If you are a #webdev type person and lately the web has felt kinda dry and not fun anymore, consider building a static site from scratch with no build steps, node, or vite.

Instead sit down in front of a code editor and hand code some HTML, CSS, and JS on your own. Fire up the @MDN web docs in a window, turn off all the builders and makers and pre processors and winds of tail and frameworks, and just try to build something cool, quirky, half-broken half-made, animated, and wholly your own. It will really help you get back in touch with why you wanted to be a web developer in the first place.

🚨 New App Store terms for the E.U.

• 10% (or 17%) App Store fee (down from 15%/30%)
• +3% if you use Apple IAP
• You can use alt payment providers in-app and/or provide external links, for zero fee to Apple
• Apps distributed inside/outside App Store will have a flat 50c Core Technology Fee per [user] over 1M in a calendar year

Whatever you might want to say about the E.U., it looks like they've legitimately negotiated a better deal for devs. That’s what a working political system looks like 😄

No matter how much we dislike people disliking us, the thought that some of them do is healthy for us. Accepting this as a fact of life is necessary.

For those raised to be people pleasers, maybe use this as a mantra: To live I must breathe, sleep, drink, eat & be disliked ☺️

Screenshotting this post 👇🏻 in order to quote post it! I don’t know where people get the idea that quote posting = dunks, personally I feel that that opinion is just Twitter brain.

Every major social platform from Tumblr, to Facebook, to LinkedIn and more has the ability to natively quote post. This is because the primary use of such a feature is to amplify information w added context or to open a new line of discussion. Replies are used far more often for harassment but we don’t ban replies!

Security researchers are tracking what they say is the “mass exploitation” of a security vulnerability that makes it possible to take full control of servers running ownCloud, a widely used open-source filesharing server app.

The vulnerability, which carries the maximum severity rating of 10, makes it possible to obtain passwords and cryptographic keys allowing administrative control of a vulnerable server by sending a simple Web request to a static URL, ownCloud officials warned last week. Within four days of the November 21 disclosure, researchers at security firm Greynoise said, they began observing “mass exploitation” in their honeypot servers, which masqueraded as vulnerable ownCloud servers to track attempts to exploit the vulnerability. The number of IP addresses sending the web requests has slowly risen since then. At the time this post went live on Ars, it had reached 13.

“We're seeing hits to the specific endpoint that exposes sensitive information, which would be considered exploitation,” Glenn Thorpe, senior director of security research & detection engineering at Greynoise, said in an interview on Mastodon. “At the moment, we've seen 13 IPs that are hitting our unadvertised sensors, which indicates that they are pretty much spraying it across the internet to see what hits.”

https://arstechnica.com/security/2023/11/owncloud-vulnerability-with-a-maximum-10-severity-rating-comes-under-mass-exploitation/