General
The article analyzes a HashDoS vulnerability in V8 related to array index string hashing and explores seeded hashing as mitigation. It introduces a 2- and 3-round xorshift-multiply hashing scheme using rapidhash secrets, and provides statistical and performance evaluations, deployment notes, and acknowledgments tied to the March 2026 Node.js security release.
IEEE Spectrum interview with Cory Doctorow arguing that interoperability is essential to freeing the open web from walled gardens. The piece outlines how end-to-end access and a Ri…
The article argues that software security hinges on verification rather than trust and outlines how curl enables independent verification of releases. It provides a detailed, pract…
Ars Technica reports that OpenAI has indefinitely shelved plans for an erotic ChatGPT mode after backlash and concerns about safety and mental health. The Financial Times notes the…
Stripe Projects introduces a CLI-first approach to provisioning services, managing credentials, and handling usage and billing. It emphasizes programmatic, portable, and secure inf…
Open Source News
An opinionated account of leaving GitHub for Codeberg due to AI crawling and ownership concerns, highlighting the impact of AI on open source, code hosting, and developer trust. The piece reflects on personal history with Telethon, the social dynamics of GitHub, and practical trade-offs for individuals and SMBs.