Pastor of MuppetsNewspapers: if your headlines tomorrow don't say "tanks for nothing" then you are all cowards
Oh, and if you want to talk about fantasy books of any kind, I'm all ears.
#nobot
Reto
@reto@pleroma.labrat.space
- 125 Followers
- 569 Following
- 2K Posts
Interested in programming in general (I dabble in go and python mostly) and science (biology / chemistry)
Oh, and if you want to talk about fantasy books of any kind, I'm all ears.
#nobot
Oh, and if you want to talk about fantasy books of any kind, I'm all ears.
#nobot
SophieGNOME is moving even more of the image loading stack to Rust. Read more in my blog post. @thisweekinrust
https://blogs.gnome.org/sophieh/2025/06/13/making-gnomes-gdkpixbuf-image-loading-safer/
Making GNOME’s GdkPixbuf Image Loading Safer
A new image loading machinery, called glycin, has been in the works for a while. It is already used by GNOME’s default Image Viewer (Loupe), as well as by a bunch of other apps. Glycin provides many security benefits over existing solutions due to the use of the Rust programming language and sandboxing. Distributions will...
Chromium for DevelopersA new way to style gaps in CSS
Michał Bentkowski (@SecurityMB) 🦻Today we published two blog posts about an HTML specification change that makes mutation XSS harder to exploit! Long story short: `<` and `>` are now escaped in attributes.
* Blog post about security rationale behind this change: https://bughunters.google.com/blog/5038742869770240/escaping-and-in-attributes-how-it-helps-protect-against-mutation-xss
* Blog post about how it affects web developers: https://developer.chrome.com/blog/escape-attributes?hl=en
Blog: Escaping '<' and '>' in attributes – How it helps protect against mutation XSS
The HTML specification has been updated to escape '<' and '>' in attributes to prevent mutation XSS (mXSS) vulnerabilities. This post details the reasoning behind this change and explains why this update improves security.
Lennart Poettering1️⃣5️⃣ Here's the 15th post highlighting key new features of the upcoming v258 release of systemd. #systemd258
In v257 we extended systemd-stub so that the UKI it is placed in can carry multiple Devicetree blobs, and that it can match the host's hardware against these blobs, and pass the right, matching one to the invoked kernel. The matching is based on Devicetree "compatible" strings, as well as SMBIOS metadata.
Filippo Valsorda 
A very nice summary by the Let's Encrypt folks of where the Certificate Transparency ecosystem is going with Sunlight and the Static CT API.
On a personal note, this has been some of my highest leverage work, and it's been possible in part because I had the independence to drop everything and pursue it when it became clear that the CT ecosystem was at risk.
I remember the day: I woke up to Cloudflare's outage and started https://filippo.io/a-different-CT-log.
https://letsencrypt.org/2025/06/11/reflections-on-a-year-of-sunlight/
A different kind of CT log
The Sunlight CT log Previously “A different kind of CT log” or “The $4k log” Filippo Valsorda <sunlight@filippo.io> Created: 6 November 2023 | Updated: 13 March 2024 https://filippo.io/a-different-CT-log This is a design document for a radically cheaper and easier to operate Certificate Transpa...
Simon SerSway 1.11 has been released!
Thomas KahleYesterday I gave my first talk with slides in @typst and it was good fun.
Except that now most people want to talk about typst and not the math. 
I wrote up some thoughts:
https://thomas-kahle.de/blog/2025/typst/
daniel:// stenberg://
Graham Downs