I discovered "CamelCamelCamel" by reading Popular Info's article "Amazon Prime Day is a Scam." I went to take a look. This was apparently a "popular product".
It is a $50 gift card whose price is, unsurprisingly, exactly $50. But apparently the "Average price" is $66.66? I am not surprised that this is labeled its "best price." I'm fairly certain this has been its ONLY price.
I have immediately become very skeptical of this web site.
From the very dawn of the personal computing era, the PC and Apple platforms have gone very different ways. IBM compatibles surged in popularity, while Apple was able to more closely guard the Maci…Hackaday
I can't believe programmers out there let compilers write assembly for them and don't even check it, just trust that it's correct because it seems to work.
I just can't even
RT: hachyderm.io/users/thejpster/s…
“My anti spam plugin went EOL so I made the computer randomly generate me a new one which I installed without even looking at it” I just can’t even. https://www.zdnet.Hachyderm.io
The author of that article had the full working source code of the plugin that he liked. The plugin totally worked correctly, but it had some kind of XSS vulnerability. It seems to me that the best approach is to fix that plugin. Want to use AI to do it? Fine. But fork it and fix it. It seems ridiculous to write an entire replacement plugin from scratch in an effort to avoid one bug in an otherwise working codebase. That bug was almost certainly localized to a handful of lines of code.
The author writes "I ... found that the plugin had been listed as having cross-site scripting vulnerabilities... It's not the sort of thing you take a chance on."
So what did he do to make sure his AI generated code didn't have XSS vulnerabilities itself? He doesn't say. It sounds like taking a big chance to me. The driving motivation for this entire exercise—security—is a concept he only mentions in the intro. He doesn't make claims about security. He doesn't appear to have had ChatGPT write tests for security. He never mentions XSS again.
How does he know that his plugin doesn't have an XSS vulnerability just like the plugin he was replacing? I don't think he has any evidence one way or another. The LLM spit out 16 pages of security vulnerabilities supposedly present in the old plugin. Did the author validate any of them? He doesn't say. Did the author ask ChatGPT to inspect his code the same way, to make sure it didn't have similar vulnerabilities? He doesn't say he did.
It sounds absolutely foolhardy to me. I guess he will find out the hard way whether his vibe coded plugin has XSS (or worse).
If the code is so amazing, why is the repo not on his github? He neither names the plugin that he abandoned, nor does he share the plugin that he proudly authored.
davidgewirtz has 4 repositories available. Follow their code on GitHub.GitHub
I just read the article and I think everything he did was completely fine. Not only did he identify that the plugin had more features than he needed, but it had a lot more security vulnerabilities than just XSS. So he made a plugin with the assistance of ChatGPT that only did these 3 things:
1. has a honeypot hidden form field to trick bots and stop them from registering
2. looks up the MX record of the email domain being used to make sure it's legit
3. checks an API for the reputation of the username / IP address
I see no possible way this is going to have an XSS as it's all done server-side.
And then he had this simple plugin written with these guidelines:
Guard every file with defined( 'ABSPATH' ) || exit;.
Escape all admin-facing text with esc_html().
Wrap the clear-log action in check_admin_referer( 'rsg_clear_log' ).
Use wp_remote_get() with [ 'timeout' => 5 ]; on WP_Error treat as not spam (fail-open).
Never call eval(), unserialize(), or store base64 blobs (mitigates CVEs noted in original plugin).
Adhere to WordPress coding standards (spacing, naming, i18n).
So what is the risk here? Why are people losing their mind over this? The risk here is basically zero and he very clearly spelled that out, but everyone shuts off their brains when they hear that he didn't write every line of code himself.
If he did write it himself, is that good enough? Or now does he need to also be a credentialed security expert before it's OK for him to write the plugin?
@eriner @besserwisser if I have correctly identified all the areas on my original map, it's these:
New York–Newark–Jersey City – 20,140,470
Los Angeles–Long Beach–Anaheim – 13,200,998
Chicago–Naperville–Elgin – 9,618,502
San Francisco–Oakland–Berkeley – 4,749,008
Washington–Arlington–Alexandria – approx. 6.3 million
Dallas–Fort Worth–Arlington – 7,637,387
Houston–The Woodlands–Sugar Land – approx. 7.1 million
Boston–Cambridge–Newton – approx. 4.9 million
Seattle–Tacoma–Bellevue – approx. 4.0 million
Philadelphia–Camden–Wilmington – approx. 6.1 million
Miami–Fort Lauderdale – approx. 6.1 million
Phoenix–Mesa–Scottsdale – 4,845,832
Minneapolis–Saint Paul – 3,690,261
Detroit–Warren–Dearborn – approx. 4.3 million
San Diego–Chula Vista–Carlsbad – approx. 3.3 million
Denver–Aurora–Lakewood – approx. 2.9 million
Baltimore–Columbia–Towson – approx. 2.8 million
Charlotte–Concord–Gastonia – approx. 2.6 million
Portland–Vancouver–Hillsboro (OR–WA) – approx. 2.5 million
St. Louis – approx. 2.8 million
Riverside–San Bernardino–Ontario – approx. 4.7 million
San Antonio–New Braunfels – approx. 2.6 million
Tampa–St. Petersburg–Clearwater – approx. 3.1 million
which only adds up to 120 million, which is only 35% of the US population
Your regular reminder to not use/visit the nazi bar that is Substack:
Substack faces user revolt over anti-censorship stance on neo-Nazis
theguardian.com/media/2024/jan…
(from Jan 2024)
Newsletter writers with thousands of subscribers threaten to leave platform, which says banning extremists makes things worseAlex Hern (The Guardian)
Toto video je barvitým úvodem do sociální sítě Fediverse, natočené režisérkou a propagátorkou Fediverse Elenou Rossini. Objevte nový svět sociálních médií, kde je respektováno Vaše soukromí, klíčoví jsou uživatelé a velké technologické společnosti nemají žádný vliv.
Autor videa: Elena Rossini a tým
Produkce: Jan
Dabing: Zloběna
Časování audia: Schmaker
Skript: Jann
Peter Vágner likes this.
reshared this
Microsoft Teams now has threads in conversations. It’s part of a new public preview that’s available now.Tom Warren (The Verge)
Google makes the transition from Stanford project to company over 1998, but it is portals like Yahoo! and portal-wannabes like AltaVista that feature in Danny Sullivan's Search Engine Watch that year.Richard MacManus (Cybercultural)
reshared this
Why do I refer to the bike as a "lamplighter"? In the old days lamp lighting was a job. A lamp lighter went around in the evening usually with a ladder and lit up each gas powered lamp post in turn.
Some of the people doing this job had specialist bikes made that were very tall. Then they could just cycle between each one, hold on (or lean) and light them without needing the ladder.
The design here is classic lamplighter bike style, albeit scaled down. A real lamplighter would be over 7 foot.
We’re excited to announce that Mastodon 4.4 is now generally available as an upgrade for all Mastodon servers. The update brings improvements to profiles, navigation, list management, media controls, server moderation notes, and more.
blog.joinmastodon.org/2025/07/…
Improved profile features, enhanced list management, refreshed navigation, and the initial part of our Quote Posts implementation. All of these and more, in our latest release.Mastodon Blog
Thunderbird 140 “Eclipse” is here! Our latest Extended Support Release (ESR) has improved visuals, including dark message mode, native OS notifications, a new Account Hub, and even more features to give you total control over your inbox and get on with your day.
Read about these and other changes and improvements, including experimental Exchange support, at our blog.
blog.thunderbird.net/2025/07/w…
Our future's so bright, we need ISO-approved shades. Find out what's shiny in our new Extended Security Release, Thunderbird 140 "Eclipse."Monica Ayhens-Madon (The Thunderbird Blog)
@nicolaottomano You're so welcome, and thank YOU for being such a long-time Thunderbird user!
(Also, noticed you're on an Italian Mastodon server, so you might be interested in this AMA on the Italian Mozilla forums with our director of Desktop and Mobile apps!: forum.mozillaitalia.org/index.…)
Another one of my posts. This one on the topic of AI tools as assistive technology, what's working, what isn't and why, all without the hype that too many people tend to lean into when discussing this technology:
When Independence Meets Uncertainty: My Journey with AI-Powered Vision
A blind user's candid assessment of the promises and pitfalls of current AI accessibility tools
open.substack.com/pub/kaylielf…
#AI #Accessibility #Substack #ComputerVision #AssistiveTechnology #Blog
reshared this
Purism Featured in Fortune- Secure Linux Phone Made in the USA electronics- No Surveillance, Data Mining, Targeted Ads, and No Clicking on "I Agree"
While Big Tech claims U.S. smartphone manufacturing is “impossible” or “too expensive,” Purism CEO Todd Weaver is proving otherwise.
In a recent Fortune feature, Weaver shares how Purism’s Liberty Phone—built near San Diego with U.S.-made electronics—delivers security.
Watch the interview at Purism:
puri.sm/posts/fortune-com-feat…
Purism makes premium phones, laptops, mini PCs and servers running free software on PureOS. Purism products respect people's privacy and freedom while protecting their security.Purism SPC
Provided to YouTube by Sintez RecordsТихие Песни · Машина ВремениКартонные Крылья Любви℗ Sintez RecordsReleased on: 1996-01-01Composer: А. КутиковLyricist: А...YouTube
I'm seriously getting old.
a Hall Pass used to be what you had when you weren't in class, but no.
weblog.masukomi.org/2025/07/07…
And u-haul was for shipping!
But, no.
reddit.com/r/NoStupidQuestions…
Yesterday someone started a comment with the sentence "Lowkey. "
Where can one buy modern brains, please?
There are so many problems with the idea of a Hall Pass for a celebrity.weblog.masukomi.org
short note: WCAG/ARIA – state of confusion
"If something a person does to a thing causes it to change then the change is reflected in the code"
IONOS: Zuverlässige SSL Zertifikate kaufen ✔ 256 Bit Verschlüsselung ✔ Günstiger Preis ✔ Geringe Kosten ✔ Innerhalb weniger Minuten eingerichtetwww.ionos.de
As web developers, we love a good animation, right? But let's be honest, sometimes we get caught up in the wow factor and forget that our websites exist for real people with diverse needs. One hidden hurdle for some users is motion sensitivity.Elizabeth Lola (freeCodeCamp.org)
Accessibility matters—see which cities are setting the standard for inclusive travel.CaLea Johnson (Mental Floss)
Nach den Geschehnissen in den USA sollten sich alle Email-Nutzer*innen darüber klar sein oder werden, wie gefährlich es ist, private Daten in die Hände von Tech-Riesen zu geben und Nutzer*innen von Google und Co. sollten über einen Wechsel nachdenken.
Hannovers Softwareschmiede Tuta ist in den letzten Jahren mit ihrer gelungenen Entwicklung für sichere und verschlüsselte Emails auf mehr als 10 Millionen Nutzer gewachsen.
Kostenloses Email-Account erstellen: tuta.com/de
Tuta garantiert, dass deine Daten privat bleiben, kostenlos und ohne Werbung. Die quantenresistente Verschlüsselung macht Tuta zur besten Lösung, um deine Privatsphäre zu schützen.Tuta
Ich bin sehr geneigt, von gmail wegzuwechseln, gerne zu tuta.
Fragen an den Schwarm:
Welche posi- bzw negativen Erfahrungen habt Ihr mit Tuta?
Wird tuta langfristig durchhalten? (10+ Jahre?)
Danke vorab.🤗
readdir related fixes that came to notice during development of this pull request: #17440GitHub
A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP...GitHub
Signal's "Delete for everyone" only works on messages sent in the last 24 hours.
Do you think that's great for preserving a consistent message history? Or do you think this is an unnecessary limitation where you can't take back what you said?
support.signal.org/hc/en-us/ar…
Poll: Messengers should let you delete messages...
Goodbye Google, Hello Privacy 👋
Discover how your Tuta Calendar compares to Google and others 👉 tuta.com/blog/private-calendar…
Ready for a Google Calendar alternative? Check out Tuta Calendar, Proton Calendar, and OurCal as private replacements to Big G.Tuta
python's built-in urllib module still doesn't support http2 (nor http3) in the year of 2025, luckily pycurl exists and supports modern standards
PycURL - Python interface to libcurl. Contribute to pycurl/pycurl development by creating an account on GitHub.GitHub
Perhaps it's just me, but I do find it amusing that the GNU Readline 8.3 announcement, in July 2025, gives two FTP URLs as the primary way to obtain the software. I don't remember when I last fired up an FTP client, and my web browser has long since forgotten how to do it too.
Following the example of the German state of Schleswig-Holstein, which is moving 30,000 PCs from Microsoft Office/365 to LibreOffice, the Danish Ministry of Digitalisation is doing the same.Mike Saunders (The Document Foundation)
LibreOffice reshared this.
Keeping tabs on #curl's memory use
daniel.haxx.se/blog/2025/07/08…
One of the harder things to look out for in a software project is slow or gradual decay over a long period of time. Like if we gradually make a library 1% slower or use 2% more memory every other month.daniel.haxx.se
TL;DR: Unless you have user testing results saying otherwise, maybe put a check-all checkbox outside the table.Adrian Roselli
NVDA 2025.2 Beta 2 is now available for testing! Changes in beta 2 include:
- Braille updates correctly when typing in Excel.
- Fixed a bug with the NLS eReader Zoomax driver.
- Fixed errors in object navigation with braille in XAML static text controls.
- Fixed root certificate issues in the Add-on Store.
- Updates to translations.
For full details and to download, please visit: nvaccess.org/post/nvda-2025-2b…
#NVDA #NVDAsr #ScreenReader #Update #PreRelease #Beta
NVDA, the free and open source Screen Reader for Microsoft Windows - nvaccess/nvdaGitHub
feld
in reply to Paco Ho Ho Hope 🎄 • • •