September 23, 2024
6
min read

Dev Digest 134 - Where pixels sing?

Chris Heilmann

News and Articles

Data and security day

WeAreDevelopers LIVE Data and Security Day is on Wednesday, 25/09/2024. Learn about OPC UA Updates, Best Practices for Using GitHub Secrets, Passwordless Web 1.5, Emerging AI Security Risks, Data Privacy in LLMs and get a chance to take part in the CODE100 finals next year.

Quite a few cool things this week. Interop2025 wants your proposals and Apple Webkit and Microsoft Edge are all in. The State of HTML survey is also open.

Discord announced end-to-end encryption whilst YouTube tries to embark on their turf with YouTube Communities. There are some changes to the OSCP exam and the W3C proposes how to shape the secure Web. Australia's police managed to hack into ‘Ghost’ whilst Meta scraped Australian user accounts to train its AI. The Crowdstrike issue is also not over, touting monoculture as monofailure and reports from ex-employees stating that quality control was not part of their process. Meanwhile, Microsoft builds new Windows security features to prevent similar incidents. GitHub's Copilot Chat is now aware of security alerts, and offers AI-powered fixes for code vulnerabilities whilst GitHub Actions are vulnerable to typosquatting and many other attacks. Prompt injection can lead to Agent hijacking which is scary as Agents are the new hot thing. And talking of scary and worrying, Oracle co-founder Larry Ellison claimed that omnipresent AI cameras will ensure good behavior and this dystopian idea is already reality in some places and you can summarise surveillance video footage with AI. Other tech big wigs do better, like the Craigslist founder pledging $100 Million to Boost U.S. Cybersecurity. And there were reports of ChatGPT messaging users unprompted, you know, like the WOPR calling you back to end the game you started.

Code and Tools

Have you ever been bitten by Unicode, encountered Regex going wrong, wanted to learn Rust for fun and backdoo-rs or OAuth from First Principles? You can also gain wisdom from Penetration Testing Notes or from a write-up ob how to get people's personal information by prompt injection of Microsoft Copilot. Or you could make a REST API typesafe with React Query and Zod.

Some tools for you:

  • Redbird - a reverse proxy with Cluster, HTTP2, LetsEncrypt and Docker
  • huntsman - Email enumerator, username generator, and context validator
  • safe-stringify - object to JSON serialisation without circular references
  • URL validation bypass cheat sheet - how to get access
  • wush - transfer files and open shells over a P2P WireGuard connection
  • StatiCrypt - encrypt and password protect HTML with in-browser decryption

Talks and Videos

Martina-Kraus-Cross Site Scripting is yesterdays news, isnt it-UGxhbm5pbmdfMjAwMzA2NQ

Martina Kraus reminds us that XSS is still a thing,  shows current trends and advanced XSS techniques and how to protect ourselves against them. Check it out.

Other videos and talk write-ups of note:

Work and Jobs

TUM, netcetera and TUM initiative for applied artificial intelligence logos

Netcetera, TUM and AppliedAI are conducting a survey on how AI is transforming software development, and invite you to share your insights! Your participation will help us understand the impact of AI on the software development lifecycle and create valuable recommendations for developers and decision-makers. The survey covers key topics like AI's influence on development phases, collaboration, quality, and more. It takes about 15 minutes.

Salesforce admitted that its AI Strategy will take jobs, Amazon tells workers to be in office 5 days a week and HackerNews discusses what that means for workers. Related articles are how to communicate tradeoffs so leaders will listen and how to lead teams when the house is on fire. In a pretty terrible move, a fake recruiter coding tests infected applicants' computers with malware. And there are 10 Essential Techniques for teaching security in your company.

Procrastination Corner / Wonderful Weird Web

Dev Digest 134 - Where pixels sing?

September 23, 2024
6
min read

Continue reading

We are busy writing more posts on this topic right now. Sign up for our newsletter to not miss them.

Subscribe to DevDigest

Get a weekly, curated and easy to digest email with everything that matters in the developer world.

Learn more

From developers. For developers.