Blogger

by: Sourav Rudra Wed, 19 Nov 2025 05:42:55 GMT Your favorite apps run on code maintained by exhausted volunteers. The databases powering your company? Built by developers working double shifts. Those JavaScript frameworks everyone depends on? Often shepherded by a single person, unpaid, drowning in demands. A new report reveals just how bad things have gotten. Sentry funded this research through their Open Source Pledge initiative. Miranda Heath, a psychologist and PhD student at The University of Edinburgh, conducted the study. She reviewed academic literature, analyzed 57 community materials, and talked to seven OSS developers directly. Some had burned out. Others managed to avoid it. Some walked away entirely. Her findings track with open source infrastructure breaking down. The pressure points are nearly identical. Before we dive in, you have to know there is one major limitation with this report. Most analyzed materials came from white male developers. Miranda notes that marginalized groups likely experience additional burnout factors the research missed. Burnout in Open Source: A Structural Problem We Can Fix Together | Open Source PledgeBurnout is affecting the entire Open Source ecosystem. Here’s what we could do to make things better.Open Source PledgeThe Three Faces of BurnoutFirstly, you have to understand that burnout isn't just being tired. It has three distinct characteristics that feed off each other. The motivational component hits first. Developers lose the ability to push through tasks. What once felt manageable becomes impossible to start. They avoid work entirely. Then comes the affective breakdown. Emotional regulation fails. Developers become easily frustrated, irritated, and overwhelmed. They snap at users. They withdraw from communities. The cognitive shift follows. People mentally distance themselves from their work. They express negativity and cynicism towards it. Dark humor becomes a coping mechanism. "Fix it, fork it, f*ck off" becomes the phrase of choice. The numbers are brutal. A 2023 survey found 73% out of 26,348 developers experienced burnout at some point. Another survey showed 60% of OSS maintainers considered leaving entirely. Burnout is a predictor of quitting. When developers burn out, they walk away. Burnout is Slow DeathMiranda found six interconnected factors driving maintainers to the edge. Difficulty Getting Paid: Sixty percent of OSS maintainers receive no payment whatsoever (according to the Tidelift survey). They work full-time jobs, then maintain critical infrastructure for free. The double shift wrecks their mental and physical health and steals time from friends/family. Loneliness follows. Crushing Workload: Popular package maintainers drown in requests. They are often solo. Finding quality contributors is nearly impossible. Email overload alone can trigger burnout. Maintenance Feels Unrewarding: Developers love creating. They hate the repetitive, mind-numbing maintenance work. It takes time away from what they actually enjoy (coding). There is no creativity, no learning, just repetitive work. Toxic Community Behavior: Users demand features like customers. They shame maintainers publicly when bugs appear. Good work goes unrecognized. Mistakes get amplified. The entitlement exhausts them. Toxicity exists between developers too. The majority of OSS collaboration happens remotely. No face-to-face contact. No conflict resolution training. No formal support structures or governance unless teams build them. This makes team toxicity both more likely and harder to fix, and the isolation aspect only makes everything worse. Hyper-responsibility: Developers feel crushing obligation to their communities. They can't say no, and stepping back feels like betrayal. The guilt compounds the stress. Pressure to Prove Oneself: Developers need portfolios for jobs. They constantly prove themselves to the community and potential employers. The performance pressure never stops. Fear of losing reputation keeps them working past healthy limits. GitHub makes it worse. Achievements, badges, contribution graphs. It gamifies the work. Developers feel compelled to maintain streaks and numbers. The metrics become the measure of worth. These factors reinforce each other. No pay for OSS means working a full-time job on top of it. The double shift means longer hours. Longer hours kill patience. Less patience breeds toxicity. Toxicity drives contributors away. Fewer contributors means more work. What Needs to Change The report offers four clear recommendations. Pay OSS developers reliably. Not donations or tips. Predictable income through decentralized funding that preserves maintainer autonomy. Foster recognition and respect too. Community leaders must encourage better behavior, and platforms like GitHub should educate users about the humans behind the code. Grow the community through better education and mentorship programs. Make it easier for newcomers to contribute quality work. Financial support helps here too. And finally, advocate for maintainers. OSS powers critical infrastructure. Burnout puts that at risk. Advocacy bodies need to make governments aware. That awareness can bring funding and real solutions. And, I will be honest, this hits close to home. I fully understand what's happening. Burnout literally robs you of any motivation or energy to do the things you love. It doesn't just slow you down. It kills the joy entirely. The fix isn't complicated. Treat maintainers like the humans they are, not free infrastructure. Companies profiting from open source need to contribute financially (at the very least). Employers should give developers dedicated time for OSS work. Users must remember there is a person on the other end of that issue thread. Fellow developers need to call out toxicity when they see it. Burnout prevention starts with basic human decency. Suggested Read 📖 Open Source Infrastructure is Breaking Down Due to Corporate FreeloadingAn unprecedented threat looms over open source.It's FOSSSourav Rudra

by: Chris Coyier Tue, 18 Nov 2025 23:11:32 +0000 There was a day not long ago where a Google Chrome browser update left any page with a CodePen Embed on it throwing a whole big pile of red JavaScript errors in the console. Not ideal, obviously. The change was related to how the browser handles allow attributes on iframes (i.e. <iframe allow="...">). CodePen was calculating the appropriate values inside an iframe for a nested iframe. That must have been a security issue of sorts, as now those values need to be present on the outside iframe as well. We documented all this in a blog post so hopefully we could get some attention from Chrome on this, and for other browser makers as well since it affects all of us. And I posted it on the ol’ social media: I think the patch is a great change so hats off to everyone involved for getting it done so quickly. It’s already in Canary and don’t really know when it’ll get the stable but that sure will be good. It follows how Safari is doing things where values that aren’t understood are just ignored (which we think is fine and inline with how HTML normally works). Fortunately we were able to mitigate the problem a little until then. For most Embedded Pens, a <script> is loaded on the page embedding it, and we dynamically create the <iframe> for you. This is just nice as it makes making an accessible fallback easier and gives you access to API-ish features for the embeds. We were able to augment that script to do a little browser user-agent sniffing and apply the correct set of allow attributes on the iframe, as to avoid those JavaScript errors we were seeing. But there’s the rub: we’d rather not do any user-agent sniffing at all. If we could just put all the possible allow attributes we want on there, and not be terribly concerned if any particular browser didn’t support any particular value, that would be ideal. We just can’t have the scary console errors, out of concern for our users who may not understand them. Where we’re at in the saga now is that: We’re waiting for the change to Chrome to get to stable. We’re hoping Safari stays the way it is. OH HI FIREFOX. On that last point, if we put all the allow attributes we would want to on an <iframe> in Firefox, we also get console-bombed. This time not with red-errors but with yellow-warnings. So yes, hi Firefox, if you could also not display these warnings (unless a reporting URL is set up) that would be great. We’d be one less website out there relying on user-agent sniffing.

by: Sourav Rudra Tue, 18 Nov 2025 09:09:02 GMT RustDesk has positioned itself as a compelling open source alternative to proprietary remote desktop solutions like TeamViewer and AnyDesk. Built with Rust and licensed under AGPL 3.0, it offers cross-platform support across Linux, Android, Windows, macOS, and iOS. The project has now announced a major update for Linux users. RustDesk's latest nightly build introduces support for multiple monitors with different scaling factors on Wayland sessions, specifically targeting KDE and GNOME desktop environments. RustDesk Levels UpThis update addresses a well-known issue across the Linux desktop space, where users running multiple monitors with different resolutions and scaling levels, such as a 4K display at 200% scaling alongside a standard 1080p monitor, often struggled with proper display handling. The most common problem was pointer misalignment. Users would click in one location, but the input would register elsewhere on the remote machine. This made multi-monitor setups with mixed scaling practically unusable for remote work. The developers claim that their implementation now makes them the only remote desktop solution with this capability on Wayland. This puts RustDesk ahead of its commercial rivals. TeamViewer, AnyDesk, and Splashtop have been relatively slow to address Wayland-specific challenges, particularly around complex multi-monitor configurations. Get RustDeskThis improvement is currently available in RustDesk's nightly builds on GitHub. These pre-release versions get updated daily with the latest code and features for early testing. Once testing completes, the multi-scaled display support will roll out to the stable version available on the official website. We tested RustDesk back in 2024 and found it impressive even then. This latest update only solidifies its position as a serious TeamViewer alternative. RustDeskSuggested Read 📖 RustDesk: I Found This Open-Source TeamViewer Alternative Impressive!RustDesk is a fantastic secure remote desktop tool. Let’s take it for a spin!It's FOSSSourav Rudra

by: Chris Coyier Mon, 17 Nov 2025 18:00:37 +0000 CSS has a bunch of cursors already. Chances are, you’re not using them as much as you should be. Well, should is a strong word. I can’t cite any evidence offhand that special cursors is some absolute boon to user experience or accessibility. But it certainly seems like a nice touch. Like: .copy-button { cursor: copy; } Or [disabled] { cursor: not-allowed; } These cursors are actually supplied by your OS, and thus can be altered by the OS. That’s a good thing, as some OSs let you bump up the size of the cursor (with a url() value), for example, which is good for accessibility. You can set custom cursors as well, which won’t get bumped up, which is bad for accessibility. Looking around at our 2.0 Beta editor, I can see lots of CSS-provided cursor changes. I’m pretty pleased with those! An interesting aspect of “custom” cursors is that they are only obviously a problem if you replace the actual cursor itself. That doesn’t rule out doing things in addition or next to the cursor. Our own Rachel Smith’s site has rainbow paint splotches shoot out from behind the cursor, just for fun, but the cursor itself isn’t changed. Kyle Lambert has a good article about doing useful things with the cursor with a particular focus on things Figma does. Here’s some of excerpts of good ideas: Just interesting stuff! Not sure we’re seeing quite as much cursor innovation elsewhere.

by: Juan Diego Rodríguez Mon, 17 Nov 2025 14:47:54 +0000 This is a series! It all started a couple of articles ago, when we found out that, according to the State of CSS 2025 survey, trigonometric functions were the “Most Hated” CSS feature. I’ve been trying to change that perspective, so I showcased several uses for trigonometric functions in CSS: one for sin() and cos() and another on tan(). However, that’s only half of what trigonometric functions can do. So today, we’ll poke at the inverse world of trigonometric functions: asin(), acos(), atan() and atan2(). CSS Trigonometric Functions: The “Most Hated” CSS Feature sin() and cos() tan() asin(), acos(), atan() and atan2() (You are here!) Inverse functions? Recapping things a bit, given an angle, the sin(), cos() and tan() functions return a ratio presenting the sine, cosine, and tangent of that angle, respectively. And if you read the last two parts of the series, then you already know what each of those quantities represents. What if we wanted to go the other way around? If we have a ratio that represents the sine, cosine or tangent of an angle, how can we get the original angle? This is where inverse trigonometric functions come in! Each inverse function asks what the necessary angle is to get a given value for a specific trigonometric function; in other words, it undoes the original trigonometric function. So… acos() is the inverse of cos(), asin() is the inverse of sin(), and atan() and atan2() are the inverse of tan(). They are also called “arcus” functions and written as arcos(), arcsin() and arctan() in most places. This is because, in a circle, each angle corresponds to an arc in the circumference. CodePen Embed Fallback The length of this arc is the angle times the circle’s radius. Since trigonometric functions live in a unit circle, where the radius is equal to 1, the arc length is also the angle, expressed in radians. Their mathy definitions are a little boring, to say the least, but they are straightforward: y = acos(x) such that x = cos(y) y = asin(x) such that x = sin(y) y = atan(x) such that x = tan(y) acos() and asin() Using acos() and asin(), we can undo cos(θ) and sin(θ) to get the starting angle, θ. However, if we try to graph them, we’ll notice something odd: The functions are only defined from -1 to 1! Remember, cos() and sin() can take any angle, but they will always return a number between -1 and 1. For example, both cos(90°) and cos(270°) (not to mention others) return 0, so which value should acos(0) return? To answer this, both acos() and asin() have their domain (their input) and range (their output) restricted: acos() can only take numbers between -1 and 1 and return angles between 0° and 180°. asin() can only take numbers between -1 and 1 and return angles between -90° and 90°. This limits a lot of the situations where we can use acos() and asin(), since something like asin(1.2) doesn’t work in CSS* — according to the spec, going outside acos() and asin() domain returns NaN — which leads us to our next inverse function… atan() and atan2() Similarly, using atan(), we can undo tan(θ) to get θ. But, unlike asin() and acos(), if we graph it, we’ll notice a big difference: This time it is defined on the whole number line! This makes sense since tan() can return any number between -Infinity and Infinity, so atan() is defined in that domain. atan() can take any number between -Infinity and Infinity and returns angles -90° and 90°. This makes atan() incredibly useful to find angles in all kinds of situations, and a lot more versatile than acos() and asin(). That’s why we’ll be using it, along atan2(), going forward. Although don’t worry about atan2() for now, we’ll get to it later. Finding the perfect angle In the last article, we worked a lot with triangles. Specifically, we used the tan() function to find one of the sides of a right-angled triangle from the following relationships: To make it work, we needed to know one of its sides and the angle, and by solving the equation, we would get the other side. However, in most cases, we do know the lengths of the triangle’s sides and what we are actually looking for is the angle. In that case, the last equation becomes: Triangles and Conic Gradients Finding the angle comes in handy in lots of cases, like in gradients, for instance. In a linear gradient, for example, if we want it to go from corner to corner, we’ll have to match the gradient’s angle depending on the element’s dimensions. Otherwise, with a fixed angle, the gradient won’t change if the element gets resized: .gradient { background: repeating-linear-gradient(ghostwhite 0px 25px, darkslategray 25px 50px); } CodePen Embed Fallback This may be the desired look, but I think that most often than not, you want it to match the element’s dimensions. Using linear-gradient(), we can easily solve this using to top right or to bottom left values for the angle, which automatically sets the angle so the gradient goes from corner to corner. .gradient { background: repeating-linear-gradient(to top right, ghostwhite 0px 25px, darkslategray 25px 50px); } CodePen Embed Fallback However, we don’t have that type of syntax for other gradients, like a conic-gradient(). For example, the next conic gradient has a fixed angle and won’t change upon resizing the element. .gradient { background: conic-gradient(from 45deg, #84a59d 180deg, #f28482 180deg); } CodePen Embed Fallback Luckily, we can fix this using atan()! We can look at the gradient as a right-angled triangle, where the width is the adjacent side and the height the opposite side: Then, we can get the angle using this formula: .gradient { --angle: atan(var(--height-gradient) / var(--width-gradient)); } Since conic-gradient() starts from the top edge — conic-gradient(from 0deg) — we’ll have to shift it by 90deg to make it work. .gradient { --rotation: calc(90deg - var(--angle)); background: conic-gradient(from var(--rotation), #84a59d 180deg, #f28482 180deg); } CodePen Embed Fallback You may be wondering: can’t we do that with a linear gradient? And the answer is, yes! But this was just an example to showcase atan(). Let’s move on to more interesting stuff that’s unique to conic gradients. I got the next example from Ana Tudor’s post on “Variable Aspect Ratio Card With Conic Gradients”: CodePen Embed Fallback Pretty cool, right?. Sadly, Ana’s post is from 2021, a time when trigonometric functions were specced out but not implemented. As she mentions in her article, it wasn’t possible to create these gradients using atan(). Luckily, we live in the future! Let’s see how simple they become with trigonometry and CSS. We’ll use two conic gradients, each of them covering half of the card’s background. To save time, I’ll gloss over exactly how to make the original gradient, so here is a quick little step-by-step guide on how to make one of those gradients in a square-shaped element: CodePen Embed Fallback Since we’re working with a perfect square, we can fix the --angle and --rotation to be 45deg, but for a general use case, each of the conic-gradients would look like this in CSS: .gradient { background: /* one below */ conic-gradient( from var(--rotation) at bottom left, #b9eee1 calc(var(--angle) * 1 / 3), #79d3be calc(var(--angle) * 1 / 3) calc(var(--angle) * 2 / 3), #39b89a calc(var(--angle) * 2 / 3) calc(var(--angle) * 3 / 3), transparent var(--angle) ), /* one above */ conic-gradient( from calc(var(--rotation) + 180deg) at top right, #fec9d7 calc(var(--angle) * 1 / 3), #ff91ad calc(var(--angle) * 1 / 3) calc(var(--angle) * 2 / 3), #ff5883 calc(var(--angle) * 2 / 3) calc(var(--angle) * 3 / 3), transparent var(--angle) ); } And we can get those --angle and --rotation variables the same way we did earlier — using atan(), of course! .gradient { --angle: atan(var(--height-gradient) / var(--width-gradient)); --rotation: calc(90deg - var(--angle)); } CodePen Embed Fallback What about atan2()? The last example was all abou atan(), but I told you we would also look at the atan2() function. With atan(), we get the angle when we divide the opposite side by the adjacent side and pass that value as the argument. On the flip side, atan2() takes them as separate arguments: atan(opposite/adjacent) atan2(opposite, adjacent) What’s the difference? To explain, let’s backtrack a bit. We used atan() in the context of triangles, meaning that the adjacent and opposite sides were always positive. This may seem like an obvious thing since lengths are always positive, but we won’t always work with lengths. Imagine we are in a x-y plane and pick a random point on the graph. Just by looking at its position, we can know its x and y coordinates, which can have both negative and positive coordinates. What if we wanted its angle instead? Measuring it, of course, from the positive x-axis. Well, remember from the last article in this series that we can also define tan() as the quotient between sin() and cos(): Also recall that when we measure the angle from the positive x-axis, then sin() returns the y-coordinate and cos() returns the x-coordinate. So, the last formula becomes: And applying atan(), we can directly get the angle! This formula has one problem, though. It should work for any point in the x-y plane, and since both x and y can be negative, we can confuse some points. Since we are dividing the y-coordinate by the x-coordinate, in the eyes of atan(), the negative y-coordinate looks the same as the negative x-coordinate. And if both coordinates are negative, it would look the same as if both were positive. To compensate for this, we have atan2(), and since it takes the y-coordinate and x-coordinate as separate arguments, it’s smart enough to return the angle everywhere in the plane! Let’s see how we can put it to practical use. Following the mouse Using atan2(), we can make elements react to the mouse’s position. Why would we want to do that? Meet my friend Helpy, Clippy’s uglier brother from Microsoft. CodePen Embed Fallback Helpy wants to always be looking at the user’s mouse, and luckily, we can help him using atan2(). I won’t go into too much detail about how Helpy is made, just know that his eyes are two pseudo-elements: .helpy::before, .helpy::after { /* eye styling */ } To help Helpy, we first need to let CSS know the mouse’s current x-y coordinates. And while I may not like using JavaScript here, it’s needed in order to pass the mouse coordinates to CSS as two custom properties that we’ll call --m-x and --m-y. const body = document.querySelector("body"); // listen for the mouse pointer body.addEventListener("pointermove", (event) => { // set variables for the pointer's current coordinates let x = event.clientX; let y = event.clientY; // assign those coordinates to CSS custom properties in pixel units body.style.setProperty("--m-x", `${Math.round(x)}px`); body.style.setProperty("--m-y", `${Math.round(y)}px`); }); Helpy is currently looking away from the content, so we’ll first move his eyes so they align with the positive x-axis, i.e., to the right. .helpy::before, .helpy::after { rotate: 135deg; } Once there, we can use atan2() to find the exact angle Helpy has to turn so he sees the user’s mouse. Since Helpy is positioned at the top-left corner of the page, and the x and y coordinates are measured from there, it’s time to plug those coordinates into our function: atan2(var(--m-y), var(--m-x)). .helpy::before, .helpy::after { /* rotate the eyes by it's starting position, plus the atan2 of the coordinates */ rotate: calc(135deg + atan2(var(--m-y), var(--m-x))); } We can make one last improvement. You’ll notice that if the mouse goes on the little gap behind Helpy, he is unable to look at the pointer. This happens because we are measuring the coordinates exactly from the top-left corner, and Helpy is positioned a little bit away from that. To fix this, we can translate the origin of the coordinate system directly on Helpy by subtracting the padding and half its size: Which looks like this in CSS: .helpy::before, .helpy::after { rotate: calc( 135deg + atan2( var(--m-y) - var(--spacing) - var(--helpy-size) / 2, var(--m-x) - var(--spacing) - var(--helpy-size) / 2 ) ); } CodePen Embed Fallback This is a somewhat minor improvement, but moving the coordinate origin will be vital if we want to place Helpy in any other place on the screen. Extra: Getting the viewport (and anything) in numbers I can’t finish this series without mentioning a trick to typecast different units into simple numbers using atan2() and tan(). It isn’t directly related to trigonometry but it’s still super useful. It was first described amazingly by Jane Ori in 2023, and goes as follows. If we want to get the viewport as an integer, then we can… @property --100vw { syntax: "<length>;"; initial-value: 0px; inherits: false; } :root { --100vw: 100vw; --int-width: calc(10000 * tan(atan2(var(--100vw), 10000px))); } And now: the --int-width variable holds the viewport width as an integer. This looks like magic, so I really recommend reading Jane Ori’s post to understand it. I also have an article using it to create animations as the viewport is resized! CodePen Embed Fallback What about reciprocals? I noticed that we are still lacking the reciprocals for each trigonometric function. The reciprocals are merely 1 divided by the function, so there’s a total of three of them: The secant, or sec(x), is the reciprocal of cos(x), so it’s 1 / cos(x). The cosecant, or csc(x), is the reciprocal of sin(x), so it’s 1 / sin(x). The cotangent, or cot(x) is the reciprocal of tan(x), so it’s 1 / tan(x). The beauty of sin(), cos() and tan() and their reciprocals is that they all live in the unit circle we’ve looked at in other articles in this series. I decided to put everything together in the following demo that shows all of the trigonometric functions covered on the same unit circle: CodePen Embed Fallback That’s it! Welp, that’s it! I hope you learned and had fun with this series just as much as I enjoyed writing it. And thanks so much for those of you who have shared your own demos. I’ll be rounding them up in my Bluesky page. CSS Trigonometric Functions: The “Most Hated” CSS Feature sin() and cos() tan() asin(), acos(), atan() and atan2() (You are here!) The “Most Hated” CSS Feature: asin(), acos(), atan() and atan2() originally published on CSS-Tricks, which is part of the DigitalOcean family. You should get the newsletter.

by: Sourav Rudra Mon, 17 Nov 2025 12:49:10 GMT I rely heavily on GNOME extensions for my daily workflow. From Dash to Dock for quick app launching to Tiling Shell to effortlessly manage app windows while working. These basically turn the vanilla GNOME experience into something that truly fits my needs. While browsing through the latest This Week in GNOME post, I stumbled upon something interesting. A developer announced Veil, describing it as a cleaner and more modern way than Hide Items to manage applets in the GNOME panel. It sounded promising. So I decided to take it for a spin and see what it brings to the table. Veil: Overview ⭐ Veil comes from Dagim G. Astatkie, a software professional based out of Ethiopia. This extension addresses a common frustration among GNOME users. If you are a power user, then your top panel can quickly fill up with system indicators and status icons. It gets messy fast, and Veil gives you control over what stays visible and what gets hidden away. It offers many handy features, like auto-hide items on timer, slick animations when showing or hiding items, and the ability to selectively choose which panel icons stay visible. Initial Impressions 👨‍💻I installed it using Extension Manager on a Ubuntu 25.10 system, and I found it straightforward from start to finish. First, I enabled a few other extensions to properly test how Veil handles multiple panel items. Once that was done, everything clicked into place. A single click on the sharp-looking arrow at the top right of the panel did the trick. My network stats indicator disappeared. The Tiling Shell layout switcher vanished. System Monitor went away too. A clean top panel, just like that. Veil's General and Panel Items page. If I wanted to tweak things further, I could easily do so by heading into the "General" tab of the extension settings. There I got to play around with options like save state, default visibility, changing the arrow icon to something else for open and close actions, configuring auto-hide timing, and deciding which items stay visible at all times. This level of freedom should be enough for most people who want a clean top panel and some peace of mind. 📥 Get VeilIf you already have GNOME extensions set up on your system, installation is straightforward. Visit the extensions website or open Extension Manager and search for "Veil" by author "JD". If you haven't configured extensions yet, our complete guide on GNOME shell extensions will walk you through the entire setup process. The source code for Veil lives on GitHub for those interested in contributing or building from source. VeilSuggested Read 📖 How to Use GNOME Shell Extensions [Complete Guide]Step-by-step detailed guide to show you how to install GNOME Shell Extensions manually or easily via a browser.It's FOSSAbhishek Prakash

by: Sourav Rudra Mon, 17 Nov 2025 09:30:47 GMT Snap Inc., the company behind Snapchat, has open-sourced Valdi, a cross-platform mobile UI framework. The social media company typically keeps its technology in-house, but this marks a surprising move into open source territory. While there was no dedicated announcement for this on their news portal, The New Stack were the first ones to report this; I am assuming they received a press release for this. Anyhow, let's dive into this interesting development. Valdi is Now Open SourceValdi is now available on GitHub under the MIT license. The framework has powered Snapchat's production features for eight years, and, with the accompanying license in place, developers can use, modify, and distribute the code freely, and there are no restrictions on commercial use. Valdi compiles TypeScript code directly into native views for Android, iOS, and macOS. It does not use web views or JavaScript bridges. The framework claims 2x faster time-to-first-render and uses 1/4 the memory compared to competitors. These benchmarks were shared during Valdi's initial beta phase, when Snapchat first announced Valdi in August 2025 on Hacker News. Back then, the company sought beta testers and required NDAs for private repository access. The initial beta lasted three months before the public release, and Snapchat seems to have used this window to refine documentation and developer tooling. The current repository includes instant hot reload, full VSCode debugging support, and automatic view recycling. It also features a C++ layout engine and FlexBox layout system support, and developers can embed Valdi components in existing native apps. You can visit Valdi's GitHub repository for access to the source code and the documentation. There is also a Discord server for community support and developer discussions. ValdiNot Everyone is ConvincedDeveloper reception has been mixed. Reddit netizens are questioning Valdi's advantages over React Native. One of them, SamsungProgrammer, asked: Why would people choose this over React Native?To which another redditor, idkhowtocallmyacc, responded with skepticism. They pointed out that React Native's new architecture has also eliminated JavaScript bridges, potentially negating Valdi's main selling point. And that does make sense, to be honest. Ending that comment thread, a redditor called balder1993, responded by saying that: Some people might have a thing for rewriting their whole app a few years later when the bugs start getting in the way.Only time will tell if Valdi can escape Snapchat's shadow and find a broader developer audience.

by: Neville Ondara Sun, 16 Nov 2025 00:47:33 GMT If you’re like me, you probably grew up with the classic Linux command-line tools such as ls, cat, du. These commands have carried me through countless scripts and late-night debugging sessions. Here's the thing. While these tools do their job, they can be plain looking and difficult to use for certain tasks. Take the du command for example. It shows the disk usage on the system but use it without any option, and it is a mess. Terminals today support color, Unicode icons, live previews, all things our old favorites weren’t designed for. And the Rust revolution has quietly reshaped the command-line landscape. So there is a wave of Rust-based CLI tools that don’t just replicate the traditional ones; they modernize them. They’re fast, (claim to be) memory-safe, polished, and often come with thoughtful UX touches that make daily terminal work noticeably smoother. I’ve been tinkering with these tools lately, and I thought it’d be fun to share a list of my favorites. 🚧If you are a sysadmin, managing servers, you should not rely on alternatives. You might not get these fancy new tools on every system and installing them on every Linux server you log in is not feasible. The alternative tools are good when you are using a personal computer and have full control over the development environment. exa: Alternative to lsIf there’s one tool that convinced me Rust CLI apps were worth exploring, it’s exa. It feels familiar but adds what the original ls has always lacked: sensible colors, icons, and Git awareness. Highlights: Beautiful color themesGit integrationOptional tree viewClearer permissions formattingInstallation: cargo install exaUsage: exa -al --git You can instantly see which files are new, which are modified, and which are pure chaos. bat: Alternative to catcat is great for quick checks, but reading config files or code in raw plain text gets tedious. bat fixes that with syntax highlighting, Git integration, and line numbers, automatic paging, without losing cat compatibility. Installation: cargo install batExample Usage: bat ~/.bashrcIt’s basically cat with a glow-up ✨. When I first used it, I found myself opening random config files just to admire the colors. dust: Alternative to dudu always dumps a mountain of numbers on your screen. dust turns that into a compact, visual representation of disk usage that you can parse at a glance. It’s instantly more readable than the old command. The output is clean, easy to parse, and shows relative sizes visually. I swear my hard drive has never looked this friendly. 😎 Install dust: cargo install du-dust Usage: dustfd: Alternative to findRemember spending 10 minutes crafting the perfect find command? Yeah… me too. fd makes this easier. It has simple syntax, ignores hidden files by default and it is super-fast. Install fd: cargo install fd-findExample: fd main.rs fd fossnewsIts speed and simplicity make find feel outdated. After switching, you’ll rarely look back. ripgrep (rg): Alternative to grepRust-based ripgrep has become a must-have for developers. It’s dramatically faster and gives clear, highlighted search results. Install ripgrep: cargo install ripgrepExample usage: rg TODO src/ It respects your .gitignore and outputs results with color highlighting. I use it every day for searching TODOs, bug reports. duf: Alternative to dfdf is useful, but let’s be honest: the output looks like something printed from a 90s dot-matrix printer😆. duf fixes that. It takes the same disk-usage information and turns it into a clean, colorful, structured table you can actually understand at a glance. duf gives you a clean dashboard with grouped filesystems, readable sizes, clear partition labels, and a quick view of what’s healthy vs. what’s nearly full. Installation: sudo apt install dufUsage: duf procs: Alternative to psWhile ps aux works, it can feel visually overwhelming. procs gives you a more structured, color-coded view of your system processes, letting you quickly see what’s running without the need to launch a full TUI tool like htop. It’s like a personal dashboard for your processes. I use it every day to keep tabs on what’s running without feeling buried in a wall of text. Installation: cargo install procsUsage: procstldr: Alternative to mantldr makes navigating manual pages painless by offering clear examples, highlighting essential flags, and keeping things short (no scrolling forever). Installation: cargo install tldrUsage: tldr tarHonestly, I wish this existed when I was learning Linux, it's a lifesaver for newbies and veterans alike. broot: Alternative to treeIf you’ve ever used tree, you know it can quickly becomes overwhelming in large directories. broot upgrades the concept: it lets you navigate directories interactively, collapse or expand folders on the fly, and search as you go. Installation: cargo install broot Usage: brootI’ve ditched my old ls -R habit entirely, broot makes exploring directories feel interactive and satisfying, turning a messy filesystem into something you can actually enjoy navigating. zoxide: Alternative to cdHow many times have you typed cd ../../../../some/long/path? Too many, right? z (or zoxide) solves that by tracking your most visited directories and letting you jump to them with a single command, saving your fingers and making navigation effortless. Installation: cargo install zoxideYou also need to initialize it in your shell: # Bash eval "$(zoxide init bash)" # Zsh eval "$(zoxide init zsh)" # Fish zoxide init fish | source Usage: z codeIt keeps track of your frequently used directories and lets you jump to them instantly. lsd: Alternative to lsIf you’re tired of the plain, monochrome output of ls, lsd is here to make your directory listings not just readable, but enjoyable. With built-in icons and vibrant colors, it instantly helps you distinguish between files, directories, and executables at a glance. Installation: cargo install lsdYou can run it just like a normal ls command: lsd -la lsd organizes information clearly and highlights key file attributes, making navigation faster and more intuitive. bottom: Alternative to topThe classic top command shows system usage, but let’s face it, it can feel like you’re looking at a terminal snapshot from 1995 😆. bottom (or btm) brings a modern, clean, and highly visual experience to monitoring your system. It provides: Color-coded CPU, memory, and disk usageReal-time graphs directly in the terminalAn organized layout that’s easy to read and navigateInstallation: cargo install bottomYou can launch it simply with: btm Once you start using bottom, it’s hard to go back. Watching CPU spikes, memory usage, and disk activity while compiling Rust projects feels strangely satisfying. It’s both functional and fun, giving you the insights you need without the clutter of older tools. hyperfine: Alternative to time and other benchmarking commandsEver wondered which of your commands is truly the fastest? Stop guessing and start measuring with hyperfine. This Rust-based benchmarking tool makes it effortless to compare commands side by side. hyperfine runs each command multiple times, calculates averages, and gives you a clear, color-coded comparison of execution times. Beyond simple comparisons, it also supports warm-up runs, statistical analysis, and custom command setups, making it a powerful addition to any developer’s toolkit. Installation: cargo install hyperfine Usage example: hyperfine "exa -al" "ls -al"Watching exa obliterate ls in mere milliseconds is oddly satisfying⚡. If you love optimization, efficiency, and a little nerdy satisfaction, hyperfine is your new best friend. xplr: Alternative to nnnNow, I don't know if I can call nnn a classic Linux tool but I liked xplr so much that I decided to include it here. xplr takes the idea of a terminal file explorer to the next level. If you loved broot, xplr will blow your mind with these features: Navigate directories using arrow keys or Vim-style bindingsPreview files directly inside the terminalLaunch commands on files without leaving the appFully customizable layouts and keybindings for power usersInstallation: cargo install xplrUsage: xplrWrapping UpSwitching to new commands might feel like extra effort at first, but Rust-based CLI tools are often more than just a trend, they’re fast, modern, and designed to make your workflow enjoyable. They handle colors, syntax highlighting, and Git integration right out of the box.They save keystrokes, reduce frustration, and make complex tasks simpler.They make your terminal feel alive and engaging.On top of that, using them makes you look extra cool in front of fellow Linux nerds. Trust me, it’s a subtle flex 💪 Start small, maybe install exa and bat first, and gradually expand your toolkit. Soon, your terminal will feel futuristic, your workflow smoother, and your projects easier to manage.

by: Ryan Trimble Fri, 14 Nov 2025 15:32:50 +0000 A few weeks ago, Quiet UI made the rounds when it was released as an open source user interface library, built with JavaScript web components. I had the opportunity to check out the documentation and it seemed like a solid library. I’m always super excited to see more options for web components out in the wild. Unfortunately, before we even had a chance to cover it here at CSS-Tricks, Quiet UI has disappeared. When visiting the Quiet UI website, there is a simple statement: The repository for Quiet UI is no longer available on Quiet UI’s GitHub, and its social accounts seem to have been removed as well. The creator, Cory LaViska, is a veteran of UI libraries and most known for work on Shoelace. Shoelace joined Font Awesome in 2022 and was rebranded as Web Awesome. The latest version of Web Awesome was released around the same time Quiet UI was originally announced. According to the Quiet UI site, Cory will be continuing to work on it as a personal creative outlet, but hopefully we’ll be able to see what he’s cooking up again, someday. In the meantime, you can get a really good taste of what the project is/was all about in Dave Rupert’s fantastic write-up. Quiet UI Came and Went, Quiet as a Mouse originally published on CSS-Tricks, which is part of the DigitalOcean family. You should get the newsletter.

by: Sourav Rudra Fri, 14 Nov 2025 13:37:14 GMT Firefox has been pushing AI features for a while now. Over the past year, they've added AI chatbots in the sidebar, automatic alt text generation, and AI-enhanced tab grouping. It is basically their way of keeping up with Chrome and Edge, both of which have gone all-in on AI. Of course not everyone is thrilled about AI creeping into their web browsers, and Mozilla (the ones behind Firefox) seems to understand that. Every AI feature in Firefox is opt-in. You can keep using the browser as you always have, or flip on AI tools when you actually need them. Now, they are taking this approach a step further with something called AI Window. Firefox AI Window: What's Cooking?Mozilla has announced it's working on AI Window, a new browsing mode that comes with a built-in AI assistant. Think of it as a third option alongside the Classic browsing mode and Private Window mode. Before you get angry, know that it will be fully optional. Switch to AI Window when you want help, or just ignore it entirely. Try it, hate it, disable it. Mozilla's whole pitch is that you stay in control. On the transparency front, they are making three commitments: A fully opt-in experience.Features that protect your choice.More transparency around how your data is used.Why bother with all this, you ask? Mozilla sees AI as part of the web's future and wants to shape it their way. They figure ignoring AI while it reshapes the web doesn't help anyone, so they want to steer it toward user control rather than watch browsers from AI companies (read: Big Tech) lock people in. Ajit Varma, the Vice President and Head of Product at Firefox, put it like this: We believe standing still while technology moves forward doesn’t benefit the web or humanity. That’s why we see it as our responsibility to shape how AI integrates into the web — in ways that protect and give people more choice, not less.The feature isn't live. Mozilla's building it "in the open" and wants feedback to shape how it turns out. If you want early access, there's a waitlist at firefox.com/ai to get updates and first dibs on testing. Suggested Read 📖 Exploring Firefox Tab Groups: Has Mozilla Redeemed Itself?Firefox’s Tab Groups help you organize tabs efficiently. But how efficiently? Let me share my experience.It's FOSSSourav Rudra

by: Abhishek Prakash Fri, 14 Nov 2025 17:08:50 +0530 Feels like 2025 is ending sooner than expected. I know that's not the case but it just feels like that 😄 On that note, we plan to publish at least two more courses for you before the year ends. They are likely to be on Terraform and Kubernetes. I am also planning a microcourse on 'automated backups with cron and rsync'. These classic Linux tools are always reliable. And in the meantime, we are also working on expanding our collection of hands-on practice labs so that you can improve your skills by doing it. Lots of things planned. Stay tuned, stay subscribed. Here's why you should get LHB Pro membership: ✅ Get access to Linux for DevOps, Docker, Ansible, Systemd and other text courses ✅ Get access to Kubernetes Operator and SSH video course ✅ Get 6 premium books on Bash, Linux and Ansible for free ✅ No ads on the website Get Pro Membership       This post is for subscribers only Subscribe now Already have an account? Sign in

by: Sourav Rudra Fri, 14 Nov 2025 10:44:14 GMT Ubuntu is Canonical's flagship Linux distribution that powers a significant portion of the information technology infrastructure today. It has two major versions: an interim release that comes with nine months of support and a long-term support release that comes with five years of standard support that is extensible via Ubuntu Pro. If you didn't know, Canonical introduced Ubuntu Pro in 2022 as a subscription service that extends LTS coverage beyond the standard five years. It includes Expanded Security Maintenance (ESM), which provides an additional five years of security patching, bringing the total coverage to 10 years for LTS releases. Similarly, back in 2024, Canonical launched the Legacy add-on for Ubuntu Pro, which initially provided two additional years of support beyond ESM, bringing total coverage to 12 years. And now they have announced an expansion that brings 15 years of support for LTS releases. 15 Years of Support Sounds GreatThe expanded Legacy add-on now offers five additional years of support after the 10-year ESM window ends. This means Ubuntu LTS releases receive: 5 years of standard security maintenance.5 years of Expanded Security Maintenance.5 years of Legacy add-on support.Ubuntu 14.04 LTS, which entered the standard support period in April 2024, will now be maintained until April 2029. This gives it a full 15-year lifecycle from its initial release. The Legacy add-on kicks in after the first 10 years and costs 50% more than the standard Ubuntu Pro subscription. All future LTS releases, including 16.04, 18.04, 20.04, and beyond, are eligible for the same 15-year coverage when they reach the Legacy phase. Get Ubuntu Pro (Legacy add-on)The Legacy add-on becomes available after an LTS release completes 10 years of coverage, and as I mentioned earlier, costs 50% more than the standard Ubuntu Pro subscription. To activate the Legacy add-on support, Canonical asks users to contact their sales team or reach out to their assigned account manager. Ubuntu Pro (Legacy add-on)Suggested Read 📖 IBM Joins OpenSearch Software Foundation to Advance AI-Powered Search and RAGPledges enterprise-grade enhancements as Premier Member.It's FOSSSourav Rudra

by: Ani Fri, 14 Nov 2025 09:53:36 +0000 Steve Jobs famously said, “Design is not just what it looks like and feels like — design is how it works.” Design is so much more than the visual layer; it goes far deeper than that. About meI’m Petra Tarkkala, and I’m the Head of Design at Tietoevry Create Finland. I have 25 years of experience in service design, UX, and digital transformation, making me one of the pioneers in digital design in Finland. When I started, the field of service design was still quite small, and it’s been inspiring to witness its growth. In many ways, I’ve evolved together with the industry. My team has about 20 designers in Finland and collaborates with international design teams across the Nordics, Central Europe, and the US. Most of my work involves consultative projects, which are mainly in public services and large enterprises based in Finland. My approach is very hands-on and grounded in understanding real user needs. We always base our work on insights, so it’s essential for me first to understand the actual context and what users truly need before trying to solve any problem. About my roleAs Head of Design, I lead our design team, grow our competence, recruit new talent, and help shape our project portfolio. I also stay hands-on with design projects. This keeps my skills sharp and my thinking fresh. Working directly with clients not only inspires new ideas, but also makes me a better design leader. Service design is fundamentally about understanding people and creating services that are accessible, intuitive, and genuinely valuable, whether that means digital solutions, better face-to-face experiences, or entirely new ways of working. The process always starts with a deep dive into user and business needs, followed by ideation, prototyping, and testing with real users. It’s iterative: we refine and test concepts until we find what truly works. In a nutshell, we co-create solutions that make a positive difference for both organizations and the people they serve. For example, in healthcare projects, service design might mean ensuring digital tools support, not replace, human interaction, or making sure vulnerable groups aren’t left behind. In Finland, service design can help make limited resources go further by tailoring services to different needs: some people are happy with digital consultations, while others—like many older adults—prefer face-to-face encounters. The key is designing with empathy and flexibility, so everyone gets the support they need. Petra Tarkkala, Head of Design, Tietoevry Create The beginning of my career I was always quite good at math and strong in the natural sciences, and I was also very creative. Still, I didn’t have a clear idea of what I wanted to do. I didn’t dream of being a doctor or a teacher. I just knew I wanted to do something meaningful that would let me use my strengths. Since I had studied a lot of math and physics in high school, I decided to apply to the Helsinki University of Technology (now known as Aalto University) to study computer science. I got accepted right away, in 1996. Building my own pathI feel incredibly lucky to have followed this path. I could have never planned it. Back in high school, this kind of career didn’t even exist. That’s something I often tell young people, including my own kids: don’t stress too much about deciding exactly what you want to be, because your future job might not even exist yet. At the time, I just believed that having a master’s degree would open doors, and I truly got lucky. I made my choices somewhat randomly, but by following my strengths, I found work that motivates me and makes me happy. Working at Tietoevry I joined Tietoevry in 2018, and I’ve genuinely loved the journey ever since. At heart, I’m a creative problem-solver—I thrive at the intersection of business, design, and technology, and I honestly can’t imagine doing anything else. With my technical background, creativity, and strong sense of user empathy, my role fits me perfectly. I also value meaningful work: helping businesses succeed while creating real impact. I feel lucky that it’s been so easy to balance my work with my personal life. The value of AIAI enables us to focus on more meaningful and valuable work by automating the mundane tasks. AI frees up time and resources. For example, previously, part of our project’s budget had to be used for routine tasks, such as transcribing user interviews. Now, AI tools can generate transcripts for us and even help identify key insights from those interviews. I use AI as a sparring partner. When I need to produce material for a client or develop something for a project, I check AI’s findings, compare it with my own, and then create a synthesis. It’s like having a very smart colleague always available, who provides valuable input, but one you can’t trust 100%. Keeping myself motivatedAs a consultant, receiving genuine gratitude from clients at the end of a challenging design project is highly motivating. Another key source of motivation for me is the community I work with. My team is fun, energetic, and truly passionate about what we do. What motivates us is the belief that our work matters, that we’re solving real problems and making a difference. Being surrounded by people who care deeply about the impact of their work is incredibly motivating. My advice to women in techI think that for women in tech is especially important to remember that we should be bold in our ideas and confident in our abilities. If we have the skills and the foundation, we shouldn’t wait to be guided; we should step forward and take the lead ourselves. I encourage my team to be proactive and speak up. I often remind them: “Don’t wait for permission to lead — just start leading.” Design is not always well understood; being clear, assertive, and confident is necessary to move ideas forward. My favourite quoteSteve Jobs famously said, “Design is not just what it looks like and feels like — design is how it works.” Design is a powerful tool for change. Design is not just about making things look good—it’s about making things work better for people, systems, and the planet. I believe in creativity as a force for transformation, and I’m always looking for ways to bring creative problem solving and user empathy into the work I do. The post Role Model Blog: Petra Tarkkala, Tietoevry Create first appeared on Women in Tech Finland.

by: Hangga Aji Sayekti Fri, 14 Nov 2025 07:49:11 +0530 Did you know that many security breaches happen through assets companies didn't even know they had? Subdomains like staging.company.com or test.api.company.com are frequently overlooked yet can expose your entire infrastructure. OWASP Amass solves this by automatically discovering all your subdomains, giving you a complete picture of your attack surface. In this guide, we'll show you how to use it like a pro. What is OWASP Amass?OWASP Amass is an open-source tool designed for in-depth Attack Surface Mapping and Asset Discovery. In simpler terms, it's a subdomain enumeration powerhouse. It doesn't just use one method; it combines data from over 80 different sources, including: Certificate Transparency Logs: It looks at public records of SSL certificates issued for a domain.Search Engines: It scrapes results from Google, Bing, and others.DNS Databases: It queries massive DNS data archives.Brute Forcing: It intelligently guesses common subdomain names.The result is a comprehensive list of subdomains you might not have even known existed. 📋A crucial reminder: Only use Amass on domains you own or have explicit permission to test. Unauthorized scanning can be considered hostile and may violate terms of service or laws. vulnweb.com is a safe and legal playground for this purpose.Step 1: Installing OWASP AmassThe easiest way to install Amass on most Linux distributions is via a package manager. Amass is bundled with Kali, so you’re safe. Drop it in the terminal and let the enumeration do the work. For Debian/Ubuntu-based systems: sudo apt install amass To verify your installation, run: amass -version If it returns a version number, you're all set! Understanding the Basic Syntax of AmassThe amass command is powerful because of its various flags and options. Here's a quick reference table for the flags we'll use in this guide: Flag / Option Description Example enum The subcommand for subdomain enumeration. amass enum -d Specifies the target domain. (Required) -d vulnweb.com -passive Uses only passive data sources (no direct DNS queries). -passive -brute Forces a brute-force attack using wordlists. -brute -o Saves the results to a specified file. -o results.txt -json Saves detailed results in JSON format. -json output.json -list Shows the data sources used in enumeration. amass enum -list -help Shows the help menu for the enum subcommand. amass enum -help Step 2: Your First Subdomain Hunt: A Passive ReconnaissanceLet's start with the safest and most common method: passive reconnaissance. This means Amass will only query its numerous data sources. It won't send any traffic directly to the target's servers, making it stealthy and non-intrusive. For this tutorial, we'll use vulnweb.com, a site intentionally created for security testing. Open your terminal and type: amass enum -passive -d vulnweb.com Let's break this down with our new syntax knowledge: enum: This is the subcommand for enumeration (discovery).-passive: This flag tells Amass to stick to passive methods.-d vulnweb.com: Specifies our target domain.Within seconds, you'll see a list of subdomains start to populate your terminal. For vulnweb.com, you should see entries like testphp.vulnweb.com, testasp.vulnweb.com, and testhtml5.vulnweb.com. This is your initial map! You've just discovered multiple "entrances" to the vulnweb.com infrastructure. Step 3: Digging Deeper: Active Reconnaissance and Brute ForcingPassive mode is great, but sometimes you need to be more thorough. This is where active reconnaissance comes in. It involves directly interacting with the target's DNS servers. This method can be louder but often reveals subdomains that aren't listed in any public database. To perform an active DNS enumeration, simply remove the -passive flag: amass enum -d vulnweb.com As I explained in the previous section about -passive, both amass runs found the same things — the only difference was the order the results were printed. -passive tells Amass to gather info quietly from public sources (certificate logs, public DNS, search engines) without touching the target, while running it without -passive allows noisier, active checks like brute force or direct DNS queries. In your case the public sources already contained everything, so the active run didn’t discover anything new — it just mixed the same entries in a different sequence. Taking it Up a Notch: Brute ForcingWhat about subdomains that are completely hidden? Think dev, staging, ftp, cpanel. Amass can perform a "brute force" attack by trying a massive list of common subdomain names. We'll combine this with passive mode to be efficient and respectful. amass enum -passive -brute -d vulnweb.com Let Amass complete the enumeration... hangga@hangga-kali  ~  amass enum -passive -brute -d vulnweb.com vulnweb.com (FQDN) --> ns_record --> ns2.eurodns.com (FQDN) vulnweb.com (FQDN) --> ns_record --> ns3.eurodns.com (FQDN) vulnweb.com (FQDN) --> ns_record --> ns4.eurodns.com (FQDN) vulnweb.com (FQDN) --> ns_record --> ns1.eurodns.com (FQDN) ns2.eurodns.com (FQDN) --> a_record --> 104.37.178.107 (IPAddress) ns2.eurodns.com (FQDN) --> aaaa_record --> 2610:1c8:b001::107 (IPAddress) ns3.eurodns.com (FQDN) --> a_record --> 199.167.66.108 (IPAddress) ns3.eurodns.com (FQDN) --> aaaa_record --> 2610:1c8:b002::108 (IPAddress) ns4.eurodns.com (FQDN) --> a_record --> 104.37.178.108 (IPAddress) ns4.eurodns.com (FQDN) --> aaaa_record --> 2610:1c8:b001::108 (IPAddress) ns1.eurodns.com (FQDN) --> a_record --> 199.167.66.107 (IPAddress) ns1.eurodns.com (FQDN) --> aaaa_record --> 2610:1c8:b002::107 (IPAddress) rest.vulnweb.com (FQDN) --> a_record --> 18.215.71.186 (IPAddress) testasp.vulnweb.com (FQDN) --> a_record --> 44.238.29.244 (IPAddress) testaspnet.vulnweb.com (FQDN) --> a_record --> 44.238.29.244 (IPAddress) localhost.vulnweb.com (FQDN) --> a_record --> 127.0.0.1 (IPAddress) 104.37.176.0/21 (Netblock) --> contains --> 104.37.178.108 (IPAddress) 104.37.176.0/21 (Netblock) --> contains --> 104.37.178.107 (IPAddress) 199.167.64.0/22 (Netblock) --> contains --> 199.167.66.108 (IPAddress) 199.167.64.0/22 (Netblock) --> contains --> 199.167.66.107 (IPAddress) 44.224.0.0/11 (Netblock) --> contains --> 44.238.29.244 (IPAddress) 2610:1c8:b001::/48 (Netblock) --> contains --> 2610:1c8:b001::108 (IPAddress) 2610:1c8:b001::/48 (Netblock) --> contains --> 2610:1c8:b001::107 (IPAddress) 127.0.0.0/8 (Netblock) --> contains --> 127.0.0.1 (IPAddress) 23393 (ASN) --> managed_by --> NUCDN (RIROrganization) 23393 (ASN) --> announces --> 104.37.176.0/21 (Netblock) 23393 (ASN) --> announces --> 199.167.64.0/22 (Netblock) 23393 (ASN) --> managed_by --> NUCDN, US (RIROrganization) 23393 (ASN) --> announces --> 2610:1c8:b001::/48 (Netblock) 16509 (ASN) --> managed_by --> AMAZON-02 - Amazon.com, Inc. (RIROrganization) 16509 (ASN) --> announces --> 44.224.0.0/11 (Netblock) 0 (ASN) --> managed_by --> Reserved Network Address Blocks (RIROrganization) 0 (ASN) --> announces --> 127.0.0.0/8 (Netblock) 2610:1c8:b002::/48 (Netblock) --> contains --> 2610:1c8:b002::108 (IPAddress) 2610:1c8:b002::/48 (Netblock) --> contains --> 2610:1c8:b002::107 (IPAddress) 18.208.0.0/13 (Netblock) --> contains --> 18.215.71.186 (IPAddress) 23393 (ASN) --> announces --> 2610:1c8:b002::/48 (Netblock) 14618 (ASN) --> managed_by --> AMAZON-AES - Amazon.com, Inc. (RIROrganization) 14618 (ASN) --> announces --> 18.208.0.0/13 (Netblock) The enumeration has finished Wow! Your Amass scan just uncovered the complete infrastructure blueprint of vulnweb.com! The scan revealed not just the obvious subdomains like rest.vulnweb.com and testasp.vulnweb.com, but also uncovered that testaspnet.vulnweb.com shares the same IP address—suggesting shared hosting. Interestingly, it even found localhost.vulnweb.com pointing to 127.0.0.1, which might indicate some misconfiguration. Beyond subdomains, Amass mapped out the entire network topology: EuroDNS handling nameservers, with actual services distributed across Amazon AWS and NUCDN cloud infrastructure. This level of detail gives you the complete attack surface in a single scan—perfect for both security assessment and documentation. Ready to dive deeper into any of these findings? Next, to explore Amass's extensive data sources, run: amass enum -list This shows you all the available data sources that Amass queries during enumeration. Step 4: Getting Detailed Output and Understanding the ResultsTo get more detailed information about the discovered subdomains, save the results in text file: amass enum -passive -d vulnweb.com -o vulnweb_subdomains.txt Let's make sure the output is saved: cat vulnweb_subdomains.txt 💡Action Required: Always export Amass results to text file. Critical for pentest documentation.Final ThoughtsOWASP Amass is an indispensable tool in your Linux toolkit. It transforms the daunting task of asset discovery from a manual, error-prone process into an automated, comprehensive one. By knowing your entire attack surface—not just subdomains but also infrastructure relationships—you can patch vulnerabilities, close unused access points, and build a much more robust defense. So go ahead, fire up that terminal, and start mapping. Your future, more secure self will thank you for it.

by: Sourav Rudra Fri, 14 Nov 2025 01:53:05 GMT FFmpeg maintainers have publicly criticized Google after its AI tool reported a security bug in code for a 1995 video game. The maintainers called the finding "CVE slop" and questioned whether trillion-dollar corporations should use AI to find security issues in volunteer code without providing fixes. Unchecked Automation is Not an Answer So what happened is, Google's AI agent Big Sleep found a bug in FFmpeg's code for decoding LucasArts Smush codec. The issue affected the first 10-20 frames of Rebel Assault II, a game from 1995. If you didn't know, Big Sleep is Google's AI-powered vulnerability detection tool developed by its Project Zero and DeepMind divisions. It is supposed to find security vulnerabilities in software before attackers can exploit them. But there's an issue here: under Google's "Reporting Transparency" policy, the tech giant publicly announces it has found a vulnerability within one week of reporting it. A 90-day disclosure clock then starts regardless of whether a patch is available. You see the problem now? 🤔 FFmpeg developers patched the bug but weren't happy about it. They tweeted in late October that "We take security very seriously but at the same time is it really fair that trillion-dollar corporations run AI to find security issues in people's hobby code? Then expect volunteers to fix." Beyond that, you have to understand that FFmpeg is an important piece of digital infrastructure that is used in Google Chrome, Firefox, YouTube, VLC, Kodi, and many other platforms. The project is written almost exclusively by volunteers. Much of the code is in assembly language, which is difficult to work with. This situation basically highlights the ongoing tensions over how corporations use volunteer-maintained open source software that powers their commercial products and expect them to fix any obscure issues that crop up. Via: The New Stack Suggested Reads 📖 Open Source Infrastructure is Breaking Down Due to Corporate FreeloadingAn unprecedented threat looms over open source.It's FOSSSourav RudraFFmpeg Receives $100K in Funding from India’s FLOSS/fund InitiativeIt is one of the world’s most widely used multimedia frameworks today.It's FOSSSourav Rudra