The Nintendo Switch uses my open source code 🤯
Quote
@feross Have you seen that the Nintendo Switch uses your safe-buffer? (I for some reason scrolled through their incredibly long license list)
Follow
Click to Follow feross
Feross
@feross
Founder + CEO (socket.dev) •
Stanford lecturer (cs253.stanford.edu) •
Open source at + •
Mad scientistFeross’s posts
Detect pressed keys via microphone audio capture in real-time. Uses training data captured by typing first. Very neat!
github.com/ggerganov/kbd-
Based on ideas in this classic traffic analysis paper: Timing Analysis of Keystrokes and Timing Attacks on SSH people.eecs.berkeley.edu/~daw/papers/ss
GIF
🤩 Exciting news! I'm ready to share the project I've been working on for the past 2 months.
✨ Wormhole – the fastest way to send files ✨
Wormhole lets you share files with end-to-end encryption and it's super fast.
Send a file in just 2 seconds: wormhole.app
🙌 Just released a CLI tool called `thanks` to help you thank the open source maintainers you depend on! ✨
1. Run 'npx thanks' in your project
2. See which of your dependencies are seeking donations! 💸
🌟 Open source authors, add yourself to the list: github.com/feross/thanks
GIF
🚀 Exciting news! I'm ready to share the project I've been working on for the past 7 months!
Introducing ✨ Socket ✨
⚡️ Search millions of open source packages
🔒 Detect suspicious package updates in real-time
🛡 Block software supply chain attacks
✨ HUGE NEWS! ✨
🤖 Introducing Socket AI – ChatGPT-Powered Threat Analysis
is using ChatGPT to examine every npm and PyPI package for security issues!
🤯 In just 2 days, we confirmed 227 vulnerable and malware packages, all discovered with the help of ChatGPT
I taught a web security course at Stanford. All the course materials, slides, and videos are freely available online. If you want to learn about secure web programming, this course is for you! ✨
📝 Website: cs253.stanford.edu
📺 YouTube playlist:
✨ I'm engaged! ✨
Asking to marry me was the easiest decision I've ever made! ❤️ If you know Noor, then you know what I mean! I feel lucky that I get to spend my life with her.
But planning the proposal wasn't simple. Here's how I asked her to marry me...
1/5
😍😍😍 I'm teaching "CS 253: Web Security" at Stanford this Fall as a Visiting Lecturer.
cs253.stanford.edu
This video of Steve Jobs introducing Wi-Fi is incredible.
He's casually browsing the web, then he suddenly picks up the laptop and everyone in the audience realizes that it's not plugged into anything and they go crazy with cheers and applause!
11 Mbps!
🌟 Lazy-loading images and iframes are coming to the web platform and I'm excited that this will soon be possible:
<img lazyload='on' src='cool.jpg' />
<iframe lazyload='on' src='cool.html' />
Check the issue on whatwg/html:
I’m ending the `npm install funding` experiment I introduced a few days ago.
I appreciate the thoughtful discussion and feedback from the community. I shared some thoughts about how the experiment went from my perspective:
🎉 Big news!
🚀 I'm excited to announce that Socket has raised a $4.6M Series Seed!
⭐️ Read our blog post announcement: socket.dev/blog/series-se
⭐️ Read the in-depth TechCrunch exclusive: techcrunch.com/2022/05/11/soc
🧵 Thread ⬇️
🚀 Huge news! has raised $20M Series A funding led by Andreessen Horowitz ().
⭐️ This funding fuels our mission to make open source safer for everyone!
🚀🚀🚀 We're also announcing 4 new products this week as part of Socket Launch Week! ✨
🧵 1/10
I love this so much
Quote
I just built a site to help you make a friend in 2 minutes! My goal is to help people stuck indoors because of COVID-19 (or police curfews) to make meaningful connections with strangers. Hope you love it!
virus.cafe
🗣 Big news! Today I'm launching a Patreon! ✨
I need your help to continue making free software like WebTorrent ❤️ and Standard 🌟. If you use any of my 100+ open source projects, please support my ongoing work by becoming a patron. 😇
patreon.com/feross
Open source is this fantastic trap where we all guilt ourselves into coding for free so private companies can make millions off our neurosis twitter.com/girlziplocked/
This post is unavailable.
This is brilliant.
Make public transit free ➡️ increased public transit usage (obviously) ➡️ decreased congestion, fewer travel delays ➡️ increased economic activity, more eating out, better quality of life ➡️ more tax revenue to fund the free transit
✨ 🇪🇪 ✨
Quote
Following a successful five year pilot in its capital, Estonia is set to become the first country in the world to make public transport free everywhere, for everyone.
popupcity.net/estonia-to-bec
Progressive Web Apps going mainstream as Twitter makes its mobile site the main one. This is great! 💪
"This man has been editing a Wikipedia article every four minutes for 13 years. He is insane, and he has had a huge impact on what you and I read every day when we need more information about literally anything"
I've been testing #GitHubCopilot in Alpha for the past two weeks. Some of the code suggestions it comes up with are eerily good.
Here's a thread with some examples that I found surprising. Will update with new examples over time.
It's time to do an annual backup of your data from online accounts. Here are the links you need:
- Google: takeout.google.com/settings/takeo
- Apple: privacy.apple.com
- Twitter: twitter.com/settings/your_
- Facebook: facebook.com/settings?tab=y
- Microsoft:
This one-line change on reduced GPU utilization by up to 60% 🤯
Now you can send files in silence! wormhole.app
Good summary of JSON hijacking, if you're not familiar.
Why Facebook's API starts with a for loop dev.to/antogarand/why
🙌 Retweet if you use ExpressJS 🌟 and are grateful to for his excellent and tireless work maintaining it over the years. 🏆
Do you use my open source software at work? I now offer an open source support contract.
- 4 hours of consulting (development, bug fixes, etc.) per month
- Email support
- Company logo on readmes + website (~180K views/mo)
- Priority GitHub issues
🌟
Safari isn't protecting the web, it's killing it
httptoolkit.tech/blog/safari-is
My friend has a Family subscription and let the credit card lapse. She didn't notice the emails asking to update the card.
1Password completely deleted her account and logged her out on all devices. Now she can't access her 100+ passwords and 2FA tokens
WTF
Stop what you're doing and turn on "Auto-delete your Web & App Activity" in your Google account: activity.google.com/udc/waa
Set it to the minimum "Keep for 3 months".
Once you've done that, also turn off as many tracking options as you can here: myaccount.google.com/activitycontro
✌️
I added some improvements to The Annoying Site
- Change theme-color in a loop (Safari 15)
- Picture-in-picture in all browsers
- Block close window better
- Animate URL with emojis
- Pointer lock
- Request MIDI, bluetooth, USB, serial, HID
⚠️ Warning ⚠️
theannoyingsite.com
WebTorrent now works in the browser, end-to-end! Check out an example app: instant.io
It gets worse!
Someone found a bug in the try-before-you-buy demo page.
You could type in any U.S. phone number and get the phone’s real-time location *without any text to the user for permission*. 200 million people exposed!
What. The. Hell.
zdnet.com/article/cell-p
It Takes Just $1,000 to Track Someone's Location With Mobile Ads wired.com/story/track-lo
read image description
ALT
If you have a website, definitely check out your site's Chrome UX Report. It's a bit tricky to set up (watch the embedded video), but when you're done you get an automatically updating dashboard with real user experience numbers! Cool!
developers.google.com/web/updates/20 h/t
🗺 Google Map's Moat – How far ahead of Apple Maps is Google Maps?
justinobeirne.com/google-maps-mo
One of the best tech articles I've read in a while. Not kidding – Google's work on Maps is awe inspiring. It's hard to imagine the scale that they're operating at.
Replying to
This is not a drill.
Police are already misusing location data gathered for COVID contact tracing even though everyone SWORE it wouldn't be used for anything by health purposes.
Once the data and tools exist, governments can’t help themselves – it’s just too tempting.
2/5
I published `bg-sound` to npm, a Web Component to emulate the old-school <bgsound> HTML element github.com/feross/bg-sound
GIF
🚀 BIG NEWS 🚀
Wormhole now has ✨ QR Codes ✨
✅ Send files from desktop to mobile with *one click*
✅ End-to-end encryption keeps your files private
✅ Works on all platforms – iOS, Android, Mac, Windows, Linux, Chromebook – anything!
Try it out now! wormhole.app
WordPress ditches React, and just like that *poof*... 25% of sites on the internet don't use React anymore...
Just got the news that I've been selected as a #GitHubStar for 2023 and I couldn't be more thrilled! Looking forward to continuing to help other developers and to contribute to the open source community 🚀🌟
❤️
Introducing Nile.js: A Peer-to-Peer Live Video Streaming Library built on WebTorrent medium.com/@nile.js.webrt
Real Mac bug for 10+ years: "In some cases the audio balance may unexpectedly drift towards the left or right channel. This can happen if you rapidly press the volume up or down keys while the computer's microprocessor is under heavy load"
Still not fixed support.apple.com/kb/TA22305?loc
Ran into a spectacularly awful Safari bug in the latest Safari (14.1.1 on macOS and iOS 14.6).
Opening an IndexedDB database fails 100% of the time on the first try. 😩
If you refresh, it starts working.
Bug report: bugs.webkit.org/show_bug.cgi?i
cc @chris_dumez
Replying to
I'm incredibly disappointed that this was approved and built by .
The short-sightedness is staggering. How can they think governments won't demand to expand this?
Before today, I believed that Apple genuinely cared about my privacy. But no more.
This is a disaster.
5/5
🙌 HUGE THANKS to who just announced they are supporting for the next 12 months as a 🌟 Platinum Sponsor!
🦁 Brave is a browser with your interests at heart — brave.com
🤩 Thanks to the awesome people at Brave for supporting open source! ✨
I'm quoted in about why some developers are avoiding app store headaches by going web-only.
“We want to be an example of what a modern, fast web app can do,” he says. “And we want to blow a few minds while we’re at it.”
The company I started – Socket Inc – has a snazzy new home on the web: socket.dev
If you want to work with me and help build cool software like , please get in touch!
My DMs are open
Want to be a top programmer? This is THE talk to watch. You must know the difference between "easy" and "simple". infoq.com/presentations/
Incredibly informative tutorial on how synthesizers work. Powerful web audio demo, too. What a blast! learningsynths.ableton.com
Replying to
If these creative and brilliant folks could make a decent living writing open source software to benefits the commons instead of seeking private contracts writing proprietary code for a single company, we'd all have more innovative open source software to use. Everyone wins. 2/2
Wow, security is SUPER HARD. 😫It's possible to make always-on voice assistants like Amazon Echo, Google Home, and Siri silently place a phone call from 5 feet away using ultrasound youtube.com/watch?v=21HjF4
Chakra UI is the best frontend component library, hands down.
If you haven't used it, you're missing:
- Components are beautiful by default
- Accessible HTML
- Responsive maintainers
- Active community
- Thoughtful and delightful API design
I'm a huge, huge fan
Quote
Made with Chakra UI 
twitter.com/feross/status/…
twitter.com/feross/status/…This write-up explains why this backdoor is a disaster:
"To say that we are disappointed by Apple’s plans is an understatement."
"It is a shocking about-face for users who have relied on the company’s leadership in privacy and security"
eff.org/deeplinks/2021
Web developers, time to up your game. Watch "The UX Of Offline-First" by . Excellent stuff.
Happy to announce that the Wormhole cryptography code is now open source!
✅ MIT License
✅ $1,000 bounty for finding a security issue (wormhole.app/security/discl)
Check it out here:
Replying to
This code is using curl to send the contents of the file '/etc/passwd' to a remote server. This is a highly suspicious and potentially malicious behavior as it could cause sensitive data to be sent to an attacker's server.
socket.dev/npm/package/se
Still using browserify. Perfectly happy with it.
What trusty, reliable "old tech" do you still use? #TrustyTools
For $1,000/month you can rent a luxury villa in Thailand. Why don't more people work remotely? Why are we all in SF? expat.com/en/housing/asi
I was an engineer intern on the Facebook Groups team, 10 years ago today. Groups was one of the most successful Facebook products of all time and we built it in ~5 months with ~5 full-time and 2 interns.
Easily the best job I’ve ever had twitter.com/boztank/status
This post is unavailable.
Chrome 69 has extremely broken URL behavior:
"example.com" shows up as "example.com"
"m.tumblr.com" and "tumblr.com" BOTH display as "tumblr.com"
"example.www.example.com" displays as "example.example.com"
WTF