The only way I can (sometimes) recognize whether it's the original title or not, is by looking at the language of the text in the thumbnail.
Which is very dumb.

But the dumbest part is that you cannot disable automatic translations. Stop showing me stuff I don't want.

I struggled a bit in reaching a point where I found this post good enough to be published, hence why it took so long since my sneak peak.

I also think I touched up the CSS a dozen times to "improve readability" (or at least try to)

Hope you can find this as clear and as complete as I wanted :)

Took me a while, but here is the full article!

If you want to see some weird URL parsing behavior, here you can find a lot of them :)

sec.leonardini.dev/blog/playing...

Disclaimer: no exploits nor vulnerabilities in this post, just some broken code

Actually pretty interesting idea

The URL `http://a@b@c` is parsed to as username `a`, password `b` and hostname `c`

Currenly playing around with Bun's URL parser, and I must say it's pretty fun. It's not vulnerable as it's never used raw, but expect a few GH issues and a blog post about it.

Spoiling the least interesting quirk to keep you on your toes :)

Hopefully I'm not ruining anybody's future challenge :')

Adding to this: I know of `u.RawPath`, but I don't understand why anyone would want a path decoded like that

u, _ := url.Parse("http://localhost/foo%2fbar") fmt.Println(u.Path)

TIL that in Go this snippet produces `/foo/bar`, and... I feel like that's.. wrong..?

The HTTP server router does not handle this as `/foo/bar`, and parsing this with Node returns `/foo%2fbar` (which is what I expected)

Does anyone have any insight on this?

That's how you keep the audience's attention!

I would agree, if I hadn't terrible experience with the teams app on Android, Windows, and Linux. Android is the best one, but it's still way to slow and buggy. The fact that clicking on a button on the *windows* app is that slow is really something...

In gsuite "spaces" can have max 400 people

I'm not too sure what you mean with channels, I'm neither a big teams user nor a gsuite user, so I could be missing some features.

Personally, even if sometimes it's confusing, I like having separate apps for each tool other than a unique slow bloated app full of unused features

Honestly, to me gsuite seems pretty nice, what do you think it lacks compared to Teams?

Yesterday my first PHP CVE was published: CVE-2024-11234. In some specific configurations, this vulnerability could allow for CRLF injection when using stream contexts.
sec.leonardini.dev/blog/cve-202...

Many thanks to @minimalblue.bsky.social for reviewing my original report

Configuring a proxy in a stream context might allow for CRLF injection in URIs ### Summary Configuring a proxy in a [stream context](https://www.php.net/manual/en/stream.contexts.php) might allow for CRLF injection in URIs, resulting in HTTP request smuggling attacks. #...

Sharing CVE-2024-11234 affecting PHP. This vulnerability could lead to CRLF injection when using Stream Contexts under certain conditions. Discovered and reported by @p1anka.bsky.social, I only reviewed the report some time ago!

github.com/php/php-src/...