ones.

It is made with single goal of minimizing friction between citizens and Emergency services - featuring real-time communication, location-based reporting, seamless interaction between reporters and authorities, and live tracking.

Built during an hackathon, so there are many potential improvments. The project looks great though.

Enshittification of Postman (no offline mode), the performance crisis

I know hurl that can be useful. The author lists the ideal API tool:

• local-first
• file-system centric to be stored in the VCS
• zero login wall
• git native collaboration
• native performance
• extensible design
• universal imports (OpenAPI, GraphQL, ...)
• proxy agnostic. It must be designed to proxy traffic through any interception tool. Proxy-aware or browser-based architecture is must have.
• scripting & Auth flows. Pre-request & post-response hooks.
• Straightforward testing. Built-in support for writing and running tests against API responses by code.

For every Postman or Insomnia, there’s a Bruno, Hurl, or Httpie