romancortes

Good discussion with @siliconlabs on where smart home security is actually heading. The industry is converging on open standards like Matter. That’s the right direction. But in connected safety, the real problem isn’t interoperability. It’s reliability at the system level. Multi-protocol environments, deterministic sensing, and fail-safe behavior under real-world conditions are what actually determine outcomes. Protocols will standardize. Orchestration and reliability are where differentiation lives.

ADT is redefining what connected safety looks like. In our latest Connect With episode, @ADT CTO Gilles Drieu joins Silicon Labs’ John Dixon to discuss: ▪️ The evolution of smart home security ▪️ The role of Matter ▪️ Why reliability is non-negotiable

@ErrorGramatica Vacaciones de Navidad en el pueblo. Los 3 días que se quedan son festividades: viernes de Nochebuena, viernes de Nochevieja y jueves de Reyes. Se va al día siguiente: viernes.

Solo los más inteligentes podrán responder correctamente

I dropped the price for Basic Binary Board Book to $12 for the holidays. I’ve been hearing that the kids adore it and the parents are perplexed. That’s a win-win. Tell a friend. amazon.com/dp/B0F9VCF3TN

🚨 New critical vuln discovered in NestJS Devtools → Full RCE via the browser 😱 All you have to do is… visit a website. 🧵 Here’s how we went from “harmless dev tool” to “pop calc on your Mac”: @​nestjs/devtools-integration ships with a local HTTP server that accepts POST requests to /inspector/graph/interact That endpoint? It executes arbitrary JS using a “sandbox” 🤡 built on safe-eval — which is hilariously named. The sandbox uses vm.runInNewContext() — even though NodeJS explicitly says this is not a security mechanism. This means you can break out of it. And we did. Just needed a tiny payload to escape and run shell commands. But the real magic? You can trigger this from any website, thanks to a CSRF bypass trick using text/plain form posts. The result? Remote Code Execution just by visiting a webpage. No clicking required. We responsibly disclosed this to the NestJS team — they fixed it fast and with grace. Props to them 👏 🎯 CVE-2025-54782 📎 GHSA-85cg-cmq5-qjm7 🔍 Found via @SocketSecurity's AI-driven malware detection Full write-up (including POC): socket.dev/blog/nestjs-rc… This is why you don’t run “devtools” that parse and exec random JSON from localhost. Especially not using safe-eval.

A physics PhD’s disillusioned perspective on AI for science.

I'm currently looking for a front-end role. If you're looking for an experienced UK-based developer/engineer, please drop me a DM.

@applPiprogress Same here

Brainfiller by 0b5vr My entry for Revision 2024 PC 4K Intro! The compo was excellent! glad to be a part of the compo! youtu.be/OewtzMN0qO0

Today we’re excited to announce Speedometer 3 in collaboration with @googlechrome, @Firefox, & @MicrosoftEdge. This benchmark measures speed & guides browser teams as they make websites & web apps run faster than ever — now with a new generation of tests. webkit.org/blog/15131/spe…

Boosting it for my US friends. I've left Vercel (like last month) and am now going to look for the next role to lose myself in :) Lemme know if there's a remote role (NL) that's perfect for me and we can always have a chat. twitter.com/kuvos/status/1…

With much excitement and after a 3 year hiatus, I share my latest blog post "A New algorithm on multi-armed bandits". extremelearning.com.au/multi-armed-ba… This topic that falls under the broad umbrella of #ReinforcementLearning and played a key role in the AlphaGo algorithm.

Computerworld, 1968

Vicious Self-Degradation > you Google > Quora spots query and id’s as frequent > Quora uses ChatGPT to generate answer > ChatGPT hallucinates > Google picks up Quora answer as highest probability correct answer > ChatGPT hallucination is now canonical Google answer

Hard times create strong programmers Strong programmers create frameworks Frameworks create weak programmers Weak programmers create hard times

Drawing with <input type="range"> 🖌️ lab.hakim.se/range-paint/

Let me present to you: 🧑🏽‍🚀🌠 EXPI p01.org/expi/ Winning audio-visual animation in 1024 bytes of HTML, JS, CSS, 2D Canvas, Web Audio, Brotli by @p01 and Pestis for the legendary Assembly Party competition. Absolutely stoked 🥰 Share the love for EXPI far and wide 💕🪐

💻 WebGPU is now available for Chrome! This #GoogleIO session describes WebGPU's history, demos various aspects of how WebGPU improves compared to WebGL, and gives a sneak peek at what's next in the future for WebGPU → goo.gle/42HcY9K

スタートとゴールをつまんで引っ張ると迷路が解けるってやつをGIFにしました