Poll: #Developers of the #mastodon world please choose carefully:

PLEAS don't write ANY C or C++ code with any AI helper. Not only you have no guarantees that the code is memory safe, it has also learned from buggy code! BeingHackedAAS.

#programming #developers

EDIT: fixed typos.

Eclipse Foundation unveils open source AI development tools https://www.developer-tech.com/news/eclipse-foundation-unveils-open-source-ai-development-tools/ #eclipse #developers #coding #programming #opensource #ai #tech #news #technology

Mindset matters when pair programming…

Embrace :
 Empathy.
 Vulnerability.
 Compassion…

…And drop your ego

Be prepared:

 To be questioned.
 To make mistakes.
 To admit to not knowing things.

What else is needed to make pair programming work well?

Run pipelines in the terminal.

#pipelight is a cli/engine that runs pipelines in the terminal.(pssst: it's #foss and #rust )

It has json AND pretty tree outputs so you can inspect every process outputs fairly quickly.

Supports #yaml, #toml, #hcl, #javascript and some other languages.

#sysadmin #devops #cicd #developers
Every buzz word are thereso you don't miss it, thk me later

https://github.com/pipelight/pipelight

[Security at W3C]

Last video from the @w3c SWAG #CommunityGroup meeting where Aaron Sim lists 3 meta questions:
- What’s the best UI to nudge #developers toward adopting security mitigations?
- How can we improve ecosystem-wide security for external code (e.g., node modules)?
- And how can we better promote #security practices among web developers?

https://youtu.be/CHsS48IcZ20

The full playlist: https://www.youtube.com/playlist?list=PLNhYw8KaLq2Wr27HLfSTD4d6JpC3G0PVr

Plotting browser support data in a catalog shows the evolution of the web platform in terms of number and availability of features.

The @w3c WebDX #CommunityGroup has completed a first nearly complete catalog of web features targeted at web #developers, along with support data across main #browsers. The catalog already powers @mdn, Can I use, and is now being integrated in tools and libraries.

https://www.w3.org/blog/2025/first-catalog-of-web-features-completed-by-the-webdx-community-group/

Feedback welcome! https://github.com/web-platform-dx/web-features

@tidoust @patrickbrosset

An #lsp is background process that lints your code,
report errors, give autocompletion and thus for every languages.

And guess what there even is an lsp to fix my messy grammar!

@hyde you are fired!

#vim #rust #developers

https://medium.com/@Erik_Krieg/free-and-open-source-grammar-correction-in-neovim-using-ltex-and-n-grams-dea9d10bc964

[Security at W3C]

Guillaume Weghsteen presents Safevalues, a #JavaScript / #TypeScript library that simplifies secure coding by handling user inputs safely. It provides tools for sanitization, escaping, and safe-by-design practices, covering 99.3% of use cases.

https://youtu.be/Y3mfRXQwLiE

Compatible with frameworks like #Angular and effective even without Trusted Types support, it ensures secure interactions with DOM APIs while reducing manual #security reviews.
#developers

[Security at W3C]

In this talk, Guillaume Weghsteen introduces Safety-Web, an ESLint plugin that identifies unsafe or potentially unsafe DOM accesses in #JavaScript and #TypeScript code directly in developers' IDEs.

https://youtu.be/S-Uy061swSg

It simplifies creating Trusted Types-compatible code by highlighting violations as lint errors, helping #developers avoid #security risks.

[Security at W3C]

In this talk, Kian Jamali introduces the Trusted Types (TT) Helper, a #Chrome extension designed to simplify adopting Trusted Types in #webapps Trusted Types is a #security feature that prevents unsafe DOM manipulations by enforcing policies.

https://youtu.be/EJ_axf3JAbk

The tool aims to streamline adoption, improve debugging efficiency, and help #developers implement secure, functional default policies, although a final review by a security engineer is recommended.

Llamamiento a gente que sabe programar y desarrollar aplicaciones libres para f-droid.

Esta aplicación es muy muy útil , con la camara del móvil saca fotos de documentos que parecen fotocopias. pero la persona que lo ha desarrollado, ha anunciado que lo archiva definitivamente y no va a actualizar más. Por favor un fork.

This is a call for people who can program and develop free applications for f-droid. This application is very useful. You can scan documents with the camera and it looks like a photocopy. But the person developed it announced back in February that they are giving it up definitely. That they accepted some pull requests on the project but would archive it without a new release because they really do not have time to put on it.

The way now is to step forward and make a fork

https://github.com/allgood/OpenNoteScanner/issues/172

#llamamiento #programar #desarrollar #programadoras #desarrolladoras #aplicaciones #libres #aplicacioneslibres #apps #appsLibres #f-droid #fdroid #developers #freeSoftware #FreeApps

#fotosdocumentosfotocopias #GitHub #scanner #OpenNoteScanner #fork #softwareLibre

https://github.com/allgood/OpenNoteScanner/

[Security at W3C]

In this presentation, Aaron Shim highlights the challenges of adopting Content Security Policy (CSP) due to its complexity and unclear directives. #security

To help #developers, a CSP Evaluator tool was introduced, providing instant feedback on CSP configurations. Available as a standalone website and #Chrome extension, it allows interactive analysis of directives and their #safety.

https://youtu.be/DSCazlJV-es

[Security at W3C]

Cross-site scripting (XSS) is a widespread issue, and while Content Security Policy (CSP)is advertised as a solution for XSS mitigation, it's often seen as hard to configure effectively.

https://youtu.be/_Uo3k9al948

In this video, Aaron Shim presents a developer-friendly tool that simplifies CSP setup and provides clear feedback on the protections it offers.
#security #developers

Malicious Packages Identified in the Wild: Insights and Trends from November 2024 Onward

FortiGuard Labs has analyzed malicious software packages detected from November 2024 to March 2025, revealing various attack techniques used to exploit system vulnerabilities. Key findings include 1,082 packages with low file counts, 1,052 packages with suspicious install scripts, and 1,043 packages lacking repository URLs. Attackers employ methods such as obfuscation, command overwrite, and typosquatting to bypass security measures. The analysis highlights the use of suspicious APIs, URLs, and installation scripts to exfiltrate data, establish backdoors, and perform remote control activities. Specific cases involve malicious Python and Node.js packages targeting developers and harvesting sensitive information. The report emphasizes the importance of robust detection strategies and proactive defense measures to mitigate these evolving cybersecurity threats.

Pulse ID: 67cf4b932b27ceeadb710aab
Pulse Link: https://otx.alienvault.com/pulse/67cf4b932b27ceeadb710aab
Pulse Author: AlienVault
Created: 2025-03-10 20:29:07

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Hey, #DevOps, #SRE and #Developers in general: what laptop would you recommend to a new hire as a business laptop?

It's highly appreciated that it works with Linux, but Mac it's also considered.

Software engineering in one tweet.

This week I wrote developer guidelines for Blender & add-on devs, on how to work with the Slotted Actions that'll be introduced in Blender 4.4.

https://developer.blender.org/docs/features/animation/animation_system/layered/#developer-guidelines

Python package ‘set-utils’ targets Ethereum wallets https://www.developer-tech.com/news/python-package-set-utils-targets-ethereum-wallets/ #python #coding #programming #crypto #web #blockchain #eth #security #hacking #ethereum #infosec #developers #tech #news #technology