The Internet is Crack<p>Cloudflare Slams the Gate on AI’s Data Feast</p><p><a href="https://mastodon.social/tags/TheInternetIsCrack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TheInternetIsCrack</span></a> <a href="https://mastodon.social/tags/AIethics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AIethics</span></a> <a href="https://mastodon.social/tags/DataScraping" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataScraping</span></a> <a href="https://mastodon.social/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cloudflare</span></a> <a href="https://mastodon.social/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebSecurity</span></a></p>
toad.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server operated by David Troy, a tech pioneer and investigative journalist addressing threats to democracy. Thoughtful participation and discussion welcome.
Administered by:
Server stats:
214active users
toad.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.1
#websecurity
0 posts · 0 participants · 0 posts today
Khürt Williams<p>Important work happening around HTTP Signatures in the Fediverse. Stronger key validation, better digest handling, clearer test vectors—all steps toward more secure and trustworthy ActivityPub communication.<br>HTTP Signature Upgrades Coming Soon</p><p><a href="https://activitypub.blog/2025/07/03/http-signature-upgrades-coming-soon/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">activitypub.blog/2025/07/03/ht</span><span class="invisible">tp-signature-upgrades-coming-soon/</span></a></p><p><a href="https://indieweb.social/tags/Fediverse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fediverse</span></a> <a href="https://indieweb.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://indieweb.social/tags/ActivityPub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ActivityPub</span></a> <a href="https://indieweb.social/tags/DigitalIdentity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DigitalIdentity</span></a> <a href="https://indieweb.social/tags/HTTPsignatures" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HTTPsignatures</span></a> <a href="https://indieweb.social/tags/Decentralisation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Decentralisation</span></a> <a href="https://indieweb.social/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebSecurity</span></a></p>
Nebraska.Code<p>Tyler Sanderson, Kathryn Grayson Nanz, and Brent Stewart present on Frontend Development at Nebraska.Code().</p><p><a href="https://nebraskacode.amegala.com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">nebraskacode.amegala.com/</span><span class="invisible"></span></a></p><p><a href="https://mastodon.social/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebSecurity</span></a> <a href="https://mastodon.social/tags/WebApps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebApps</span></a> <a href="https://mastodon.social/tags/UX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UX</span></a> <a href="https://mastodon.social/tags/FrontendDev" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FrontendDev</span></a> <a href="https://mastodon.social/tags/UsabilityTesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UsabilityTesting</span></a> <a href="https://mastodon.social/tags/Blazor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Blazor</span></a> <a href="https://mastodon.social/tags/Nebraska" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Nebraska</span></a> <a href="https://mastodon.social/tags/TechConf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechConf</span></a> <a href="https://mastodon.social/tags/Improving" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Improving</span></a> <a href="https://mastodon.social/tags/AlienArcTechnologies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienArcTechnologies</span></a> <a href="https://mastodon.social/tags/IT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IT</span></a> <a href="https://mastodon.social/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebSecurity</span></a> <a href="https://mastodon.social/tags/Software" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Software</span></a> <a href="https://mastodon.social/tags/Testing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Testing</span></a> <a href="https://mastodon.social/tags/lincolnnebraska" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>lincolnnebraska</span></a> <a href="https://mastodon.social/tags/WomenInTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WomenInTech</span></a> <a href="https://mastodon.social/tags/DevelopmentConference" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevelopmentConference</span></a> <a href="https://mastodon.social/tags/programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>programming</span></a> <a href="https://mastodon.social/tags/TechTalk" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechTalk</span></a></p>
Loki the Cat<p>The Open-Source Software Saving the Internet: Meet Anubis, making AI scrapers do cryptographic pushups while humans browse freely! 🏋️♂️ </p><p>Xe Iaso's "uncaptcha" uses JavaScript math to verify you're human, not a bot. 200k downloads later, GNOME, FFmpeg & UNESCO are protected. Small internet fights back! 💪</p><p><a href="https://news.slashdot.org/story/25/07/07/2146228/the-open-source-software-saving-the-internet-from-ai-bot-scrapers" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.slashdot.org/story/25/07/</span><span class="invisible">07/2146228/the-open-source-software-saving-the-internet-from-ai-bot-scrapers</span></a></p><p><a href="https://toot.community/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://toot.community/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://toot.community/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebSecurity</span></a></p>
Loki the Cat<p>Let's Encrypt just freed IP address certificates from the $40-90/year paywall! Your numeric website address can now be as secure as it is memorable... wait. 🤔🔢</p><p>Now anyone with a static IP can offer HTTPS without buying a domain - democratizing web security one number at a time!</p><p><a href="https://it.slashdot.org/story/25/07/03/1452239/lets-encrypt-rolls-out-free-security-certs-for-ip-addresses" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">it.slashdot.org/story/25/07/03</span><span class="invisible">/1452239/lets-encrypt-rolls-out-free-security-certs-for-ip-addresses</span></a></p><p><a href="https://toot.community/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LetsEncrypt</span></a> <a href="https://toot.community/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebSecurity</span></a> <a href="https://toot.community/tags/HTTPS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HTTPS</span></a></p>
𝕂𝚞𝚋𝚒𝚔ℙ𝚒𝚡𝚎𝚕<p>Bot or not? A short history of web bots and bot detection techniques<br>– from <span class="h-card" translate="no"><a href="https://toot.works/@OlegWock" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>OlegWock</span></a></span></p><p>🤖 <a href="https://sinja.io/blog/bot-or-not" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">sinja.io/blog/bot-or-not</span><span class="invisible"></span></a></p><p><a href="https://chaos.social/tags/web" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>web</span></a> <a href="https://chaos.social/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://chaos.social/tags/ai" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ai</span></a> <a href="https://chaos.social/tags/itsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>itsecurity</span></a> <a href="https://chaos.social/tags/itsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>itsec</span></a> <a href="https://chaos.social/tags/history" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>history</span></a> <a href="https://chaos.social/tags/webdev" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>webdev</span></a> <a href="https://chaos.social/tags/technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>technology</span></a> <a href="https://chaos.social/tags/websecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>websecurity</span></a> <a href="https://chaos.social/tags/botornot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>botornot</span></a></p>
𝕂𝚞𝚋𝚒𝚔ℙ𝚒𝚡𝚎𝚕<p>ImperialViolet – AES-GCM-SIV</p><p>This isn't new, but it's interesting for me to apply it to a project right now. This is well and clearly explained in this article, in my opinion.</p><p>🔐 <a href="https://www.imperialviolet.org/2017/05/14/aesgcmsiv.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">imperialviolet.org/2017/05/14/</span><span class="invisible">aesgcmsiv.html</span></a></p><p><a href="https://chaos.social/tags/encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>encryption</span></a> <a href="https://chaos.social/tags/itsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>itsecurity</span></a> <a href="https://chaos.social/tags/aes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>aes</span></a> <a href="https://chaos.social/tags/aesgcm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>aesgcm</span></a> <a href="https://chaos.social/tags/aesgcmsiv" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>aesgcmsiv</span></a> <a href="https://chaos.social/tags/code" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>code</span></a> <a href="https://chaos.social/tags/itsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>itsec</span></a> <a href="https://chaos.social/tags/web" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>web</span></a> <a href="https://chaos.social/tags/aead" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>aead</span></a> <a href="https://chaos.social/tags/websecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>websecurity</span></a> <a href="https://chaos.social/tags/datasecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>datasecurity</span></a></p>
Miguel Afonso Caetano<p>"Regulators around the world are working to address competition issues in digital markets, particularly on mobile devices. Several new laws have already been passed, including the UK’s Digital Markets, Competition and Consumers Act (DMCC), Japan’s Smartphone Act, and the EU’s Digital Markets Act (DMA). Australia and the United States are also considering similar legislation with the U.S. Department of Justice pursuing an antitrust case against Apple. Across all of these efforts, common questions arise: How should competition, user choice, and utility be balanced against security concerns? What is proportionate and necessary in relation to security? And how effective is app store review in practice?</p><p>The DMA is a helpful act to look at as it has been in force the longest and many of these other acts are loosely based on it. The DMA aims to restore contestability, interoperability, choice and fairness back to digital markets in the EU. These fundamental properties of an effectively functioning digital market have been eroded by the extreme power gatekeepers wield via their control of “core platform services”.</p><p>Under the DMA gatekeepers are only allowed to have strictly necessary, proportionate and justified security measures to protect the integrity of the operating system."</p><p><a href="https://open-web-advocacy.org/blog/balancing-security-and-fair-competition/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">open-web-advocacy.org/blog/bal</span><span class="invisible">ancing-security-and-fair-competition/</span></a></p><p><a href="https://tldr.nettime.org/tags/EU" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EU</span></a> <a href="https://tldr.nettime.org/tags/DMA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DMA</span></a> <a href="https://tldr.nettime.org/tags/Monopolies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Monopolies</span></a> <a href="https://tldr.nettime.org/tags/Oligopolies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Oligopolies</span></a> <a href="https://tldr.nettime.org/tags/Antitrust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Antitrust</span></a> <a href="https://tldr.nettime.org/tags/Competition" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Competition</span></a> <a href="https://tldr.nettime.org/tags/Interoperability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Interoperability</span></a> <a href="https://tldr.nettime.org/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://tldr.nettime.org/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebSecurity</span></a> <a href="https://tldr.nettime.org/tags/OpenWeb" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenWeb</span></a></p>
Pen Test Partners<p>A strict-looking content security policy isn’t always a secure one.</p><p>During a recent engagement, we came across a policy that had all the right bits on paper including nonces, locked-down sources, and everything you'd expect.</p><p>But one missing directive "base-uri" was all it took to break it wide open.</p><p>By injecting a <base> tag, we redirected script loading to an attacker-controlled domain. XSS payload delivered. CSP bypassed.</p><p>CSPs need more than checkboxes. They need context, testing, and attention to the small stuff.</p><p>📌Here’s what went wrong and how to avoid it: <a href="https://www.pentestpartners.com/security-blog/csp-directives-base-ic-misconfigurations-with-big-consequences/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">pentestpartners.com/security-b</span><span class="invisible">log/csp-directives-base-ic-misconfigurations-with-big-consequences/</span></a></p><p><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppSec</span></a> <a href="https://infosec.exchange/tags/CSP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CSP</span></a> <a href="https://infosec.exchange/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebSecurity</span></a> <a href="https://infosec.exchange/tags/PenTesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PenTesting</span></a> <a href="https://infosec.exchange/tags/XSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XSS</span></a></p>
"Mutant Rob" Robert Rothenberg<p>In other words, some bad bots have been slamming a website at work with an additional 100k requests/day from random IPs, mostly from Vietnam, Brazil, and India. But some from the US, too </p><p>We suspect an AI training bot.</p><p>Many of these seem to be residential IPs.</p><p>They all seem to have common patterns to them. HTTP 1.1, no cookies, only 1-2 requests per day per IP, random UA, no CSS, js or images. Often pages blocked by robots.txt.</p><p>We're wondering if this is due to malware, or some kind of free VPN that rents out users' connections. Or is it Brave browser's Web Discovery project?</p><p>Has anyone else run into this?</p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/websecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>websecurity</span></a></p>
The Tired Horizon<p>Hah.<br>Fuckbonk suspended my account.</p><p>What did I do? Set up an anonymous profile with their own account tool and installed security software on my computer to block their spyware/tracking.</p><p>Am I going to try and "fix the issue"? Nah. Waste of time. </p><p>..also note where I put the arrows. Their own images were blocked for tracking.</p><p>Funny they dont like that, aint it. <br><a href="https://mstdn.social/tags/Facebook" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Facebook</span></a> <a href="https://mstdn.social/tags/SocialMedia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SocialMedia</span></a> <a href="https://mstdn.social/tags/Internet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Internet</span></a> <a href="https://mstdn.social/tags/app" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>app</span></a> <a href="https://mstdn.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mstdn.social/tags/internetsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>internetsecurity</span></a> <a href="https://mstdn.social/tags/websecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>websecurity</span></a> <a href="https://mstdn.social/tags/meta" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>meta</span></a></p>
Henning<p>Durch eine absurde Erfahrung mit der <a href="https://berlin.social/tags/Sparkasse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sparkasse</span></a> suche ich nach <a href="https://berlin.social/tags/BullshitBingo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BullshitBingo</span></a> Karten zum Thema <a href="https://berlin.social/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> (<a href="https://berlin.social/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebSecurity</span></a>)</p><p>Bisher:<br>- Einmalcodes per <a href="https://berlin.social/tags/SMS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMS</span></a><br>- Proprietäre <a href="https://berlin.social/tags/TOTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TOTP</span></a> App statt offener Standards<br>- Support nur per Telefon<br>- Username und Passwort laut durchsagen<br>- Apps nach 5 Minuten von selber sperren<br>- Apps nach 3 Monaten ohne Login sperren, ohne Errorcode oder auffindbare Onlinehilfe ("90 Tage")<br>- App neu installieren, um Problem zu lösen (<a href="https://berlin.social/tags/TOFU" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TOFU</span></a>)</p><p>Fällt euch noch was ein?</p>
graste<p>„Parser Differentials: When Interpretation Becomes a Vulnerability“ by <span class="h-card" translate="no"><a href="https://mastodon.social/@joernchen" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>joernchen</span></a></span> <br><a href="https://0day.click/parser-diff-talk-oc25/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">0day.click/parser-diff-talk-oc</span><span class="invisible">25/</span></a><br><a href="https://social.vivaldi.net/tags/yaml" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>yaml</span></a> <a href="https://social.vivaldi.net/tags/json" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>json</span></a> <a href="https://social.vivaldi.net/tags/websecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>websecurity</span></a></p>
Open Web Docs<p>We've written a new guide on XS-Leaks: </p><p><a href="https://developer.mozilla.org/en-US/docs/Web/Security/Attacks/XS-Leaks" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">developer.mozilla.org/en-US/do</span><span class="invisible">cs/Web/Security/Attacks/XS-Leaks</span></a></p><p>Many thanks to <span class="h-card" translate="no"><a href="https://social.security.plumbing/@freddy" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>freddy</span></a></span>, Hamish Willee, <span class="h-card" translate="no"><a href="https://fosstodon.org/@MartinaKraus11" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>MartinaKraus11</span></a></span>, and <span class="h-card" translate="no"><a href="https://infosec.exchange/@terjanq" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>terjanq</span></a></span> for your reviews and collaboration. <a href="https://front-end.social/tags/websecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>websecurity</span></a></p>
Tib3rius :antiverified:<p>Which lesser-known Burp extensions do you swear by? Share your favorites below! 👇</p><p><a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BugBounty</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/BurpSuite" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BurpSuite</span></a> <a href="https://infosec.exchange/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebSecurity</span></a></p>
Ginger (she/her)<p>Fam. What's a good website hosting alternative to Google? i'd like something cheap easy reliable and not evil.</p><p>thanks 🙏🏼🫶🏼</p><p><a href="https://mastodon.social/tags/websitedesign" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>websitedesign</span></a> <a href="https://mastodon.social/tags/websecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>websecurity</span></a> <a href="https://mastodon.social/tags/freepalestine" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freepalestine</span></a></p>
WebPerformance Report<p>🎉 WebPerformance Report Week #17 is out and today we celebrate a new milestone! 🚀<br>For the first time, we delivered two reports in one day:<br>✅ Web Performance Report<br>✅ HTTP Header Security Report<br>👉 <a href="https://webperformancereport.com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">webperformancereport.com/</span><span class="invisible"></span></a><br><a href="https://webperf.social/tags/webperf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>webperf</span></a> <a href="https://webperf.social/tags/corewebvitals" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>corewebvitals</span></a> <a href="https://webperf.social/tags/ux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ux</span></a> <a href="https://webperf.social/tags/seo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>seo</span></a> <a href="https://webperf.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://webperf.social/tags/websecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>websecurity</span></a></p>
WebPerformance Report<p>New on WebPerformance Report: HTTP Observatory 🎉<br>Check your site's HTTP security headers and get clear, actionable results in your inbox.<br>Thanks to the <span class="h-card" translate="no"><a href="https://mozilla.social/@MDN" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>MDN</span></a></span> team for their technical guidance. 🙌<br>Because great UX should also be secure.<br>👉 <a href="https://webperformancereport.com/httpo" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">webperformancereport.com/httpo</span><span class="invisible"></span></a><br><a href="https://webperf.social/tags/WebPerf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebPerf</span></a> <a href="https://webperf.social/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebSecurity</span></a> <a href="https://webperf.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a></p>
Miguel Afonso Caetano<p>"When Let’s Encrypt, a free certificate authority, started issuing 90 day TLS certificates for websites, it was considered a bold move that helped push the ecosystem towards shorter certificate life times. Beforehand, certificate authorities normally issued certificate lifetimes lasting a year or more. With 4.0, Certbot is now supporting Let’s Encrypt’s new capability for six day certificates through ACME profiles and dynamic renewal at:</p><p> - 1/3rd of lifetime left<br> - 1/2 of lifetime left, if the lifetime is shorter than 10 days"</p><p><a href="https://www.eff.org/deeplinks/2025/04/certbot-40-long-live-short-lived-certs" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">eff.org/deeplinks/2025/04/cert</span><span class="invisible">bot-40-long-live-short-lived-certs</span></a></p><p><a href="https://tldr.nettime.org/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://tldr.nettime.org/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebSecurity</span></a> <a href="https://tldr.nettime.org/tags/TLS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TLS</span></a> <a href="https://tldr.nettime.org/tags/Certbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Certbot</span></a> <a href="https://tldr.nettime.org/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LetsEncrypt</span></a></p>
Chris Woody Woodruff<p>htmx makes Razor Pages more interactive—but don’t skip the security checklist. From CSRF protection to request validation, here’s how to keep your htmx apps locked down: <a href="https://woodruff.dev/keeping-your-htmx-apps-safe-security-best-practices-for-asp-net-developers/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">woodruff.dev/keeping-your-htmx</span><span class="invisible">-apps-safe-security-best-practices-for-asp-net-developers/</span></a></p><p><a href="https://mastodon.social/tags/htmx" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>htmx</span></a> <a href="https://mastodon.social/tags/ASPNETCore" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ASPNETCore</span></a> <a href="https://mastodon.social/tags/RazorPages" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RazorPages</span></a> <a href="https://mastodon.social/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebSecurity</span></a> <a href="https://mastodon.social/tags/DevTips" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevTips</span></a> <a href="https://mastodon.social/tags/SecureCoding" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecureCoding</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload