@venelles thank you :-). I know the benefits, I can look up software (maybe write my own) ... Unfortunately the answer to my rant is simple: #gemini and #gopher does not make as much money as currently running #http / #web

Server-Sent Events Beat WebSockets for 95% of Real-Time Apps (Here's Why) - DEV Community

"Everyone defaults to WebSockets for real-time features. Most shouldn't.

The reality: 95% of "real-time" applications only need server → client updates. Chat notifications. Live dashboards. Stock tickers. Log streams. AI responses.

WebSockets give you bidirectional communication. But bidirectional comes with a tax: complexity, resource overhead, scaling challenges, debugging nightmares.

Server-Sent Events (SSE) do one thing: stream data from server to client. They do it brilliantly. And for..."

https://dev.to/polliog/server-sent-events-beat-websockets-for-95-of-real-time-apps-heres-why-a4l?context=digest

#events #http #pubsub #sse #webdev

Technical Analysis of Marco Stealer

Marco Stealer, discovered in June 2025, is an information stealer targeting browser data, cryptocurrency wallets, and sensitive files. It employs anti-analysis techniques, string encryption, and terminates security tools. The malware collects system information, exfiltrates browser data using embedded files, and extracts cryptocurrency wallet data from browser extensions. It also targets popular services and cloud storage. Marco Stealer uses AES-256 encryption for C2 communication over HTTP. Despite recent law enforcement actions against similar threats, information stealers continue to pose significant risks to corporate environments.

Pulse ID: 6984f84f57f9062091289348
Pulse Link: https://otx.alienvault.com/pulse/6984f84f57f9062091289348
Pulse Author: AlienVault
Created: 2026-02-05 20:06:39

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Cloud #CyberSecurity #Encryption #HTTP #InfoSec #LawEnforcement #Malware #OTX #OpenThreatExchange #RAT #RCE #bot #cryptocurrency #AlienVault

Black Basta: Defense Evasion Capability Embedded in Ransomware Payload

A recent Black Basta ransomware campaign incorporated a bring-your-own-vulnerable-driver (BYOVD) defense evasion component within the payload itself, a departure from typical practices. The ransomware exploited a vulnerable NsecSoft NSecKrnl driver to terminate security processes. This approach, previously seen in Ryuk and Obscura attacks, may indicate a trend towards bundling additional capabilities in ransomware payloads. The attack also involved a long dwell time and post-deployment activity using GotoHTTP. The Cardinal group, responsible for Black Basta, had been quiet following a chat log leak in 2025 but appears to be resuming activities. This development raises questions about future ransomware tactics and the potential advantages of embedding defense evasion capabilities within payloads.

Pulse ID: 6984fbc6de215c312d2f6c53
Pulse Link: https://otx.alienvault.com/pulse/6984fbc6de215c312d2f6c53
Pulse Author: AlienVault
Created: 2026-02-05 20:21:26

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BlackBasta #CyberSecurity #ELF #HTTP #ICS #InfoSec #OTX #OpenThreatExchange #RAT #RansomWare #UK #bot #AlienVault

Compromised Routers, DNS, and a TDS Hidden in Aeza Networks

A shadow DNS network and HTTP-based traffic distribution system (TDS) hosted in Aeza International, a sanctioned bulletproof hosting company, has been discovered. The system compromises routers, altering their DNS settings to use shadow resolvers. These resolvers selectively modify responses, directing users to malicious content. The TDS incorporates a clever DNS trick to evade detection by security groups. The system, operational since mid-2022, appears to be run by a financially motivated actor in affiliate marketing. It has the potential to interfere with devices on the network, alter DNS records, and conduct adversary-in-the-middle operations. The threat actor's ability to control DNS resolution poses significant risks beyond delivering unwanted advertising.

Pulse ID: 69836533452882efd5edaa55
Pulse Link: https://otx.alienvault.com/pulse/69836533452882efd5edaa55
Pulse Author: AlienVault
Created: 2026-02-04 15:26:43

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AdversaryInTheMiddle #CyberSecurity #DNS #HTTP #InfoSec #OTX #OpenThreatExchange #RAT #bot #AlienVault

Kann ich bitte einen neuen HTTP-Statuscode haben? "407 - Almost Correct"

Für Fälle, in denen Kunden nicht der Doku folgen, man selbst aber höflich genug ist, den Kram trotzdem zu akzeptieren? #http #shitpost

Modern websites depend on many third party assets in a blocking way… which might affect their availability. I queried the HTTP Archive and crafted some pretty charts for https://www.fastly.com/blog/resilience-in-the-age-of-third-party-dependencies #http

🪧 HTTP/1.1 From Scratch: When the web became whole.
https://kmcd.dev/posts/http1.1-from-scratch/
#Networking #Http #Go #Golang #Tutorial #Web #Webdev

🪧 HTTP/1.1 From Scratch: When the web became whole.
https://kmcd.dev/posts/http1.1-from-scratch/
#Networking #Http #Go #Golang #Tutorial #Web #Webdev

I just tagged release 3.8.0 of Crell/ApiProblem, providing full support for RFC 9457 messages!

The only change of note in this release is dropping support for PHP versions older than 8.3. There's scarce few users on older versions, but there are new error constants to support, so it's easier to just bump the version requirement.

Have at!

https://github.com/Crell/ApiProblem

#PHP #ApiProblem #HTTP

A Guide to Implementing ActivityPub in a Static Site (or Any Website) - Part 9: Quote Posts

Summary:

Find the index and earlier parts of this series here.

Quote Posts for Static Sites: A Practical Guide to FEP-044f Implementation

Transform your static blog into a consent-respecting quote-enabled node in the fediverse. This guide shows you how to implement quote post support that works with Mastodon, GoToSocial, and other ActivityPub servers while respecting author preferences.

In this guide: You’ll learn to build quote-enabled blog posts that can be responsibly shared across the fediverse

Find the index and earlier parts of this series here.

Quote Posts for Static Sites: A Practical Guide to FEP-044f Implementation

Transform your static blog into a consent-respecting quote-enabled node in the fediverse. This guide shows you how to implement quote post support that works with Mastodon, GoToSocial, and other ActivityPub servers while respecting author preferences.

In this guide: You’ll learn to build quote-enabled blog posts that can be responsibly shared across the fediverse

Why Quote Posts Matter (And Why They’re Controversial)

The User Experience Problem

Picture this: Someone finds your blog post fascinating and wants to share it with their followers, but they also want to add their own perspective or why is important. Without quote posts, they have two unsatisfying options:

1. Simple share: Just boost with no commentary (or reply)
2. Link sharing: Add a link to the blog post in their note

Neither option creates the rich, attributed conversations that make social media engaging.

The Solution: Consent-First Quote Implementation

We’re implementing FEP-044f: Consent-respecting quote posts in our federated blog.

What this means for your readers:

• They can quote your posts with confidence that you’ve opted in
• Their quotes include proper attribution and linking

What this means for you:

• Automatic handling of quote requests
• Future-ready for advanced moderation features (like in the fuuutuuure)

Implementation Overview

We are going to:

1. Modify the Notes JSON to assert that the notes are quotable.
2. Modify our Index function (the only dynamic POST endpoint) to handle quote requests and send the appropriate approval back (blanket approval).

1. Modifying the Notes: Enhanced ActivityPub Context

What We Changed: Extended the @context from a simple string to a rich object array supporting the GoToSocial namespace.

Before:

"@context": "https://www.w3.org/ns/activitystreams"

After:

"@context": [
  "https://www.w3.org/ns/activitystreams",
  {
    "gts": "https://gotosocial.org/ns#",
    "interactionPolicy": {"@id": "gts:interactionPolicy", "@type": "@id"},
    "canQuote": {"@id": "gts:canQuote", "@type": "@id"},
    "automaticApproval": {"@id": "gts:automaticApproval", "@type": "@id"}
  }
]

We are also adding this section at the end of the Note:

"interactionPolicy": {
  "canQuote": {
    "automaticApproval": "https://www.w3.org/ns/activitystreams#Public"
  }
}

If you want to be specific about who can quote your post, this is where you do it, read more in here.

You can see an example of the implementation in RssUtils.cs - in the GetNote method.

2: Quote Request Processing

Now we need to add the quote request handling system that processes incoming quote requests and automatically approves them based on our interaction policy.

New Components:

• QuoteRequestService: Processes incoming quote requests from the fediverse
• Auto-Approval Logic: Automatically approves public quote requests as defined in our interaction policy
• Quote Authorization: Issues authorization tokens (stamps) for approved quotes

The Quote Request Flow:

sequenceDiagram
    participant Requester as Fediverse User
    participant Inbox as Our Inbox
    participant QRS as QuoteRequestService  
    participant Target as Target Instance
    
    Requester->>Inbox: QuoteRequest for our post
    Inbox->>QRS: Process quote request
    QRS->>QRS: Check interaction policy
    QRS->>QRS: Generate authorization stamp
    QRS->>Target: Send Accept + Authorization
    Target->>Requester: Quote approved

Checkout the implementation in the QuoteRequestService.cs.

Key Takeaways

By implementing FEP-044f, we’re not just adding quote functionality - we’re building consent-respecting social interactions into the protocol level.

Why This Matters:

This implementation shows how static sites can participate in modern social web standards while keeping their simplicity and performance benefits. Right now, we’re automatically allowing all public quotes, but this foundation sets us up for more granular consent controls in the future - like requiring approval for specific users or implementing follower-only quoting.

The consent-respecting approach means our content can be shared thoughtfully across the fediverse, with the infrastructure already in place to handle more sophisticated permission systems as they evolve.

Next Steps: The Quote Visualization Challenge

Now that we’ve successfully implemented the backend infrastructure for consent-respecting quote posts, we face an equally important question: How should we display these quotes on our website?

Treat quoted posts as special reply types? Quotes have different semantic meaning than replies - they’re more like “shared with commentary” So maybe create a separate “Quoted By” section similar to how we handle likes and shares?

Any ideas?

Also readable in: https://maho.dev/2026/02/a-guide-to-implementing-activitypub-in-a-static-site-or-any-website-part-9-quote-posts/ by @mapache:

#fediverse #activitypub #static-sites #hugo #azure #mastodon #web-development #social-web #webfinger #http #quote-posts #fep-044f

Postman удобен ровно до тех пор, пока не слил секреты твоего прода

Пятница, вечер. Обычный коммит перед выходными. В списке файлов — ничего подозрительного. Через пару часов API-ключи от продакшена уже лежат в публичном репозитории. Большинство утечек секретов происходят именно так. Не из-за взломов, а из-за инструментов, которые делают небезопасное поведение слишком удобным. В этой статье разбираем, как API-ключи «утекают» при работе с HTTP-клиентами, почему Postman и IDE создают ложное чувство безопасности и какие системные ошибки приводят к реальным инцидентам с многомиллионными последствиями.

https://habr.com/ru/companies/haulmont/articles/990732/

#kotlin #http #httpclient #amplicode #тестирование_вебприложений #автотесты #intellij_idea_plugin #connekt

#Development #Approaches
Snapshot testing to keep URLs cool · An automated way to prevent broken links https://ilo.im/16a4ml

_____
#Testing #Automation #URLs #LinkRot #Websites #Blogs #HTTP #Git #WebDev #Backend

#HTTP
🐕 https://http.dog
🐈 https://http.cat

#OH: "#HTTP ist #SSH nur in schöner"

#telefonleaks

#HTTP is obsolete. It’s time for the #DistributedWeb

a 11 years old #blogpost about #ipfs

I'm curious of your comment on that topic. :)

https://blog.neocities.org/blog/2015/09/08/its-time-for-the-distributed-web.html

Attack on *stan: Your malware, my C2

A suspected state-affiliated threat actor has been targeting Kazakh and Afghan entities in a persistent campaign since at least August 2022. The attackers use a Windows-based RAT called KazakRAT, which allows for payload downloads, host data collection, and file exfiltration. The malware is delivered via .msi files and persists using the Run registry key. C2 communications are unencrypted over HTTP. The campaign also utilizes modified versions of XploitSpy Android spyware. Multiple KazakRAT variants have been observed with minor command-set changes. Victim targeting includes government and financial sector entities, particularly in Kazakhstan's Karaganda region. The operation shows low sophistication but high persistence, with similarities to APT36/Transparent Tribe activities.

Pulse ID: 697c6976da773afd0b4155a1
Pulse Link: https://otx.alienvault.com/pulse/697c6976da773afd0b4155a1
Pulse Author: AlienVault
Created: 2026-01-30 08:19:02

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #CyberSecurity #Government #HTTP #InfoSec #Kazakhstan #Malware #OTX #OpenThreatExchange #RAT #SpyWare #TransparentTribe #Windows #bot #AlienVault

Dissecting UAT-8099: New persistence mechanisms and regional focus

UAT-8099, a threat actor targeting vulnerable IIS servers across Asia, has launched a new campaign from late 2025 to early 2026. The group's tactics have evolved, focusing on Thailand and Vietnam, and employing web shells, PowerShell scripts, and the GotoHTTP tool for remote access. New variants of BadIIS malware now include region-specific features, with separate versions targeting Vietnam and Thailand. The actor has expanded their toolkit to include utilities for log removal, file protection, and anti-rootkit capabilities. They've also adapted their persistence methods, creating hidden user accounts and leveraging legitimate tools to evade detection. The campaign demonstrates significant operational overlaps with the WEBJACK campaign, including shared malware hashes, C2 infrastructure, and victimology.

Pulse ID: 697b96e2955f456977e00c46
Pulse Link: https://otx.alienvault.com/pulse/697b96e2955f456977e00c46
Pulse Author: AlienVault
Created: 2026-01-29 17:20:34

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #CyberSecurity #HTTP #ICS #InfoSec #Malware #OTX #OpenThreatExchange #PowerShell #RAT #Rootkit #SMS #Thailand #Vietnam #bot #AlienVault

Hype for the Future 90B: The novaTop Plan for YouTube

Overview

Through the beginning of February, novaTopFlex shall schedule references to HTTP Status Codes and the RFC (Request for Comments) system as appropriate for the context. The videos shall be uploaded at a relatively standard pacing—up to three (3) at 9:00 AM, 12:00 PM, 3:00 PM, and 6:00 PM every day.

Why Default Timeouts Are Hurting Your PHP App (and What to Do About It)

https://phpc.tv/w/snvfB8EvoJkP4hNBPJk24R